Commit Graph

1825 Commits

Author SHA1 Message Date
Peter Steinberger
7bb59c4511 ci: pin release validation Go toolchain (#105270) 2026-07-12 11:02:04 +01:00
Peter Steinberger
265ca345a1 ci: pin frozen iOS formatter (#105242)
* ci: pin frozen iOS formatter

* docs: clarify release CI dispatch

* ci: preserve frozen iOS formatter path

* style: format CI workflow guard
2026-07-12 10:49:26 +01:00
Peter Steinberger
4efe056d32 fix(ci): stop Telegram release checks from fetching history (#105219)
* fix(ci): bound Telegram provenance lookups

* docs(agents): note linked worktree invocations
2026-07-12 10:18:39 +01:00
Peter Steinberger
d79373fa14 ci: bound legacy QA smoke compatibility (#105213) 2026-07-12 10:15:33 +01:00
Peter Steinberger
acc57e4145 ci: isolate frozen Control UI tests (#105208) 2026-07-12 10:06:23 +01:00
Peter Steinberger
f84b6f6091 test(release): harden shared UI and performance proof (#105061)
* ci(perf): pin PID-aware Kova evaluator

* test(ui): follow localized automation labels

* ci(perf): pin compatible Kova runner

* test(ui): bound chat hover browser wait

* docs(agents): require release validation helper

* ci(perf): retain redacted Kova reports

* style(ui): format chat hover test

* docs(agents): avoid dependency scripts in PR worktrees

* docs(agents): guard shared checkout branches

* docs(agents): quote gh api query endpoints
2026-07-12 09:55:21 +01:00
Peter Steinberger
91ca35ba58 ci: make locale parity advisory before release (#105140) 2026-07-12 09:11:57 +01:00
Vincent Koc
ac69e5008c fix(ci): avoid stale workflow rate limits (#105117)
* fix(ci): throttle stale issue locking

* fix(ci): throttle stale issue locking
2026-07-12 16:03:24 +08:00
Vincent Koc
efdce6754d fix(ci): align scheduled e2e checks with sqlite sessions 2026-07-12 15:22:37 +08:00
Peter Steinberger
096cb91175 feat(tooling): enforce noUncheckedIndexedAccess in core and ui lanes (NUIA phase 3c) (#104981)
* fix(ui): make indexed access explicit across the Control UI

Burns down all 322 ui-lane noUncheckedIndexedAccess errors: untrusted
markdown/diff/patch parsing gets miss-tolerant guards (renderer rules
degrade to empty output instead of throwing mid-render), accumulators
use canonical sparse initialization, DOM lookups stay null-guarded, and
length-checked constructions carry named invariants.

* feat(tooling): enforce noUncheckedIndexedAccess in the core and ui lanes

Flips the flag on for tsconfig.core.json and tsconfig.ui.json (covering
src, all packages including the two deferred ones, and ui) and retires
the strict-ratchet lane wholesale: config, script, projects reference,
check/CI wiring, changed-lane routing, and sync test. The assertion-ban
oxlint override stays as an independent surface.
2026-07-12 06:36:36 +01:00
Peter Steinberger
176647aa84 ci: gate frozen QA smoke by capability (#105006) 2026-07-12 06:32:26 +01:00
Peter Steinberger
b163dbb97d ci: harden current and frozen release checks (#104956)
* test(qa): wait for complete process pid fixture

