fix(feat): initial prd, then openspec specs, for clean room re-impl of augment as part of boost

[gabemontero]

Hey, I just made a Pull Request!

Working of the wealth of specifications, use case documentation, system diagrams, that have been cultivated as part of the augment workspace in rhdh-plugins, we are putting the new RHDH agentic sdlc system, including integration with fullsend, to work to see what kind of alternative implementation if comes up with.

This leveraged

• the rhdh product-managment skill
• various openspec skills
• followed by individual prompting by me based on prior analysis of augment, in conjunction with the use of skills from the rhdh skill repo and the rhdh-ai skills repo

✔️ Checklist

• [n/a ] A changeset describing the change and affected packages. (more info)
• [n/a ] Added or Updated documentation
• [n/a ] Tests for new functionality and regression tests for bug fixes
• [n/a ] Screenshots attached (for UI changes)

[rhdh-qodo-merge]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 🔗 Cross-repo conflicts (0)

1. Wrong workspace path 🐞 Bug ≡ Correctness

Description

Several new Boost specs instruct creating packages under rhdh-plugins/workspace/boost/... (and
show workspace/boost/...), but this repo uses workspaces/ (plural). Following these instructions
will lead contributors to create packages in the wrong (non-existent) directory and diverge from
repo tooling paths.

Code

workspaces/boost/specifications/boost-context.md[R30-34]

Relevance

⭐⭐⭐ High

Team frequently accepts doc fixes correcting wrong/misleading instructions (e.g., README/config/doc
corrections in PRs #2419, #2861).

PR-#2419
PR-#2861

ⓘ Recommendations generated based on similar findings in past PRs

Evidence

The new docs explicitly instruct using workspace/ paths, while the repo’s own tooling and file
layout use workspaces/ (plural), making the instructions incorrect for this repository.

workspaces/boost/specifications/boost-context.md[28-34]
workspaces/boost/specifications/prd/platform-operations-deployment.md[62-65]
workspaces/boost/openspec/changes/agent-creation-discovery/tasks.md[5-17]
package.json[21-26]
workspaces/boost/README.md[1-6]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
Multiple new Boost documentation files reference `workspace/boost/...` and `rhdh-plugins/workspace/boost/...` (singular), but the repository layout and tooling use `workspaces/...` (plural). This makes the docs internally inconsistent and will cause incorrect file placement if followed.

### Issue Context
This PR introduces a new `workspaces/boost/...` documentation set (PRDs + OpenSpec changes). The instructions should match the monorepo directory naming convention (`workspaces/`).

### Fix Focus Areas
- workspaces/boost/specifications/boost-context.md[30-34]
- workspaces/boost/specifications/prd/platform-operations-deployment.md[62-65]
- workspaces/boost/specifications/prd/agent-creation-discovery.md[252-252]
- workspaces/boost/openspec/changes/agent-creation-discovery/tasks.md[7-16]
- workspaces/boost/openspec/changes/agent-creation-discovery/design.md[44-44]
- workspaces/boost/openspec/changes/agent-creation-discovery/specs/catalog-entities/spec.md[25-25]

### What to change
- Replace `rhdh-plugins/workspace/boost/...` with `rhdh-plugins/workspaces/boost/...`.
- Replace any displayed `workspace/boost/...` code-block paths with `workspaces/boost/...`.
- Do a quick search/replace within `workspaces/boost/**` for `rhdh-plugins/workspace/` and `workspace/boost/` and verify there are no remaining singular-path references.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.62%. Comparing base (d49a228) to head (43ad67e).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3278   +/-   ##
=======================================
  Coverage   53.62%   53.62%           
=======================================
  Files        2409     2409           
  Lines       86633    86633           
  Branches    23997    23997           
=======================================
  Hits        46457    46457           
  Misses      39894    39894           
  Partials      282      282           

Flag	Coverage Δ		*Carryforward flag
adoption-insights	83.58% <ø> (ø)		Carriedforward from d49a228
ai-integrations	70.03% <ø> (ø)		Carriedforward from d49a228
app-defaults	69.60% <ø> (ø)		Carriedforward from d49a228
augment	46.39% <ø> (ø)		Carriedforward from d49a228
bulk-import	72.86% <ø> (ø)		Carriedforward from d49a228
cost-management	16.49% <ø> (ø)		Carriedforward from d49a228
dcm	45.40% <ø> (ø)		Carriedforward from d49a228
extensions	61.79% <ø> (ø)		Carriedforward from d49a228
global-floating-action-button	74.30% <ø> (ø)		Carriedforward from d49a228
global-header	61.63% <ø> (ø)		Carriedforward from d49a228
homepage	51.60% <ø> (ø)		Carriedforward from d49a228
konflux	91.01% <ø> (ø)		Carriedforward from d49a228
lightspeed	68.50% <ø> (ø)		Carriedforward from d49a228
mcp-integrations	85.46% <ø> (ø)		Carriedforward from d49a228
orchestrator	37.34% <ø> (ø)		Carriedforward from d49a228
quickstart	62.88% <ø> (ø)		Carriedforward from d49a228
sandbox	79.56% <ø> (ø)		Carriedforward from d49a228
scorecard	83.84% <ø> (ø)		Carriedforward from d49a228
theme	64.54% <ø> (ø)		Carriedforward from d49a228
translations	8.49% <ø> (ø)		Carriedforward from d49a228
x2a	78.79% <ø> (ø)		Carriedforward from d49a228

