Improve agent token efficiency for history and activity

.agents/pm/features/pm-rnpb.toon

@@ -6,15 +6,16 @@ status: in_progress
 priority: 0
 tags[10]: agent-ux,audit,calendar,ci,dogfood,pm-cli,sdk,search,security,telemetry
 created_at: "2026-05-03T13:20:01.343Z"
-updated_at: "2026-05-20T21:10:28.981Z"
+updated_at: "2026-05-20T22:23:02.164Z"
 deadline: "2026-06-01T00:00:00.000Z"
+assignee: codex-audit-2026-05-20
 author: codex-audit
 estimated_minutes: 300
 acceptance_criteria: Audit findings are actionable and deduplicated; changed files and verification commands are linked; temporary dogfood project validates core workflows; any discovered bugs with safe fixes are remediated and tested.
 parent: pm-jrjt
 dependencies[1]{id,kind,created_at,author,source_kind}:
   pm-jrjt,parent,"2026-05-03T13:20:01.343Z",codex-audit,null
-comments[139]{created_at,author,text}:
+comments[155]{created_at,author,text}:
   "2026-05-03T13:20:01.343Z",codex-audit,Parent lineage established under pm-jrjt after duplicate checks found only closed prior audit items.
   "2026-05-09T11:12:26.232Z",codex-agent,"Duplicate check before this pass: pm context --limit 10 --depth standard, pm search dogfood audit extensible sdk calendar semantic search telemetry sentry --limit 10, pm list-open --limit 20, and pm list-in-progress --limit 20. Reusing open feature pm-rnpb; prior same-day task pm-m35h is closed, so no duplicate item created."
   "2026-05-09T11:46:59.430Z",codex-agent,"Evidence 2026-05-09: temp dogfood project exercised init/create/claim/update/files/docs/tests/calendar/context/aggregate/dedupe/search/reindex/extension scaffold/install/doctor/contracts/manage. Fixed search gap discovered there: reminder/event metadata is now in keyword and semantic corpus, and short phrase scoring ranks exact calendar event titles first. Verification passed: focused search/reindex/cache tests, release-readiness/search focused tests, linked pm test, full 100% coverage, static quality gate, CI workflow contract tests, pm health, pm validate, npm pack dry-run, secret scan, live telemetry/Sentry checks, and real hybrid reindex of 679 items."
@@ -154,6 +155,22 @@ comments[139]{created_at,author,text}:
   "2026-05-20T20:44:34.646Z",claude-code-agent,"text=Dogfood+privacy session 2026-05-20 (claude-code-agent, sub-agent driven). Shipped under PR #34 (branch audit/dogfood-2026-05-20-agent-ux): pm-qrxs (MCP pm_search compact default), pm-8jd3 (MCP activity compact default), pm-h4zb (secret guardrail: all gh token prefixes + testable rules + sudo-pw redaction), pm-atsv (CLI consistency: append text forms, scope-error enumeration, docs/test --list, command did-you-mean), pm-d7us (Sentry PM-CLI-R/PM-CLI-S root-caused as pre-2026.5.18 unguarded .trim/.join, already fixed on HEAD, marked resolvedInNextRelease). Gates: build, typecheck, 100% coverage (1620/1179/279/1566), secret scan, static-quality, packaged dogfood (84 cmds), sentry/telemetry gate ok (sentry 0/0/0, telemetry error rate 2.6%, queue draining real-time). Open follow-ups: pm-3pbs, pm-nbht, pm-orrl, pm-5k2w."
   "2026-05-20T21:01:07.352Z",codex-pr-review,"Evidence: addressed PR #34 review threads. Local verification passed: pnpm build; focused suite PM_RUN_TESTS_SKIP_BUILD=1 node scripts/run-tests.mjs test -- tests/unit/check-secrets.spec.ts tests/unit/get-append-command.spec.ts tests/unit/files-docs-command.spec.ts tests/integration/help-runtime.spec.ts tests/integration/mcp-dynamic-package-actions.spec.ts tests/unit/test-command.spec.ts (6 files, 104 tests); full gate pnpm build && node scripts/run-tests.mjs coverage && pnpm quality:static && node scripts/check-secrets.mjs (96 files, 1392 tests, 100 percent coverage, static gate, secret scan)."
   "2026-05-20T21:09:02.005Z",codex-pr-review,"GitHub verification: PR #34 commit 03765c95 has mergeStateStatus CLEAN and all checks passed: Build foundation, Ubuntu tests, macOS tests, coverage, typecheck, static, compat, smokes, Sourcery, and CodeRabbit (Actions run 26189749692). Proceeding to merge and delete PR branch."
+  "2026-05-20T21:14:13.993Z",codex-audit-2026-05-20,"Duplicate-check evidence: searched manual dogfood SDK calendar search performance CI telemetry token agent UX and reused canonical feature pm-rnpb; open related follow-ups include pm-59gj, pm-gt82, pm-6vfg, pm-orrl, pm-nbht, pm-3pbs, pm-mbdu, and pm-5k2w."