* style(qa): format pid readiness predicate

* test(sqlite): allow schema version pragma

* ci: install target playwright for frozen UI checks
2026-07-11 22:08:49 -07:00
Peter Steinberger
5b29c37137 ci: accept trusted unsigned release merge heads (#104838) 2026-07-11 20:42:03 -07:00
Peter Steinberger
a79554c281 ci: bound QA smoke profile runtime (#104909) 2026-07-11 20:41:18 -07:00
Vincent Koc
65695bc5bb ci(perf): pin OCM v0.2.25 2026-07-12 08:16:22 +08:00
Peter Steinberger
4e50f1ebc2 ci: allow frozen UI fixture headroom (#104805) 2026-07-11 17:14:06 -07:00
Peter Steinberger
fb08d3b631 ci: avoid retries in frozen UI tests (#104790) 2026-07-11 16:46:04 -07:00
Vincent Koc
0ea7b2a543 ci(perf): pin optimized Kova evaluator (#104772) 2026-07-12 07:42:35 +08:00
Peter Steinberger
08498f9828 ci: pass frozen UI test options to Vitest (#104758) 2026-07-11 15:54:44 -07:00
Peter Steinberger
ce671c3513 ci: honor frozen target tool versions (#104740) 2026-07-11 15:35:05 -07:00
Peter Steinberger
7772d798dd fix(ci): stabilize frozen target checks (#104728) 2026-07-11 15:09:29 -07:00
Josh Lehman
0a8e3604ba refactor: flip sessions and transcripts to sqlite storage (#98236)
* refactor(sessions): migrate runtime storage to sqlite

* test(sessions): fix sqlite CI regressions

* test(sessions): align remaining sqlite fixtures

* fix(codex): require sqlite trajectory recorder

* test(sessions): align orphan recovery sqlite fixture

* test(sessions): align sqlite rebase fixtures

* fix(sessions): finish current-main integration of the sqlite flip

Resolve the whole-store SDK removal across its owner boundary: drop the
loadSessionStore re-export and the registry whole-store wrappers, wire
hasTrackedActiveSessionRun into gateway chat, complete the
preserveLockedHarnessIds cleanup contract, flip the codex thread-history
import to storePath targets, and port remaining main-side tests from
file-store helpers to session accessor reads.

* chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs

Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore
the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain
bump gets its own review, and regenerate docs_map, the plugin SDK API baseline,
and the export-surface ratchet for the merged tree.

* feat(sessions): keep archived transcripts by default with zstd cold storage

Codex-style retention: deleting or resetting a session archives its
transcript as a zstd-compressed JSONL artifact (plain when the runtime
lacks node:zlib zstd) and keeps it until the disk budget evicts oldest
first. resetArchiveRetention now governs both deleted and reset archives
and defaults to keep; maxDiskBytes defaults to 2gb so retention stays
bounded, with archives evicted before live sessions. The cron reaper
follows the same knob instead of deleting archives on its own timer.

* fix(state): converge agent DB migration lineages and bound database growth

Merge coherence: run both structure-gated legacy memory-schema repairs
(flip-lineage drop, main-lineage identity rebuild) before the flip
migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all
converge, and hoist foreign_keys=OFF outside the schema transaction
where the pragma was silently ignored and the v1 sessions rebuild
cascade-deleted session_entries.

Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL
maintenance releases freed pages in bounded passes (never a blocking
full VACUUM), and doctor reports state/agent DB bloat from freelist
stats.

* fix(codex): resolve the store path for thread-history import via the SDK

The supervision catalog passed the legacy sessionFile locator to the
storePath-targeted transcript mirror; resolve the agent store path with
the session-store SDK helper instead of a runtime-object seam so test
fakes and headless callers need no extra surface. Drop the obsolete
missing-session-id preprocessing case: sessions rows are NOT NULL on
session_id and upsert repairs id-less patches at write time.

* fix(sessions): fail safe on malformed disk-budget config and doctor stat errors

A malformed explicit maxDiskBytes disables the budget instead of
falling back to the destructive 2gb default the user never chose, and
the doctor bloat check skips databases whose paths stat-fail instead of
aborting doctor.

* fix(sessions): complete sqlite conflict translations

* test(sqlite): align hardening checks with maintenance

* test(sessions): inspect compressed transcript archives

* fix(tests): await session seeds and drop unused helpers flagged by CI lint

The five unawaited writeSessionStoreSeed calls raced their SQLite seeds
against the assertions, failing compact shards; the bloat probe drops a
useless initializer and the merged tests drop now-unused helpers.