*This pull request uses carry forward flags. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d49a228...43ad67e. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rhdh-qodo-merge]

Review Summary by Qodo

Boost Agentic SDLC Platform: Complete Specification Suite with Security, Modularity, and Enterprise Operations

📝 Documentation ✨ Enhancement

Walkthroughs

Description

• Comprehensive specification suite for Boost agentic SDLC platform with 5 PRDs and 40+ OpenSpec
  change documents
• **Security & Governance**: 16 fine-grained permissions with conditional rules, RFC 8693 token
  exchange, three security modes, safety shields, and resilience patterns
• **Agent Creation & Discovery**: Four converging creation paths (no-code builder, Software
  Template, DevSpaces, import), catalog-first architecture with entity providers, MCP tool
  registration with 4-level auth chain
• **Pluggable AI Platform**: Provider abstraction interface with normalized streaming, runtime
  hot-swap with rollback, multi-agent orchestration via Llama Stack, modular provider packaging as
  independent backend modules
• **Platform Operations & Deployment**: Schema-driven runtime configuration with two-layer
  resolution (YAML + DB overrides), cache migration to Backstage cacheService, RAG knowledge
  pipelines with multi-source ingestion
• **AI Chat Experience**: Streaming chat with phase indicators, RAG-grounded answers with citations,
  human-in-the-loop approval, conversation history, developer debugging tools, frontend composability
  with lazy loading
• Design principles extracted from Augment reference prototype with clean-slate implementation
  approach and 12 lessons learned
• Modular workspace structure with independently deployable packages (core, providers, entity
  providers)

Diagram

flowchart LR
  PRD["5 Product Requirements<br/>Documents"]
  SEC["Security & Governance<br/>16 Permissions + Token Exchange"]
  AGENT["Agent Creation<br/>4 Paths + Catalog"]
  PROV["Pluggable Providers<br/>Hot-Swap + Normalization"]
  OPS["Platform Operations<br/>Schema Config + Caching"]
  CHAT["Chat Experience<br/>Streaming + RAG + HITL"]
  
  PRD --> SEC
  PRD --> AGENT
  PRD --> PROV
  PRD --> OPS
  PRD --> CHAT
  
  SEC -- "Governs" --> AGENT
  SEC -- "Protects" --> PROV
  SEC -- "Secures" --> OPS
  SEC -- "Enforces" --> CHAT
  
  PROV -- "Powers" --> CHAT
  AGENT -- "Enables" --> CHAT
  OPS -- "Configures" --> PROV
  OPS -- "Configures" --> AGENT

Loading

File Changes

1. workspaces/boost/specifications/prd/security-safety-governance.md 📝 Documentation +339/-0

Enterprise Security Model with Fine-Grained RBAC and Governance

• Comprehensive PRD defining enterprise security model with 3 security modes, 16 fine-grained
 permissions, and 4-stage agent lifecycle governance
• Specifies per-user identity delegation via RFC 8693 token exchange, content safety shields, SSRF
 protection, and zero data retention mode
• Details self-approval prevention, ownership-based visibility, SonataFlow approval workflow
 integration, and cascading delete patterns
• Establishes 7-layer security enforcement across frontend, middleware, governance, and provider
 authentication with cross-cutting protections

workspaces/boost/specifications/prd/security-safety-governance.md

---

2. workspaces/boost/specifications/prd/agent-creation-discovery.md 📝 Documentation +337/-0

Multi-Path Agent Creation with Catalog Entity Integration

• Defines four agent creation paths (no-code builder, Software Template, DevSpaces, import)
 converging on unified ChatAgent model
• Specifies agent gallery discovery, MCP tool registration with 4-level auth chain, and skills
 marketplace integration
• Establishes Backstage catalog representation for agents, tools, models, and MCP servers as
 independently deployable entity providers
• Details ownership semantics, 4-stage lifecycle governance, and cascading delete across backend
 stores

workspaces/boost/specifications/prd/agent-creation-discovery.md

---

3. workspaces/boost/specifications/prd/pluggable-ai-platform-architecture.md 📝 Documentation +342/-0

Modular Provider Architecture with Normalized Streaming

• Defines provider abstraction interface with normalized streaming protocol
 (NormalizedStreamEvent) enabling provider-agnostic frontend
• Specifies runtime provider hot-swap with automatic rollback, capability-based feature gating, and
 multi-agent orchestration via Llama Stack
• Establishes providers as independent RHDH dynamic plugins from day one with
 augmentAiProviderServiceRef for cross-plugin consumption
• Details Backstage cacheService migration strategy replacing 17 home-grown Map caches with
 consistent TTL and Redis backing

workspaces/boost/specifications/prd/pluggable-ai-platform-architecture.md

---

View more (47)

4. workspaces/boost/specifications/prd/platform-operations-deployment.md 📝 Documentation +304/-0

