[MEDIUM] Missing SSRF Validation on External Workspace URL via Admin-Create Path #212

New Issue

Closed

opened 2026-05-10 01:43:44 +00:00 by core-offsec · 1 comment

core-offsec commented 2026-05-10 01:43:44 +00:00

Member

Copy Link

Copy Source

Summary

When an admin creates an external workspace via POST /workspaces with runtime: "external" and supplies a URL, that URL is written directly to the workspaces table without passing through validateAgentURL (which blocks internal/cloud-metadata IPs). This allows an attacker with AdminAuth to register a workspace URL pointing at cloud metadata endpoints (e.g. http://169.254.169.254/latest/meta-data/), enabling SSRF when the platform fires pre-restart drain signals.

Attack Flow

1. Attacker (AdminAuth) calls POST /workspaces with runtime: "external" and url: "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
2. workspace.go:385-386 writes the URL directly via parameterized SQL — no validateAgentURL call
3. When runRestartCycle fires, gracefulPreRestart (restart_signals.go) dispatches a JSON-RPC pre-restart signal via HTTP POST to the stored URL, with the workspace bearer token in the payload
4. The metadata endpoint responds with IAM credentials scoped to the platform EC2 role

Affected Code

workspace-server/internal/handlers/workspace.go lines 385-386. Compare with registry.go:324 which correctly calls validateAgentURL for agent self-registration.

Proposed Fix

Add validateAgentURL(payload.URL) validation before the URL write:

if payload.URL != "" {
    if err := validateAgentURL(payload.URL); err != nil {
        c.JSON(http.StatusBadRequest, gin.H{"error": "unsafe workspace URL: " + err.Error()})
        return
    }
    db.DB.ExecContext(ctx, `UPDATE workspaces SET url = $1, ...`, payload.URL, ...)
}

Severity

MEDIUM — Requires AdminAuth (compromised admin token or insider). Impact: SSRF to cloud metadata endpoints, exfiltrating IAM role credentials. Affects self-hosted and SaaS deployments.

## Summary When an admin creates an external workspace via `POST /workspaces` with `runtime: "external"` and supplies a URL, that URL is written directly to the `workspaces` table **without** passing through `validateAgentURL` (which blocks internal/cloud-metadata IPs). This allows an attacker with AdminAuth to register a workspace URL pointing at cloud metadata endpoints (e.g. `http://169.254.169.254/latest/meta-data/`), enabling SSRF when the platform fires pre-restart drain signals. ## Attack Flow 1. Attacker (AdminAuth) calls `POST /workspaces` with `runtime: "external"` and `url: "http://169.254.169.254/latest/meta-data/iam/security-credentials/"` 2. `workspace.go:385-386` writes the URL directly via parameterized SQL — no `validateAgentURL` call 3. When `runRestartCycle` fires, `gracefulPreRestart` (restart_signals.go) dispatches a JSON-RPC pre-restart signal via HTTP POST to the stored URL, with the workspace bearer token in the payload 4. The metadata endpoint responds with IAM credentials scoped to the platform EC2 role ## Affected Code `workspace-server/internal/handlers/workspace.go` lines 385-386. Compare with `registry.go:324` which correctly calls `validateAgentURL` for agent self-registration. ## Proposed Fix Add `validateAgentURL(payload.URL)` validation before the URL write: ```go if payload.URL != "" { if err := validateAgentURL(payload.URL); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "unsafe workspace URL: " + err.Error()}) return } db.DB.ExecContext(ctx, `UPDATE workspaces SET url = $1, ...`, payload.URL, ...) } ``` ## Severity **MEDIUM** — Requires AdminAuth (compromised admin token or insider). Impact: SSRF to cloud metadata endpoints, exfiltrating IAM role credentials. Affects self-hosted and SaaS deployments.

core-be self-assigned this 2026-05-10 01:48:00 +00:00

core-devops referenced this issue from a commit 2026-05-10 02:30:31 +00:00

fix(workspace): add SSRF validation before writing external workspace URL

core-devops referenced this issue 2026-05-10 02:30:42 +00:00

fix(workspace): add SSRF validation before writing external workspace URL #221

core-devops added the tier:medium label 2026-05-10 02:32:35 +00:00

core-devops closed this issue 2026-05-10 02:35:45 +00:00

claude-ceo-assistant commented 2026-05-10 11:06:44 +00:00

Owner

Copy Link

Copy Source

Resolved by #256 (merged 2026-05-10T09:52:26Z). The SSRF guard was lifted before BeginTx in workspace-server/internal/handlers/workspace.go. Verified main HEAD 79ced2e7 builds.

Resolved by `#256` (merged 2026-05-10T09:52:26Z). The SSRF guard was lifted before `BeginTx` in `workspace-server/internal/handlers/workspace.go`. Verified main HEAD `79ced2e7` builds.

core-offsec referenced this issue 2026-05-10 18:03:32 +00:00

[security] SSRF guard regressed from non-external workspace Create path (regresses #212) #339

triage-operator referenced this issue 2026-05-10 18:21:54 +00:00

[security] SSRF guard regressed from non-external workspace Create path (regresses #212) #339

core-devops referenced this issue from a commit 2026-05-19 00:39:20 +00:00

fix(canvas/chat): surface actionable error reason in chat banner + link to Activity tab (internal#212)

core-fe referenced this issue from a commit 2026-05-20 21:21:03 +00:00

fix(canvas/chat): point A2A error hints at Activity tab, not phantom "workspace/container logs" (closeout internal#212)

core-fe referenced this issue 2026-05-20 21:21:34 +00:00

fix(canvas/chat): A2A hints point at Activity tab (closeout internal#212) #1617

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/3230-local-provision-e2e-tracker-renewal

