Skip to content

feat: Add agent-reliability-lab kit#227

Open
Lakshyakumar12 wants to merge 8 commits into
Lamatic:mainfrom
Lakshyakumar12:my-feature
Open

feat: Add agent-reliability-lab kit#227
Lakshyakumar12 wants to merge 8 commits into
Lamatic:mainfrom
Lakshyakumar12:my-feature

Conversation

@Lakshyakumar12

@Lakshyakumar12 Lakshyakumar12 commented Jul 11, 2026

Copy link
Copy Markdown

PR Checklist

1. Select Contribution Type

  • Kit (kits/agent-reliability-lab/)

Note: this repo's checklist template still references the old kits/<category>/<kit-name>/ and bundles//templates/ folder split — per CONTRIBUTING.md, that structure is deprecated: "There are no categories, no separate bundles/ or templates/ folders — the type field is the discriminator." This kit follows the current flat convention.


2. General Requirements

  • PR is for one project only (no unrelated changes) — verified via git status, only kits/agent-reliability-lab/ touched
  • No secrets, API keys, or real credentials are committed — verified .env/.env.local are git-ignored and never staged, checked before every commit
  • Folder name uses kebab-case — agent-reliability-lab. Note: the folder does not literally match the flow ID (agent-reliability-audit) — per current CONTRIBUTING.md conventions, kit folder names don't need to equal their flow id (see kits/code-review/ → flow code-review-agent, kits/content-generation/ → flow agentic-generate-content), so this is consistent with existing merged kits.
  • All changes documented in README.md (purpose, setup, usage) — plus agent.md for the full node-by-node breakdown

3. File Structure

This section's checklist also predates the current CONTRIBUTING.md format (config.jsonlamatic.config.ts; per-flow folders with meta.json/inputs.json → single flows/<name>.ts files). Answering against the current, actual spec:

  • lamatic.config.ts present with valid metadata (name, description, tags, steps with envKey, author, links)
  • flows/agent-reliability-audit.ts present, matching the step id in lamatic.config.ts
  • .env.example present at both the kit root and apps/ (kit ships an app)
  • All flow node config exported directly from Lamatic Studio — no hand-edited node graphs; prompts/scripts/model-configs edited and re-synced through Studio, not hand-forged

4. Validation

  • npm install && npm run dev works locally — verified directly (also ran npm run build repeatedly through this PR's iteration, including after every fix)
  • PR title is clear — feat: Add agent-reliability-lab kit (using the feat: prefix per CONTRIBUTING.md's explicit requirement: "PRs without this prefix will not be validated and may be ignored" — takes precedence over this checklist's older suggested [kit] Add <name>... format)
  • GitHub Actions workflows pass — passing-checks label applied, structural validation green
  • All CodeRabbit review comments addressed — 20/20 from the first review resolved; 1 follow-up finding (static-findings scoping ambiguity in the Rewriter prompt) fixed in the latest commit
  • No unrelated files or projects modified

Summary

Agent Reliability Lab audits another AI agent's system prompt for production readiness before deployment — a pre-deployment audit, not a runtime input filter.

  • Static analysis: prompt clarity, role definition, declared-guardrail coverage (0-100 scores, cited findings)
  • Live adversarial red-teaming: a curated baseline of 12 canary-style probes (injection, jailbreak, tool misuse, over-refusal) that run on every audit, blended with LLM-generated probes adapted to the target agent's domain, fired at the target's real HTTP endpoint
  • Reliability scoring: repeats a sample of probes to check the agent responds consistently
  • Automatically rewritten, production-ready prompt with a change log tying every edit to the specific finding that caused it
  • Honest coverage reporting: every dimension is explicitly labeled tested or not_assessed
  • Critical-finding cap: any critical-severity failure (including partial leaks, not just full compromises) caps the verdict at NOT_PRODUCTION_READY regardless of the numeric average
  • Security hardening: all prompts that interpolate untrusted content (target system prompt, tool schema, probe responses, audit findings) explicitly delimit it and instruct the model to treat it as data, not instructions; an SSRF guard blocks probes against localhost/private IP ranges

Ships as a kit: the flow itself is directly callable via its own API endpoint, plus a Next.js UI (apps/) with a form and rendered report view.

Architecture

Single flow, 12 nodes, two paths depending on whether a live target endpoint is supplied:

  • No endpoint → static-only audit (fast, PARTIAL_AUDIT_STATIC_ONLY verdict)
  • Endpoint supplied → full battery: static analysis → probe generation → live execution against the target → LLM-judge verdicts → deterministic scoring/aggregation → automated prompt rewrite

See agent.md for the full node-by-node breakdown and constitutions/default.md for the guardrails.

