Peter Steinberger
6268eeef15
test: wire Control UI suite into CI, fix its broken tests, drop dead harness surface ( #104361 )
...
* test: wire Control UI suite into CI, fix its broken tests, drop dead harness surface
- fix 7 Control UI tests broken on main: module-mock factories are unreliable
under isolate:false shared workers; use RealtimeTalkSession prototype spies
and real jsdom storage instead (chat-realtime, chat-pull-requests)
- add gated checks-ui CI job (runUiTests changed-scope output): chromium
provisioning, lint:ui:no-raw-window-open, pnpm --dir ui test; ~30s on a
4vcpu runner, runs only when ui-affecting paths change
- add weekly node22-compat workflow exercising the supported lower Node bound
with the same command set as the dispatch-only ci.yml job
- delete the unreachable channels entry in EXTENSION_TEST_CONFIG_ROUTES and
the never-populated extensionRoutedChannelTestFiles override machinery
(born empty in 2ccb5cff22 ); resolved globs are provably identical
- guard run-vitest.mjs hardcoded path maps with existence tests so renames
cannot silently drop extended stall watchdogs
- remove unenforced coverage thresholds; test:coverage is informational, docs
updated (reference/test, help/testing, plugins/sdk-testing)
Closes #104321
* test: pin OPENCLAW_CI_RUN_UI_TESTS in the manifest env expectation
* test(ui): capture the realtime start spy instead of referencing the unbound prototype method
* test(ui): raise ui vitest timeouts for real-browser layout tests on small CI runners
2026-07-11 03:04:11 -07:00
Peter Steinberger
b361390356
ci(release): preserve Telegram launcher stage ( #104356 )
2026-07-11 02:44:25 -07:00
Vincent Koc
730b9fa9bc
perf(ci): parallelize Kova source probes
2026-07-11 17:38:41 +08:00
Peter Steinberger
2e2366b6d3
chore(tooling): typecheck scripts/** with a dedicated tsgo lane ( #104348 )
...
* feat(tooling): add tsgo typecheck lane for scripts/**
* fix(scripts): burn down scripts type debt surfaced by the new lane
Typing-only except bugs the lane surfaced: gh-read timeout race,
Discord Headers spread dropping entries, undefined allowedHeadBranches
match, plugin-boundary matchAll crash. Deletes retired config keys from
fixtures/benches (prompt snapshots regenerated, config dump only) and
the orphaned non-runnable sync-moonshot-docs script. Adds full-surface
.d.mts declarations for existing .mjs boundaries.
2026-07-11 02:31:17 -07:00
Peter Steinberger
3f2e9184f6
ci(release): fail fast in Telegram validation ( #104324 )
...
* ci(release): bound Telegram validation time
* fix(release): preserve Telegram QA cleanup
* style(test): format Telegram workflow assertions
* test(release): encode Telegram lease timeout
2026-07-11 02:11:27 -07:00
Peter Steinberger
7bf80dc2c6
chore(tooling): enforce formatting and refresh TypeScript checks ( #104239 )
...
* chore(tooling): enforce current formatter and refresh checks
* chore(tooling): keep release changelog formatter-owned
* chore(tooling): retain compatible Node type surface
* ci: enforce formatting for docs-only changes
* ci: isolate docs formatter check
* chore(tooling): apply updated lint and format rules
* chore(tooling): satisfy updated switch lint
* style(ui): apply Linux formatter layout
* test(doctor): match quiet local audio contribution
* test(doctor): assert quiet output only
* test(doctor): follow restored information contract
2026-07-11 01:09:51 -07:00
Vincent Koc
3fd8e13c31
chore(ci): pin landed Kova evaluator
2026-07-11 15:57:55 +08:00
Vincent Koc
aef26f6020
fix(ci): preserve Kova failure evidence
2026-07-11 15:57:55 +08:00
Peter Steinberger
6ef2c1594d
fix(ci): preserve QA package intent boundaries ( #104207 )
...
* fix(ci): preserve QA package intent boundaries
* test(ci): track rerun helper temp dirs
---------
Co-authored-by: Peter Steinberger <peter@steipete.me >
2026-07-11 00:51:57 -07:00
Peter Steinberger
f94a7dc183
feat(codex): supervise native Codex sessions ( #104045 )
...