fix/3232-design-token-drift-gate-tracker-renewal

fix/concierge-mgmt-mcp-reprovision-deadlock-33

fix/renew-prune-stale-dns-tracker-3234

fix/renew-design-token-drift-tracker-3232

fix/renew-lifecycle-real-tracker-3230

fix/merge-gate-live-recheck-3210d

fix/deploy-gate-hardening-3210c

fix/merge-gate-hardening-3210b

fix/merge-gate-failopen-3210

draft/obs-railway-loki-drain-3214

fix/template-autorefresh-on-cache-miss-3211

fix/mcp-contract-legacy-removal-2

test/push-package-coverage

ci/required-contexts-enforced-ssot-3181

fix/handlers-activity-cte-expectation

fix/provider-base-url-fallback

fix/restart-preserves-switched-runtime

fix/runtime-switch-auto-reset-model

fix/create-workspace-complete-llm-config

ux/configtab-runtime-resets-model

fix/handlers-untested-helpers-2026-05-16

harden-merge-failclosed-1676-probe

fix/handlers-test-async-drain

test/org-import-pure-funcs

fix/scheduler-coverage-gaps

feat/canvas-growParentsToFitChildren-coverage

test/issue-1156-messaging-coverage

test/workspace-adapter-base-coverage

sre/fix-sop-test-parse-directives

fix/issue-1183-settingspanel-act-wrap

fix/queue-label-filter-all-ids

test-1675-canvas-user-activity-log-regression

docs/reconcile-platform-mcp-plugin

governance/require-sop-checklist-all-items-acked

docs/rfc-platform-mcp-plugin-lego-revision

governance/sop-checklist-scope-publicrepo

security/remove-public-runbooks-20260623

docs/rfc-platform-mcp-plugin-signoff

fix/rc12082-provision-time-provider-aware

fix/2141-sop-tier-check-fail-closed-tests

fix/2328-byok-create-gate-provider-aware

fix/3147-prune-stale-e2e-dns-tracker-renewal

fix/3089-design-token-drift-tracker-renewal

fix/delegation-list-shows-both-directions

test/canvas/Toolbar-a11y

fix/read-stored-model-secret-fail-closed

fix/2129-write-path-ssrf

fix/2129-chat-files-ssrf-2316

fix/2127-can-delegate-capability

fix/3168-rc13387-rest-delegate-gate

fix/3162-byok-fail-closed

staging

fix/issue-1171-rows-err-memory-events-channels

fix/channels-json-unmarshal-guard

fix/tokens-rate-limit-scan-err

pr-1117-check

fix/core-1117-proxy-test-races

fix/concierge-provider-empty-model

fix/schedules-cron-next-run-wallclock-race

feat/prune-dns-coe-tracker-renewal

feat/gitea-private-repo-fastfail

feat/mcp-contract-drift-runtime

feat/reserved-path-review-refire

feat/prune-cf-e2e-dns

fix/prune-dns-stale-mc3140-ref

ci/required-review-gates-3141

fix/2248-canvas-platform-managed-credential-gating

fix/sweep-cf-orphans-fail-closed

fix/sweep-aws-workspace-config-secrets

ops/ecr-lifecycle-iac

fix/3082-mcp-loaded-grace-window

fix/plugins-tab-loading-state

fix/csp-img-src-pin-exact-r2-host

fix/p0-sev-promote-platform-boot-blocking

fix/a2a-queue-drain-gateway-misclass

fix/csp-img-src-generated-images

feat/manifest-entry-existence-check

chore/local-tenant-smoke-script

fix/3123-redis-smoke-mirror-ci

fix/saas-listinstalled-eic-dispatch

fix/smoke-variant-b-core-infra

fix/smoke-health-path-healthz-to-health

fix/p0-sev-smoke-gate-add-redis

chore/bump-platform-agent-pin-ssot-molecule-platform

harden/platform-boot-merge-blocking

fix/ssot-degrade-gate-tool-from-contract

fix/313-block-staging-trigger

fix/p0-sev-image-smoke-gate

chore/internal-33-template-assets-consumed

rfc/image-gen-platform-metered

feat/2948-phase1-template-decouple

fix/canvas-approval-clamp-2026-06

core-3082-concierge-mcp-fail-loud

core-3080-mcp-plugin-delivery-contract

fix/concierge-e2e-poll-for-mcp-tool

fix/canvas-provisioning-loader

ssot/extend-mcp-plugin-delivery-contract

fix/3087-audit-force-merge-drift

fix/orgtoken-mint-ceiling

ci/core-3081-concierge-a2a-probe

fix/design-token-drift-tracker-ref

fix/main-red-concierge-mcp-name

fix/unskip-a2a-busy-predicate-test-3056

devops/fix-concierge-mcp-undefined-symbol

fix/3068-merge-queue-review-filter

fix/manifest-path-dev-test-cwd

fix/ratelimit-xff-bypass-test-179

fix/merge-queue-dismissed-request-changes-3068

fix/template-delivery-e2e-config-flake-3062

fix/drift-test-copy-chmod-v2

fix/canvas-chat-history-cap-f4

feat/org-token-audit-log

fix/concierge-plugin-fetch-auth

fix/3057-wedged-agent-health-signal

fix/3056-proxy-a2a-error-classification

feat/provision-request-contract

fix/saas-restart-template-redelivery

fix/concierge-mcp-gitea-source

fix/1269-secrets-compile-error-tests

fix/3048-staging-redeploy-diagnostics

fix/3047-redeclare-platform-mcp-on-boot

fix/3046-gate-platform-mcp-install-path

fix/concierge-provider-seed

rfc/platform-mcp-as-plugin

feat/canvas-app-token-drift-gate

fix/remove-stale-platform-agent-drift-test

hotfix/main-red-skip-stale-platform-agent-drift-test

fix/audit-force-merge-required-checks-drift

fix/mobile-chat-f9-loadolder-without-container

fix/mobile-chat-f7-composer-state-on-error

fix/mobile-chat-f8-token-cleanup-omap

fix/mobile-chat-f6-socket-error-logging

fix/mobile-chat-f5-history-error-banner

fix/316-drop-github-token-fallback

fix/orgtoken-session-userid

fix/rfc2843-32-fire-reconcile-on-register

fix/rfc2843-32-prevstatus-enum-coalesce

ci/template-delivery-e2e-include-registry

fix/2990-platform-agent-drift-test-copy-chmod

fix/template-asset-fetch-by-template-not-runtime

docs/rfc-marketplace-delivery

docs/rfc2948-phase1-template-engine-decoupling

fix/2983-continue-on-error-tracker

fix/2970-platform-agent-entrypoint-wiring

fix/drift-test-copy-chmod

fix/platform-agent-copy-chmod

fix/platform-agent-base-on-tenant

fix/platform-agent-image-autobump

fix/wire-platform-agent-image-build

fix/runtime-compat-resolved-model

fix/2919-sibling-identity-fallback

fix/2970-concierge-register-model-gate

feat/template-delivery-e2e-gate

fix/2967-safedialcontrol-fail-closed-lookupip

cr2/sec-c-2130-transcript-ssrf

fix/2132-transcript-ssrf-control-pre-sy

fix/core-2594-concierge-model-seed-regression

fix/2132-transcript-proxy-ssrf

fix/patch-runtime-resolved-model-workspace-secrets

fix/deploy-staging-silence

fix/redeploy-staging-on-main-image-publish

fix/seo-agent-runtime-patch-validation

fix/2929-post-restart-settle-window

feat/2930-a2a-queue-sweeper

fix/2946-redact-only

fix/2929-a2a-proxy-debounce-settle

fix/2884-gate-check-label-actor

fix/2942-production-deploy-fail-closed

fix/2929-rule8-staging-redeploy-redact

fix/local-provision-a2a-queue-poll

fix/deploy-staging-silent-failure

fix/canvas-requests-markdown

fix/auto-redeploy-staging-on-main

fix/2927-manifest-ref-pinning

fix/2921-github-token-redaction-cleanup

fix/2918-memories-redaction-exempt

fix/2929-a2a-restart-debounce

fix/2929-maybeMarkContainerDead-settle-window

refactor/concierge-dehardcode-rfc-10a

fix/patch-runtime-model-compat-validation

feat/2489-canvas-display-defaults-ssot

fix/fleet-credential-tenant-admin-restart

feat/820-platform-paths-drift-gate

fix/2863-cp-stub-handlers-and-env

fix/2601-canvas-resilience-p2p3

fix/2883-local-provision-orphan-sweeper

feat/2917-staging-a2a-infra-skip

feat/pr-b-template-asset-channel

fix/2601-org-map-fallback

fix/lint-ignore-redaction-tuple-labels

fix/image-publish-timeout

fix/staging-e2e-approval-gate-subtest-isolation

fix/mobile-inbox-3-high-audit-findings

fix/2130-update-card-ssrf

fix/2875-pr-diff-guard

fix/131-runtime-bump-exemption

fix/2888-handlers-pg-timeout

feat/public-fetch-activation

test/2737-canary-smoke-a2a-pong-harness-capture

ci/require-secret-scan-core

docs/template-asset-delivery-2843

fix/2601-org-map-resilience-hardening

fix/byo-compute-meta-runtime-ssot

fix/2832-redaction-extension

feat/131-runtime-bump-exemption

fix/handlers-pg-integration-timeout

fix/2594-canvas-config-effective-values

fix/e2e-ws-teardown

fix/2875-destructive-diff-guard

fix/audit-force-merge-stale-contexts

fix/2863-cp-stub-provision-handler

fix/2489-ssot-display-default

fix/2851-lifecycle-harness-resolvable-url

fix/chat-history-assertion-robustness

fix/24-pr-b-gitea-fetcher

fix/harness-runner-skip-xfail-counting

fix/chat-panel-false-green-or-assertion

fix/2864-burn-down-org-create-400-capture

fix/2818-async-dispatch-202-taskid

fix/2865-peer-discovery-404-replay

fix/2851-containerized-platform-advertise-host

fix/76-staging-llm-preflight-model-auth

fix/2859-redeploy-fleet-transient-retry

fix/2520-extend-platform-boot-deadline

fix/2851-local-provision-real-image-hostname

fix/dedup-cfg-config-files-init

fix/2845-scaffold

fix/rfc-2843-24-asset-channel

fix/2489-ssot-instance-allowlist-endpoint

fix/66-approval-requester-withdraw

fix/concierge-slug-cap-2839

fix/rfc-2843-23-delete-seo-patch

fix/approvals-no-auto-expire

fix/60-staging-e2e-org-create-hardening

rfc/decouple-config-skill-delivery

fix/approvals-list-auto-expiry

fix/2796-e2e-server-received-assertion

fix/2802-detect-changes-debug-output

fix/2834-test-recover-panic-race

fix/provider-endpoint-gone-coverage

fix/2796-activity-log-selector

fix/2762-mobile-attach-sending-gate

test/approvals-policy-coverage

fix/2766-mobile-inbox-stale-action

fix/1286-admin-delegations-error-coverage

fix/2782-seed-param-auth

fix/2800-rc-detached-ws-delivery

fix/2788-e2e-chat-residual

fix/2786-desktop-echo-fixture

fix/2751-canvas-async-dispatch-contract

fix/2794-remove-retired-configtab-skips

fix/2770-governance-pr-status-shadows

test/offered-models-coverage

fix/2422-deadlock-and-routing

fix/2802-e2e-chat-echo-render

fix/2809-org-template-fail-closed

fix/2764-chat-separation-fail-closed

fix/2809-org-template-import-fail-closed

fix/core2782-collision-proof-slugs

fix/2751-canvas-async-dispatch

fix/concierge-moreinfo-icon-size

fix/2798-context-menu-delete-false-green

fix/2794-remove-retired-configtab-skips-clean

fix/mobile-chat-tooltrace-and-banner

fix/2796-chat-desktop-activity-log-skip

fix/2725-usechatsend-concurrent-messages

fix/2759-consolidated-11471-11472

fix/2759-rc3-11471-error-batch-consume

fix/33-e2e-chat-main-red

fix/2759-rc2-11463-followup

fix/2775-legacy-no-id-exact-one-fallback

fix/new-workspace-parent-fallback

fix/2761-remove-stale-termsgate-skip

fix/2764-chat-separation-e2e

feat/canvas-async-dispatch-flag

fix/2762-attach-cursor-residual

fix/2766-mobile-inbox-wrong-action-race

fix/core2771-create-restart-gate

docs/mobile-ia-ssot

feat/mobile-agent-tree

feat/mobile-inbox-tasks-approvals

