Refactor release hardening follow-ups (#39959)

* build: fail fast on stale host-env swift policy * build: sync generated host env swift policy * build: guard bundled extension root dependency gaps * refactor: centralize provider capability quirks * test: table-drive provider regression coverage * fix: block merge when prep branch has unpushed commits * refactor: simplify models config merge preservation
2026-03-12 07:20:45 +00:00 · 2026-03-08 14:49:58 +00:00
parent 27558806b5
commit eba9dcc67a
13 changed files with 425 additions and 110 deletions
--- a/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
+++ b/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
@@ -22,7 +22,7 @@ enum HostEnvSecurityPolicy {
        "PS4",
        "GCONV_PATH",
        "IFS",
-        "SSLKEYLOGFILE",
+        "SSLKEYLOGFILE"
    ]

    static let blockedOverrideKeys: Set<String> = [
@@ -50,17 +50,17 @@ enum HostEnvSecurityPolicy {
        "OPENSSL_ENGINES",
        "PYTHONSTARTUP",
        "WGETRC",
-        "CURL_HOME",
+        "CURL_HOME"
    ]

    static let blockedOverridePrefixes: [String] = [
        "GIT_CONFIG_",
-        "NPM_CONFIG_",
+        "NPM_CONFIG_"
    ]

    static let blockedPrefixes: [String] = [
        "DYLD_",
        "LD_",
-        "BASH_FUNC_",
+        "BASH_FUNC_"
    ]
 }