Runtime-Configurable Deployment with Schema-Driven Config

• Specifies modular deployment paths for RHDH dynamic plugins and Backstage static plugins with zero
 code changes
• Details runtime configuration engine with two-layer resolution (YAML baseline + database
 overrides) and Zod schema-driven validation
• Defines RAG knowledge pipeline configuration with multi-source ingestion, content-hash change
 detection, and per-agent vector store scoping
• Establishes white-label customization, admin onboarding, and workspace package structure with
 independently deployable entity providers

workspaces/boost/specifications/prd/platform-operations-deployment.md

---

5. workspaces/boost/specifications/prd/ai-chat-interaction-experience.md 📝 Documentation +240/-0

Streaming Chat with RAG, HITL Approval, and Debug Tools

• Defines streaming chat interface with real-time phase indicators, knowledge-grounded RAG answers
 with source citations
• Specifies human-in-the-loop approval for sensitive tool calls, interactive cards (forms, auth
 flows), and conversation history management
• Details developer debugging tools including execution trace inspection, session state inspector,
 and message-level inspection
• Establishes provider-adaptive chat experience with composable frontend extensions and lazy loading
 from day one

workspaces/boost/specifications/prd/ai-chat-interaction-experience.md

---

6. workspaces/boost/specifications/boost-context.md 📝 Documentation +155/-0

Project Context and Design Principles from Augment

• Establishes Boost as clean-slate implementation of agentic portal informed by Augment reference
 prototype without migration path
• Documents 12 design principles learned from Augment tech debt analysis covering caching,
 permissions, modularity, and composability
• Specifies workspace structure with modular packages (core, providers, entity providers) all
 independently deployable
• Defines upstream monitoring process for tracking Augment changes and adoption decision framework
 for requirement shifts

workspaces/boost/specifications/boost-context.md

---

7. workspaces/boost/openspec/changes/security-safety-governance/specs/fine-grained-permissions/spec.md 📝 Documentation +135/-0

Fine-Grained RBAC with Conditional Permission Rules

• Specifies 16 fine-grained permissions across 3 resource types replacing 2 coarse permissions with
 conditional rules
• Details 3 conditional rules (IS_OWNER, IS_NOT_CREATOR, HAS_LIFECYCLE_STAGE) for ownership
 and separation-of-duties enforcement
• Establishes authorizeLifecycleAction middleware replacing 2,132 lines of custom governance code
 with Backstage permissions.authorize()
• Defines functional area permissions for chat, documents, MCP, and config management with
 resource-based agent and tool lifecycle permissions

workspaces/boost/openspec/changes/security-safety-governance/specs/fine-grained-permissions/spec.md

---

8. workspaces/boost/openspec/changes/agent-creation-discovery/specs/catalog-entities/spec.md 📝 Documentation +114/-0

Catalog Entities for AI Domain Objects

• Specifies Backstage catalog entities for AI domain objects (agents, models, MCP servers, vector
 stores) replacing in-memory caches
• Details entity providers as independently deployable backend services with two deployment modes
 (standalone and composed)
• Establishes entity kind strategy using Component and Resource kinds with migration path to
 upstream AIContext and API kinds
• Defines lifecycle mapping (Draft→experimental, Published→production, Archived→deprecated) and
 ownership integration for RBAC

workspaces/boost/openspec/changes/agent-creation-discovery/specs/catalog-entities/spec.md

---

9. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/design.md 📝 Documentation +94/-0

Modular Provider Architecture Design Decisions

• Documents design decisions for modular provider architecture with augmentAiProviderServiceRef in
 common package
• Specifies providers as backend modules (not plugins) with cacheService replacing all 17 home-grown
 Map caches
• Details capability-based feature gating replacing provider ID string checks and extraction of
 Kagenti-specific types from common package
• Identifies cache migration targets with TTL, namespace isolation, and Redis backing strategy

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/design.md

---

10. workspaces/boost/openspec/changes/platform-operations-deployment/specs/runtime-config/spec.md 📝 Documentation +136/-0

Schema-Driven Runtime Configuration with Two-Layer Resolution

• Specifies two-layer configuration resolution with YAML baseline and database overrides with
 immediate cache invalidation
• Details schema-driven validation replacing 668 lines of hand-written validators with Zod as single
 source of truth
• Establishes field scope documentation (yaml-only, db-overridable, db-only) and new config
 categories for agent approval and token exchange
• Defines schema versioning strategy with startup migration validating DB values against current
 schema and admin notification of removed overrides

workspaces/boost/openspec/changes/platform-operations-deployment/specs/runtime-config/spec.md

---

11. workspaces/boost/openspec/changes/security-safety-governance/specs/access-control/spec.md 📝 Documentation +153/-0

Security modes, access control, and token exchange specifications

• Defines three security modes (development-only-no-auth, plugin-only, full) with progressive
 enforcement from development through production
• Specifies frontend SecurityGate enforcement, MCP auth chain resolution, and SSRF protection
 requirements
• Introduces per-user token exchange via RFC 8693 for Kagenti identity delegation with graceful
 fallback to service-account token
• Adds CSRF protection headers, credential encryption, and identity resolution using real OIDC
 credentials across all security modes

workspaces/boost/openspec/changes/security-safety-governance/specs/access-control/spec.md

