Commit Graph

1595 Commits

Author SHA1 Message Date
Peter Steinberger
f0facb4cca fix(release): raise Telegram attestor buffer (#104025) 2026-07-10 18:03:26 -07:00
Vincent Koc
2841edf01e fix(ci): pin Kova auth startup fixes (#104002) 2026-07-10 17:42:08 -07:00
Peter Steinberger
49941fab6d fix(ci): keep hydrate-github pnpm shims writable (#103971) 2026-07-10 23:36:10 +01:00
Vincent Koc
b0e3c85a61 fix(release): bind publish children to trusted SHAs (#103913)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:25:26 +01:00
Vincent Koc
b1e688c657 fix(release): consume Kova model contract (#103966) 2026-07-10 15:17:15 -07:00
Vincent Koc
022dd9dc27 fix(release): unblock Meta npm bootstrap publication (#103951)
* fix(release): isolate Meta npm bootstrap

* test(release): assert OIDC npm version guard
2026-07-10 14:50:00 -07:00
Vincent Koc
54cc90b1b1 fix(release): publish ClawHub bootstrap artifacts immutably (#103809)
* fix(release): harden ClawHub bootstrap

* fix(release): centralize publication artifact verification

* fix(release): harden publication artifact verification

* fix(release): lock ClawHub bootstrap toolchain

* test(release): assert locked ClawHub binary

* fix(release): pack with trusted ClawHub harness

* fix(release): bound beta verifier artifact reads

* fix(release): bind target and tooling identities

* fix(release): stabilize signed package ordering

* fix(release): bind ClawHub pretag proof

* fix(release): bind ClawHub OIDC readback

* fix(release): bind ClawHub OIDC readback
2026-07-10 13:33:20 -07:00
Peter Steinberger
fece8c9f54 fix(release): keep validation evidence immutable across reruns (#103906)
* fix(release): bind validation evidence to exact attempts

* test(release): cover exact validation attempts
2026-07-10 20:16:19 +01:00
Vincent Koc
69f8198ba3 fix(release): keep no-push Docker images validation-only (#103891)
* fix(release): make no-push Docker artifacts portable

* fix(release): keep no-push images validation-only
2026-07-10 12:02:57 -07:00
Vincent Koc
2a1d6e49d5 fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness

* fix(ci): restrict trusted Telegram QA candidate

* fix(ci): isolate trusted Telegram QA candidate

* fix(ci): harden Telegram QA process boundary

* fix(ci): pass Telegram QA release gates

* test(qa): stub Telegram env explicitly

* fix(ci): harden Telegram release QA boundary

* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
Peter Steinberger
b91e117dcd fix(ci): select full Kova performance reports (#103863) 2026-07-10 19:01:30 +01:00
Peter Steinberger
b597a8d364 fix(release): restore prerelease and release validation startup (#103834)
* fix(release): split image publication from validation

* fix(ci): honor install smoke caller input

* fix(ci): harden Docker rerun targeting
2026-07-10 18:46:08 +01:00
Peter Steinberger
906f1b816f fix(ci): update Kova performance model owners (#103839) 2026-07-10 18:08:37 +01:00
Dallin Romney
0b9c2e6f95 fix(qa): simplify smoke lanes and isolate fanout (#102262)
* fix(qa): simplify smoke lanes and isolate fanout

* ci: re-enable repaired QA smoke lanes

* ci: split Crabline smoke into three shards

* ci: eliminate repeated QA smoke builds

* fix(qa): focus control ui smoke scenario

* ci(qa): remove smoke worker launch delay

* ci(qa): bound automatic smoke coverage
2026-07-10 09:48:40 -07:00
Vincent Koc
90322074dd fix(ci): validate Kova bin-only dependency (#103810) 2026-07-10 09:41:01 -07:00
Vincent Koc
daa653c5cc ci(release): add plugin npm artifact preflight (#103759)
* ci(release): add plugin npm preflight proof

* fix(release): bind plugin preflight package evidence

* fix(release): harden plugin preflight trust

* fix(release): bind plugin registry readback

* fix(release): retry npm packument bodies

* fix(release): retry malformed npm packuments

* fix(release): satisfy npm preflight lint
2026-07-10 09:39:10 -07:00
Vincent Koc
afd0c60f15 fix(ci): bind release status artifacts to run attempts (#103772)
* fix(ci): bind release status artifacts to run attempts

* test(ci): align release summary contract assertions

* fix(ci): preserve Tideclaw advisory status policy
2026-07-10 09:06:42 -07:00
Peter Steinberger
366d09bcc7 fix(ci): harden release performance evidence (#103790) 2026-07-10 16:59:10 +01:00
Vincent Koc
cbe3731f77 fix(release): make validation proof no-write (#103737)
* fix(release): make validation proof no-write