* feat(codex): add native session supervision
* fix(codex): harden supervision integration
* fix(codex): preserve locked harness ownership
* fix(codex): fence native session archive
* fix(codex): revalidate archive binding ownership
* feat(codex): integrate supervision runtime
* feat(sessions): preserve harness-owned execution
* feat(sessions): persist harness ownership invariants
* feat(gateway): enforce harness-owned sessions
* feat(setup): enable detected Codex supervision
* feat(mac): expose supervised Codex sessions
* feat(ui): make Codex sessions actionable
* docs(codex): document session supervision
* test(codex): cover integration ownership
* chore(i18n): refresh supervision inventories
* fix(setup): finalize Codex activation atomically
* test(codex): narrow binding store update
* fix(sessions): preserve legacy model locks
* test(macos): serialize Codex catalog fixtures
* fix(sessions): preserve legacy lock admission
* chore(i18n): reconcile supervision metadata
* test(sessions): mark legacy lock fixture
* fix(macos): drain final Codex catalog frame
* docs: leave supervision note to release
* style(macos): satisfy Codex catalog type length
* chore: record session accessor seam owners
* fix(macos): honor configured Codex supervision
* fix(codex): preserve harness-owned model locks
* fix(codex): satisfy supervision lint gates
* chore(i18n): refresh native supervision inventory
* fix(codex): align supervision validation contracts
* fix(codex): close supervision boundary gaps
* fix(codex): preserve supervision activation contracts
* fix(codex): dispose standalone supervision runtime
* fix(codex): pin supervised source connection
* fix(plugins): bind delegated runs to exact session target
* fix(codex): scope supervised sessions to configured agents
* fix(codex): fingerprint effective supervision home
* fix(codex): normalize supervision plugin policy
* fix(codex): keep supervised bindings stable across upgrades
* fix(codex): guard all supervised binding connections
* fix(codex): preserve catalog filters and pending CAS identity
* fix(codex): preserve supervision identity for diagnostics
* fix(codex): bind uncertain commits to supervision connection
* fix(codex): satisfy supervision type boundaries
* fix(macos): reconcile current main validation
* fix(codex): handle absent runtime config in supervision
* fix(doctor): own local audio acceleration check
* fix(codex): satisfy integration lint gates
* fix(codex): satisfy lifecycle safety guards
2026-07-11 00:12:08 -07:00
Peter Steinberger
efc8f05cc2
fix(release): allow Telegram preload in workers ( #104252 )
2026-07-11 00:09:35 -07:00
Peter Steinberger
6e9e64bd30
fix: current-tree package checks support unreleased versions ( #104186 )
...
* fix(ci): package unreleased QA builds safely
* style(ci): format QA changelog intent
2026-07-10 22:31:42 -07:00
Vincent Koc
31484524a5
fix(release): preserve node across telegram qa masks ( #104175 )
2026-07-11 13:22:06 +08:00
Vincent Koc
c47ceb0f3d
improve(release): reuse exact-SHA validation evidence ( #104162 )
...
* perf(release): share changelog verification snapshots
* perf(release): reuse exact-SHA validation evidence
* feat(release): checkpoint candidate workflow state
* feat(release): watch CI transitions compactly
* fix(testbox): rotate stale reusable leases
* refactor(release): move CI verifier into scripts
* fix(release): preserve verifier executable mode
* fix(testbox): force noninteractive remote hydration
* perf(testbox): skip sync for proven clean heads
* fix(testbox): keep changed gates synchronized
* fix(testbox): isolate git state probes
* fix(testbox): isolate wrapper git commands
* fix(testbox): preserve git command contracts
* fix(release): validate reused SHA evidence
* fix(release): resume serialized plugin selections
* fix(testbox): sync source on every lease reuse
* fix(release): verify from trusted workflow checkout
* fix(release): gate evidence reuse on trusted lineage
* fix(release): support legacy verifier checkouts
* fix(testbox): export CI across shell snippets
* fix(release): revalidate reused evidence before publish
* fix(release): reject untrusted reuse before lookup
* fix(release): reuse SHA-pinned root evidence
* fix(ci): allow unreleased notes in QA packages
* fix(release): satisfy script lint contracts
* fix(release): handle Unicode workflow refs safely
2026-07-11 12:48:27 +08:00
Vincent Koc
b0258a5d8b
fix(release): isolate frozen Telegram QA temp roots
2026-07-11 11:45:23 +08:00
Vincent Koc
543b0e7794
fix(ci): support frozen Swift lint targets
2026-07-11 11:45:23 +08:00
Vincent Koc
553f543bdf
fix(release): support frozen validation targets
2026-07-11 11:09:58 +08:00
Peter Steinberger
feae1faf06
fix(release): expose Telegram launcher failures safely ( #104099 )
...
