Proj/byterover tool mode

[danhdoan]

Summary

Lands the full byterover tool-mode project end-to-end:

• HTML context-tree format. The 19-element <bv-*> vocabulary
  (bv-topic, bv-task, bv-pattern, bv-rule, bv-diagram, …) is
  now the on-disk format for curated topics. Parser, writer, validator
  registry, element-axis index, and LLM-ready renderer all ship in
  src/server/infra/render/. Markdown topics keep working via the
  format detector + extension-aware reader.

• Tool mode is the default. Both brv curate and brv query run
  without any byterover LLM provider configured. BRV_*_TOOL_MODE
  env-var gates have been removed (ENG-2815). The calling agent owns
  synthesis; byterover retrieves, renders, validates, and writes.

• MCP migrated to provider-free. brv-query swaps to
  task:create type='query-tool-mode' and returns the structured
  envelope (ENG-2836). brv-curate is replaced by
  brv-curate-html — accepts pre-authored <bv-topic> HTML and routes
  through the writer directly, no LLM (ENG-2837). After this lands,
  MCP integrations (Claude Desktop / Cursor MCP / etc.) inherit the
  no-provider property the CLI already has.

• New brv read <path> command (ENG-2769) for single-topic render

  • inspection.

• Editorial topic viewer in webui (ENG-2810) for bv-* HTML
  topics, hardened against untrusted HTML.

• Telemetry producers (ENG-2741) attach token/latency/format
  metadata to QueryLogEntry and CurateLogEntry via a shared
  TaskUsageAggregator.

What's new

Curate

• HTML writer with <bv-topic> schema validation and atomic
  tmp+rename writes (ENG-2737/2738/2739).
• CurateOrchestrator state machine: generate → validate → correct
  → write → retry loop (ENG-2766).
• Prompt builder generated from ELEMENT_REGISTRY, with
  prompt-injection-hardened delimiters (ENG-2767).
• CLI surface uses in-process kickoffSession / continueSession
  instead of the legacy daemon runAgentBody path (ENG-2765).
• System-managed createdat / updatedat injected at write time —
  the model is not allowed to author these.
• confirmOverwrite guard returns existing content for the caller to
  merge instead of clobbering silently.

Query

• Tool-mode executor runs Tier 0/1 cache + Tier-2 retrieval without
  the canRespondDirectly confidence threshold (ENG-2811/2812). The
  threshold was a byterover-side judgment; calling agents now own the
  "is this match good enough?" decision.
• Tier 3/4 LLM-driven synthesis removed from the executor path.
• HTML-routing in SearchKnowledgeService so HTML topics render
  identically to MD in Tier 2.
• New docs/curate-protocol.md documents the wire envelope.

MCP

• brv-query migrated to the tool-mode envelope; renders matched
  topics as markdown sections.
• brv-curate replaced by brv-curate-html (breaking — see below).
• Shared encoders: src/shared/transport/query-tool-mode-content.ts
  and src/shared/transport/curate-html-content.ts.

SKILL.md

• Tool-mode curate session protocol documented (ENG-2768).
• Query tool-mode section added with skippedSharedCount semantics
  (ENG-2814).
• Deprecated LLM-provider references scrubbed (ENG-2822).

Breaking changes

• MCP brv-curate tool input shape changes. The previous
  {context, files, folder} natural-language inputs are gone. The new
  tool (brv-curate-html / curate-html-direct task type) accepts
  {html, confirmOverwrite?} — pre-authored <bv-topic> HTML from
  the calling agent. MCP integrations relying on the natural-language
  curate input must update. See src/server/templates/skill/SKILL.md
  for the authoring guide.

• BRV_CURATE_TOOL_MODE / BRV_QUERY_TOOL_MODE env vars removed.
  No-op now — tool mode is the only path. Remove from any local
  scripts.

• useHtmlContextTree flag removed. HTML is the only curate
  output format. Existing markdown topics still read fine via the
  format detector; new writes are always HTML.

Tickets shipped

ENG-2737, ENG-2738, ENG-2739, ENG-2740, ENG-2741, ENG-2765, ENG-2766,
ENG-2767, ENG-2768, ENG-2769, ENG-2810, ENG-2811, ENG-2812, ENG-2814,
ENG-2815, ENG-2822, ENG-2836, ENG-2837.

Rollout

• Existing .brv/context-tree/*.md topics keep working — read path
  is format-aware.
• New curate writes land as .html. A separate migration script
  (Phat, parallel work) can re-author legacy MD topics into the
  <bv-topic> HTML format and stash originals under
  .brv/_archive/context-tree-md/. Not included in this PR.
• Users following the "no provider needed" announcement and running
  brv providers disconnect <all> will now find MCP brv-query and
  brv-curate-html work end-to-end — same property as the CLI.

Test plan

• npm run typecheck clean
• npm run lint clean
• npm test — full unit + integration suite (153 files changed,
  ~15k LOC added; new tests cover HTML reader/writer/elements,
  curate-session, query-retrieval, MCP tool-mode envelopes,
  telemetry aggregator, format detectors, prompt builder)
• npm run build clean
• Manual: 0-provider CLI curate + query round trip on a fresh
  .brv/
• Manual: 0-provider MCP brv-query + brv-curate-html from
  Claude Desktop or Cursor MCP
• Manual: HTML topic round-trip through webui editorial viewer
• Verify migration script (Phat's parallel work) lands separately
  and does not block this PR

[github-actions]

Claude finished @danhdoan's task in 3m 52s —— View job

---

Re-review of PR #663 after the ENG-2880 batch (PR #687)

Two PR-specific commits since 4e84552 (c3f17aa → c4c4a52, merged via #687), plus a main-sync merge (0b98569) that pulls in unrelated v3.14.x work. The ENG-2880 pair is exactly the carry-over UX nit that has been flagged across seven prior reviews on this PR — brv curate declared --detach/-f/-d/--timeout but never consumed them, plus the --timeout description disagreement between brv query and brv dream. Both are now resolved cleanly with a shared removed-flags.ts helper and a clear migration message instead of oclif's default Nonexistent flag rendering.

