Vincent Koc
|
31484524a5
|
fix(release): preserve node across telegram qa masks (#104175)
|
2026-07-11 13:22:06 +08:00 |
|
Vincent Koc
|
2158873a3c
|
fix(release): preserve canonical main PR provenance (#104166)
* fix(release): canonicalize changelog PR provenance
* fix(release): finalize changelog provenance policy
* fix(release): resolve canonical PRs from current main
* fix(release): support divergent beta baselines
|
2026-07-11 13:21:15 +08:00 |
|
Vincent Koc
|
c47ceb0f3d
|
improve(release): reuse exact-SHA validation evidence (#104162)
* perf(release): share changelog verification snapshots
* perf(release): reuse exact-SHA validation evidence
* feat(release): checkpoint candidate workflow state
* feat(release): watch CI transitions compactly
* fix(testbox): rotate stale reusable leases
* refactor(release): move CI verifier into scripts
* fix(release): preserve verifier executable mode
* fix(testbox): force noninteractive remote hydration
* perf(testbox): skip sync for proven clean heads
* fix(testbox): keep changed gates synchronized
* fix(testbox): isolate git state probes
* fix(testbox): isolate wrapper git commands
* fix(testbox): preserve git command contracts
* fix(release): validate reused SHA evidence
* fix(release): resume serialized plugin selections
* fix(testbox): sync source on every lease reuse
* fix(release): verify from trusted workflow checkout
* fix(release): gate evidence reuse on trusted lineage
* fix(release): support legacy verifier checkouts
* fix(testbox): export CI across shell snippets
* fix(release): revalidate reused evidence before publish
* fix(release): reject untrusted reuse before lookup
* fix(release): reuse SHA-pinned root evidence
* fix(ci): allow unreleased notes in QA packages
* fix(release): satisfy script lint contracts
* fix(release): handle Unicode workflow refs safely
|
2026-07-11 12:48:27 +08:00 |
|
Vincent Koc
|
ad9d142245
|
style(test): format release workflow guard
|
2026-07-11 11:45:23 +08:00 |
|
Vincent Koc
|
b0258a5d8b
|
fix(release): isolate frozen Telegram QA temp roots
|
2026-07-11 11:45:23 +08:00 |
|
Vincent Koc
|
543b0e7794
|
fix(ci): support frozen Swift lint targets
|
2026-07-11 11:45:23 +08:00 |
|
Vincent Koc
|
ffc8051cac
|
test(release): align trusted SHA workflow guard
|
2026-07-11 11:09:58 +08:00 |
|
Vincent Koc
|
553f543bdf
|
fix(release): support frozen validation targets
|
2026-07-11 11:09:58 +08:00 |
|
Peter Steinberger
|
feae1faf06
|
fix(release): expose Telegram launcher failures safely (#104099)
* fix(release): expose Telegram launcher failures safely
* test(release): prove namespace launcher diagnostics
|
2026-07-10 20:03:36 -07:00 |
|
Peter Steinberger
|
4b7a5a4e8b
|
fix(installer): default to Node 22.22.2 (#104073)
|
2026-07-10 19:28:49 -07:00 |
|
Peter Steinberger
|
7febbad017
|
fix(release): dispatch Telegram QA with environment access (#104066)
|
2026-07-10 19:19:04 -07:00 |
|
Peter Steinberger
|
f50293c9e7
|
fix: installer removes temporary files after failed commands (#104049)
* fix(installer): retain temp cleanup registrations
* chore: keep installer release notes release-owned
|
2026-07-10 18:54:56 -07:00 |
|
Peter Steinberger
|
070b7928fd
|
fix(release): declare Telegram QA environment secrets (#104036)
|
2026-07-10 18:30:20 -07:00 |
|
Peter Steinberger
|
f0facb4cca
|
fix(release): raise Telegram attestor buffer (#104025)
|
2026-07-10 18:03:26 -07:00 |
|
Sebastien Tardif
|
95b205eac2
|
fix(installer): clean temporary files on failure (#103725)
|
2026-07-10 17:53:23 -07:00 |
|
Vincent Koc
|
e6bde5599d
|
fix(release): keep correction tags at base version
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
90ad9251df
|
fix(pr): support rebase landings
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
6f9afda10c
|
fix(release): align plugin shrinkwrap scope
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
89bb79f6ae
|
fix(pr): allow merge-commit landings
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
