Peter Steinberger
53ad69c6ee
ci: hourly sweeper re-fires dropped pull_request CI runs ( #110889 )
...
* ci: add hourly PR CI sweeper for dropped pull_request runs
Fresh PRs race GitHub's merge-ref computation: the open-event CI run can
drop entirely or be created as an un-rerunnable startup_failure (~10-16
runs daily). The sweeper lists recently updated open PRs hourly, finds
heads whose only pull_request-event CI runs are startup failures (or
missing), and re-fires the event by close/reopen with the Barnacle app
token (GITHUB_TOKEN events would not trigger workflows).
Safety: 10-minute quiet window, 24h lookback, skips drafts, merge
conflicts, pending mergeability, and auto-merge PRs (close cancels
auto-merge); revalidates state, head, and CI attachment immediately
before mutating; per-PR budget of two sweeper closes and a per-sweep cap
of ten; reopen-on-unknown ownership so a stranded close (silent) always
loses to a spurious reopen (visible); manual dispatch supports dry_run.
Accepted tradeoffs are documented inline: shared-SHA PR topologies can
mask a dropped run (skip-only miss; run.pull_requests matching would
break fork PRs), and app-auth failover at worst doubles the close budget.
* test(ci): exercise pr-ci-sweeper runner with a faked client
* fix(test): lint-clean pr-ci-sweeper runner fakes
2026-07-18 20:18:57 +01:00
Peter Steinberger
a0cc7d11fb
fix(scripts): restore Testbox lease claims to the originating repo after delegated runs ( #110869 )
...
* fix(scripts): restore Testbox lease claims to the originating repo after delegated runs
Delegated Blacksmith Testbox runs execute from throwaway sparse-sync checkouts, so Crabbox stamps retained lease claims with that temporary cwd. Restore only claims still pointing at the child checkout after the run on both success and failure, preserving foreign claims and every other field. This repairs the post-run artifact instead of weakening the pre-run ownership guard.
* fix(scripts): restore claims for delegated runs that create retained leases
2026-07-18 19:49:04 +01:00
Colin Johnson
1ca6b6ff67
feat(ios): unify chat and voice experience ( #107879 )
...
* feat(ios): unify chat and voice experience
* refactor(ios): finish unified chat ownership
* fix(ios): unify chat and voice capture ownership
* fix(ios): serialize Talk permission hydration
* fix(ios): clear voice CI regressions
* fix(ios): clear remaining unified chat CI failures
* chore(i18n): sync native source inventory
* refactor(ios): defer provider-only realtime voice
* fix(ios): clean unified chat voice PR
* fix(ios): localize unified voice controls
* fix(ios): serialize composer audio controls
* fix(ios): isolate dictation preparation lifecycle
* fix(ios): key chat tab icons by appearance
* fix(ios): preserve talk upgrade handshakes
* fix(ios): refresh native i18n inventory
* fix(ios): reconcile shared locale artifacts
* fix(ios): satisfy chat view lint limit
* fix(ios): reconcile shared composer implementation
* test(apple): avoid XCTest actor deinit crash
* fix(ios): satisfy SwiftFormat scope spacing
* fix(ios): remove duplicate merged helper declarations
2026-07-18 14:30:10 -04:00
Peter Steinberger
7e27101f2c
fix(ci): honor Periphery ignores in shared intersection ( #110839 )
2026-07-18 18:46:52 +01:00
Peter Steinberger
4d27b5b67e
refactor(macos): move PortGuardian state to SQLite ( #110527 )
...
* refactor: compose native SQLite bootstrap tables
* refactor: share native SQLite state bootstrap
* refactor(macos): move PortGuardian state to SQLite
* test: align PortGuardian future-schema fixture
* fix(macos): reserve PortGuardian ledger across tunnel spawn
* fix(ci): align PortGuardian migration gates
* fix(macos): tolerate vanished SQLite sidecars
* fix(macos): revalidate PortGuardian writes
* test(macos): use sqlite identity bootstrap
2026-07-18 18:15:17 +01:00
Peter Steinberger
a2f845e6c8
fix: control UI locale PRs fail to arm auto-merge ( #110809 )
...
* fix(ci): grant locale auto-merge token contents access
* style(ci): format locale workflow guards
2026-07-18 17:45:27 +01:00
Peter Steinberger
98410d986e
refactor(state): move device identity into canonical SQLite state ( #110392 )
...