* test(release): align no-write workflow contracts
2026-07-10 08:18:44 -07:00
Peter Steinberger
1439646f19 fix(ci): harden maturity scorecard publication (#103722) 2026-07-10 15:25:15 +01:00
JC
59e95fe3fd feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes (#98021)
* feat: support GPT-5.6 Ultra across agent runtimes

Co-authored-by: J Cai <anyech@gmail.com>

* fix: keep harness projections discovery-free

* fix(codex): mirror V2 native subagent tasks

* chore: refresh plugin SDK surface budgets

* test: expose Ultra wire effort proof

* test(cron): avoid hoisted mock initialization race

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 15:23:24 +01:00
Peter Steinberger
13819996ad fix(ci): preflight generated PR app permissions (#103671) 2026-07-10 12:57:30 +01:00
Peter Steinberger
a3ef0153fb fix(ci): restore manually dispatched live suites (#103654) 2026-07-10 12:26:44 +01:00
Peter Steinberger
d72e618818 fix(ci): split locale publisher app permissions (#103644)
* fix(ci): split locale publisher app permissions

* fix(ci): prevent stale locale publication
2026-07-10 12:16:03 +01:00
Peter Steinberger
62bd760c0e chore(swift): enforce current formatting and lint rules (#103313)
* style: apply SwiftFormat 0.62.1 rules

Refs #103202

* ci: enforce deterministic Swift lint

Refs #103202

* refactor: keep gateway connect lint-clean

Refs #103202

* style: keep iOS typography checks warning-free

* ci: route MLX Swift changes through pre-push

* fix: preserve native i18n extraction after Swift cleanup

* refactor: keep rebased Swift surfaces lint-clean

* style: format latest Swift additions

* chore: refresh native i18n inventory

* style: keep generated Swift formatter-clean

* fix: preserve node route invalidation callbacks

* fix: keep native translation IDs stable

* fix: retain native translation identifiers

* fix: preserve translations across Swift source moves
2026-07-10 11:54:08 +01:00
Peter Steinberger
bcf2798920 fix(ci): publish locale refreshes through exact merge (#103625) 2026-07-10 11:25:25 +01:00
Peter Steinberger
f1b75bf5fa fix(release): leave canonical public release pages untouched on resume
Codex review: the early draft-page creation could rewrite an
already-public release with the proofless prepublish body, stripping its
verification section until the proof append re-ran — a failed resume
would leave the public page proofless. create_or_update now no-ops when
the existing page is public and already canonical (the state
guard_existing_public_release vetted); drafts still get refreshed
notes.
2026-07-10 03:09:10 -07:00
Peter Steinberger
8d66e47773 fix(release): prove registry tarball identity before resuming a publish
Codex review: version existence alone does not prove the npm registry
serves the tarball this tag's preflight built — the same version could
have been published from a different artifact and npm versions are
immutable. The resume resolver now downloads the preflight manifest,
requires its releaseSha to match the target, and compares the published
registry tarball's sha256 against the manifest before skipping the core
dispatch; mismatches abort with correction-tag guidance.
2026-07-10 03:09:10 -07:00
Peter Steinberger
cb350ad333 fix(release): guard asset-contract verifiers for if-predicate use
The retry short-circuits call the Android/Windows verifiers as if
predicates, where bash suppresses errexit inside the function; a failed
gh attestation verify would have fallen through to the summary echo and
classified an unverified APK as promoted. Every failure-capable command
in both verifiers now returns explicitly.
2026-07-10 03:09:09 -07:00
Peter Steinberger
a8d16113f6 fix(release): keep retry evidence stable and scope ClawHub verification skips
Codex review on the resumable publish chain: postpublish evidence embeds
the current run id, so retries regenerated different bytes and wedged on
the byte-identity asset check — the evidence json and its checksum now
replace the release asset (latest verification wins; prior copies stay
as workflow artifacts) while content-stable manifest and dependency
evidence remain byte-verified. ClawHub verification is now skipped only
when ClawHub itself failed, not when an unrelated Windows/Android
promotion flake set the aggregate failure flag.
2026-07-10 03:09:09 -07:00
Peter Steinberger
ef22e77f0b perf(release): make publish reruns resumable and promote assets concurrently
The 2026.7.1 retro measured ~13h tag-to-published for beta.2 and stable
2026.6.11; any post-npm failure previously hard-aborted retries because
the already-published guard refused the whole run.

