CI/CD hardening WS2: fix CI fan-out — consolidate workflows + needs:-aggregator gate (make #2094 the standard) #2095
Open
opened 2026-06-01 07:54:00 +00:00 by core-be
·
1 comment
No Branch/Tag Specified
main
fix/75-filetree-memo
fix/75-config-tab-isdirty-memo
fix/84-chat-stop-control
feat/core-platform-agent-ensure
ssot/remove-core-json-mirror
fix/concierge-verified-online
ssot/core-consumes-contract-binding
fix/2598-my-chat-reply-reconcile
fix/2641-merge-commit-guard
fix/prod-deploy-pipeline-env-templating-and-killswitch
sev1/fix-saas-nil-provisioner-backend-recovery-fire
extract/repoint-external-workspace-sdk
sev1/fix-concierge-e2e-provision-workspace-ssot
fix/internal-797-postgres-integration-runner-label
fix/concierge-model-cp-ssot-3267-fu2
feat/promote-prod-latest
ci/mcp-verb-manifest-readpkg-from-infisical
fix/zone-count-drift-guardrail-965
ci/contract-ssot-sync-3285
fix/cf-account-id-path
ci/probe-infisical-key-presence
probe/infisical-key-presence
ci/secrets-autosync-core
ci/sync-providers-yaml-resync
ci/merge-queue-dry-run-dispatch
ci/forbid-handwritten-mcp-tool-id-literals
ci/secrets-staging-admin-sweeps
fix/sop-checklist-test-signature
ci/secrets-staging-admin-minimax
fix/prune-dns-hybrid-safety-gate
ci/fix-cf-zone-id-path
ci/secrets-cp-admin-janitor
ci/secrets-wave-b-aliases
ci/bot-tokens-to-infisical-molecule-core
chore/platform-agent-stale-create-workspace-comment
ci/guard-accesstoken-extractors
feat/3082-published-manifest-check
fix/3082-mcp-verb-ssot-provision-workspace
feat/3082-mcp-verb-ssot-contract
ci/null-safe-token-extractor-sweep
test/pin-moonshot-kimi-not-configured-failclosed
ci/null-safe-extractor-sweep
ci/migrate-cp-admin-api-token-infisical
refactor/runtime-default-secondary-fallbacks
fix/deterministic-create-workspace-real-side-effect
fix/a2a-queue-poll-extend-for-slow-model
fix/debake-platform-agent-completion
fix/concierge-warmup-ping
guardrail/contract-pin-required-tool
docs/runtime-platform-plugin-responsibilities
docs/sop-crossref-fixes
fix/deterministic-concierge-create-workspace-verification
fix/plugin-reconcile-stale-installed-row
fix/renew-prune-stale-e2e-dns-tracker-3244
feat/g80-guardrails-ssot
fix/concierge-runtime-generalization
chore/debake-core-localbuild
feat/asset-channel-system-prompt-allowlist
fix/bump-platform-agent-pin-7
fix/concierge-prompt-filename-ssot
fix/3230-local-provision-e2e-tracker-renewal
fix/3232-design-token-drift-gate-tracker-renewal
fix/renew-design-token-drift-tracker-3232
fix/renew-lifecycle-real-tracker-3230
fix/concierge-mgmt-mcp-reprovision-deadlock-33
fix/renew-prune-stale-dns-tracker-3234
fix/merge-gate-live-recheck-3210d
fix/deploy-gate-hardening-3210c
fix/merge-gate-hardening-3210b
fix/merge-gate-failopen-3210
draft/obs-railway-loki-drain-3214
fix/template-autorefresh-on-cache-miss-3211
fix/mcp-contract-legacy-removal-2
test/push-package-coverage
ci/required-contexts-enforced-ssot-3181
fix/handlers-activity-cte-expectation
fix/provider-base-url-fallback
fix/restart-preserves-switched-runtime
fix/runtime-switch-auto-reset-model
fix/create-workspace-complete-llm-config
ux/configtab-runtime-resets-model
fix/handlers-untested-helpers-2026-05-16
harden-merge-failclosed-1676-probe
fix/handlers-test-async-drain
test/org-import-pure-funcs
fix/scheduler-coverage-gaps
feat/canvas-growParentsToFitChildren-coverage
test/issue-1156-messaging-coverage
test/workspace-adapter-base-coverage
sre/fix-sop-test-parse-directives
fix/issue-1183-settingspanel-act-wrap
fix/queue-label-filter-all-ids
test-1675-canvas-user-activity-log-regression
docs/reconcile-platform-mcp-plugin
governance/require-sop-checklist-all-items-acked
docs/rfc-platform-mcp-plugin-lego-revision
governance/sop-checklist-scope-publicrepo
security/remove-public-runbooks-20260623
docs/rfc-platform-mcp-plugin-signoff
fix/rc12082-provision-time-provider-aware
fix/2141-sop-tier-check-fail-closed-tests
fix/2328-byok-create-gate-provider-aware
fix/3147-prune-stale-e2e-dns-tracker-renewal
fix/3089-design-token-drift-tracker-renewal
fix/delegation-list-shows-both-directions
test/canvas/Toolbar-a11y
fix/read-stored-model-secret-fail-closed
fix/2129-write-path-ssrf
fix/2129-chat-files-ssrf-2316
fix/2127-can-delegate-capability
fix/3168-rc13387-rest-delegate-gate
fix/3162-byok-fail-closed
staging
fix/issue-1171-rows-err-memory-events-channels
fix/channels-json-unmarshal-guard
fix/tokens-rate-limit-scan-err
pr-1117-check
fix/core-1117-proxy-test-races
fix/concierge-provider-empty-model
fix/schedules-cron-next-run-wallclock-race
feat/prune-dns-coe-tracker-renewal
feat/gitea-private-repo-fastfail
feat/mcp-contract-drift-runtime
feat/reserved-path-review-refire
feat/prune-cf-e2e-dns
fix/prune-dns-stale-mc3140-ref
ci/required-review-gates-3141
fix/2248-canvas-platform-managed-credential-gating
fix/sweep-cf-orphans-fail-closed
fix/sweep-aws-workspace-config-secrets
ops/ecr-lifecycle-iac
fix/3082-mcp-loaded-grace-window
fix/plugins-tab-loading-state
fix/csp-img-src-pin-exact-r2-host
fix/p0-sev-promote-platform-boot-blocking
fix/a2a-queue-drain-gateway-misclass
fix/csp-img-src-generated-images
feat/manifest-entry-existence-check
chore/local-tenant-smoke-script
fix/3123-redis-smoke-mirror-ci
fix/saas-listinstalled-eic-dispatch
fix/smoke-variant-b-core-infra
fix/smoke-health-path-healthz-to-health
fix/p0-sev-smoke-gate-add-redis
chore/bump-platform-agent-pin-ssot-molecule-platform
harden/platform-boot-merge-blocking
fix/ssot-degrade-gate-tool-from-contract
fix/313-block-staging-trigger
fix/p0-sev-image-smoke-gate
chore/internal-33-template-assets-consumed
rfc/image-gen-platform-metered
feat/2948-phase1-template-decouple
fix/canvas-approval-clamp-2026-06
core-3082-concierge-mcp-fail-loud
core-3080-mcp-plugin-delivery-contract
fix/concierge-e2e-poll-for-mcp-tool
fix/canvas-provisioning-loader
ssot/extend-mcp-plugin-delivery-contract
fix/3087-audit-force-merge-drift
fix/orgtoken-mint-ceiling
ci/core-3081-concierge-a2a-probe
fix/design-token-drift-tracker-ref
fix/main-red-concierge-mcp-name
fix/unskip-a2a-busy-predicate-test-3056
devops/fix-concierge-mcp-undefined-symbol
fix/3068-merge-queue-review-filter
fix/manifest-path-dev-test-cwd
fix/ratelimit-xff-bypass-test-179
fix/merge-queue-dismissed-request-changes-3068
fix/template-delivery-e2e-config-flake-3062
fix/drift-test-copy-chmod-v2
fix/canvas-chat-history-cap-f4
feat/org-token-audit-log
fix/concierge-plugin-fetch-auth
fix/3057-wedged-agent-health-signal
fix/3056-proxy-a2a-error-classification
feat/provision-request-contract
fix/saas-restart-template-redelivery
fix/concierge-mcp-gitea-source
fix/1269-secrets-compile-error-tests
fix/3048-staging-redeploy-diagnostics
fix/3047-redeclare-platform-mcp-on-boot
fix/3046-gate-platform-mcp-install-path
fix/concierge-provider-seed
rfc/platform-mcp-as-plugin
feat/canvas-app-token-drift-gate
fix/remove-stale-platform-agent-drift-test
hotfix/main-red-skip-stale-platform-agent-drift-test
fix/audit-force-merge-required-checks-drift
fix/mobile-chat-f9-loadolder-without-container
fix/mobile-chat-f7-composer-state-on-error
fix/mobile-chat-f8-token-cleanup-omap
fix/mobile-chat-f6-socket-error-logging
fix/mobile-chat-f5-history-error-banner
fix/316-drop-github-token-fallback
fix/orgtoken-session-userid
fix/rfc2843-32-fire-reconcile-on-register
fix/rfc2843-32-prevstatus-enum-coalesce
ci/template-delivery-e2e-include-registry
fix/2990-platform-agent-drift-test-copy-chmod
fix/template-asset-fetch-by-template-not-runtime
docs/rfc-marketplace-delivery
docs/rfc2948-phase1-template-engine-decoupling
fix/2983-continue-on-error-tracker
fix/2970-platform-agent-entrypoint-wiring
fix/drift-test-copy-chmod
fix/platform-agent-copy-chmod
fix/platform-agent-base-on-tenant
fix/platform-agent-image-autobump
fix/wire-platform-agent-image-build
fix/runtime-compat-resolved-model
fix/2919-sibling-identity-fallback
fix/2970-concierge-register-model-gate
feat/template-delivery-e2e-gate
fix/2967-safedialcontrol-fail-closed-lookupip
cr2/sec-c-2130-transcript-ssrf
fix/2132-transcript-ssrf-control-pre-sy
fix/core-2594-concierge-model-seed-regression
fix/2132-transcript-proxy-ssrf
fix/patch-runtime-resolved-model-workspace-secrets
fix/deploy-staging-silence
fix/redeploy-staging-on-main-image-publish
fix/seo-agent-runtime-patch-validation
fix/2929-post-restart-settle-window
feat/2930-a2a-queue-sweeper
fix/2946-redact-only
fix/2929-a2a-proxy-debounce-settle
fix/2884-gate-check-label-actor
fix/2942-production-deploy-fail-closed
fix/2929-rule8-staging-redeploy-redact
fix/local-provision-a2a-queue-poll
fix/deploy-staging-silent-failure
fix/canvas-requests-markdown
fix/auto-redeploy-staging-on-main
fix/2927-manifest-ref-pinning
fix/2921-github-token-redaction-cleanup
fix/2918-memories-redaction-exempt
fix/2929-a2a-restart-debounce
fix/2929-maybeMarkContainerDead-settle-window
refactor/concierge-dehardcode-rfc-10a
fix/patch-runtime-model-compat-validation
feat/2489-canvas-display-defaults-ssot
fix/fleet-credential-tenant-admin-restart
feat/820-platform-paths-drift-gate
fix/2863-cp-stub-handlers-and-env
fix/2601-canvas-resilience-p2p3
fix/2883-local-provision-orphan-sweeper
feat/2917-staging-a2a-infra-skip
feat/pr-b-template-asset-channel
fix/2601-org-map-fallback
fix/lint-ignore-redaction-tuple-labels
fix/image-publish-timeout
fix/staging-e2e-approval-gate-subtest-isolation
fix/mobile-inbox-3-high-audit-findings
fix/2130-update-card-ssrf
fix/2875-pr-diff-guard
fix/131-runtime-bump-exemption
fix/2888-handlers-pg-timeout
feat/public-fetch-activation
test/2737-canary-smoke-a2a-pong-harness-capture
ci/require-secret-scan-core
docs/template-asset-delivery-2843