---

12. workspaces/boost/openspec/changes/agent-creation-discovery/tasks.md ✨ Enhancement +82/-0

Entity providers, catalog migration, and toolscope extraction tasks

• Defines tasks for creating independently deployable entity provider packages
 (kagenti-entity-provider, llamastack-entity-provider)
• Specifies catalog migration from in-memory caches to Backstage catalog API queries
• Outlines toolscope extraction as standalone package with injectable CacheAdapter interface
• Includes lifecycle model implementation (4-stage: Draft → Pending → Published → Archived) and
 skills marketplace integration

workspaces/boost/openspec/changes/agent-creation-discovery/tasks.md

---

13. workspaces/boost/specifications/prd/use-case-index.md 📝 Documentation +75/-0

Comprehensive use case index across five product requirement documents

• Provides concise reference index for 25 use cases across five PRDs (AI Chat, Agent Creation,
 Platform Architecture, Operations, Security)
• Organizes use cases by priority (16 P0, 9 P1+) with descriptions and links to detailed PRD
 documentation
• Includes summary table showing distribution across PRDs and diagram references for flow
 documentation

workspaces/boost/specifications/prd/use-case-index.md

---

14. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/tasks.md ✨ Enhancement +69/-0

Provider abstraction, module extraction, and cache migration tasks

• Moves AgenticProvider and conversation types to augment-common package with new
 augmentAiProviderServiceRef
• Extracts provider implementations into separate Backstage backend modules
 (plugin-augment-backend-module-llamastack, plugin-augment-backend-module-kagenti)
• Migrates provider-specific caches to coreServices.cache for Redis-backed multi-instance safety
• Replaces provider ID string checks with capability-based rendering in frontend components

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/tasks.md

---

15. workspaces/boost/openspec/changes/platform-operations-deployment/specs/cache-migration/spec.md 📝 Documentation +82/-0

Operational cache migration to Backstage cacheService specification

• Specifies migration of 14 operational caches to Backstage cacheService for Redis backing and
 multi-instance safety
• Documents cache inventory including RuntimeConfigResolver, ConversationRegistry,
 DocumentSyncService, and session maps
• Defines requirements for config cache with 30s TTL and immediate invalidation on write
• Establishes caching patterns for conversation sessions, document sync hashes, and client instances

workspaces/boost/openspec/changes/platform-operations-deployment/specs/cache-migration/spec.md

---

16. workspaces/boost/openspec/changes/security-safety-governance/tasks.md ✨ Enhancement +76/-0

Fine-grained permissions, token exchange, and security hardening tasks

• Defines 16 fine-grained permissions across agent, tool, and Kagenti infrastructure with
 conditional rules (IS_OWNER, IS_NOT_CREATOR, HAS_LIFECYCLE_STAGE)
• Specifies authorization middleware implementation and route refactoring to use permissions instead
 of scattered guards
• Includes token exchange implementation with RFC 8693, per-user caching, and graceful fallback
• Adds CSRF protection, credential encryption, and security mode rename from none to
 development-only-no-auth

workspaces/boost/openspec/changes/security-safety-governance/tasks.md

---

17. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-packaging/spec.md 📝 Documentation +81/-0

Provider packaging as independent Backstage backend modules

• Specifies packaging of ResponsesApiProvider (Llama Stack) and KagentiProvider as independent
 Backstage backend modules
• Defines module registration via augmentProviderExtensionPoint with composition of entity
 providers
• Requires modules to use coreServices.cache for operational caching with Redis backing in
 production
• Establishes standalone toolkit packages (@augment/toolscope, @augment/responses-api-toolkit)
 with zero Backstage coupling

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-packaging/spec.md

---

18. workspaces/boost/openspec/changes/agent-creation-discovery/design.md 📝 Documentation +66/-0

Catalog-first architecture with entity providers and lifecycle governance

• Establishes catalog entities as source of truth from day one using existing kinds (Component for
 agents, Resource for infrastructure)
• Defines entity providers as independently deployable backend services with gradual cache
 elimination (dual-write → catalog-read → cache removal)
• Specifies 4-stage lifecycle model (Draft → Pending → Published → Archived) with ownership
 semantics and cascading delete
• Describes skills marketplace integration as consumer-only with K8s manifest generation and
 deployment tracking

workspaces/boost/openspec/changes/agent-creation-discovery/design.md

---

19. workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/frontend-composability/spec.md 📝 Documentation +96/-0

Frontend composability, lazy loading, and feature flag architecture

• Specifies decomposition of monolithic AugmentPage into composable routable extensions
 (AugmentChatPage, AugmentAdminPage, AugmentAgentStudioPage)
• Defines lazy loading for provider-specific and admin components via React.lazy() to reduce
 bundle size
• Establishes config-driven feature flags via app-config.yaml and Backstage featureFlagsApiRef
 for runtime control
• Requires UX/UXD design alignment with PatternFly components and WCAG 2.1 AA accessibility
 compliance

workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/frontend-composability/spec.md

---

20. workspaces/boost/openspec/changes/platform-operations-deployment/design.md 📝 Documentation +55/-0

