feat(v0.8.2): Audit + parity sweep β 53-issue release#290
Merged
Conversation
This release-critical sweep addresses the Docker boot path, Cloudflare deployment drift, OpenAI-compatible request-shape regressions, vision URL SSRF validation, persistent security audit provenance, optional telemetry spans, and workspace-wide version synchronization. Cloudflare route parity is intentionally kept bounded: this commit adds a generated parity inventory and explicit Worker 501s for Node-only bridge routes, but does not claim complete Cloudflare parity. Constraint: Docker daemon was unavailable locally, so the image smoke is covered by CI wiring rather than a local container run. Rejected: Close issue #255 in this sweep | full Cloudflare route parity remains broader than a safe patch-release batch. Rejected: Hard import @opentelemetry/api | telemetry must remain optional for hosts without OTel installed. Confidence: medium Scope-risk: broad Directive: Do not change OpenAI Responses request fields without checking the current OpenAI API docs. Tested: npm run build; npm run typecheck; npm test (2,864 passed, 1 skipped); npm audit --audit-level=moderate (0 vulnerabilities); targeted provider/security/vision/Cloudflare route tests Not-tested: Local Docker image smoke because the Docker daemon was not running
Docker smoke needs the runtime HTTP server reachable through Docker port publishing, so the image now starts a Docker-specific server entrypoint that binds to 0.0.0.0 and preserves the same runtime.fetch request path. Constraint: Local Docker daemon is unavailable in this workspace; GitHub Actions is the Docker validation lane. Rejected: Keep the CI container as --rm | it deletes crash logs before failure diagnostics can be read. Rejected: Treat host curl failure as a CI-only workaround | the container entrypoint should bind explicitly. Confidence: medium Scope-risk: narrow Directive: Keep Docker smoke logging non-rm so failed entrypoints preserve container logs. Tested: npm run typecheck; npm test -- tests/capability-badges.test.ts; npm test (2,864 passed, 1 skipped); npm audit --audit-level=moderate Not-tested: Local Docker image smoke because the Docker daemon was not running
Docker builds were copying stale TypeScript incremental metadata without the matching dist directories, which let tsc skip package output and produced a runtime image missing workspace entrypoints. The image build now forces the project build and excludes tsbuildinfo cache files from the Docker context. Constraint: Docker context intentionally excludes package dist directories so the image proves it can build from source. Rejected: Copy local dist into the image | that would hide source-build regressions and weaken the smoke test. Confidence: high Scope-risk: narrow Directive: Keep Docker builds independent of local TypeScript incremental cache state. Tested: npm run typecheck; npm test -- tests/capability-badges.test.ts Not-tested: Local Docker image smoke because the Docker daemon was not running
The Docker smoke loop compared the full container id returned by docker run with the short ids printed by docker ps, so it treated a live container as failed before probing /healthz. The workflow now asks Docker for the exact container state before deciding whether to dump logs. Constraint: Docker daemon is unavailable locally, so GitHub Actions remains the container smoke validation lane. Rejected: Match short id prefixes manually | docker inspect directly answers the state for the known container id. Confidence: high Scope-risk: narrow Directive: Keep the smoke loop keyed by the exact container id returned from docker run. Tested: Reviewed workflow diff and previous Actions log showing the id-length mismatch. Not-tested: Local Docker smoke because the Docker daemon was not running
Add VPS Docker Compose plus Caddy artifacts and a Mac Mini launchd runbook so self-host deployments have concrete, repeatable entrypoints without changing runtime behavior. Constraint: Keep deployment support local and documented without pushing to a remote release branch. Rejected: Fold Tailscale SSRF policy into the deploy docs | that security behavior belongs to a separate opt-in network change. Confidence: high Scope-risk: narrow Directive: Keep deployment secrets in environment files or host secret stores, not checked-in Compose values. Tested: node package.json parse; bash -n deploy/launchd/install.sh Not-tested: docker compose up and launchctl bootstrap because those affect the host runtime.
