Vincent Koc
|
e85a4f0ef2
|
fix(testbox): force noninteractive remote hydration
|
2026-07-10 21:08:17 -07:00 |
|
Vincent Koc
|
48704f065a
|
fix(release): preserve verifier executable mode
|
2026-07-10 21:08:17 -07:00 |
|
Vincent Koc
|
28f018e520
|
refactor(release): move CI verifier into scripts
|
2026-07-10 21:08:17 -07:00 |
|
Vincent Koc
|
883a615516
|
fix(testbox): rotate stale reusable leases
|
2026-07-10 21:08:17 -07:00 |
|
Vincent Koc
|
6a606f93a3
|
feat(release): checkpoint candidate workflow state
|
2026-07-10 21:08:17 -07:00 |
|
Vincent Koc
|
d86b62dea9
|
perf(release): reuse exact-SHA validation evidence
|
2026-07-10 21:08:17 -07:00 |
|
Peter Steinberger
|
0074005682
|
feat(ui): add Model Providers settings page with auth, quota, and cost per provider (#104061)
|
2026-07-10 19:31:41 -07:00 |
|
Peter Steinberger
|
4b7a5a4e8b
|
fix(installer): default to Node 22.22.2 (#104073)
|
2026-07-10 19:28:49 -07:00 |
|
haruai
|
c2301d8e53
|
fix(gateway): preserve local access for specific binds (#98479)
* fix: prefer loopback for local tailnet dashboard
* fix(gateway): preserve local access for specific binds
---------
Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-10 19:18:47 -07:00 |
|
Peter Steinberger
|
f50293c9e7
|
fix: installer removes temporary files after failed commands (#104049)
* fix(installer): retain temp cleanup registrations
* chore: keep installer release notes release-owned
|
2026-07-10 18:54:56 -07:00 |
|
Sebastien Tardif
|
95b205eac2
|
fix(installer): clean temporary files on failure (#103725)
|
2026-07-10 17:53:23 -07:00 |
|
James Armstead
|
65cc86f45c
|
Refresh MCP OAuth auth-profile tokens (#96120)
* Refresh MCP OAuth auth-profile tokens
* Rotate Codex MCP binding on bearer changes
* Preserve agent scope for MCP auth profiles
* Preserve Codex MCP tool filters
* Keep Codex MCP projection helper local-only
* Fix Codex projection package boundary artifacts
* Revert "Fix Codex projection package boundary artifacts"
This reverts commit 13bcaed3da.
* Revert "Keep Codex MCP projection helper local-only"
This reverts commit 19751f4922.
* Trigger CI rerun for OAuth MCP PR
* Fail closed for remote Codex MCP bearer projection
* Fix MCP OAuth bearer token projection
* fix: project MCP-native OAuth credentials
* fix: align MCP SDK surface budget
* fix(mcp): keep agents available before OAuth login
---------
Co-authored-by: Josh Lehman <josh@martian.engineering>
|
2026-07-10 17:49:43 -07:00 |
|
Vincent Koc
|
1a9d09a238
|
fix(release): avoid worker lint suppressions
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
05a09b464c
|
fix(release): satisfy task graph lint
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
e6bde5599d
|
fix(release): keep correction tags at base version
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
90ad9251df
|
fix(pr): support rebase landings
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
6f9afda10c
|
fix(release): align plugin shrinkwrap scope
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
89bb79f6ae
|
fix(pr): allow merge-commit landings
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
eefd6248f4
|
fix(release): manage tracked private shrinkwraps
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
968c9549b4
|
fix(release): avoid pnpm bootstrap in version prep
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
a960b5f3aa
|
fix(release): keep JSON output machine-readable
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
38abdb64e8
|
fix(release): serialize root package generation
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
14a8cdc7c6
|
fix(release): keep Android notes aligned
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
0c16193bec
|
chore(release): satisfy parallel runner lint
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
80d44bf000
|
feat(release): add shadow preparation controller
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
897a66881d
|
perf(release): parallelize shrinkwrap generation
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
82461afedb
|
perf(release): parallelize scoped preflight tasks
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
d801384b3b
|
feat(release): add atomic version preparation
|
2026-07-10 17:47:32 -07:00 |
|
Peter Steinberger
|
25c216ab1e
|
fix: keep gateway watch detached in limited terminals (#104009)
|
2026-07-11 01:33:47 +01:00 |
|
Vincent Koc
|
f4b3a4841f
|
fix(release): accept Kova collector-only phases (#104008)
|
2026-07-10 17:31:42 -07:00 |
|
Peter Steinberger
|
5f7a67f186
|
fix(release): avoid token-shaped Claude live probe (#103994)
|
2026-07-11 01:03:30 +01:00 |
|
Peter Steinberger
|
fef5c61a3c
|
docs(gateway): document restart and crash recovery behavior (#103985)
* docs(gateway): document restart and crash recovery behavior
* chore(docs): allowlist intentional command:nwe hook example in spellcheck
|
2026-07-11 00:44:16 +01:00 |
|
xingzhou
|
babc287afe
|
fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads
* fix(slack): scope external upload timeout
* fix(slack): restrict external upload transport
* fix(slack): restrict external upload transport
* fix(slack): preserve external upload retry safety
* test(slack): use compatible guarded fetch runtime
* test(plugin-sdk): update public export baseline
* fix(slack): harden external upload delivery
* refactor(slack): isolate upload completion
Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.