Schema-driven configuration and cache architecture design decisions

• Establishes Zod schema-driven validation as single source of truth replacing 671 lines of
 hand-written validators
• Defines cache migration order prioritizing highest-traffic caches (RuntimeConfigResolver) with
 risk-based sequencing
• Specifies config field metadata annotation (yaml-only, db-overridable, db-only) for admin UI
 and validation
• Addresses Redis dependency and schema migration risks with mitigation strategies

workspaces/boost/openspec/changes/platform-operations-deployment/design.md

---

21. workspaces/boost/openspec/changes/security-safety-governance/design.md 📝 Documentation +59/-0

Fine-grained permissions and per-user token exchange design architecture

• Establishes 16 fine-grained Backstage permissions as sole authorization mechanism replacing 2,132
 lines of custom code
• Defines three conditional permission rules (IS_OWNER, IS_NOT_CREATOR, HAS_LIFECYCLE_STAGE)
 with admin fallback for gradual adoption
• Specifies RFC 8693 token exchange for per-user Kagenti identity with graceful fallback to
 service-account token
• Separates authorization concerns across Backstage (governance), Kagenti (runtime), and Kubernetes
 (infrastructure) layers

workspaces/boost/openspec/changes/security-safety-governance/design.md

---

22. workspaces/boost/openspec/changes/agent-creation-discovery/specs/agent-creation-paths/spec.md 📝 Documentation +79/-0

Four agent creation paths with unified model and governance registration

• Specifies four agent creation paths converging on unified ChatAgent model: no-code builder,
 Software Template, DevSpaces, and import
• Defines no-code agent editor with tool access, knowledge base scoping, and handoff configuration
• Establishes governance registration on creation with Draft lifecycle stage and createdBy field
 tracking
• Includes Kagenti wizard with optional build step and DevSpaces cloud IDE integration with
 Shipwright

workspaces/boost/openspec/changes/agent-creation-discovery/specs/agent-creation-paths/spec.md

---

23. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-abstraction/spec.md 📝 Documentation +73/-0

Provider abstraction interface and service reference architecture

• Defines AgenticProvider interface with required (chat, chatStream) and optional capabilities
 (RAG, safety, evaluation)
• Specifies extension point registration requiring zero Augment source code modification
• Introduces augmentAiProviderServiceRef for cross-plugin AI provider consumption via Backstage
 dependency injection
• Establishes shared types in common package (AgenticProvider, ProviderDescriptor, conversation
 types) separate from provider-specific types

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-abstraction/spec.md

---

24. workspaces/boost/openspec/changes/platform-operations-deployment/tasks.md ✨ Enhancement +40/-0

Operational caches and schema-driven configuration implementation tasks

• Specifies all backend services depend on coreServices.cache with no raw Map caches
• Defines schema-driven config validation using Zod as single source of truth with generated
 TypeScript types
• Requires config field annotation with scope metadata (yaml-only, db-overridable, db-only)
• Includes credential encryption for sensitive DB-stored values and schema version tracking with
 startup migration

workspaces/boost/openspec/changes/platform-operations-deployment/tasks.md

---

25. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/multi-agent-orchestration/spec.md 📝 Documentation +56/-0

Multi-agent orchestration with config-driven and framework-neutral patterns

• Specifies Llama Stack config-driven agents defined in YAML with router delegation and handoff
 chains
• Defines Kagenti framework-neutral agent operations via A2A protocol discovery with
 namespace-scoped multi-tenancy
• Establishes agents-as-tools pattern for manager agents invoking specialists
• Describes ADK orchestration library managing turn lifecycle, handoff logic, and tool execution

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/multi-agent-orchestration/spec.md

---

26. workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/conversation-history/spec.md 📝 Documentation +71/-0

Conversation history, session management, and developer inspection tools

• Specifies persistent searchable conversation history with session grouping and keyword filtering
• Defines session interactions: feedback (thumbs up/down), edit and regenerate, export, and admin
 cross-user view
• Establishes developer inspection tools with dev mode enabling execution trace, message inspector,
 and session state inspector
• Includes tool call drill-down with input/output visibility and timing data

workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/conversation-history/spec.md

---

27. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-hot-swap/spec.md 📝 Documentation +56/-0

Provider hot-swap with safe lifecycle and frontend state management

• Specifies backend hot-swap lifecycle with safe sequence: start new provider, validate, swap
 pointer, shutdown old provider
• Defines automatic rollback on provider initialization failure with error notification
• Establishes frontend state reset on provider change: cancel stream, clear messages, reset agent
 selection
• Requires capability-driven rendering replacing provider ID string checks in layout decisions

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/provider-hot-swap/spec.md

---

28. workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/hitl-approval/spec.md 📝 Documentation +60/-0

Human-in-the-loop approval with parameter editing and audit trail

• Specifies tool call approval dialog with parameter review and editing capability before execution
• Defines approval workflow: user approves/rejects, backend resumes/adjusts inference loop
• Establishes interactive cards for structured input (forms) and external authentication (OAuth)
• Requires approval audit trail with decision, timestamp, parameters, and user identity persistence

workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/hitl-approval/spec.md

---

29. workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/streaming-chat/spec.md 📝 Documentation +56/-0