Strengthen local security boundaries without changing happy-path runtime behavior: SSRF validation now blocks additional special-use transition ranges, Codex auth loading validates shape and warns on loose file permissions, and delegation depth is carried as a typed execution-context field through child agents and sandbox RPC. Constraint: Keep security hardening additive and non-breaking for existing valid auth files. Rejected: Fail closed on group-readable auth.json | warning first avoids breaking existing Codex CLI installs while still surfacing the risk. Rejected: Keep delegateDepth on an unsafe cast | typed context propagation lets nested tool paths preserve the guard. Confidence: high Scope-risk: moderate Directive: Do not weaken SSRF transition-range blocks without adding explicit opt-in policy and tests. Tested: npm run build; npm test -- tests/security.test.ts tests/delegate-tool.test.ts tests/codex-auth.test.ts Not-tested: Real Codex CLI auth refresh against OpenAI auth servers.
Implement the provider/tool batch without adding dependencies: OpenAI requests now retry transient 429/5xx responses, emit prompt-cache routing fields only for OpenAI-hosted endpoints, sort tool schemas for stable prefixes, expose cached token usage, use model-family token estimates, add reader-mode web.fetch byte caps, and expose voice.stt as a transcription alias. Constraint: AGENTS.md disallows new dependencies without explicit request, so token counting uses a local model-family estimator instead of adding a tokenizer package. Constraint: OpenAI prompt caching is automatic for matching prefixes; CrowClaw only adds stable routing fields and deterministic tool ordering. Rejected: Add a tokenizer dependency | dependency policy requires explicit approval. Rejected: Send prompt_cache_key to OpenAI-compatible backends | non-OpenAI providers may reject OpenAI-only parameters. Confidence: medium Scope-risk: moderate Directive: Keep provider-specific request fields gated by base URL or explicit config support. Tested: npm run build; npm test -- tests/openai-provider.test.ts tests/token-counting.test.ts tests/tools-breadth.test.ts tests/voice-tools.test.ts Not-tested: Live OpenAI prompt-cache hit rate or live rate-limit retry behavior.
CrowClaw needs durable cross-session recall, portable migration, and soft supply-chain checks before the 0.8.1 issue branch can absorb the next compatibility batch. This keeps the default paths backward-compatible while adding opt-in LLM summaries, scoped memory routing, tokenized memory search, skill content hashing, and Hermes/OpenClaw import plumbing. Constraint: Existing SKILL.md parsing remains synchronous, so hash verification runs in the async directory loader and explicit verifier helper.\nConstraint: Runtime LLM memory summaries are opt-in via CROWCLAW_MEMORY_SUMMARIZE to avoid surprise cost and latency.\nRejected: Make content_hash mismatches hard failures by default | existing community skills would become brittle without a migration window.\nRejected: Introduce a new migration package | the CLI already owns local CrowClaw layout discovery and command UX.\nConfidence: high\nScope-risk: moderate\nDirective: Do not make memory llmSummarize default-on without a cost and latency review.\nTested: npm run typecheck; npm test -- tests/skill-manifest.test.ts tests/memory-provider.test.ts tests/memory-manager.test.ts tests/storage-memory.test.ts tests/cli-commands.test.ts\nNot-tested: Real Hermes/OpenClaw user home imports; live provider-backed memory summarization.
Issue proposals ask for concrete production adapters without broadening runtime scope, so this batch adds the missing adapter surfaces behind explicit configuration and keeps local fallbacks deterministic in tests. The learning runner now scores expected outputs and exposes an Atropos-compatible environment facade. Tooling gains provider fallback chains for web search, vision, and image generation; gateway normalization recognizes WhatsApp and Signal; terminal execution can plan Singularity alongside hardened Docker commands. Constraint: External providers and container runtimes must remain opt-in and testable without live credentials. Rejected: Add new SDK dependencies | HTTP adapters and command planners cover the requested surfaces with less release risk. Rejected: Replace local test doubles with live provider calls | release verification must run without external accounts. Confidence: high Scope-risk: moderate Directive: Keep provider fallback ordering explicit and do not silently call paid or external services without configured credentials. Tested: npm run typecheck Tested: npm test -- tests/batch-trajectory.test.ts tests/atropos-env.test.ts tests/gateway-normalization.test.ts tests/tools-breadth.test.ts tests/local-executor.test.ts tests/runtime-terminal.test.ts tests/vision-real.test.ts tests/runtime-vision-image-routes.test.ts Not-tested: Live Atropos, Brave, Tavily, Exa, Gemini, Replicate, Singularity, Docker, and SSH runtimes