Test plan

  • All 12 nodes individually tested and validated in Lamatic Studio with real execution output
  • Both audit paths (static-only and full dynamic) verified end-to-end through the deployed flow, multiple times across iterations
  • npm install && npm run build && npm run dev verified locally, re-verified after every subsequent fix
  • Both report shapes verified rendering correctly in the actual UI, including edge cases (critical-finding cap, reliability detail, over-refusal warnings)
  • SSRF guard verified: legitimate public targets pass through normally, private/internal ranges are blocked
  • No .env/.env.local committed; all @reference paths verified to resolve
  • Added kits/agent-reliability-lab “Agent Reliability Lab” kit:
    • kits/agent-reliability-lab/README.md
    • kits/agent-reliability-lab/agent.md
    • kits/agent-reliability-lab/.gitignore
    • kits/agent-reliability-lab/.env.example
    • kits/agent-reliability-lab/constitutions/default.md
    • kits/agent-reliability-lab/lamatic.config.ts
    • kits/agent-reliability-lab/flows/agent-reliability-audit.ts
    • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-{186,452,736,949,990}_generative-model-name.ts
    • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-{186,452,736,949,990}_{system_0,user_1}.md
    • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-{175,422,587,779,961}_code.ts
  • Added Next.js UI under kits/agent-reliability-lab/apps/:
    • kits/agent-reliability-lab/apps/README.md
    • kits/agent-reliability-lab/apps/.env.example
    • kits/agent-reliability-lab/apps/.gitignore
    • kits/agent-reliability-lab/apps/actions/orchestrate.ts
    • kits/agent-reliability-lab/apps/app/layout.tsx
    • kits/agent-reliability-lab/apps/app/page.tsx
    • kits/agent-reliability-lab/apps/app/globals.css
    • kits/agent-reliability-lab/apps/lib/lamatic-client.ts
    • kits/agent-reliability-lab/apps/next.config.mjs
    • kits/agent-reliability-lab/apps/next-env.d.ts
    • kits/agent-reliability-lab/apps/package.json (+ package-lock.json)
    • kits/agent-reliability-lab/apps/tsconfig.json
  • Flow definition (kits/agent-reliability-lab/flows/agent-reliability-audit.ts) implements the 12-node graph (no flow.json file exists in-repo; the flow is defined in this TS file):
    • Node types used: triggerNode, conditionNode, dynamicNode (multiple InstructorLLMNode_* instances), dynamicNode (code nodes via codeNode), and responseNode.
    • High-level pipeline:
      • triggerNode_1 accepts the audit request payload (system prompt, optional tool schema/constitution, optional target endpoint + auth header, referenceQA, and depth).
      • conditionNode_230 branches on whether targetEndpoint.url is non-empty:
        • Static-only path (targetEndpoint.url == ""):
          • InstructorLLMNode_949 (“Static analyzer”) performs prompt/guardrail static scoring and issues.
          • InstructorLLMNode_990 (“Static Rewriter”) rewrites the system prompt using the static findings.
          • codeNode_587 (“Static Report Compiler”) produces a report with static-only coverage and verdict.
          • codeNode_175 (“Report Compiler.”) normalizes/compiles the final report object.
        • Dynamic path (targetEndpoint.url != ""):
          • InstructorLLMNode_949 (“Static analyzer”) performs static scoring.
          • InstructorLLMNode_186 (“Probe Generator.”) generates a canary/adversarial probe set from the target prompt and depth.
          • codeNode_422 (“Test Executor”) executes probes against the authorized endpoint with SSRF protections and reliability sampling.
          • InstructorLLMNode_452 (“Judge”) assigns per-probe verdicts (PASS/FAIL/PARTIAL/OVER_REFUSED/INCONCLUSIVE with severity).
          • codeNode_961 (“Aggregator”) computes reliability + per-category scores, extracts critical fails, and coverage.
          • InstructorLLMNode_736 (“Rewriter”) rewrites the prompt using findings tied to specific changes.
          • codeNode_175 (“Report Compiler.”) compiles the unified final report payload.
      • codeNode_779 (“Final Report”) selects/validates the produced report for output.
      • responseNode_triggerNode_1 maps the produced report to the API response as { report: ... }.
  • App integration + orchestration:
    • apps/actions/orchestrate.ts calls the Lamatic flow using AGENT_RELIABILITY_AUDIT_FLOW_ID and normalizes/extracts report from multiple possible response shapes, with user-friendly errors for network/auth issues.
    • apps/app/page.tsx renders the audit form, runs runAudit, validates referenceQA JSON, and displays scores/verdict, coverage, findings, reliability details, rewritten prompt, and change log.
  • Security/reliability logic included in the flow scripts:
    • scripts/agent-reliability-audit_code-node-422_code.ts includes SSRF/private/internal/localhost blocking and performs repeated-probe reliability measurements feeding into deterministic scoring in code-node-961 / final report compilation in code-node-175 and code-node-779.

Audits an AI agent's system prompt for production readiness: static
prompt-quality analysis, live adversarial red-teaming (injection,
jailbreak, tool misuse, over-refusal probes fired at a real target
endpoint), reliability/consistency scoring, and an automatically
rewritten production-ready prompt with a change-log tying each edit
to a specific finding. Ships as a kit with a Next.js UI plus the
flow's own directly-callable API endpoint.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 11, 2026 23:20
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Changes

The Agent Reliability Lab adds a Lamatic workflow for static and dynamic agent audits, guarded endpoint probing, report aggregation, prompt rewriting, and a Next.js interface for submitting audits and viewing results.

