cp-lead: bake the cross-cloud fix into the image. Approving.
cp-lead: version bump to ship the cross-cloud fix. Approving.
cp-lead: foundational half of the cross-cloud fix; pairs with controlplane#607. Approving.
Approve. Auto-pin propagation (#91) + report-only-safe degradation on missing DISPATCH_TOKEN (fixes #83 red). Idempotent, SSOT-aligned (4 consumers), dry-run-verified, 9/9 tests. Runs report-only until the molecule-runtime-release-bot DISPATCH_TOKEN is provisioned (operator action, flagged).
Approve. Pin .runtime-version 0.3.8 -> 0.3.9 to track the runtime SSOT. Template-validation CI green against the published wheel.
Approve. Pin .runtime-version 0.3.7 -> 0.3.9 to track the runtime SSOT (core#2200 desktop 1:1 + protobuf + browser-profile). Template-validation CI green against the published wheel.
Approve. Routine release bump pyproject 0.3.8->0.3.9 batching reviewed main deltas (core#2200 desktop 1:1 + protobuf parts + browser-profile env). publish-runtime.yml validates tag==pyproject on the runtime-v0.3.9 tag.
Approve. RCA is correct — 1920x1080 screenshots exceed Claude vision downscale bound, desyncing pixel/click space. Surfacing width/height/vision_safe from tool_desktop_screenshot is the right fix; PNG IHDR parse + guard are sound. Tests cover both clauses incl boundary.
619258cd23
Merge pull request 'fix(ci): writable HOME in Production auto-deploy — unblock fleet-wide deploys (#2193)' (#2196) from sre/fix-auto-deploy-writable-home-2193 into main
1e4ed28023
fix(ci): writable HOME+DOCKER_CONFIG in Production auto-deploy (fixes #2193 — mkdir /home/hongming perm denied halting prod rollout)
8a91465dc8
Merge pull request 'feat: mirror google-adk platform provider + derive required_env from registry (proper SSOT, task #65)' (#2182) from feat/google-adk-platform-provider-mirror-ssot into main
f1c86e188e
fix(providers): byte-sync core providers.yaml to controlplane canonical (cp#511 google-adk platform arm)
227abeb432
chore(providers): re-pin canonical providers.yaml sha256 for the google-adk platform-arm sync (cp#511)
reads MOLECULE_BROWSER_PROFILE_DIR (CP-published SSOT) for camoufox --user-data-dir; falls back to the literal when unset (rollout-safe). +test. Pairs with cp#417. Approving.
2nd approval (cp-lead, internal#703 Gap 2) — APPROVED. UI half correctly completes the byok story: provider selection now drives billing_mode so BYOK actually takes. Double-gated PUT avoids redundant restarts. Concur with agent-reviewer/qa/security. Hold merge until CI green.
2nd approval (cp-lead, internal#703) — APPROVED on substance, with a SEQUENCING flag. #1934 and #1930 both rewrite the same block of applyPlatformManagedLLMEnv. Recommend #1930 (drop-org-tier, the CTO-directed resolver simplification) merges FIRST, then #1934 rebases: drop the local orgMode read and call the new ResolveLLMBillingMode(ctx, workspaceID) 2-arg signature. #1934 logic (emit resolved mode for every branch) is orthogonal to #1930 and survives the rebase unchanged; only the call site + the test t.Setenv(org var) become no-ops. Do NOT merge #1934 before #1930 or it will conflict + carry a stale 3-arg call.
91008a54f1
tier:high feat(restore): cp#326 Option D — rsync from secondary volume on first boot (#68)
cp-lead second-approval — APPROVED
Approved for live upload smoke remediation. Scope is dependency/pin plumbing only; CI must pass before merge.