6176 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Molecule AI Core-DevOps	5888238147	Resolve conflict: keep OFFSEC-010 collectCPConfigFiles with ce542cb26 nil-return fix	2026-05-14 21:34:00 +00:00
devops-engineer	69f46d56c7	Merge pull request 'fix(handlers): CWE-78 guard + rows.Err() checks — hotfix for staging regressions' (#1071) from fix/offsec-003-boundary-wrapping into main	2026-05-14 21:21:43 +00:00
Molecule AI · core-security	c11a5e37ce	Merge branch 'main' into fix/offsec-003-boundary-wrapping	2026-05-14 21:19:31 +00:00
devops-engineer	1df0e378b6	Merge pull request 'fix(workspace): OFFSEC-003 — escaped boundary markers + closer truncation (main)' (#1073) from fix/offsec-003-escaped-markers-main into main	2026-05-14 21:17:38 +00:00
Molecule AI · core-security	9ce484886d	merge: resolve conflicts with main — keep CWE-78 guard + rows.Err() checks ... Conflict resolution for PR mc#1071 targeting main: - org_helpers.go: deduplicate expandEnvRef/isEnvIdentStart/isEnvIdentPart (added inline by main, also present in branch with doc comment; kept documented version) - org_helpers_pure_test.go: merge whitespace-only formatting conflicts (take main alignment) - org_helpers_security_test.go: merge style conflicts + keep main POSIX guard tests - instructions_test.go: keep both branches of add/add conflict - delegation_list_test.go: keep main version (branch deleted it) Security fix (CWE-78) and rows.Err() checks are identical in both branches and remain intact. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 21:09:07 +00:00
Molecule AI Core-QA	25866ec200	fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation ... Two bugs fixed in tool_delegate_task wrapping logic: 1. Wrapping used raw _A2A_BOUNDARY_START/_END markers, which appeared in the output alongside the escaped form of the peer content (e.g. "[A2A_RESULT_FROM_PEER]\n[/ A2A_RESULT...]"). Fixed: wrap with _A2A_BOUNDARY_START_ESCAPED/_END_ESCAPED so the output contains no raw closer that could confuse downstream parsers. 2. A malicious peer could inject a fake closer ([/A2A_RESULT_FROM_PEER]) to make legitimate content appear truncated. Fixed: truncate at the raw closer BEFORE sanitization (truncation loses the raw form, so escaping afterward cannot retroactively remove it). Also fixes 10 regressions in test_a2a_offsec003_sanitization.py: tests were written expecting ZWSP (U+200B) escaping but implementation uses "[/ " prefix. Updated test invariants to match actual behavior. Also fixed 5 tests using [A2A_ERROR] in summary fields (not a boundary marker — no escaping applied) and updated test assertions in test_a2a_tools_impl.py and test_delegation_sync_via_polling.py to expect escaped wrapper forms. Cherry-picked fix/test-stdio-function-name (e478b5b2) from main: renamed _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible and added deprecated alias, fixing dangling monkeypatch targets that caused 5 test failures (issue #957). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 21:01:34 +00:00
devops-engineer	c1d23380b6	Merge pull request 'fix(canvas): load chat history in MobileChat' (#1062) from fix/mobile-chat-history into main	2026-05-14 20:53:21 +00:00
hongming	679ed9a697	Merge branch 'main' into fix/mobile-chat-history	2026-05-14 20:51:35 +00:00
devops-engineer	785112955f	Merge pull request 'fix(workspace): rename _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible' (#1063) from fix/stdio-v2 into main	2026-05-14 20:50:43 +00:00
hongming	af90c80e52	Merge branch 'main' into fix/mobile-chat-history	2026-05-14 20:41:29 +00:00