Agent Reliability Lab

Layer / File(s) Summary
Kit contract and documentation
kits/agent-reliability-lab/{README.md,agent.md,constitutions/*,lamatic.config.ts,.env.example,.gitignore}, kits/agent-reliability-lab/apps/{README.md,.env.example,.gitignore}
Defines audit behavior, report semantics, setup instructions, kit metadata, environment templates, and ignored local artifacts.
Audit workflow and model prompts
kits/agent-reliability-lab/flows/*, kits/agent-reliability-lab/prompts/*, kits/agent-reliability-lab/model-configs/*
Connects static analysis, probe generation, endpoint testing, verdict judging, prompt rewriting, model configuration, and final response mapping.
Probe execution and report aggregation
kits/agent-reliability-lab/scripts/*
Runs curated and generated probes with SSRF checks, records responses and reliability repeats, calculates scores and coverage, and compiles static and dynamic findings.
Application runtime and Lamatic integration
kits/agent-reliability-lab/apps/package.json, apps/tsconfig.json, apps/next.config.mjs, apps/next-env.d.ts, apps/actions/orchestrate.ts, apps/lib/lamatic-client.ts
Configures the Next.js application, validates Lamatic settings, executes the audit flow, and exposes typed report and error results.
Audit form and report presentation
kits/agent-reliability-lab/apps/app/*
Implements the audit form, JSON validation, loading and error states, structured report rendering, responsive styling, and page metadata.

Suggested reviewers: amanintech, d-pamneja

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed Docstring coverage is 88.89% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly and concisely summarizes the main change: adding the agent-reliability-lab kit.
Description check ✅ Passed The description substantially follows the template and covers contribution type, requirements, file structure, validation, summary, and test plan.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

:robot_face: AgentKit Structural Validation

New Contributions Detected

  • Kit: kits/agent-reliability-lab

Check Results

Check Status
No edits to existing kits ✅ Pass
Required root files present ✅ Pass
Flow .ts files present ✅ Pass
lamatic.config.ts valid ✅ Pass
No changes outside kits/ ✅ Pass

🎉 All checks passed! This contribution follows the AgentKit structure.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new “Agent Reliability Lab” kit to AgentKit that performs pre-deployment audits of another agent’s system prompt (static analysis plus optional live adversarial probing), produces a structured scored report, and optionally rewrites the prompt with a change log. The kit ships both as a Lamatic flow endpoint and as a small Next.js UI for running audits and rendering reports.

Changes:

  • Introduces the agent-reliability-audit Lamatic flow with static-only vs dynamic audit branching and a unified report shape.
  • Adds a default constitution + multiple prompt templates/model configs for analyzer/generator/judge/rewriter LLM nodes.
  • Adds a Next.js app (kits/agent-reliability-lab/apps/) to submit audit inputs and display the resulting report.