Score: 4.85 / 5 — net improvement from 4.75/5. The longest-standing live finding on this PR is now closed; only cosmetic / defer-defensible items remain. Ready to merge.

What changed since 4e84552

Commit	Scope
c3f17aa	ENG-2880 — drops legacy -d/-f/--detach/--timeout from brv curate and --timeout from brv query. Adds shared src/oclif/lib/removed-flags.ts (findRemovedFlagMessage + argvRequestsJsonFormat + CURATE_REMOVED_FLAGS + QUERY_REMOVED_FLAGS). Updates SKILL.md, brv-instructions.md, workflow.md, command-reference.md to match.
c4c4a52	ENG-2880 review fix — JSON envelope on rejection (was a bare throw), this.error(...) instead of stack-leaking throw new Error(), -- terminator honored, scrubs SKILL.md lines 639 + 658-660 of stale -f / --files references. Bumps the helper's test count from 8 → 15.

Strengths

• Helper-shape is well-chosen. findRemovedFlagMessage returning string | undefined lets the caller drive the response — curate uses emitToolModeEnvelope (structured {errors: [{kind: 'removed-flag', message}], ok: false, status: 'failed'}), query uses writeJsonResponse with its existing {error, status} shape — and either falls back to this.error(message, {exit: 1}) for the human path. Much better than a bare throw new Error(...) which would have stack-leaked through oclif's parser into --format json callers' stdout.
• -- terminator + --flag=value form. Line 40 stops scanning at the standard POSIX terminator, which fixes the brv query -- what does --timeout do false-positive on permissive-parse (relevant because Query is strict = false). Line 42 matches the = form via startsWith('${f}='), and the = separator naturally prevents --folder-extra prefix collisions.
• Symmetric scan-then-parse. Both commands run the scan before await this.parse(...), so the migration message surfaces under strict and permissive parse modes alike. Curate (strict) wouldn't have parsed the flag anyway; query (permissive) would have silently swallowed it as positional — both now reject coherently.
• Doc cleanup is complete. SKILL.md lines 639 + 658-660 (the "File access" paragraph and three error-table rows for Maximum 5 files allowed / File does not exist / File type not supported) are gone, replaced with a single migration-error row. brv-instructions.md / command-reference.md / workflow.md likewise scrubbed. The agent-side description no longer instructs agents to use removed flags.
• Test design. 15 unit cases cover undefined on no-match, long-form match, short-alias match, --flag=value form, first-match short-circuit, ---terminator (both "stops scanning" and "still matches BEFORE the terminator"), and the new argvRequestsJsonFormat discriminator. The "matches BEFORE --" assertion is the load-bearing case — without it, a user typing brv curate --detach -- "ok" could slip a removed flag through.

Issues

1. nit (new, stale docstring) — useHtmlContextTree reference in CurateLogEntry.format doc

src/server/core/domain/entities/curate-log-entry.ts:57-61 still says:

Format mode of the curate output. `'html'` when `useHtmlContextTree` is
on, else `'markdown'`. Settled at task start, not derived from output.

But the PR description explicitly lists useHtmlContextTree as a removed flag — HTML is now the only curate output format. The 'markdown' literal is only retained for back-compat with log entries persisted before the format migration. Also a stray *. on line 60. One-block JSDoc rewrite (suggestion posted inline). Non-blocking.

2. observation (carry-over, non-blocking) — error messages still reference removed brv providers connect/switch commands

Confirmed still standing across:

• src/oclif/lib/daemon-client.ts:36, 38, 41, 181-182, 274-277
• src/oclif/commands/dream.ts:144
• src/tui/utils/error-messages.ts:17, 18, 21
• src/server/infra/daemon/task-validation.ts:26, 36

brv dream is still the live reachable path. Deferred across multiple reviews; the team's pattern has been post-merge polish. Now that ENG-2880 has knocked down the longest carry-over, this is the next-oldest live item. Fix this →

3. observation (carry-over, non-blocking) — <existing-topic> block still inlines system-managed timestamps verbatim

src/server/core/domain/render/curate-prompt-builder.ts:119-123 unchanged. OUTPUT_CONTRACT (line 168) tells the model not to emit createdat/updatedat, but the inlined existing-topic visibly shows them. With tool-mode-dream MERGE candidates now exercising the UPDATE → correction-loop path under meta.previousSummary, worth a one-regex strip pass before the prompt builder shape settles permanently.

4. observation (carry-over, non-blocking) — topic-loader.ts regex parser inconsistent with index-generator.ts parse5

src/server/infra/dream/tool-mode/topic-loader.ts:43, 110-155 still uses BV_TOPIC_RE + parseAttributes, while src/server/infra/context-tree/index-generator.ts:208-222 uses parse5-backed parseHtml / walkElements for the same task. Entity-decoded title attributes diverge (& in the regex path stays literal). Latent — topics are writer-produced today — but worth aligning.

5. observation (carry-over, non-blocking) — CLI ConsoleLogger emits chalk on stderr under --format json

src/oclif/lib/curate-session.ts:380 (sidecar-bump) and :423 (index regen) still construct new ConsoleLogger() unconditionally. dream.ts:33 handles this with format === 'json' ? new NoOpLogger() : new ConsoleLogger(). Cheap to plumb format through ContinueOptions.