+  "2026-05-20T21:19:00.923Z",codex-audit-2026-05-20,"Sub-agent evidence: search/calendar/vector review found reindex does not prune deleted vector records, timezone-aware calendar bucketing/display gaps, explicit calendar --format toon falling back to markdown, and extension-backed reindex underreporting batches_completed. SDK/package review found permissive runtime extension action schemas, hardcoded optional package command ownership maps, catalog privacy inference, and duplicated capability constants. GitHub/Sentry/privacy review found no open repo issues, Dependabot PRs green, Sentry unresolved 0, tracked secret scan clean, but private telemetry stack has a queue backlog requiring ops follow-up. Reusing existing pm-rnpb/pm-59gj/pm-xk39/pm-gt82 lineages rather than duplicating items."
+  "2026-05-20T21:31:49.894Z",codex-manual-dogfood,"Manual dogfood reviewer start: bootstrapped with npm install -g ., pm --version=2026.5.18, node=v25.9.0, pnpm=10.33.0, pnpm build passed. Reusing active audit lineage; dogfood commands will use isolated temp PM_PATH/PM_GLOBAL_PATH and no repo file edits."
+  "2026-05-20T21:34:12.959Z",codex-manual-dogfood,"Manual dogfood findings 2026-05-20: isolated temp project at /tmp/pm-manual-dogfood-20260520-o4D9ev with PM_PATH/PM_GLOBAL_PATH separated. Covered init --with-packages, create/claim/update/close/release, files/docs/tests/comments/notes/learnings, list/search/context/activity/history, deps lookup, calendar, package catalog/explore/manage/doctor/install, contracts/help, todos/beads import-export surfaces. Key findings: 53 MODULE_TYPELESS_PACKAGE_JSON warnings from bundled extensions after package install; pm comments on long-lived item returns full history; activity default still prints full patches; dependencies command expectation fails because actual command is deps; calendar event create phrase is silently treated as agenda; calendar same-day from/to rejected; package explore has no query/target filter; todos export silently ignores unsupported --format/--output and writes default folder; package/catalog invalid fields guidance is helpful; history --compact works and is much smaller; linked test sandboxing works with node scripts/run-tests.mjs form."
+  "2026-05-20T21:34:56.833Z",codex-gpt5,"Sub-agent finding (search/calendar/vector): semantic reindex can use extension embed providers but search requires full query providers; gc embeddings leaves vectorization-status/lancedb state; auto-index refresh warnings are profile-only; completions advertise optional package commands; LM Studio works through openai.base_url but is not discoverable. Implementing safe cleanup fix now; larger provider/completion UX gaps remain tracked under pm-rnpb follow-ups."
+  "2026-05-20T21:36:19.701Z",codex-gpt5,"Sub-agent finding (performance/CI/code quality): startup --version fast path is healthy around 40ms, but normal CLI imports still cost ~176-377ms and release-readiness/history focused specs are slow due to repeated spawned CLI calls. Static quality gate passes but duplicate/complexity focus misses CLI command hotspots. Keeping this branch to compact history + semantic gc cleanup; performance/test-sharding/static-quality ratchets remain in existing pm-gt82/pm-mbdu/pm-rnpb follow-ups."
+  "2026-05-20T21:44:55.222Z",codex-full-audit,"Audit kickoff 2026-05-20: reused existing parent pm-rnpb and in-progress child pm-3pbs after duplicate search. Bootstrap passed: npm install -g ., pm --version 2026.5.18, node v25.9.0, pnpm 10.33.0, pnpm build. Preserving existing dirty implementation changes before further edits."
+  "2026-05-20T21:48:12.269Z",codex-full-audit,"GitHub external audit 2026-05-20: no open issues, Dependabot alerts, secret scanning alerts, private security advisories, queued runs, or unmerged review work. Actionable maintenance PRs found: #30 pnpm/action-setup 6.0.4->6.0.8 and #31 tsx 4.22.0->4.22.1 are clean/green; Dependabot Updates run 26014999094 had a one-off unknown_error on softprops/action-gh-release but created PR #30 successfully. No new duplicate pm item created; tracking under pm-rnpb unless the failure repeats."
+  "2026-05-20T21:49:01.863Z",codex-full-audit,"CI/coverage audit 2026-05-20: current 100% gate is strict but not broad because release-readiness coverage allowlist excludes critical runtime surfaces such as cli main, telemetry/Sentry runtime, MCP server, SDK contracts, and command registration. Recent CI wall time about 7m with coverage ~5m41; high-churn cache keys hash src/tests/tracker content; docs-only PRs still run full PR CI; release workflow repeats most gates; auto-release watches active Release workflows without pinning to the dispatched tag. Track as pm-rnpb follow-up; no duplicate item created during this focused patch."