fix/core2675-llm-preflight

fix/mobile-chat-parity

ci/autoroll-fleet-on-publish

fix/migrate-set-compute-instance

fix/core2611-register-401-retry

fix/core2566-concierge-self-secret-write

fix/2752-local-provision-minimax-model

fix/canvas-ssot-aa-contrast

fix/2748-adapter-base-double-v1

fix/chat-524-not-unreachable

fix/a2a-response-header-timeout-long-turns

fix/2743-staging-concierge-create-retry

fix/chat-clear-error-while-thinking

fix/2739-reproject-byok-restart-recovery

feat/mobile-palette-canvas-ssot

fix/migrate-revoke-stale-auth-token

fix/chat-clear-stale-error-on-reply

fix/2712-restart-byok-minimax-projection

fix/core2721-deeper-nav-to-org-map

ci/required-contexts-add-peervis

fix/core2724-workspace-server-ack-first

fix/core2723-client-side-chat-timeout-align

fix/core2721-staging-tabs-workspace-id-selector

fix/a2a-idle-timeout-raise

fix/chat-multisend-concurrent

fix/2712-diagnose-staging-result-error

fix/chat-thinking-indicator-currenttask

fix/chat-textarea-reset-baseline

fix/ci-required-drift-url-error

fix/chat-user-message-dedup-id

fix/restart-context-register-400-diagnostics

fix/2437-a2a-ready-boundary-poll

ci/peer-visibility-required-flip

fix/2437-queue-status-404-distinction

fix/a2a-proxy-body-truncation-2677

feat/2697-canvas-chat-ux

fix/restart-context-callerid-normalize

fix/chat-mobile-flake-2699

fix/request-moreinfo-reaches-requester

fix/canvas-user-identity-2691

fix/2694-a2a-queue-callerid

fix/drop-claude-fable-5-disabled

fix/restart-context-2530-callerid-normalize

fix/restart-context-degraded-2680

fix/wsauth-token-kinds-1644

fix/staging-platform-boot-known-answer-queued

test/external-runtime-requests-e2e

sync/providers-opus-4-8

fix/statuses-pagination-clamp

fix/2594-followup-per-workspace-byok-ssot

fix/ws1b-claude-code-attribution-header

fix/restart-race-provision-gate

fix/registry-clear-failure-on-healthy-heartbeat

fix/staging-tabs-hydration-sentinel

fix/local-provision-container-race-poll

fix/missed-coe-tracker-1982-to-2654

fix/2594-resolved-model-fail-closed

fix/e2e-chat-push-hydration

fix/2660-recover-bp-directive

test/2606-workspace-requests-e2e

fix/staging-tabs-x-molecule-org-id

fix/chat-desktop-visible-panel

fix/52bb9d6f-local-provision-e2e-build-e2e-names

fix/cf-preflight-sweep-cf-orphans

fix/action-pin-hygiene-e2e-chat

fix/2645-stall-watchdog-uuid-type

feat/2636-decision-chip-in-mychat

feat/2636b-reconstruct-tooltrace-from-agentlog

fix/2617-recover-atomic-byok-create

feat/2636-decision-visible-and-tooltrace-persist

fix/2608-hardfail-byok-at-create

feat/2606-respond-notifies-requester

fix/all-required-aggregation-regression-test

fix/core-2615-2496-platform-agent-on-conflict-runtime-test

fix/registry-boot-register-log-regression-test

fix/merge-queue-non-main-base-skip-test

fix/core-2615-2460-jq-install-fail-closed-test

fix/internal-797-postgres-integration-runner-label

fix/platform-tunnel-hostname-normalize

feat/ws-switch-provider-endpoint

fix/concierge-no-self-secret-ops-test

fix/handlers-postgres-neutral-required

fix/gate-check-v3-governance-regression-tests

fix/core-2615-2125-regression-test

fix/cross-cloud-register-url-fallback

fix/2608-billing-org-default

fix/2609-default-parent-platform-root

fix-2579-e2e

fix/2573-concierge-prompt-rule

fix/2573-no-autorestart-platform-root

fix/staging-e2e-preseed-cookie-consent

fix/chat-e2e-scope-panel-chat

fix/org-token-mint-verified-session

chore/core-self-merge-guard-reserved-paths

fix/core-2573-skip-self-restart-on-secret-write

fix-2540-ci

fix/gate-check-trusted-governance-contexts

fix/core-2530-register-failure-degraded

pull/1287

fix/core-2574-admin-token-gate

fix/duplicate-tab-ids-concierge-embed

fix/core-1362-delegation-list-both-directions

test/core-1988-matcheschatid-templateimageref

fix/handlers-admin-delegations-coverage

refactor/workspace-compute-status-constants

pr-2029

fix/core-2517-memory-write-fk-integration-test

fix/chat-e2e-scope-node-click

pr-1321

fix/activity-logs-13arg-test-expectations

fix/core-2508-install-platform-agent-hardening

fix/KI-013-migrate-legacy-names

fix/chat-ux-persist-and-autoscroll

fix/sev-2499-shared-volume-name-helper

chore/remove-dead-arm64-darwin-lanes

fix/ecr-disable-buildx-attestations

fix/core-2509-org-switcher-audit

perf/e2e-api-minimax-wait-budget

test/2505-backward-compat-full

fix/provision-timeout-720s

fix/2500-register-boot-logging

fix/heartbeat-promote-provisioning-to-online

fix/gate-check-v3-timeout

fix/lint-setup-go-cache-flip-hard-gate

fix/platform-agent-install-runtime-on-conflict

fix/2490-rebased

ci/guard-setup-go-cache

fix/core-2525-self-approval-authz-gap

fix/sev-2500-status-transition

fix/core-2490-bootstrapfailed-rescue-race

fix/core-2528-compile

fix/merge-queue-silent-base-skip

fix/sev-2499-status-transition-followup

fix/ops-scripts-snapshot-frozen-ts-2550

feat/canvas-chat-queue-and-child-lock

feat/2489-ssot-compute-metadata

fix/setup-go-cache-vs-bind-mount

fix/sev-2499-ssot-volume-names

fix/review-check-tests-jq-fail-closed

feat/2507-kind-wire-contract-truth-up

fix/sev-2499-enhanced-drift-guard

harden/e2e-ki013-drift-guard

ci/guard-no-coe-on-required

feat/agent-liveness-a2-stall-watchdog

fix/agent-stale-window-and-heartbeat

test/backward-compat-migrate-unit-tests

fix/core-2509-org-switcher

fix/add-missing-provisioner-unit-tests

docs/rfc-agent-liveness

feat/unified-requests-inbox-p3-canvas

feat/unified-requests-inbox-p4-nudge

fix/concierge-mcp-declaration

feat/unified-requests-inbox-p1

feat/envelope-bounce-animation

feat/support-claude-fable-5

fix/memories-http-upsert-namespace

fix/chat-timeout-not-unreachable

feat/2502-consume-conductor-snapshot

ci/publish-image-registry-layer-cache

fix/concierge-home-chat-follows-selection

fix/sev-2499-e2e-ki013-full-id-names

feat/cp-provision-forward-kind

feat/canvas-org-switcher

fix/ssot-consolidate-compute-options

fix/KI-013-provisioner-uuid-truncation

fix/add-missing-scheduler-unit-tests

pr2485-merge-test

fix/add-missing-middleware-unit-tests

fix/deploy-straggler-tolerance

fix/e2e-chat-testcontainer-leak

fix/sop-checklist-author-self-ack

fix/remove-dead-code-QueueDepth

fix/1093-adapter-py-test-margin

fix/local-provision-e2e-ipv4-hardcode

fix/main-red-e2e-act-runner-docker-detect

test/2148-registry-auth-real-postgres-v2

fix/all-required-aggregate-fail-closed

fix/envelope-anchor-dot-and-scale

test/2148-registry-auth-real-postgres

fix/main-red-e2e-ssrf-publish-retry

fix/status-reader-paginate-to-exhaustion

feat/in-place-provider-switch

test/2391-hydrate-inflight-turn-status

fix/2450-local-provision-dynamic-port

refile/2155-migration-replay-from-scratch

fix/2448-ops-scripts-fail-closed-zero-tests

fix/handlers-pg-required-tables-widen

fix/ci-fail-on-zero-tests-collected

fix/2421-heartbeat-backfill-agent-card

fix/scheduler-enqueue-cron-on-busy

fix/sev1-812-approval-validator

fix/2442-chat-desktop-enter-map-view

feat/a2a-message-flight-envelope

fix/e2e-chat-desktop-concierge-reskin-selector

fix/concierge-role-truncate

fix/2429-case-fold-trailing-dot-tunnel-hostname

fix/provider-on-isrunning-status

feat/canvas-concierge-ui

fix/validate-agent-url-pending-tunnel

fix/memories-commit-error-server-log

fix/gate-context-target-suffix

feat/ws-compute-provider-validation

fix/2396-sop-auto-tier-and-trigger

fix/1306-gitea-label-singular

remove/data-residency-banner

fix/2392-stop-by-instance-id-on-persist-fail

harden/merge-control-required-checks-json

fix/2398-enrich-commit-memory-log

fix/ec2-orphan-instance-id-persist-failure

fix/merge-control-script-hardening

fix/provider-derivation-fail-closed

fix/restart-sync-update-status-guard

fix/restart-guard-removed-workspace

fix/fail-open-status-persist-trio

fix/2248-suppress-platform-managed-credentials

fix/2386-send-provider-on-deprovision

fix/delegate-task-async-sender-pushback-2244

fix/2331-sop-ceremony-required-checks

feat/platform-agent-gate-wiring

fix/umbrella-reaper-1780

fix/block-internal-paths-hard-gate

fix/backends-md-drift-risk-6-stale

cp455-minimal-cell-boot-e2e-stage1

fix/chat-seed-admin-auth

fix/goroutine-panic-recovery

fix/1080-org-helpers-typo-main

fix/canvas-e2e-transient-failed-2632

fix/admin-images-codex-and-std-encoding

fix/render-status-body-state

fix/memory-section-marker

design/secrets-accessibility-fix

fix/channels-matchesChatID-tests

fix/workspace-server-healthcheck

fix/ci-org-helpers-demorgan

test/delegate-record-db-errors

infra-sre/fix-platform-go-test

fix/ci-drift-pagination

fix/merge-queue-direct-merge-no-update-churn

fix/stdio-clean

feat/platform-agent-install

fix/audit-force-merge-curl-fail-closed

fix/fail-closed-hardening-trio

feat/platform-agent-kind

docs/mark-drift-risk-6-resolved

feat/byok-create-gate-and-liveness

feat/workspace-provider-field

fix/main-red-2308-lint-trackers-fast

fix/status-reaper-observability

fix/internal-805-sweep-cf-cloudflare-fallback-clean

feat/platform-agent-approval-gate

fix/lint-pre-flip-fail-closed-clean

fix/main-red-2305-lint-and-e2e-platform-managed

fix/sop-checklist-hold

fix/main-red-e2e-chat-auth-token

fix/internal-802-bp-directive-comments

fix/reconciler-debounce-coupling-2284

fix/main-red-canvas-e2e-tablist-strict-mode

fix/canvas-pause-resume-cascade-param-2122-followup

fix/2251-delegate-task-message-role-contract-test

fix/817-canvas-deploy-reminder-per-step-gate

fix/2139-sop-tier-check-real-qa-security-teams

fix/sop-checklist-hold-volume-skip

fix/lint-pre-flip-fail-closed

feat/2185-manifest-entry-existence-check

feat/2151-chunk2-integration-tests

fix/status-reaper-pagination-observability

fix/http-client-timeout-panic-recovery-main

fix/pause-resume-cascade-opt-in-1991

fix/plugin-uninstall-exec-errors

fix/gitea-merge-queue-pagination

fix/review-check-remove-generic-comment-bypass

fix/sop-tier-remove-fail-open-dead-code

fix/sop-tier-check-remove-fail-open-core

feat/merge-queue-auto-discovery

rfc/platform-agent

test/flip-probe-governance-gates-2331

fix/block-internal-paths-fail-open

test/governance-gate-flip-probe-2331

fix/merge-queue-hold-on-409-conflict-update

fix/e2e-smoke-diagnose-detail-767

fix/sop-checklist-emdash-slug-parse

