Peter Steinberger
aaf5ab910c
fix: land ten small reliability fixes ( #100483 )
...
* fix(agents): harden LSP process failures
Source: #100450
Co-authored-by: morluto <williamlin1327@gmail.com >
* fix(sandbox): report effective workspace layout
Sources: #100435 , #100439
Co-authored-by: Aniruddha Adak <aniruddhaadak80@users.noreply.github.com >
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com >
* fix(security): fail install checks on stream errors
Source: #100413
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com >
* fix(android): normalize all-day calendar events
Source: #100032
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(ios): serialize push-to-talk lifecycle
Source: #99942
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
* fix(talk): reject inherited provider names
Source: #99849
Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com >
* fix(android): stop voice capture in background
Source: #99840
Co-authored-by: xialonglee <li.xialong@xydigit.com >
* fix(cron): preserve fallback result classification
Source: #99913
Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com >
* fix(google): bound Vertex response decompression
Source: #99812
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com >
* fix(plugins): report malformed discovery JSON
Source: #99892
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com >
* test(sandbox): configure non-default workspace fixture
* test: fix small-fix batch validation
---------
Co-authored-by: morluto <williamlin1327@gmail.com >
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com >
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com >
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com >
Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com >
Co-authored-by: xialonglee <li.xialong@xydigit.com >
Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com >
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com >
2026-07-06 00:08:51 +01:00
Peter Steinberger
c757675f34
improve: keep isolated tests under one second ( #100019 )
...
* test: speed up isolated test suite
* test: finish isolated latency cleanup
* test: eliminate remaining isolated latency spikes
* test: remove final isolated timing outliers
* test: bound full-suite tooling processes
* test: bound native test process lifetime
* test: warm isolated runtime suites
* test: eliminate final isolated timing outliers
* test: fix isolated timing fixture types
* test: make timeout cleanup timing deterministic
* test: pin media manifests to source checkout
* test: isolate provider manifest contracts
* test: eliminate residual isolated timing spikes
* test: restore final isolated timing fixes
* test: eliminate remaining isolated timing spikes
* test: warm Zalo lifecycle imports
* test: keep isolated suites below one second
* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Dallin Romney
194dd6fe50
refactor(security): consolidate secret primitives ( #99746 )
...
* refactor(security): consolidate secret primitives
* fix(plugin-sdk): align secret display metadata
* chore(plugin-sdk): refresh API baseline after rebase
* refactor(security): trim secret primitive consolidation
2026-07-04 16:38:13 -07:00
Peter Steinberger
bbb744269f
test: make the local pnpm test gate green on macOS hosts ( #100069 )
...
Fixes 21 macOS-only failing test cases across three classes: canonicalized fixture roots (macOS /var -> /private/var tmpdir symlink vs production realpathing), load-tolerant process-spawn tests (content-gated pid files, readiness-sequenced kill windows, bounded-window timer assertions), and cross-file worker leak guards (skip-channel env, gateway token env, imessage runtime singleton). Test-only; no production changes. Fixes #100025 .
2026-07-04 17:17:42 -04:00
Peter Steinberger
49cc59b1e8
refactor: consolidate markdown code fences, error coercion, and byte-identical helper pairs ( #99932 )
...
* refactor(shared): add markdown code span/fence helpers and migrate seven call sites
* refactor(normalization-core): add canonical toErrorObject and migrate six copies
* refactor: consolidate byte-identical helper pairs onto owner modules
* refactor: reuse canonical path and token helpers in session tools and credentials
* refactor(packages): dedupe compaction summarization tail and session dir parsing
* fix(security): keep missing extensions dir silent in shared plugin dir lister
* refactor: reuse media-core chunk reader and shared dreaming session key helper
* fix(plugins): register error-coercion subpath in sdk alias table
* chore(plugin-sdk): re-pin callable export count after rebase
* chore(plugin-sdk): re-pin callable export count after rebase
2026-07-04 08:40:41 -04:00
Peter Steinberger
1fef99962e
feat(nodes): add auto-discovered Ollama inference ( #99234 )
...