+  "2026-05-20T21:50:07.683Z",codex-full-audit,"Manual dogfood sub-agent 2026-05-20: verified isolated temp project with dist/cli.js 2026.5.18 and separate PM_PATH/PM_GLOBAL_PATH. Healthy paths: init, progressive create, claim/update/files/docs/tests/comments/notes/learnings/deps/test-run/context/list/get/history/activity/search/reindex/guide-shell/calendar/validate/normalize/gc/close/release. Findings mapped to existing items, no duplicates: health --brief still 369 lines -> pm-nbht; init/config/package list bootstrap output noisy -> pm-5k2w/pm-59gj; dependencies alias absent -> pm-5k2w; event same-start/end recovery needs duration example -> pm-5k2w. Current patch addresses pm-3pbs history/activity verbosity."
+  "2026-05-20T21:51:22.682Z",codex-full-audit,"Telemetry/Sentry audit 2026-05-20: Sentry currently has 0 unresolved issue groups and no recent error logs; recent logs are usage warnings. Live telemetry API accepts events, but ingestion is stalled: persisted data is stale since 2026-05-19T21:45:44Z and the event queue has a large ready/unacked backlog while worker logs show insert failures. pm health --check-only --json reported telemetry ok despite stale persistence/backlog, so release/health gates need freshness/backlog checks. Host-specific diagnostics remain only under ignored local telemetry tooling; no private stack details added to tracked docs."
+  "2026-05-20T21:52:08.303Z",codex-full-audit,"SDK/extensions audit 2026-05-20: package-first review found init --with-packages can report installed_all while package doctor shows first-party package runtime load failures for package runtimes using top-level await under the current transform; extension action schemas remain permissive/type-poor; strict extension flag validation needs required/short flag parity; SDK/contracts should expose richer config-driven schema metadata; contracts --command should accept extension command groups; package-owned command hints are still partly hardcoded. Mapped to existing pm-rnpb/pm-59gj plus current pm-3pbs strict-flag patch; no duplicate item created."
+  "2026-05-20T22:03:30.428Z",codex-full-audit,"Code/performance audit 2026-05-20: confirmed activity full is now exposed in action schema; remaining performance gaps are follow-ups: compact history/activity reduce tokens but still read/sort full histories, GC/search artifact registry is duplicated between gc and cache invalidation, and read command dispatch still imports a broad command index. Strict extension validation now rejects unknown/disabled long flags and canonicalizes short flags in the parser helper; full runtime short/required parity remains a pm-rnpb/pm-59gj follow-up because command dispatch does not yet consistently preserve short option tokens for extension subcommands."
+  "2026-05-20T22:10:49.653Z",codex-full-audit,"PR evidence 2026-05-20: pushed branch audit/token-output-activity-history-2026-05-20 commit 50d80641 and opened PR #35 (https://github.com/unbraind/pm-cli/pull/35) for compact history/activity output, semantic gc cleanup, and dynamic flag validation. Local gates passed before push: build, focused regression, full coverage 100%, static quality, secret scan. Watching CI and review-bot feedback before merge."
+  "2026-05-20T22:20:23.463Z",codex-full-audit,"PR #35 review feedback addressed: Sourcery noted normalizeActivityOptions ignored explicit compact=false when full was absent; Gemini noted extension subcommand flag lookup precedence. Patched activity compact precedence and made nested extension command flag definitions win over group-level matches. Focused verification passed: PM_RUN_TESTS_SKIP_BUILD=1 node scripts/run-tests.mjs test -- tests/integration/cli.integration.spec.ts tests/unit/main-loose-options.spec.ts tests/unit/history-activity-command.spec.ts tests/integration/mcp-dynamic-package-actions.spec.ts --reporter=dot (4 files, 102 tests); pnpm exec tsc --noEmit passed."
+  "2026-05-20T22:23:02.164Z",codex-full-audit,"PR #35 CodeRabbit follow-up addressed: preserved alias values when both canonical and alias extension flags are supplied, while keeping nested extension flag precedence. Focused verification passed again: PM_RUN_TESTS_SKIP_BUILD=1 node scripts/run-tests.mjs test -- tests/unit/main-loose-options.spec.ts tests/integration/cli.integration.spec.ts tests/unit/history-activity-command.spec.ts tests/integration/mcp-dynamic-package-actions.spec.ts --reporter=dot (4 files, 102 tests); pnpm exec tsc --noEmit passed."
 notes[2]{created_at,author,text}:
   "2026-05-17T07:36:59.474Z",codex-agent,"Design note 2026-05-17: unfiltered pm contracts default now intentionally omits three heavy sections (schema oneOf union, command_flags, commander_aliases) and emits explicit omitted_reason markers; --full restores complete schema and alias/flag surfaces for tooling that needs maximal detail."
   "2026-05-17T08:33:25.981Z",codex-agent,"Design note 2026-05-17: default brief projection was intentionally scoped to bare 'pm list' instead of all list-* commands to preserve existing automation contracts while still cutting agent token usage on the highest-frequency exploratory list call."