fix/2601-org-map-resilience-hardening
fix/byo-compute-meta-runtime-ssot
fix/2832-redaction-extension
feat/131-runtime-bump-exemption
fix/handlers-pg-integration-timeout
fix/2594-canvas-config-effective-values
fix/e2e-ws-teardown
fix/2875-destructive-diff-guard
fix/audit-force-merge-stale-contexts
fix/2863-cp-stub-provision-handler
fix/2489-ssot-display-default
fix/2851-lifecycle-harness-resolvable-url
fix/chat-history-assertion-robustness
fix/24-pr-b-gitea-fetcher
fix/harness-runner-skip-xfail-counting
fix/chat-panel-false-green-or-assertion
fix/2864-burn-down-org-create-400-capture
fix/2818-async-dispatch-202-taskid
fix/2865-peer-discovery-404-replay
fix/2851-containerized-platform-advertise-host
fix/76-staging-llm-preflight-model-auth
fix/2859-redeploy-fleet-transient-retry
fix/2520-extend-platform-boot-deadline
fix/2851-local-provision-real-image-hostname
fix/dedup-cfg-config-files-init
fix/2845-scaffold
fix/rfc-2843-24-asset-channel
fix/2489-ssot-instance-allowlist-endpoint
fix/66-approval-requester-withdraw
fix/concierge-slug-cap-2839
fix/rfc-2843-23-delete-seo-patch
fix/approvals-no-auto-expire
fix/60-staging-e2e-org-create-hardening
rfc/decouple-config-skill-delivery
fix/approvals-list-auto-expiry
fix/2796-e2e-server-received-assertion
fix/2802-detect-changes-debug-output
fix/2834-test-recover-panic-race
fix/provider-endpoint-gone-coverage
fix/2796-activity-log-selector
fix/2762-mobile-attach-sending-gate
test/approvals-policy-coverage
fix/2766-mobile-inbox-stale-action
fix/1286-admin-delegations-error-coverage
fix/2782-seed-param-auth
fix/2800-rc-detached-ws-delivery
fix/2788-e2e-chat-residual
fix/2786-desktop-echo-fixture
fix/2751-canvas-async-dispatch-contract
fix/2794-remove-retired-configtab-skips
fix/2770-governance-pr-status-shadows
test/offered-models-coverage
fix/2422-deadlock-and-routing
fix/2802-e2e-chat-echo-render
fix/2809-org-template-fail-closed
fix/2764-chat-separation-fail-closed
fix/2809-org-template-import-fail-closed
fix/core2782-collision-proof-slugs
fix/2751-canvas-async-dispatch
fix/concierge-moreinfo-icon-size
fix/2798-context-menu-delete-false-green
fix/2794-remove-retired-configtab-skips-clean
fix/mobile-chat-tooltrace-and-banner
fix/2796-chat-desktop-activity-log-skip
fix/2725-usechatsend-concurrent-messages
fix/2759-consolidated-11471-11472
fix/2759-rc3-11471-error-batch-consume
fix/33-e2e-chat-main-red
fix/2759-rc2-11463-followup
fix/2775-legacy-no-id-exact-one-fallback
fix/new-workspace-parent-fallback
fix/2761-remove-stale-termsgate-skip
fix/2764-chat-separation-e2e
feat/canvas-async-dispatch-flag
fix/2762-attach-cursor-residual
fix/2766-mobile-inbox-wrong-action-race
fix/core2771-create-restart-gate
docs/mobile-ia-ssot
feat/mobile-agent-tree
feat/mobile-inbox-tasks-approvals
fix/core2675-llm-preflight
fix/mobile-chat-parity
ci/autoroll-fleet-on-publish
fix/migrate-set-compute-instance
fix/core2611-register-401-retry
fix/core2566-concierge-self-secret-write
fix/2752-local-provision-minimax-model
fix/canvas-ssot-aa-contrast
fix/2748-adapter-base-double-v1
fix/chat-524-not-unreachable
fix/a2a-response-header-timeout-long-turns
fix/2743-staging-concierge-create-retry
fix/chat-clear-error-while-thinking
fix/2739-reproject-byok-restart-recovery
feat/mobile-palette-canvas-ssot
fix/migrate-revoke-stale-auth-token
fix/chat-clear-stale-error-on-reply
fix/2712-restart-byok-minimax-projection
fix/core2721-deeper-nav-to-org-map
ci/required-contexts-add-peervis
fix/core2724-workspace-server-ack-first
fix/core2723-client-side-chat-timeout-align
fix/core2721-staging-tabs-workspace-id-selector
fix/a2a-idle-timeout-raise
fix/chat-multisend-concurrent
fix/2712-diagnose-staging-result-error
fix/chat-thinking-indicator-currenttask
fix/chat-textarea-reset-baseline
fix/ci-required-drift-url-error
fix/chat-user-message-dedup-id
fix/restart-context-register-400-diagnostics
fix/2437-a2a-ready-boundary-poll
ci/peer-visibility-required-flip
fix/2437-queue-status-404-distinction
fix/a2a-proxy-body-truncation-2677
feat/2697-canvas-chat-ux
fix/restart-context-callerid-normalize
fix/chat-mobile-flake-2699
fix/request-moreinfo-reaches-requester
fix/canvas-user-identity-2691
fix/2694-a2a-queue-callerid
fix/drop-claude-fable-5-disabled
fix/restart-context-2530-callerid-normalize
fix/restart-context-degraded-2680
fix/wsauth-token-kinds-1644
fix/staging-platform-boot-known-answer-queued
test/external-runtime-requests-e2e
sync/providers-opus-4-8
fix/statuses-pagination-clamp
fix/2594-followup-per-workspace-byok-ssot
fix/ws1b-claude-code-attribution-header
fix/restart-race-provision-gate
fix/registry-clear-failure-on-healthy-heartbeat
fix/staging-tabs-hydration-sentinel
fix/local-provision-container-race-poll
fix/missed-coe-tracker-1982-to-2654
fix/2594-resolved-model-fail-closed
fix/e2e-chat-push-hydration
fix/2660-recover-bp-directive
test/2606-workspace-requests-e2e
fix/staging-tabs-x-molecule-org-id
fix/chat-desktop-visible-panel
fix/52bb9d6f-local-provision-e2e-build-e2e-names
fix/cf-preflight-sweep-cf-orphans
fix/action-pin-hygiene-e2e-chat
fix/2645-stall-watchdog-uuid-type
feat/2636-decision-chip-in-mychat
feat/2636b-reconstruct-tooltrace-from-agentlog
fix/2617-recover-atomic-byok-create
feat/2636-decision-visible-and-tooltrace-persist
fix/2608-hardfail-byok-at-create
feat/2606-respond-notifies-requester
fix/all-required-aggregation-regression-test
fix/core-2615-2496-platform-agent-on-conflict-runtime-test
fix/registry-boot-register-log-regression-test
fix/merge-queue-non-main-base-skip-test
fix/core-2615-2460-jq-install-fail-closed-test
fix/platform-tunnel-hostname-normalize
feat/ws-switch-provider-endpoint
fix/concierge-no-self-secret-ops-test
fix/handlers-postgres-neutral-required
fix/gate-check-v3-governance-regression-tests
fix/core-2615-2125-regression-test
fix/cross-cloud-register-url-fallback
fix/2608-billing-org-default
fix/2609-default-parent-platform-root
fix-2579-e2e
fix/2573-concierge-prompt-rule
fix/2573-no-autorestart-platform-root
fix/staging-e2e-preseed-cookie-consent
fix/chat-e2e-scope-panel-chat
fix/org-token-mint-verified-session
chore/core-self-merge-guard-reserved-paths
fix/core-2573-skip-self-restart-on-secret-write
fix-2540-ci
fix/gate-check-trusted-governance-contexts
fix/core-2530-register-failure-degraded
pull/1287
fix/core-2574-admin-token-gate
fix/duplicate-tab-ids-concierge-embed
fix/core-1362-delegation-list-both-directions
test/core-1988-matcheschatid-templateimageref
fix/handlers-admin-delegations-coverage
refactor/workspace-compute-status-constants
pr-2029
fix/core-2517-memory-write-fk-integration-test
fix/chat-e2e-scope-node-click
pr-1321
fix/activity-logs-13arg-test-expectations
fix/core-2508-install-platform-agent-hardening
fix/KI-013-migrate-legacy-names
fix/chat-ux-persist-and-autoscroll
fix/sev-2499-shared-volume-name-helper
chore/remove-dead-arm64-darwin-lanes
fix/ecr-disable-buildx-attestations
fix/core-2509-org-switcher-audit
perf/e2e-api-minimax-wait-budget
test/2505-backward-compat-full
fix/provision-timeout-720s
fix/2500-register-boot-logging
fix/heartbeat-promote-provisioning-to-online
fix/gate-check-v3-timeout
fix/lint-setup-go-cache-flip-hard-gate
fix/platform-agent-install-runtime-on-conflict
fix/2490-rebased
ci/guard-setup-go-cache
fix/core-2525-self-approval-authz-gap
fix/sev-2500-status-transition
fix/core-2490-bootstrapfailed-rescue-race
fix/core-2528-compile
fix/merge-queue-silent-base-skip
fix/sev-2499-status-transition-followup
fix/ops-scripts-snapshot-frozen-ts-2550
feat/canvas-chat-queue-and-child-lock
feat/2489-ssot-compute-metadata
fix/setup-go-cache-vs-bind-mount
fix/sev-2499-ssot-volume-names
fix/review-check-tests-jq-fail-closed
feat/2507-kind-wire-contract-truth-up
fix/sev-2499-enhanced-drift-guard
harden/e2e-ki013-drift-guard
ci/guard-no-coe-on-required
feat/agent-liveness-a2-stall-watchdog
fix/agent-stale-window-and-heartbeat
test/backward-compat-migrate-unit-tests
fix/core-2509-org-switcher
fix/add-missing-provisioner-unit-tests
docs/rfc-agent-liveness
feat/unified-requests-inbox-p3-canvas
feat/unified-requests-inbox-p4-nudge
fix/concierge-mcp-declaration
feat/unified-requests-inbox-p1
feat/envelope-bounce-animation
feat/support-claude-fable-5
fix/memories-http-upsert-namespace
fix/chat-timeout-not-unreachable
feat/2502-consume-conductor-snapshot
ci/publish-image-registry-layer-cache
fix/concierge-home-chat-follows-selection
fix/sev-2499-e2e-ki013-full-id-names
feat/cp-provision-forward-kind
feat/canvas-org-switcher
fix/ssot-consolidate-compute-options
fix/KI-013-provisioner-uuid-truncation
fix/add-missing-scheduler-unit-tests
pr2485-merge-test
fix/add-missing-middleware-unit-tests
fix/deploy-straggler-tolerance
fix/e2e-chat-testcontainer-leak
fix/sop-checklist-author-self-ack
fix/remove-dead-code-QueueDepth
fix/1093-adapter-py-test-margin
fix/local-provision-e2e-ipv4-hardcode
fix/main-red-e2e-act-runner-docker-detect
test/2148-registry-auth-real-postgres-v2
fix/all-required-aggregate-fail-closed
fix/envelope-anchor-dot-and-scale
test/2148-registry-auth-real-postgres
fix/main-red-e2e-ssrf-publish-retry
fix/status-reader-paginate-to-exhaustion
feat/in-place-provider-switch
test/2391-hydrate-inflight-turn-status
fix/2450-local-provision-dynamic-port
refile/2155-migration-replay-from-scratch
fix/2448-ops-scripts-fail-closed-zero-tests
fix/handlers-pg-required-tables-widen
fix/ci-fail-on-zero-tests-collected
fix/2421-heartbeat-backfill-agent-card
fix/scheduler-enqueue-cron-on-busy
fix/sev1-812-approval-validator
fix/2442-chat-desktop-enter-map-view
feat/a2a-message-flight-envelope
fix/e2e-chat-desktop-concierge-reskin-selector