* fix(slack): refresh upload release metadata
* chore(slack): leave release notes release-owned
* fix(slack): classify failed uploads before completion
* fix(slack): keep upload completion untimed
* test(plugin-sdk): refresh public export baseline
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-10 23:52:35 +01:00 |
|
Peter Steinberger
|
a0354e5243
|
fix(onboarding): make fresh AI setup reliable and transparent (#103962)
* fix(onboarding): harden inference setup
* fix(mac): preserve setup request cancellation
* test(crestodian): align setup audit expectation
* test(crestodian): cover approval persistence warning
* fix(crestodian): preserve setup credentials and success
* chore(pr): leave changelog to release flow
* fix(onboarding): repair native CI gates
|
2026-07-10 23:44:53 +01:00 |
|
soldforaloss
|
0e0c922cc5
|
fix: preserve current Node for node.exe env wrappers (#103907)
* fix: preserve current Node for node.exe env wrappers
* fix(scripts): preserve Windows Node aliases
* chore: keep contributor PR release-note only
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-10 23:30:57 +01:00 |
|
Vincent Koc
|
022dd9dc27
|
fix(release): unblock Meta npm bootstrap publication (#103951)
* fix(release): isolate Meta npm bootstrap
* test(release): assert OIDC npm version guard
|
2026-07-10 14:50:00 -07:00 |
|
Peter Steinberger
|
4cb9cc689e
|
fix(maint): avoid stale PR sync evidence (#103944)
|
2026-07-10 22:05:23 +01:00 |
|
Peter Steinberger
|
b5f3fe900f
|
fix(release): pack local AI runtime for release checks (#103941)
|
2026-07-10 21:59:59 +01:00 |
|
Peter Steinberger
|
9b1c36d23c
|
fix: prevent exec approval revocation races (#103515)
* fix(security): serialize exec approval mutations
* fix(security): preserve additive approval writes
* test(cli): expect normalized approval shape
* fix(security): preserve exec approval compatibility
* test(security): exercise locked approval initialization
* test(security): mock serialized approval helpers
* test(exec): derive enforced command path from plan
* fix(gateway): always return approval CAS conflicts
* fix(macos): serialize exec approvals writes
* fix(security): repair approval build errors
* fix(security): serialize exec approval mutations
* fix(security): fail closed on approval persistence errors
* test(security): cover detached approval persistence failures
* fix(security): harden exec approval state
* style(macos): format exec approval sources
* fix(security): complete exec approval hardening
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(macos): preserve approved login-shell semantics
* fix(macos): keep login shell approvals one-shot
* fix(security): linearize exec authorization
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): preserve durable approval basis
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): bind exec grants to current policy
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* test(security): fix exec revocation fixtures
* test(security): align gateway approval fixtures
* fix(macos): return approval decisions
* chore(i18n): sync native approval strings
* test(security): align approval hardening fixtures
* test(node): authorize completed event fixture
* test(security): fix approval decision fixtures
* test(security): await durable approval visibility
* fix(exec): preserve concurrent approval grants
* fix(exec): address exact-head CI failures
* fix(exec): preserve concurrent approval promotions
* fix(exec): make Swift shutdown state explicit
* test(macos): handle approval read failures
* fix(macos): harden approval socket paths
* fix(macos): preserve exact shell payload bytes
* test(macos): make approval fixtures explicit
* test(macos): fix approval suite compilation
* fix(macos): bound approval socket JSONL reads
* chore: move exec approval note to release process
* chore: move exec approval note to release process
---------
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
|
2026-07-10 21:35:05 +01:00 |