Praise

• The two-commit shape. c3f17aa does the surface removal + helper; c4c4a52 does the four polish items from the synchronous code review (JSON envelope, this.error, -- terminator, doc residue). The split keeps each diff focused and reviewable — no "address review feedback" mega-commit. Even the migration sentences read well at human scale: "Pack the folder content into the <bv-topic> HTML directly before calling brv curate" tells the agent what to do, not just what's removed.
• Tests track the helper's invariants, not its implementation. Cases assert on -- short-circuit behavior, --flag=value matching, and first-match priority — the user-observable contract — rather than internal control flow. Future contributors can refactor the loop without breaking the test suite if the semantics hold.
• Catch on the -- terminator. The original commit (c3f17aa) didn't include the -- terminator handling; it was added in the review-fix commit (c4c4a52) to handle brv query -- what does --timeout do. Permissive-parse on Query makes this a real ergonomic concern, and the fix is one line in the helper plus one line in the format detector.
• Doc/code parity. When the agent-side description still mentioned -f / --files, an LLM would have happily emitted those flags into the next brv curate call and gotten the new migration error — a confusing loop. Scrubbing both the command and the SKILL.md it ships closes that gap end-to-end.

Test plan suggestions

• Optional: integration test that brv curate "ctx" --detach --format json emits the structured rejection envelope on stdout and exits non-zero. Would also lock that success: false survives the writeJsonResponse wrapper.
• Optional: brv query -- --timeout 600 (positional content containing a removed flag token) succeeds — the -- terminator path needs an end-to-end smoke test, not just the unit-level helper test.

Final disposition

LGTM. ENG-2880 is high-quality follow-up — clean helper shape, complete doc parity, 15-case test coverage with the load-bearing -- and --flag=value cases explicit. Carry-over items are all known and have consistently been polished post-merge.

Todo

• Identify what changed since 4e84552
• Spot-check the ENG-2880 surface removal + helper + tests
• Verify outstanding carry-over items from prior reviews
• Post inline comments + final summary with score
  · Branch: proj/byterover-tool-mode

[github-actions]

praise: Closes the longest-standing finding from this PR (carry-over across 7 prior reviews). The helper-shape is well-chosen:

• Returns string | undefined so the caller owns the response shape (JSON envelope vs this.error(...)) — much better than the original throw new Error() shape, which would have stack-leaked through oclif and broken --format json parsers.
• -- terminator is honored (line 40), which fixes the brv query -- what does --timeout do false-positive case for permissive-parse.
• --flag=value form is matched correctly via startsWith('${f}='), and the = separator naturally prevents --folder-extra prefix collisions.
• The error message names the literal token the user typed AND surfaces a migration sentence, not a generic "removed" line.

The 15-case test file (including the ---terminator cases at lines 45-51 and 71-73) locks the contract. Nice end-to-end execution on a finicky bit of CLI ergonomics.

[github-actions]

nit (stale doc): The docstring says 'html' when useHtmlContextTree is on, else 'markdown', but the PR description explicitly removes the useHtmlContextTree flag — HTML is now the only curate output format. Two consequences:

1. The condition is no longer expressible: there's no flag to check. New writes are always 'html'.
2. The 'markdown' branch is only set for the back-compat read path (markdown topics still parse via MarkdownWriter), which is the reader concern — but this field tags curate outputs.

If format can still legitimately be 'markdown' (e.g. legacy operations replayed from older log entries), say so explicitly. Otherwise, simplify to 'html' literal and drop the optional. Either way, the useHtmlContextTree reference here will mislead the next contributor doing log-entry archaeology.

Suggested change

	/**
	* Format mode of the curate output. `'html'` when `useHtmlContextTree` is
	* on, else `'markdown'`. Settled at task start, not derived from output.
	*.
	*/
	format?: 'html' | 'markdown'
	/**
	* Format of the curate output. Tool-mode curate always writes HTML
	* (`<bv-topic>`); the `'markdown'` literal is retained for back-compat
	* with log entries persisted before the format migration. Settled at
	* task start, not derived from output.
	*/
	format?: 'html' | 'markdown'

Also: stray *. on line 60 inside the docblock — minor JSDoc lint.

[github-actions]

Claude finished @danhdoan's task in 5m 40s —— View job

---

Re-review of PR #663 after the ENG-2883 batch (PR #690)

Four PR-specific commits since c4c4a52 (8d5ded0 → f6ec3c2 → ffe6856 → 5887e2a, merged via #690). The ENG-2883 batch tackles three FE-breaking LLM-output classes via prompt updates across seven LLM-visible surfaces, plus a read-only related-ref warner that surfaces broken related= attribute targets without rejecting writes. The "ship → review → tighten" arc across the four commits is unusually mature: PR #690's review caught a symmetric false-negative (probing both shapes silently accepted dead-pill scenarios), and 5887e2a flips the probe to "only the suffix the agent chose" with the corresponding inverse tests.

Score: 4.85 / 5 — held from prior review. Quality of the new code is high; remaining items are all known carry-overs that have been deferred across multiple reviews. Ready to merge.