Streaming chat with phase indicators and provider-adaptive behavior

• Specifies real-time streaming responses with phase indicators (thinking, reasoning, searching,
 calling tools, generating)
• Defines provider-adaptive paths: Llama Stack with router handoff, Kagenti with mandatory agent
 selection
• Establishes resilience patterns: provider offline detection with auto-resume, inline error cards,
 error boundary protection
• Includes conversation auto-save on successful response completion

workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/streaming-chat/spec.md

---

30. workspaces/boost/openspec/changes/platform-operations-deployment/specs/rag-pipelines/spec.md 📝 Documentation +56/-0

RAG knowledge pipelines with multi-source ingestion and vector store management

• Specifies multi-source document ingestion (GitHub, URL, file upload) with change detection via
 content hashes
• Defines vector store management with search modes (semantic, keyword, hybrid) and per-agent
 scoping
• Establishes RAG playground for quality testing with adjustable thresholds and relevance scoring
• Includes scheduled sync with only-changed-files re-ingestion and deleted file removal

workspaces/boost/openspec/changes/platform-operations-deployment/specs/rag-pipelines/spec.md

---

31. workspaces/boost/openspec/changes/ai-chat-interaction-experience/tasks.md ✨ Enhancement +30/-0

Frontend composability, lazy loading, and feature flag implementation tasks

• Creates composable routable extensions (BoostChatPage, BoostAdminPage, BoostAgentStudioPage)
 using existing sub-route refs
• Implements lazy loading in ChatView.tsx and AdminLayout.tsx via React.lazy() with Suspense
 boundaries
• Adds config-driven feature flags via app-config.yaml with Backstage featureFlagsApiRef
 registration
• Removes hardcoded KagentiFeatureFlags server-side check in favor of config-driven approach

workspaces/boost/openspec/changes/ai-chat-interaction-experience/tasks.md

---

32. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/proposal.md 📝 Documentation +35/-0

Pluggable AI platform architecture proposal and rationale

• Justifies pluggable provider architecture for enterprise multi-backend support with runtime
 hot-swap capability
• Documents current capabilities: provider abstraction, extension point registration, normalized
 streaming, two built-in providers
• Outlines architectural improvements: augmentAiProviderServiceRef, provider module extraction,
 capability-based rendering
• Specifies impact on common package, provider extraction, and new backend modules

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/proposal.md

---

33. workspaces/boost/openspec/changes/platform-operations-deployment/proposal.md 📝 Documentation +34/-0

Platform operations and deployment proposal with configuration architecture

• Justifies runtime configuration engine with DB-backed overlay for production usability without
 code changes
• Documents current capabilities: dynamic plugin deployment, agent management, RAG pipelines, 25+
 runtime parameters
• Outlines architectural improvements: cache migration to cacheService, schema-driven validation,
 feature flags
• Specifies impact on config validation, cache services, and feature flag schema

workspaces/boost/openspec/changes/platform-operations-deployment/proposal.md

---

34. workspaces/boost/openspec/changes/ai-chat-interaction-experience/design.md 📝 Documentation +42/-0

Frontend composability and lazy loading design decisions

• Establishes monolithic frontend decomposition into composable extensions with lazy loading and
 feature flags
• Defines lazy loading strategy for provider-specific and admin components to reduce bundle size
• Specifies feature flag mechanisms combining app-config.yaml defaults with Backstage
 featureFlagsApiRef runtime overrides
• Preserves existing AugmentPage as composition root with zero breaking changes

workspaces/boost/openspec/changes/ai-chat-interaction-experience/design.md

---

35. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/normalized-streaming/spec.md 📝 Documentation +38/-0

Normalized streaming protocol for provider-agnostic frontend

• Defines NormalizedStreamEvent union type covering full agent interaction lifecycle (text,
 reasoning, tools, RAG, handoffs, approvals)
• Specifies provider-specific normalization: Llama Stack SSE mapping and Kagenti A2A task state
 transitions
• Establishes frontend stream processing via StreamingMessage.reducer with event batching for
 performance
• Ensures frontend works identically regardless of active backend provider

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/specs/normalized-streaming/spec.md

---

36. workspaces/boost/openspec/changes/agent-creation-discovery/specs/mcp-tools/spec.md 📝 Documentation +48/-0

MCP tool configuration with auth chain and approval policies

• Specifies MCP server registration with transport options (Streamable HTTP, SSE) and auto-discovery
 of available tools
• Defines 4-level auth chain resolution: per-tool auth → per-server OAuth → ServiceAccount tokens →
 global fallback
• Establishes per-tool and per-server approval policies with tool scoping to specific agents
• Includes Kagenti tool lifecycle management with wizard, testing, and air-gapped proxy mode

workspaces/boost/openspec/changes/agent-creation-discovery/specs/mcp-tools/spec.md

---

37. workspaces/boost/openspec/changes/agent-creation-discovery/proposal.md 📝 Documentation +32/-0