Make the 0.8.1 self-host path safer without broadening the runtime model: tailnet access stays explicit, provider secrets resolve through a fail-closed chain, and chat/webhook ingress now has rate and budget circuit breakers. This also keeps release verification green by preserving credential-pool cooldown semantics and accepting the legacy delegate-depth context key used by existing callers. Constraint: Tailnet private ranges stay blocked unless CROWCLAW_TAILNET_ALLOWLIST explicitly allows them Constraint: Secret references must fail closed instead of silently falling back to EchoProvider Rejected: Treating CGNAT or ULA ranges as public by default | weakens SSRF protections for self-hosted nodes Rejected: Retrying pooled 429s against the same key | bypasses credential cooldown and fallback behavior Confidence: high Scope-risk: moderate Directive: Keep tailnet fetch allowlists explicit and do not downgrade unresolved secret references to echo mode Tested: npm run typecheck Tested: npm test -- tests/security-critical.test.ts tests/provider-factory.test.ts tests/cli-commands.test.ts tests/tools-breadth.test.ts tests/runtime-telegram.test.ts tests/credential-pool.test.ts tests/delegate-tool.test.ts tests/delegate-enhanced.test.ts Tested: npm test Not-tested: live Tailscale daemon, live 1Password CLI, live systemd credential rotation, live SOPS backend Related: #265 Related: #266 Related: #267
Enable noUncheckedIndexedAccess and tighten unsafe indexed reads across shared packages so future route, tool, memory, and compression changes are checked by the compiler instead of relying on implicit array/map presence. Constraint: Type hardening must preserve current runtime behavior while turning on the stricter base tsconfig flag Rejected: Leave noUncheckedIndexedAccess disabled | this keeps the issue open and hides missing guards in shared code Confidence: high Scope-risk: moderate Directive: Prefer explicit guards/defaults for indexed reads; avoid reverting to non-null assertions unless the invariant is locally proven Tested: npm run typecheck Tested: npm test Related: #163
Add plugin manifests, catalog validation, memory-backend contracts, reference hook plugins, skill previews, scoped background process stores, and MCP/ACP real-data wiring so extension authors and runtime integrations have concrete contracts instead of stubs. Constraint: Do not add new dependencies or shell out to install community code in local tests Rejected: Implement arbitrary plugin clone/install execution | too broad for the issue and unsafe without a trust model Confidence: high Scope-risk: moderate Directive: Keep plugin manifests declarative; raw command execution must remain rejected by validation Tested: npm run typecheck Tested: npm test Related: #90 Related: #160 Related: #188 Related: #191 Related: #202 Related: #203
Add endpoint policy decisions, token-scope containment, runtime telemetry metrics, checkpoint auto-resume hooks, plugin/MCP catalog install APIs, gateway activity logging, and smaller runtime helper modules so operational surfaces are enforceable and observable locally. Constraint: Catalog installs must stay manifest-driven and authenticated; local work must not push or reach production Rejected: Keep MCP install as raw command text only | it preserves the RCE-prone UX called out in the audit Rejected: Split runtime-node by sweeping rewrite | too large for this issue batch, so only embedded protocol and gateway helpers were extracted Confidence: high Scope-risk: broad Directive: Keep install endpoints on dangerous-route auth; do not make raw command install the default path again Tested: npm run typecheck Tested: npm test Related: #73 Related: #74 Related: #82 Related: #96 Related: #155 Related: #189 Related: #190 Related: #199 Related: #200 Related: #201
Expand the dashboard with skill match explanations, usage breakdowns, security search, memory edit/pin/size controls, learning metrics, session browsing, provider slots, persona/config previews, gateway operations, locale/theme preferences, and Connect catalog flows so the next release has usable operator surfaces instead of hidden APIs. Constraint: Keep UI changes tied to existing runtime APIs and generated single-file dashboard output Rejected: Build a full translation catalog in this batch | would overgrow the audit fix; locale preference and shell-level switching are added first Confidence: high Scope-risk: broad Directive: Rebuild packages/web/src/generated.ts after any dashboard UI change Tested: npm run build:ui --workspace @crowclaw/web Tested: npm run build:html --workspace @crowclaw/web Tested: npm run typecheck Tested: npm test Related: #181 Related: #182 Related: #183 Related: #184 Related: #185 Related: #186 Related: #187 Related: #192 Related: #196 Related: #197 Related: #198 Related: #204 Related: #205 Related: #206 Related: #207 Related: #208 Related: #212 Related: #213 Related: #214 Related: #215 Related: #216 Related: #217 Related: #218 Related: #219 Related: #220 Related: #221 Related: #222 Related: #223 Related: #224 Related: #225 Related: #226 Related: #227 Related: #228