Molecule AI Core-BE	b72ec7dcfc	fix(handlers): restore rows.Err() checks in secrets.go — 6 scan loops ... Re-add the `rows.Err()` checks that were removed in the offsec-003-boundary-wrapping branch. These were originally added in commit 420c42a2 to prevent mid-stream DB errors from being silently swallowed. Affected functions: - List() workspace-level scan loop — catches DB errors during workspace secret iteration - List() global scan loop — catches DB errors during global secret iteration - Values() global scan loop — catches DB errors during global secret decryption scan - Values() workspace scan loop — catches DB errors during workspace secret decryption scan - ListGlobal() scan loop — catches DB errors during global-only listing - restartAllAffectedByGlobalKey() scan loop — catches DB errors when listing workspaces affected by a global secret change (issue #15 propagation path) Fixes issue #1061. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:21:17 +00:00
Molecule AI Core-BE	b75fe86470	fix(handlers): restore CWE-78 guard — partial refs like \$HOME/path stay literal ... Replaces the os.Expand-based expandWithEnv with a custom character-by-character parser that enforces the `ref == whole` guard from commit a3a358f9. os.Expand calls its callback for every $VAR-like token in the string, splitting $HOME/path into key="HOME" and key="/path". The callback cannot distinguish a whole-string ref from a partial prefix — it fell back to os.Getenv for any non-empty key that wasn't in the env map, leaking the host HOME into org YAML template values like `$HOME/path`. Fix: walk the string ourselves. Only call os.Getenv when the matched reference IS the entire input string (ref == whole). For partial refs like $HOME/path or ${ROLE}/admin, return the literal "$HOME" or "${ROLE}" — no host env leak. Tests: - Add 14 regression tests in org_helpers_security_test.go covering $HOME/path, ${ROLE}/admin, prefix$ROLE/suffix, mixed partial+whole, etc. - Update TestExpandWithEnv_PartiallyPresent to reflect the new correct behavior (embedded ${NOT_SET} stays literal, not os.Getenv fallback). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:08:46 +00:00
Molecule AI Core-DevOps	e51f7004b3	fix(workspace): rename _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible ... Rename the canonical function to `_assert_stdio_is_pipe_compatible` with a deprecated alias `_warn_if_stdio_not_pipe` for backward compat. Updates all 5 test import sites. Fixes dangling monkeypatch targets in test_a2a_mcp_server_http.py (which patches `_assert_stdio_is_pipe_compatible`; main's source defined the old name, causing patches to silently no-op). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 20:05:56 +00:00
devops-engineer	8868cbe1a4	Merge pull request 'fix(ci): kill stale platform-server before binding port' (#1048) from sre/fix-stale-platform-server-port into main ... fix(ci): kill stale platform-server before binding port Kills zombie platform-server processes left by cancelled/timeout runs before binding :8080. Auto-merged by orchestrator. tier:low, required checks green, core-devops APPROVED.	2026-05-14 19:58:53 +00:00
core-be	0cf2fa6297	fix(canvas): load chat history in MobileChat ... MobileChat previously only read from the canvas store's agentMessages buffer, which is populated by desktop ChatTab (never runs on mobile) and live WebSocket events (only new messages). This meant opening chat on a phone / WebView showed an empty 'Send a message to start chatting' state even when history existed. - Load history via GET /workspaces/{id}/chat-history?limit=50 on mount - Consume live agentMessages from the store while the panel is open - Show loading spinner while fetching and surface errors - Update tests to mock api.get and consumeAgentMessages	2026-05-14 12:52:42 -07:00