What changed since c4c4a52

Commit	Scope
8d5ded0	ENG-2883 — adds 3 HTML output contract rules (<li> plain-text, <bv-diagram> body-direct + entity-escape, related file/folder suffix convention) across 7 LLM surfaces (SKILL.md, curate-prompt-builder.ts, brv-curate-tool.ts, registry.ts, curate.txt, system-prompt.yml, curate-detail-preservation.yml). Adds related-ref-warner.ts + wiring through HtmlWriteSuccess.warnings.
f6ec3c2	ENG-2883 review fix — surfaces warnings in the MCP envelope (CurateHtmlDirectResult.warnings?), renderEnvelope appends ⚠ <text> lines, swaps existsSync+statSync for race-resilient safeStatIsFile / safeStatIsDir helpers (test exercises EACCES via chmod 0 on the parent dir).
ffe6856	ENG-2883 review fix — drops the "ambiguous (both exist) refs" warning case (the suffix IS the choice; the other shape is irrelevant); rewrites stale TOCTOU comment; adds MCP rendering tests for the three wire shapes (warnings: [...], warnings: [], warnings absent — defends against pre-PR daemon payloads).
5887e2a	ENG-2883 review fix — tightens to probe ONLY the chosen shape; replaces the now-impossible "bare matches file" / ".html matches folder" no-warn tests with their inverses (suffix-mismatch IS a warning now). Adds coaching hint on the bare-form case ("add .html if you meant a file") since "agent forgot the .html suffix" is the typical mistake.

Strengths

• The four-commit arc is a textbook "ship → review → tighten" sequence. Each commit's body explains WHAT changed, WHY (with the specific failure mode it prevents), and what was DEFERRED (with reasoning). 5887e2a in particular catches a symmetric false-negative that the original commit had — probing both forms silently accepted dead-pill scenarios where the agent's suffix and the on-disk shape disagreed. Replacing the now-impossible no-warn tests with their inverses (the new behavior) is the right shape for a "we changed the contract" follow-up.
• Race-resilience is documented in source. safeStatIsFile / safeStatIsDir (related-ref-warner.ts:103-117) swallow ALL errors as "not present" with an explicit comment at l.82-89 explaining why: the warner runs post-write and must never turn a successful curate into a reported failure. The chmod-0 test (related-ref-warner.test.ts:146-167) exercises the EACCES path concretely, not just the ENOENT happy path.
• Test coverage spans all three layers. The warner unit tests (16 cases) cover happy paths, broken refs, suffix-mismatch, race-resilience, and path-traversal. The writer test (html-writer.test.ts:391-427) confirms warnings flow through HtmlWriteSuccess. The CLI side (curate-session.test.ts:168-198) and MCP side (brv-curate-tool.test.ts:434-525) both lock the wire shape (present, empty, absent — including the "older daemon payload" defensive case at line 491).
• 3 output-contract rules across 7 surfaces — and they actually agree. <li> plain-text rule appears verbatim in 7 places. <bv-diagram> no-CDATA + entity-escape rule appears in 7 places with the same --> example. The related file-vs-folder suffix convention is consistent across SKILL.md, the MCP description, the prompt builder, the system prompt, and curate.txt. The diagram preservation note in curate-detail-preservation.yml:47-57 even includes a worked mermaid example with corrected entities. Previously this kind of multi-surface change had drifted between SKILL.md and the prompt builder; this batch lands them in sync.
• Honest deferral. The PR fix: add HTML output contract rules and related-ref warner #690 commit messages explicitly list what wasn't addressed and why: legacy curate-executor.ts warnings plumbing (the surface is being phased out, would expand CurationStatus), WebUI Tasks panel doesn't decode the new warnings field yet, symlink resolution (today's comment overstates the guarantee), case-insensitive FS edge case, chmod 0 test fragility under root uid (Docker node:* images). This is the right level of transparency — the operator running real-corpus tests in two weeks won't be confused about whether something is a known gap vs. a real bug.

Issues

1. suggestion — .htm suffix inconsistency with the file-reader

Posted inline at related-ref-warner.ts:52. wantsFile = stripped.endsWith('.html') is case-sensitive and only matches .html — but file-context-file-reader.ts:95-98 matches both .html AND .htm (the May-15 fix), and format-detector.ts:24 treats both as HTML. So a topic that exists on disk as foo/bar.htm (migrated, manual moves) is readable as a topic but unreachable from a related="@foo/bar.htm" ref — the warner probes for a folder and surfaces it as broken.

2. observation (UX, batch curate) — forward refs surface as warnings on every first-touch

Posted inline at related-ref-warner.ts:17-19. The header comment correctly says "a forward reference to a topic about to be curated is legit" — and the warner stays advisory rather than rejecting. But the ⚠ still SURFACES on every such ref. For tool-mode dream link/merge candidate flows (paired cross-refs across two topics by design), this is the dominant case. Worth a thought once you have telemetry on how often warnings fire on real-corpus dream runs.

3. observation (security, defer-defensible) — symlink defense-in-depth at related-ref-warner.ts:74-80

Posted inline. The comment says symlinks "could theoretically escape; reject any resolution that does" but path.resolve() operates on the string only — it does NOT follow symlinks. The follow-up lstatSync vs statSync swap is already on the list per f6ec3c2. The actual security impact is minimal here (the warner only returns booleans, no content read).

4. issue (carry-over) — error messages still reference removed brv providers connect/switch commands

Confirmed still standing across:

• src/oclif/lib/daemon-client.ts:36, 38, 41, 181-182, 274-277
• src/oclif/commands/dream.ts:144
• src/tui/utils/error-messages.ts:17, 18, 21
• src/server/infra/daemon/task-validation.ts:26, 36

brv dream is still the live reachable path. Now the longest-standing carry-over since ENG-2880 closed the curate-flags one. Fix this →

5. observation (carry-overs, non-blocking)

• <existing-topic> block in curate-prompt-builder.ts:119-123 still inlines system-managed timestamps verbatim. Heavier traffic now with tool-mode-dream MERGE candidates exercising the UPDATE path under meta.previousSummary. One-regex strip pass before the prompt builder shape settles permanently.
• topic-loader.ts regex parser still inconsistent with index-generator.ts parse5. Latent — topics are writer-produced today — but worth aligning.
• CLI ConsoleLogger chalk-on-stderr under --format json (curate-session.ts:380, 423). dream.ts:33 solves this with format === 'json' ? new NoOpLogger() : new ConsoleLogger().

