Peter Steinberger
dc42c893c3
improve(ios): redesign share extension compose sheet ( #104187 )
2026-07-10 22:22:15 -07:00
Peter Steinberger
36e0ac3576
fix(logs): clean up gateway and channel startup/shutdown log output ( #104174 )
...
* fix(logs): clean up gateway and channel startup/shutdown log output
Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.
Fixes #104163
* fix(slack): keep bare-name allowlist resolutions in startup log summary
Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.
* fix(telegram): keep isolated-ingress readiness marker on the runtime log
test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
2026-07-10 22:13:33 -07:00
Vincent Koc
c47ceb0f3d
improve(release): reuse exact-SHA validation evidence ( #104162 )
...
* perf(release): share changelog verification snapshots
* perf(release): reuse exact-SHA validation evidence
* feat(release): checkpoint candidate workflow state
* feat(release): watch CI transitions compactly
* fix(testbox): rotate stale reusable leases
* refactor(release): move CI verifier into scripts
* fix(release): preserve verifier executable mode
* fix(testbox): force noninteractive remote hydration
* perf(testbox): skip sync for proven clean heads
* fix(testbox): keep changed gates synchronized
* fix(testbox): isolate git state probes
* fix(testbox): isolate wrapper git commands
* fix(testbox): preserve git command contracts
* fix(release): validate reused SHA evidence
* fix(release): resume serialized plugin selections
* fix(testbox): sync source on every lease reuse
* fix(release): verify from trusted workflow checkout
* fix(release): gate evidence reuse on trusted lineage
* fix(release): support legacy verifier checkouts
* fix(testbox): export CI across shell snippets
* fix(release): revalidate reused evidence before publish
* fix(release): reject untrusted reuse before lookup
* fix(release): reuse SHA-pinned root evidence
* fix(ci): allow unreleased notes in QA packages
* fix(release): satisfy script lint contracts
* fix(release): handle Unicode workflow refs safely
2026-07-11 12:48:27 +08:00
Peter Steinberger
0074005682
feat(ui): add Model Providers settings page with auth, quota, and cost per provider ( #104061 )
2026-07-10 19:31:41 -07:00
Peter Steinberger
4b7a5a4e8b
fix(installer): default to Node 22.22.2 ( #104073 )
2026-07-10 19:28:49 -07:00
haruai
c2301d8e53
fix(gateway): preserve local access for specific binds ( #98479 )
...
* fix: prefer loopback for local tailnet dashboard
* fix(gateway): preserve local access for specific binds
---------
Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 19:18:47 -07:00
Peter Steinberger
f50293c9e7
fix: installer removes temporary files after failed commands ( #104049 )
...
* fix(installer): retain temp cleanup registrations
* chore: keep installer release notes release-owned
2026-07-10 18:54:56 -07:00
Sebastien Tardif
95b205eac2
fix(installer): clean temporary files on failure ( #103725 )
2026-07-10 17:53:23 -07:00
James Armstead
65cc86f45c
Refresh MCP OAuth auth-profile tokens ( #96120 )
...
* Refresh MCP OAuth auth-profile tokens
* Rotate Codex MCP binding on bearer changes
* Preserve agent scope for MCP auth profiles
* Preserve Codex MCP tool filters
* Keep Codex MCP projection helper local-only
* Fix Codex projection package boundary artifacts
* Revert "Fix Codex projection package boundary artifacts"
This reverts commit 13bcaed3da .
* Revert "Keep Codex MCP projection helper local-only"
This reverts commit 19751f4922 .