fix/concierge-role-truncate
fix/2429-case-fold-trailing-dot-tunnel-hostname
fix/provider-on-isrunning-status
feat/canvas-concierge-ui
fix/validate-agent-url-pending-tunnel
fix/memories-commit-error-server-log
fix/gate-context-target-suffix
feat/ws-compute-provider-validation
fix/2396-sop-auto-tier-and-trigger
fix/1306-gitea-label-singular
remove/data-residency-banner
fix/2392-stop-by-instance-id-on-persist-fail
harden/merge-control-required-checks-json
fix/2398-enrich-commit-memory-log
fix/ec2-orphan-instance-id-persist-failure
fix/merge-control-script-hardening
fix/provider-derivation-fail-closed
fix/restart-sync-update-status-guard
fix/restart-guard-removed-workspace
fix/fail-open-status-persist-trio
fix/2248-suppress-platform-managed-credentials
fix/2386-send-provider-on-deprovision
fix/delegate-task-async-sender-pushback-2244
fix/2331-sop-ceremony-required-checks
feat/platform-agent-gate-wiring
fix/umbrella-reaper-1780
fix/block-internal-paths-hard-gate
fix/backends-md-drift-risk-6-stale
cp455-minimal-cell-boot-e2e-stage1
fix/chat-seed-admin-auth
fix/goroutine-panic-recovery
fix/1080-org-helpers-typo-main
fix/canvas-e2e-transient-failed-2632
fix/admin-images-codex-and-std-encoding
fix/render-status-body-state
fix/memory-section-marker
design/secrets-accessibility-fix
fix/channels-matchesChatID-tests
fix/workspace-server-healthcheck
fix/ci-org-helpers-demorgan
test/delegate-record-db-errors
infra-sre/fix-platform-go-test
fix/ci-drift-pagination
fix/merge-queue-direct-merge-no-update-churn
fix/stdio-clean
feat/platform-agent-install
fix/audit-force-merge-curl-fail-closed
fix/fail-closed-hardening-trio
feat/platform-agent-kind
docs/mark-drift-risk-6-resolved
feat/byok-create-gate-and-liveness
feat/workspace-provider-field
fix/main-red-2308-lint-trackers-fast
fix/status-reaper-observability
fix/internal-805-sweep-cf-cloudflare-fallback-clean
feat/platform-agent-approval-gate
fix/lint-pre-flip-fail-closed-clean
fix/main-red-2305-lint-and-e2e-platform-managed
fix/sop-checklist-hold
fix/main-red-e2e-chat-auth-token
fix/internal-802-bp-directive-comments
fix/reconciler-debounce-coupling-2284
fix/main-red-canvas-e2e-tablist-strict-mode
fix/canvas-pause-resume-cascade-param-2122-followup
fix/2251-delegate-task-message-role-contract-test
fix/817-canvas-deploy-reminder-per-step-gate
fix/2139-sop-tier-check-real-qa-security-teams
fix/sop-checklist-hold-volume-skip
fix/lint-pre-flip-fail-closed
feat/2185-manifest-entry-existence-check
feat/2151-chunk2-integration-tests
fix/status-reaper-pagination-observability
fix/http-client-timeout-panic-recovery-main
fix/pause-resume-cascade-opt-in-1991
fix/plugin-uninstall-exec-errors
fix/gitea-merge-queue-pagination
fix/review-check-remove-generic-comment-bypass
fix/sop-tier-remove-fail-open-dead-code
fix/sop-tier-check-remove-fail-open-core
feat/merge-queue-auto-discovery
rfc/platform-agent
test/flip-probe-governance-gates-2331
fix/block-internal-paths-fail-open
test/governance-gate-flip-probe-2331
fix/merge-queue-hold-on-409-conflict-update
fix/e2e-smoke-diagnose-detail-767
fix/sop-checklist-emdash-slug-parse
fix/2352-merge-queue-409-hold
fix/merge-queue-autonomous-genuine-approvals
researcher-gate-probe-1780730963
fix/578-google-adk-image-refresh-allowlist
e2e/data-persistence-recreate-2332
fix/channels-unmarshal-fallback-invalid-json
feat/workspace-provider-routing
fix/google-adk-model-registration-coremirror
fix/renew-lint-coe-tracker-837-clean
fix/renew-lint-coe-tracker-837
test/channels-dataprune-e2e-p110
core2332-p110-workspace-lifecycle-staginge2e
chore/providers-gen-docker-target
feat/core-2332-display-reconnect-renewal-e2e
cr2/google-adk-e2e-coverage
fix/vertex-ssot-registry-drift
fix/port-cp544-fail-closed
fix/sop-tier-authz-no-org-fallback
fix/core-ci-fail-closed
docs/sop-fail-closed-ci
fix/restore-seo-adk-templates-manifest-auth
rfc/byok-fail-closed-billing
fix/forensic145-preserve-workspace-scm-token
fix/ci-coe-trackers-e2e-chat-staging-external
fix/e2e-reconciler-platform-model-and-boot-error
fix/e2e-saas-step9-hma-surface
fix/e2e-staging-byok-opt-in-before-vendor-key
fix/e2e-saas-model-slug-bare
fix/e2e-claude-code-minimax-bare-slug
fix/e2e-tenant-call-surface-body
fix/main-red-peer-visibility-platform-managed-secrets
fix/main-red-minimax-model-slug
fix/sop-tier-check-and-token-parse
harden/staging-saas-all-runtimes
harden/no-fail-open-auth
fix/main-red-lint-continue-on-error-2294
harden/keyless-feature-e2e-coverage
harden/derive-provider-matrix-e2e
harden/enforce-ci-gates-core-v2
fix/cascade-true-callers-ahead-of-2122
fix/2151-chunk1-activity-delegation-a2a-integration-tests
harden/sop-tier-check-remove-expired-coe
fix/2255-e2e-smoke-poll-parser-kind-discriminator
fix/a2a-2251-go-role-default
fix/2140-sop-tier-refire-real-exit-code
harden/regression-coverage-v2
fix/521-claude-code-colon-form-overclaim
fix/core2261-reconciler-toctou-degraded-hardening
fix/core2261-providers-byte-sync-cp521
fix/core2261-e2e-instanceid-tag-fallback
fix/core2261-reconciler-e2e-create
fix/cascade-canvas-callers
harden/e2e-staging-saas-failclosed
harden/e2e-staging-external-chat-failclosed
harden/e2e-staging-canvas-deflake
feat/umbrella-reaper
feat/2261-gap1-takecontrol-e2e
fix/1997-canary-minimax-m2.7
fix/2263-staging-canary-namespaced-model
fix/security-review-owners-na-eligibility
feat/core2261-reconciler-live-e2e
feat/core2261-takecontrol-wsproxy-test
feat/security-review-owners-na-eligibility
feat/core2261-instance-state-reconciler
fix/cp529-enforcer-test-unbreak-main
feat/cp529-byok-vendor-providers
fix/activity-feed-stable-ordering
fix/2245-platform-managed-provider-credential-gate
fix/2245-platform-managed-no-cred
harden/contract-tests-core
feat/cp529-byok-routability-enforcer
feat/core2235-canvas-buildinfo
fix/2235-canvas-buildinfo-docker-sha
review/pr3029-pr3033-local
feat/traces-v1-workspace-secrets-2976
fix/816-sop-tier-check-stale-reviews
fix/818-sop-checklist-na-declarations-terminal-success
fix/core2226-canvas-ordered-deploy
fix/2222-a2a-delegate-task-attachments
chore/cp514-byte-sync-drop-vertex-arm
fix/2205-e2e-api-health-wait-migration-gate
fix/core2225-staging-canvas-e2e-fixture
fix/2225-e2e-canvas-stale-hermes-model
fix/2185-bp-directive-window
fix/2192-manifest-repo-existence-check-v2
fix/desktop-takecontrol-reconnect-renewal
fix/2212-peer-visibility-missing-model
fix/2172-provider-validation-setmodel
fix/2192-manifest-repo-existence-check
fix/prod-deploy-verify-tenant-lag-2213
fix/2204-liveness-probe-max-tokens
fix/internal-805-cf-auth-drift
fix/internal-804-parser-json-variant
fix/peer-visibility-test-model-required-2212
fix/77-bp-directive-4-emitters
fix/e2e-api-health-wait-migration-chain
devops/saas-a2a-empty-completion-diagnostic
fix/e2e-staging-canvas-tabs-red
fix/e2e-chat-readiness-curl-tempfile-2198
test/provider-matrix-boot-regression-moonshot
sre/fix-auto-deploy-writable-home-2193
fix/e2e-chat-mobile-history-reload-flake
fix/deploy-production-superseded-false-stale
fix/manifest-rm-deleted-org-templates
fix/2158-auto-sync-token-hard-fail
fix/create-dialog-registry-provider-catalog
fix/ensure-default-config-stamp-derived-provider
fix/2183-remove-missing-free-beats-all
feat/google-adk-platform-provider-mirror-ssot
fix/core-2176-a2a-full-body-guard
fix/publish-latest-tag-platform-tenant
feat/2172-config-save-provider-validation
feat/handler-admin-test-token
feat/plugins-listing-and-sources-coverage
feat-handler-admin-test-token
test/2175-a2a-full-body-delivery-guard
regression/2149-scheduler-real-pg
fix/internal-760-review-event-trigger
fix/2166-blocker2-integration-fail-open
dev-b/sec-c-2132-reorder
fix/2163-cr2-live-fire-freshness
fix/test-async-cleanup-order
fix/shellcheck-arm64-pilot-main-red-2146
docs/2159-pr-head-workflow-selection
fix/2152-unmask-real-infra-gates
cherry-pick-2167-suspenders-to-main
fix/2159-qa-security-auto-trigger-review-state-guard
cp/469-tenant-proxy-env-delivery
fix/2162-platform-managed-fail-closed-missing-proxy
docs-test/gate-auto-fire-livefire-2159
fix/gate-followup-refire-token-direct-trigger-regression
regression/2150-migration-replay-from-scratch-real-pg
ci/unmask-required-real-infra-gates-mc1982
fix/internal-760-qa-security-pr-review-trigger
fix/internal-760-ceremony-ai-sop-ack
runtime/lazy-workspace-id
fix/2134-chat-files-forward-ssrf-2316
feat/rfc742-rescue-read
fix/2131-patch-abilities-atomic
cr2/sec-d-2316-chat-files-ssrf
cr2/sec-a-2029-traces-ssrf
fix/continue-on-error-triage-2113
feat/rescue-rebase-2019-v2
feat/rfc742-rescue-capture
test/handlers-misc-coverage
fix/errcheck-unchecked-errors-main
fix/broadcast-org-root-test-cleanup
fix/broadcast-itest-cleanup-hygiene-2108
fix/log-execasroot-errors-plugin-cleanup-main
fix/http-client-timeouts-panic-recovery-error-checks-main
fix/panic-recovery-goroutines-channels-handlers-scheduler-main
fix/canvas-e2e-transient-failed-2632-main
fix/backends-md-drift-risk-6-stale-main
fix/ci-required-drift-1739
fix/audit-force-merge-branch-aware
test/org-scope-abilities-coverage-clean
fix/renew-coe-tracker-mc774-clean-20260601
fix/registry-root-sibling-leak-1955
fix/registry-cancommunicate-cross-tenant-roots-1955
fix/broadcast-itest-status-enum-online
fix/rows-affected-core
fix/broadcast-org-root-cte
fix/broadcast-org-root-cte-1959
sync/providers-serving-urls
fix/staging-test-hermetic-env
fix/restart-context-defer-rows-close
fix/channels-rows-err-check
fix/ci-lint-suppression-1062
fix/defer-rows-close-audit
fix/delegation-rows-err-check
fix/errcheck-unchecked-errors-1062
fix/execcontext-err-check-high-impact
fix/execcontext-err-check-sweep2
fix/execcontext-error-audit
fix/http-defaultclient-auth-paths