fix/2352-merge-queue-409-hold

fix/merge-queue-autonomous-genuine-approvals

researcher-gate-probe-1780730963

fix/578-google-adk-image-refresh-allowlist

e2e/data-persistence-recreate-2332

fix/channels-unmarshal-fallback-invalid-json

feat/workspace-provider-routing

fix/google-adk-model-registration-coremirror

fix/renew-lint-coe-tracker-837-clean

fix/renew-lint-coe-tracker-837

test/channels-dataprune-e2e-p110

core2332-p110-workspace-lifecycle-staginge2e

chore/providers-gen-docker-target

feat/core-2332-display-reconnect-renewal-e2e

cr2/google-adk-e2e-coverage

fix/vertex-ssot-registry-drift

fix/port-cp544-fail-closed

fix/sop-tier-authz-no-org-fallback

fix/core-ci-fail-closed

docs/sop-fail-closed-ci

fix/restore-seo-adk-templates-manifest-auth

rfc/byok-fail-closed-billing

fix/forensic145-preserve-workspace-scm-token

fix/ci-coe-trackers-e2e-chat-staging-external

fix/e2e-reconciler-platform-model-and-boot-error

fix/e2e-saas-step9-hma-surface

fix/e2e-staging-byok-opt-in-before-vendor-key

fix/e2e-saas-model-slug-bare

fix/e2e-claude-code-minimax-bare-slug

fix/e2e-tenant-call-surface-body

fix/main-red-peer-visibility-platform-managed-secrets

fix/main-red-minimax-model-slug

fix/sop-tier-check-and-token-parse

harden/staging-saas-all-runtimes

harden/no-fail-open-auth

fix/main-red-lint-continue-on-error-2294

harden/keyless-feature-e2e-coverage

harden/derive-provider-matrix-e2e

harden/enforce-ci-gates-core-v2

fix/cascade-true-callers-ahead-of-2122

fix/2151-chunk1-activity-delegation-a2a-integration-tests

harden/sop-tier-check-remove-expired-coe

fix/2255-e2e-smoke-poll-parser-kind-discriminator

fix/a2a-2251-go-role-default

fix/2140-sop-tier-refire-real-exit-code

harden/regression-coverage-v2

fix/521-claude-code-colon-form-overclaim

fix/core2261-reconciler-toctou-degraded-hardening

fix/core2261-providers-byte-sync-cp521

fix/core2261-e2e-instanceid-tag-fallback

fix/core2261-reconciler-e2e-create

fix/cascade-canvas-callers

harden/e2e-staging-saas-failclosed

harden/e2e-staging-external-chat-failclosed

harden/e2e-staging-canvas-deflake

feat/umbrella-reaper

feat/2261-gap1-takecontrol-e2e

fix/1997-canary-minimax-m2.7

fix/2263-staging-canary-namespaced-model

fix/security-review-owners-na-eligibility

feat/core2261-reconciler-live-e2e

feat/core2261-takecontrol-wsproxy-test

feat/security-review-owners-na-eligibility

feat/core2261-instance-state-reconciler

fix/cp529-enforcer-test-unbreak-main

feat/cp529-byok-vendor-providers

fix/activity-feed-stable-ordering

fix/2245-platform-managed-provider-credential-gate

fix/2245-platform-managed-no-cred

harden/contract-tests-core

feat/cp529-byok-routability-enforcer

feat/core2235-canvas-buildinfo

fix/2235-canvas-buildinfo-docker-sha

review/pr3029-pr3033-local

feat/traces-v1-workspace-secrets-2976

fix/816-sop-tier-check-stale-reviews

fix/818-sop-checklist-na-declarations-terminal-success

fix/core2226-canvas-ordered-deploy

fix/2222-a2a-delegate-task-attachments

chore/cp514-byte-sync-drop-vertex-arm

fix/2205-e2e-api-health-wait-migration-gate

fix/core2225-staging-canvas-e2e-fixture

fix/2225-e2e-canvas-stale-hermes-model

fix/2185-bp-directive-window

fix/2192-manifest-repo-existence-check-v2

fix/desktop-takecontrol-reconnect-renewal

fix/2212-peer-visibility-missing-model

fix/2172-provider-validation-setmodel

fix/2192-manifest-repo-existence-check

fix/prod-deploy-verify-tenant-lag-2213

fix/2204-liveness-probe-max-tokens

fix/internal-805-cf-auth-drift

fix/internal-804-parser-json-variant

fix/peer-visibility-test-model-required-2212

fix/77-bp-directive-4-emitters

fix/e2e-api-health-wait-migration-chain

devops/saas-a2a-empty-completion-diagnostic

fix/e2e-staging-canvas-tabs-red

fix/e2e-chat-readiness-curl-tempfile-2198

test/provider-matrix-boot-regression-moonshot

sre/fix-auto-deploy-writable-home-2193

fix/e2e-chat-mobile-history-reload-flake

fix/deploy-production-superseded-false-stale

fix/manifest-rm-deleted-org-templates

fix/2158-auto-sync-token-hard-fail

fix/create-dialog-registry-provider-catalog

fix/ensure-default-config-stamp-derived-provider

fix/2183-remove-missing-free-beats-all

feat/google-adk-platform-provider-mirror-ssot

fix/core-2176-a2a-full-body-guard

fix/publish-latest-tag-platform-tenant

feat/2172-config-save-provider-validation

feat/handler-admin-test-token

feat/plugins-listing-and-sources-coverage

feat-handler-admin-test-token

test/2175-a2a-full-body-delivery-guard

regression/2149-scheduler-real-pg

fix/internal-760-review-event-trigger

fix/2166-blocker2-integration-fail-open

dev-b/sec-c-2132-reorder

fix/2163-cr2-live-fire-freshness

fix/test-async-cleanup-order

fix/shellcheck-arm64-pilot-main-red-2146

docs/2159-pr-head-workflow-selection

fix/2152-unmask-real-infra-gates

cherry-pick-2167-suspenders-to-main

fix/2159-qa-security-auto-trigger-review-state-guard

cp/469-tenant-proxy-env-delivery

fix/2162-platform-managed-fail-closed-missing-proxy

docs-test/gate-auto-fire-livefire-2159

fix/gate-followup-refire-token-direct-trigger-regression

regression/2150-migration-replay-from-scratch-real-pg

ci/unmask-required-real-infra-gates-mc1982

fix/internal-760-qa-security-pr-review-trigger

fix/internal-760-ceremony-ai-sop-ack

runtime/lazy-workspace-id

fix/2134-chat-files-forward-ssrf-2316

feat/rfc742-rescue-read

fix/2131-patch-abilities-atomic

cr2/sec-d-2316-chat-files-ssrf

cr2/sec-a-2029-traces-ssrf

fix/continue-on-error-triage-2113

feat/rescue-rebase-2019-v2

feat/rfc742-rescue-capture

test/handlers-misc-coverage

fix/errcheck-unchecked-errors-main

fix/broadcast-org-root-test-cleanup

fix/broadcast-itest-cleanup-hygiene-2108

fix/log-execasroot-errors-plugin-cleanup-main

fix/http-client-timeouts-panic-recovery-error-checks-main

fix/panic-recovery-goroutines-channels-handlers-scheduler-main

fix/canvas-e2e-transient-failed-2632-main

fix/backends-md-drift-risk-6-stale-main

fix/ci-required-drift-1739

fix/audit-force-merge-branch-aware

test/org-scope-abilities-coverage-clean

fix/renew-coe-tracker-mc774-clean-20260601

fix/registry-root-sibling-leak-1955

fix/registry-cancommunicate-cross-tenant-roots-1955

fix/broadcast-itest-status-enum-online

fix/rows-affected-core

fix/broadcast-org-root-cte

fix/broadcast-org-root-cte-1959

sync/providers-serving-urls

fix/staging-test-hermetic-env

fix/restart-context-defer-rows-close

fix/channels-rows-err-check

fix/ci-lint-suppression-1062

fix/defer-rows-close-audit

fix/delegation-rows-err-check

fix/errcheck-unchecked-errors-1062

fix/execcontext-err-check-high-impact

fix/execcontext-err-check-sweep2

fix/execcontext-error-audit

fix/http-defaultclient-auth-paths

fix/registry-rows-err-check

fix/secrets-scan-error-restart

fix/workspace-restart-rows-err

pr-3033

fix/restart-context-rows-err

fix/discovery-rows-err-check

fix/broadcast-org-root-cte-1959-staging

fix/rowserr-checks-events-channels-manager

fix/rowserr-memory-schedules-audit

fix/channels-duplicate-encrypt

fix/audit-rows-err-check

feat/minimax-m3-sync

fix/missing-rows-err-llm-billing-mode

fix/ci-scheduler-fanout

feat/openapi-management-spec

pr2056

fix/channels-memory-rows-err-check

fix/traces-error-handling

fix/codeql-sarif-export

fix/instructions-rows-err-check

fix/providers-ssot-sync-codex-subscription

fix/github-token-fallback-timeout-1101

fix/codex-central-refresher

feat/google-adk-runtime-ssot

worktree-agent-aa572c7374a57f03a

fix/sync-providers-yaml-openai-split-20260531

feat/workspace-data-persistence

e2e/google-adk-ci-wiring

feat/register-google-adk-runtime

feat/mc-multiperiod-workspace-budget

feat/schedule-orphan-monitor-cleaner

fix/schedule-migration-on-recreate

fix/google-adk-runtime-doc-accuracy

fix/setglobal-drop-retired-org-billing-guard

fix/internal-728-provider-matched-cred-injection

fix/internal-724-prod-auto-deploy-straggler-surfacing

fix/1994-provision-billing-model-passthrough

test/a2a-queue-status-depth-coverage

fix/broadcast-cte-non-root-sender-1959

feat/internal-718-p3b-canvas-consume-registry

test/patch-abilities-coverage-1312

feat/internal-718-p4-followup-llm-provider-removal

fix/cancel-in-progress-flip-1357

feat/internal-718-p4-pr2-hard-reject-unregistered

feat/internal-718-p4-pr1-reconcile-colon-vocab-sync

fix/mcp-tools-slim-residue

feat/internal-718-p3a-templates-from-registry

feat/internal-718-p2a-registry-codegen-distribution

feat/internal-718-p2b-billing-derives-from-provider

refactor/drop-org-tier-llm-billing-mode

fix/suppression-rationales-1769

pr1930

eng-b/rebase-1952

fix/ssot-provider-selection-billing-mode-711-713

fix/1769-suppression-rationales

fix/byok-global-llm-cred-leak-internal-711

fix/workspace-broadcast-cte-1959

fix/1953-scope-peer-discovery-a2a-to-org

fix/cancel-in-progress-low-risk-9

fix/cross-tenant-isolation-1953

fix/python-open-encoding

fix-1644-workspace-create-returns-auth-token

fix/1837-docs-stale-monorepo-ref

fix/review-check-all-403-diagnostic

fix/audit-force-merge-staging-drift-1739

fix/nil-safe-scans-validation-hardening

fix/delegate-async-return-after-marshal-fail

fix/canvas-user-verified-session-1673

fix/canvas-chat-poll-mode-1673

fix/mcp-tools-marshal-error-return

fix/ci-remove-race-from-blocking-gate-1184

fix/watchdog-close-stale-contexts-on-red

fix/time-after-single-retry-delegation

fix/time-after-goroutine-leaks

fix/json-marshal-log-continue-2nd-pass

fix/cp329-retire-config-files-userdata-cap

fix/703-provider-billing-mode-ui

fix/internal-703-byok-billing-mode-env

eng-b-test-1779917746

fix/workspace-ec2-leak-delete-retry

fix/ci-arm64-tracker

fix/1669-syntax-error

fix/docs-monorepo-refs

refactor/drop-org-tier-llm-billing-mode-canvas

fix/publish-buildx-writable-config

fix/publish-docker-config-api-20260520

feat/seed-schedules-from-ws-template

feat/canvas-llm-billing-mode-section

feat/per-workspace-llm-billing-mode

fix/memory-v2-upsert-namespace-20260526

fix/platform-managed-provider-key-leak

fix/mcp-tools-test-db-import-20260526

pr-3029

fix-tiny-readme

fix-shellcheck-arm64-pilot-runner-label

feat/canvas-lib-tests

docs/fix-stale-channel-install-refs-230

design/modal-a11y-followup

fix-1769-suppression-justifications