eefd6248f4
|
fix(release): manage tracked private shrinkwraps
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
968c9549b4
|
fix(release): avoid pnpm bootstrap in version prep
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
a960b5f3aa
|
fix(release): keep JSON output machine-readable
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
38abdb64e8
|
fix(release): serialize root package generation
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
14ebfc88c4
|
fix(release): avoid caching GitHub errors
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
14a8cdc7c6
|
fix(release): keep Android notes aligned
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
0c16193bec
|
chore(release): satisfy parallel runner lint
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
80d44bf000
|
feat(release): add shadow preparation controller
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
a835584537
|
perf(release): cache changelog GitHub discovery
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
897a66881d
|
perf(release): parallelize shrinkwrap generation
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
82461afedb
|
perf(release): parallelize scoped preflight tasks
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
d801384b3b
|
feat(release): add atomic version preparation
|
2026-07-10 17:47:32 -07:00 |
|
Vincent Koc
|
2841edf01e
|
fix(ci): pin Kova auth startup fixes (#104002)
|
2026-07-10 17:42:08 -07:00 |
|
Vincent Koc
|
f4b3a4841f
|
fix(release): accept Kova collector-only phases (#104008)
|
2026-07-10 17:31:42 -07:00 |
|
Peter Steinberger
|
5f7a67f186
|
fix(release): avoid token-shaped Claude live probe (#103994)
|
2026-07-11 01:03:30 +01:00 |
|
Peter Steinberger
|
a0354e5243
|
fix(onboarding): make fresh AI setup reliable and transparent (#103962)
* fix(onboarding): harden inference setup
* fix(mac): preserve setup request cancellation
* test(crestodian): align setup audit expectation
* test(crestodian): cover approval persistence warning
* fix(crestodian): preserve setup credentials and success
* chore(pr): leave changelog to release flow
* fix(onboarding): repair native CI gates
|
2026-07-10 23:44:53 +01:00 |
|
Peter Steinberger
|
49941fab6d
|
fix(ci): keep hydrate-github pnpm shims writable (#103971)
|
2026-07-10 23:36:10 +01:00 |
|
soldforaloss
|
0e0c922cc5
|
fix: preserve current Node for node.exe env wrappers (#103907)
* fix: preserve current Node for node.exe env wrappers
* fix(scripts): preserve Windows Node aliases
* chore: keep contributor PR release-note only
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-10 23:30:57 +01:00 |
|
Vincent Koc
|
b0e3c85a61
|
fix(release): bind publish children to trusted SHAs (#103913)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
|
2026-07-10 23:25:26 +01:00 |
|
Vincent Koc
|
b1e688c657
|
fix(release): consume Kova model contract (#103966)
|
2026-07-10 15:17:15 -07:00 |
|
Vincent Koc
|
022dd9dc27
|
fix(release): unblock Meta npm bootstrap publication (#103951)
* fix(release): isolate Meta npm bootstrap
* test(release): assert OIDC npm version guard
|
2026-07-10 14:50:00 -07:00 |
|
Peter Steinberger
|
4cb9cc689e
|
fix(maint): avoid stale PR sync evidence (#103944)
|
2026-07-10 22:05:23 +01:00 |
|
Peter Steinberger
|
b5f3fe900f
|
fix(release): pack local AI runtime for release checks (#103941)
|
2026-07-10 21:59:59 +01:00 |
|
Peter Steinberger
|
9b1c36d23c
|
fix: prevent exec approval revocation races (#103515)
* fix(security): serialize exec approval mutations
* fix(security): preserve additive approval writes
* test(cli): expect normalized approval shape
* fix(security): preserve exec approval compatibility
* test(security): exercise locked approval initialization
* test(security): mock serialized approval helpers
* test(exec): derive enforced command path from plan
* fix(gateway): always return approval CAS conflicts
* fix(macos): serialize exec approvals writes
* fix(security): repair approval build errors