fix/registry-rows-err-check
fix/secrets-scan-error-restart
fix/workspace-restart-rows-err
pr-3033
fix/restart-context-rows-err
fix/discovery-rows-err-check
fix/broadcast-org-root-cte-1959-staging
fix/rowserr-checks-events-channels-manager
fix/rowserr-memory-schedules-audit
fix/channels-duplicate-encrypt
fix/audit-rows-err-check
feat/minimax-m3-sync
fix/missing-rows-err-llm-billing-mode
fix/ci-scheduler-fanout
feat/openapi-management-spec
pr2056
fix/channels-memory-rows-err-check
fix/traces-error-handling
fix/codeql-sarif-export
fix/instructions-rows-err-check
fix/providers-ssot-sync-codex-subscription
fix/github-token-fallback-timeout-1101
fix/codex-central-refresher
feat/google-adk-runtime-ssot
worktree-agent-aa572c7374a57f03a
fix/sync-providers-yaml-openai-split-20260531
feat/workspace-data-persistence
e2e/google-adk-ci-wiring
feat/register-google-adk-runtime
feat/mc-multiperiod-workspace-budget
feat/schedule-orphan-monitor-cleaner
fix/schedule-migration-on-recreate
fix/google-adk-runtime-doc-accuracy
fix/setglobal-drop-retired-org-billing-guard
fix/internal-728-provider-matched-cred-injection
fix/internal-724-prod-auto-deploy-straggler-surfacing
fix/1994-provision-billing-model-passthrough
test/a2a-queue-status-depth-coverage
fix/broadcast-cte-non-root-sender-1959
feat/internal-718-p3b-canvas-consume-registry
test/patch-abilities-coverage-1312
feat/internal-718-p4-followup-llm-provider-removal
fix/cancel-in-progress-flip-1357
feat/internal-718-p4-pr2-hard-reject-unregistered
feat/internal-718-p4-pr1-reconcile-colon-vocab-sync
fix/mcp-tools-slim-residue
feat/internal-718-p3a-templates-from-registry
feat/internal-718-p2a-registry-codegen-distribution
feat/internal-718-p2b-billing-derives-from-provider
refactor/drop-org-tier-llm-billing-mode
fix/suppression-rationales-1769
pr1930
eng-b/rebase-1952
fix/ssot-provider-selection-billing-mode-711-713
fix/1769-suppression-rationales
fix/byok-global-llm-cred-leak-internal-711
fix/workspace-broadcast-cte-1959
fix/1953-scope-peer-discovery-a2a-to-org
fix/cancel-in-progress-low-risk-9
fix/cross-tenant-isolation-1953
fix/python-open-encoding
fix-1644-workspace-create-returns-auth-token
fix/1837-docs-stale-monorepo-ref
fix/review-check-all-403-diagnostic
fix/audit-force-merge-staging-drift-1739
fix/nil-safe-scans-validation-hardening
fix/delegate-async-return-after-marshal-fail
fix/canvas-user-verified-session-1673
fix/canvas-chat-poll-mode-1673
fix/mcp-tools-marshal-error-return
fix/ci-remove-race-from-blocking-gate-1184
fix/watchdog-close-stale-contexts-on-red
fix/time-after-single-retry-delegation
fix/time-after-goroutine-leaks
fix/json-marshal-log-continue-2nd-pass
fix/cp329-retire-config-files-userdata-cap
fix/703-provider-billing-mode-ui
fix/internal-703-byok-billing-mode-env
eng-b-test-1779917746
fix/workspace-ec2-leak-delete-retry
fix/ci-arm64-tracker
fix/1669-syntax-error
fix/docs-monorepo-refs
refactor/drop-org-tier-llm-billing-mode-canvas
fix/publish-buildx-writable-config
fix/publish-docker-config-api-20260520
feat/seed-schedules-from-ws-template
feat/canvas-llm-billing-mode-section
feat/per-workspace-llm-billing-mode
fix/memory-v2-upsert-namespace-20260526
fix/platform-managed-provider-key-leak
fix/mcp-tools-test-db-import-20260526
pr-3029
fix-tiny-readme
fix-shellcheck-arm64-pilot-runner-label
feat/canvas-lib-tests
docs/fix-stale-channel-install-refs-230
design/modal-a11y-followup
fix-1769-suppression-justifications
fix-365-scope-divergence-gate-check
fix-1763-org-include-test
docs/readme-quickstart-context
style/fix-ruff-e501-etc
fix/main-ci-display-deploy-blockers
fix/display-keyboard-clipboard
fix/runtime-template-repo-cache
fix/create-dialog-platform-defaults
fix/pending-upload-preview-after-ack
fix/create-dialog-runtime-provider-flow
fix/platform-us-default-provider
fix/seo-template-provider-env-prompt
chore/advisory-legacy-e2e
fix/seo-template-visible
fix/panel-contained-attachment-preview
fix/pdf-preview-csp
fix/pdf-preview-visible
fix/prod-auto-deploy-scoped-rollout
fix-1763-test-minimal
feat/llm-native-auth-flow
fix/issue-1823-delete-confirm-name
fix/display-control-browser-session
fix/agent-message-attachment-broadcast
chore/maintained-runtime-registry
fix/issue-1686-cost-efficient-workspace-defaults
fix/hermes-user-attachments-core
fix/gate-check-v3-ruff-f401-e741
docs/issue-1793-workspace-placement-rfc
fix/ruff-batch-2026-05-24
chore/issue-1760-rename-go-module
fix/platform-managed-llm-default
chore/issue-1812-remove-backfill-from-image
fix/ruff-f401-f541-f841-e741-batch
fix/ruff-e501-merge-queue
fix-1763-webhook-token-redaction-skip
fix/ruff-final-batch-f401-e741-f841
fix/ruff-e501-batch-4
fix/ruff-lint-batch-3
fix/ruff-lint-more-scripts
fix/user-message-fanout-1440
fix/workspace-compute-settings-control
fix/1763-finding-3-token-test-integration-tag
fix-1775-deploy-wait-alignment
fix/memory-plugin-nil-jsonb-marshal
fix/pv-staging-tenant-auth
fix/real-user-upload-staging-e2e
feat/issue-1791-bundle-memory-backfill
feat/issue-1754-mcp-memory-activity-broadcast
feat/issue-1791-memories-commit-v2-plugin
fix-1763-discord-token-test
chore/remove-stale-runtime-comment
fix/revert-1781-templates-runtime-relax
chore/remove-unmaintained-runtimes
fix/e2e-orphan-guard
docs/issue-1780-compensating-status-runbook
fix/issue-1778-templates-test-fixtures
fix/templates-supported-runtime-tests
fix/prod-auto-deploy-aggregate-context
chore/issue-1753-awareness-docs-sweep
chore/issue-1755-seed-initial-memories-v2
fix/ci-all-required-bookkeeping
fix/supported-runtime-catalog
chore/issue-1733-memory-plugin-schema-isolation
chore/issue-1735-remove-awareness-backend
fix/memory-list-rows-err
feat/1686-display-session-proxy
chore/issue-1733-a1-kill-v1-fallback
fix/issue-1734-memory-tab-v2
fix/codex-scheduled-a2a-timeout
fix/prod-auto-deploy-nonblocking
fix/arm64-pilot-label-macfix
fix/review-check-empty-pr-guard
fix/canvas-publish-docker-config
fix/channels-manager-rows-err
fix/rows-err-restart-discovery
fix/slack-webhook-response-body-close
fix/sweeper-rows-err
feat/1686-display-workspace-flow
fix-1700-A-github-token-http-timeout
fix/workspace-crud-descrows-err
task342/local-e2e-harness
fix/messagestore-extractfiles-unmarshal
fix/pgplugin-writejson-encode-error
feat/1686-display-control-ui
fix/discord-read-body-error
fix/capturebroadcaster-data-race
fix-scheduler-detect-result-kind-message-allow
fix/lark-read-body-error
fix/memory-decode-error-read-body
fix/slack-read-body-errors
fix/traces-read-body-error
fix/schedules-events-rows-err
fix/channels-json-unmarshal-errors
rfc-1706-openapi-phase1-schedules
fix/mcp-tools-scanpeers-err
fix/handlers-rows-err-batch
fix/slack-webhook-response-body-close-clean
fix/github-token-http-timeout
minimax-autonomous-test
fix/scheduler-1696-sdk-error-detection
fix/1696-scheduler-adapter-error-status
feat/1686-phase1-compute-schema
fix/1692-mount-schedule-routes
fix/1684-native-session-enqueue-on-busy
fix/1646-staging-saas-timeout
fix/ci-path-scope-main-push
fix/e2e-wait-after-config-put
fix/e2e-delegation-a2a-retry
fix/e2e-minimax-m2-default
platform-kill-defaultmodel-require-model-at-create
fix/e2e-a2a-busy-retry
fix/e2e-a2a-readiness-body
fix/t4-pid-probe-agent-safe
fix/t4-gitea-egress-ssot
docs-fix-claude-code-channel-template
fix/activity-flat-upload-attachments
fix/aws-secrets-janitor-literal-region
fix/activity-feed-peer-info-enrichment
fix/aws-secrets-janitor-fail-loud
fix/aws-secrets-janitor-staging
fix/staging-token-diagnostic
chore/publish-staging-ecr-with-ssot-publisher
fix/e2e-bash32-empty-array
chore/mirror-tenant-image-staging-ecr
fix/mcp-delegate-platform-path
chore/retrigger-peer-visibility-after-publish
fix/publish-buildx-docker-config
docs/multi-external-workspace-registration
fix/e2e-token-fallback-diagnostics
ci/clean-superseded-push-noise
ci/path-scope-go-handler-pr
fix/main-red-watchdog-action-run-status-filter
fix/admin-workspace-token-mint
test/e2e-chat-a2a-dns-regression
fix/staging-peer-visibility-token
chore/delete-core-workspace-runtime
fix/split-heavy-e2e-required-path
fix/ci-cron-bots-prebake-1357
fix/self-delegation-peer-list-hardening
fix/523-allow-user-set-workspace-secrets
feat/canvas-org-info-tab
fix/624-file-write-restart-debounce
fix/377-canvas-polite-cancel-before-restart
task227/external-mcp-progress-ux
fix/canvas-chat-a2a-hint-activity-tab-closeout-212
fix/t4-probe-docker-socket-and-pid-host
chore/ssot4-delete-dead-github-workflows
task335/drop-runtime-image-pins-mig-fresh
chore/ssot10-ecr-registry-var
fix/sop-checklist-stream-pagination-oom
task335/drop-dead-runtime-image-pins-mig-047
fix/a2a-error-hint-timeout-class
fix/a2a-error-detail-field-rename
feat/uploads-limits-ssot-task-320
core-devops/cascade-structural-hardening
chore/retrigger-publish-after-eacces
fix/poll-mode-pending-uploads-100mb-mc1588
fix/redeploy-fleet-confirm-callers
fix/lint-workflow-yaml-slash-in-name
retrigger/publish-workspace-server-after-pr110-deploy
infra-runtime-be/upload-100mb-and-correct-reason-errors
infra-sre/rfc596-publish-runtime-dual-push-gitea-pypi
fix/workflow-name-no-token-slash
infra-sre/audit-log-phase1-emit-secrets
fix/main-red-watchdog-skip-cancel-cascade-mc1564
feat/rfc563-ws-server-binary-strip
ci/146-lint-no-tenant-gitea-token
feat/agent-card-identity-seed-prod-team-internal-492-followup
fix/rfc524-layer1-bare-go-conversion
fix/ci-docker-host-guardrail-red
test/e2e-todays-pr-coverage
feat/146-forbidden-env-guard
fix/sop-checklist-widen-ack-internal-442
ci/mac-arm64-pilot-shellcheck
e2e/peer-visibility-local-backend-task166
fix/canvas-surface-error-detail
fix/wsserver-broadcast-error-detail