* feat(nodes): add local Ollama inference
* fix(gateway): preserve plugin node runtime for agent turns
* feat(ollama): add node inference opt-out
* test(security): preserve plugin runtime exports
* test(security): preserve plugin runtime exports
* test(security): preserve plugin runtime exports
* fix(ci): raise artifact build heap
2026-07-03 01:14:30 -07:00
Dallin Romney
5fa2082655
refactor(shared): consolidate core leaf lazy loaders ( #99278 )
2026-07-02 18:06:00 -07:00
Vincent Koc
7b313e4cc1
refactor(security): centralize safe-bin config normalization
2026-07-01 00:48:20 -07:00
Momo
f5d0c370d6
fix(security): warn on agent skill MCP boundary drift ( #98352 )
...
Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head ab3c29ef4c .
- Required merge gates passed before the squash merge.
Prepared head SHA: ab3c29ef4c
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358
Co-authored-by: momothemage <niuzhengnan@163.com >
Approved-by: momothemage
2026-07-01 03:56:28 +00:00
Vincent Koc
43f134ff55
refactor(security): share tool policy layering
2026-06-23 02:40:29 +08:00
Vincent Koc
8b78ae2855
fix(session-memory): sanitize model artifacts before saving memory ( #95791 )
...
* fix(session-memory): sanitize model artifacts before saving memory
Co-authored-by: Sophia <44297511+SweetSophia@users.noreply.github.com >
Co-authored-by: YBoy <231405196+YB0y@users.noreply.github.com >
* fix(sdk): update plugin surface budgets
---------
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: YBoy <231405196+YB0y@users.noreply.github.com >
2026-06-22 22:48:03 +08:00
Shakker
05bed72a8d
test: restore plugin trust env
2026-06-20 19:34:22 +01:00
Vincent Koc
4651ffad4a
refactor(security): remove audit tool policy facade
2026-06-18 09:51:46 +08:00
Vincent Koc
39dc92efb7
fix(security): kill timed out exec process trees
2026-06-18 00:41:35 +02:00
Vincent Koc
7a880bcf29
feat(security): emit audit summary events
2026-06-17 16:11:32 +08:00
Vincent Koc
e51c0c8cea
fix(sqlite): include rollback journals in security paths
2026-06-16 09:22:48 +02:00
Stellar鱼
bbfea21a18
fix(security): audit open dm tool exposure ( #92883 )
...
* fix(security): audit open dm tool exposure
* fix(security): align open DM audit precedence
---------
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
2026-06-16 14:38:39 +08:00
Agustin Rivera
b6a3f2988c
fix(gateway): restrict non-owner loopback tools ( #91749 )
...
* fix(gateway): restrict non-owner loopback tools
* fix(gateway): split loopback owner cache key
2026-06-09 13:15:48 -07:00
Pavan Kumar Gondhi
2a21de6322
fix: gate owner-only HTTP tools ( #90261 )
...
* fix: gate owner-only HTTP tools
* fix: inherit HTTP owner tool denies
* fix: use mutable HTTP owner deny policy
* fix: preserve RPC owner tool access
* docs: clarify owner-only gateway tool allowlist
---------
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com >
2026-06-07 17:26:12 -05:00
Vincent Koc
e2524e0438
fix(ci): break plugin import cycles
2026-06-07 19:03:38 +09:00
Shakker
e7bcbd3e7e
test: isolate windows acl system root
2026-06-05 02:14:03 +01:00
Shakker
5cf63f295b
test: snapshot exec audit home env
2026-06-05 01:57:47 +01:00
Shakker
a18c60e141
test: scope sandbox audit home env
2026-06-05 00:38:28 +01:00
Vincent Koc
52b07b4a46
test(ci): stabilize ARM changed-test guards
2026-06-04 08:18:15 -07:00
Vincent Koc
ecb30fece4
fix(ci): stabilize include permission checks
2026-06-04 07:35:25 -07:00
Peter Steinberger
4ed2fb75f2
docs: document tui runtime helpers
2026-06-04 04:10:14 -04:00
Peter Steinberger
bced79b63d
docs: document security policy helpers
2026-06-04 04:08:10 -04:00
Peter Steinberger
961759c08b
docs: document security finding helpers
2026-06-04 04:06:08 -04:00
Peter Steinberger
0e8c5fd85d
docs: document security audit helpers
2026-06-04 04:04:43 -04:00
Peter Steinberger
e16ac04330
refactor(auth): store auth profiles in sqlite ( #89102 )
2026-06-03 16:14:15 -07:00
Peter Steinberger
0b8aabe864
docs: document auth profile failure policy contract ( #89613 )
...