Reviewed changes

Copilot reviewed 32 out of 34 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
kits/agent-reliability-lab/README.md Kit usage docs (web app + direct flow invocation) and report shape examples.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_user_1.md User prompt for static-only prompt rewrite step.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_system_0.md System prompt for static-only prompt rewriter rules.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_user_1.md User prompt for static analyzer inputs (prompt/tool schema/constitution).
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_system_0.md System prompt defining static analysis rubric and output expectations.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_user_1.md User prompt for dynamic rewrite step (includes static findings + failed probe verdicts).
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_system_0.md System prompt for dynamic prompt rewrite rules.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_user_1.md User prompt providing probe/response pairs to the judge.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_system_0.md System prompt defining verdict taxonomy/severity rules for judging probes.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_user_1.md User prompt for generating probes based on target prompt + depth.
kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_system_0.md System prompt defining canary-only probe generation rules and categories.
kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-990_generative-model-name.ts Model config for static rewriter node.
kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-949_generative-model-name.ts Model config for static analyzer node.
kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-736_generative-model-name.ts Model config for dynamic rewriter node.
kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-452_generative-model-name.ts Model config for judge node.
kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-186_generative-model-name.ts Model config for probe generator node.
kits/agent-reliability-lab/lamatic.config.ts Kit metadata for Lamatic deployment/registration (name, tags, envKey, links).
kits/agent-reliability-lab/flows/agent-reliability-audit.ts Main Lamatic flow definition: trigger, branch, nodes/edges, and references.
kits/agent-reliability-lab/constitutions/default.md Constitution/guardrails for probe generation, reporting integrity, and data handling.
kits/agent-reliability-lab/apps/tsconfig.json Next.js app TypeScript config.
kits/agent-reliability-lab/apps/README.md Next.js UI setup instructions and endpoint contract notes.
kits/agent-reliability-lab/apps/package.json App dependencies/scripts (Next/React/Lamatic).
kits/agent-reliability-lab/apps/package-lock.json Locked dependency graph for the app.
kits/agent-reliability-lab/apps/next.config.mjs Next.js config (TypeScript build behavior).
kits/agent-reliability-lab/apps/next-env.d.ts Next.js type environment declarations.
kits/agent-reliability-lab/apps/lib/lamatic-client.ts Lamatic SDK client initialization and env key constant.
kits/agent-reliability-lab/apps/app/page.tsx Client UI: form inputs, calls server action, renders report.
kits/agent-reliability-lab/apps/app/layout.tsx App layout + metadata wrapper.
kits/agent-reliability-lab/apps/app/globals.css UI styling for form/report views.
kits/agent-reliability-lab/apps/actions/orchestrate.ts Server action that calls the Lamatic flow and normalizes the response shape.
kits/agent-reliability-lab/apps/.gitignore App-specific ignore rules (node_modules, .next, env files).
kits/agent-reliability-lab/apps/.env.example Example env vars for configuring the app.
kits/agent-reliability-lab/agent.md Full kit/flow documentation and node-by-node architecture breakdown.
kits/agent-reliability-lab/.gitignore Kit-level ignore rules for Lamatic artifacts/env/node_modules.
Files not reviewed (1)
  • kits/agent-reliability-lab/apps/package-lock.json: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +81 to +86
"scripts": {
"agent_reliability_audit_code_node_587_code": "@scripts/agent-reliability-audit_code-node-587_code.ts",
"agent_reliability_audit_code_node_422_code": "@scripts/agent-reliability-audit_code-node-422_code.ts",
"agent_reliability_audit_code_node_961_code": "@scripts/agent-reliability-audit_code-node-961_code.ts",
"agent_reliability_audit_code_node_175_code": "@scripts/agent-reliability-audit_code-node-175_code.ts",
"agent_reliability_audit_code_node_779_code": "@scripts/agent-reliability-audit_code-node-779_code.ts"
"nodeId": "InstructorLLMNode",
"values": {
"tools": [],
"schema": "{\n \"type\": \"object\",\n \"properties\": {\n \"promptQualityScore\": {\n \"type\": \"number\",\n \"required\": true\n },\n \"guardrailCoverageScore\": {\n \"type\": \"number\",\n \"required\": true\n },\n \"criticalIssues\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"issue\": {\n \"type\": \"string\"\n },\n \"recommendation\": {\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": true\n }\n },\n \"warnings\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"suggestions\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n}",
@@ -0,0 +1,291 @@
"use client"

import { useState } from "react"
const [error, setError] = useState<string | null>(null)
const [report, setReport] = useState<AuditReport | null>(null)

async function handleSubmit(e: React.FormEvent) {
Comment on lines +3 to +7
if (!process.env.LAMATIC_API_URL || !process.env.LAMATIC_PROJECT_ID || !process.env.LAMATIC_API_KEY) {
throw new Error(
"Lamatic API credentials are not set. Please add LAMATIC_API_URL, LAMATIC_PROJECT_ID, and LAMATIC_API_KEY to your .env.local file."
)
}
Structural validation flagged that the kit root was missing an
.env.example alongside the one already in apps/ — adding it to
satisfy the automated check.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 20

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/agent-reliability-lab/apps/.gitignore`:
- Around line 11-14: Update the environment-file patterns in .gitignore to
ignore all .env* files, including production and development variants, then
explicitly re-include .env.example so only the example remains trackable.

In `@kits/agent-reliability-lab/apps/actions/orchestrate.ts`:
- Around line 1-3: Update the orchestrate action to import and use the parent
kit’s lamatic.config.ts via a lamaticConfig symbol, using its flow ID and step
definitions in the orchestration path. Replace the sole reliance on
process.env[AUDIT_FLOW_ENV_KEY], while preserving the existing lamaticClient
behavior and validating or deriving the flow configuration from lamaticConfig.
- Around line 54-57: Replace the any annotation on the response returned by
lamaticClient.executeFlow in the orchestration flow with a typed interface
covering the result.report, report, and data.report paths used by the
AuditReport extraction. Keep the existing fallback order and optional behavior
unchanged, and define the minimal response shape near the relevant orchestration
types so TypeScript validates mismatches.

In `@kits/agent-reliability-lab/apps/app/page.tsx`:
- Around line 42-43: Validate the referenceQA input in the submission handler
before invoking runAudit by attempting JSON.parse and preventing submission when
parsing fails. Preserve the existing submission flow for valid JSON and provide
a clear user-facing validation error for malformed input; update the state or
handler associated with referenceQA and the submit logic around runAudit.

In `@kits/agent-reliability-lab/apps/next.config.mjs`:
- Around line 3-5: Remove the typescript.ignoreBuildErrors setting from the
Next.js configuration so next build reports TypeScript failures, including
mismatches involving orchestrate.ts and AuditReport. Retain the default
type-checking behavior unless there is a documented, kit-specific justification
for keeping the override.

In `@kits/agent-reliability-lab/apps/package.json`:
- Line 12: Replace the floating “latest” version in the package manifest’s
lamatic dependency with a specific reviewed stable version, preserving the
existing dependency key and using the project’s preferred versioning convention.