fix-365-scope-divergence-gate-check

fix-1763-org-include-test

docs/readme-quickstart-context

style/fix-ruff-e501-etc

fix/main-ci-display-deploy-blockers

fix/display-keyboard-clipboard

fix/runtime-template-repo-cache

fix/create-dialog-platform-defaults

fix/pending-upload-preview-after-ack

fix/create-dialog-runtime-provider-flow

fix/platform-us-default-provider

fix/seo-template-provider-env-prompt

chore/advisory-legacy-e2e

fix/seo-template-visible

fix/panel-contained-attachment-preview

fix/pdf-preview-csp

fix/pdf-preview-visible

fix/prod-auto-deploy-scoped-rollout

fix-1763-test-minimal

feat/llm-native-auth-flow

fix/issue-1823-delete-confirm-name

fix/display-control-browser-session

fix/agent-message-attachment-broadcast

chore/maintained-runtime-registry

fix/issue-1686-cost-efficient-workspace-defaults

fix/hermes-user-attachments-core

fix/gate-check-v3-ruff-f401-e741

docs/issue-1793-workspace-placement-rfc

fix/ruff-batch-2026-05-24

chore/issue-1760-rename-go-module

fix/platform-managed-llm-default

chore/issue-1812-remove-backfill-from-image

fix/ruff-f401-f541-f841-e741-batch

fix/ruff-e501-merge-queue

fix-1763-webhook-token-redaction-skip

fix/ruff-final-batch-f401-e741-f841

fix/ruff-e501-batch-4

fix/ruff-lint-batch-3

fix/ruff-lint-more-scripts

fix/user-message-fanout-1440

fix/workspace-compute-settings-control

fix/1763-finding-3-token-test-integration-tag

fix-1775-deploy-wait-alignment

fix/memory-plugin-nil-jsonb-marshal

fix/pv-staging-tenant-auth

fix/real-user-upload-staging-e2e

feat/issue-1791-bundle-memory-backfill

feat/issue-1754-mcp-memory-activity-broadcast

feat/issue-1791-memories-commit-v2-plugin

fix-1763-discord-token-test

chore/remove-stale-runtime-comment

fix/revert-1781-templates-runtime-relax

chore/remove-unmaintained-runtimes

fix/e2e-orphan-guard

docs/issue-1780-compensating-status-runbook

fix/issue-1778-templates-test-fixtures

fix/templates-supported-runtime-tests

fix/prod-auto-deploy-aggregate-context

chore/issue-1753-awareness-docs-sweep

chore/issue-1755-seed-initial-memories-v2

fix/ci-all-required-bookkeeping

fix/supported-runtime-catalog

chore/issue-1733-memory-plugin-schema-isolation

chore/issue-1735-remove-awareness-backend

fix/memory-list-rows-err

feat/1686-display-session-proxy

chore/issue-1733-a1-kill-v1-fallback

fix/issue-1734-memory-tab-v2

fix/codex-scheduled-a2a-timeout

fix/prod-auto-deploy-nonblocking

fix/arm64-pilot-label-macfix

fix/review-check-empty-pr-guard

fix/canvas-publish-docker-config

fix/channels-manager-rows-err

fix/rows-err-restart-discovery

fix/slack-webhook-response-body-close

fix/sweeper-rows-err

feat/1686-display-workspace-flow

fix-1700-A-github-token-http-timeout

fix/workspace-crud-descrows-err

task342/local-e2e-harness

fix/messagestore-extractfiles-unmarshal

fix/pgplugin-writejson-encode-error

feat/1686-display-control-ui

fix/discord-read-body-error

fix/capturebroadcaster-data-race

fix-scheduler-detect-result-kind-message-allow

fix/lark-read-body-error

fix/memory-decode-error-read-body

fix/slack-read-body-errors

fix/traces-read-body-error

fix/schedules-events-rows-err

fix/channels-json-unmarshal-errors

rfc-1706-openapi-phase1-schedules

fix/mcp-tools-scanpeers-err

fix/handlers-rows-err-batch

fix/slack-webhook-response-body-close-clean

fix/github-token-http-timeout

minimax-autonomous-test

fix/scheduler-1696-sdk-error-detection

fix/1696-scheduler-adapter-error-status

feat/1686-phase1-compute-schema

fix/1692-mount-schedule-routes

fix/1684-native-session-enqueue-on-busy

fix/1646-staging-saas-timeout

fix/ci-path-scope-main-push

fix/e2e-wait-after-config-put

fix/e2e-delegation-a2a-retry

fix/e2e-minimax-m2-default

platform-kill-defaultmodel-require-model-at-create

fix/e2e-a2a-busy-retry

fix/e2e-a2a-readiness-body

fix/t4-pid-probe-agent-safe

fix/t4-gitea-egress-ssot

docs-fix-claude-code-channel-template

fix/activity-flat-upload-attachments

fix/aws-secrets-janitor-literal-region

fix/activity-feed-peer-info-enrichment

fix/aws-secrets-janitor-fail-loud

fix/aws-secrets-janitor-staging

fix/staging-token-diagnostic

chore/publish-staging-ecr-with-ssot-publisher

fix/e2e-bash32-empty-array

chore/mirror-tenant-image-staging-ecr

fix/mcp-delegate-platform-path

chore/retrigger-peer-visibility-after-publish

fix/publish-buildx-docker-config

docs/multi-external-workspace-registration

fix/e2e-token-fallback-diagnostics

ci/clean-superseded-push-noise

ci/path-scope-go-handler-pr

fix/main-red-watchdog-action-run-status-filter

fix/admin-workspace-token-mint

test/e2e-chat-a2a-dns-regression

fix/staging-peer-visibility-token

chore/delete-core-workspace-runtime

fix/split-heavy-e2e-required-path

fix/ci-cron-bots-prebake-1357

fix/self-delegation-peer-list-hardening

fix/523-allow-user-set-workspace-secrets

feat/canvas-org-info-tab

fix/624-file-write-restart-debounce

fix/377-canvas-polite-cancel-before-restart

task227/external-mcp-progress-ux

fix/canvas-chat-a2a-hint-activity-tab-closeout-212

fix/t4-probe-docker-socket-and-pid-host

chore/ssot4-delete-dead-github-workflows

task335/drop-runtime-image-pins-mig-fresh

chore/ssot10-ecr-registry-var

fix/sop-checklist-stream-pagination-oom

task335/drop-dead-runtime-image-pins-mig-047

fix/a2a-error-hint-timeout-class

fix/a2a-error-detail-field-rename

feat/uploads-limits-ssot-task-320

core-devops/cascade-structural-hardening

chore/retrigger-publish-after-eacces

fix/poll-mode-pending-uploads-100mb-mc1588

fix/redeploy-fleet-confirm-callers

fix/lint-workflow-yaml-slash-in-name

retrigger/publish-workspace-server-after-pr110-deploy

infra-runtime-be/upload-100mb-and-correct-reason-errors

infra-sre/rfc596-publish-runtime-dual-push-gitea-pypi

fix/workflow-name-no-token-slash

infra-sre/audit-log-phase1-emit-secrets

fix/main-red-watchdog-skip-cancel-cascade-mc1564

feat/rfc563-ws-server-binary-strip

ci/146-lint-no-tenant-gitea-token

feat/agent-card-identity-seed-prod-team-internal-492-followup

fix/rfc524-layer1-bare-go-conversion

fix/ci-docker-host-guardrail-red

test/e2e-todays-pr-coverage

feat/146-forbidden-env-guard

fix/sop-checklist-widen-ack-internal-442

ci/mac-arm64-pilot-shellcheck

e2e/peer-visibility-local-backend-task166

fix/canvas-surface-error-detail

fix/wsserver-broadcast-error-detail

ci/oom-storm-concurrency-fix

fix/chat-upload-ssot-100mb-1520

feat/provisioner-inject-gitea-credential-helper

sre/fix-remaining-scheduled-cancel-in-progress

fix/user-message-role-1514

sre/fix-gate-check-cancel-in-progress

sre/fix-ci-drift-false-positive-and-queue-limit

ci-retry-noop

test/plugin-listing-coverage-1488

infra/canvas-ci-retry-20260518145806

fix/json5-comments-manifest-1496

test/canvas-hook-coverage

feat/canvas-agent-abilities-toggle

fix/sop-tier-check-secrets-read-v2

fix/canvas-configtab-wcag-alert-v2

fix/canvas-configtab-wcag-alert

fix/sop-tier-check-secrets-read

fix/ci-sop-tier-check-secrets-read

fix/runtime-registry-manifest-v2

test/runtime-provision-timeouts-coverage

fix/sev1-secrets-read-v2

fix/sev1-missing-secrets-read-perms

test/canvas-secret-formats-coverage

test/canvas-hook-tests

test/canvas-theme-ts-coverage

feat/canvas-agent-abilities-toggles

test/canvas-theme-lib-coverage

fix/runtime-registry-json5-comment

fix/ws-server-188-failclosed-template-runtime

test/plugins-listing-coverage

fix/issue-1480-manifest-json5

fix/review-check-wrong-event-string-diagnostic

test/workspace-abilities-name-coverage

ci-fix-main-runtime-secret-scan

fix/secret-scan-exclude-secrets-detector-test-fixtures

fix/secrets-read-qa-security-main

fix/secrets-read-qa-security-workflows

test/workspace-broadcast-coverage

fix/1473-bp-all-required-suffix

infra/secrets-read-qa-security-main-fix

fix/pr1450-staging-main-conflict

fix/issue-1420-actionable-errors

fix/issue-228-user-message-fanout

design/externalconnectmodal-a11y

fix/tabs-error-aria-alert

fix/settings-a11y-fixes

fix/canvas-errors-aria-alert

fix/canvas-loading-aria-live

sre/fix-scheduled-workflow-cancel-in-progress

feat/handler-test-abilities-and-sources

fix/handlers-plugin-listing-tests

fix/tabs-a11y-scattered

runtime/port-identity-tools-staging

runtime/fix-merge-queue-cancel-in-progress

fix/canvas-misc-wcag-fixes

infra/quirks-789-fills

infra/queue-runbook-updates

design/skills-accessibility-v2

design/skills-a11y-followup

fix/a2a-delegation-detached-ctx-canceled-internal-497

fix/secrets-honest-ui-491-490

design/mobile-comms-a11y

design/mobile-chat-a11y

fix/mcp-tools-sql-fix

design/mobile-tabbar-a11y

feat/mobile-tabbar-a11y

fix/mobile-ios-focus-zoom

fix/mobile-canvas-render-parity

ci/arm64-advisory-mac-offload-pilot

fix/canvas-user-message-cross-session-fanout

test/a2a-proxy-pure-coverage

fix/mobile-focus-visible-rings

fix/external-workspace-progress-feedback

fix/canvas-mobile-ws-wake-resume

fix/mobile-chat-input-ios-focus-zoom

test/org-helpers-coverage

ci/timing-test-hygiene-host-load-internal

fix/setup-node-pin-corrupt-1432

fix/ci-required-drift-polling-sentinel

fix/issue212-actionable-agent-error-reason

runtime/fix-api03-test-fixture

test/traces-list-http-coverage

runtime/fix-test-fixture-v3

runtime/fix-test-fixture-on-1420

fix/queue-status-sort

runtime/fix-test-fixture-secret-scan-false-positive

test/workspace-abilities-coverage-20260517

fix/sop-engineers-main

fix/queue-merge-permanent-error

fix/delegations-list-deduplication

fix/canvas-npm-ci

fix/sop-staging-engineers-backport

offsec-015-staging-v2

fix/queue-skip-permanent-merge-error

design/settings-button-focus-v2

test/coverage-broadcast-listing-20260517

fix/workspace-tokens-global-sentinel-500

fix/sop-workflow-secrets-read

test/coverage-abilities-design-tokens-20260517

design/agentcomms-focus-visible

design/skills-aria-accessibility

infra/action-sha-pin-e2e-chat

fix/sop-checklist-na-gate-probe-bug

test/coverage-2026-05-17

fix/queue-merge-error-surfacing-v2

test/all-coverage-v5

fix/settings-panel-focus-visible

sre/ci-coldrunner-main-fix

fix/skills-tab-focus-visible

test/all-coverage-v4

test/all-coverage-v3

fix/aria-live-errors-v2

fix/canvas-attachment-focus-visible

fix/queue-merge-error-surfacing

test/all-coverage-v2

fix/app-page-focus-v2