Agent creation and discovery proposal with catalog-first architecture

• Justifies catalog entities as source of truth for AI domain objects (agents, tools, models, MCP
 servers, vector stores)
• Documents current capabilities: four creation paths, gallery discovery, MCP connectivity, agent
 lifecycle
• Outlines architectural improvements: entity providers, catalog migration, toolscope extraction
• Specifies impact on entity provider packages and cache elimination

workspaces/boost/openspec/changes/agent-creation-discovery/proposal.md

---

38. workspaces/boost/openspec/changes/ai-chat-interaction-experience/proposal.md 📝 Documentation +33/-0

AI chat and interaction experience proposal with frontend composability

• Justifies decomposition of monolithic frontend into composable extensions with lazy loading
• Documents current capabilities: streaming chat, RAG with citations, HITL approval, conversation
 history, dev tools
• Outlines architectural improvements: lazy loading, composable extensions, capability-driven
 rendering, feature flags
• Specifies impact on plugin registration, component imports, and config schema

workspaces/boost/openspec/changes/ai-chat-interaction-experience/proposal.md

---

39. workspaces/boost/openspec/changes/security-safety-governance/proposal.md 📝 Documentation +33/-0

Security, safety, and governance proposal with fine-grained permissions

• Justifies fine-grained permissions and per-user token exchange for enterprise security and audit
 trails
• Documents current capabilities: three security modes, RBAC, content safety, SSRF protection, zero
 data retention
• Outlines architectural improvements: 16 fine-grained permissions, resource-based conditions, token
 exchange, security mode rename
• Specifies impact on permission definitions, middleware, and token management

workspaces/boost/openspec/changes/security-safety-governance/proposal.md

---

40. workspaces/boost/openspec/changes/agent-creation-discovery/specs/agent-gallery/spec.md 📝 Documentation +38/-0

Agent gallery and discovery with unified provider merging

• Specifies agent catalog dialog with search, filter by framework, and sort capabilities for Kagenti
 provider
• Defines agent preview panel showing conversation starters, capabilities, and technical details
• Establishes first-visit auto-open behavior and unified agent list merging all providers
• Includes featured agent configuration and 155ms timeout for merge operations

workspaces/boost/openspec/changes/agent-creation-discovery/specs/agent-gallery/spec.md

---

41. workspaces/boost/openspec/changes/security-safety-governance/specs/safety-shields/spec.md 📝 Documentation +42/-0

Safety shields and guardrails for input and output filtering

• Specifies input shields detecting prompt injection and harmful content before sending to model
• Defines output shields filtering harmful content and destructive commands from agent responses
• Establishes fail-open/fail-closed configuration per shield with violation logging
• Includes admin configuration interface for shield behavior and custom safety patterns

workspaces/boost/openspec/changes/security-safety-governance/specs/safety-shields/spec.md

---

42. workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/rag-knowledge/spec.md 📝 Documentation +34/-0

Knowledge-grounded answers with source citations and multi-store search

• Specifies RAG-grounded responses with source citations enabling traceability to original
 documentation
• Defines expandable source cards showing chunk text and relevance scores with vector store
 attribution
• Establishes fallback behavior when knowledge base search returns no relevant results
• Includes multi-vector-store search spanning all configured stores with per-store result
 attribution

workspaces/boost/openspec/changes/ai-chat-interaction-experience/specs/rag-knowledge/spec.md

---

43. workspaces/boost/openspec/changes/platform-operations-deployment/specs/white-label/spec.md 📝 Documentation +38/-0

White-label branding with runtime customization and live preview

• Specifies runtime appearance customization: application name, logo, and color theme via admin
 panel
• Defines prompt group management with icon/color pickers and live preview of changes
• Establishes chat experience configuration for featured agents and per-agent conversation starters
• Requires immediate effect without page refresh for all branding changes

workspaces/boost/openspec/changes/platform-operations-deployment/specs/white-label/spec.md

---

44. workspaces/boost/openspec/changes/platform-operations-deployment/specs/deployment/spec.md 📝 Documentation +33/-0

Plugin deployment for RHDH dynamic and Backstage static modes

• Specifies RHDH dynamic plugin deployment via dynamic-plugins.override.yaml with OCI plugin
 references
• Defines Backstage static plugin deployment with npm packages and manual registration
• Establishes configuration validation at startup against declared schema
• Includes both deployment paths with zero code changes for dynamic plugins

workspaces/boost/openspec/changes/platform-operations-deployment/specs/deployment/spec.md

---

45. workspaces/boost/openspec/changes/security-safety-governance/specs/resilience/spec.md 📝 Documentation +36/-0

Resilience patterns with offline detection and error boundaries

• Specifies provider offline detection with ProviderOfflineBanner and automatic resume on recovery
• Defines per-message error isolation via ErrorCard and page-level AugmentErrorBoundary
 preventing cascading failures
• Establishes transient notifications via snackbar toasts for operational events
• Ensures chat remains functional during provider outages

workspaces/boost/openspec/changes/security-safety-governance/specs/resilience/spec.md

---

46. workspaces/boost/openspec/changes/ai-chat-interaction-experience/.openspec.yaml ⚙️ Configuration changes +2/-0