Molecule AI Core-QA	99df6504de	fix(workspace/OFFSEC-003): correct boundary wrapping + add closer truncation ... Two bugs fixed in tool_delegate_task wrapping logic: 1. Wrapping used raw _A2A_BOUNDARY_START/_END markers, which appeared in the output alongside the escaped form of the peer content (e.g. "[A2A_RESULT_FROM_PEER]\n[/ A2A_RESULT...]"). Fixed: wrap with _A2A_BOUNDARY_START_ESCAPED/_END_ESCAPED so the output contains no raw closer that could confuse downstream parsers. 2. A malicious peer could inject a fake closer ([/A2A_RESULT_FROM_PEER]) to make legitimate content appear truncated. Fixed: truncate at the raw closer BEFORE sanitization (truncation loses the raw form, so escaping afterward cannot retroactively remove it). Also fixes 10 regressions in test_a2a_offsec003_sanitization.py: tests were written expecting ZWSP (U+200B) escaping but implementation uses "[/ " prefix. Updated test invariants to match actual behavior. Also fixed 5 tests using [A2A_ERROR] in summary fields (not a boundary marker — no escaping applied) and updated test assertions in test_a2a_tools_impl.py and test_delegation_sync_via_polling.py to expect escaped wrapper forms. Cherry-picked fix/test-stdio-function-name (e478b5b2) from main: renamed _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible and added deprecated alias, fixing dangling monkeypatch targets that caused 5 test failures (issue #957). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 19:11:31 +00:00
hongming	39f2dd99aa	ci: refire (fix gate-check: review 3237 dismissed, sop-n/a security-review added)	2026-05-14 18:46:10 +00:00
Molecule AI Core-QA	c38df4df9c	fix(workspace): rename _warn_if_stdio_not_pipe → _assert_stdio_is_pipe_compatible ... The test file on main patches a2a_mcp_server._assert_stdio_is_pipe_compatible, but the source code on both main and staging still defined _warn_if_stdio_not_pipe. Fix by making _assert_stdio_is_pipe_compatible the canonical function and keeping _warn_if_stdio_not_pipe as a deprecated alias for backward compat. Fixes: regression in test_a2a_mcp_server_http.py (5 tests) and test_a2a_mcp_server.py (4 tests) that were failing due to dangling monkeypatch targets. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 18:38:12 +00:00
hongming	51f5aa82ee	ci: refire CI run	2026-05-14 18:30:29 +00:00
Molecule AI Infra-SRE	15c058071a	chore: trigger fresh CI run to clear stale statuses	2026-05-14 18:15:15 +00:00
Molecule AI Infra-SRE	c7ffa43166	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step is skipped. The next run's ephemeral port probe (socket.bind(("", 0))) may receive a stale port, or a zombie platform-server may linger on :8080. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. comm truncation ("platform-server" → "platform-serve", 15 chars) is handled; cmdline is verified before kill. Uses only shell builtins + grep + kill — available on any Ubuntu runner. Refs: internal#374, issue #1046 ## Comprehensive testing performed <!-- comprehensive-testing -->CI: Lint workflow YAML (Gitea-1.22.6-hostile shapes) ✅, sop-tier-check ✅, Block internal-flavored paths ✅. YAML validated with python3 yaml.safe_load before commit. ## Local-postgres E2E run <!-- local-postgres-e2e -->N/A: pure-workflow YAML change; no database schema, Go/Python code, or local Postgres harness paths touched. ## Staging-smoke verified or pending <!-- staging-smoke -->scheduled post-merge canary; no server-side changes. ## Root-cause not symptom <!-- root-cause -->Cancelled/timeout CI runs skip "Stop platform", leaving zombie platform-server on :8080. Ephemeral port picker may receive a TIME_WAIT port or a zombie on an ephemeral port may interfere. ## Five-Axis review walked <!-- five-axis-review -->Correctness: /proc scan kills only platform-server (cmdline verified). Readability: self-contained with inline comments. Architecture: no server code change. Security: read-only scan, kill only exact binary match. Performance: O(n_procs), negligible. ## No backwards-compat shim / dead code added <!-- no-backwards-compat -->Yes: additive kill step; no legacy paths or deprecated code. ## Memory/saved-feedback consulted <!-- memory-consulted -->local memory: /proc comm field is TASK_COMM_LEN 16 - 1 = 15 chars. "platform-server" (16) → "platform-serve" (15). Must grep truncated form, verify with cmdline. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00