* fix(security): serialize exec approval mutations
* fix(security): fail closed on approval persistence errors
* test(security): cover detached approval persistence failures
* fix(security): harden exec approval state
* style(macos): format exec approval sources
* fix(security): complete exec approval hardening
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(macos): preserve approved login-shell semantics
* fix(macos): keep login shell approvals one-shot
* fix(security): linearize exec authorization
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): preserve durable approval basis
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): bind exec grants to current policy
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* test(security): fix exec revocation fixtures
* test(security): align gateway approval fixtures
* fix(macos): return approval decisions
* chore(i18n): sync native approval strings
* test(security): align approval hardening fixtures
* test(node): authorize completed event fixture
* test(security): fix approval decision fixtures
* test(security): await durable approval visibility
* fix(exec): preserve concurrent approval grants
* fix(exec): address exact-head CI failures
* fix(exec): preserve concurrent approval promotions
* fix(exec): make Swift shutdown state explicit
* test(macos): handle approval read failures
* fix(macos): harden approval socket paths
* fix(macos): preserve exact shell payload bytes
* test(macos): make approval fixtures explicit
* test(macos): fix approval suite compilation
* fix(macos): bound approval socket JSONL reads
* chore: move exec approval note to release process
* chore: move exec approval note to release process
---------
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
|
2026-07-10 21:35:05 +01:00 |
|
Vincent Koc
|
54cc90b1b1
|
fix(release): publish ClawHub bootstrap artifacts immutably (#103809)
* fix(release): harden ClawHub bootstrap
* fix(release): centralize publication artifact verification
* fix(release): harden publication artifact verification
* fix(release): lock ClawHub bootstrap toolchain
* test(release): assert locked ClawHub binary
* fix(release): pack with trusted ClawHub harness
* fix(release): bound beta verifier artifact reads
* fix(release): bind target and tooling identities
* fix(release): stabilize signed package ordering
* fix(release): bind ClawHub pretag proof
* fix(release): bind ClawHub OIDC readback
* fix(release): bind ClawHub OIDC readback
|
2026-07-10 13:33:20 -07:00 |
|
Peter Steinberger
|
fece8c9f54
|
fix(release): keep validation evidence immutable across reruns (#103906)
* fix(release): bind validation evidence to exact attempts
* test(release): cover exact validation attempts
|
2026-07-10 20:16:19 +01:00 |
|
Vincent Koc
|
69f8198ba3
|
fix(release): keep no-push Docker images validation-only (#103891)
* fix(release): make no-push Docker artifacts portable
* fix(release): keep no-push images validation-only
|
2026-07-10 12:02:57 -07:00 |
|
Vincent Koc
|
2a1d6e49d5
|
fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness
* fix(ci): restrict trusted Telegram QA candidate
* fix(ci): isolate trusted Telegram QA candidate
* fix(ci): harden Telegram QA process boundary
* fix(ci): pass Telegram QA release gates
* test(qa): stub Telegram env explicitly
* fix(ci): harden Telegram release QA boundary
* test(ci): harden trusted workflow and memory guards
|
2026-07-10 11:32:24 -07:00 |
|
Peter Steinberger
|
b91e117dcd
|
fix(ci): select full Kova performance reports (#103863)
|
2026-07-10 19:01:30 +01:00 |
|
Peter Steinberger
|
b597a8d364
|
fix(release): restore prerelease and release validation startup (#103834)
* fix(release): split image publication from validation
* fix(ci): honor install smoke caller input
* fix(ci): harden Docker rerun targeting
|
2026-07-10 18:46:08 +01:00 |
|
Peter Steinberger
|
906f1b816f
|
fix(ci): update Kova performance model owners (#103839)
|
2026-07-10 18:08:37 +01:00 |
|