|
Vincent Koc
|
54cc90b1b1
|
fix(release): publish ClawHub bootstrap artifacts immutably (#103809)
* fix(release): harden ClawHub bootstrap
* fix(release): centralize publication artifact verification
* fix(release): harden publication artifact verification
* fix(release): lock ClawHub bootstrap toolchain
* test(release): assert locked ClawHub binary
* fix(release): pack with trusted ClawHub harness
* fix(release): bound beta verifier artifact reads
* fix(release): bind target and tooling identities
* fix(release): stabilize signed package ordering
* fix(release): bind ClawHub pretag proof
* fix(release): bind ClawHub OIDC readback
* fix(release): bind ClawHub OIDC readback
|
2026-07-10 13:33:20 -07:00 |
|
Peter Steinberger
|
1bcc4c5e70
|
feat(gateway): add cooperative host suspension (#103618)
* feat(gateway): add cooperative suspension preparation
* style: satisfy suspension lint checks
* test(gateway): reset work admission between shared suites
* fix(gateway): reject upgrades during suspension
* fix(gateway): preserve admitted work during suspension
* test(gateway): isolate suspension and restart state
* fix(gateway): close suspension false-ready gaps
* refactor(protocol): slim suspension declaration graph
* refactor(plugin-sdk): sever protocol registry edges
* fix(gateway): preserve admitted restart follow-ups
* fix(gateway): make suspension recovery fail closed
* fix(protocol): keep validation formatter re-export only
* test(gateway): simplify deferred fixture type
* style(gateway): clarify suspension entry name
* fix(gateway): retain detached work admission
|
2026-07-10 20:24:53 +01:00 |
|
Peter Steinberger
|
fece8c9f54
|
fix(release): keep validation evidence immutable across reruns (#103906)
* fix(release): bind validation evidence to exact attempts
* test(release): cover exact validation attempts
|
2026-07-10 20:16:19 +01:00 |
|
Peter Steinberger
|
e1934d968e
|
fix(nodes): stop advertising a disabled browser proxy (#103894)
* fix(nodes): hide disabled browser proxy capability
* chore: defer node fix changelog to release
* chore: ratchet plugin SDK surface budget
|
2026-07-10 20:06:53 +01:00 |
|
Vincent Koc
|
69f8198ba3
|
fix(release): keep no-push Docker images validation-only (#103891)
* fix(release): make no-push Docker artifacts portable
* fix(release): keep no-push images validation-only
|
2026-07-10 12:02:57 -07:00 |
|
Vincent Koc
|
2a1d6e49d5
|
fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness
* fix(ci): restrict trusted Telegram QA candidate
* fix(ci): isolate trusted Telegram QA candidate
* fix(ci): harden Telegram QA process boundary
* fix(ci): pass Telegram QA release gates
* test(qa): stub Telegram env explicitly
* fix(ci): harden Telegram release QA boundary
* test(ci): harden trusted workflow and memory guards
|
2026-07-10 11:32:24 -07:00 |
|
Peter Steinberger
|
b91e117dcd
|
fix(ci): select full Kova performance reports (#103863)
|
2026-07-10 19:01:30 +01:00 |
|
Peter Steinberger
|
b597a8d364
|
fix(release): restore prerelease and release validation startup (#103834)
* fix(release): split image publication from validation
* fix(ci): honor install smoke caller input
* fix(ci): harden Docker rerun targeting
|
2026-07-10 18:46:08 +01:00 |
|
Peter Steinberger
|
050177c784
|
fix(clawdock): scope confirmation response (#103837)
|
2026-07-10 18:06:06 +01:00 |
|
Peter Steinberger
|
c08599c17b
|
fix(clawdock): preserve sourced zsh PATH (#103805)
Co-authored-by: wenhua <lshgdut@qq.com>
|
2026-07-10 17:46:08 +01:00 |
|
Vincent Koc
|
daa653c5cc
|
ci(release): add plugin npm artifact preflight (#103759)
* ci(release): add plugin npm preflight proof
* fix(release): bind plugin preflight package evidence
* fix(release): harden plugin preflight trust
* fix(release): bind plugin registry readback
* fix(release): retry npm packument bodies
* fix(release): retry malformed npm packuments
* fix(release): satisfy npm preflight lint
|
2026-07-10 09:39:10 -07:00 |
|