- resolve_openclaw_npm_publish_state replaces the abort guard: an
  already-published core version skips the core npm dispatch and resumes
  the remaining stages; verify_published_release still proves the
  registry state matches the tag before the page leaves draft.
- Windows and Android promotion runs concurrently with the core npm
  publish (their only shared prerequisite is the draft release page,
  which is now created before the dispatch) and each promotion
  short-circuits when the release already carries its verified asset
  contract, so retries only redo failed stages.
- The release proof cites the core npm run only when this run dispatched
  one; resumed publishes rely on the registry package check.
2026-07-10 03:09:09 -07:00
Peter Steinberger
fde42b5eea perf(ci): reuse npm preflight build outputs on same-SHA re-runs
The preflight ran 61 times at ~14 minutes during 2026.7.1, redoing the
full build and Control UI build after every late-step failure. Restore
dist outputs from an actions/cache keyed on the resolved target SHA and
lockfile hash (mirroring ci.yml's dist-build cache) so re-runs skip only
the build producers; every validation step still runs against the
restored artifacts.
2026-07-10 03:09:08 -07:00
Peter Steinberger
4bc300843d fix(qa): keep runtime parity tiers flow-compatible (#103609)
* fix(qa): keep runtime parity tiers flow-compatible

Refs #103588

* test(qa): follow canonical frontier defaults
2026-07-10 10:51:13 +01:00
Peter Steinberger
7fe004d852 feat: show build identity in About screens (#103595)
* feat: show build identity in About screens

* chore: leave root changelog to release automation

* fix: translate Control UI About build details
2026-07-10 10:42:36 +01:00
Vincent Koc
8755077fe4 fix(release): bundle AI runtime in installer smoke (#103556)
* fix(release): bundle AI runtime in installer smoke

* fix(release): verify bundled AI runtime loadability

* fix(release): preserve advisory doctor exits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 02:13:41 -07:00
Peter Steinberger
c2b4ac02da fix(release): align correction sections, retries, and merged ledger semantics
Codex review + test findings on the pipeline convergence:
- candidate changelog provenance now validates the same section the
  renderer publishes (correction tags may carry their own heading) via a
  shared correctionVersionForTag helper
- guard_existing_public_release accepts a canonical proofless body with
  intact dependency evidence, matching the renderer's documented
  proof-omitted-at-limit state; retries re-append the proof
- ledgerFor regains main's noteReferences threading so prose-cited PRs
  keep their contribution-record rows, and the ledger/verify tests pin
  the merged entry shape (externalReferences) and highlight gate
2026-07-10 02:06:52 -07:00
Peter Steinberger
336e43c314 fix(release): converge on the render-github-release-notes pipeline
Two competing release-notes pipelines existed: the release branch's
hardened render/verify/provenance pipeline (a486f3ab08 + dcee1da876,
battle-tested by 2026.7.1) and main's lighter prepare-github-release-notes
size gate (#103222). Repo policy is one canonical path; the release-branch
pipeline wins and main's unique value is grafted in:

- scripts/render-github-release-notes.mjs becomes the canonical release
  body renderer (full/compact 125k char+byte modes, tag-pinned record
  link, verification tail, canonical shipped-baseline format), now also
  preferring a correction tag's dedicated changelog section (from
  prepare's heading matrix).
- verify-release-notes.mjs is a three-way merge: release's --shipped-ref
  cumulative baselines, provenance checks, highlights gate, and the
  excluded-record rewrite fix, plus main's compact contribution rows,
  externalReferences threading, and both-heading parser compat.
- release-candidate-checklist.mjs gains validateCandidateCheckout and
  changelog-provenance gates that run before any dispatch.
- openclaw-release-publish.yml keeps main's fail-before-mutation early
  notes gate (retargeted to the renderer) and adopts release's
  render/verify_release_tag_target/canonical_release_body_matches flow.
- scripts/prepare-github-release-notes.mjs and its test are deleted;
  release-notes-ledger.test.ts stays and pins the merged verify exports.
- .gitignore tracks every repo skill for Git-aware syncs; SKILL.md
  runbooks and RELEASING.md document the converged contract.
2026-07-10 02:06:52 -07:00
Peter Steinberger
494987fa6e fix(ci): require an identical workflow harness for evidence reuse
Codex review round three: a prior green run may have executed with
different lane definitions; the resolver now compares the candidate
run head SHA's .github/workflows tree against the current workflow
ref before accepting its manifest.
2026-07-10 00:21:25 -07:00
Peter Steinberger
e98bb5942a fix(ci): scope beta advisory to live-provider suites and validate reuse targets
Codex review round two: the reusable advisory input is global, so beta
would also have softened hermetic repo/OpenShell E2E — add a scoped
live_advisory input that only covers the live-provider suite jobs and
narrow the umbrella fail-fast exclusion to those job names. Evidence
reuse now also runs the macOS source-version consistency check against
the target (release-preflight --macos-versions-only) so version-stamp
deltas cannot reuse evidence while version surfaces disagree.
2026-07-10 00:21:24 -07:00
Peter Steinberger
6bb240b6da fix(ci): match validation inputs and recheck child runs before evidence reuse
Codex review findings: evidence reuse must not let a default-input run
stand in for a focused provider/mode/filter/package-spec run, and
recorded child runs can be re-run to failure while the parent stays
green. Manifests now record validationInputs; the resolver requires an
exact input match and healthy child runs, and the summary re-verifies
the chain root plus its recorded children. Reuse-mode evidence dispatch
notes now disclose the chain-root relationship.
2026-07-10 00:21:24 -07:00
Peter Steinberger
87f98090e1 feat(ci): reuse release validation evidence and speed up the release pipeline
- Full Release Validation now checks for a prior green validation whose
  target differs only by release metadata (changelog/version stamps) and
  reuses that evidence instead of re-running every lane; disable with
  reuse_evidence=false. Evidence manifests chain through reuse runs via
  evidenceReuse.runId and the summary re-verifies the chain root.
- The Docker runtime-assets preflight no longer serializes the CI,
  plugin-prerelease, release-checks, and performance lanes; it runs in
  parallel and stays enforced by the umbrella verifier.
- Umbrella runs for release/* refs now supersede in-progress runs with
  the same ref and rerun group instead of requiring manual cancels.
- release_profile=beta treats the live-provider E2E suites as advisory
  (third-party model deployments move underneath releases); stable and
  full profiles keep them blocking, and beta live failures no longer
  fail-fast-cancel the remaining release-check matrix.
2026-07-10 00:21:23 -07:00
krissding
1a0dc9b83f fix(opencode-go): remove deprecated mimo-v2-omni and mimo-v2-pro model aliases (#103329)
* fix(opencode-go): remove deprecated mimo-v2-omni and mimo-v2-pro model aliases