Praise

• Posted inline at related-ref-warner.ts:86-96 — tightening to probe only the suffix the agent chose is the right call, and replacing the "ambiguous" warning with asymmetric-mismatch coverage is a clean net improvement.
• Coaching hint design. The "bare ref + only file present" warning at l.96 includes add ".html" if you meant a file — that's the specific text an agent encountering the typical "I forgot the suffix" mistake needs to see. Cheap to write, high-leverage on the agent's correction loop. The asymmetry (only the bare-form gets the hint, not the file-form) reflects empirical understanding of which mistake is more common.
• MCP envelope render-test triad. brv-curate-tool.test.ts:434-525 covers three wire shapes (warnings: [...], warnings: [], warnings absent) — the third case is the load-bearing one for backward compatibility with pre-PR daemon payloads. Most teams would have written just the happy path.
• Diagram preservation prompt cross-cut. Updating curate-detail-preservation.yml:47-57 to use --> in the mermaid example (instead of leaving the prior --> arrows that would now trip the renderer) shows the kind of multi-file consistency discipline that prevents prompt/contract drift. The corrected example doubles as inline documentation of the rule.

Test plan suggestions

• A test for the .htm ref case (issue 1) — either assert the current "broken" warning text mentions the suffix mismatch, or add .htm to the wantsFile set and assert clean resolution against a seeded foo/bar.htm file.
• A test for the symlink-inside-contextTreeRoot case (issue 3) — even if you defer the lstatSync swap, a regression test that locks the current behavior (symlink-to-outside-folder probed via stat follows the link and returns isDirectory()=true → no warning) at least documents what we have today.

Final disposition

LGTM. ENG-2883 is high-quality follow-up work — multi-surface prompt-contract alignment that previously had drifted, a well-tested read-only warner with race-resilient stat probes, and a textbook iterative review-tightening sequence across four commits. The remaining carry-overs are all known, well-documented, and have consistently been polished post-merge.

Todo

• Identify what changed since c4c4a52 (8d5ded0 → f6ec3c2 → ffe6856 → 5887e2a)
• Spot-check the ENG-2883 warner + envelope + prompt-contract updates
• Verify outstanding carry-over items from prior reviews
• Post inline comments and final summary with score
  · Branch: proj/byterover-tool-mode

[github-actions]

praise: Tightening this to probe only the suffix the agent chose is the right call — and the commit message captures the rationale precisely: the suffix IS the decision, and probing both forms would silently accept a dead-pill (a .html ref + only-folder-on-disk would FE-404 either way). The pair with the .html "coaching hint" on bare-vs-file mismatch (l.96) is a nice ergonomic touch — that's the typical "agent forgot the .html" mistake.

The test in related-ref-warner.test.ts:124-142 ("warns when an explicit .html ref points at a folder instead of a file" / "warns when a bare ref points at a file instead of a folder") locks the contract from both directions. Replacing the previous "ambiguous" warning with this asymmetric-mismatch coverage is a clear net improvement.

The post-write race-resilient stat path (l.103-117) is also well-considered: a transient FS error surfacing the ref as "broken" rather than throwing out of writeHtmlTopic is the right priority order — the topic is already on disk, the warner's job is advisory only.

[github-actions]

suggestion (consistency with the file-reader): endsWith('.html') here is case-sensitive and only matches the .html suffix — but src/server/infra/context-tree/file-context-file-reader.ts:95-98 matches both .html AND .htm, and format-detector.ts:24 treats both as HTML. So a topic that exists on disk as foo/bar.htm (migrated content, older OS conventions, manual moves) is readable as a topic but unreachable from a related="@foo/bar.htm" ref — the warner here treats .htm as a bare ref, probes for a folder, and flags it as broken even though the file exists.

Three options ranked by surface area:

1. Cheapest: broaden the suffix test:

   const lower = stripped.toLowerCase()
   const wantsFile = lower.endsWith('.html') || lower.endsWith('.htm')
   const withoutExt = wantsFile ? stripped.slice(0, -(lower.endsWith('.html') ? 5 : 4)) : stripped

   This matches the file-reader's surface.

2. Cleaner: add a small parseRefSuffix(stripped) → {wantsFile, withoutExt} helper that's shared between the warner and any future ref consumer (FE router, BM25 indexer).

3. Or just document that .htm refs are explicitly unsupported and surface a dedicated unsupported-extension warning.

Latent — topics today are writer-produced as .html — but this is a small wedge between two sibling code paths that the file-reader already had aligned. Case-sensitivity is also listed in the deferred follow-ups (f6ec3c2 commit body), and a single .toLowerCase() on stripped closes that nit at the same time.

[github-actions]

observation (UX, batch curate): The header note says "a forward reference to a topic about to be curated is legit" — and the warner correctly stays advisory rather than rejecting. But the warning still SURFACES on every such ref, which means an agent doing batch curation (curate A → curate B → curate A again to add related="@b"`` is the natural pattern, but curate A with related="@B" first → curate B produces one ⚠ on A's write).

For tool-mode dream's link/merge candidate flows (which by design produce paired cross-refs across two topics) this is the dominant case. The agent gets a ⚠ on the first write, then no ⚠ on the second — but the user-facing log line will read like a real problem.

Two thoughts (defer-defensible — not blocking):

1. Two-pass curate in the orchestrator. Tool-mode dream finalize could write both halves of a link/merge pair, then re-check refs once both are on disk and drop warnings that resolved. Adds complexity; only pays for itself if forward-ref noise becomes an observed pain.
2. Cheap-now signal in the warning text. When the resolved ref's domain folder DOES exist but the target file/folder doesn't, hint at "forward reference?" alongside the existing "no file at …" / "no folder at …" message. Tells the agent (and reviewer) "this is the routine batch case", not "this is a typo".