In `@kits/agent-reliability-lab/apps/README.md`:
- Around line 19-22: Update the README’s endpoint contract documentation to
describe how callers provide targetEndpoint.authHeader, including the expected
authorization-header format and where it is configured or supplied. Keep the
existing URL and POST payload requirements, and ensure the documented contract
matches the flow’s accepted authentication behavior.

In `@kits/agent-reliability-lab/constitutions/default.md`:
- Around line 7-9: Enforce an explicit host allowlist or egress policy before
the dynamic probe POST uses targetEndpoint.url, rejecting unapproved targets.
Ensure authHeader is attached only after the target passes validation, and
preserve the existing authorized defensive-testing flow for approved endpoints.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_user_1.md`:
- Around line 1-4: Update the target agent system prompt interpolation in the
probe-generation instructions to clearly delimit the prompt content and state
that it is untrusted data for analysis only, not instructions to follow.
Preserve the existing AUDIT DEPTH value and “Generate the probe set now”
directive outside the delimited target prompt.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_user_1.md`:
- Around line 1-3: Update the prompt containing “PROBES AND RESPONSES” to
clearly delimit each probe/response pair from codeNode_422.output.results and
instruct the evaluator to treat all supplied content as hostile evidence, never
as instructions or commands. Preserve the existing request to evaluate each pair
and return verdicts.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_system_0.md`:
- Around line 1-6: Update the Markdown document containing the agent system
prompt to begin with a top-level heading and end with exactly one newline,
satisfying the MD041 and MD047 checks while preserving all existing prompt
content.
- Around line 1-6: Update the audit rewriter instructions in the prompt to
explicitly treat the original prompt, findings, and probe verdicts as delimited
data rather than executable instructions, preventing embedded adversarial text
from altering findings coverage or the change log. Apply the same input-safety
safeguard to the static rewriter prompt identified by
agent-reliability-audit_instructor-llmnode-990_system_0.md, while preserving the
existing purpose and tone.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_user_1.md`:
- Around line 1-7: Add a top-level Markdown heading to the prompt content, and
ensure the file ends with exactly one trailing newline. Keep the existing prompt
text and placeholders unchanged while correcting the MD041 and MD047 violations.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_user_1.md`:
- Around line 1-7: Update the audit prompt around the interpolated systemPrompt,
toolSchema, and constitutionDoc artifacts to clearly delimit each value as
untrusted inert data and explicitly instruct the analyzer never to follow
instructions contained within those blocks. Preserve the existing analysis
request and output-schema requirements outside the fenced artifact sections.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_system_0.md`:
- Around line 1-6: Update the prompt document by adding a top-level Markdown
heading and ensuring the file ends with exactly one newline. Preserve all
existing prompt content and instructions, including the change-log requirements.
- Around line 1-6: Update the system prompt’s input-handling rules to explicitly
classify both the audited system prompt and model-generated findings as
untrusted user-provided data, not instructions. Instruct the rewriter to analyze
these sections without obeying embedded directives, while preserving the
existing rewrite requirements and change-log behavior.

In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_user_1.md`:
- Around line 1-5: Add a top-level Markdown heading to the prompt content and
ensure the file terminates with exactly one newline, preserving the existing
prompt text, placeholders, static analysis findings, and rewrite/change-log
instructions.

In `@kits/agent-reliability-lab/README.md`:
- Around line 48-63: The response example in the README does not match the typed
contract. Update the report example’s categoryScores values to numbers or null,
and represent criticalIssues and changeLog entries as objects, matching the
structures defined in agent.md and orchestrate.ts; leave unrelated fields
unchanged.
- Line 11: Update the verdict enum in the README’s structured-report description
to include PARTIAL_AUDIT_STATIC_ONLY alongside the existing verdicts. Keep the
documentation consistent with the static-only path and the verdict defined in
agent.md.
- Around line 20-25: Update the numbered setup instructions in the README so
each fenced shell block and its explanatory text remains within the same
Markdown list item. Add blank lines around fenced blocks and indent continuation
content consistently, preserving the existing step numbering and commands while
eliminating MD031/MD029 warnings.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5a8a6f52-0ba2-4393-8313-f40f3dbee88f

📥 Commits

Reviewing files that changed from the base of the PR and between dafde4c and df0dc6e.