* fix(release): expose Telegram launcher failures safely
* test(release): prove namespace launcher diagnostics
2026-07-10 20:03:36 -07:00
Peter Steinberger
7febbad017
fix(release): dispatch Telegram QA with environment access ( #104066 )
2026-07-10 19:19:04 -07:00
Peter Steinberger
070b7928fd
fix(release): declare Telegram QA environment secrets ( #104036 )
2026-07-10 18:30:20 -07:00
Peter Steinberger
f0facb4cca
fix(release): raise Telegram attestor buffer ( #104025 )
2026-07-10 18:03:26 -07:00
Vincent Koc
2841edf01e
fix(ci): pin Kova auth startup fixes ( #104002 )
2026-07-10 17:42:08 -07:00
Peter Steinberger
49941fab6d
fix(ci): keep hydrate-github pnpm shims writable ( #103971 )
2026-07-10 23:36:10 +01:00
Vincent Koc
b0e3c85a61
fix(release): bind publish children to trusted SHAs ( #103913 )
...
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 23:25:26 +01:00
Vincent Koc
b1e688c657
fix(release): consume Kova model contract ( #103966 )
2026-07-10 15:17:15 -07:00
Vincent Koc
022dd9dc27
fix(release): unblock Meta npm bootstrap publication ( #103951 )
...
* fix(release): isolate Meta npm bootstrap
* test(release): assert OIDC npm version guard
2026-07-10 14:50:00 -07:00
Vincent Koc
54cc90b1b1
fix(release): publish ClawHub bootstrap artifacts immutably ( #103809 )
...
* fix(release): harden ClawHub bootstrap
* fix(release): centralize publication artifact verification
* fix(release): harden publication artifact verification
* fix(release): lock ClawHub bootstrap toolchain
* test(release): assert locked ClawHub binary
* fix(release): pack with trusted ClawHub harness
* fix(release): bound beta verifier artifact reads
* fix(release): bind target and tooling identities
* fix(release): stabilize signed package ordering
* fix(release): bind ClawHub pretag proof
* fix(release): bind ClawHub OIDC readback
* fix(release): bind ClawHub OIDC readback
2026-07-10 13:33:20 -07:00
Peter Steinberger
fece8c9f54
fix(release): keep validation evidence immutable across reruns ( #103906 )
...
* fix(release): bind validation evidence to exact attempts
* test(release): cover exact validation attempts
2026-07-10 20:16:19 +01:00
Vincent Koc
69f8198ba3
fix(release): keep no-push Docker images validation-only ( #103891 )
...
* fix(release): make no-push Docker artifacts portable
* fix(release): keep no-push images validation-only
2026-07-10 12:02:57 -07:00
Vincent Koc
2a1d6e49d5
fix(ci): run Telegram release QA from trusted harness ( #103207 )
...
* fix(ci): use trusted Telegram QA harness
* fix(ci): restrict trusted Telegram QA candidate
* fix(ci): isolate trusted Telegram QA candidate
* fix(ci): harden Telegram QA process boundary
* fix(ci): pass Telegram QA release gates
* test(qa): stub Telegram env explicitly
* fix(ci): harden Telegram release QA boundary
* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
Peter Steinberger
b91e117dcd
fix(ci): select full Kova performance reports ( #103863 )
2026-07-10 19:01:30 +01:00
Peter Steinberger
b597a8d364
fix(release): restore prerelease and release validation startup ( #103834 )
...
* fix(release): split image publication from validation
* fix(ci): honor install smoke caller input
* fix(ci): harden Docker rerun targeting
2026-07-10 18:46:08 +01:00
Peter Steinberger
906f1b816f
fix(ci): update Kova performance model owners ( #103839 )
2026-07-10 18:08:37 +01:00
Dallin Romney
0b9c2e6f95
fix(qa): simplify smoke lanes and isolate fanout ( #102262 )
...
* fix(qa): simplify smoke lanes and isolate fanout
* ci: re-enable repaired QA smoke lanes
* ci: split Crabline smoke into three shards
* ci: eliminate repeated QA smoke builds
* fix(qa): focus control ui smoke scenario
* ci(qa): remove smoke worker launch delay
* ci(qa): bound automatic smoke coverage
2026-07-10 09:48:40 -07:00
Vincent Koc
90322074dd
fix(ci): validate Kova bin-only dependency ( #103810 )
2026-07-10 09:41:01 -07:00
Vincent Koc
daa653c5cc
ci(release): add plugin npm artifact preflight ( #103759 )
...
* ci(release): add plugin npm preflight proof
* fix(release): bind plugin preflight package evidence
* fix(release): harden plugin preflight trust
* fix(release): bind plugin registry readback
* fix(release): retry npm packument bodies
* fix(release): retry malformed npm packuments
* fix(release): satisfy npm preflight lint
2026-07-10 09:39:10 -07:00
Vincent Koc
afd0c60f15
fix(ci): bind release status artifacts to run attempts ( #103772 )
...
