Harden agent UX and Sentry global option handling

[unbraind]

Summary

• Compact create output by omitting body from changed_fields when no body was supplied.
• Align calendar package help and completions with the accepted scheduled include alias.
• Improve equal event start/end recovery guidance for create and update.
• Fix Sentry PM-CLI-T by making getGlobalOptions tolerate command-like extension objects without optsWithGlobals.
• Sanitize tracked pm evidence for private local-ops wording using pm commands and history-redact.

Verification

• PM_RUN_TESTS_SKIP_BUILD=1 node scripts/run-tests.mjs test -- tests/unit/registration-helpers.spec.ts tests/unit/create-command.spec.ts tests/unit/update-command.spec.ts tests/unit/completion-command.spec.ts tests/integration/release-readiness-runtime.spec.ts --reporter=dot
• Manual isolated temp smoke with dist/cli.js covering create changed_fields, equal event recovery, calendar help, and completion aliases.
• pnpm build
• pnpm quality:static
• node scripts/check-secrets.mjs
• node scripts/dogfood-package-first.mjs
• node scripts/release/run-gates.mjs --telemetry-mode required --max-sentry-critical 10 --max-sentry-high 20 --max-telemetry-error-rate 10 --json

Observability

• Resolved Sentry PM-CLI-T after the fix.
• sentry issue list --query is:unresolved returned no unresolved issues.
• pm health --check-only --brief --json returned ok with no warnings.

pm Items

• pm-rnpb
• pm-5k2w
• pm-xk39

Summary by Sourcery

Harden CLI agent UX for calendar events and global option handling while aligning calendar include options and updating tracked agent artifacts.

Bug Fixes:

• Prevent create/update commands from accepting calendar events with equal start and end times, with clearer guidance on valid instant events.
• Avoid including body in create-command changed_fields output when no body content is provided.
• Make global option resolution resilient to command-like extensions that lack optsWithGlobals, preventing Sentry-reported runtime errors.

Enhancements:

• Align calendar extension help text, flags, and shell completions to support the scheduled include option across the CLI.
• Refresh internal agent configuration and history artifacts to sanitize tracked evidence wording.

Tests:

• Add unit coverage for create/update equal start/end event validation messaging.
• Extend completion, registration-helper, and release-readiness tests to cover calendar include=scheduled support and robust global option handling.

[sourcery-ai]

Reviewer's Guide

This PR hardens CLI UX around events and calendar options, fixes global option handling for Sentry-related command-like extensions, and updates agent metadata/history, with targeted unit and integration tests to guard the new behaviors.

Sequence diagram for getGlobalOptions fallback handling

sequenceDiagram
  actor User
  participant Command as CommandLike
  participant Helpers as registration_helpers

  User->>Helpers: getGlobalOptions(command)
  Helpers->>Command: optsWithGlobals()
  alt [optsWithGlobals is a function]
    Command-->>Helpers: optsWithGlobals result
  else [optsWithGlobals missing]
    Helpers->>Command: opts()
    alt [opts is a function]
      Command-->>Helpers: opts result
    else [opts missing]
      Helpers-->>Helpers: use empty options {}
    end
  end
  Helpers-->>User: GlobalOptions { json, quiet, verbose, debug }

Loading

Flow diagram for event start/end validation in create and update commands

flowchart TD
  A[parseEvents / parseEventEntries] --> B[resolveIsoOrRelative for startAt]
  B --> C[resolveIsoOrRelative for endAt]
  C --> D{endAt exists and endAt <= startAt?}
  D -->|Yes| E[throw PmCliError with message --event end must be after start; equal start/end timestamps are invalid. Omit end for an instant event or set end later than start.]
  D -->|No| F[Continue building CalendarEvent and proceed]

