Peter Steinberger
b7cc064961
fix(update): exclude private QA sidecars from package verify
2026-04-11 14:27:33 +01:00
Peter Steinberger
a8284e39de
build(canvas): stabilize a2ui bundle inputs
2026-04-11 14:19:25 +01:00
Peter Steinberger
9bde608f38
build: keep a2ui bundle generated
2026-04-11 14:18:04 +01:00
Peter Steinberger
f9331fbe68
test(install): add docker tgz update smoke flow
2026-04-11 13:13:11 +01:00
Peter Steinberger
cd89892b1f
fix(release): keep private QA bundles out of npm pack
2026-04-11 13:13:11 +01:00
Peter Steinberger
a733e92c45
test: exercise real updater in Parallels npm flow
2026-04-11 13:04:14 +01:00
Peter Steinberger
48ac72f0ee
perf: prefilter extension boundary parsing
2026-04-11 13:02:56 +01:00
Peter Steinberger
d5f199adaf
perf: cache parsed guard sources
2026-04-11 12:57:09 +01:00
Vincent Koc
636fe1c2db
fix(qa): ship scenario pack and isolate completion cache
2026-04-11 12:53:56 +01:00
Peter Steinberger
8a8fdc971c
perf: share web boundary source scans
2026-04-11 12:50:45 +01:00
Vincent Koc
7899f5c5ce
fix(dev): throttle local tsgo by default
2026-04-11 11:56:23 +01:00
Vincent Koc
25c47231bb
ci(checks): shorten node shard names
2026-04-11 11:12:33 +01:00
Peter Steinberger
5b2888e1fd
test(install): pin smoke docker platform
2026-04-11 03:31:47 +01:00
Peter Steinberger
421338f585
test(install): quiet smoke npm output
2026-04-11 03:31:47 +01:00
Peter Steinberger
05659cfbc3
test: harden macOS Parallels permission check
2026-04-11 03:30:01 +01:00
Peter Steinberger
69244f837f
test: speed provider retry imports
2026-04-11 02:37:51 +01:00
Peter Steinberger
1fb2e18f47
refactor: simplify cli conversions
2026-04-11 01:27:48 +01:00
Peter Steinberger
ebfd468ee0
refactor: simplify typed conversions
2026-04-11 01:01:30 +01:00
Vincent Koc
9e2e4cde19
ci(test): align node lane names with boundary split
2026-04-11 00:36:06 +01:00
Peter Steinberger
46a6746bca
docs: clarify codex harness validation
2026-04-11 00:13:08 +01:00
Peter Steinberger
a5aa9f93e9
refactor: simplify claude usage debug parsing
2026-04-10 23:37:23 +01:00
Tak Hoffman
f16a66fa43
fix: release local heavy-check locks on success
2026-04-10 17:05:26 -05:00
Peter Steinberger
8b7ba0e481
test: keep unit-fast single shard
2026-04-10 23:04:29 +01:00
Peter Steinberger
de8f3fdf92
test: split unit-fast shard
2026-04-10 23:02:22 +01:00
Peter Steinberger
b74a1f997b
chore: remove redundant discord smoke conversions
2026-04-10 22:48:35 +01:00
Tak Hoffman
afff0716f7
ci: shard checks-node-test by vitest suite
2026-04-10 15:59:41 -05:00
Davanum Srinivas
fbf11ebdb7
fix(sandbox): enforce CDP source-range restriction by default ( #61404 )
...
* fix(sandbox): enforce CDP source-range restriction by default
Auto-derive CDP_SOURCE_RANGE from Docker network gateway IP when not
explicitly configured. The entrypoint script refuses to start the socat
CDP relay without a source range (fail-closed).
- readDockerNetworkGateway: use Go template println, filter <no value>
sentinel, prefer IPv4 gateway on dual-stack networks
- Reject IPv6-only gateways for auto-derivation (relay binds IPv4)
- Remove stale browser_cdp_bridge_unrestricted audit check (runtime
auto-derives range for all bridge-like networks)
- Bump SANDBOX_BROWSER_SECURITY_HASH_EPOCH to force container recreation
* chore(changelog): add sandbox CDP source-range entry
* fix(sandbox): gate CDP source-range derivation to bridge-style networks
Only auto-derive OPENCLAW_BROWSER_CDP_SOURCE_RANGE from the Docker
gateway IP for bridge networks (or when driver is unknown). Non-bridge
drivers (macvlan, ipvlan, overlay) may route traffic from different
source IPs, so they require explicit cdpSourceRange config.
Adds readDockerNetworkDriver helper and a regression test for macvlan.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com >
2026-04-10 14:59:25 -06:00
Peter Steinberger
972ed139a7
fix: make docs anchor audit use Mintlify CLI
2026-04-10 21:39:52 +01:00
Peter Steinberger
6783bef7ed
ci: refresh browser raw fetch guard
2026-04-10 21:22:16 +01:00
Peter Steinberger
3198c10fba
fix: stabilize Codex harness landing checks
2026-04-10 21:22:16 +01:00
Peter Steinberger
bfc0889776
docs: document Codex harness plugin workflow
2026-04-10 21:22:16 +01:00
Peter Steinberger
dd26e8c44d
feat: add Codex app-server harness extension
2026-04-10 21:22:16 +01:00
Peter Steinberger
0ebeee8b0d
chore: enable consistent-return
2026-04-10 20:56:43 +01:00
Peter Steinberger
d2c0440fac
ci: fix current main additional checks
2026-04-10 20:28:48 +01:00
Peter Steinberger
04c8026d03
chore: enable no-unnecessary-type-arguments
2026-04-10 20:14:49 +01:00
Peter Steinberger
fe05983d91
chore: enable no-unnecessary-type-assertion
2026-04-10 20:14:48 +01:00
Peter Steinberger
59925c1a74
chore: update dependencies and oxc tooling
2026-04-10 19:28:42 +01:00
Peter Steinberger
2fc3223ed4
ci: repair plugin boundary artifact freshness
2026-04-10 19:25:32 +01:00
Peter Steinberger
925a499d84
ci: fix additional guard failures
2026-04-10 19:23:10 +01:00
Peter Steinberger
e7db987ce6
test: trim heavy imports and harden ci checks
2026-04-10 19:23:10 +01:00
Peter Steinberger
15c6748c01
test: stabilize vitest full-suite runner
2026-04-10 19:17:39 +01:00
Peter Steinberger
c077af987f
perf: add narrow inbound roots sdk surface
2026-04-10 17:34:41 +01:00
Peter Steinberger
be9bef32df
perf: cache local tsgo checks
2026-04-10 17:06:28 +01:00
Peter Steinberger
e9fb4c7f93
perf: skip tsgo declaration transforms
2026-04-10 15:52:07 +01:00
Peter Steinberger
77bdf2f44d
test: remove import-heavy files from unit-fast
2026-04-10 14:57:24 +01:00
Peter Steinberger
1b1853f0cc
test: restore moved Vitest config discovery
2026-04-10 14:20:39 +01:00
Peter Steinberger
2ccb5cff22
test: move Vitest configs under test
2026-04-10 13:44:51 +01:00
Peter Steinberger
b64a03793c
test: keep conservative full-suite shards aggregated
2026-04-10 13:36:48 +01:00
Peter Steinberger
66ac5194f7
test: honor low-worker full-suite gate
2026-04-10 13:10:04 +01:00
Peter Steinberger
2138273d63
test: run full suite shards in parallel locally
2026-04-10 12:58:29 +01:00
