Root AGENTS.md states: 'New AGENTS.md: add sibling CLAUDE.md symlink.'
src/infra/outbound/ had the guide but not the sibling symlink. Every
other scoped AGENTS.md in the repo already has one; this closes the
only real gap (the one remaining hit is an intentional test fixture in
extensions/oc-path/src/oc-path/tests/fixtures/real/).
Also adds CLAUDE.md to .semgrepignore so opengrep's PR-diff scan stops
trying to open the symlink as a regular file. Scanning the symlink is
redundant with scanning the underlying AGENTS.md.
Fixes#76815.
- Teach the Swift macOS identity store to load TypeScript PEM identity files without regenerating device IDs.
- Teach the TypeScript identity store to migrate legacy Swift raw-key identities to PEM after validating key material.
- Preserve recognized invalid identity files instead of clobbering them, preventing repeated pairing churn while retaining diagnostic evidence.
- Align the macOS wizard CLI with the generated protocol model.
Reported by @aboundTechOlogy.
Thanks @BunsDev.
Summary:
- Preserve AcpRuntimeError detail across the ACP lifecycle boundary.
- Redact non-Error lifecycle failure strings and add gateway/agent propagation coverage.
- Align rebased CLI command-hint formatting with current main.
Verification:
- pnpm check:test-types
- pnpm test src/acp/runtime/errors.test.ts src/agents/command/attempt-execution.error-propagation.test.ts src/gateway/server.agent.gateway-server-agent-b.test.ts
- CI exact head c96d63298b green
Co-authored-by: Jordan Baker <23538+hexsprite@users.noreply.github.com>
The backup temp manifest is created via os.tmpdir() and passed to tar.c
alongside the included asset paths. When TMPDIR resolves inside a backed-up
asset (for example a sandboxed cron run with TMPDIR=~/.openclaw/tmp), the
recursive walk of that asset visits the same manifest a second time and both
copies are remapped to <archiveRoot>/manifest.json. backup-verify then fails
with 'Expected exactly one backup manifest entry, found 2'.
Add chooseBackupTempRoot() that prefers os.tmpdir() and falls back to the
output directory (already validated as outside every asset and writable by
the caller) when the system tempdir overlaps a source path. A defensive
guard re-checks the fallback. A tar filter alone cannot fix this because
the filter fires for both the explicit-arg and the traversed entry, so
excluding by path drops the manifest entirely.
Add regression tests for tmpdir nested in the state dir and tmpdir equal
to the state dir.
(cherry picked from commit 00ec151f68)
Fixes #72249.\n\nSummary:\n- retry live backup tar EOF races\n- skip current live session, cron, log, and delivery-queue state files\n- preserve workspace lock/temp files and keep backup --json parseable\n\nVerification:\n- Crabbox pre-fix repro: tbx_01kr5xt9vf5pas5ee4aefrp3am\n- Crabbox post-fix proof: tbx_01kr5y3e1kbtt6chbypfdydbgs\n- pnpm check:test-types\n- pnpm lint:core\n- pnpm test src/commands/backup.test.ts src/infra/backup-volatile-filter.test.ts src/infra/backup-create.test.ts\n- CI on 37664570c7: green\n\nThanks @abnershang.
