APPROVED — pin bump only; rebuilds image with provider-honoring runtime.
APPROVED — pin bump only; rebuilds image with provider-honoring runtime.
APPROVED — rebuild carries the merged openai-alias adapter.
APPROVED — release bump; matches tag runtime-v0.3.7 to be cut.
APPROVED — runtime/credential axis. Confirmed normalise_llm_env runs at main 0.1b after load_config so config.provider is populated, and still before run_preflight; the guard mutates env in place ahead of adapter/executor construction, so the claude-code SDK never sees a foreign CLAUDE_CODE_OAUTH_TOKEN on a minimax/openai/moonshot workspace. No new imports, pure function, fail-safe on empty provider. Matches the live drain evidence on DevB (oauth present, minimax wiring absent).
Approved: single-file runtime pin bump to 0.3.6. Verified diff is only .runtime-version 0.3.5 -> 0.3.6; local template tests pass with python3 -m pytest tests/ -q (89 passed). Gitea action runs for this PR are Cancelled/no active task rather than failing code.
Reviewed five-axis pass: correctness OK from local full suite and live F11 fullscreen proof; security OK (still argv/no shell); architecture OK as narrow desktop browser post-launch behavior; performance negligible. Gitea checks are Waiting with no action_task rows, so approval is based on direct verification.
Reviewed PR #61: one-line .runtime-version bump 0.3.4 to 0.3.5 after runtime-v0.3.5 publish/cascade run 113136 succeeded. No findings. PR checks are Waiting with no action_task rows; approval based on direct diff verification.
Reviewed five-axis pass: correctness OK based on local full suite and live Xorg/Firefox rendering proof; readability/architecture OK (narrow browser preference/display backend changes); security OK (URL remains argv, no shell, display remains localhost-only); performance OK for display-enabled workspaces only. Gitea checks are Waiting with no action_task rows, so approval is based on direct verification.
Reviewed PR #60: one-line .runtime-version bump from 0.3.2 to 0.3.4 after runtime-v0.3.4 publish/cascade run 112543 succeeded. No correctness/security/performance findings; PR checks 112587/112589 are Waiting with no action_task rows, so approval is based on direct diff verification.
Approved release bump for attachment-capable channel install.
Reviewed five-axis pass for PR #68: correctness OK (Falkon launch uses argv/env, deterministic xdotool sizing matches live Xvfb proof); readability/architecture OK (narrow desktop tool change); security OK (URL remains argv, no shell); performance OK (one bounded xdotool call); tests OK (desktop tool coverage plus local full suite). Gitea CI is stuck Waiting with no task rows, so approving based on local verification: PYTHONPATH=$PWD pytest tests/test_desktop_tools.py -q and PYTHONPATH=$PWD pytest -q.
Approved release bump for runtime 0.3.3.
Reviewed five-axis pass: single-file runtime pin bump to 0.3.2; static/unit/runtime/T4/secret concrete jobs green.
Reviewed five-axis pass: focused browser selection fallback for Xvfb display; tests and CI green.
Reviewed five-axis pass: single-file runtime pin bump to 0.3.1; PR validation and secret scan green.
Reviewed five-axis pass: correctness/readability/architecture/security/performance OK for focused Xvfb Chrome launch flags; tests and CI green.
Approved after runtime-v0.3.0 publish and claude-code .runtime-version bump landed. The import compatibility blocker is resolved; prompt ordering is correct.
Approved after runtime-v0.3.0 publish and claude-code .runtime-version bump landed. The import compatibility blocker is resolved; prompt ordering is correct.