Loading

File-Level Changes

Change	Details	Files
Create command no longer reports body as changed when empty and provides clearer validation for invalid event timestamps.	Adjust buildChangedFields to only include body when the request body is non-empty and pass body into this helper from runCreate. Update create-command unit tests to assert that changed_fields omits body when no content is supplied. Enhance event parsing in create to reject end timestamps that are not strictly after start with explicit guidance for equal start/end cases.	src/cli/commands/create.ts tests/unit/create-command.spec.ts
Update command event parsing now rejects equal start/end timestamps with improved error guidance.	Change event parsing in update to emit a more descriptive error when end is not strictly after start, explicitly calling out equal timestamps. Add unit coverage to ensure runUpdate fails with the new guidance when start and end are equal.	src/cli/commands/update.ts tests/unit/update-command.spec.ts
Global option resolution is made tolerant of command-like extension objects that lack optsWithGlobals to avoid crashes (Sentry PM-CLI-T).	Relax getGlobalOptions to safely handle commands that expose optsWithGlobals, only opts, or neither, defaulting to an empty options object when necessary. Introduce unit tests to cover registration helper behavior and guard against regressions in global option handling.	src/cli/registration-helpers.ts tests/unit/registration-helpers.spec.ts
Calendar include flag gains support for the scheduled source across the extension, help output, and shell completions.	Add scheduled to the allowed values for the --include flag in the calendar extension (JS/TS). Extend zsh and fish completion generation to include the scheduled source for calendar include options. Update completion and integration tests to assert that help and completion scripts expose deadlines	reminders
Agent chore/issue/history artifacts are updated to sanitize and refine locally stored pm evidence metadata.	Modify agent .toon and .jsonl records for relevant chores, issues, features, and history entries to reflect sanitized wording and updated evidence metadata.	.agents/pm/chores/pm-5jw8.toon .agents/pm/chores/pm-5k2w.toon .agents/pm/features/pm-rnpb.toon .agents/pm/history/pm-5jw8.jsonl .agents/pm/history/pm-5k2w.jsonl .agents/pm/history/pm-h4zb.jsonl .agents/pm/history/pm-rnpb.jsonl .agents/pm/issues/pm-h4zb.toon

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Warning

Rate limit exceeded

@unbraind has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 1 second before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: d3605a4f-4630-4a8d-8cc0-204fe88db9b7

📥 Commits

Reviewing files that changed from the base of the PR and between 7998323 and 5fe1777.

📒 Files selected for processing (4)

• .agents/pm/chores/pm-5k2w.toon
• .agents/pm/features/pm-rnpb.toon
• .agents/pm/history/pm-5k2w.jsonl
• .agents/pm/history/pm-rnpb.jsonl

📝 Walkthrough

Walkthrough

This PR extracts shared event validation messaging, adds support for scheduled events in the calendar extension, improves global option resolution resilience in registration helpers, refines body field tracking in create operations, and comprehensively documents audit completion and feature implementation status across PM metadata files.

Changes

Event Validation and Feature Completion

Layer / File(s)	Summary
Shared event validation message extraction src/cli/commands/event-validation-messages.ts, src/cli/commands/create.ts, src/cli/commands/update.ts, tests/unit/create-command.spec.ts, tests/unit/update-command.spec.ts	New EVENT_END_AFTER_START_MESSAGE constant is imported and used by both create and update commands for consistent end-after-start validation messaging. Tests verify equal timestamp rejection with correct error text.
Calendar scheduled event source support packages/pm-calendar/extensions/calendar/index.js, packages/pm-calendar/extensions/calendar/index.ts, src/cli/commands/completion.ts, tests/unit/completion-command.spec.ts, tests/integration/release-readiness-runtime.spec.ts	Calendar --include flag now accepts scheduled as a new event source type. Shell completion scripts (Zsh and Fish) are updated, and tests verify the new option appears in help and completion output.
Global options fallback and safer resolution src/cli/registration-helpers.ts, tests/unit/registration-helpers.spec.ts	New CommandOptionsReader helper safely extracts option readers from command objects. getGlobalOptions now prefers optsWithGlobals() but falls back to opts() for commands lacking the extended method. Test suite covers fallback and explicit option precedence.
Conditional body field in changed_fields src/cli/commands/create.ts, tests/unit/create-command.spec.ts	buildChangedFields now accepts body and conditionally includes "body" in changed_fields only when body is non-empty. Create flow passes body to helper for accurate field tracking.
PM audit and feature tracking .agents/pm/chores/pm-5jw8.toon, .agents/pm/chores/pm-5k2w.toon, .agents/pm/features/pm-rnpb.toon, .agents/pm/issues/pm-h4zb.toon, .agents/pm/history/pm-5jw8.jsonl, .agents/pm/history/pm-5k2w.jsonl, .agents/pm/history/pm-h4zb.jsonl, .agents/pm/history/pm-rnpb.jsonl	Release verification metadata updated with test runs and completion status. Chore records extended with new test coverage and regression targets. Feature records document observability audit completion, Sentry issue resolution, telemetry queue draining, and privacy redaction of local ops credentials.