fix/app-page-focus-visible

fix/delete-dialog-focus

fix/sop-checklist-probe-na-gate

test/all-handler-lib-coverage

test/handlers-and-lib-coverage-v2

test/delegation-sweeper-pure-funcs

fix/queue-update-then-wait-loop

fix/workspace-abilities-test-coverage

test/workspace-crud-validators

fix/canvas-user-message-persist-at-ingest

test/handlers-and-lib-coverage

fix/filetree-wcag-icons

fix/mobile-wcag-focus-visible

sre/pr1381-retrigger

infra/add-missing-workflow-concurrency

infra/scheduled-workflow-cancel-in-progress

fix/canvas-wcag-focus-visible-2

ci/twine-verbose-403-reason-body

test/handlers-and-theme-coverage

fix/ci-required-drift-skip-f1

fix/sop-checklist-na-declarations

test/workspace-abilities-and-theme

test/plugins-sources-and-theme

sre/comment-dispatch-consolidation-v2

chore/remove-crewai-deepagents-gemini-cli

test/workspace-broadcast-handler

test/workspace-abilities-patch

fix/inbox-self-echo

feat/test-status-config-constants

feat/test-plugins-install-handlers

test/local-provisioner-token-ownership-parity

infra/internal-462-publish-deploy-lane

fix/staging-sync-persist-fix

feat/broadcast-coverage

__disk-test-137017

fix/main-red-watchdog-close-on-pending

fix/review-refire-comments-token-scope

feat/canvas-abilities-banner-test

pr-1307

staging-dev-lead-test-4107230

feat/workspace-abilities-test-coverage

ci/scheduled-cancel-in-progress-1357

feat/broadcast-test-coverage

fix/a2a-queue-status-coverage

pr-1351

ci/e2e-peer-visibility-bp-pending-1296

ci/e2e-peer-visibility-bp-required-1328

fix/review-refire-conflict

sre/consolidated-main-to-staging

fix/org-helpers-duplicate-comment

fix/a2a-self-delegation-echo-inbox

perf/canvas-favicon-shrink

perf/canvas-toolbar-logo-shrink

perf/canvas-bundle-analyzer-optimize-imports

fix/offsec-015-staging

fix/workspace-token-injection-agent-owned

ci/sop-checklist-narrow-issue-comment-trigger

fix/broadcast-handler-coverage-1343

fix/test-patchAbilities-toolbar-1313-1334

docs/gitea-actions-quirks-runbook

fix/1256-enable-button-focus-ring

pr-1327

feat/workspace-sizing-override

fix/sop-checklist-na-post

canvas/broadcast-chat-wcag

fix/test-matchesChatID-1304

test/canvas/FileTree-render-a11y

test/canvas/ChatTab-subtab-a11y

test/canvas/SidePanel-a11y-and-state

enforce/peer-visibility-bp-directive-1296

infra/main-ci-retrigger

sre/queue-api-fix

sre/sop-na-fix

promote/staging-to-main

infra/detect-changes-shallow-v2

feat/publish-lane-runs-on-394

test/canvas/FilesToolbar-a11y

fix/workspace-abilities-coverage-1312

fix/sop-checklist-merged-blank-line

fix/e2e-chat-setup-node-mirror-sha

e2e/peer-visibility-local-backend

fix/secrets-coverage-compile-err-1274

e2e/peer-visibility-mcp-gate

fix/e2e-chat-setup-node-mirror

fix/canvas-arrangeChildren-coverage

sre/fix-queue-null-created-at-sort

fix/sop-checklist-blank-line-detect

fix/a2a-proxy-test-async-drain

sre/platform-go-timeout-60m

infra/sop-tier-check-token-guard

fix/gate-check-login-aliases

fix/secrets-scan-test-fixture-exclusion

fix/secrets-coverage-tests-v2

fix/ci-concurrency-cancel-superseded-storm

fix/secret-scan-exclude-secrets-tests

fix/secrets-patterns-100pct-coverage

fix/secrets-100-coverage

standalone/review-check-403-fix

feat/files-agent-home-stub

feat/agent-home-docker-exec-internal-425-phase-2b

sre/secret-scan-timeout

feat/canvas-files-agent-home-internal-425-phase-3

fix/top-level-modules-add-a2a-tools-identity

feat/secrets-patterns-ssot-internal-425-phase-2a

stub/files-api-agent-home-root-2026-05-15

fix/sop-n-a-v2

fix/files-api-agent-home-stub

be/workspace-server-accumulated-fixes

fix/sop-n-a-clean

design/themetoggle-test-teardown-fix

fix/openclaw-skip-config-write-and-canvas-timeout-to-main

feat/agent-card-update-and-runtime-identity-tools-relocated

fix/openclaw-skip-config-write-and-canvas-timeout

fix/prod-auto-deploy-timeout

feat/chat-unify-clean

fix/autobump-skip-existing-tags

fix/issue-1187-broadcast-abilities-coverage

fix/runtime-autobump-next-free-tag

pr-1211

feat/queue-status-abilities-handler-tests

fix/queue-channels-coverage

infra-sre/golangci-lint-connectivity-fix

infra/main-sop-na-fix

fix/staging-golangci-30m-v2

fix/channels-rows-err-and-cwe312

fix/container-name-no-uuid-truncation

fix/staging-golangci-noconfig

fix/provisioner-uuid-no-truncate

fix/review-check-403-skip

fix/ki-010-container-name-truncation

fix/provisioner-no-uuid-truncation

fix/issue-1176-db-db-race

fix/channels-rows-err

sre/fix-test-sop-parse-directives

infra/staging-sop-na-fix

fix/pr-1070-push-tokens

hotfix/offsec-015-org-isolation

infra/sop-n-a-plus-drift-fix

pr-1185-current

infra/main-golangci-no-config

test/qa-broadcast-abilities-coverage

fix/delegations-list-endpoint-wrong-column

core-be/fix/platform-go-timeout

fix/issue-1152-delegation-activity-db-err-tests

core-be/fix/tokens-rate-limit-scan-err-v2

fix/handlers-rows-err-missing

infra/canvas-deploy-reminder-polling-list

fix/staging-ci-timeouts

fix/settingspanel-act-flush

fix/rows-err-instructions-resolve

fix/ci-cold-runner-timeout

fix/sentinel-remove-phas3-masked

infra/fix-all-required-combined-status-check

pr1165-rebase

fix/approvals-json-marshal-guard

feat/canvas-broadcast-handler

sre/fix-ci-drift-false-positive

sre/fix-queue-remove-label-bug

infra/workspace-server-healthcheck

fix/ci-drift-canvas-deploy-reminder

fix/offsec-015-broadcast-org-isolation

fix/delegation-list-callee-plus-golangci-lint

sre/fix-queue-gate-context

core-be/test/delegate-record-db-errors-v2

pr-1117

pr-1117-latest

infra/staging-golangci-no-config

fix/openclaw-molecule-mcp-version-pin

offsec015

fix/openclaw-mcp-version-check

feat/provider-routing-base-v2

feat/e2e-chat-stabilization

fix/sop-concurrency-throttle

p1102

p1117

fix/canvas-deploy-reminder-deadlock

infra/main-golangci-timeout-fix

feat/provider-routing-base

sre/sweep-cf-orphans-aws-timeout

sre/queue-merge-conflict-handling

fix/na-declarations-gate

fix/handlers-log-db-scan-errors

fix/channels-marshal-errors

fix/channels-silent-json-errors

sre/channels-unmarshal-errors

sre/queue-pre-receive-hook-fix

sre/ci-timeout-increase

fix/approvals-terminal-db-err-logging

infra/ci-platform-go-timeout-fix

fix/push-notifications

fix/main-rows-err-instructions

fix/main-test-fix-from-0c152a24

fix/staging-offsec010-cp-wiring

fix/handlers-instructions-test-bugs

fix/ci-allrequired-needs

fix/staging-goasync-configseed

fix/issue-1080-org-helpers-comment

fix/issue-1081-errors-import

fix/1080-org-helpers-comment-typo

infra-sre/fix-missing-test-imports

fix/offsec-010-wiring

fix/saas-t4-cp-config-seed

fix/offsec-010-clean

fix/offsec-003-boundary-wrapping

fix/offsec-003-escaped-markers-main

fix/mobile-chat-history

fix/staging-CWE-78-rows-err

fix/1062-mobilechat-history

hotfix/cwe-78-staging

fix/stdio-v2

fix/offsec-010-symlink-walkdir

fix/test-stdio-function-name

fix/offsec-010-symlink-walkdir-isSaaS-fix

sre/fix-stale-platform-server-port

fix/offsec-010-from-pr1047

staging-v6

fix/e2e-api-port-collision

fix/main-async-db-race

infra/sync-staging-v6-to-main

pr/1030

fix/handlers-instructions-test-compile

fix/instructions-test-compile

fix/openclaw-empty-required-keys

sre/main-rows-err-checks

fix/staging-v6-conflict-markers

fix/delegation-list-test-conflict-marker

fix/main-red-cdb0b040-ci-tests

fix/theme-toggle-selector-main-red

sre/ci-required-drift-canvas-reminder-skip

test/instructions-handler-coverage

sre/canvas-build-timeout

test/externalconnectmodal

fix/resolve-conflict-marker-delegation-list-test

fix/1008-themetoggle-css-selector

design/826-searchdialog-mount-v2

test/orgcancelbutton

fix/2088-themetoggle-queryselectorall-errors

design/704-tree-test-fix

fix/ci-required-drift-github-ref-skip

ci/975-db-pollution-fix

fix/968-remove-duplicate-test-declarations

fix/980-schedules-handler-test-coverage

design/tier-legend-contrast-2026-05-14

sre/platform-go-timeout-fix

fix/delegation-list-test-db-leak

fix/984-delegation-id-response-body

sre/queue-bot-fix-ctx-check

fix/983-remove-duplicate-test-declarations

fix/986-canvas-wcag-focus-rings

fix/993-agent-handler-test-coverage

design/wcag-focus-contrast-2026-05-14

design/wcag-focus-rings-round5-2026-05-14

fix/activity-logs-delegation-id-response-body

fix/982-expand-posix-identifier-guard

fix/test-offsec003-redundant-file

feat/976-schedules-handler-test-coverage

fix/org-helpers-test-panic

promote/main-to-staging-v5

fix/965-test-panic-resolveInsideRoot

promote/main-to-staging-v4

feat/delegation-list-tests

fix/test-a2a-sanitization-v3

promote/main-to-staging-v3

fix/duplicate-test-declarations

feat/org-helpers-security-tests

fix/main-push-operational-red

promote/main-to-staging-v2

fix-sop-concurrency-v2

fix/sop-checklist-gate-name

fix/docker-info-pipefail

fix/publish-healthcheck-pipefail

fix/sop-checklist-workflow-rename

promote/main-to-staging

sre/fix-sop-checklist-context-name-mc948

design/wcag-contrast-round4-2026-05-14

fix/org-helper-tests

fix/test-a2a-sanitization-main

fix/publish-image-on-every-main-push

fix/remove-canvas-reminder-from-all-required

fix/staging-integration-test-ctx

fix/staging-canvas-reminder-deadlock

design/wcag-a11y-round3-2026-05-14

ci/remove-canvas-reminder-from-all-required

fix/test-a2a-sanitization-assertions

fix/staging-ci-drift-canvas-reminder

fix/handlers-pg-integ-event-before

ci/platform-build-flip-coe

fix/staging-python-test-and-tier-check-lint

fix/offsec-006-slug-injection

runtime/fix-pr916-integration-test-ctx

design/chat-tab-wcag-contrast-2026-05-14

fix/offsec-006-slug-validation

design/wcag-contrast-fixes-2026-05-14

fix/904-handler-test-blockers

fix/ci-drift-canvas-reminder

fix/comment-trigger-storm

infra/660-codify-promote-tenant-image

fix/917-canvas-test-failures

fix/917-runtime-prbuild-detect-changes-fix

fix/filesTab-test-stale-reference

fix/files-tab-test-missing-helper

fix/runtime-prbuild-compat-detect-changes

fix/staging-test-compilation-fixes

fix/qa-review-token-fallback-v2

test/hydrate-canvas-coverage

fix/contextmenu-react-error-185

test/external-runtimes-coverage

fix/main-sqlmock-import-ineffassign-20260513

fix/redeploy-tenants-on-main-lint-cleanup

sre/docker-daemon-gate-fix