* docs: document markdown marker renderer
* docs: document rendered markdown chunking
* docs: document markdown text chunking
* docs: document shared text chunking
* docs: document plugin text chunking exports
* docs: document avatar policy constants
* docs: document node match candidates
* docs: document scoped expiring id cache
* docs: document runtime import normalization
* docs: document string sample summaries
* docs: document session usage timeseries types
* docs: document session usage response types
* docs: document manifest frontmatter shapes
* docs: document channel route input metadata
* docs: document pair loop guard settings
* docs: document migration config patch helpers
* docs: document api provider registry
* docs: document tool call repair payloads
* docs: document plugin tool payload helpers
* docs: document lazy promise loader
* docs: document store writer queue state
* docs: document thread binding lifecycle
* docs: document concurrency helper contract
* docs: document gateway client info contract
* docs: document delivery context contracts
* docs: document secret ref defaults contract
* docs: document command gating contract
* docs: document avatar policy contract
* docs: document node match policy
* docs: document message channel normalization
* docs: document boolean parsing contract
* docs: document zod parse helpers
* docs: document direct dm guard policy
* docs: document fixed window limiter contract
* docs: document node presence event contract
* docs: document secret normalization contract
* docs: document progress draft line removal
* docs: document usage formatting contracts
* docs: document agent run status contract
* docs: document runtime import helpers
* docs: document provider utility ownership
* docs: document invalid config helpers
* docs: document json compat parser
* docs: document channel config metadata ownership
* docs: document channel logging helpers
* docs: document sender identity validation ownership
* docs: document string sampling helper
* docs: document global singleton helpers
* docs: document transcript tool helpers
* docs: document exec safe-bin normalization
* docs: document reaction level resolver
* docs: document account snapshot redaction boundary
* docs: document messaging target helpers
* docs: document thread binding messages
* docs: document conversation binding context
* docs: document conversation resolution helper
* docs: document owner display secret retention
* docs: document provider request config types
* docs: document skills config types
* docs: document memory config types
* docs: document imessage config types
* docs: document crestodian config types
* docs: document tools config policies
* docs: document shared config base types
* docs: document channel config contracts
* docs: document openclaw config state types
* docs: document model config contracts
* docs: document shared agent config types
* docs: document agent defaults config types
* docs: document secret input contracts
* docs: document auth config contracts
* docs: document gateway config contracts
* docs: document tool call stream repair contracts
* docs: document memory host facades
* docs: document llm core contracts
* docs: document markdown core contracts
* docs: document gateway connect error contracts
* docs: document gateway protocol primitives
* docs: document gateway frame schemas
* docs: document gateway device schemas
* docs: document gateway environment schemas
* docs: document gateway push schemas
* docs: document gateway plugin schemas
* docs: document gateway artifact schemas
* docs: document gateway command schemas
* docs: document gateway task schemas
* docs: document gateway exec approval schemas
* docs: document gateway secret schemas
* docs: document gateway config schemas
* docs: document gateway snapshot schemas
* docs: document gateway chat schemas
* docs: document gateway wizard schemas
* docs: document gateway node schemas
* docs: document gateway plugin approval schemas
* docs: document gateway talk schemas
* docs: document gateway agent schemas
* docs: document gateway session schemas
* docs: document gateway cron schemas
* docs: document gateway agent model skill schemas
* docs: document gateway skill proposal tool schemas
* docs: document gateway protocol registry
* docs: document gateway channel status schemas
* docs: document gateway schema regression tests
* docs: document gateway schema barrel
* docs: document gateway validator tests
* docs: document gateway primitive push tests
* docs: document gateway contract tests
* docs: document native protocol guard
* docs: document channel schema tests
* docs: document gateway protocol smoke tests
* docs: document gateway protocol entrypoint
* docs: document gateway protocol type exports
* docs: document gateway error codes
* docs: document protocol schema registry
* docs: document talk audio codec
* docs: document talk activation names
* docs: document talk consult questions
* docs: document talk consult tool
* docs: document talk run control contracts
* docs: document talk run control adapter
* docs: document talkback consult queue
* docs: document talk consult transcript guard
* docs: document talk fast context runtime
* docs: document forced talk consult coordinator
* docs: document talk output activity tracker
* docs: document talk event metrics