Molecule AI Infra-SRE	9b445366f6	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step is skipped. The next run's ephemeral port probe (socket.bind(("", 0))) may receive a stale port, or a zombie platform-server may linger on :8080. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. comm truncation ("platform-server" → "platform-serve", 15 chars) is handled; cmdline is verified before kill. Uses only shell builtins + grep + kill — available on any Ubuntu runner. Refs: internal#374, issue #1046 ## Comprehensive testing performed <!-- comprehensive-testing -->CI: Lint workflow YAML (Gitea-1.22.6-hostile shapes) ✅, sop-tier-check ✅, Block internal-flavored paths ✅. YAML validated with python3 yaml.safe_load before commit. ## Local-postgres E2E run <!-- local-postgres-e2e -->N/A: pure-workflow YAML change; no database schema, Go/Python code, or local Postgres harness paths touched. ## Staging-smoke verified or pending <!-- staging-smoke -->scheduled post-merge canary; no server-side changes. ## Root-cause not symptom <!-- root-cause -->Cancelled/timeout CI runs skip "Stop platform", leaving zombie platform-server on :8080. Ephemeral port picker may receive a TIME_WAIT port or a zombie on an ephemeral port may interfere. ## Five-Axis review walked <!-- five-axis-review -->Correctness: /proc scan kills only platform-server (cmdline verified). Readability: self-contained with inline comments. Architecture: no server code change. Security: read-only scan, kill only exact binary match. Performance: O(n_procs), negligible. ## No backwards-compat shim / dead code added <!-- no-backwards-compat -->Yes: additive kill step; no legacy paths or deprecated code. ## Memory/saved-feedback consulted <!-- memory-consulted -->local memory: /proc comm field is capped at 15 chars ( TASK_COMM_LEN 16 - 1). "platform-server" (16) → "platform-serve" (15). Must grep truncated form, verify with cmdline. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00
Molecule AI Infra-SRE	3fadf89e43	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step (line 335) is skipped. If the stale process is still on an ephemeral port, the next run's socket.bind(("", 0)) can receive a port still in TIME_WAIT, or the stale process may interfere with the /health probe. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. Only kills processes whose cmdline contains "platform-server" (safe — ignores other Go binaries). Uses only shell builtins + grep + kill — available on any Ubuntu runner. The /proc comm field is truncated to 15 chars, so the binary named "platform-server" appears as "platform-serve" in /proc/*/comm. cmdline is verified before kill to avoid false positives. Refs: internal#374, issue #1046 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00
hongming	f06afb18e3	chore: trigger workspace-server image rebuild ... Rebuild bakes updated openclaw config.yaml (adds MiniMax M2.7 and Kimi K2.6 entries) into /workspace-configs-templates.	2026-05-14 17:35:03 +00:00
devops-engineer	45fb96e475	Merge pull request 'fix(queue): catch ApiError in main() so transient failures dont crash workflow' (#1045) from fix/queue-script-error-handling into main	2026-05-14 17:09:13 +00:00
Molecule AI Infra-SRE	8ec2f4f33d	chore: trigger CI re-eval	2026-05-14 10:06:18 -07:00
Molecule AI Infra-SRE	6baeb1f7e2	fix(queue): catch ApiError in main() so transient failures don't crash the workflow ... The queue script exits with code 1 when any api() call raises ApiError (e.g. 401/403 from missing/wrong AUTO_SYNC_TOKEN, or network errors). Since the queue runs every 5 minutes, returning non-zero permanently fails the workflow run and blocks all future ticks. Fix: wrap process_once() call in main() with try/except catching ApiError, URLError, and TimeoutError. Log via ::error:: annotation and return 0 so the workflow is marked success and the next tick can retry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 10:06:18 -07:00