ci/oom-storm-concurrency-fix
fix/chat-upload-ssot-100mb-1520
feat/provisioner-inject-gitea-credential-helper
sre/fix-remaining-scheduled-cancel-in-progress
fix/user-message-role-1514
sre/fix-gate-check-cancel-in-progress
sre/fix-ci-drift-false-positive-and-queue-limit
ci-retry-noop
test/plugin-listing-coverage-1488
infra/canvas-ci-retry-20260518145806
fix/json5-comments-manifest-1496
test/canvas-hook-coverage
feat/canvas-agent-abilities-toggle
fix/sop-tier-check-secrets-read-v2
fix/canvas-configtab-wcag-alert-v2
fix/canvas-configtab-wcag-alert
fix/sop-tier-check-secrets-read
fix/ci-sop-tier-check-secrets-read
fix/runtime-registry-manifest-v2
test/runtime-provision-timeouts-coverage
fix/sev1-secrets-read-v2
fix/sev1-missing-secrets-read-perms
test/canvas-secret-formats-coverage
test/canvas-hook-tests
test/canvas-theme-ts-coverage
feat/canvas-agent-abilities-toggles
test/canvas-theme-lib-coverage
fix/runtime-registry-json5-comment
fix/ws-server-188-failclosed-template-runtime
test/plugins-listing-coverage
fix/issue-1480-manifest-json5
fix/review-check-wrong-event-string-diagnostic
test/workspace-abilities-name-coverage
ci-fix-main-runtime-secret-scan
fix/secret-scan-exclude-secrets-detector-test-fixtures
fix/secrets-read-qa-security-main
fix/secrets-read-qa-security-workflows
test/workspace-broadcast-coverage
fix/1473-bp-all-required-suffix
infra/secrets-read-qa-security-main-fix
fix/pr1450-staging-main-conflict
fix/issue-1420-actionable-errors
fix/issue-228-user-message-fanout
design/externalconnectmodal-a11y
fix/tabs-error-aria-alert
fix/settings-a11y-fixes
fix/canvas-errors-aria-alert
fix/canvas-loading-aria-live
sre/fix-scheduled-workflow-cancel-in-progress
feat/handler-test-abilities-and-sources
fix/handlers-plugin-listing-tests
fix/tabs-a11y-scattered
runtime/port-identity-tools-staging
runtime/fix-merge-queue-cancel-in-progress
fix/canvas-misc-wcag-fixes
infra/quirks-789-fills
infra/queue-runbook-updates
design/skills-accessibility-v2
design/skills-a11y-followup
fix/a2a-delegation-detached-ctx-canceled-internal-497
fix/secrets-honest-ui-491-490
design/mobile-comms-a11y
design/mobile-chat-a11y
fix/mcp-tools-sql-fix
design/mobile-tabbar-a11y
feat/mobile-tabbar-a11y
fix/mobile-ios-focus-zoom
fix/mobile-canvas-render-parity
ci/arm64-advisory-mac-offload-pilot
fix/canvas-user-message-cross-session-fanout
test/a2a-proxy-pure-coverage
fix/mobile-focus-visible-rings
fix/external-workspace-progress-feedback
fix/canvas-mobile-ws-wake-resume
fix/mobile-chat-input-ios-focus-zoom
test/org-helpers-coverage
ci/timing-test-hygiene-host-load-internal
fix/setup-node-pin-corrupt-1432
fix/ci-required-drift-polling-sentinel
fix/issue212-actionable-agent-error-reason
runtime/fix-api03-test-fixture
test/traces-list-http-coverage
runtime/fix-test-fixture-v3
runtime/fix-test-fixture-on-1420
fix/queue-status-sort
runtime/fix-test-fixture-secret-scan-false-positive
test/workspace-abilities-coverage-20260517
fix/sop-engineers-main
fix/queue-merge-permanent-error
fix/delegations-list-deduplication
fix/canvas-npm-ci
fix/sop-staging-engineers-backport
offsec-015-staging-v2
fix/queue-skip-permanent-merge-error
design/settings-button-focus-v2
test/coverage-broadcast-listing-20260517
fix/workspace-tokens-global-sentinel-500
fix/sop-workflow-secrets-read
test/coverage-abilities-design-tokens-20260517
design/agentcomms-focus-visible
design/skills-aria-accessibility
infra/action-sha-pin-e2e-chat
fix/sop-checklist-na-gate-probe-bug
test/coverage-2026-05-17
fix/queue-merge-error-surfacing-v2
test/all-coverage-v5
fix/settings-panel-focus-visible
sre/ci-coldrunner-main-fix
fix/skills-tab-focus-visible
test/all-coverage-v4
test/all-coverage-v3
fix/aria-live-errors-v2
fix/canvas-attachment-focus-visible
fix/queue-merge-error-surfacing
test/all-coverage-v2
fix/app-page-focus-v2
fix/app-page-focus-visible
fix/delete-dialog-focus
fix/sop-checklist-probe-na-gate
test/all-handler-lib-coverage
test/handlers-and-lib-coverage-v2
test/delegation-sweeper-pure-funcs
fix/queue-update-then-wait-loop
fix/workspace-abilities-test-coverage
test/workspace-crud-validators
fix/canvas-user-message-persist-at-ingest
test/handlers-and-lib-coverage
fix/filetree-wcag-icons
fix/mobile-wcag-focus-visible
sre/pr1381-retrigger
infra/add-missing-workflow-concurrency
infra/scheduled-workflow-cancel-in-progress
fix/canvas-wcag-focus-visible-2
ci/twine-verbose-403-reason-body
test/handlers-and-theme-coverage
fix/ci-required-drift-skip-f1
fix/sop-checklist-na-declarations
test/workspace-abilities-and-theme
test/plugins-sources-and-theme
sre/comment-dispatch-consolidation-v2
chore/remove-crewai-deepagents-gemini-cli
test/workspace-broadcast-handler
test/workspace-abilities-patch
fix/inbox-self-echo
feat/test-status-config-constants
feat/test-plugins-install-handlers
test/local-provisioner-token-ownership-parity
infra/internal-462-publish-deploy-lane
fix/staging-sync-persist-fix
feat/broadcast-coverage
__disk-test-137017
fix/main-red-watchdog-close-on-pending
fix/review-refire-comments-token-scope
feat/canvas-abilities-banner-test
pr-1307
staging-dev-lead-test-4107230
feat/workspace-abilities-test-coverage
ci/scheduled-cancel-in-progress-1357
feat/broadcast-test-coverage
fix/a2a-queue-status-coverage
pr-1351
ci/e2e-peer-visibility-bp-pending-1296
ci/e2e-peer-visibility-bp-required-1328
fix/review-refire-conflict
sre/consolidated-main-to-staging
fix/org-helpers-duplicate-comment
fix/a2a-self-delegation-echo-inbox
perf/canvas-favicon-shrink
perf/canvas-toolbar-logo-shrink
perf/canvas-bundle-analyzer-optimize-imports
fix/offsec-015-staging
fix/workspace-token-injection-agent-owned
ci/sop-checklist-narrow-issue-comment-trigger
fix/broadcast-handler-coverage-1343
fix/test-patchAbilities-toolbar-1313-1334
docs/gitea-actions-quirks-runbook
fix/1256-enable-button-focus-ring
pr-1327
feat/workspace-sizing-override
fix/sop-checklist-na-post
canvas/broadcast-chat-wcag
fix/test-matchesChatID-1304
test/canvas/FileTree-render-a11y
test/canvas/ChatTab-subtab-a11y
test/canvas/SidePanel-a11y-and-state
enforce/peer-visibility-bp-directive-1296
infra/main-ci-retrigger
sre/queue-api-fix
sre/sop-na-fix
promote/staging-to-main
infra/detect-changes-shallow-v2
feat/publish-lane-runs-on-394
test/canvas/FilesToolbar-a11y
fix/workspace-abilities-coverage-1312
fix/sop-checklist-merged-blank-line
fix/e2e-chat-setup-node-mirror-sha
e2e/peer-visibility-local-backend
fix/secrets-coverage-compile-err-1274
e2e/peer-visibility-mcp-gate
fix/e2e-chat-setup-node-mirror
fix/canvas-arrangeChildren-coverage
sre/fix-queue-null-created-at-sort
fix/sop-checklist-blank-line-detect
fix/a2a-proxy-test-async-drain
sre/platform-go-timeout-60m
infra/sop-tier-check-token-guard
fix/gate-check-login-aliases
fix/secrets-scan-test-fixture-exclusion
fix/secrets-coverage-tests-v2
fix/ci-concurrency-cancel-superseded-storm
fix/secret-scan-exclude-secrets-tests
fix/secrets-patterns-100pct-coverage
fix/secrets-100-coverage
standalone/review-check-403-fix
feat/files-agent-home-stub
feat/agent-home-docker-exec-internal-425-phase-2b
sre/secret-scan-timeout
feat/canvas-files-agent-home-internal-425-phase-3
fix/top-level-modules-add-a2a-tools-identity
feat/secrets-patterns-ssot-internal-425-phase-2a
stub/files-api-agent-home-root-2026-05-15
fix/sop-n-a-v2
fix/files-api-agent-home-stub
be/workspace-server-accumulated-fixes
fix/sop-n-a-clean
design/themetoggle-test-teardown-fix
fix/openclaw-skip-config-write-and-canvas-timeout-to-main
feat/agent-card-update-and-runtime-identity-tools-relocated
fix/openclaw-skip-config-write-and-canvas-timeout
fix/prod-auto-deploy-timeout
feat/chat-unify-clean
fix/autobump-skip-existing-tags
fix/issue-1187-broadcast-abilities-coverage
fix/runtime-autobump-next-free-tag
pr-1211
feat/queue-status-abilities-handler-tests
fix/queue-channels-coverage
infra-sre/golangci-lint-connectivity-fix
infra/main-sop-na-fix
fix/staging-golangci-30m-v2
fix/channels-rows-err-and-cwe312
fix/container-name-no-uuid-truncation
fix/staging-golangci-noconfig
fix/provisioner-uuid-no-truncate
fix/review-check-403-skip
fix/ki-010-container-name-truncation
fix/provisioner-no-uuid-truncation
fix/issue-1176-db-db-race
fix/channels-rows-err
sre/fix-test-sop-parse-directives
infra/staging-sop-na-fix
fix/pr-1070-push-tokens
hotfix/offsec-015-org-isolation
infra/sop-n-a-plus-drift-fix
pr-1185-current
infra/main-golangci-no-config
test/qa-broadcast-abilities-coverage
fix/delegations-list-endpoint-wrong-column
core-be/fix/platform-go-timeout
fix/issue-1152-delegation-activity-db-err-tests
core-be/fix/tokens-rate-limit-scan-err-v2
fix/handlers-rows-err-missing
infra/canvas-deploy-reminder-polling-list
fix/staging-ci-timeouts
fix/settingspanel-act-flush
fix/rows-err-instructions-resolve
fix/ci-cold-runner-timeout
fix/sentinel-remove-phas3-masked
infra/fix-all-required-combined-status-check
pr1165-rebase
fix/approvals-json-marshal-guard
feat/canvas-broadcast-handler
sre/fix-ci-drift-false-positive
sre/fix-queue-remove-label-bug
infra/workspace-server-healthcheck
fix/ci-drift-canvas-deploy-reminder
fix/offsec-015-broadcast-org-isolation
fix/delegation-list-callee-plus-golangci-lint
sre/fix-queue-gate-context
core-be/test/delegate-record-db-errors-v2
pr-1117
pr-1117-latest
infra/staging-golangci-no-config
fix/openclaw-molecule-mcp-version-pin
offsec015
fix/openclaw-mcp-version-check
feat/provider-routing-base-v2
feat/e2e-chat-stabilization
fix/sop-concurrency-throttle
p1102
p1117
fix/canvas-deploy-reminder-deadlock
infra/main-golangci-timeout-fix
feat/provider-routing-base
sre/sweep-cf-orphans-aws-timeout
sre/queue-merge-conflict-handling
fix/na-declarations-gate