* docs: document talk diagnostics
* docs: document talk observability hook
* docs: document talk provider resolver
* docs: document talk provider registry
* docs: document talk runtime primitives
* docs: document talk consult controller logs
* docs: document channel identity helpers
* docs: document channel account allowlist helpers
* docs: document channel metadata draft controls
* docs: document channel ingress policy
* docs: document channel sender access gates
* docs: document channel catalog message contracts
* docs: document channel account plugin helpers
* docs: document configured binding helpers
* docs: document channel acp approval config helpers
* docs: document channel bundled config write helpers
* docs: document channel plugin utility contracts
* docs: document channel config access helpers
* docs: document channel message action helpers
* docs: document channel outbound runtime helpers
* docs: document channel pairing promotion helpers
* docs: document channel registry helpers
* docs: document channel setup wizard helpers
* docs: document channel lifecycle status helpers
* docs: document channel target thread helpers
* docs: document channel session binding helpers
* docs: document channel package module probes
* docs: document channel setup wizard contracts
* docs: document channel plugin API barrels
* docs: document channel contract test helpers
* docs: document channel core helpers
* docs: document small core facades
* docs: document provider runtime helpers
* docs: document persistence and realtime helpers
* docs: document mcp and state helpers
* docs: document tool planner contracts
* docs: document music generation runtime
* docs: document crestodian command flow
* docs: document utility helpers
* docs: document node host helpers
* docs: document transcript contracts
* docs: document trajectory export contracts
* docs: document image generation contracts
* docs: document routing helper contracts
* docs: document session helper contracts
* docs: document video generation contracts
* docs: document model catalog contracts
* docs: document proxy capture contracts
* docs: document status rendering contracts
* docs: document test helper contracts
* docs: document wizard setup contracts
* docs: document process contracts
* docs: document memory host sdk contracts
* docs: document tts contracts
* docs: document secrets runtime contracts
* docs: document shared helper contracts
* docs: document hook runtime contracts
* docs: document security audit contracts
* docs: document flow contracts
* docs: document media understanding contracts
* docs: document tui contracts
* docs: document logging contracts
* docs: document llm contracts
* docs: document cron contracts
* docs: document daemon contracts
* docs: document task contracts
* docs: document acp contracts
* docs: document test utility contracts
* docs: document skill contracts
* docs: document config contracts
* docs: document outbound infra contracts
* docs: document command analysis contracts
* docs: document provider usage infra contracts
* docs: document file safety infra contracts
* docs: document exec approval infra contracts
* docs: document gateway runtime infra contracts
* docs: document infra utility contracts
* docs: document infra queue storage contracts
* docs: document heartbeat infra contracts
* docs: document remaining infra contracts
* docs: document gateway auth contracts
* docs: document gateway display helpers
* docs: document gateway http helpers
* docs: document gateway node helpers
* docs: document gateway mcp helpers
* docs: document gateway support helpers
* docs: document gateway server runtime helpers
* docs: document gateway runtime bootstrap helpers
* docs: document gateway session events
* docs: document gateway utility helpers
* docs: document gateway talk helpers
* docs: document gateway helper contracts
* docs: document gateway server method helpers
* docs: document gateway server auth helpers
* docs: document gateway server tests
* docs: document gateway test helpers
* docs: document gateway node tests
* docs: document gateway channel tests
* docs: document gateway session tests
* docs: document gateway server startup tests
* docs: document gateway tool test helpers
* docs: document gateway server test helpers
* docs: document gateway server method tests
* docs: document remaining gateway tests
* docs: document plugin sdk public subpaths
* docs: document plugin sdk runtime helpers
* docs: document plugin sdk memory provider helpers
* docs: document plugin sdk runtime facades
* docs: document plugin sdk command approval helpers
* docs: document plugin sdk runtime types
* docs: document plugin sdk browser account helpers
* docs: document plugin sdk media memory helpers
* docs: document plugin sdk core tests
* docs: document plugin sdk contract helpers
* docs: document plugin sdk test helpers
* docs: document remaining plugin sdk tests
* docs: document cli utility helpers
* docs: document cli runtime helpers
* docs: document cli command registration helpers
* docs: document node cli helpers
* docs: document cli program registration
* docs: document message cli registration
* docs: document daemon cli helpers
* docs: document cli route parsers
2026-06-03 15:20:39 -07:00
Josh Avant
154f439c81
Add operator install policy and remove dangerous-code install scanners ( #89516 )
...