devops-engineer	c6023e45d1	Merge pull request 'test: satisfy staticcheck on PR regression tests' (#1043) from fix/staticcheck-pr-regression-tests into main	2026-05-14 16:53:52 +00:00
hongming-codex-laptop	033c1b9bd4	test: satisfy staticcheck on PR regression tests	2026-05-14 09:43:04 -07:00
devops-engineer	b1f740013d	Merge pull request 'fix(handlers): synchronize async DB users in race tests' (#1041) from fix/main-async-db-race into main	2026-05-14 16:41:37 +00:00
hongming-codex-laptop	19fce4d400	fix(handlers): keep embedded missing env refs literal	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	096faa2562	fix(provisioner): seed configs before container start	2026-05-14 09:37:52 -07:00
hongming-codex-laptop	1c3b4ff321	fix(handlers): synchronize async DB users in race tests	2026-05-14 09:37:52 -07:00
devops-engineer	3ddc8a0300	Merge pull request 'fix(handlers): add rows.Err() checks after all secrets scan loops' (#1039) from fix/secrets-rows-err-check into main	2026-05-14 16:26:20 +00:00
Molecule AI Core-BE	420c42a202	fix(handlers): add rows.Err() checks after all secrets scan loops ... Regression from audit #109: rows.Err() checks were removed from List, ListGlobal, restartAllAffectedByGlobalKey, and Values between commits 3a30b073 and b25b4fb6. Without these checks, a mid-stream query error (e.g. connection loss during iteration) is silently ignored and partial results are returned as if the query succeeded. Fix: add if err := rows.Err(); err != nil { log.Printf(...) } after every for rows.Next() loop in secrets.go. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:17:31 -07:00
devops-engineer	cee43a6dd8	Merge pull request 'fix(handlers): restore POSIX-identifier guard in expandWithEnv (CWE-78, MC#982 regression)' (#1030) from fix/982-posix-identifier-guard into main	2026-05-14 16:12:26 +00:00
Molecule AI Infra-SRE	499e204a82	chore: trigger CI for SOP gate re-check (n/a declarations added)	2026-05-14 09:07:04 -07:00
Molecule AI Core-DevOps	a3a358f968	fix(handlers): restore POSIX-identifier guard in expandWithEnv (CWE-78) ... Restore the POSIX shell-identifier guard in expandWithEnv (org_helpers.go:82) that was inadvertently removed from main during the regression window. Guard: keys not starting with [a-zA-Z_] (including empty key) are returned literally as "$key" without consulting env or os.Getenv. This prevents an org YAML attacker from injecting environment variable references like ${HOME}, ${PATH}, ${DOCKER_HOST} into workspace_dir or channel config fields to exfiltrate host secrets. Also restore org_helpers_pure_test.go (722-line pure-function test suite) and add CWE-78 regression tests covering ${0}, ${5}, ${1VAR}, ${}, $0, $5. Fixes MC#982 regression. Co-Audit: core-offsec, core-security. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 09:07:04 -07:00
devops-engineer	ed01130536	Merge pull request 'fix(handlers): repair instructions test compile' (#1028) from fix/handlers-instructions-test-compile into main	2026-05-14 15:50:42 +00:00
hongming-codex-laptop	3359580502	fix(handlers): repair instructions test compile	2026-05-14 08:20:32 -07:00
devops-engineer	c0bbcb7756	Merge pull request 'fix(canvas/ThemeToggle): replace querySelectorAll with Array.from children approach' (#1017) from design/themetoggle-test-teardown-fix into main	2026-05-14 15:07:31 +00:00