The 0.8.1 issue sweep needs the Node runtime entrypoint to stop owning every route, provider, gateway, and agent bootstrap concern in one file. The route dispatch ladder now lives in route-handlers, agent construction lives in agent-bootstrap, and gateway policy/delivery helpers live in gateway-wiring while index.ts remains the runtime assembler. Constraint: Issue #155 asks for a pure refactor with behavior preserved and tests remaining green Rejected: Keep only utility extraction | it left the REST and WS route ladder in index.ts and did not satisfy the issue Confidence: high Scope-risk: moderate Directive: Keep new route branches in route-handlers instead of growing index.ts again Tested: npm run typecheck Tested: npm test Tested: npm run build:ui --workspace @crowclaw/web Tested: npm run build:html --workspace @crowclaw/web Related: #155
Korean UI selection should affect both dashboard chrome and the LLM-facing runtime context, otherwise the language toggle is cosmetic. This adds lightweight EN/KO resources, sends the locale with API/SSE calls, and resolves localized persona and skill metadata when prompts are built. Constraint: Keep the dashboard layout stable while wiring locale through existing APIs Rejected: Translate every view string in one sweep | too broad for #204 and likely to create unrelated UI churn Confidence: high Scope-risk: moderate Directive: New prompt-facing metadata should pass through normalizeLocale/localizeSkillFile rather than hand-parsing locale keys Tested: npm run typecheck Tested: npm test Tested: npm run build:ui --workspace @crowclaw/web Tested: npm run build:html --workspace @crowclaw/web Related: #204
The release branch still had deployment and Cloudflare parity gaps after the earlier sweep. This fills the top-level Worker route coverage that operators expect from the dashboard, hardens Compose defaults, and makes the Mac Mini launchd path survive sleep and restart loops more predictably. Constraint: Keep self-host changes local and declarative; do not push or touch production infrastructure Rejected: Mark the parity table complete without Worker handlers | dashboard routes would still 404 on Cloudflare Confidence: high Scope-risk: moderate Directive: Regenerate docs/cloudflare-route-parity.md with scripts/audit-routes.mjs when route surfaces change Tested: npm run typecheck Tested: npm test Tested: node scripts/audit-routes.mjs Tested: docker compose config with required env values Tested: bash -n deploy/launchd/install.sh Related: #253 Related: #254 Related: #255 Related: #256 Related: #257 Related: #258 Related: #261 Related: #262 Related: #263 Related: #264
The final tools/provider sweep had small but release-relevant gaps: voice STT needed issue-named aliases, web fetch needed clearer format/cap behavior, Docker execution plans needed hardened defaults, and provider fallback metadata needed to recognize current GPT-5 model families and prompt-cache support. Constraint: Keep external providers opt-in and testable without live credentials Rejected: Add provider SDK dependencies | existing HTTP adapters and local planners cover the required behavior with less release risk Confidence: high Scope-risk: moderate Directive: Do not return simulated image or vision success when no configured provider key exists Tested: npm run typecheck Tested: npm test Tested: npm test -- tests/provider-mode.test.ts tests/tools-breadth.test.ts tests/vision-real.test.ts tests/local-executor.test.ts tests/v06-tools-security.test.ts tests/runtime-terminal.test.ts tests/cli.test.ts Related: #268 Related: #269 Related: #270 Related: #271 Related: #272 Related: #273 Related: #274 Related: #275 Related: #276 Related: #277 Related: #278 Related: #279 Related: #280 Related: #281 Related: #282 Related: #283 Related: #284 Related: #285 Related: #286 Related: #287 Related: #288