These deprecated aliases reject agent requests from the OpenCode Go gateway.
Remove them from the provider catalog and clean up all references in probe
skip lists, CI workflows, and tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(opencode-go): complete deprecated MiMo cleanup

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:49:09 +01:00
Peter Steinberger
a789b92b39 fix(macos): harden fresh AI onboarding (#102637)
* fix(macos): bootstrap Codex before onboarding test

* fix(plugins): activate deferred runtimes on demand

* fix(macos): stage Codex runtime for onboarding probe

* fix(macos): expose sanitized onboarding errors

* fix(codex): reuse native CLI auth during onboarding

* fix(macos): hide Crestodian without inference

* fix(codex): honor explicit runtime policy during setup

* fix(onboarding): redact verification errors

* fix(macos): reset onboarding state with gateway route

* fix(onboarding): persist Codex plugin install metadata

* chore: refresh onboarding inventories

* fix(macos): restart AI setup after gateway change

* chore: refresh native onboarding inventory

* fix(onboarding): defer gateway restart until setup persists

* fix(macos): reset Crestodian on gateway changes

* chore(macos): refresh native i18n inventory

* fix(onboarding): harden inference setup state

* docs(skills): reuse pristine Parallels snapshots

* chore(macos): refresh onboarding i18n inventory

* fix(onboarding): prevent stale gateway and install state

* docs(skills): preserve saved Parallels sessions

* fix(macos): balance AI onboarding layout

* fix(parallels): parse npm workspace pack output

* chore(macos): refresh onboarding i18n inventory

* fix(parallels): bundle workspace runtime in package artifact

* fix(parallels): isolate canonical package helper

* fix(parallels): pack self-contained workspace artifact

* fix(packaging): exclude macOS app bundle

* fix(macos): restart inference checks after route changes

* docs(changelog): defer onboarding note to release

* fix(onboarding): enforce inference-first gateway setup
2026-07-10 04:59:15 +01:00
Peter Steinberger
cd2f70c7ab fix(ci): pin DeepSeek live gateway models (#103321) 2026-07-10 04:43:16 +01:00
Peter Steinberger
a24139e199 ci: require enabled Telegram package proof (#103310) 2026-07-10 04:24:36 +01:00
Vincent Koc
f8527e77bc fix(ci): pin Kova timeout signal contract (#103264) 2026-07-09 19:28:44 -07:00
Peter Steinberger
73db6b2aca ci: pin docs i18n Go toolchain (#103244) 2026-07-10 03:02:52 +01:00
Peter Steinberger
25eaa53a8a fix(ci): verify performance report after push timeout (#103237) 2026-07-10 02:50:36 +01:00
Vincent Koc
cbc087dcc5 fix(ci): pin Kova resource scope contract (#103217) 2026-07-09 18:40:25 -07:00
Peter Steinberger
31f76b9792 fix(release): validate GitHub notes before publish (#103222) 2026-07-10 02:33:23 +01:00