Worth a thought once you have telemetry on how often warnings fire on real-corpus dream runs. The asymmetric-mismatch coaching at l.96 already shows good intuition for "shape of the typical mistake"; this is the same principle applied to the other common case.

[github-actions]

observation (security, defer-defensible): The comment says "A symlink in contextTreeRoot could theoretically escape; reject any resolution that does." But path.resolve() does NOT follow symlinks — it operates on the string only. If <contextTreeRoot>/security is a symlink pointing at /etc, then path.resolve(contextTreeRoot, 'security/passwd') still returns <contextTreeRoot>/security/passwd (string-wise), isInsideRoot returns true, and the subsequent safeStatIs{File,Dir} would follow the symlink and probe /etc/passwd.

The current commit message (f6ec3c2) already flags this as a follow-up: "lstatSync vs statSync for symlink handling (today the comment overstates the symlink guarantee; the resolved-path check only validates the input string, not the link target)". The actual security impact is minimal here: the warner only does stat().isFile() / isDirectory() and returns a boolean — no content is read, no path is logged in detail beyond the warning string the agent is going to see anyway. So an attacker who controls contextTreeRoot symlinks could only learn "is /etc/passwd a file? yes." through warning suppression — not much of an exfiltration vector.

Still worth either:

• updating the comment to be honest about the guarantee (the input-string check, not the link target), or
• swapping statSync for lstatSync so symlinks are reported as not-the-expected-shape (a symlink isFile() = false, isDirectory() = false, isSymbolicLink() = true — both probes would surface the ref as broken, which is the correct user-facing result).

Cheap to fix at the same time as the case-insensitive FS deferral. Non-blocking.

[github-actions]

Claude finished @danhdoan's task in 7m 51s —— View job

---

Re-review of PR #663 after the ENG-2884 batch (PR #689)

Two PR-specific blocks since 5887e2a: the ENG-2884 refactor (13d83a6 → 7d77a8e → merge #689 → 7a397ba → f5566ac → 2e138a6 → 53004fd → 8c7c1cc → e3f96e8) which removes 4000+ LOC of the legacy LLM-driven brv dream pipeline and replaces the topic root with a thin migration-hint stub. Tool-mode subcommands (brv dream {scan,finalize,undo,sessions,cancel}) cover the same workflow deterministically. The batch also fixes a path-doubling silent-data-loss bug in the dream→curate merge handoff, expands previousMtimes / previousSignals capture so prune undo is bit-exact, and catches a real refresh-index race in PR #689 review (8c7c1cc).

Score: 4.85 / 5 — held from prior review. The refactor is unusually clean for its size (32 files deleted, net -5825 LOC) and the in-cycle bug catches show real review discipline.

What changed since 5887e2a

Commit(s)	Scope
13d83a6	ENG-2884 refactor — removes dream-executor.ts, dream-trigger.ts, consolidate/synthesize/prune LLM ops, dream-response-schemas.ts, parse-dream-response.ts, timeout-deprecation.ts. brv dream is now a thin topic root printing a migration hint. Net –4000 LOC, –14 files.
7d77a8e	ENG-2884 PR #689 review — wires DREAM_REMOVED_FLAGS into the topic root (was exported but never consumed); drops 'dream' + force + 'agent-idle' from TaskTypeSchema / TaskExecuteSchema / TaskCreateRequestSchema. Closes the straggler-task gap (a stale type:'dream' now fails at the schema boundary instead of silently completing with empty result).
7a397ba	Strip trailing .html in topicPathToFilePath so path="x/y" and path="x/y.html" both resolve to the same on-disk file — fixes the merge-workflow silent-data-loss bug where the survivor landed in x/y.html.html while the agent archived the loser thinking the merge succeeded.
f5566ac	searchService.refreshIndex() + SearchKnowledgeOptions.combineWith + pre-archive mtime/signals capture on finalize. DreamLogSchema.PRUNE gains optional previousSignals / previousMtimes. undoPrune restores via utimes() + runtimeSignalStore.set().
2e138a6	Discloses [v1 stub] status on dream sessions / dream cancel in descriptions + JSON envelopes (data.note: 'v1: ...').
53004fd	SKILL.md §7 — sample envelopes, prune-signal thresholds, worked example. Sync-hint comment on the prune threshold constants pointing at SKILL.md.
8c7c1cc	Race-fix on refreshIndex from PR #689 reviewer catch — awaits in-flight build before clearing, so orphan builders can't write back after invalidation. Maintainer-note documents the benign double-build window. New search-knowledge-service-refresh.test.ts (3 cases).
e3f96e8	PR #689 codex review fixes — drop dead-code ?? '' fallback on previousTexts (invariant-guaranteed populated together); hoist TaskTypeSchema above TaskExecuteSchema to make it the single source for both (was inline-duplicated on TaskExecuteSchema.type); SKILL.md path-attribute note softened (writer normalizes either form).