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the two main objectives: hardening agent UX (create output, calendar alignment, event validation) and fixing Sentry global option handling via getGlobalOptions robustness.
Description check	✅ Passed	The description is directly related to the changeset, detailing all five changes (body omission, calendar scheduling, event recovery, global options, sanitization) with verification steps and observability confirmation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[unbraind]

@coderabbitai review
@sourcery-ai review

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The new equal start/end validation message is duplicated in both parseEvents and parseEventEntries; consider extracting it into a shared constant to keep UX text consistent over time.
• In getGlobalOptions, the broad command as Command & { ... } cast and runtime checks on optsWithGlobals/opts could be tightened by introducing a small CommandLike interface or type guard, which would make the fallback behavior clearer and easier to maintain.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new equal start/end validation message is duplicated in both `parseEvents` and `parseEventEntries`; consider extracting it into a shared constant to keep UX text consistent over time.
- In `getGlobalOptions`, the broad `command as Command & { ... }` cast and runtime checks on `optsWithGlobals`/`opts` could be tightened by introducing a small `CommandLike` interface or type guard, which would make the fallback behavior clearer and easier to maintain.

## Individual Comments

### Comment 1
<location path="src/cli/commands/create.ts" line_range="1080" />
<code_context>
 }

-function buildChangedFields(frontMatter: ItemMetadata, explicitUnsets: string[]): string[] {
+function buildChangedFields(frontMatter: ItemMetadata, body: string, explicitUnsets: string[]): string[] {
   const changed = [
     ...FRONT_MATTER_KEY_ORDER.filter((key) => frontMatter[key] !== undefined),
-    "body",
+    ...(body.length > 0 ? ["body"] : []),
     ...explicitUnsets.map((key) => `unset:${key}`),
   ];
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Revisit how an empty or whitespace-only body is treated when computing changed fields.