* test(sessions): type legacy proof events directly

* test(sessions): align hardening contracts

* perf(sessions): read usage transcript sizes from SQL aggregates

Usage/cost scans walked every session and materialized every transcript
event just to re-stringify it for a byte estimate — the #86718 stall
class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes
in SQLite without loading a single row.

* fix(sessions): re-root foreign-root transcript paths onto the current sessions dir

Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry
absolute sessionFile paths from the old root; the containment fallback
kept those foreign paths, so migration read (and would archive) files in
the original root and reported local copies missing. Re-root the
canonical agents/<id>/sessions suffix onto the current dir when the file
exists there; genuine cross-root layouts still fall through unchanged.

* test(agents): seed harness admission through sqlite

* fix(sqlite): close agent db on pragma setup failure

* fix(doctor): compact and retrofit incremental auto-vacuum after session import

The migration is the sanctioned offline window: post-import compact
reclaims import churn and applies auto_vacuum=INCREMENTAL to databases
created before the fresh-DB pragma existed, so runtime maintenance can
release pages in bounded passes on every install.

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:37 -07:00
Peter Steinberger
b683a0a5cf fix(ci): prevent AWS Crabbox pnpm exit hang (#104710) 2026-07-11 14:25:19 -07:00
Peter Steinberger
dbdc61e897 fix(ci): validate frozen release candidates safely (#104697)
* fix(ci): validate frozen release candidates safely

* test(ci): align release workflow types

* fix(ci): validate frozen release tags safely
2026-07-11 14:10:41 -07:00
Peter Steinberger
fa664fa2a5 fix(ci): skip absent frozen-target protocol guard (#104674) 2026-07-11 13:11:29 -07:00
Peter Steinberger
5a5424474d feat(fleet): multi-tenant hosting via openclaw fleet cell supervisor (#104527)
* feat(fleet): add openclaw fleet cell supervisor for multi-tenant hosting

* test(fleet): cover cell profile, registry, containers, and service flows

* docs(fleet): document multi-tenant hosting and the fleet CLI

* fix(fleet): verify upgrade replacements and release foreign-collision reservations

* fix(fleet): gate upgrade commit on replacement health

* docs(fleet): mark fleet experimental and pin its single-host scope

* test(fleet): make incomplete-profile casts explicit for test-type lane

* fix(state): regenerate kysely schema artifacts after rebase conflict
2026-07-11 11:24:04 -07:00
Peter Steinberger
e686693732 feat(tooling): adopt noUncheckedIndexedAccess via a strict-ratchet lane (phase 1) (#104577)
* feat(tooling): add noUncheckedIndexedAccess strict-ratchet lane

* fix(packages): make indexed access explicit across ratchet packages

Burns down all 65 noUncheckedIndexedAccess errors in the seven ratchet
packages with behavior-identical restructuring (iteration, charAt/slice,
regex-group guards, validated hextet tuple). net-policy invariant
violations now throw instead of failing open. Adds
@openclaw/normalization-core/expect (expectDefined/first/last) with
subpath export and tests. memory-host-sdk fixes kept but the package
stays out of the lane: it re-exports core src/** so the flag would apply
transitively to all of core.

* fix(lint): keep .oxlintrc.json strict-JSON parseable for extension lint wrappers
2026-07-11 10:26:12 -07:00
Peter Steinberger
c3b426f280 feat: add Claude session fleet (#104528)
* feat: add Claude session fleet

* chore: leave release notes to release automation

* chore: refresh generated catalogs

* fix: satisfy session catalog lint gates
2026-07-11 08:22:59 -07:00
Peter Steinberger
ae12413ee2 chore(tooling): enforce no-floating-promises and drop DOM globals from Node-side typechecking (#104422)
* chore(lint): enforce no-floating-promises repo-wide

* feat(tooling): split DOM globals out of the Node-side typecheck program

tsconfig.core.json now compiles src/ + packages/ with lib ES2023; new
tsconfig.ui.json owns ui/ with DOM. Web-global names used by Node code
alias to canonical undici/stream-web types; highlight.js loads through a
validated narrow API because its d.ts force-includes lib.dom. Boundary,
sparse-guard, changed-lane routing, and profile lanes cover the new ui
graph.