Keep the 0.8.1 release branch locally reviewable by finishing the runtime-node split and closing the exact verifier gaps for gateway token scope containment and memory backend plugins. Constraint: Work stays local on release/v0.8.1 with no push or PR. Rejected: Treat canMutateToken and MemoryBackendPlugin as sufficient by existence alone | the runtime routes and memory provider selection needed real integration. Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep index.ts as runtime orchestration; add new route or lifecycle logic to focused modules instead of growing the entrypoint. Tested: npm run typecheck; npm test; npm run build:ui --workspace @crowclaw/web; npm run build:html --workspace @crowclaw/web Related: #74 #90 #155
Finish the remaining local 0.8.1 issue sweep by wiring endpoint policy configuration, GenAI observability surfaces, restart checkpoint resume, and per-runtime terminal process ownership. Constraint: Work stays local on release/v0.8.1 with no push or PR. Rejected: Leave partial implementations behind the earlier helper APIs | verifier agents found missing config, event, route, and factory surfaces that needed first-class integration. Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep gateway policy, telemetry span names, checkpoint resume, and terminal session ownership covered by their focused tests before changing these surfaces. Tested: npm run typecheck; npm test -- --run tests/gateway-policy.test.ts tests/config-schema.test.ts tests/config-api.test.ts tests/runtime-node-gateway-outbound.test.ts tests/observability-otel.test.ts tests/event-bus.test.ts tests/checkpoint.test.ts tests/cli-commands.test.ts tests/tools-breadth.test.ts; npm test; npm run build:ui --workspace @crowclaw/web; npm run build:html --workspace @crowclaw/web; git diff --check Related: #73 #82 #96 #160
Preserve the local release branch work outside the commit trailers so the pending 0.8.1 PR can be reviewed with an explicit changelog entry and verification summary. Constraint: Work remains local on release/v0.8.1 with no push or PR. Rejected: Rely only on git trailers | release reviewers need a top-level changelog summary before publication. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Convert this Unreleased section into the final release section when publishing the branch. Tested: git diff --check Related: #73 #74 #82 #90 #96 #155 #160 #163 #204 #253 #254 #255 #256 #257 #258 #261 #262 #263 #264 #268 #269 #270 #271 #272 #273 #274 #275 #276 #277 #278 #279 #280 #281 #282 #283 #284 #285 #286 #287 #288
Make the local release sweep resumable from the repository itself instead of relying on chat context or final changelog summaries. Constraint: Work remains local on release/v0.8.1 with no push or PR. Rejected: Use only CHANGELOG.md | changelogs summarize releases after the fact and are too coarse for interruption recovery. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Update docs/release-v0.8.1-worklog.md before and after each future issue batch, including subagent ownership and verification evidence. Tested: git diff --check
Keep the release lane recoverable by recording the branch, commit, regression-test, and conflict-management rules in the live worklog before the next issue batch starts. Constraint: Work remains local on release/v0.8.1 with no push or PR. Rejected: Treat the process as chat-only guidance | interruption recovery requires repository-local instructions. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Follow this worklog before delegating, testing, staging, or committing future 0.8.1 issue batches. Tested: git diff --check
Record the 2026-05-03 remote-open issue audit before verifier agents inspect the remaining GitHub issues, so interruption recovery knows this batch was in progress. Constraint: Work remains local on release/v0.8.1 with no push or PR. Rejected: Wait until audit completion to update the ledger | the user requested live recording that survives interruptions. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Append verifier outcomes and any follow-up patches to docs/release-v0.8.1-worklog.md before the next implementation commit. Tested: git diff --check
Persist the first verifier outcomes from the open-issue audit before implementation starts, including the confirmed low-number pass set and the dashboard issues that still need patching. Constraint: Work remains local on release/v0.8.1 with no push or PR. Rejected: Keep verifier findings only in chat | live release recovery needs the unresolved issue list in the repository. Confidence: high Scope-risk: narrow Reversibility: clean Directive: Patch #243 #245 #249 #250 only after the remaining verifier ranges finish or their file ownership is confirmed. Tested: git diff --check
