Summary:
- This PR routes direct APNs HTTP/2 sends through an APNs allowlisted managed-proxy CONNECT wrapper, adds APNs proxy validation/docs/guardrails, and expands regression and live-test coverage.
- Reproducibility: yes. source-reproducible: current main `sendApnsRequest()` still uses raw `http2.connect(au ... nly covers HTTP/global-agent/Undici hooks. I did not run a live APNs reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 APNs connections
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 with OpenGrep
- PR branch already contained follow-up commit before automerge: lint: ban raw HTTP2 imports
- PR branch already contained follow-up commit before automerge: fix: use managed proxy state for APNs
- PR branch already contained follow-up commit before automerge: test: exercise APNs active proxy state
- PR branch already contained follow-up commit before automerge: fix: reject conflicting managed proxy activation
Validation:
- ClawSweeper review passed for head dab7c86a75.
- Required merge gates passed before the squash merge.
Prepared head SHA: dab7c86a75
Review: https://github.com/openclaw/openclaw/pull/74905#issuecomment-4350181159
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
pnpm v9+ defaults blockExoticSubdeps=true, which rejects
@whiskeysockets/libsignal-node — a tarball-URL subdep of
@whiskeysockets/baileys. This silently breaks the WhatsApp channel and
silences all inbound agent replies on fresh installs.
Add @whiskeysockets/libsignal-node to onlyBuiltDependencies in both
package.json and pnpm-workspace.yaml — the same exemption already used
for @whiskeysockets/baileys itself.
Fixes#76539.
Summary:
- The PR adds an internal Tree-sitter-backed shell command explainer under `src/infra`, parser runtime/tests, dependency/build-policy updates, an index export, and a changelog entry.
- Reproducibility: not applicable. this is a feature PR rather than a bug report. For the prior PR blocker, source inspection shows byte-to-string span conversion and focused Unicode span coverage on the exact head.
Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: Repair shell command explainer automerge blockers
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-7500…
Validation:
- ClawSweeper review passed for head 47577579e9.
- Required merge gates passed before the squash merge.
Prepared head SHA: 47577579e9
Review: https://github.com/openclaw/openclaw/pull/75004#issuecomment-4351322592
Co-authored-by: Jesse Merhi <jessejmerhi@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