fix/handlers-log-db-scan-errors
fix/channels-marshal-errors
fix/channels-silent-json-errors
sre/channels-unmarshal-errors
sre/queue-pre-receive-hook-fix
sre/ci-timeout-increase
fix/approvals-terminal-db-err-logging
infra/ci-platform-go-timeout-fix
fix/push-notifications
fix/main-rows-err-instructions
fix/main-test-fix-from-0c152a24
fix/staging-offsec010-cp-wiring
fix/handlers-instructions-test-bugs
fix/ci-allrequired-needs
fix/staging-goasync-configseed
fix/issue-1080-org-helpers-comment
fix/issue-1081-errors-import
fix/1080-org-helpers-comment-typo
infra-sre/fix-missing-test-imports
fix/offsec-010-wiring
fix/saas-t4-cp-config-seed
fix/offsec-010-clean
fix/offsec-003-boundary-wrapping
fix/offsec-003-escaped-markers-main
fix/mobile-chat-history
fix/staging-CWE-78-rows-err
fix/1062-mobilechat-history
hotfix/cwe-78-staging
fix/stdio-v2
fix/offsec-010-symlink-walkdir
fix/test-stdio-function-name
fix/offsec-010-symlink-walkdir-isSaaS-fix
sre/fix-stale-platform-server-port
fix/offsec-010-from-pr1047
staging-v6
fix/e2e-api-port-collision
fix/main-async-db-race
infra/sync-staging-v6-to-main
pr/1030
fix/handlers-instructions-test-compile
fix/instructions-test-compile
fix/openclaw-empty-required-keys
sre/main-rows-err-checks
fix/staging-v6-conflict-markers
fix/delegation-list-test-conflict-marker
fix/main-red-cdb0b040-ci-tests
fix/theme-toggle-selector-main-red
sre/ci-required-drift-canvas-reminder-skip
test/instructions-handler-coverage
sre/canvas-build-timeout
test/externalconnectmodal
fix/resolve-conflict-marker-delegation-list-test
fix/1008-themetoggle-css-selector
design/826-searchdialog-mount-v2
test/orgcancelbutton
fix/2088-themetoggle-queryselectorall-errors
design/704-tree-test-fix
fix/ci-required-drift-github-ref-skip
ci/975-db-pollution-fix
fix/968-remove-duplicate-test-declarations
fix/980-schedules-handler-test-coverage
design/tier-legend-contrast-2026-05-14
sre/platform-go-timeout-fix
fix/delegation-list-test-db-leak
fix/984-delegation-id-response-body
sre/queue-bot-fix-ctx-check
fix/983-remove-duplicate-test-declarations
fix/986-canvas-wcag-focus-rings
fix/993-agent-handler-test-coverage
design/wcag-focus-contrast-2026-05-14
design/wcag-focus-rings-round5-2026-05-14
fix/activity-logs-delegation-id-response-body
fix/982-expand-posix-identifier-guard
fix/test-offsec003-redundant-file
feat/976-schedules-handler-test-coverage
fix/org-helpers-test-panic
promote/main-to-staging-v5
fix/965-test-panic-resolveInsideRoot
promote/main-to-staging-v4
feat/delegation-list-tests
fix/test-a2a-sanitization-v3
promote/main-to-staging-v3
fix/duplicate-test-declarations
feat/org-helpers-security-tests
fix/main-push-operational-red
promote/main-to-staging-v2
fix/sop-checklist-gate-name
fix/docker-info-pipefail
fix/publish-healthcheck-pipefail
fix/sop-checklist-workflow-rename
promote/main-to-staging
sre/fix-sop-checklist-context-name-mc948
design/wcag-contrast-round4-2026-05-14
fix/org-helper-tests
fix/test-a2a-sanitization-main
fix/publish-image-on-every-main-push
fix/remove-canvas-reminder-from-all-required
fix/staging-integration-test-ctx
fix/staging-canvas-reminder-deadlock
design/wcag-a11y-round3-2026-05-14
ci/remove-canvas-reminder-from-all-required
fix/test-a2a-sanitization-assertions
fix/staging-ci-drift-canvas-reminder
fix/handlers-pg-integ-event-before
ci/platform-build-flip-coe
fix/staging-python-test-and-tier-check-lint
fix/offsec-006-slug-injection
runtime/fix-pr916-integration-test-ctx
design/chat-tab-wcag-contrast-2026-05-14
fix/offsec-006-slug-validation
design/wcag-contrast-fixes-2026-05-14
fix/904-handler-test-blockers
fix/ci-drift-canvas-reminder
fix/comment-trigger-storm
infra/660-codify-promote-tenant-image
fix/917-canvas-test-failures
fix/917-runtime-prbuild-detect-changes-fix
fix/filesTab-test-stale-reference
fix/files-tab-test-missing-helper
fix/runtime-prbuild-compat-detect-changes
fix/staging-test-compilation-fixes
fix/qa-review-token-fallback-v2
test/hydrate-canvas-coverage
fix/contextmenu-react-error-185
test/external-runtimes-coverage
fix/main-sqlmock-import-ineffassign-20260513
fix/redeploy-tenants-on-main-lint-cleanup
sre/docker-daemon-gate-fix
fix/897-listdelegations-use-ledger-table
fix/901-listdelegations-ledger-table
fix/core-main-handlers-hotfix
fix/e2e-api-platform-port
fix/main-green-monitor-status
fix/mobile-MobileChat-infinite-render
fix/delegations-ledger-fallback-rows-err
fix/874-extractmessagetext-clean
feat/881-untested-helpers
fix/874-extractmessagetext-bug
fix/status-reaper-api-timeout-retry-20260513130514
fix/831-admin-token-placeholder-bootstrap
feat/canvas-test-coverage-738
feat/files-tab-tree-coverage
feat/canvas-untested-components-coverage
feat/canvas-tab-test-coverage-2
fix/main-bundle-test-sqlmock-import
fix/stdio-fallback-all-environments
staging-sync-v3
ci/burn-in-remove-sop-tier-check-coe
fix/issue-860-delivery-mode-tests
design/approval-banner-emerald-fix
fix/issue-854-termsgate-a11y
fix/issue-859-wcag-contrast
fix/delegations-rows-err-bbc40cb8
design/approvalbanner-a11y
design/pricingtable-a11y
design/toolbar-help-toggle-fix
staging-sync-v2
fix/canvas-approvalbanner-a11y
feat/canvas-external-connect-modal-coverage
staging-sync-rm
fix/test-sanitize-agent-error-stderr
test/a2a-queue-extractExpiresInSeconds
fix/pr-829-test-issues
design/826-searchdialog-mount
fix/chat-createMessage-attachments-key
fix/762-recall-memory-canary
fix/367-a2a-tools-coverage-v2
feat/search-dialog-mount
feat/org-layout-test-coverage
fix/offsec-003-builtin-a2a-sanitize
fix/canvas-playwright-install-timeout
fix/805-audit-force-merge-main-required-checks
fix/cf-sweep-api-error
fix/e2e-diagnose-detail
fix/a2a-mcp-server-http-transport
fix/core-main-red-golangci-install
fix/test-declarations
fix/sop-checklist-body-hard-gate
merge-792
feat/mcp-tools-test-coverage
feat/workspace-crud-test-coverage
feat/socket-handler-test-coverage
fix/686-delegation-integration-tests
feat/a2a-proxy-helpers-test-coverage
fix/publish-canvas-disable-gha-cache-20260512
fix/publish-canvas-docker-probe-20260512
fix/canvas-image-ecr-20260512
fix/687-send-ssh-public-key-detail
feat/tier-2g-required-context-exists-in-bp
feat/tier-2f-bp-emit-match
fix/mc-664-class-2-mcp-offsec-contract-test
fix/main-ci-green-20260512
infra/dockerfile-add-docker-cli-for-local-build
test/workspace-crud-helpers-coverage
fix/681-recallmemory-offsec-contract
fix/org-layout-helpers-test-coverage
fix/735-extractResponseText-tests
test/713-workspace-crud-validators
test/713-org-helpers-pure-coverage
fix/713-eic-diagnose-detail
fix/730-filterpeers-nil-guard
infra/all-required-coe-false-v2
fix/phase3-tracker-comments
fix/mc-664-class-1-delegation-tests-postgres-integration
fix/canvas-keyboard-shortcuts-dialog-guard
infra/664-lint-coe-trackers
ci/lint-tracker-regex-fix-v2
fix/731-nil-guard-filter-peers-by-query
fix/lint-TRACKER_RE-mid-sentence
ci-retrigger-747
feat/709-handler-pure-coverage
fix/697-canvas-geticon-topology
ci/lint-tracker-regex-fix
test/2071-canvas-drop-target-badge-coverage
feat/2071-canvas-orgdeploystate-coverage
feat/mobile-canvas-comms-spawn-coverage
ci/lint-coe-self-fix
fix/ssm-refresh-ecr-auth-json-escaping
design/729-fix
ci/gate-check-v3-permissions-fix
fix/730-discovery-filter-nil-role
infra/publish-docker-daemon-diagnostic
fix/714-all-required-coe-false
fix/717-mobile-agentMessages-selector
infra/fix-all-required-status-reporting
fix/687-e2e-surface-diagnose-detail
infra/docker-runner-label
test/701-canvas-hydrate-coverage
test/mobile-primitives-coverage
infra/664-interim-platform-build-exempt
fix/693-offsec-recallmemory-scrub-staging
sync/main-to-staging-514-v2
fix/693-offsec-recallmemory-global-scrub
fix/693-offsec-recallmemory-scrub
fix/634-handler-test-fixes-to-main
test/699-socket-handler-coverage
sre/workflow-run-replacement
infra/676-ssm-auth-json-hardening
fix/offsec-001-method-scrub-hotfix
fix/offsec-001-method-scrub-main
feat/workspace-crud-validation-tests
test/canvas-hydrate-coverage
infra/lint-pre-flip-continue-on-error
fix/workflow_run-to-push-gitea-1.22.6
feat/tier-2e-tracking-issue
fix/684-offsec-scrub-method-default
feat/sop-checklist-gate-mvp
feat/tier-2d-lint-mask-pr-atomicity
infra/lint-workflow-yaml-hostile-shapes
infra/lint-required-no-paths-filter
cleanup/pr-641-clean
feat/mobile-tabbar-wcag-a11y
fix/canvas-mobile-chat-loop
fix/651-canvas-chat-mobile-crash
fix/664-interim-remask-platform-build
fix/mobile-chat-max-update-depth
infra/622-force-merge-protection-fix
test/attachment-lightbox-clean-v2
ci/652-gitea-1-22-status-key
test/memorytab-2
infra/status-reaper-rev4-status-key-fix
infra/weekly-platform-go-vet-hard
fix/audit-force-merge-pipefail
infra/status-reaper-rev3-widen-window
test/canvas-externalconnectmodal-coverage
fix/sop-tier-check-token-graceful
infra/ci-required-drift-token-scope
test/console-modal-coverage
ci/review-check-tests-wire
test/canvas-workspacenode-coverage
test/memorytab
infra/interim-disable-reaper-watchdog-crons
test/attachment-lightbox-coverage
fix/issue-639-workspacenode-test-coverage
test/channels-tab
fix/canvas-searchdialog-test-fixtures
fix/598-attachmentLightbox-tests
fix/529-307-localbuild-async-test-fix
fix/582-attachmentviews-tests
fix/308-a2a-response-push-mode-tests
fix/529-preflight-localbuild
fix/sop-tier-check-token-graceful-staging
fix/545-approvalbanner-isolation
fix/519-memorytab-tests
infra/status-reaper-rev2-sweep-recent-commits
fix/handlers-test-fixtures
test/skill-helpers-coverage
test/ui-primitive-coverage
docs/gitea-quirks-10-11
test/platform-bundle-exporter-coverage
infra/status-reaper-rev1-drop-concurrency
fix/608-filesTab-focusTest