OpenSpec metadata for AI Chat change documentation

• Declares spec-driven schema for AI Chat & Interaction Experience change documentation
• Records creation date as 2026-05-19

workspaces/boost/openspec/changes/ai-chat-interaction-experience/.openspec.yaml

---

47. workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/.openspec.yaml ⚙️ Configuration changes +2/-0

OpenSpec metadata for Platform Architecture change documentation

• Declares spec-driven schema for Pluggable AI Platform Architecture change documentation
• Records creation date as 2026-05-19

workspaces/boost/openspec/changes/pluggable-ai-platform-architecture/.openspec.yaml

---

48. workspaces/boost/openspec/changes/agent-creation-discovery/.openspec.yaml ⚙️ Configuration changes +2/-0

OpenSpec metadata for Agent Creation change documentation

• Declares spec-driven schema for Agent Creation & Discovery change documentation
• Records creation date as 2026-05-19

workspaces/boost/openspec/changes/agent-creation-discovery/.openspec.yaml

---

49. workspaces/boost/openspec/changes/security-safety-governance/.openspec.yaml ⚙️ Configuration changes +2/-0

OpenSpec metadata for Security & Governance change documentation

• Declares spec-driven schema for Security, Safety & Governance change documentation
• Records creation date as 2026-05-19

workspaces/boost/openspec/changes/security-safety-governance/.openspec.yaml

---

50. workspaces/boost/openspec/changes/platform-operations-deployment/.openspec.yaml ⚙️ Configuration changes +2/-0

OpenSpec metadata for Platform Operations change documentation

• Declares spec-driven schema for Platform Operations & Deployment change documentation
• Records creation date as 2026-05-19

workspaces/boost/openspec/changes/platform-operations-deployment/.openspec.yaml

---

[fullsend-ai-review]

Review

Findings

Medium

• [misleading-label] PR title — The PR title uses fix(feat): which is not a valid Conventional Commits type. fix(feat) nests one type inside another's scope slot, which is semantically incoherent. This change adds 50 new specification/documentation files — it is clearly a docs or feat tier change, not a bug fix. Using the wrong type undermines changelog generation and may bypass review gates intended for new features.
  Remediation: Change the PR title to use a valid type with workspace scope, e.g. docs(boost): add initial PRD and OpenSpec specifications or feat(boost): add initial specifications for clean-room reimplementation.

• [missing-authorization] PR scope — There is no linked GitHub issue authorizing this work. The PR introduces 50 specification files describing an entirely new direction for the boost workspace — a "clean room re-impl of augment" — with no traceability to an approved proposal, RFC, or issue. All PR checklist items are marked "n/a" without justification. For a major initiative of this scope, there should be an issue establishing authorization and rationale.
  Remediation: Create or link a GitHub issue describing the goal of the clean-room reimplementation, its relationship to the augment workspace, and approval from project maintainers.

• [naming-convention] workspaces/boost/openspec/changes/ (multiple files) — The openspec change files inconsistently mix augment-* and boost-* package naming. OpenSpec files reference @augment/toolscope, plugin-augment-backend-module-*, augment-common, and component names like AugmentChatPage, while the PRDs and boost-context.md consistently use boost-* naming (boost-frontend, boost-common, plugin-boost-backend-module-kagenti, BoostChatPage). Decision headings also reference augment packages (e.g., "serviceRef lives in augment-common"). This creates confusion about whether the specs describe augment or boost. See also: one task in pluggable-ai-platform-architecture/tasks.md is marked [x] completed based on augment migration status, but boost is a new implementation where augment status is irrelevant.
  Remediation: Update all package references, component names, and file paths in the openspec/changes/ files to use boost-* naming consistent with the PRDs and boost-context.md. Remove or uncheck the [x] task item.

• [naming-convention] workspaces/boost/openspec/changes/agent-creation-discovery/design.md (and others) — All repository path references use rhdh-plugins/workspace/boost/plugins/ (singular "workspace") but the actual repository directory is workspaces/ (plural), as evidenced by the files themselves being placed at workspaces/boost/openspec/.... This error appears across at least 7 occurrences in design.md, spec.md, boost-context.md, and PRD files.
  Remediation: Replace all occurrences of rhdh-plugins/workspace/boost/ with rhdh-plugins/workspaces/boost/.

Low

• [scope-creep] PR scope — 50 specification files across 5 feature areas in a single PR. Each OpenSpec change directory (agent-creation-discovery, ai-chat-interaction-experience, platform-operations-deployment, pluggable-ai-platform-architecture, security-safety-governance) represents a distinct feature area that could be reviewed independently. Consider splitting by feature area for reviewability, or provide justification for why all must land together.

• [design-direction] workspaces/boost/ — The clean-room reimplementation approach and the new directory structure (openspec/, specifications/prd/) are not documented in an ADR or the boost README. No other workspace in the repo uses this directory pattern. Consider adding an ADR explaining the rationale for the approach and the new specification structure.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

[medium] naming-convention

All repository path references use 'rhdh-plugins/workspace/boost/plugins/' (singular 'workspace') but the actual directory is 'workspaces/' (plural). Error appears across 7+ occurrences in multiple files.

Suggested fix: Replace all occurrences of 'rhdh-plugins/workspace/boost/' with 'rhdh-plugins/workspaces/boost/'.