* fix(ci): bind release status artifacts to run attempts
* test(ci): align release summary contract assertions
* fix(ci): preserve Tideclaw advisory status policy
2026-07-10 09:06:42 -07:00
Peter Steinberger
366d09bcc7
fix(ci): harden release performance evidence ( #103790 )
2026-07-10 16:59:10 +01:00
Vincent Koc
cbe3731f77
fix(release): make validation proof no-write ( #103737 )
...
* fix(release): make validation proof no-write
* test(release): align no-write workflow contracts
2026-07-10 08:18:44 -07:00
Peter Steinberger
1439646f19
fix(ci): harden maturity scorecard publication ( #103722 )
2026-07-10 15:25:15 +01:00
JC
59e95fe3fd
feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes ( #98021 )
...
* feat: support GPT-5.6 Ultra across agent runtimes
Co-authored-by: J Cai <anyech@gmail.com >
* fix: keep harness projections discovery-free
* fix(codex): mirror V2 native subagent tasks
* chore: refresh plugin SDK surface budgets
* test: expose Ultra wire effort proof
* test(cron): avoid hoisted mock initialization race
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 15:23:24 +01:00
Peter Steinberger
13819996ad
fix(ci): preflight generated PR app permissions ( #103671 )
2026-07-10 12:57:30 +01:00
Peter Steinberger
a3ef0153fb
fix(ci): restore manually dispatched live suites ( #103654 )
2026-07-10 12:26:44 +01:00
Peter Steinberger
d72e618818
fix(ci): split locale publisher app permissions ( #103644 )
...
* fix(ci): split locale publisher app permissions
* fix(ci): prevent stale locale publication
2026-07-10 12:16:03 +01:00
Peter Steinberger
62bd760c0e
chore(swift): enforce current formatting and lint rules ( #103313 )
...
* style: apply SwiftFormat 0.62.1 rules
Refs #103202
* ci: enforce deterministic Swift lint
Refs #103202
* refactor: keep gateway connect lint-clean
Refs #103202
* style: keep iOS typography checks warning-free
* ci: route MLX Swift changes through pre-push
* fix: preserve native i18n extraction after Swift cleanup
* refactor: keep rebased Swift surfaces lint-clean
* style: format latest Swift additions
* chore: refresh native i18n inventory
* style: keep generated Swift formatter-clean
* fix: preserve node route invalidation callbacks
* fix: keep native translation IDs stable
* fix: retain native translation identifiers
* fix: preserve translations across Swift source moves
2026-07-10 11:54:08 +01:00
Peter Steinberger
bcf2798920
fix(ci): publish locale refreshes through exact merge ( #103625 )
2026-07-10 11:25:25 +01:00
Peter Steinberger
f1b75bf5fa
fix(release): leave canonical public release pages untouched on resume
...
Codex review: the early draft-page creation could rewrite an
already-public release with the proofless prepublish body, stripping its
verification section until the proof append re-ran — a failed resume
would leave the public page proofless. create_or_update now no-ops when
the existing page is public and already canonical (the state
guard_existing_public_release vetted); drafts still get refreshed
notes.
2026-07-10 03:09:10 -07:00
Peter Steinberger
8d66e47773
fix(release): prove registry tarball identity before resuming a publish
...
Codex review: version existence alone does not prove the npm registry
serves the tarball this tag's preflight built — the same version could
have been published from a different artifact and npm versions are
immutable. The resume resolver now downloads the preflight manifest,
requires its releaseSha to match the target, and compares the published
registry tarball's sha256 against the manifest before skipping the core
dispatch; mismatches abort with correction-tag guidance.
2026-07-10 03:09:10 -07:00
Peter Steinberger
cb350ad333
fix(release): guard asset-contract verifiers for if-predicate use
...
The retry short-circuits call the Android/Windows verifiers as if
predicates, where bash suppresses errexit inside the function; a failed
gh attestation verify would have fallen through to the summary echo and
classified an unverified APK as promoted. Every failure-capable command
in both verifiers now returns explicitly.
2026-07-10 03:09:09 -07:00
Peter Steinberger
a8d16113f6
fix(release): keep retry evidence stable and scope ClawHub verification skips
...
Codex review on the resumable publish chain: postpublish evidence embeds
the current run id, so retries regenerated different bytes and wedged on
the byte-identity asset check — the evidence json and its checksum now
replace the release asset (latest verification wins; prior copies stay
as workflow artifacts) while content-stable manifest and dependency
evidence remain byte-verified. ClawHub verification is now skipped only
when ClawHub itself failed, not when an unrelated Windows/Android
promotion flake set the aggregate failure flag.
2026-07-10 03:09:09 -07:00