From 424a5de193eaddfaa2913515dfb12a6bb75571d9 Mon Sep 17 00:00:00 2001
From: Jan De Dobbeleer <jan.de.dobbeleer@gmail.com>
Date: Thu, 7 May 2026 08:17:58 +0200
Subject: [PATCH 1/5] fix(ytm): store YTMDA token in device cache

---
 src/cli/auth/ytmda.go      |  2 +-
 src/cli/auth/ytmda_test.go | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/cli/auth/ytmda.go b/src/cli/auth/ytmda.go
index 73262cf7d03d..f2dc3735dcfd 100644
--- a/src/cli/auth/ytmda.go
+++ b/src/cli/auth/ytmda.go
@@ -71,7 +71,7 @@ func (y *Ytmda) Authenticate() {
 		return
 	}
 
-	cache.Set(cache.Session, YTMDATOKEN, token, cache.INFINITE)
+	cache.Set(cache.Device, YTMDATOKEN, token, cache.INFINITE)
 
 	setState(done)
 }
diff --git a/src/cli/auth/ytmda_test.go b/src/cli/auth/ytmda_test.go
index 23e462e91891..20752e19db55 100644
--- a/src/cli/auth/ytmda_test.go
+++ b/src/cli/auth/ytmda_test.go
@@ -80,10 +80,6 @@ func TestYtdma_Authenticate(t *testing.T) {
 			env.On("HTTPRequest", codeURL).Return([]byte(tc.requestCodeResponse), tc.requestCodeError)
 			env.On("HTTPRequest", tokenURL).Return([]byte(tc.requestTokenResponse), tc.requestTokenError)
 
-			if tc.shouldSetToken {
-				cache.Set(cache.Device, YTMDATOKEN, tc.expectedToken, cache.INFINITE)
-			}
-
 			ytmda := &Ytmda{
 				model: model{
 					env: env,
@@ -99,6 +95,12 @@ func TestYtdma_Authenticate(t *testing.T) {
 				assert.Nil(t, ytmda.err)
 			}
 
+			if tc.shouldSetToken {
+				token, ok := cache.Get[string](cache.Device, YTMDATOKEN)
+				require.True(t, ok)
+				assert.Equal(t, tc.expectedToken, token)
+			}
+
 			cache.DeleteAll(cache.Device)
 		})
 	}

From 9c530b93ba09002d93e2aa12fb586d92f819cc33 Mon Sep 17 00:00:00 2001
From: Jan De Dobbeleer <jan.de.dobbeleer@gmail.com>
Date: Thu, 7 May 2026 08:22:27 +0200
Subject: [PATCH 2/5] chore: setup copilot's runspace

---
 .github/github-app.yml                    |  6 +-
 .github/workflows/copilot-setup-steps.yml |  8 ++-
 .gitignore                                |  1 +
 apm.lock                                  | 73 -----------------------
 4 files changed, 12 insertions(+), 76 deletions(-)
 delete mode 100644 apm.lock

diff --git a/.github/github-app.yml b/.github/github-app.yml
index aba786d75e0b..70913d721e92 100644
--- a/.github/github-app.yml
+++ b/.github/github-app.yml
@@ -4,7 +4,11 @@ scripts:
   triggers:
   - session.create
 - name: Restore apm.lock
-  command: git restore apm.lock
+  command: git restore apm.lock.yaml
+  triggers:
+  - session.create
+- name: Install ast-grep-cli
+  command: pip install ast-grep-cli
   triggers:
   - session.create
 automation:
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
index 317d59d58d2d..d316b61d5ce9 100644
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -18,10 +18,14 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Install apm-cli and run apm install
         run: |
           pip install apm-cli
           apm install
-          git restore apm.lock
+          git restore apm.lock.yaml
+
+      - name: Install ast-grep
+        run: |
+          pip install ast-grep-cli
diff --git a/.gitignore b/.gitignore
index e852e600c522..b791c9852fa9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ apm_modules/
 .github/instructions/*
 !.github/skills/segment-create/
 !.github/skills/segment-docs/
+.agents/
 