* chore(deps): declare undici-types and teach knip about the highlight.js runtime require

* ci: retrigger dropped pull_request synchronize event

* refactor(types): derive web-global aliases from @types/node fetch globals, drop undici-types dep

* ci: retrigger after dependency guard cleared

* fix(scripts): add ui lane to changed-lanes declaration union
2026-07-11 07:28:20 -07:00
Peter Steinberger
fa77fe10d5 chore: migrate active GPT-5.5 references to GPT-5.6 (#104452)
* chore(models): migrate active GPT-5.5 references

* test(workboard): expect GPT-5.6 Sol default

* chore: keep release notes in PR body

* test(models): align picker fixtures with Sol default

* test: update PDF default model expectation

* test(qa): migrate thinking smoke to Luna

* test(gateway): align mock catalog with Sol default

* ci: retrigger exact-head PR checks

* test(gateway): document default catalog invariant
2026-07-11 06:30:57 -07:00
Vincent Koc
02045aa384 perf(ci): shard compact tooling tests 2026-07-11 21:29:40 +08:00
Peter Steinberger
fe261b0f59 chore(tooling): typecheck root test/** with a dedicated tsgo lane (#104475)
* chore(types): add declaration files for scripts/lib and scripts/e2e modules

* chore(types): add declaration files for top-level script modules (a-m)

* chore(types): add declaration files for top-level script modules (n-z)

* test: use a non-secret-shaped gateway token fixture

* test: type ci workflow guard helpers for the root test lane

* chore(tooling): typecheck root test/** with a dedicated tsgo lane

- test/tsconfig/tsconfig.test.root.json: root-test program (strict unused checks,
  fixtures excluded; two Docker E2E clients that import built dist/** stay out,
  same rationale as the scripts/e2e exclusion in tsconfig.scripts.json)
- tsgo:test:root wired into tsgo:test, check:test-types, scripts/check.mjs, and
  the ci.yml test-types shard, mirroring the tsgo:scripts lane (#104348)
- changed-lane routing: test/**/*.ts (excluding fixtures) and the lane tsconfig
  now trigger 'typecheck test root' in check:changed; previously test/ paths ran
  lint only, so harness type errors surfaced first in CI (#104287 envDir case)
- burn down all 1071 latent type errors in the program: precise param/local
  types across test/scripts, test/vitest, test/e2e, and transitive scripts/e2e
  program members; 205 sibling .d.mts declaration files for imported .mjs
  modules (committed separately); zero any, zero ts-expect-error
- resolve the pre-existing testing star-export ambiguity in
  scripts/e2e/parallels/common.ts with an explicit re-export

Closes #104388

* chore(types): correct declaration fidelity per structured review

- re-derive 51 .d.mts files from implementation data flow instead of
  initializers: fix a wrong never return (runTestProjectsDelegation returns
  the child), add encoding-sensitive exec/spawn overloads (plain-gh), restore
  the full release profile union, make parsed paths string | null, add missing
  parseArgs fields via help/non-help unions, add a missing sibling declaration
  (budget-number-args), drop 15 unused lint directives
- precise install-record/tuple typing removes the type-aware oxlint
  regressions the first declarations caused in scripts/e2e implementations
- route .mts declaration edits under test/ to the testRoot lane and reference
  the test-root project from tsconfig.projects.json so tsgo:all covers it
  (closes both review findings against the lane wiring)

* chore(scripts): keep telegram runner dist typing structural for the boundary guard

* chore(types): declare runtime pack and gateway readiness exports added on main

* test: pin the importTargetPlan form of the plugin-contract plan import

The guard expectation still referenced the raw await import( form that
7ae5996bb3 (#103975) replaced with the importTargetPlan fallback helper;
the assertion fails on current main.
2026-07-11 06:15:41 -07:00
Peter Steinberger
e681646834 feat(cloud-workers): add crabbox worker provider plugin and profile-aware lease lifecycle (#104465)
* feat(cloud-workers): add Crabbox worker provider

