…1, Rails 8.1.2

…tion index

Create ai_mission_templates with JSONB phases, approval_gates, rejection_mappings,
skill_compositions columns. Add mission_template_id and custom_phases to ai_missions.

…solution

Ai::MissionTemplate provides phase sequences, approval gates, rejection mappings,
and gate names. Ai::Mission resolves phases from template with no hardcoded fallback.
RalphTask broadcasts status changes via MissionChannel for real-time updates.

Orchestrator resolves job classes, gate names, and rejection targets from template
phase config. New SkillCompositionService creates RalphLoop tasks from discovered
skills matched to template phases.

…oints

MissionTemplatesController with CRUD. Missions controller gains task_graph,
save_as_template, and compose_plan actions. Routes registered in AI namespace.

…h, operations

…ase types

Add React Flow task graph with RalphTaskNode/ApprovalGateNode, useMissionTaskGraph
hook with real-time WebSocket updates. Clickable PhaseTimeline with phase filtering.
Template selection step in NewMissionWizard. MissionPhase changed to string for
template-driven phases. Workflow Builder demoted in navigation order.

…ites

Add ai_mission_template factory with development/research/operations traits.
Update ai_mission factory to auto-assign templates. Rewrite mission model and
orchestrator specs for template-driven architecture. Stub WorkerJobService in
orchestrator and request specs.

… integration

Implement Situation-Task-Action-Result structured reasoning service that
forces explicit goal articulation before reasoning begins, surfacing
implicit constraints. Wire into AgentToolBridgeService alongside existing
chain-of-thought and plan-and-execute modes. Enhance SkillCompositionService
with STAR-refined phase queries for richer skill discovery. Fix pre-existing
bugs in find_or_create_ralph_loop! (stale loop_type attribute, invalid status).

…composition specs

MCP client agents are now transient — always created fresh per session,
archived on disconnect, and blocked from non-workspace teams. Fixes
stale agent accumulation and prevents misuse in missions/teams.

SSE streams held a checked-out DB connection for their entire lifetime
(hours/days), exhausting the pool and blocking all HTTP requests with
ConnectionTimeoutError. Now releases the connection after setup and
borrows briefly via with_connection for each keepalive ping.

Merge the separate Devops::Repository model into Devops::GitRepository
via 4-stage migration (add columns, migrate data, update FKs, drop table).
Update serializer, controllers, factories, and specs accordingly.

…lients

Delete Ai::Llm::Client, adapter factory, all provider adapters, and
Ai::ProviderClientService with its adapters. Replace with WorkerLlmClient
and WorkerEmbeddingClient that proxy LLM calls through the worker service.
Add AgentBackedService concern for shared proxy plumbing.

Migrate all AI services from direct Ai::Llm::Client / ProviderClientService
calls to WorkerLlmClient and WorkerEmbeddingClient. Services now delegate
LLM completions and embeddings to the worker process via HTTP.

…Service

Delete all server/app/jobs/ai/ job classes and their specs. These jobs
now run in the worker process; the server dispatches them via
WorkerJobService HTTP API calls.

Add internal API controllers for self-healing, ralph loops, trajectory,
and worktree sessions (worker → server callbacks). Update LLM proxy
controller to remove direct completion endpoints. Add provider_config
and embedding_config routes for worker credential resolution.

Add 12 AI job classes relocated from server (conversation, worktree,
ralph, self-healing, trajectory, merge, conflict detection). Expand
LlmProxyClient with direct provider calls using CredentialResolver.
Add AI service layer for worker-side LLM operations. Update Sidekiq
config with AI-specific queues and scheduled jobs.

Update test helpers, factories, and specs to use WorkerLlmClient stubs
instead of direct LLM client mocks. Add WorkerJobService stub helpers.
Update AI service specs for proxy-based LLM calls. Add MCP client
identity service spec.

…se submodule

Minor StepPlanReview UI adjustment, add AI utility agents seed,
update maintenance page, and update enterprise submodule pointer.

Use the repository's default_branch instead of the hardcoded column
default of "main" when creating missions. Prevents branch creation
failures on repos that use master or other default branches.

Add server/config/database.yml.example with pool default of 30.
Track .env.mcp.example, .env.production.example, and
.env.staging.example by adding !.env.*.example negation to
.gitignore. Update RAILS_MAX_THREADS to 10 in all env examples.

…r handling

ExtractionService called client.provider.name on WorkerLlmClient which
has nil provider when initialized with agent_id only — use provider_name
safe accessor instead. StreamableHttpController rescue ArgumentError was
catching parameter validation errors and silently returning null via
introspection fallback — scope to only catch unknown tool errors.

…alidation

Expand .gitleaks.toml allowlist from 12 to 21 path rules and 9 to 18
content regexes to suppress false positives from CI workflows, test
fixtures, seed data, and Docker configs. Add gitleaks as step 4/4 in
validate.sh with --skip-secrets flag. Add on-demand full-history scan
script for security audits across main repo and submodules.

Navigate to mission page with openApproval state flag so the
ApprovalGateModal auto-opens instead of just showing the mission detail

…valuators

Switch evaluators from market orders to limit orders to reduce adverse
spread costs, add stop-loss and take-profit exits across all strategies,
cap spread cost estimate at 2%, and return numeric strength from
classify_spread_strength.

Disable Sidekiq retry to prevent duplicate execution races, add
dispatch sentinel lock to prevent cron/immediate dispatch overlap,
check JID liveness before rejecting locks, and only release locks
still owned by current JID.

…io-scoped credentials

Add enqueue_trading_training_session to WorkerJobService for immediate
session dispatch. Update schema to reflect venue credentials scoped to
portfolio instead of account.

…quest interceptor

Lazy-load PortfolioSwitcherWrapper from trading extension into the
Header when on trading routes. Add addRequestInterceptor to APIClient
for extension-driven request modification (portfolio ID injection).

…odule

Skip cooldown check in llm_probability, agent_ensemble, and sentiment_analysis
when training? is true. Prevents false cooldown blocks in fast-tick training
mode where tick_interval (8s) < cooldown_seconds (15-60s). Exit checks and
position management remain unaffected.

Update trading submodule: settlement bypass, fee deduction, compounding
defaults, backtest pair registration, paper mode, category blacklist fix.

…cher, and job infrastructure

…amable HTTP

…te systemd config

… extraction, and evaluator concerns

… system health

…chain, and system ops

…, supply chain, reconciliation

… billing

…admin pages

…tion

…ty, and testing

Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.39.2 to 10.0.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v10.0.1/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>