Previously, `"body"` was always in `changedFields`, even when empty. Now it’s only added when `body.length > 0`, which changes semantics for callers that explicitly clear the body. If you only want to treat non-whitespace content as a change, consider `body.trim().length > 0`. If you instead want to preserve the old behavior while omitting `"body"` when it was never provided, this condition likely needs to depend on how the body was sourced (explicit vs default), not just its length.

```suggestion
    // Treat only non-whitespace body content as a change
    ...(body.trim().length > 0 ? ["body"] : []),
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (bug_risk): Revisit how an empty or whitespace-only body is treated when computing changed fields.

Previously, "body" was always in changedFields, even when empty. Now it’s only added when body.length > 0, which changes semantics for callers that explicitly clear the body. If you only want to treat non-whitespace content as a change, consider body.trim().length > 0. If you instead want to preserve the old behavior while omitting "body" when it was never provided, this condition likely needs to depend on how the body was sourced (explicit vs default), not just its length.

Suggested change

	...(body.length > 0 ? ["body"] : []),
	// Treat only non-whitespace body content as a change
	...(body.trim().length > 0 ? ["body"] : []),

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get PR details and diff
gh pr view 38 --repo unbraind/pm-cli --json title,body,files,additions,deletions,changedFiles
echo "---DIFF---"
gh pr diff 38 --repo unbraind/pm-cli

Length of output: 117623

---

🏁 Script executed:

#!/bin/bash
# Check if there's a bash completion section for calendar --include that might also need 'scheduled'
rg -n "include.*deadlines|include.*calendar|bash.*calendar|calendar.*bash" src/cli/commands/completion.ts | head -30
echo "---"
# Also check the full context around bash completion for --include
rg -n "deadlines reminders events" src/cli/commands/completion.ts

Length of output: 508

---

🏁 Script executed:

#!/bin/bash
# Check for bash completion section for calendar
rg -n "bash|BASH|_pm_complete|case.*calendar|calendar.*case" src/cli/commands/completion.ts | head -30
echo "---BASH INCLUDE CHECK---"
# Look for the bash section around calendar include flag
rg -n -A3 -B3 "include.*event|all deadlines" src/cli/commands/completion.ts
echo "---TOTAL SECTIONS---"
# Count how many completion script generators exist (bash/zsh/fish)
rg -n "^function generate|^export function generate|generateBash|generateZsh|generateFish" src/cli/commands/completion.ts

Length of output: 2458

---

🏁 Script executed:

#!/bin/bash
# Look at the bash completion section for calendar to check if --include needs 'scheduled' there too
sed -n '90,293p' src/cli/commands/completion.ts | grep -n "include\|calendar\|deadlines\|reminders"
echo "---FULL BASH CALENDAR SECTION---"
# Extract the bash script generator and look for calendar-related completions
rg -n "include\|calendar\|deadlines\|reminders\|events\|scheduled" src/cli/commands/completion.ts | grep -v "^664:\|^1439:"

Length of output: 865

---

@unbraind: Here is the review of PR #38.

---

Review Summary

The PR is well-structured and thoroughly verified. Five distinct areas are changed — all with regression tests. No critical issues were found.

---

src/cli/registration-helpers.ts — Sentry PM-CLI-T crash fix ✅

The fallback chain optsWithGlobals → opts → {} is the right defensive strategy. When the fully-empty {} branch is hit, the returned GlobalOptions will have path: undefined, json: undefined, etc. — which is a safe default since callers downstream handle these as optional. The implementation is clean.

---

src/cli/commands/create.ts + update.ts — equal event timestamp guidance ✅

The improved error message ("equal start/end timestamps are invalid. Omit end for an instant event or set end later than start.") is clearly actionable. Both parseEvents (create) and parseEventEntries (update) are updated in sync.

---

src/cli/commands/create.ts — buildChangedFields body omission ✅

...(body.length > 0 ? ["body"] : []),

body is typed as string and the caller passes body directly, so the .length check is safe. The signature change (body: string added as second parameter) is correctly threaded through the single call site at the bottom of runCreate.

---

packages/pm-calendar + completion.ts — scheduled alias alignment ✅

Both .ts and compiled .js in the calendar package are updated together. Zsh (line 664) and fish (line 1439) completions both receive scheduled. The bash completion generator (generateBashScript) uses a compgen-based approach that only completes flag names, not their enumerated values — so no bash change is needed, and nothing was missed.

---

tests/unit/registration-helpers.spec.ts — new file ⚠️ Minor nit

The first test's name is slightly misleading:

it("uses resolved global options when command-like objects lack commander globals", () => {
  const command = { opts: () => ({ json: true, quiet: true, path: ".pm" }) } as unknown as Command;
  // ...

No resolved globals are set here — this is testing the opts() fallback path, not the setResolvedGlobalOptions path (which is covered by the second test). Consider renaming to something like "falls back to opts() for command-like objects without optsWithGlobals" to make the two test cases clearly distinct.

---

.agents/pm/ — history/metadata sanitization ✅

The history_redact entries are no-ops (before_hash === after_hash) as expected for redaction events that only rewrote earlier entries, with the subsequent docs_add/update_audit operations carrying the actual sanitized data. The diff in pm-h4zb.jsonl and pm-5jw8.jsonl is consistent with the PR objective of removing private local-ops wording from tracked evidence.

---

Overall: The implementation is correct, all five fixes are independently tested, 100% coverage is maintained per the release gate evidence, and the Sentry issue is confirmed resolved. The one actionable item is the minor test name nit above — up to you whether to rename before merging.

[gemini-code-assist]

Code Review