* refactor: store device identities in SQLite
* style: satisfy Swift identity lint limits
* test: harden device identity migration fixtures
* fix: harden SQLite device identity recovery
* chore: remove stale identity helper
* refactor: isolate device identity repair
* chore: remove stale migration import
* test: validate migrated identity key types
* fix: harden device identity repair
* style: format device identity assertion
* fix: derive repaired identity key from PEM
* style: remove redundant PEM conversions
* fix: align native identity store with schema v4
* fix(state): satisfy SQLite identity CI gates
* fix(state): coordinate native identity migration
* test(doctor): include native identity claim path
* fix(infra): preserve coordinator release error
* fix(state): clear identity validation gates
* refactor(apple): remove identity test-only APIs
* refactor(apple): remove dead identity error type
* test(apple): use canonical identity test seam
* test(macos): isolate gateway readiness identity
2026-07-18 17:43:56 +01:00
xingzhou
faf3dbdda8
fix(ci): classify proxied APNs TLS tunnel ( #110480 )
...
* fix(ci): classify proxied APNs TLS tunnel
* fix(ci): prove network CodeQL contract changes
Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 16:18:29 +01:00
Peter Steinberger
a026380614
fix(release): force isolated gateway shutdown ( #110698 )
2026-07-18 14:49:20 +01:00
Peter Steinberger
40793e6f8b
fix: bound pasted input and provider response bodies ( #110627 )
...
* refactor(runtime): centralize bounded I/O handling
* fix(runtime): finalize bounded I/O contracts
* chore(security): drop stale audit import
* docs(changelog): credit bounded I/O fixes
Co-authored-by: Pick-cat <huang.ting3@xydigit.com>
* fix(agents): keep provider HTTP options private
* fix(ai): traverse OpenAI schema maps by value
* fix(runtime): preserve absolute download deadlines
* ci(ui): stabilize compressed CSS budget
* fix(ai): traverse legacy schema applicators
---------
Co-authored-by: Pick-cat <huang.ting3@xydigit.com>
2026-07-18 13:54:56 +01:00
cxbAsDev
efa7e1a85a
fix(scripts): bound conflict-marker scan reads to prevent OOM on large files ( #104420 )
...
* fix(scripts): bound conflict-marker scan reads to prevent OOM on large files
* test(scripts): add regression test for bounded conflict-marker scan on large files
* fix(scripts): update conflict-marker declaration for bounded scan params
* fix(scripts): bounded exact scan for conflict markers
* fix(scripts): use git grep line-number output for conflict-marker scan
* style(scripts): rename shadowed variable in conflict-marker parser
* ci(scripts): retry build artifacts after plugin-sdk export check flake
* fix(scripts): report tracked conflict-marker paths relative to cwd
* test(scripts): type execFileSync error by stderr shape
* fix(scripts): parse NUL-delimited path before record split in conflict-marker scan
* refactor(scripts): remove obsolete conflict scan helper
* fix(scripts): disable color in conflict marker scan
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-18 12:25:40 +01:00
Peter Steinberger
9d97e10efe
refactor: move non-session runtime journals to SQLite ( #109427 )
...
* refactor: migrate runtime JSONL state to SQLite
* chore: refresh SQLite migration validation
* fix: preserve safe audit migration order
* fix: sanitize retired audit archives safely
* fix: satisfy SQLite storage architecture gates
* fix: serialize plugin doctor state migrations
* fix: bound memory event SQLite projections
* fix: rotate memory event projections safely
* fix: preserve imported event retention age
* fix: harden memory event export projection
* fix: canonicalize memory event migrations
* fix: harden legacy journal migrations
* fix: report unsafe legacy journal paths
* fix: preserve journal ownership during migration
* fix: keep legacy file imports doctor-only
* fix: align SQLite audit CI coverage
* refactor: keep state helpers module-private
* fix: harden legacy state migration recovery
* fix: reconcile SQLite state audit migration
* test: use neutral audit redaction fixtures
* fix: close SQLite migration recovery gaps
* refactor: split audit migration recovery helpers
* test: prove completed audit pads stay out of backups
* fix: preserve audit record ordinals across blank lines
* fix: align SQLite audit CI contracts
* build: package SQLite audit E2E entries
* fix: preserve audit ordinals in backup snapshots
2026-07-18 11:42:14 +01:00
Peter Steinberger
7a7c158210
perf(ci): parallelize gateway watch artifact check ( #110609 )
2026-07-18 11:01:08 +01:00
Peter Steinberger
f14947d256
fix(codex): persist automatic compaction history ( #110587 )
...