* docs(cloud-workers): document Crabbox profiles

* chore(cloud-workers): drop changelog entry (release-only file)

* refactor(plugin-sdk): pass profiles to worker lease lifecycle

* docs(plugin-sdk): document worker lifecycle profiles

* chore(docs): regenerate plugin inventory, docs map, and sdk baseline after rebase

* fix(cloud-workers): state crabbox key-ref gap without warning-comment suppressions
2026-07-11 05:51:56 -07:00
Peter Steinberger
7ae5996bb3 fix(ci): validate older release targets (#103975)
* fix(ci): support older release targets

* fix(ci): guard optional channel contracts

* fix(ci): scope legacy release compatibility
2026-07-11 05:44:49 -07:00
Vincent Koc
4977dc7897 improve(ci): let Kova own diagnostic build profiles (#104459)
* perf(ci): delegate Kova build profile selection

* fix(ci): repin Kova diagnostic contract
2026-07-11 20:35:06 +08:00
Peter Steinberger
a4ee15a851 fix(release): validate Telegram launcher syntax (#104455) 2026-07-11 05:13:44 -07:00
Vincent Koc
2d1a8bd6df perf(ci): build focused Kova runtime package 2026-07-11 19:57:54 +08:00
Peter Steinberger
651aab87f3 fix(release): wait for Telegram proc visibility (#104439) 2026-07-11 04:40:27 -07:00
Vincent Koc
cce2d39d0c fix(ci): preserve performance target compatibility 2026-07-11 19:13:52 +08:00
Vincent Koc
163227a0af perf(ci): use source performance build profile 2026-07-11 19:13:52 +08:00
Peter Steinberger
93fcfa40ee fix(release): wait for Telegram proc marker (#104418) 2026-07-11 04:12:44 -07:00
Peter Steinberger
591bb49d67 fix(release): tolerate exited Telegram proc probe (#104400) 2026-07-11 03:40:56 -07:00
Peter Steinberger
0af8467137 feat(workspaces): add agent-composable Workspaces (#104139)
* feat(dashboard): modular dashboard — workspace store, Workspaces tab, sandboxed custom widgets

Squashes openclaw/openclaw#101094 + #101097 + #101098 onto current main and
applies the maintainer review fixes to the backend control plane.

Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>

* fix(dashboard): UI review fixes — grid, error boundary, embed sandbox, locale

* fix(dashboard): make the CLI and agent broadcasts actually reachable

Three defects only a live run surfaces, all invisible to the unit suites:

- The plugin claimed the CLI command name `dashboard`, which core already owns
  (it opens the Control UI). A plugin CLI group that overlaps a core command is
  dropped at registration behind a `logger.debug`, so the entire CLI face was
  unreachable while `cli.test.ts` kept passing against its own Commander
  program. Renamed to `openclaw workspaces`, matching the tab it drives.

- The manifest never declared `activation.onCommands`, so the CLI root resolved
  to no owning plugin even once the name was free.

- `dashboard.widget.approve` needs `operator.approvals`; the CLI asked for
  `operator.write` on every call. It now requests the approvals scope only for
  the approve call, matching `operator-approvals-client.ts`.

Also: agent tools resolved their broadcast from the plugin runtime's
gateway-request scope, an AsyncLocalStorage set only around gateway RPCs and
plugin HTTP routes. An agent turn started from a channel, cron, or heartbeat
therefore wrote the document without emitting `plugin.dashboard.changed`, so an
open Control UI never saw the edit — the feature's headline promise. The gateway
broadcast is server-lifetime, so the plugin now remembers it in a single slot and
agent tools fall back to it.

* docs(web): document dashboard workspaces, provenance, and the custom-widget sandbox

* fix(dashboard): agent-tool ergonomics + close two approval-boundary gaps

From a source-blind agent driving the dashboard_* tools with nothing but their
schemas, and from a Codex review of the hardening delta.