This pull request implements several CLI polish items and bug fixes. It adds a scheduled option to the calendar command's --include flag and updates shell completions accordingly. The create command was updated to avoid reporting body in changed_fields when it is empty, and error messages for invalid event timestamps were made more descriptive. Additionally, a fallback was added to getGlobalOptions to prevent crashes when optsWithGlobals is unavailable. Review feedback suggests simplifying the implementation of this fallback using optional chaining.

I am having trouble creating individual review comments. Click here to see my feedback.

src/cli/registration-helpers.ts (62-70)

The logic for retrieving options can be simplified using optional chaining and the nullish coalescing operator, which improves readability and reduces verbosity.

const opts = (command as any).optsWithGlobals?.() ?? (command as any).opts?.() ?? {};

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/pm/history/pm-rnpb.jsonl:
- Around line 429-441: The commit directly modified the system-of-record file
.agents/pm/history/pm-rnpb.jsonl (entries added/replaced) which violates the
rule that .agents/pm/** must be updated only via the pm command; revert these
direct edits to pm-rnpb.jsonl to the prior state and remove the patch/appended
entries, then reapply any needed changes by running the approved CLI flow (pm
<appropriate subcommand> or the documented pm workflow) so the system properly
updates metadata/comments/files/tests; specifically restore the previous
pm-rnpb.jsonl content and perform the updates via the pm command rather than
editing .agents/pm/history/pm-rnpb.jsonl manually.

In @.agents/pm/issues/pm-h4zb.toon:
- Around line 2-3: This change directly edited the system-of-record `.agents/pm`
entry (`.agents/pm/issues/pm-h4zb.toon`) which is forbidden; revert the manual
edits and reapply the intended updates by running the PM workflow/tooling (use
the PM commands that generate `.agents/pm` artifacts), regenerate the files so
the modified content (the hardened secret-scan rules and local-only note) is
produced by the toolchain, and commit the generated artifacts instead of
hand-editing—also ensure any related lines referenced (lines around 9-15 and 21)
are handled through the same PM tooling rather than manual changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 665133b2-fe6f-4eb9-8560-61340bcf4f01

📥 Commits

Reviewing files that changed from the base of the PR and between 5fa8e57 and 7998323.

📒 Files selected for processing (20)

• .agents/pm/chores/pm-5jw8.toon
• .agents/pm/chores/pm-5k2w.toon
• .agents/pm/features/pm-rnpb.toon
• .agents/pm/history/pm-5jw8.jsonl
• .agents/pm/history/pm-5k2w.jsonl
• .agents/pm/history/pm-h4zb.jsonl
• .agents/pm/history/pm-rnpb.jsonl
• .agents/pm/issues/pm-h4zb.toon
• packages/pm-calendar/extensions/calendar/index.js
• packages/pm-calendar/extensions/calendar/index.ts
• src/cli/commands/completion.ts
• src/cli/commands/create.ts
• src/cli/commands/event-validation-messages.ts
• src/cli/commands/update.ts
• src/cli/registration-helpers.ts
• tests/integration/release-readiness-runtime.spec.ts
• tests/unit/completion-command.spec.ts
• tests/unit/create-command.spec.ts
• tests/unit/registration-helpers.spec.ts
• tests/unit/update-command.spec.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not commit direct edits under .agents/pm system-of-record files.

These appended history entries directly modify .agents/pm/history/pm-rnpb.jsonl, which violates repository process rules. Please revert these direct file edits and apply updates only through the approved pm command flow that manages system-of-record artifacts.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-rnpb.jsonl around lines 429 - 441, The commit directly
modified the system-of-record file .agents/pm/history/pm-rnpb.jsonl (entries
added/replaced) which violates the rule that .agents/pm/** must be updated only
via the pm command; revert these direct edits to pm-rnpb.jsonl to the prior
state and remove the patch/appended entries, then reapply any needed changes by
running the approved CLI flow (pm <appropriate subcommand> or the documented pm
workflow) so the system properly updates metadata/comments/files/tests;
specifically restore the previous pm-rnpb.jsonl content and perform the updates
via the pm command rather than editing .agents/pm/history/pm-rnpb.jsonl
manually.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not directly modify .agents/pm records.

This file was edited directly, but .agents/pm is designated as the system of record and must be updated via the PM workflow/tooling instead of manual file edits. Please regenerate these changes through the PM commands and commit the resulting artifacts.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

Also applies to: 9-15, 21-21

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/issues/pm-h4zb.toon around lines 2 - 3, This change directly
edited the system-of-record `.agents/pm` entry
(`.agents/pm/issues/pm-h4zb.toon`) which is forbidden; revert the manual edits
and reapply the intended updates by running the PM workflow/tooling (use the PM
commands that generate `.agents/pm` artifacts), regenerate the files so the
modified content (the hardened secret-scan rules and local-only note) is
produced by the toolchain, and commit the generated artifacts instead of
hand-editing—also ensure any related lines referenced (lines around 9-15 and 21)
are handled through the same PM tooling rather than manual changes.

[unbraind]

Review follow-up: I reviewed Gemini Code Assist suggestion to simplify getGlobalOptions with optional chaining and any casts. I am keeping the explicit CommandOptionsReader helper because it addresses Sourcery’s maintainability feedback without reintroducing any, while preserving the same fallback behavior. No code change needed.

[unbraind]

Review follow-up on remaining comments: Sourcery body changed_fields comment was checked and intentionally left as body.length because this fix only omits the default empty body; explicit whitespace body content remains user-supplied content. CodeRabbit .agents/pm findings are false positives: pm-rnpb entries were generated by pm CLI operations during this run, and pm-h4zb was generated via history-redact plus update-audit; pm history pm-h4zb --verify reports ok=true. I did not revert valid system-of-record history.