The local 0.8.1 sweep now has verifier-confirmed unresolved issues across dashboard, memory, protocol embedding, delegate metadata, and provider defaults. Recording the ownership split before implementation keeps the branch resumable if the parallel batch is interrupted. Constraint: Work must remain local on release/v0.8.1 without push or PR.\nConstraint: User requested live tracking so interruption does not lose state.\nRejected: Keep unresolved issue state only in chat | compaction or interruption would make the release lane ambiguous.\nConfidence: high\nScope-risk: narrow\nDirective: Update this ledger before and after each remaining issue batch.\nTested: git diff -- docs/release-v0.8.1-worklog.md\nNot-tested: Full test suite not needed for documentation-only checkpoint
The verifier pass found release-blocking gaps in memory management, embedded protocol servers, Cloudflare route parity, secret loading, semantic memory recall, delegate depth propagation, and Codex provider defaults. This batch closes those contracts together because they share runtime API surfaces and regression coverage for the 0.8.1 release branch. Constraint: Work remains local on release/v0.8.1; no push, PR, or remote issue closure.\nConstraint: Preserve existing public APIs where possible and avoid new dependencies.\nRejected: Treat SOPS references as documentation-only | the issue title explicitly includes sops and a CLI-backed source is small and fail-closed.\nRejected: Leave route parity inventory as advisory | CI needed a drift gate so future Node routes cannot silently miss Worker handling.\nConfidence: high\nScope-risk: broad\nDirective: Keep route audit rows either covered or explicitly unsupported_on_workers; do not reintroduce legacy delegate depth casts.\nTested: npm run build -- --pretty false\nTested: npm run typecheck\nTested: focused unresolved-gap tests, 12 files / 132 tests\nTested: npm test, 238 files / 2,982 tests\nTested: node scripts/audit-routes.mjs --check\nTested: git diff --check\nNot-tested: Push/PR/remote issue closure intentionally not performed
The remaining dashboard verifier gaps were coupled through the generated single-file bundle: markdown loading, visual reset tokens, live-region accessibility, reduced motion, and chat render volume all affect the same shipped artifact. This commit closes the dashboard slice as one reviewable batch and regenerates the served HTML. Constraint: No new frontend dependencies; keep existing Lit/Vite build flow.\nRejected: Keep glass fallbacks in unowned components | generated HTML still shipped legacy reset tokens and failed the release regression.\nRejected: Add virtualizer dependency | a bounded incremental render window closes the perf issue with less surface area.\nConfidence: high\nScope-risk: moderate\nDirective: Do not reintroduce eager highlight.js CDN assets or --glass-* dashboard tokens.\nTested: npm run build:ui --workspace @crowclaw/web\nTested: npm run build:html --workspace @crowclaw/web\nTested: npm test -- tests/dashboard-polish.test.ts tests/a11y.test.ts\nTested: npm test, 238 files / 2,982 tests\nTested: rg legacy glass/highlight.js token checks\nTested: git diff --check\nNot-tested: Browser visual screenshot pass not run for this non-layout-release batch
The local 0.8.1 branch now has verified implementation commits for the remaining runtime and dashboard gaps. Recording the exact SHAs, issue coverage, and verification evidence keeps the release lane resumable without relying on chat state. Constraint: User requested live release tracking that survives interruption.\nConstraint: Branch remains local release/v0.8.1 with no push or PR.\nRejected: Leave verification evidence only in commit messages | release handoff needs a repo-local ledger and changelog.\nConfidence: high\nScope-risk: narrow\nDirective: Continue updating this ledger before any additional release batch.\nTested: npm run build -- --pretty false\nTested: npm run typecheck\nTested: npm test, 238 files / 2,982 tests\nTested: npm run build:ui --workspace @crowclaw/web\nTested: npm run build:html --workspace @crowclaw/web\nTested: node scripts/audit-routes.mjs --check\nTested: git diff --check\nNot-tested: Push/PR/remote issue closure intentionally not performed
- Merge [Unreleased] release/v0.8.1 sweep section into single [0.8.2] CHANGELOG entry. Scope grew from 9 (PR #289) to 53 issues once the v0.6 / v0.7 audit-debt implementation contracts finished. - Bump README test count badge 2,864 -> 2,982 and rewrite the v0.8.2 line in the beta warning to reflect the consolidated 53-issue scope. - Rename docs/release-v0.8.1-worklog.md -> docs/release-v0.8.2-worklog.md with a header note recording the branch rename. Verification: - npm run typecheck β clean - npm test β 238 files, 2,982 / 2,982 (no skips on this run) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Reproduced npm test on the consolidated branch: 238 files, 2,982 passed, no skips. Earlier worklog/PR #289 [0.8.2] section had carried a "1 a11y placeholder skipped" line that no longer reflects current state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 2, 2026