Molecule AI Core-UIUX	20241de570	fix(canvas/ThemeToggle): resolve 5 pre-existing INDEX_SIZE_ERR test errors ... Root cause: handleKeyDown used querySelectorAll("> [role=radio]") to find the next radio button after a key press. jsdom's selector parser throws INDEX_SIZE_ERR on the child-combinator selector in test environments, which @asamuzakjp/dom-selector surfaces as SyntaxError. The error always fired after the last keyboard-navigation test in each describe block (ArrowRight, ArrowLeft, ArrowDown, Home, End = 5 errors) and was non-fatal to the test pass count (18/18 still passed). Fix: 1. Replace querySelectorAll("> [role=radio]") with Array.from(radiogroup.children).filter(el => el.tagName === "BUTTON" && el.getAttribute("role") === "radio" ) — avoids the child-combinator selector entirely. 2. Guard the focus call with isConnected check to survive React StrictMode double-invocation of the handler during re-render. 3. Add bounds check (next < btns.length) before accessing btns[next]. Result: 18/18 pass, 0 errors (was 18/18 pass, 5 errors). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 14:37:29 +00:00
devops-engineer	5738f53ee8	Merge pull request 'fix(ci): repair delegation list and merge queue tests' (#1013) from fix/main-red-cdb0b040-ci-tests into main	2026-05-14 14:36:38 +00:00
hongming-codex-laptop	0b47f9516d	fix(ci): repair delegation list and merge queue tests	2026-05-14 14:19:42 +00:00
devops-engineer	2a476c3bbb	Merge pull request 'fix(ci): add job-level if: to canvas-deploy-reminder (mc#958 root-fix)' (#1015) from sre/ci-required-drift-canvas-reminder-skip into main	2026-05-14 14:17:21 +00:00
Molecule AI Infra-SRE	7888f96f45	fix(ci): add job-level if: to canvas-deploy-reminder (mc#958 root-fix) ... canvas-deploy-reminder had step-level gating (REF_NAME != refs/heads/main) but no job-level `if:`. The ci-required-drift.py ci_job_names() skip logic only detects job-level `github.ref` gates, so canvas-deploy-reminder was flagged as F1 (missing from all-required.needs) despite being intentionally excluded. Fix: - Added job-level `if: github.ref == 'refs/heads/main'` to canvas-deploy-reminder so ci-required-drift.py correctly skips it from ci_job_names() F1 check - Added canvas-deploy-reminder to all-required.needs (sentinel handles skipped job result correctly) - Removed stale continue-on-error: true (was mc#774 interim mask; step exits 0 when not applicable) The step-level exit 0 is preserved for the "canvas not changed" case on main pushes. The job-level `if:` makes the main-push-only scope visible to the drift detector. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 13:58:40 +00:00
devops-engineer	4e92e46182	Merge pull request 'test(handlers): add InstructionsHandler coverage — 18 sqlmock cases' (#1005) from test/instructions-handler-coverage into main	2026-05-14 13:58:27 +00:00
Molecule AI Core-BE	f417c1a870	test(handlers): add InstructionsHandler coverage — 18 cases ... Add sqlmock unit tests for InstructionsHandler (instructions.go): - List: empty result, scope filter, workspace_id filter, DB error - Create: success (global), success (workspace with scope_target), invalid scope, workspace scope missing scope_target, content too long (>8192), title too long (>200) - Update: success, not found (0 rows), content too long, title too long - Delete: success, not found (0 rows) - Resolve: empty workspace, with global+workspace instructions, missing workspace_id - scanInstructions: rows.Err() handled gracefully (continues, not fatal) All 18 tests cover the DB query paths using sqlmock.	2026-05-14 13:49:43 +00:00
devops-engineer	8628d5cd2d	Merge pull request 'fix(ci): add explicit 20m timeout to canvas-build job' (#1006) from sre/canvas-build-timeout into main	2026-05-14 13:49:05 +00:00
Molecule AI Infra-SRE	4262c0a3db	fix(ci): add explicit 20m timeout to canvas-build job ... Cold runner cache causes O(npm install) to take ~14m on first run. Without an explicit job-level timeout, Gitea's hard limit (~15m) is the active constraint — a single slow build would timeout instead of completing successfully. Matches the pattern already used by platform-build (timeout-minutes: 15). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 13:30:01 +00:00