* fix(codex): persist automatic compaction counts
* test(codex): stress compaction and restart recovery
* test(codex): bind compaction waves to fresh counts
* chore: keep Codex release note in PR
2026-07-18 10:37:25 +01:00
Peter Steinberger
bbb45cde9d
fix(scripts): keep hosted-gate run queries under the gh relay response cap ( #110540 )
2026-07-18 09:34:50 +01:00
Alix-007
10902e9035
fix(scripts): bound clawtributor GitHub lookups ( #109968 )
2026-07-18 09:31:47 +01:00
Alix-007
ccf55a43cd
fix(ci): bound npm resume GitHub lookups ( #109982 )
2026-07-18 09:29:34 +01:00
wanyongstar
a2b0cfed26
fix(ci): bound openclaw-npm-release git fetch operations with timeout ( #109176 )
...
* fix(ci): bound all openclaw-npm-release git fetch operations with timeout
Wrap all six git fetch commands with a 120-second deadline
and 10-second termination grace period, matching the pattern
established in #108940 .
Fixes #109176
* test(ci): cover npm release fetch deadlines
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
* ci: raise Control UI startup budget
Unblock exact-head builds after the compressed startup bundle reached the previous 370 KiB ratchet.
* ci: drop superseded Control UI budget bump
Current main now carries the smaller 340 KiB startup ratchet from #110528 , so remove the temporary 372 KiB adjustment while keeping the PR head conflict-free.
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 09:23:56 +01:00
Peter Steinberger
4187dff99a
fix(testbox): honor explicit changed-gate base
2026-07-18 09:21:31 +01:00
Peter Steinberger
2ba272bda6
improve(ci): warm import-heavy Vitest graphs ( #110557 )
...
* perf(ci): broaden Vitest transform cache seed
* fix(ci): declare cache slot clone helper
2026-07-18 09:20:14 +01:00
wanyongstar
c20ece85f4
fix(scripts): bound sync-labels GitHub CLI operations ( #110463 )
...
* fix(scripts): bound sync-labels GitHub CLI operations
* fix(scripts): bound sync-labels GitHub CLI operations
* fix(scripts): bound sync-labels GitHub CLI operations
* fix(scripts): bound label discovery requests
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 08:39:21 +01:00
Peter Steinberger
85087cbb5f
test(ci): publish live shard readiness after signal setup
2026-07-18 08:23:34 +01:00
Peter Steinberger
64f3397874
fix(ci): persist warm runtime caches across runs ( #110363 )
...
* ci: make cache persistence verifiable
* test: fix cache guard CI failures
* test: narrow cache maintenance env
* fix(ci): stabilize vitest cache fingerprint
* test: stabilize lagging-history outbox check
2026-07-18 08:21:26 +01:00
Peter Steinberger
cb5070101e
fix: bound live updater gateway probes ( #110509 )
2026-07-18 08:16:05 +01:00
Peter Steinberger
b5fb47e283
test(codex): stress resume across gateway restarts ( #110486 )
2026-07-18 07:50:17 +01:00
Peter Steinberger
2612728b3b
fix(ci): feed candidate identity JSON to validator ( #110456 )
2026-07-18 07:07:00 +01:00
xingzhou
66990b207f
fix(ci): bound CLI installer smoke curl with connect and max-time ( #109927 )
...
* fix(ci): bound CLI installer smoke curl with connect and max-time
The non-root CLI installer smoke pipes curl directly into bash under a
single docker-run timeout. curl has no default connect or total timeout,
so a stalled CDN connect or hung response body could pin the container
until the outer docker-run budget kills it. Bound the curl with the same
--connect-timeout 30 --max-time 300 shape already used by install-sh-smoke
and install-sh-e2e, and enable pipefail so curl failures are not masked
by the bash consumer.