test/budget-section-coverage
infra/revert-docker-runner-label
fix/weekly-platform-go-latent-error-surface
infra/revert-publish-runs-on-pin
sre/gate-check-timeout
test/a2a-error-hint-coverage
test/chat-attachment-views-coverage
test/attachment-video-coverage
infra/option-b-status-reaper
infra/gate-check-v3-timeout
infra/576-docker-runner-label
fix/593-filetab-tests
test/files-tab-notavailablepanel-coverage
fix/591-forminputs-tests
fix/471-cwe117-stderr-scrubbing
infra/diagnostic-publish-workspace-server-image
fix/582-bundle-import-tests
test/form-inputs-coverage
fix/publish-workspace-server-image-json5-comments
sre/fix-all-required-null-result
fix/publish-workspace-server-image-optional-token
pr-251
test/ui-statusbadge-coverage
fix/all-required-null-result-assertion
fix/568-palette-context-tests
pr-527
infra/merge-563-autobump-fix
test/mobile-palette-context-coverage
sre/fix-gate-check-v3-combined-state-loop
ci/540-review-check-bats-tests
fix/publish-runtime-autobump-push-condition
ci/558-verify-publish-runtime-marker
test/canvas-empty-state-coverage
infra/publish-runtime-verify-2026-05-11
ci/554-oci-labels-publish-workflow
infra/drift-bot-token
infra/rfc-219-phase-4-all-required-sentinel
ci/551-gate-checkout-trusted-ref
fix/gate-check-v3-pr-HEAD-security
fix/541-token-argv-security
sre/fix-gate-check-v3-bugs
fix/537-cwe117-a2a-tools-sanitize
fix/gate-check-v3-http-error-crash
sre/fix-localbuild-preflight
infra/rfc-324-workflow-add
test/offsec-003-sanitization-backstop
fix/test-sanitize-agent-error-stderr-exc
fix/approval-banner-test-isolation
infra/scope-workflows-fix
sre/fix-pr530-deadlock
sre/reopen-516-gate-check-fix
fix/ci-scope-operational-workflows-504-419
sre/scope-operational-workflows-to-schedule
ci/harness-replays-detect-changes-quoting-fix
fix/test-blocks-until-inflight-completes
fix/test-enrich-peer-metadata-nonblocking
sre/fix-enrich-nonblocking-cache-check
merge-pr490
runtime/fix-offsec-003-tool-delegate-task
fix/508-update-boundary-assertions
sre/fix-test-delegation-sync-polling-assertions
fix/366-shared-runtime-coverage
fix/506-unused-imports
ci/lint-fixes
fix/367-a2a-tools-coverage
test/a2a-client-enrich-peer-rebase
fix/354-delegation-auto-resume-rebase
ci/fix-detect-changes-commits-array
fix/307-async-rebase
runtime/fix-harness-replays-push-event
sre/fix-test-polling-sanitization
fix/harness-replays-detect-changes-gitea-api
ci/fix-test-polling-sanitization
test/eventstab
runtime/335-rebase-platfrom-url
hotfix/491-offsec-003-staging-v2
fix/pr477-test-fixes
runtime/335-rebase-platform-url
fix/354-auto-resume-delegations
fix/368-audit-hooks-coverage
runtime/temporal-platform-url-fix
infra/secret-reconciliation-v2
fix/purchase-success-modal-test-isolation
pr-476
sre/fix-gitea-runbook-network-quirks
tools/gate-check-v3
fix/376-activity-delegation-polling
runtime/platform-url-fix-merge
fix/canvas-purchase-success-modal-test-timing
fix/secret-naming-reconciliation
docs/gitea-operational-quirks-runbook
test/canvas-toolbar-coverage
fix/canvas-tier-config-v2
fix/455-offsec003-sanitize-alignment
fix/sweep-stale-e2e-orgs-secret-name
fix/approvalbanner-mockreset-452
fix/canvas-approvalbanner-mockreset
fix/publish-runtime-autobump-fetch-depth
fix/321-cwe22-loadWorkspaceEnv-path-traversal
fix/canonicalize-staging-admin-token-rebase-462
canvas-followup
fix/canonicalize-staging-admin-token-rest
refactor/drop-canary-prefix
fix/canvas-test-and-design-fixes
runtime/432-followup-helper-extraction
fix/harness-replays-detect-changes-fetch-depth
fix/stderr-include-a2a-error-response
feat/internal-292-sop-tier-refire
docs/update-remote-agent-tutorial-sdk-api
fix/canvas-confirm-dialog-backdrop-a11y-v3
fix/canvas-confirm-dialog-backdrop-a11y-v2
fix/388-github-token-501-gitea-staging
fix/dialog-backdrop-a11y
runtime/414-idle-loop-skip-pending-results-v3
fix/test-extract-tool-trace
fix/test-plugins-atomic-tar-coverage
fix/harness-replays-fetch-depth
fix/test-instructions-handler-coverage
sre/fix-workflow-secret-naming
fix/canvas-tiers-config-string-keys
fix/offsec-003-promote-to-main
fix/class-e-secret-name-reconciliation
fix/sop-tier-check-apt-get-first
fix/307-async-test-pollution
fix/sop-tier-check-jq-install-order
fix/canvas-test-failures-2026-05-10
runtime/fix-a2a-tools-duplicate-error-block-v2
infra/sop-tier-check-jq-install-fix
runtime/fix-a2a-push-delivery-mode
feat/main-never-red-watchdog-internal-420
feat/internal-219-phase-2bc-port-to-molecule-core
fix/a11y-canvas-clean
sweep/internal-219-cat-C1-port-gates-lints
sweep/internal-219-cat-B-delete-github-only
sweep/internal-219-cat-A-delete-mirrored
fix/offsec-003-json-endpoint-sanitize
sweep/internal-219-cat-C3-port-deploy-janitors
sweep/internal-219-cat-C2-port-e2e
fix/publish-runtime-cascade-sha-capture
feat/internal-219-phase-3-port-ci-yml
fix/413-a2a-delegation-offsec-003
runtime/381-idle-loop-pending-messages
fix/delegations-rows-err-check
fix/a11y-canvas-buttons-staging
runtime/fix-399-a2a-delegation-missing-import-v2
fix/380-cwe59-symlink-traversal
fix/388-github-token-501-staging
fix/confirm-dialog-wcag-backdrop
infra/sop-tier-check-jq-script-fallback
fix/revert-391-broken-jq-install
fix/a2a-tools-duplicate-dead-code
fix/confirm-dialog-backdrop
fix/canvas-confirm-dialog-backdrop-a11y
infra/jq-install-main
fix/sop-tier-check-jq-main
fix/canvas-dialog-backdrop-a11y
fix/388-github-token-501
runtime/offsec-003-polling-path-v2
fix/361-sanitize-delegation-results
runtime/offsec-003-executor-sanitize
fix/cwe22-loadWorkspaceEnv-main
fix/qa-audit-307-308-clean
ci/fix-293-sqlalchemy-pip-install
fix/354-delegation-auto-resume
runtime/platform-url-host-docker-internal
fix/canvas-repair-tests-344
fix/canvas-statusdot-ts-errors
test/molecule-audit-hooks-coverage
test/a2a-tools-and-send-message-coverage
fix/sop-tier-check-jq-install
test/shared-runtime-helpers-coverage
fix/canvas-topology-sort-orphan
fix/executor-helpers-offsec-003-sanitize
runtime/offsec-003-polling-path
fix/354-a2a-delegation-auto-resume
runtime/fix-a2a-push-delivery-mode-v2
fix/publish-runtime-add-_sanitize_a2a-to-allowlist
fix/publish-runtime-missing-working-directory
ci/add-sqlalchemy-to-pip-install
ci-resolve-github-gitea-triplicate
sre/offsec-003-boundary-escape
fix/sec-321-path-traversal-clean
fix/a2a-proxy-response-header-timeout-v2
fix/publish-runtime-workflow-dispatch-inputs
fix/a2a-push-mode-queue-envelope
fix/351-split-publish-runtime-triggers
feat/348-publish-runtime-restore-path-trigger
fix/issue-workspace-dup-name-409-autosuffix
fix/security-OFFSEC003-boundary-escape-334
fix/security-CWE22-loadWorkspaceEnv-330
fix/canvas-test-fixes-20260510
fix/canvas-extractMessageText
fix/qa-307-async-pollution-direct
test/a2a-client-enrich-peer-metadata
fix/docs-309-remote-faq-staging-env
fix/qa-308-push-mode-queue-tests
fix/qa-307-async-pollution
runtime/fix-plugin-registry-import-path
fix/a2a-proxy-response-header-timeout-clean
fix/publish-workspace-server-ci-clone-manifest-retry-main
infra/remove-pr303-tracking
fix/issue-296-plugin-registry-sysmodules
infra/pin-compose-image-digests
chore/sync-main-to-staging
fix/sec-321-path-traversal
fix/a2a-proxy-response-header-timeout
docs/a11y-billing-wcag-patterns
fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor
runtime/fix-test-config-model-isolation
ci/docker-daemon-health-guard
docs/fix-remote-workspaces-faq
fix/publish-workspace-server-ci-clone-manifest-retry
fix/test-config-env-isolation
ci/staging-sha-pinning
fix/external-connection-user-facing-urls
fix/workspace-server-registry-config-helper
fix/issue-272-sqlalchemy-ci-install
fix/canvas-yaml-utils-nested-arrays-clean
fix/self-delegation-guard
promote/staging-to-main-100546
fix/a2a-tools-v2
fix/a2a-tools-and-workflow-cleanup
fix/canvas-test-isolation-fixes-v2
fix/molecule-model-env-go
runtime/fix-delegate-empty-parts-regression
infra/runtime-doc-playwright-limitation
fix/offsec-001-error-message-scrubbing
fix/offsec-001
fix/a2a-tools-string-error-handling-clean
fix/core-248-pluginresolver-and-plgh
infra/fix-source-resolver-dup
fix/model-provider-misnomer
fix/a2a-tools-string-error-handling-v2
fix/canvas-yaml-utils-test-failure
fix/a2a-tools-string-error-handling
fix/internal-214-gosum-vanity-import
fix/canvas-test-isolation-fixes
chore/canvas-statusbadge-test-fix-cherry-pick
fix/canvas-statusbadge-test-role-ambiguity
runtime/fix-mcp-client-localhost-default
fix/core-257-delegation-test-stray-brace
revert/core-d0126662-restart-signals-undefined-h
revert/core-123-plugin-drift-detector
ci/pin-action-and-base-images
fix/org-232-per-workspace-required-env-preflight
fix/ssrf-guard-before-begintx
test/issue-232-per-workspace-required-env-preflight
fix/issue232-org-import-required-env-aggregation
fix/canvas-ts-test-errors
fix/delegations-list-ledger-fallback
wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip
wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix
fix/pluginresolver-conflict
wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict
wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff
feat/keyboard-shortcuts-dialog
wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog
wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config
test/canvas-cssvar-tests
fix/internal-229-sop-tier-check-tier-low-relaxation
test/canvas-utility-pure-tests
test/canvas-preflight-utils-tests
test/canvas-runtimeprofiles-tests
test/canvas-yaml-utils-tests
test/canvas-pure-function-tests
fix/ci-port-publish-workspace-server-image-228
fix/ssrf-validate-agent-url-212
ci/sop-tier-check-approver-teams-fix
fix/sop-tier-check-legacy-flip-229
wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel
wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125
wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123
fix/sweeper-race-error-counter
infra/fix-issue-75-gh-cli-gitea-sweep
wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75
feat/keyboard-shortcuts-dialog-test
wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86
ci/fix-issue-87-root-skip
fix/test-local-resolver-root-skip
fix/workspace-tests-clear-auth-cache
wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error
wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync
wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net
wip-snapshot-2026-05-10/core-lead/fix-168-mine
wip-snapshot-2026-05-10/core-lead/fix-167-uiux
wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text
fix/canvas-agent-comms-show-task-text
wip-snapshot-2026-05-10/core-lead/fix-vitest-pool
fix/info-disclosure-errors
infra/add-temporal-to-main-compose
design/verify-canvas-design-system
fix/workspace-persona-git-identity
fix/175-env-matched-pair-guard
wip-snapshot-2026-05-10/core-lead/fix-149
refactor/sop-tier-check-extract-script
fix/sop-tier-check-pr-target-security
ci/sop-tier-check-deploy
fix/issue53-admin-token-pair-guard
fix/org-import-started-event-name
refactor/delete-uses-cascade-helper
fix/org-import-reconcile-and-audit
fix/preserve-model-secret-on-restart
feat/persona-bind-mount-local-dev
feat/canary-tier-filter
feat/plugin-version-subscription
feat/plugin-hot-reload-classifier
feat/plugin-atomic-install
feat/air-hot-reload-dev
feat/persona-env-injection
fix/external-resolver-hardening
fix/issue75-class-D-gh-api-to-gitea-rest
fix/cherry-3-files-vitest-postgres-e2eapi
fix/promote-vitest-postgres-fixes
fix/saas-plugin-install-eic
fix/issue-94-e2e-api-parallel-safe-class-b
migrate/issue-71-vanity-imports
fix/handlers-postgres-port-collision-class-b
fix/issue-96-canvas-vitest-cold-start-timeout
fix/hermes-agent-doc-gitea-migration
fix/196-retarget-main-to-staging-gitea-rest
fix/gitea-ci-flakes-issue-88
fix/pin-upload-artifact-v3-gitea
fix/issue-72-auto-sync-token-canary-v2
fix/issue75-class-F-gh-run-list-to-statuses
fix/issue75-class-A-gh-pr-to-gitea-rest
feat/issue-63-local-build-from-gitea-v2
fix/195-auto-promote-staging-gitea-rest
fix/144-branch-protection-check-name-parity-audit
fix/harness-replays-pre-clone-manifest
chore/trigger-auto-sync-verification
fix/codeql-stub-on-gitea-156
chore/issue173-retrigger-after-ecr-repo-create
fix/issue173-inline-aws-ecr-login
fix/issue173-shell-docker-push
chore/retrigger-harness-replays-post-class-g
fix/issue173-buildx-driver-and-cache
fix/post-suspension-clone-manifest
fix/issue173-followup-platform-dockerfile
fix/post-suspension-github-urls
fix/170-goroutine-bleed-test-isolation
fix/issue173-publish-workspace-server-image
fix/issue36-a2a-proxy-preflight
fix/codeql-continue-on-error-156
feat/demo-mock-3-bigorg-mock-runtime
feat/demo-mock-1-purchase-success-modal
fix/publish-path-filter-add-scripts
fix/clone-manifest-gitea
chore/touch-publish-workflow-to-trigger
chore/retrigger-publish-post-aws-secrets
chore/cherry-pick-pr23-into-main
chore/backsync-main-into-staging-task-166
fix/auto-sync-use-devops-token
chore/retrigger-staging-on-fixed-runner-image
chore/drop-github-app-auth-and-ecr-swap
docs/readme-comprehensive-refresh-2026-05-06
feat/rfc-2945-pr-c-2-canvas-chat-history
fix/issue10-runtime-aware-plugin-install
fix/s8-bind-loopback-dev
fix/14-cascade-gitea-dispatch
docs/molecule-core-bulk-sed
chore/pin-artifact-actions-v3
fix/lowercase-org-slug
fix/script-ghcr-and-lint-paths
docs/workspace-runtime-readme-source-edit
feat/eic-tunnel-pool-core-11
chore/rfc-2945-pr-c-3-delete-historyhydration
fix/2872-sqlmock-regex-tightening
fix/cp-orphan-sweeper-2989
feat/registry-prefix-env-driven-issue-6
docs/readme-refresh-2026-05-06
runtime-v0.1.1013
runtime-v0.1.1011
runtime-v0.1.1010
runtime-v0.1.1009
runtime-v0.1.1008
runtime-v0.1.1007
runtime-v0.1.1006
runtime-v0.1.1005
runtime-v0.1.1004
runtime-v0.1.1001
runtime-v0.1.1003
runtime-v0.1.1000
runtime-v0.1.131
runtime-v0.1.130
runtime-v1.0.0
runtime-v0.0.35
runtime-v0.0.34
runtime-v0.0.33
runtime-v0.0.32
runtime-v0.0.31
runtime-v0.0.30
runtime-v0.0.29
runtime-v0.0.28
runtime-v0.0.27
runtime-v0.0.26
runtime-v0.0.25
runtime-v0.0.24
runtime-v0.0.23
runtime-v0.0.22
runtime-v0.0.21
runtime-v0.0.20
runtime-v0.0.19
runtime-v0.0.18
runtime-v0.0.17
runtime-v0.0.16
runtime-v0.0.15
runtime-v0.0.14
runtime-v0.0.13
runtime-v0.0.12
runtime-v0.0.11
runtime-v0.0.10
runtime-v0.0.9
runtime-v0.0.8
runtime-v0.0.7
runtime-v0.0.6
runtime-v0.0.5
runtime-v0.0.4
runtime-v0.0.3
runtime-v0.0.2
runtime-v0.0.1
ci-trigger-1776771586
ci-retry-1776771601
ci-retrigger-1776771591
Labels
Clear labels
approved
area/ci
do-not-auto-merge
do-not-merge
kind/infrastructure
merge-queue
merge-queue-hold
needs-engineer
platform/go
ready-to-build
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
wip
CI/CD pipeline issues
Opt out of autonomous merge-queue merging
hold from auto-merge (design review in progress)
Infrastructure-related issues
Ready for serialized Gitea merge queue
Temporarily hold PR in merge queue
Go platform test issues
Blocks the staging→main promotion / a release
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
test
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
agent-dev-a
agent-dev-b
agent-pm
agent-researcher
agent-reviewer
agent-reviewer-1
agent-reviewer-cr2
app-fe (Molecule AI · app-fe)
app-lead (Molecule AI · app-lead)
app-qa (Molecule AI · app-qa)
claude-ceo-assistant
claude-ci-reader
core-be (Molecule AI · core-be)
core-devops (Molecule AI · core-devops)
core-fe (Molecule AI · core-fe)
core-lead (Molecule AI · core-lead)
core-offsec (Molecule AI · core-offsec)
core-qa (Molecule AI · core-qa)
core-security (Molecule AI · core-security)
core-uiux (Molecule AI · core-uiux)
cp-be (Molecule AI · cp-be)
cp-lead (Molecule AI · cp-lead)
cp-qa (Molecule AI · cp-qa)
cp-security (Molecule AI · cp-security)
cui (Zhanlin Cui)
dev-lead (Molecule AI · dev-lead)
devops-engineer
documentation-specialist (Molecule AI · documentation-specialist)
fullstack-engineer (Molecule AI · fullstack-engineer)
godwin
hongming
hongming-ceo-delegated
hongming-codex-laptop
hongming-kimi-laptop
hongming-pc2
hongming-personal
infra-lead (Molecule AI · infra-lead)
infra-runtime-be (Molecule AI · infra-runtime-be)
infra-sre (Molecule AI · infra-sre)
integration-tester (Molecule AI · integration-tester)
mc-drift-bot
molecule-code-reviewer
plugin-dev (Molecule AI · plugin-dev)
pm
publish-runtime-bot
pypi-publisher (Molecule AI PyPI Publisher (RFC#596))
release-manager (Molecule AI · release-manager)
sdk-dev (Molecule AI · sdk-dev)
sdk-lead (Molecule AI · sdk-lead)
sop-drift-bot
sop-tier-bot (SOP Tier-Check Bot)
technical-writer (Molecule AI · technical-writer)
triage-operator (Molecule AI · triage-operator)
Clear assignees
agent-dev-a
agent-dev-b
agent-pm
agent-researcher
agent-reviewer
agent-reviewer-1
agent-reviewer-cr2
app-fe (Molecule AI · app-fe)
app-lead (Molecule AI · app-lead)
app-qa (Molecule AI · app-qa)
claude-ceo-assistant
claude-ci-reader
core-be (Molecule AI · core-be)
core-devops (Molecule AI · core-devops)
core-fe (Molecule AI · core-fe)
core-lead (Molecule AI · core-lead)
core-offsec (Molecule AI · core-offsec)
core-qa (Molecule AI · core-qa)
core-security (Molecule AI · core-security)
core-uiux (Molecule AI · core-uiux)
cp-be (Molecule AI · cp-be)
cp-lead (Molecule AI · cp-lead)
cp-qa (Molecule AI · cp-qa)
cp-security (Molecule AI · cp-security)
cui (Zhanlin Cui)
dev-lead (Molecule AI · dev-lead)
devops-engineer
documentation-specialist (Molecule AI · documentation-specialist)
fullstack-engineer (Molecule AI · fullstack-engineer)
godwin
hongming
hongming-ceo-delegated
hongming-codex-laptop
hongming-kimi-laptop
hongming-pc2
hongming-personal
infra-lead (Molecule AI · infra-lead)
infra-runtime-be (Molecule AI · infra-runtime-be)
infra-sre (Molecule AI · infra-sre)
integration-tester (Molecule AI · integration-tester)
mc-drift-bot
molecule-code-reviewer
plugin-dev (Molecule AI · plugin-dev)
pm
publish-runtime-bot
pypi-publisher (Molecule AI PyPI Publisher (RFC#596))
release-manager (Molecule AI · release-manager)
sdk-dev (Molecule AI · sdk-dev)
sdk-lead (Molecule AI · sdk-lead)
sop-drift-bot
sop-tier-bot (SOP Tier-Check Bot)
technical-writer (Molecule AI · technical-writer)
triage-operator (Molecule AI · triage-operator)
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: molecule-ai/molecule-core#2095
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Workstream 2 of the CI/CD + agent-fleet hardening RFC (molecule-ai/internal#749).
Problem (2026-06-01 incident)
~57 workflow files generating ~65 runs/PR overwhelm the Gitea Actions scheduler. The
all-requiredpoll-gate squats a runner slot up to 40 min/PR doing nothing but polling the statuses API — amplifying contention during the outage.Proposed solution (make #2094 the org standard)
needs:-aggregator required gate, NOT a poll-gate — plainneeds:works on Gitea 1.22.6 / act_runner v0.6.1 (feedback_gitea_needs_works_only_ifalways_broken);if: always()aggregators land with the 1.26 upgrade (RFCci-cd-elastic-runners-and-native-needs). Apply the #2094 pattern across every repo mirroring the sentinel.Links
CI/CD + agent-fleet hardening — workstream map
RFC PR: internal#749 — molecule-ai/internal#749
All five trace to the 2026-06-01 incident: one un-throttled backup on the single Gitea+Postgres+runners box took all CI red ~40 min with no alert (WS1–3), and the agent fleet failed review/RCA — cheap models 0/6 false, capable reviewers sandboxed without tooling (WS4–5).