- dashboard_widget_update could never succeed. It passed its whole parameter
  record to the patch reader, whose allowlist rejects the very `tab`/`id` keys
  the tool's own schema marks required, so every call died on
  "unexpected param: tab". Its test only ran Value.Check against the schema and
  never executed the tool.
- dashboard_data_read surfaced an `rpc` binding as a thrown error, though its
  description promised `binding_client_resolved`. It now returns that as a
  result the model can act on.
- Valid widget kinds and the rpc allowlist were undiscoverable: a model saw only
  "builtin:<name> or custom:<name>" and "Allowlisted gateway read method", then
  brute-forced ~40 calls against errors that named no alternatives. Both schemas
  and both validator errors now enumerate them, and the kind description says
  what each builtin renders and which binding id it reads. widget_move documents
  that grid and toTab are exclusive; widget_scaffold says an operator must
  approve, because no agent tool can.
- workspace.replace could mint a pending registry entry for a name that was
  never scaffolded. An operator could then approve a widget whose code did not
  exist yet, and the agent could write it afterwards. Registry entries now come
  from dashboard_widget_scaffold and nowhere else, and approve refuses a name
  with no manifest on disk.
- dashboard.widget.approve answered with the whole workspace document, so a
  connection holding only operator.approvals could read it through the approvals
  door. It now returns the registry entry it changed.

* fix(dashboard): approval pins the code it approves

Codex review found the scaffold-before-approval gate still nameable rather than
binding: approve only proved that widget.json parsed, and the Control UI loaded a
hardcoded index.html rather than the manifest's entrypoint. An agent could
scaffold a widget, win approval on an innocuous or absent entrypoint, then write
the real payload afterwards — code appearing after the human said yes.

Approval now hashes every servable file in the widget directory and stores the
digests on the registry entry, refusing a manifest whose declared entrypoint is
missing. The asset route re-hashes each file it reads and 404s anything that does
not match, so a file edited or added after approval never reaches a browser. The
Control UI loads the manifest's entrypoint, which is the file that was hashed.

The content-type allowlist moves to manifest.ts so the set of files approval
hashes and the set the route can serve cannot drift apart.

Proof, against a running gateway: scaffold -> 404, approve -> 200, rewrite
index.html -> 404, add late.js -> 404.

* fix(dashboard): parse the approved manifest from the bytes that were hashed

Codex found a TOCTOU in the approval path: it loaded and validated widget.json,
then walked the directory again to compute the digests. An agent could swap
widget.json between the two reads, so the operator validated one entrypoint while
the digest froze — and the Control UI later mounted — a different one.

snapshotApprovedWidget now reads the widget directory once: it hashes every
servable file, parses the manifest out of the same widget.json bytes it hashed,
and requires the declared entrypoint to be among them.

Proof, against a running gateway: approve -> index.html 200; rewrite widget.json
to point at evil.html and drop evil.html in -> both 404.

* fix(dashboard): cap approval asset reads; bound the grid fallback search

Two findings from the fourth Codex pass.

Approval hashes agent-authored files that are untrusted until it runs, and read
each one into memory with no size check — dropping one huge .png into a scaffold
directory would stall or OOM the gateway during approve. Sizes are now checked
before the read, with a 2 MB per-file and 8 MB total cap.

nearestFreeSlot searched one band below the lowest occupied row, so a crowded
layout near the bottom could return y=500 as the closest free slot: a placement
the store rejects, which the UI applies optimistically and then snaps back. The
search now stops at the last row a widget of that height can legally occupy.

* fix(dashboard): refuse oversized widget assets before reading them

Approved widget files stay writable and the asset route is unauthenticated, so
swapping an approved small file for a very large one made every GET buffer the
whole file before the digest check rejected it. The route now refuses anything
past the same per-file cap approval enforces, on the stat it already performs.