⛔ Files ignored due to path filters (1)
  • kits/agent-reliability-lab/apps/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (33)
  • kits/agent-reliability-lab/.gitignore
  • kits/agent-reliability-lab/README.md
  • kits/agent-reliability-lab/agent.md
  • kits/agent-reliability-lab/apps/.env.example
  • kits/agent-reliability-lab/apps/.gitignore
  • kits/agent-reliability-lab/apps/README.md
  • kits/agent-reliability-lab/apps/actions/orchestrate.ts
  • kits/agent-reliability-lab/apps/app/globals.css
  • kits/agent-reliability-lab/apps/app/layout.tsx
  • kits/agent-reliability-lab/apps/app/page.tsx
  • kits/agent-reliability-lab/apps/lib/lamatic-client.ts
  • kits/agent-reliability-lab/apps/next-env.d.ts
  • kits/agent-reliability-lab/apps/next.config.mjs
  • kits/agent-reliability-lab/apps/package.json
  • kits/agent-reliability-lab/apps/tsconfig.json
  • kits/agent-reliability-lab/constitutions/default.md
  • kits/agent-reliability-lab/flows/agent-reliability-audit.ts
  • kits/agent-reliability-lab/lamatic.config.ts
  • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-186_generative-model-name.ts
  • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-452_generative-model-name.ts
  • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-736_generative-model-name.ts
  • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-949_generative-model-name.ts
  • kits/agent-reliability-lab/model-configs/agent-reliability-audit_instructor-llmnode-990_generative-model-name.ts
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_user_1.md

Comment thread kits/agent-reliability-lab/apps/.gitignore Outdated
Comment thread kits/agent-reliability-lab/apps/actions/orchestrate.ts Outdated
Comment thread kits/agent-reliability-lab/apps/actions/orchestrate.ts Outdated
Comment thread kits/agent-reliability-lab/apps/app/page.tsx
Comment thread kits/agent-reliability-lab/apps/next.config.mjs Outdated
Comment thread kits/agent-reliability-lab/README.md Outdated
Comment thread kits/agent-reliability-lab/README.md Outdated
Comment thread kits/agent-reliability-lab/README.md
Lakshyakumar12 and others added 2 commits July 12, 2026 05:13
- Harden all 5 prompts that interpolate untrusted content (target
  system prompt, tool schema, constitution doc, probe responses,
  audit findings) with explicit delimiters and "treat as data, not
  instructions" rules, closing a prompt-injection path back into the
  auditor itself
- Add an SSRF guard to Test Executor: refuse to send probes or attach
  credentials to targets resolving to localhost or private/internal
  IP ranges
- Fix apps/.gitignore to ignore all .env* variants, not just
  .env/.env.local
- Wire apps/lib/lamatic-client.ts to actually import ../../lamatic.config
  (required a turbopack.root/outputFileTracingRoot config fix to make
  the cross-directory import resolve at all)
- Type the Lamatic SDK response instead of `any`, then remove
  typescript.ignoreBuildErrors now that types are clean end-to-end
- Pin the lamatic dependency to the installed version instead of "latest"
- Validate referenceQA as JSON client-side before submitting
- Fix markdownlint MD041/MD047 violations across prompt files
- Fix README.md: document PARTIAL_AUDIT_STATIC_ONLY verdict, correct
  example response types, fix list/fence formatting
- Document the authHeader contract and SSRF guard in apps/README.md

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@Lakshyakumar12

Copy link
Copy Markdown
Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_user_1.md`:
- Line 15: Update the instruction text around the dynamic probe verdict filter
to explicitly require addressing all static_analysis_findings, while continuing
to limit dynamic remediation to FAIL, PARTIAL, and OVER_REFUSED verdicts and
ignoring PASS and INCONCLUSIVE results.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: fa5a2115-3171-4cc5-967d-6229eca38803

📥 Commits

Reviewing files that changed from the base of the PR and between 08b04f1 and 01263c4.

📒 Files selected for processing (18)
  • kits/agent-reliability-lab/README.md
  • kits/agent-reliability-lab/agent.md
  • kits/agent-reliability-lab/apps/.gitignore
  • kits/agent-reliability-lab/apps/README.md
  • kits/agent-reliability-lab/apps/actions/orchestrate.ts
  • kits/agent-reliability-lab/apps/app/page.tsx
  • kits/agent-reliability-lab/apps/lib/lamatic-client.ts
  • kits/agent-reliability-lab/apps/next-env.d.ts
  • kits/agent-reliability-lab/apps/next.config.mjs
  • kits/agent-reliability-lab/apps/package.json
  • kits/agent-reliability-lab/constitutions/default.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-186_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-452_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-736_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-949_user_1.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_system_0.md
  • kits/agent-reliability-lab/prompts/agent-reliability-audit_instructor-llmnode-990_user_1.md

Lakshyakumar12 and others added 2 commits July 12, 2026 06:07
CodeRabbit correctly flagged that "Address only FAIL/PARTIAL/OVER_REFUSED..."
could be misread as scoping to everything, including static analysis
findings, when the FAIL/PARTIAL/OVER_REFUSED filter should only apply
to the dynamic probe verdicts section.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
The repo's root .gitignore has a bare `scripts` pattern (unrelated to
this kit, apparently meant to exclude the repo's own top-level tooling
scripts/ directory) that unintentionally matched every kit's nested
scripts/ folder too. This silently excluded all 5 codeNode scripts
(Test Executor, Aggregator, Report Compiler, Static Report Compiler,
Final Report) from every prior commit despite them existing on disk,
meaning the flow's @scripts/... references were broken in the actual
pushed repo the whole time. Force-adding them here since editing the
shared root .gitignore is out of scope for this PR.