Strengths

• Refactor scope is right-sized. Removed exactly the dead surface: LLM-driven entry, daemon-side dream-trigger, agent-idle dispatch branch, response parsers, timeout-deprecation helper (no consumer post-removal). Kept LLM-agnostic services (dream-undo, dream-state-service, dream-lock-service, dream-log-store) that the tool-mode pipeline reuses. The commit message's "Removed / Trimmed / Kept" tri-list is unusually clear.
• 8c7c1cc race fix — see inline comment at search-knowledge-service.ts:1123. The orphan-builder window was easy to miss and the unit-test contract (refresh must not resolve while a build is in flight) is the cheapest possible pin.
• mtime + signal capture on finalize. The metadata that drove the prune decision (importance, maturity, recency, mtime) is now restorable, so a topic archived as low-importance or stale-mtime returns with the same prune-eligibility on the next scan. Without this, undo silently mutated observable state and the topic stopped re-surfacing — a quiet correctness regression that would only show up under repeated dream cycles. The three-case test triad in dream-undo.test.ts (capture-and-restore, restore-via-utimes, restore-via-signal-store, legacy-log-fallback) is the right shape.
• Path-doubling fix is symmetric. Two reading orderings + confirmOverwrite round-trip = 4 new tests; not just the doubled-extension case in isolation. See inline comment at html-writer.ts:274 for one small follow-up (.htm extension symmetry).
• Schema-source consolidation. TaskTypeSchema is now the single source for TaskExecuteSchema.type, TaskCreateRequestSchema.type, and TaskCreatedSchema.type — previously TaskExecuteSchema.type had an inline z.enum(...) that silently violated the "single source of truth" doc above the declaration. e3f96e8 hoisted the declaration to fix the Zod TDZ at module-load and removed the inline duplicate. Quiet drift that nobody flagged in three prior reviews.
• Honest v1-stub disclosure. [v1 stub] prefix in command descriptions + data.note field in JSON envelopes for dream sessions / dream cancel. Machine consumers branching on sessions.length or status: 'cancelled' see the caveat at the same key shape they'd inspect.

Issues

1. observation (semantic deviation, defer-defensible) — previousSignals captured for never-tracked topics

Posted inline at dream-session.ts:221. runtimeSignalStore.get() returns validateOrDefault(...) — i.e. system defaults when the sidecar has no entry. On a never-tracked topic, undo writes those defaults via set(), creating a sidecar entry that didn't exist before the archive. Strictly speaking, that's not "undo to original state" — it's "undo to original-state + defaults". Defensible (a future access would mutate the defaults anyway), but worth one line in the docstring.

2. suggestion (consistency) — strip .htm too in topicPathToFilePath

Posted inline at html-writer.ts:274. Latent today (dream-scan only emits .html), but /\.html?$/i matches both .html and .htm at no extra cost, and the file-reader / format-detector already handle both — this is the only path-shape resolver that doesn't.

3. nit (CLI behavior asymmetry) — JSON-mode removed-flag rejection exits 0, text-mode exits 1

Posted inline at dream.ts:94. Same pattern as the curate/query precedent, so consistency with the rest of the CLI is preserved. But set -e shell wrappers see different exit codes for the same logical error depending on the --format flag. Either document, or set process.exitCode = 1 before the return.

4. issue (stale comment, post-ENG-2884) — task-router.ts:138-139 still references the removed dream consumer

The preDispatchCheck doc says "Used for dream task type to enforce gates 1-3 (time, activity, queue) even on the CLI dispatch path — mirrors the idle-trigger pre-check pattern." But the 'dream' task type is gone from TaskTypeSchema, and a grep shows no caller passes a preDispatchCheck anymore (only the type plumbing remains). The new task-router.test.ts correctly swapped its fixtures to type: 'curate' — this comment is the last straggler.

Worth either updating to "Currently unused — kept for future per-type gating" or trimming the dream-specific paragraph. (Can't post inline since this exact line wasn't touched in the PR's diff.)

5. observation (carry-over) — daemon-client.ts / task-validation.ts still reference brv providers connect/switch / /provider REPL

Carry-over from prior reviews — but the reachable-impact analysis has shifted significantly since the prior review. With the LLM-driven dream path gone, the validateProviderForTask gate (agent-process.ts:513) is now skipped for all five user-facing tool-mode types (search, query-tool-mode, curate-html-direct, dream-scan, dream-finalize). The only paths that still hit provider validation are the legacy 'curate' / 'curate-folder' / 'query' task types — and the user-facing CLI commands (brv curate, brv query) have all been migrated to the new tool-mode types.

Real-world reachability is now near-zero unless a stale MCP client or an older CLI binary still produces legacy task types. Worth a one-pass scrub regardless, but the urgency from the May 19 review is gone.

6. observations (carry-overs, unchanged)

• topic-loader.ts regex parser still inconsistent with index-generator.ts parse5.
• <existing-topic> block in curate-prompt-builder.ts:119-123 still inlines system-managed timestamps.
• CLI ConsoleLogger chalk-on-stderr under --format json (sidecar-bump + index-regen in curate-session.ts).

Praise

• PR refactor: [ENG-2884] remove legacy LLM-driven brv dream path #689 review catch on the refresh-index race — saving a real correctness bug from landing. Pulling the cycle in three days (ship f5566ac → reviewer catches the orphan-builder window → ship 8c7c1cc with explicit unit-test contract) is the model "ship → review → tighten" arc.
• Codex review-fix discipline in e3f96e8 — five items, each scoped to one file, each with a why-this-matters line in the commit message. The TaskTypeSchema hoist+dedupe fixes drift that three prior human review rounds missed because it lived behind a "single source of truth" doc comment that was technically lying.
• Test count delta is honest. Net -184 tests is exactly what the deleted file inventory predicts — no orphan suites pointing at vanished modules, no zombie tests pinning long-dead behavior.
• Migration text quality. dream cancel's text-mode output (l.41-46) tells the user that curate writes between scan and cancel are NOT rolled back by brv dream undo, and points to brv review reject as the right rescue. That's the specific rescue path a confused user needs — and most teams would have shipped a generic "session cancelled" line.
• Sub-agent test design. search-knowledge-service-refresh.test.ts injects state.buildingPromise directly rather than going through a full IFileSystem mock, because the contract under test is exactly that interaction. Pragmatic, well-scoped, leaves a 28-line file that any future maintainer can read top-to-bottom.