* feat: add operator install policy
* test: cover plain-file plugin install code
* fix: preserve locationless install policy findings
* refactor: remove install-time plugin scanner
* test: remove stale plugin install helper
* fix: preserve before-install builtin scan type
* fix: preserve plugin dependency denylist
---------
Co-authored-by: Mainframe <mainframe@MainfraacStudio.localdomain >
2026-06-03 14:17:29 -07:00
Coy Geek
3509f7613e
fix: audit and repair hooks token reuse with Gateway auth
...
Keep startup non-breaking for existing installs when hooks.token reuses Gateway auth, but surface a startup warning, critical security audit finding, and doctor --fix repair that rotates persisted hooks.token.
Closes #87376 .
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
2026-06-02 08:58:40 -04:00
Peter Steinberger
5443baa852
Persist plugin install index in SQLite ( #88794 )
...
* refactor: persist plugin install index in sqlite
* fix: merge legacy plugin index records into sqlite
* test: update plugin index sqlite fixtures
* fix: migrate custom plugin install indexes
* test: update plugin index sentinel
* fix: exclude migrated plugin index archives
* fix: read post-upgrade plugin index from sqlite
* fix: migrate legacy plugin index before agent runs
* fix: respect disabled persisted plugin registry reads
* test: type plugin install record fixtures
* fix: simplify plugin index record reader type
* test: fix sqlite plugin index CI fallout
* test: mock provider normalization in agent command tests
# Conflicts:
# src/commands/agent-command.test-mocks.ts
* build: remove unused ui three dependency
2026-05-31 20:51:33 -04:00
Peter Steinberger
27dde7a4d6
chore(lint): enable stricter error rules
2026-06-01 01:12:21 +01:00
Peter Steinberger
22cb7fb6b7
chore(lint): enable no-promise-executor-return
2026-05-31 23:06:13 +01:00
Peter Steinberger
304e2c83c0
chore(lint): enable stricter oxlint rules
2026-05-31 18:59:02 +01:00
Peter Steinberger
85beee613c
docs: clarify inline code comments
...
Comment-only follow-up documenting reusable gateway, auth, proxy, device, Talk, session, and agent helper contracts.\n\nVerification: git diff --check plus targeted tests recorded in PR body.
2026-05-31 14:37:41 +01:00
Peter Steinberger
3950605561
chore(lint): tighten lint exception coverage
2026-05-31 10:42:59 +01:00
Peter Steinberger
00d8d7ead0
refactor: extract normalization core package
...
Extract shared normalization/coercion helpers into private @openclaw/normalization-core workspace package while preserving existing plugin SDK helper subpaths.\n\nAlso keeps direct normalization-core imports internal, wires UI/build/loader resolution, and replaces the slow PR network CodeQL lane with a fast added-line boundary scan while retaining full CodeQL for scheduled/manual runs.\n\nVerification: local moved tests, plugin SDK boundary tests, extension loader tests, agents-support shard, UI build/test, build artifacts, lint, workflow guards, autoreview, and GitHub CI passed on PR head 963d893715 .