* test(ci): cover bounded CLI installer pipeline
* fix(ci): bound preceding non-root installer download
* fix(ci): harden bounded installer URL handoff
Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 06:59:29 +01:00
Shakker
f448701aa1
test: align changed-target routing expectations ( #110422 )
2026-07-18 06:42:27 +01:00
Shakker
e5fed572ef
test: exercise metadata-driven watch exclusion ( #110422 )
2026-07-18 06:42:27 +01:00
Shakker
643476f24d
fix: derive generated asset watch exclusions
2026-07-18 06:42:27 +01:00
wanyongstar
e6534018e1
fix(ci): bound qa-profile-evidence git fetch operations with timeout ( #110282 )
...
* fix(ci): bound qa-profile-evidence git fetch operations with timeout
* fix(ci): bound qa-profile-evidence git fetch operations with timeout
ci: retrigger checks
* test(ci): guard QA evidence fetch timeouts
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-18 06:34:43 +01:00
wanyongstar
c1e5c1d4fa
fix(ci): bound release-checks git fetch operations with timeout ( #110028 )
...
* fix(ci): bound release-checks git fetch operations with timeout
* fix(ci): bound release fetches across auth modes
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
* style(ci): format release timeout guard
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-18 06:32:19 +01:00
Peter Steinberger
700a089d3b
ci(release): tolerate historical script contracts ( #110365 )
...
* ci(release): tolerate historical script contracts
* ci: escape stalled macOS retry capacity
* ci: freeze exact release-gate merge snapshot
2026-07-18 06:31:47 +01:00
Jason (Json)
db7a5c6333
fix(packaging): identify OCM adapter during prepack ( #110426 )
2026-07-17 23:14:35 -06:00
wanyongstar
6aee64179c
fix(ci): bound ci.yml git fetch operations with timeout ( #110281 )
...
* fix(ci): bound ci.yml git fetch operations with timeout
* test(ci): scope and guard fetch timeouts
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 06:11:13 +01:00
wanyongstar
e8734d837e
fix(ci): bound plugin-npm-release git fetch and npm publish with timeout ( #110279 )
...
* fix(ci): bound plugin-npm-release git fetch and npm publish with timeout
* fix(ci): bound plugin-npm-release git fetch and npm publish with timeout
ci: retrigger checks
* test(ci): guard plugin release timeouts
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
* docs(ci): explain npm timeout recovery
Co-authored-by: wanyongstar <wan.yong@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-18 06:06:12 +01:00
Peter Steinberger
75d0260e0c
ci(release): enforce reusable permission ceiling ( #110353 )
2026-07-18 04:07:42 +01:00
Peter Steinberger
6a6d3465d8
improve: shorten release candidate validation ( #110316 )
...
* ci(release): shorten candidate validation critical path
* ci(test): parallelize memory extension lane
* ci(release): preserve read-only candidate validation
2026-07-18 03:39:03 +01:00
Peter Steinberger
8c17d20cd9
improve(ci): preserve complete main validation during merge bursts ( #110298 )
...
* ci: serialize main and bound sticky caches
* fix(ci): pin cache warmer to validated SHA
* fix(ci): read current sticky retirement manifest
2026-07-18 03:27:54 +01:00
Peter Steinberger
1746cea939
refactor(test): use shared temp directory cleanup ( #110311 )
2026-07-18 03:15:38 +01:00
Peter Steinberger
d8f2645c2c
refactor(memory-wiki): move compiled cache to plugin state ( #110167 )
...
* feat(plugin-sdk): prepare memory prompts asynchronously
* refactor(memory-wiki): move compiled cache to plugin state
* fix(plugin-sdk): export memory prompt preparer type
* refactor(plugin-sdk): keep prompt preparer type private
* test(memory-wiki): isolate compiled cache state
* chore(memory-wiki): satisfy changed gates
* fix(memory): preserve prepared prompts across context engines
* docs(plugin-sdk): refresh API baseline
* fix(memory): revalidate prepared prompt ownership
* fix(codex): propagate sandboxed memory context
* test(memory-wiki): seed durable vault identity
* refactor(memory-wiki): keep cache lifecycle internal
* fix(memory-wiki): harden compiled cache publication
* style(memory-wiki): format cache lifecycle changes
* test(memory-wiki): support extension test lib target
* style(memory-wiki): remove redundant catch
* refactor(memory-wiki): keep vault generation helper private
2026-07-18 03:05:03 +01:00
Peter Steinberger
3d1b771035
fix(ci): catch script declaration drift before merge ( #110248 )
...