fix/897-listdelegations-use-ledger-table

fix/901-listdelegations-ledger-table

fix/core-main-handlers-hotfix

fix/e2e-api-platform-port

fix/main-green-monitor-status

fix/mobile-MobileChat-infinite-render

fix/delegations-ledger-fallback-rows-err

fix/874-extractmessagetext-clean

feat/881-untested-helpers

fix/874-extractmessagetext-bug

fix/status-reaper-api-timeout-retry-20260513130514

fix/831-admin-token-placeholder-bootstrap

feat/canvas-test-coverage-738

feat/files-tab-tree-coverage

feat/canvas-untested-components-coverage

feat/canvas-tab-test-coverage-2

fix/main-bundle-test-sqlmock-import

fix/stdio-fallback-all-environments

staging-sync-v3

ci/burn-in-remove-sop-tier-check-coe

fix/issue-860-delivery-mode-tests

design/approval-banner-emerald-fix

fix/issue-854-termsgate-a11y

fix/issue-859-wcag-contrast

fix/delegations-rows-err-bbc40cb8

design/approvalbanner-a11y

design/pricingtable-a11y

design/toolbar-help-toggle-fix

staging-sync-v2

fix/canvas-approvalbanner-a11y

feat/canvas-external-connect-modal-coverage

staging-sync-rm

fix/test-sanitize-agent-error-stderr

test/a2a-queue-extractExpiresInSeconds

fix/pr-829-test-issues

design/826-searchdialog-mount

fix/chat-createMessage-attachments-key

fix/762-recall-memory-canary

fix/367-a2a-tools-coverage-v2

feat/search-dialog-mount

feat/org-layout-test-coverage

fix/offsec-003-builtin-a2a-sanitize

fix/canvas-playwright-install-timeout

fix/805-audit-force-merge-main-required-checks

fix/cf-sweep-api-error

fix/e2e-diagnose-detail

fix/a2a-mcp-server-http-transport

fix/core-main-red-golangci-install

fix/test-declarations

fix/sop-checklist-body-hard-gate

merge-792

feat/mcp-tools-test-coverage

feat/workspace-crud-test-coverage

feat/socket-handler-test-coverage

fix/686-delegation-integration-tests

feat/a2a-proxy-helpers-test-coverage

fix/publish-canvas-disable-gha-cache-20260512

fix/publish-canvas-docker-probe-20260512

fix/canvas-image-ecr-20260512

fix/687-send-ssh-public-key-detail

feat/tier-2g-required-context-exists-in-bp

feat/tier-2f-bp-emit-match

fix/mc-664-class-2-mcp-offsec-contract-test

fix/main-ci-green-20260512

infra/dockerfile-add-docker-cli-for-local-build

test/workspace-crud-helpers-coverage

fix/681-recallmemory-offsec-contract

fix/org-layout-helpers-test-coverage

fix/735-extractResponseText-tests

test/713-workspace-crud-validators

test/713-org-helpers-pure-coverage

fix/713-eic-diagnose-detail

fix/730-filterpeers-nil-guard

infra/all-required-coe-false-v2

fix/phase3-tracker-comments

fix/mc-664-class-1-delegation-tests-postgres-integration

fix/canvas-keyboard-shortcuts-dialog-guard

infra/664-lint-coe-trackers

ci/lint-tracker-regex-fix-v2

fix/731-nil-guard-filter-peers-by-query

fix/lint-TRACKER_RE-mid-sentence

ci-retrigger-747

feat/709-handler-pure-coverage

fix/697-canvas-geticon-topology

ci/lint-tracker-regex-fix

test/2071-canvas-drop-target-badge-coverage

feat/2071-canvas-orgdeploystate-coverage

feat/mobile-canvas-comms-spawn-coverage

ci/lint-coe-self-fix

fix/ssm-refresh-ecr-auth-json-escaping

design/729-fix

ci/gate-check-v3-permissions-fix

fix/730-discovery-filter-nil-role

infra/publish-docker-daemon-diagnostic

fix/714-all-required-coe-false

fix/717-mobile-agentMessages-selector

infra/fix-all-required-status-reporting

fix/687-e2e-surface-diagnose-detail

infra/docker-runner-label

test/701-canvas-hydrate-coverage

test/mobile-primitives-coverage

infra/664-interim-platform-build-exempt

fix/693-offsec-recallmemory-scrub-staging

sync/main-to-staging-514-v2

fix/693-offsec-recallmemory-global-scrub

fix/693-offsec-recallmemory-scrub

fix/634-handler-test-fixes-to-main

test/699-socket-handler-coverage

sre/workflow-run-replacement

infra/676-ssm-auth-json-hardening

fix/offsec-001-method-scrub-hotfix

fix/offsec-001-method-scrub-main

feat/workspace-crud-validation-tests

test/canvas-hydrate-coverage

infra/lint-pre-flip-continue-on-error

fix/workflow_run-to-push-gitea-1.22.6

feat/tier-2e-tracking-issue

fix/684-offsec-scrub-method-default

feat/sop-checklist-gate-mvp

feat/tier-2d-lint-mask-pr-atomicity

infra/lint-workflow-yaml-hostile-shapes

infra/lint-required-no-paths-filter

cleanup/pr-641-clean

feat/mobile-tabbar-wcag-a11y

fix/canvas-mobile-chat-loop

fix/651-canvas-chat-mobile-crash

fix/664-interim-remask-platform-build

fix/mobile-chat-max-update-depth

infra/622-force-merge-protection-fix

test/attachment-lightbox-clean-v2

ci/652-gitea-1-22-status-key

test/memorytab-2

infra/status-reaper-rev4-status-key-fix

infra/weekly-platform-go-vet-hard

fix/audit-force-merge-pipefail

infra/status-reaper-rev3-widen-window

test/canvas-externalconnectmodal-coverage

fix/sop-tier-check-token-graceful

infra/ci-required-drift-token-scope

test/console-modal-coverage

ci/review-check-tests-wire

test/canvas-workspacenode-coverage

test/memorytab

infra/interim-disable-reaper-watchdog-crons

test/attachment-lightbox-coverage

fix/issue-639-workspacenode-test-coverage

test/channels-tab

fix/canvas-searchdialog-test-fixtures

fix/598-attachmentLightbox-tests

fix/529-307-localbuild-async-test-fix

fix/582-attachmentviews-tests

fix/308-a2a-response-push-mode-tests

fix/529-preflight-localbuild

fix/sop-tier-check-token-graceful-staging

fix/545-approvalbanner-isolation

fix/519-memorytab-tests

infra/status-reaper-rev2-sweep-recent-commits

fix/handlers-test-fixtures

test/skill-helpers-coverage

test/ui-primitive-coverage

docs/gitea-quirks-10-11

test/platform-bundle-exporter-coverage

infra/status-reaper-rev1-drop-concurrency

fix/608-filesTab-focusTest

test/budget-section-coverage

infra/revert-docker-runner-label

fix/weekly-platform-go-latent-error-surface

infra/revert-publish-runs-on-pin

sre/gate-check-timeout

test/a2a-error-hint-coverage

test/chat-attachment-views-coverage

test/attachment-video-coverage

infra/option-b-status-reaper

infra/gate-check-v3-timeout

infra/576-docker-runner-label

fix/593-filetab-tests

test/files-tab-notavailablepanel-coverage

fix/591-forminputs-tests

fix/471-cwe117-stderr-scrubbing

infra/diagnostic-publish-workspace-server-image

fix/582-bundle-import-tests

test/form-inputs-coverage

fix/publish-workspace-server-image-json5-comments

sre/fix-all-required-null-result

fix/publish-workspace-server-image-optional-token

pr-251

test/ui-statusbadge-coverage

fix/all-required-null-result-assertion

fix/568-palette-context-tests

pr-527

infra/merge-563-autobump-fix

test/mobile-palette-context-coverage

sre/fix-gate-check-v3-combined-state-loop

ci/540-review-check-bats-tests

fix/publish-runtime-autobump-push-condition

ci/558-verify-publish-runtime-marker

test/canvas-empty-state-coverage

infra/publish-runtime-verify-2026-05-11

ci/554-oci-labels-publish-workflow

infra/drift-bot-token

infra/rfc-219-phase-4-all-required-sentinel

ci/551-gate-checkout-trusted-ref

fix/gate-check-v3-pr-HEAD-security

fix/541-token-argv-security

sre/fix-gate-check-v3-bugs

fix/537-cwe117-a2a-tools-sanitize

fix/gate-check-v3-http-error-crash

sre/fix-localbuild-preflight

infra/rfc-324-workflow-add

test/offsec-003-sanitization-backstop

fix/test-sanitize-agent-error-stderr-exc

fix/approval-banner-test-isolation

infra/scope-workflows-fix

sre/fix-pr530-deadlock

sre/reopen-516-gate-check-fix

fix/ci-scope-operational-workflows-504-419

sre/scope-operational-workflows-to-schedule

ci/harness-replays-detect-changes-quoting-fix

fix/test-blocks-until-inflight-completes

fix/test-enrich-peer-metadata-nonblocking

sre/fix-enrich-nonblocking-cache-check

merge-pr490

runtime/fix-offsec-003-tool-delegate-task

fix/508-update-boundary-assertions

sre/fix-test-delegation-sync-polling-assertions

fix/366-shared-runtime-coverage

fix/506-unused-imports

ci/lint-fixes

fix/367-a2a-tools-coverage

test/a2a-client-enrich-peer-rebase

fix/354-delegation-auto-resume-rebase

ci/fix-detect-changes-commits-array

fix/307-async-rebase

runtime/fix-harness-replays-push-event

sre/fix-test-polling-sanitization

fix/harness-replays-detect-changes-gitea-api

ci/fix-test-polling-sanitization

test/eventstab

runtime/335-rebase-platfrom-url

hotfix/491-offsec-003-staging-v2

fix/pr477-test-fixes

runtime/335-rebase-platform-url

fix/354-auto-resume-delegations

fix/368-audit-hooks-coverage

runtime/temporal-platform-url-fix

infra/secret-reconciliation-v2

fix/purchase-success-modal-test-isolation

pr-476

sre/fix-gitea-runbook-network-quirks

tools/gate-check-v3

fix/376-activity-delegation-polling

runtime/platform-url-fix-merge

fix/canvas-purchase-success-modal-test-timing

fix/secret-naming-reconciliation

docs/gitea-operational-quirks-runbook

test/canvas-toolbar-coverage

fix/canvas-tier-config-v2

fix/455-offsec003-sanitize-alignment

fix/sweep-stale-e2e-orgs-secret-name

fix/approvalbanner-mockreset-452

fix/canvas-approvalbanner-mockreset

fix/publish-runtime-autobump-fetch-depth

fix/321-cwe22-loadWorkspaceEnv-path-traversal

fix/canonicalize-staging-admin-token-rebase-462

canvas-followup

fix/canonicalize-staging-admin-token-rest

refactor/drop-canary-prefix

fix/canvas-test-and-design-fixes

runtime/432-followup-helper-extraction

fix/harness-replays-detect-changes-fetch-depth

fix/stderr-include-a2a-error-response

feat/internal-292-sop-tier-refire

docs/update-remote-agent-tutorial-sdk-api

fix/canvas-confirm-dialog-backdrop-a11y-v3

fix/canvas-confirm-dialog-backdrop-a11y-v2

fix/388-github-token-501-gitea-staging

fix/dialog-backdrop-a11y

runtime/414-idle-loop-skip-pending-results-v3

fix/test-extract-tool-trace

fix/test-plugins-atomic-tar-coverage

fix/harness-replays-fetch-depth

fix/test-instructions-handler-coverage

sre/fix-workflow-secret-naming

fix/canvas-tiers-config-string-keys

fix/offsec-003-promote-to-main

fix/class-e-secret-name-reconciliation

fix/sop-tier-check-apt-get-first

fix/307-async-test-pollution

fix/sop-tier-check-jq-install-order

fix/canvas-test-failures-2026-05-10

runtime/fix-a2a-tools-duplicate-error-block-v2

infra/sop-tier-check-jq-install-fix

runtime/fix-a2a-push-delivery-mode

feat/main-never-red-watchdog-internal-420

feat/internal-219-phase-2bc-port-to-molecule-core

fix/a11y-canvas-clean

sweep/internal-219-cat-C1-port-gates-lints