Final disposition

LGTM. ENG-2884 is high-quality refactor work — the size doesn't represent risk because the removed surface was orphaned and the kept surface is fully covered. The mid-cycle catches on 8c7c1cc (race) and e3f96e8 (schema drift) are the kind that pay for themselves immediately. Remaining items are all defer-defensible or post-merge polish.

Todo

• Identify what changed since 5887e2a
• Spot-check the ENG-2884 refactor + ENG-2884 sub-fixes (13d83a6, 7d77a8e, 7a397ba, f5566ac, 2e138a6, 53004fd, 8c7c1cc, e3f96e8)
• Verify outstanding carry-over items from prior reviews
• Post inline comments + final summary with score
  · Branch: proj/byterover-tool-mode

[github-actions]

praise: Idempotent .html stripping is the right shape for the dream→curate handoff. The doc above (l.260-271) names the failure mode it prevents (auth/jwt.html.html, silent path-exists bypass, archived loser + stale survivor), and the four new tests in html-writer.test.ts lock the contract from both orderings (bare-first-then-suffixed + suffixed-first-then-bare + confirmOverwrite round-trip). That's the right test triad for a "two input shapes must resolve to one file" invariant — it would have been easy to just test the doubled-extension case in isolation and miss the symmetry.

One micro-nit: the case-insensitive regex /\.html$/i correctly handles .HTML etc., but file-context-file-reader.ts:95-98 and format-detector.ts:24 both treat .htm as HTML too. If path="x/y.htm" ever shows up (manual migration, legacy import), this resolver would keep the .htm suffix, append .html, and produce x/y.htm.html — same doubled-extension problem this fix was designed to prevent, just one extension off.

Latent today (dream-scan emits .html only), but for full symmetry with the reader, consider:

const normalized = topicPath.replaceAll('\\', '/').replace(/^\/+/, '').replace(/\.html?$/i, '')

The s? matches .html and .htm identically. Same regex character cost.

[github-actions]

praise (the race fix in 8c7c1cc): The original refreshIndex() in f5566ac had the orphan-builder race — clearing cachedIndex + buildingPromise while a prior acquireIndex() build was still in flight, then the orphan build resolved and wrote back to state.cachedIndex (line ~1016), defeating the invalidation. Awaiting the in-flight before clearing is the right shape: by the time the await returns, the in-flight has either published its result (which is then cleared) or rejected (which is swallowed — the caller doesn't care about the orphan's outcome). No publisher can write back after invalidation because the publishing point is now in the past relative to the clear.

The maintainer note about state.buildingPromise = undefined being defensive (l.1111-1121) is unusually thoughtful — it identifies the only post-fix race window (a fresh acquireIndex() that captures a new buildingPromise between await resolution and the explicit clear, where the clear then nulls the new pointer leaving a benign parallel double-build) and explicitly classifies it as performance-only, not correctness. That class of "we know about this edge case and it's intentional" comment is exactly what prevents the next contributor from "fixing" the non-bug.

The unit test in test/unit/agent/tools/search-knowledge-service-refresh.test.ts pins the contract (refresh-must-not-resolve-while-building) directly via state.buildingPromise injection — the cheapest test that locks the behavior at the seam. Cold-state idempotency and rejected-build cases round it out. Three cases, every one load-bearing.

[github-actions]

observation (semantic deviation on never-tracked topics): runtimeSignalStore.get(relPath) never returns undefined — validateOrDefault ensures a default RuntimeSignals is returned when the sidecar has no entry for relPath (runtime-signal-store.ts:49-52). For a topic that was created without ever going through the sidecar-writing path (rare today, but possible: hand-authored files, restored from a non-tool-mode archive, future migration tools), the captured previousSignals[path] is the default object, not "no signals".

On undo, undoPrune then writes those default signals via runtimeSignalStore.set() — which creates a sidecar entry that didn't exist before the archive. Not strictly an "undo to original state" — the post-undo sidecar inventory now has one more entry than the pre-archive inventory. Defensible (the defaults are now explicit, and the next access bump will mutate them anyway), but worth noting in the docstring or capturing as a discriminator.

If you want strict bit-exactness on this edge case, two options:

1. Probe the sidecar's raw existence via keyStorage.get before capturing, and store undefined in previousSignals[path] when the sidecar entry was genuinely absent. Then undoPrune either calls set() or delete() accordingly.
2. Have runtimeSignalStore.getRaw(relPath): Promise<RuntimeSignals | undefined> so the dream-finalize path can distinguish "present-as-defaults" from "absent".

Non-blocking — the deviation only affects never-tracked topics, which are not the dream-scan target population. Worth one line in the previousSignals docstring at l.150-163: "For topics with no pre-archive sidecar entry, the captured snapshot is the system default — undo will create a sidecar where one didn't exist."

[github-actions]

nit (consistency): The text-mode branch uses this.error(removed, {exit: 1}) (l.98), which throws and sets exit 1. The JSON-mode branch uses writeJsonResponse(...) then return — implicitly exit 0 — but the envelope carries success: false / data.status: 'error'.

The discrepancy is intentional and matches the curate/query precedent (both do the same thing), but a CLI caller wrapping brv dream with set -e will get different shell-script behavior between brv dream --timeout 30 (fails) and brv dream --timeout 30 --format json (succeeds). Two clean options if scripts that branch on exit code matter:

• Document the asymmetry in removed-flags.ts (it's an implicit contract today).
• Set a non-zero exit after the JSON envelope: process.exitCode = 1; return. The envelope still flushes to stdout cleanly, and shell callers see consistent failure semantics.

Not blocking — the JSON envelope's success: false is the machine-readable truth, and set -e users typically inspect .success. But this is the same asymmetry that bit MCP integrations on the pre-ENG-2837 curate path; worth being explicit about it.