2026-05-31 01:33:00 +01:00
Peter Steinberger
4c33aaa86c
refactor: unify OpenAI provider identity ( #88451 )
...
* refactor: unify OpenAI provider identity
* refactor: move legacy oauth sidecar doctor helpers
* test: align OpenAI fixtures after rebase
* test: clean OpenAI provider unification
* fix: finish OpenAI provider cleanup
* fix: finish OpenAI cleanup follow-through
* fix: finish OpenAI CI cleanup
2026-05-31 00:29:44 +01:00
Peter Steinberger
8eeaa45729
refactor: route model catalog imports to core package
...
Route internal model catalog imports to the extracted @openclaw/model-catalog-core package and delete obsolete internal facades.
Keep public SDK declarations self-contained by wrapping core helpers at public boundaries instead of leaking private package imports.
Verification:
- pnpm test src/plugins/contracts/model-catalog-core-imports.test.ts src/plugins/sdk-alias.test.ts packages/model-catalog-core/src/configured-model-refs.test.ts packages/model-catalog-core/src/provider-model-id-normalize.test.ts packages/model-catalog-core/src/provider-model-id-normalization.test.ts src/config/config.model-ref-validation.test.ts src/agents/model-selection.test.ts src/plugin-sdk/provider-model-shared.test.ts -- --reporter=verbose
- pnpm check:test-types
- pnpm test:extensions:package-boundary:compile
- pnpm build
- rg "@openclaw/model-catalog-core" dist/plugin-sdk packages/plugin-sdk/dist -n --glob '*.d.ts' || true
- git diff --check
- autoreview clean after fix
CI note: merged with admin override because checks-node-agentic-commands-doctor and checks-node-core-runtime-infra-state failed twice with exit 143/no-output watchdog termination after prior passing test output, while relevant local proof and the rest of CI were green.
2026-05-30 17:48:18 +01:00
Josh Avant
584fa3215c
Fix restart sentinel internal continuations ( #88161 )
...
* fix restart sentinel internal continuations
* update gateway prompt snapshots
* stabilize sandbox browser audit timer tests
* drive sandbox audit timeouts deterministically
* drive gh-read timeout tests deterministically
* drive label-open-issues timeout tests deterministically
* document deterministic timeout test timers
* test: preserve deterministic timer setup after rebase
2026-05-29 19:06:54 -07:00
Peter Steinberger
acb0e9c155
fix(agents): extend terminal outcome projections ( #88162 )
...
* fix(agents): extend terminal outcome projections
* fix(agents): align terminal outcome follow-up checks
* fix(agents): satisfy terminal outcome mapper lint
* test(scripts): isolate websocket open timers
* test(security): drive sandbox browser timeout timers
* test(scripts): drive gh-read timeout timers
* test(agents): isolate code mode timers
* fix(agents): preserve hard timeouts on wait surfaces
* fix(agents): require timeout attribution for provider errors
* fix(sdk): require timeout attribution for provider errors
* fix(scripts): preserve changelog parse cause
2026-05-30 03:13:01 +02:00
Peter Steinberger
43658872d9
test: stabilize sandbox browser audit timers
2026-05-30 01:18:53 +01:00
Peter Steinberger
4efc48a80d
test(ci): stabilize sandbox browser audit timeout
2026-05-30 02:06:58 +02:00
Shakker
6e026fbb46
refactor: centralize skills subsystem
2026-05-29 17:35:02 +01:00
Shakker
d9278c8efd
refactor: organize skills subsystem layout
2026-05-29 17:35:02 +01:00
Shakker
22e2d1560f
refactor: centralize skills subsystem
2026-05-29 17:35:02 +01:00
Phil
00ca654c74
fix(plugins): persist resolved npm install specs
...
Preserve npm install selectors while recording resolved npm provenance for plugin and hook install/update records. Active `record.spec` stays the requested selector unless explicitly pinned, while resolved npm fields remain available for audit and diagnostics.
Adds focused coverage for hook-pack npm fallback provenance after the maintainer review found that path worth pinning down.
Co-authored-by: Phil <99397913+GitHoubi@users.noreply.github.com >
2026-05-29 09:42:46 +01:00