sweep/internal-219-cat-B-delete-github-only

sweep/internal-219-cat-A-delete-mirrored

fix/offsec-003-json-endpoint-sanitize

sweep/internal-219-cat-C3-port-deploy-janitors

sweep/internal-219-cat-C2-port-e2e

fix/publish-runtime-cascade-sha-capture

feat/internal-219-phase-3-port-ci-yml

fix/413-a2a-delegation-offsec-003

runtime/381-idle-loop-pending-messages

fix/delegations-rows-err-check

fix/a11y-canvas-buttons-staging

runtime/fix-399-a2a-delegation-missing-import-v2

fix/380-cwe59-symlink-traversal

fix/388-github-token-501-staging

fix/confirm-dialog-wcag-backdrop

infra/sop-tier-check-jq-script-fallback

fix/revert-391-broken-jq-install

fix/a2a-tools-duplicate-dead-code

fix/confirm-dialog-backdrop

fix/canvas-confirm-dialog-backdrop-a11y

infra/jq-install-main

fix/sop-tier-check-jq-main

fix/canvas-dialog-backdrop-a11y

fix/388-github-token-501

runtime/offsec-003-polling-path-v2

fix/361-sanitize-delegation-results

runtime/offsec-003-executor-sanitize

fix/cwe22-loadWorkspaceEnv-main

fix/qa-audit-307-308-clean

ci/fix-293-sqlalchemy-pip-install

fix/354-delegation-auto-resume

runtime/platform-url-host-docker-internal

fix/canvas-repair-tests-344

fix/canvas-statusdot-ts-errors

test/molecule-audit-hooks-coverage

test/a2a-tools-and-send-message-coverage

fix/sop-tier-check-jq-install

test/shared-runtime-helpers-coverage

fix/canvas-topology-sort-orphan

fix/executor-helpers-offsec-003-sanitize

runtime/offsec-003-polling-path

fix/354-a2a-delegation-auto-resume

runtime/fix-a2a-push-delivery-mode-v2

fix/publish-runtime-add-_sanitize_a2a-to-allowlist

fix/publish-runtime-missing-working-directory

ci/add-sqlalchemy-to-pip-install

ci-resolve-github-gitea-triplicate

sre/offsec-003-boundary-escape

fix/sec-321-path-traversal-clean

fix/a2a-proxy-response-header-timeout-v2

fix/publish-runtime-workflow-dispatch-inputs

fix/a2a-push-mode-queue-envelope

fix/351-split-publish-runtime-triggers

feat/348-publish-runtime-restore-path-trigger

fix/issue-workspace-dup-name-409-autosuffix

fix/security-OFFSEC003-boundary-escape-334

fix/security-CWE22-loadWorkspaceEnv-330

fix/canvas-test-fixes-20260510

fix/canvas-extractMessageText

fix/qa-307-async-pollution-direct

test/a2a-client-enrich-peer-metadata

fix/docs-309-remote-faq-staging-env

fix/qa-308-push-mode-queue-tests

fix/qa-307-async-pollution

runtime/fix-plugin-registry-import-path

fix/a2a-proxy-response-header-timeout-clean

fix/publish-workspace-server-ci-clone-manifest-retry-main

infra/remove-pr303-tracking

fix/issue-296-plugin-registry-sysmodules

infra/pin-compose-image-digests

chore/sync-main-to-staging

fix/sec-321-path-traversal

fix/a2a-proxy-response-header-timeout

docs/a11y-billing-wcag-patterns

fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor

runtime/fix-test-config-model-isolation

ci/docker-daemon-health-guard

docs/fix-remote-workspaces-faq

fix/publish-workspace-server-ci-clone-manifest-retry

fix/test-config-env-isolation

ci/staging-sha-pinning

fix/external-connection-user-facing-urls

fix/workspace-server-registry-config-helper

fix/issue-272-sqlalchemy-ci-install

fix/canvas-yaml-utils-nested-arrays-clean

fix/self-delegation-guard

promote/staging-to-main-100546

fix/a2a-tools-v2

fix/a2a-tools-and-workflow-cleanup

fix/canvas-test-isolation-fixes-v2

fix/molecule-model-env-go

runtime/fix-delegate-empty-parts-regression

infra/runtime-doc-playwright-limitation

fix/offsec-001-error-message-scrubbing

fix/offsec-001

fix/a2a-tools-string-error-handling-clean

fix/core-248-pluginresolver-and-plgh

infra/fix-source-resolver-dup

fix/model-provider-misnomer

fix/a2a-tools-string-error-handling-v2

fix/canvas-yaml-utils-test-failure

fix/a2a-tools-string-error-handling

fix/internal-214-gosum-vanity-import

fix/canvas-test-isolation-fixes

chore/canvas-statusbadge-test-fix-cherry-pick

fix/canvas-statusbadge-test-role-ambiguity

runtime/fix-mcp-client-localhost-default

fix/core-257-delegation-test-stray-brace

revert/core-d0126662-restart-signals-undefined-h

revert/core-123-plugin-drift-detector

ci/pin-action-and-base-images

fix/org-232-per-workspace-required-env-preflight

fix/ssrf-guard-before-begintx

test/issue-232-per-workspace-required-env-preflight

fix/issue232-org-import-required-env-aggregation

fix/canvas-ts-test-errors

fix/delegations-list-ledger-fallback

wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip

wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix

fix/pluginresolver-conflict

wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict

wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff

feat/keyboard-shortcuts-dialog

wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog

wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config

test/canvas-cssvar-tests

fix/internal-229-sop-tier-check-tier-low-relaxation

test/canvas-utility-pure-tests

test/canvas-preflight-utils-tests

test/canvas-runtimeprofiles-tests

test/canvas-yaml-utils-tests

test/canvas-pure-function-tests

fix/ci-port-publish-workspace-server-image-228

fix/ssrf-validate-agent-url-212

ci/sop-tier-check-approver-teams-fix

fix/sop-tier-check-legacy-flip-229

wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel

wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125

wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123

fix/sweeper-race-error-counter

infra/fix-issue-75-gh-cli-gitea-sweep

wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75

feat/keyboard-shortcuts-dialog-test

wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86

ci/fix-issue-87-root-skip

fix/test-local-resolver-root-skip

fix/workspace-tests-clear-auth-cache

wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error

wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync

wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net

wip-snapshot-2026-05-10/core-lead/fix-168-mine

wip-snapshot-2026-05-10/core-lead/fix-167-uiux

wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text

fix/canvas-agent-comms-show-task-text

wip-snapshot-2026-05-10/core-lead/fix-vitest-pool

fix/info-disclosure-errors

infra/add-temporal-to-main-compose

design/verify-canvas-design-system

fix/workspace-persona-git-identity

fix/175-env-matched-pair-guard

wip-snapshot-2026-05-10/core-lead/fix-149

refactor/sop-tier-check-extract-script

fix/sop-tier-check-pr-target-security

ci/sop-tier-check-deploy

fix/issue53-admin-token-pair-guard

fix/org-import-started-event-name

refactor/delete-uses-cascade-helper

fix/org-import-reconcile-and-audit

fix/preserve-model-secret-on-restart

feat/persona-bind-mount-local-dev

feat/canary-tier-filter

feat/plugin-version-subscription

feat/plugin-hot-reload-classifier

feat/plugin-atomic-install

feat/air-hot-reload-dev

feat/persona-env-injection

fix/external-resolver-hardening

fix/issue75-class-D-gh-api-to-gitea-rest

fix/cherry-3-files-vitest-postgres-e2eapi

fix/promote-vitest-postgres-fixes

fix/saas-plugin-install-eic

fix/issue-94-e2e-api-parallel-safe-class-b

migrate/issue-71-vanity-imports

fix/handlers-postgres-port-collision-class-b

fix/issue-96-canvas-vitest-cold-start-timeout

fix/hermes-agent-doc-gitea-migration

fix/196-retarget-main-to-staging-gitea-rest

fix/gitea-ci-flakes-issue-88

fix/pin-upload-artifact-v3-gitea

fix/issue-72-auto-sync-token-canary-v2

fix/issue75-class-F-gh-run-list-to-statuses

fix/issue75-class-A-gh-pr-to-gitea-rest

feat/issue-63-local-build-from-gitea-v2

fix/195-auto-promote-staging-gitea-rest

fix/144-branch-protection-check-name-parity-audit

fix/harness-replays-pre-clone-manifest

chore/trigger-auto-sync-verification

fix/codeql-stub-on-gitea-156

chore/issue173-retrigger-after-ecr-repo-create

fix/issue173-inline-aws-ecr-login

fix/issue173-shell-docker-push

chore/retrigger-harness-replays-post-class-g

fix/issue173-buildx-driver-and-cache

fix/post-suspension-clone-manifest

fix/issue173-followup-platform-dockerfile

fix/post-suspension-github-urls

fix/170-goroutine-bleed-test-isolation

fix/issue173-publish-workspace-server-image

fix/issue36-a2a-proxy-preflight

fix/codeql-continue-on-error-156

feat/demo-mock-3-bigorg-mock-runtime

feat/demo-mock-1-purchase-success-modal

fix/publish-path-filter-add-scripts

fix/clone-manifest-gitea

chore/touch-publish-workflow-to-trigger

chore/retrigger-publish-post-aws-secrets

chore/cherry-pick-pr23-into-main

chore/backsync-main-into-staging-task-166

fix/auto-sync-use-devops-token

chore/retrigger-staging-on-fixed-runner-image

chore/drop-github-app-auth-and-ecr-swap

docs/readme-comprehensive-refresh-2026-05-06

feat/rfc-2945-pr-c-2-canvas-chat-history

fix/issue10-runtime-aware-plugin-install

fix/s8-bind-loopback-dev

fix/14-cascade-gitea-dispatch

docs/molecule-core-bulk-sed

chore/pin-artifact-actions-v3

fix/lowercase-org-slug

fix/script-ghcr-and-lint-paths

docs/workspace-runtime-readme-source-edit

feat/eic-tunnel-pool-core-11

chore/rfc-2945-pr-c-3-delete-historyhydration

fix/2872-sqlmock-regex-tightening

fix/cp-orphan-sweeper-2989

feat/registry-prefix-env-driven-issue-6

docs/readme-refresh-2026-05-06

runtime-v0.1.1013

runtime-v0.1.1011

runtime-v0.1.1010

runtime-v0.1.1009

runtime-v0.1.1008

runtime-v0.1.1007

runtime-v0.1.1006

runtime-v0.1.1005

runtime-v0.1.1004

runtime-v0.1.1001

runtime-v0.1.1003

runtime-v0.1.1000

runtime-v0.1.131

runtime-v0.1.130

runtime-v1.0.0

runtime-v0.0.35

runtime-v0.0.34

runtime-v0.0.33

runtime-v0.0.32

runtime-v0.0.31

runtime-v0.0.30

runtime-v0.0.29

runtime-v0.0.28

runtime-v0.0.27

runtime-v0.0.26

runtime-v0.0.25

runtime-v0.0.24

runtime-v0.0.23

runtime-v0.0.22

runtime-v0.0.21

runtime-v0.0.20

runtime-v0.0.19

runtime-v0.0.18

runtime-v0.0.17

runtime-v0.0.16

runtime-v0.0.15

runtime-v0.0.14

runtime-v0.0.13

runtime-v0.0.12

runtime-v0.0.11

runtime-v0.0.10

runtime-v0.0.9

runtime-v0.0.8

runtime-v0.0.7

runtime-v0.0.6

runtime-v0.0.5

runtime-v0.0.4

runtime-v0.0.3

runtime-v0.0.2

runtime-v0.0.1

ci-trigger-1776771586

ci-retry-1776771601

ci-retrigger-1776771591

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label tier:medium

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees core-be

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#212