* Trigger CI rerun for OAuth MCP PR
* Fail closed for remote Codex MCP bearer projection
* Fix MCP OAuth bearer token projection
* fix: project MCP-native OAuth credentials
* fix: align MCP SDK surface budget
* fix(mcp): keep agents available before OAuth login
---------
Co-authored-by: Josh Lehman <josh@martian.engineering >
2026-07-10 17:49:43 -07:00
Vincent Koc
1a9d09a238
fix(release): avoid worker lint suppressions
2026-07-10 17:47:32 -07:00
Vincent Koc
05a09b464c
fix(release): satisfy task graph lint
2026-07-10 17:47:32 -07:00
Vincent Koc
e6bde5599d
fix(release): keep correction tags at base version
2026-07-10 17:47:32 -07:00
Vincent Koc
90ad9251df
fix(pr): support rebase landings
2026-07-10 17:47:32 -07:00
Vincent Koc
6f9afda10c
fix(release): align plugin shrinkwrap scope
2026-07-10 17:47:32 -07:00
Vincent Koc
89bb79f6ae
fix(pr): allow merge-commit landings
2026-07-10 17:47:32 -07:00
Vincent Koc
eefd6248f4
fix(release): manage tracked private shrinkwraps
2026-07-10 17:47:32 -07:00
Vincent Koc
968c9549b4
fix(release): avoid pnpm bootstrap in version prep
2026-07-10 17:47:32 -07:00
Vincent Koc
a960b5f3aa
fix(release): keep JSON output machine-readable
2026-07-10 17:47:32 -07:00
Vincent Koc
38abdb64e8
fix(release): serialize root package generation
2026-07-10 17:47:32 -07:00
Vincent Koc
14a8cdc7c6
fix(release): keep Android notes aligned
2026-07-10 17:47:32 -07:00
Vincent Koc
0c16193bec
chore(release): satisfy parallel runner lint
2026-07-10 17:47:32 -07:00
Vincent Koc
80d44bf000
feat(release): add shadow preparation controller
2026-07-10 17:47:32 -07:00
Vincent Koc
897a66881d
perf(release): parallelize shrinkwrap generation
2026-07-10 17:47:32 -07:00
Vincent Koc
82461afedb
perf(release): parallelize scoped preflight tasks
2026-07-10 17:47:32 -07:00
Vincent Koc
d801384b3b
feat(release): add atomic version preparation
2026-07-10 17:47:32 -07:00
Peter Steinberger
25c216ab1e
fix: keep gateway watch detached in limited terminals ( #104009 )
2026-07-11 01:33:47 +01:00
Vincent Koc
f4b3a4841f
fix(release): accept Kova collector-only phases ( #104008 )
2026-07-10 17:31:42 -07:00
Peter Steinberger
5f7a67f186
fix(release): avoid token-shaped Claude live probe ( #103994 )
2026-07-11 01:03:30 +01:00
Peter Steinberger
fef5c61a3c
docs(gateway): document restart and crash recovery behavior ( #103985 )
...
* docs(gateway): document restart and crash recovery behavior
* chore(docs): allowlist intentional command:nwe hook example in spellcheck
2026-07-11 00:44:16 +01:00
xingzhou
babc287afe
fix(slack): time out stalled external file uploads ( #103442 )
...
* fix(slack): time out stalled external file uploads
* fix(slack): scope external upload timeout
* fix(slack): restrict external upload transport
* fix(slack): restrict external upload transport
* fix(slack): preserve external upload retry safety
* test(slack): use compatible guarded fetch runtime
* test(plugin-sdk): update public export baseline
* fix(slack): harden external upload delivery
* refactor(slack): isolate upload completion
Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.
* fix(slack): refresh upload release metadata
* chore(slack): leave release notes release-owned
* fix(slack): classify failed uploads before completion
* fix(slack): keep upload completion untimed
* test(plugin-sdk): refresh public export baseline
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 23:52:35 +01:00
Peter Steinberger
a0354e5243
fix(onboarding): make fresh AI setup reliable and transparent ( #103962 )
...
* fix(onboarding): harden inference setup
* fix(mac): preserve setup request cancellation
* test(crestodian): align setup audit expectation
* test(crestodian): cover approval persistence warning
* fix(crestodian): preserve setup credentials and success
* chore(pr): leave changelog to release flow
* fix(onboarding): repair native CI gates
2026-07-10 23:44:53 +01:00
soldforaloss
0e0c922cc5
fix: preserve current Node for node.exe env wrappers ( #103907 )
...