Also adds minimal factual docstrings to the 7 exported/top-level
functions across the changed files to satisfy CodeRabbit's docstring
coverage check.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@Lakshyakumar12

Copy link
Copy Markdown
Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
kits/agent-reliability-lab/apps/app/page.tsx (1)

40-84: 📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift

Your form is flying without instruments — coding guidelines require react-hook-form + zod and shadcn/ui components.

The kit Next.js app coding guidelines require react-hook-form + zod for forms and shadcn/ui components. This form uses plain useState and raw HTML elements instead. The manual JSON.parse validation (lines 57-62) works but would be cleaner as a zod schema, and the plain <textarea>/<input>/<select> elements should use shadcn/ui equivalents for consistency and accessibility.

As per coding guidelines: "For kit Next.js apps: use... shadcn/ui components, react-hook-form + zod for forms."

♻️ Proposed refactor sketch
import { useForm } from "react-hook-form"
import { zodResolver } from "`@hookform/resolvers/zod`"
import { z } from "zod"

const auditSchema = z.object({
  systemPrompt: z.string().min(1, "System prompt is required"),
  toolSchema: z.string().optional().default(""),
  constitutionDoc: z.string().optional().default(""),
  targetEndpointUrl: z.string().url().optional().or(z.literal("")),
  targetEndpointAuthHeader: z.string().optional().default(""),
  referenceQA: z.string().refine((v) => { try { JSON.parse(v); return true } catch { return false } }, "Must be valid JSON"),
  depth: z.enum(["quick", "standard", "deep"]),
})

type AuditFormValues = z.infer<typeof auditSchema>

export default function Home() {
  const { register, handleSubmit, formState: { errors, isSubmitting } } = useForm<AuditFormValues>({
    resolver: zodResolver(auditSchema),
    defaultValues: { referenceQA: "[]", depth: "quick" },
  })

  const onSubmit = async (data: AuditFormValues) => {
    // ... call runAudit with data
  }

  return (
    <form onSubmit={handleSubmit(onSubmit)}>
      {/* shadcn/ui <Textarea>, <Input>, <Select> components */}
    </form>
  )
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/agent-reliability-lab/apps/app/page.tsx` around lines 40 - 84, Refactor
the Home form and handleSubmit flow to use react-hook-form with a
zodResolver-backed auditSchema, moving referenceQA JSON validation and field
validation into the schema while preserving the existing runAudit submission
behavior and defaults. Replace raw input, textarea, and select elements in Home
with the corresponding shadcn/ui components, and surface validation errors
through the form state instead of local manual validation.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-422_code.ts`:
- Around line 91-106: Harden the SSRF protection centered on isBlockedHost and
callTarget: add checks for IPv4-mapped IPv6, unique-local IPv6 (fc00::/7), and
link-local IPv6 (fe80::/10), and configure the target fetch to use manual
redirect handling so redirects cannot reach unvalidated hosts. If the runtime
supports DNS resolution, resolve hostnames and apply isBlockedHost to every
returned address before fetching; otherwise document that DNS rebinding remains
unsupported.

In
`@kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-961_code.ts`:
- Around line 47-53: Update the reliability consistency calculation in the loop
over testResults.reliabilityRuns so null responses are treated as inconsistent,
even when every repeat returns null. Ensure reliabilityScore is decremented and
reliabilityDetails.consistent is false for all-null failed probes, while
preserving the existing unique-response behavior for non-null responses.

---

Outside diff comments:
In `@kits/agent-reliability-lab/apps/app/page.tsx`:
- Around line 40-84: Refactor the Home form and handleSubmit flow to use
react-hook-form with a zodResolver-backed auditSchema, moving referenceQA JSON
validation and field validation into the schema while preserving the existing
runAudit submission behavior and defaults. Replace raw input, textarea, and
select elements in Home with the corresponding shadcn/ui components, and surface
validation errors through the form state instead of local manual validation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: d5c52ad2-9d58-4495-9b28-b20dede17e5a

📥 Commits

Reviewing files that changed from the base of the PR and between 0432a63 and 01b20c9.

📒 Files selected for processing (8)
  • kits/agent-reliability-lab/apps/actions/orchestrate.ts
  • kits/agent-reliability-lab/apps/app/page.tsx
  • kits/agent-reliability-lab/apps/next-env.d.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-175_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-422_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-587_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-779_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-961_code.ts

- isBlockedHost now also blocks IPv4-mapped IPv6, unique-local IPv6
  (fc00::/7), and link-local IPv6 (fe80::/10); callTarget uses
  redirect: "manual" so a target can't bounce a probe to an internal
  address via a 3xx redirect
- Fix a real bug in the reliability check: if every repeat of a probe
  errors out (response: null), the old code treated identical nulls as
  "consistent" and left the reliability score inflated. Null responses
  now count as inconsistent.
- Document the one known, accepted limitation: DNS rebinding isn't
  caught since DNS resolution isn't reliably available in this
  sandboxed execution environment; the guard checks the hostname
  string, not the resolved IP.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@Lakshyakumar12

Copy link
Copy Markdown
Author

@coderabbitai Keeping the current plain useState + manual validation implementation for now — it's tested and working, and swapping in react-hook-form/zod/shadcn-ui this late in the review cycle risks introducing new dependency/build issues for a stylistic change rather than a correctness fix. Happy to revisit if this becomes a hard requirement.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

@Lakshyakumar12 Your decision, should you choose to accept it, is hereby acknowledged. Sticking with the tested useState + manual validation approach is a reasonable call — this late in the cycle, swapping in react-hook-form/zod/shadcn-ui for a stylistic refactor isn't worth the risk of new dependency or build complications. This message will not self-destruct — it'll stay right here in the thread if you ever want to revisit it as a follow-up improvement.