Closed
subinium
added a commit
that referenced
this pull request
May 3, 2026
All 8 phases of the v0.8.3 sweep resolved as a GitHub-close pass with zero source code change. Verifier audit on main (commit 72fa31b) confirmed every issue in scope had already been implemented and shipped via earlier release PRs (#209, #211, #251, #252, #290), but those PRs used range syntax in their close clauses ("Closes #230-#240", "Closes the 10-issue gap (#241-#250)") which GitHub does not auto-process β leaving 52 issues in OPEN state despite the implementation being on main. - CHANGELOG [Unreleased] -> [0.8.3] with the 52-issue close summary, grouped by which earlier release shipped the work. - README updates: changelog badge v0.8.2 -> v0.8.3 and the beta warning rewritten to include "52-issue v0.8.3 GitHub-close pass". - docs/release-v0.8.3-worklog.md finalised with the per-phase result ledger and verifier evidence locations. Verification: - npm run typecheck β clean - node scripts/audit-routes.mjs --check β zero missing rows - gh issue list --state open --label priority/critical β 0 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
8 tasks
subinium
added a commit
that referenced
this pull request
May 3, 2026
* chore(release): bootstrap v0.8.3 sweep - Bump root + 19 packages + wrangler.jsonc 0.8.2 -> 0.8.3 via scripts/sync-versions.mjs. - Scaffold docs/release-v0.8.3-worklog.md with the 8-phase plan for the 52 issues that remained open at v0.8.2 cut. - Add CHANGELOG [Unreleased] stub for the sweep. - GitHub-closed verifier-confirmed issues #224, #242, #244, #246, #247, #248 (already shipped in v0.8.1 PR #252; verified in v0.8.2 PR #290). No code change for these closes. Phase order: critical bugs (#190, #212, #213, #214) -> Hermes harness (#231) -> wiring (#215, #216, #218) -> Hermes parity (#232-#240) -> Web UX wave (~22) -> memory/plugins (#186, #189, #191) -> Cloudflare parity (#255). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): finalize v0.8.3 GitHub-close pass All 8 phases of the v0.8.3 sweep resolved as a GitHub-close pass with zero source code change. Verifier audit on main (commit 72fa31b) confirmed every issue in scope had already been implemented and shipped via earlier release PRs (#209, #211, #251, #252, #290), but those PRs used range syntax in their close clauses ("Closes #230-#240", "Closes the 10-issue gap (#241-#250)") which GitHub does not auto-process β leaving 52 issues in OPEN state despite the implementation being on main. - CHANGELOG [Unreleased] -> [0.8.3] with the 52-issue close summary, grouped by which earlier release shipped the work. - README updates: changelog badge v0.8.2 -> v0.8.3 and the beta warning rewritten to include "52-issue v0.8.3 GitHub-close pass". - docs/release-v0.8.3-worklog.md finalised with the per-phase result ledger and verifier evidence locations. Verification: - npm run typecheck β clean - node scripts/audit-routes.mjs --check β zero missing rows - gh issue list --state open --label priority/critical β 0 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the v0.8.2 release-critical sweep that opened immediately after v0.8.1
plus the v0.6 / v0.7 audit-debt items whose implementation contracts had
been carried open across earlier releases. 31 commits across 8 parallel
sub-agents with strict file ownership; ~203 files changed, +20.4k / -8.1k
lines.
This PR supersedes #289 (the earlier 4-commit Docker / OpenAI Responses /
vision-SSRF slice). All four of those changes are included verbatim along
with the 25-commit audit-debt cleanup that landed on top, plus a release-prep
commit consolidating the CHANGELOG.
Issue scope (53 closes, 1 refs)
Critical
Provider / runtime correctness
v0.6 audit-debt cleanup
Memory / skills / embedded protocol surfaces
Tools (provider, fetch, voice, image, retry)
Security and access
Deployment (Docker, Cloudflare, self-host)
Dashboard polish (v0.8.1 verifier-gap follow-ups)
Localisation
Refs only
Verification
Caveats
Test plan
Closes #73
Closes #74
Closes #82
Closes #90
Closes #96
Closes #155
Closes #160
Closes #163
Closes #184
Closes #187
Closes #188
Closes #202
Closes #203
Closes #204
Closes #243
Closes #245
Closes #249
Closes #250
Closes #253
Closes #254
Closes #256
Closes #257
Closes #258
Closes #259
Closes #260
Closes #261
Closes #262
Closes #263
Closes #264
Closes #265
Closes #266
Closes #267
Closes #268
Closes #269
Closes #270
Closes #271
Closes #272
Closes #273
Closes #274
Closes #275
Closes #276
Closes #277
Closes #278
Closes #279
Closes #280
Closes #281
Closes #282
Closes #283
Closes #284
Closes #285
Closes #286
Closes #287
Closes #288
Refs #255
π€ Generated with Claude Code