* fix: preserve current Node for node.exe env wrappers
* fix(scripts): preserve Windows Node aliases
* chore: keep contributor PR release-note only
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 23:30:57 +01:00
Vincent Koc
022dd9dc27
fix(release): unblock Meta npm bootstrap publication ( #103951 )
...
* fix(release): isolate Meta npm bootstrap
* test(release): assert OIDC npm version guard
2026-07-10 14:50:00 -07:00
Peter Steinberger
4cb9cc689e
fix(maint): avoid stale PR sync evidence ( #103944 )
2026-07-10 22:05:23 +01:00
Peter Steinberger
b5f3fe900f
fix(release): pack local AI runtime for release checks ( #103941 )
2026-07-10 21:59:59 +01:00
Peter Steinberger
9b1c36d23c
fix: prevent exec approval revocation races ( #103515 )
...
* fix(security): serialize exec approval mutations
* fix(security): preserve additive approval writes
* test(cli): expect normalized approval shape
* fix(security): preserve exec approval compatibility
* test(security): exercise locked approval initialization
* test(security): mock serialized approval helpers
* test(exec): derive enforced command path from plan
* fix(gateway): always return approval CAS conflicts
* fix(macos): serialize exec approvals writes
* fix(security): repair approval build errors
* fix(security): serialize exec approval mutations
* fix(security): fail closed on approval persistence errors
* test(security): cover detached approval persistence failures
* fix(security): harden exec approval state
* style(macos): format exec approval sources
* fix(security): complete exec approval hardening
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(macos): preserve approved login-shell semantics
* fix(macos): keep login shell approvals one-shot
* fix(security): linearize exec authorization
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(security): preserve durable approval basis
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(security): bind exec grants to current policy
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* test(security): fix exec revocation fixtures
* test(security): align gateway approval fixtures
* fix(macos): return approval decisions
* chore(i18n): sync native approval strings
* test(security): align approval hardening fixtures
* test(node): authorize completed event fixture
* test(security): fix approval decision fixtures
* test(security): await durable approval visibility
* fix(exec): preserve concurrent approval grants
* fix(exec): address exact-head CI failures
* fix(exec): preserve concurrent approval promotions
* fix(exec): make Swift shutdown state explicit
* test(macos): handle approval read failures
* fix(macos): harden approval socket paths
* fix(macos): preserve exact shell payload bytes
* test(macos): make approval fixtures explicit
* test(macos): fix approval suite compilation
* fix(macos): bound approval socket JSONL reads
* chore: move exec approval note to release process
* chore: move exec approval note to release process
---------
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
2026-07-10 21:35:05 +01:00
Vincent Koc
54cc90b1b1
fix(release): publish ClawHub bootstrap artifacts immutably ( #103809 )
...
* fix(release): harden ClawHub bootstrap
* fix(release): centralize publication artifact verification
* fix(release): harden publication artifact verification
* fix(release): lock ClawHub bootstrap toolchain
* test(release): assert locked ClawHub binary
* fix(release): pack with trusted ClawHub harness
* fix(release): bound beta verifier artifact reads
* fix(release): bind target and tooling identities
* fix(release): stabilize signed package ordering
* fix(release): bind ClawHub pretag proof
* fix(release): bind ClawHub OIDC readback
* fix(release): bind ClawHub OIDC readback
2026-07-10 13:33:20 -07:00
Peter Steinberger
1bcc4c5e70
feat(gateway): add cooperative host suspension ( #103618 )
...