* fix(dashboard): enforce widget approval boundaries

* docs(changelog): note modular dashboard workspaces

* fix(dashboard): enforce static custom-widget data boundary

* fix(dashboard): satisfy UI lint

* test(dashboard): avoid legacy proto access

* feat(dashboard): make plugin opt-in

* docs(dashboard): refresh workspaces map

* refactor(workspaces): standardize plugin naming

* fix(workspaces): make widget prompt sends idempotent

* docs(workspaces): fix internal path references

* test(workspaces): make prompt assertion lint-safe

* test(workspaces): type prompt request mock

* fix(workspaces): harden approval and binding boundaries

* test(workspaces): complete stale binding client mock

* fix(workspaces): harden widget file boundaries

* fix(workspaces): scope custom widget capabilities

* fix(workspaces): align approval provenance

* fix(workspaces): close branch contract gaps

* test(workspaces): complete builtin context fixtures

* fix(workspaces): aggregate overview usage

* chore(workspaces): defer release note

* chore(workspaces): refresh i18n metadata

---------

Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>
2026-07-11 03:30:23 -07:00
Vincent Koc
37649e947f perf(ci): fetch only source performance baseline 2026-07-11 18:23:30 +08:00
Peter Steinberger
8d96790b44 ci(release): expose Telegram runtime preflight stage (#104387) 2026-07-11 03:12:41 -07:00
Peter Steinberger
6268eeef15 test: wire Control UI suite into CI, fix its broken tests, drop dead harness surface (#104361)
* test: wire Control UI suite into CI, fix its broken tests, drop dead harness surface

- fix 7 Control UI tests broken on main: module-mock factories are unreliable
  under isolate:false shared workers; use RealtimeTalkSession prototype spies
  and real jsdom storage instead (chat-realtime, chat-pull-requests)
- add gated checks-ui CI job (runUiTests changed-scope output): chromium
  provisioning, lint:ui:no-raw-window-open, pnpm --dir ui test; ~30s on a
  4vcpu runner, runs only when ui-affecting paths change
- add weekly node22-compat workflow exercising the supported lower Node bound
  with the same command set as the dispatch-only ci.yml job
- delete the unreachable channels entry in EXTENSION_TEST_CONFIG_ROUTES and
  the never-populated extensionRoutedChannelTestFiles override machinery
  (born empty in 2ccb5cff22); resolved globs are provably identical
- guard run-vitest.mjs hardcoded path maps with existence tests so renames
  cannot silently drop extended stall watchdogs
- remove unenforced coverage thresholds; test:coverage is informational, docs
  updated (reference/test, help/testing, plugins/sdk-testing)

Closes #104321

* test: pin OPENCLAW_CI_RUN_UI_TESTS in the manifest env expectation

* test(ui): capture the realtime start spy instead of referencing the unbound prototype method

* test(ui): raise ui vitest timeouts for real-browser layout tests on small CI runners
2026-07-11 03:04:11 -07:00
Peter Steinberger
b361390356 ci(release): preserve Telegram launcher stage (#104356) 2026-07-11 02:44:25 -07:00
Vincent Koc
730b9fa9bc perf(ci): parallelize Kova source probes 2026-07-11 17:38:41 +08:00
Peter Steinberger
2e2366b6d3 chore(tooling): typecheck scripts/** with a dedicated tsgo lane (#104348)
* feat(tooling): add tsgo typecheck lane for scripts/**

* fix(scripts): burn down scripts type debt surfaced by the new lane

Typing-only except bugs the lane surfaced: gh-read timeout race,
Discord Headers spread dropping entries, undefined allowedHeadBranches
match, plugin-boundary matchAll crash. Deletes retired config keys from
fixtures/benches (prompt snapshots regenerated, config dump only) and
the orphaned non-runnable sync-moonshot-docs script. Adds full-surface
.d.mts declarations for existing .mjs boundaries.
2026-07-11 02:31:17 -07:00
Peter Steinberger
3f2e9184f6 ci(release): fail fast in Telegram validation (#104324)
* ci(release): bound Telegram validation time

* fix(release): preserve Telegram QA cleanup

* style(test): format Telegram workflow assertions

* test(release): encode Telegram lease timeout
2026-07-11 02:11:27 -07:00