 # Others
 
diff --git a/apm.lock b/apm.lock
deleted file mode 100644
index 5cda34f2da7f..000000000000
--- a/apm.lock
+++ /dev/null
@@ -1,73 +0,0 @@
-lockfile_version: '1'
-generated_at: '2026-05-04T17:15:32.688004+00:00'
-apm_version: 0.7.7
-dependencies:
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  virtual_path: instructions/golang.instructions.md
-  is_virtual: true
-  package_type: apm_package
-  deployed_files:
-  - .github/instructions/golang.instructions.md
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  virtual_path: instructions/markdown.instructions.md
-  is_virtual: true
-  package_type: apm_package
-  deployed_files:
-  - .github/instructions/markdown.instructions.md
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  virtual_path: instructions/powershell.instructions.md
-  is_virtual: true
-  package_type: apm_package
-  deployed_files:
-  - .github/instructions/powershell.instructions.md
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  resolved_commit: b4e8062eaeef93582bf4cbb86ad4816f37630bb2
-  virtual_path: skills/conventional-commit
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/conventional-commit
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  resolved_commit: b4e8062eaeef93582bf4cbb86ad4816f37630bb2
-  virtual_path: skills/golang
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/golang
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  resolved_commit: b4e8062eaeef93582bf4cbb86ad4816f37630bb2
-  virtual_path: skills/markdown
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/markdown
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  resolved_commit: b4e8062eaeef93582bf4cbb86ad4816f37630bb2
-  virtual_path: skills/powershell
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/powershell
-- repo_url: JanDeDobbeleer/agentic
-  host: github.com
-  resolved_commit: b4e8062eaeef93582bf4cbb86ad4816f37630bb2
-  virtual_path: skills/vale-user-facing-text
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/vale-user-facing-text
-- repo_url: ast-grep/agent-skill
-  host: github.com
-  resolved_commit: 577f4d4507678f2c8cee150fae25e6ce309f70b1
-  virtual_path: ast-grep/skills/ast-grep
-  is_virtual: true
-  package_type: claude_skill
-  deployed_files:
-  - .github/skills/ast-grep

From fc27b00b2d2d183029a13cf7ad51a4f3bfe9fbd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 May 2026 07:10:31 +0000
Subject: [PATCH 3/5] chore(deps): bump axios from 1.15.0 to 1.15.2 in
 /website/api

Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.15.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 website/api/package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/api/package-lock.json b/website/api/package-lock.json
index a027bdf6df40..eb6856b4798a 100644
--- a/website/api/package-lock.json
+++ b/website/api/package-lock.json
@@ -133,9 +133,9 @@
       "license": "MIT"
     },
     "node_modules/axios": {
-      "version": "1.15.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz",
-      "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==",
+      "version": "1.15.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.2.tgz",
+      "integrity": "sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==",
       "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.11",

From 4456200e2a34e203c82d8d13f2d26a5911134f95 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 May 2026 00:11:25 +0000
Subject: [PATCH 4/5] chore(deps): bump ip-address and express-rate-limit in
 /website/api

Bumps [ip-address](https://github.com/beaugunderson/ip-address) and [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit). These dependencies needed to be updated together.

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

Updates `express-rate-limit` from 8.3.0 to 8.5.1
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v8.3.0...v8.5.1)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
- dependency-name: express-rate-limit
  dependency-version: 8.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 website/api/package-lock.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/website/api/package-lock.json b/website/api/package-lock.json
index eb6856b4798a..4c2cf531cb4b 100644
--- a/website/api/package-lock.json
+++ b/website/api/package-lock.json
@@ -473,12 +473,12 @@
       }
     },
     "node_modules/express-rate-limit": {
-      "version": "8.3.0",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.3.0.tgz",
-      "integrity": "sha512-KJzBawY6fB9FiZGdE/0aftepZ91YlaGIrV8vgblRM3J8X+dHx/aiowJWwkx6LIGyuqGiANsjSwwrbb8mifOJ4Q==",
+      "version": "8.5.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz",
+      "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==",
       "license": "MIT",
       "dependencies": {
-        "ip-address": "10.1.0"
+        "ip-address": "^10.2.0"
       },
       "engines": {
         "node": ">= 16"
@@ -757,9 +757,9 @@
       "license": "ISC"
     },
     "node_modules/ip-address": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz",
-      "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz",
+      "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==",
       "license": "MIT",
       "engines": {
         "node": ">= 12"

From f0f5b914951b1db572ab9f2f2420bff6c12bd8b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 May 2026 00:11:30 +0000
Subject: [PATCH 5/5] chore(deps): bump hono from 4.12.14 to 4.12.18 in
 /website/api

Bumps [hono](https://github.com/honojs/hono) from 4.12.14 to 4.12.18.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.14...v4.12.18)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 website/api/package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/api/package-lock.json b/website/api/package-lock.json
index 4c2cf531cb4b..8c7b650667bd 100644
--- a/website/api/package-lock.json
+++ b/website/api/package-lock.json
@@ -706,9 +706,9 @@
       }
     },
     "node_modules/hono": {
-      "version": "4.12.14",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.14.tgz",
-      "integrity": "sha512-am5zfg3yu6sqn5yjKBNqhnTX7Cv+m00ox+7jbaKkrLMRJ4rAdldd1xPd/JzbBWspqaQv6RSTrgFN95EsfhC+7w==",
+      "version": "4.12.18",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.18.tgz",
+      "integrity": "sha512-RWzP96k/yv0PQfyXnWjs6zot20TqfpfsNXhOnev8d1InAxubW93L11/oNUc3tQqn2G0bSdAOBpX+2uDFHV7kdQ==",
       "license": "MIT",
       "engines": {
         "node": ">=16.9.0"