* feat(gateway): add cooperative suspension preparation
* style: satisfy suspension lint checks
* test(gateway): reset work admission between shared suites
* fix(gateway): reject upgrades during suspension
* fix(gateway): preserve admitted work during suspension
* test(gateway): isolate suspension and restart state
* fix(gateway): close suspension false-ready gaps
* refactor(protocol): slim suspension declaration graph
* refactor(plugin-sdk): sever protocol registry edges
* fix(gateway): preserve admitted restart follow-ups
* fix(gateway): make suspension recovery fail closed
* fix(protocol): keep validation formatter re-export only
* test(gateway): simplify deferred fixture type
* style(gateway): clarify suspension entry name
* fix(gateway): retain detached work admission
2026-07-10 20:24:53 +01:00
Peter Steinberger
fece8c9f54
fix(release): keep validation evidence immutable across reruns ( #103906 )
...
* fix(release): bind validation evidence to exact attempts
* test(release): cover exact validation attempts
2026-07-10 20:16:19 +01:00
Peter Steinberger
e1934d968e
fix(nodes): stop advertising a disabled browser proxy ( #103894 )
...
* fix(nodes): hide disabled browser proxy capability
* chore: defer node fix changelog to release
* chore: ratchet plugin SDK surface budget
2026-07-10 20:06:53 +01:00
Vincent Koc
69f8198ba3
fix(release): keep no-push Docker images validation-only ( #103891 )
...
* fix(release): make no-push Docker artifacts portable
* fix(release): keep no-push images validation-only
2026-07-10 12:02:57 -07:00
Vincent Koc
2a1d6e49d5
fix(ci): run Telegram release QA from trusted harness ( #103207 )
...
* fix(ci): use trusted Telegram QA harness
* fix(ci): restrict trusted Telegram QA candidate
* fix(ci): isolate trusted Telegram QA candidate
* fix(ci): harden Telegram QA process boundary
* fix(ci): pass Telegram QA release gates
* test(qa): stub Telegram env explicitly
* fix(ci): harden Telegram release QA boundary
* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
Peter Steinberger
b91e117dcd
fix(ci): select full Kova performance reports ( #103863 )
2026-07-10 19:01:30 +01:00
Peter Steinberger
b597a8d364
fix(release): restore prerelease and release validation startup ( #103834 )
...
* fix(release): split image publication from validation
* fix(ci): honor install smoke caller input
* fix(ci): harden Docker rerun targeting
2026-07-10 18:46:08 +01:00
Peter Steinberger
050177c784
fix(clawdock): scope confirmation response ( #103837 )
2026-07-10 18:06:06 +01:00
Peter Steinberger
c08599c17b
fix(clawdock): preserve sourced zsh PATH ( #103805 )
...
Co-authored-by: wenhua <lshgdut@qq.com >
2026-07-10 17:46:08 +01:00
Vincent Koc
daa653c5cc
ci(release): add plugin npm artifact preflight ( #103759 )
...
* ci(release): add plugin npm preflight proof
* fix(release): bind plugin preflight package evidence
* fix(release): harden plugin preflight trust
* fix(release): bind plugin registry readback
* fix(release): retry npm packument bodies
* fix(release): retry malformed npm packuments
* fix(release): satisfy npm preflight lint
2026-07-10 09:39:10 -07:00
Peter Steinberger
e43f225c81
fix(release): prevent stale beta validation evidence ( #103798 )
...
* fix(release): ignore nested squash revert markers
* fix(release): preserve squash revert targets
* docs(release): state installer doctor contract
* fix(release): recognize conventional squash reverts
2026-07-10 17:26:56 +01:00
Vincent Koc
155e196e22
fix(release): preserve beta validation evidence ( #103796 )
...
* fix(release): proxy upgrade fixtures to npm
(cherry picked from commit 30f54a5fe1 )
* fix(release): require installer doctor evidence
(cherry picked from commit 0782a94452 )
* test(qa): scope aborted restart outcome to Codex
(cherry picked from commit ac54f80430 )
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 09:05:14 -07:00
Peter Steinberger
366d09bcc7
fix(ci): harden release performance evidence ( #103790 )
2026-07-10 16:59:10 +01:00