* fix(ci): verify script declaration contracts
* fix(ci): harden declaration export analysis
* fix(ci): cover opaque script module exports
* test(ci): cover cyclic script declaration barrels
2026-07-18 02:54:26 +01:00
Peter Steinberger
0e3afe62c6
test: remove SIGTERM fixture readiness race ( #110283 )
2026-07-18 02:07:02 +01:00
Peter Steinberger
a6102690dd
perf(ci): cut the pre-fan-out critical path and bin canonical main runs ( #110183 )
...
* perf(ci): cut the pre-fan-out critical path on canonical runs
Two changes to the run head and matrix shape:
1. runner-admission was a hosted 90s sleep every run queued behind
(observed 1.7min hosted-queue latency before the sleep started). The
debounce now lives at the tail of preflight: heavy jobs all need
preflight, so a superseding main push still cancels the run before
fan-out while only one 4 vCPU runner has been spent, and preflight's
own work usually exceeds the window so the residual sleep is zero.
security-fast (hosted, dependency-free) starts immediately.
2. Canonical main pushes now use the compact bin plan like PRs: the
82-job named matrix drained the runner pool for ~4.5min (job starts
trickled from minute 5.2 to 9.7 in run 29592647843) with no
branch-protection consumer for per-shard names on main. Coverage is
identical; dispatch/release-gate runs keep the full named matrix.
* perf(test): boot TUI PTY suite fixtures concurrently
tsx+TUI startup dominated the harness file's wall time and the three
suite PTYs booted serially. Boot them concurrently in beforeAll
(allSettled so a failed boot still assigns survivors for afterAll
cleanup); the env-specific fixtures never receive input, so their tests
only await their own readiness output. The slow-startup test now proves
frame ordering on the append-only output, which the old sequential
waits did not. File wall 10.2s -> ~4.9s, 3/3 repeat runs green.
* docs(ci): align gate and debounce descriptions with the removed admission job
* test(tooling): wait for readiness file content, not existence
writeFileSync creates the file before its bytes land, so the existence
poll raced the child's write on loaded runners and read an empty ready
file (observed in compact-small-4, run 29615028678). Poll for non-empty
content at both readiness sites.
2026-07-18 01:05:07 +01:00
Peter Steinberger
ec8f6e5e03
feat(browser): add secure per-tab copilot panel ( #109817 )
...
* feat(browser): add copilot security contracts
* fix(gateway): expose verified client identity to handlers
* feat(browser): add secure per-tab copilot panel
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* refactor(browser): separate copilot gateway hint custody
* fix(browser): preserve legacy pairing parse shape
* fix(browser): harden copilot lifecycle custody
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(browser): enforce copilot lifecycle boundaries
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* style(browser): format copilot sources
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(browser): preserve copilot consent revocation
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* refactor(browser): split copilot custody owners
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* test(browser): normalize websocket array buffers
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* chore(protocol): regenerate Swift gateway models
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* refactor(browser): model copilot runtime entrypoints
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(browser): honor extension build boundaries
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* test(gateway): assert targeted chat delivery
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* test(gateway): cover targeted delivery calls
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(browser): declare copilot build dependencies
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(ci): clear browser copilot gate failures
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* test(ci): cover copilot lint exclusion
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* fix(browser): gate copilot on relay custody
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
* test(browser): bound copilot relay frames
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
---------
Co-authored-by: Cameron Beeley <cameron.beeley@gmail.com>
2026-07-18 01:00:23 +01:00
Peter Steinberger
b0a2d02427
fix(ci): make plugin SDK API manifest mergeable ( #110228 )
2026-07-18 00:16:39 +01:00
Dallin Romney
a9dc393f7e
test(qa): prove Codex auth product migration ( #109291 )
2026-07-17 16:10:23 -07:00
joshavant
6a053f59cd
fix(ios): keep system rsync paired during export
2026-07-17 15:51:10 -07:00
Peter Steinberger
c2a069086e
ci: rotate dependency sticky snapshot ( #110205 )
2026-07-17 23:30:49 +01:00
Peter Steinberger
c2e9f1b278
test: relax cross-OS process startup deadline ( #110111 )
2026-07-17 23:13:57 +01:00