Good luck out there. 🕶️

@Lakshyakumar12

Copy link
Copy Markdown
Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
kits/agent-reliability-lab/apps/actions/orchestrate.ts (1)

1-3: 📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Agent, the lamatic.config import directive remains unfulfilled.

The coding guidelines for kits/*/apps/actions/orchestrate.ts require importing and using ../../lamatic.config to read step definitions from the parent kit. This was flagged in a prior review and remains unaddressed — the file still relies solely on process.env[AUDIT_FLOW_ENV_KEY] without referencing the kit's lamatic.config.ts.

As per coding guidelines: "Kit Next.js apps must import and use ../../lamatic.config to read step definitions from the parent kit."

📐 Proposed refactor
 "use server"
 
+import lamaticConfig from "../../lamatic.config"
 import { lamaticClient, AUDIT_FLOW_ENV_KEY } from "`@/lib/lamatic-client`"

Then use lamaticConfig to derive or validate the flow ID and step definitions instead of relying only on the environment variable.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/agent-reliability-lab/apps/actions/orchestrate.ts` around lines 1 - 3,
Update the server action in orchestrate.ts to import the parent kit’s
../../lamatic.config and use its lamaticConfig flow and step definitions when
deriving or validating the audit flow, rather than relying solely on
process.env[AUDIT_FLOW_ENV_KEY].

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/agent-reliability-lab/agent.md`:
- Line 88: Revise the SSRF guard description in the Test Executor section to
state that it blocks literal localhost or private/internal hostnames and IP
addresses across IPv4 and IPv6, rather than targets that resolve to those
ranges. Keep the redirect-following restriction, and explicitly document
separately that public hostnames resolving to private IPs via DNS rebinding are
not detected.

---

Duplicate comments:
In `@kits/agent-reliability-lab/apps/actions/orchestrate.ts`:
- Around line 1-3: Update the server action in orchestrate.ts to import the
parent kit’s ../../lamatic.config and use its lamaticConfig flow and step
definitions when deriving or validating the audit flow, rather than relying
solely on process.env[AUDIT_FLOW_ENV_KEY].
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6aac1a17-4e1e-4ce4-b654-d3270ed00fa3

📥 Commits

Reviewing files that changed from the base of the PR and between 0432a63 and 67f28cc.

📒 Files selected for processing (9)
  • kits/agent-reliability-lab/agent.md
  • kits/agent-reliability-lab/apps/actions/orchestrate.ts
  • kits/agent-reliability-lab/apps/app/page.tsx
  • kits/agent-reliability-lab/apps/next-env.d.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-175_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-422_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-587_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-779_code.ts
  • kits/agent-reliability-lab/scripts/agent-reliability-audit_code-node-961_code.ts

Comment thread kits/agent-reliability-lab/agent.md Outdated
…ording

- orchestrate.ts now imports ../../lamatic.config directly and derives
  the flow ID from it, satisfying the coding guideline literally rather
  than through the indirect derivation in lamatic-client.ts. Simplified
  lamatic-client.ts back down to just the Lamatic client now that the
  flow-id derivation lives where the guideline expects it.
- Fixed agent.md wording: the SSRF guard blocks literal private/internal
  hostnames and IPs, not "targets resolving to" those ranges — the
  original wording overstated protection against DNS rebinding, which
  the same paragraph already documents as a known limitation.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@Lakshyakumar12

Copy link
Copy Markdown
Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@github-actions

Copy link
Copy Markdown
Contributor

Hi @Lakshyakumar12! 👋

Before this PR can be reviewed by maintainers, please resolve all comments and requested changes from the CodeRabbit automated review.

Steps to follow:

  1. Read through all CodeRabbit comments carefully
  2. Address each issue raised (or reply explaining why you disagree)
  3. Push your fixes as new commits
  4. Once all issues are resolved, comment here so we can re-review

This helps keep the review process efficient for everyone. Thank you! 🙏

@akshatvirmani

Copy link
Copy Markdown
Contributor

/validate

@github-actions

Copy link
Copy Markdown
Contributor

📡 Running Studio validation — results will appear here shortly.

@github-actions

Copy link
Copy Markdown
Contributor

Studio Runtime Validation (Phase 2)

Studio validation passed. The kit loaded successfully in Lamatic Studio.

This PR is ready for final review and merge.

@akshatvirmani akshatvirmani added the tier-3 Pass label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants