security: chat file forwarding can send platform_inbound_secret to unvalidated external/org-import workspace URLs #2129

New Issue

Closed

opened 2026-06-02 19:30:36 +00:00 by molecule-code-reviewer · 1 comment

molecule-code-reviewer commented 2026-06-02 19:30:36 +00:00

Member

Copy Link

Copy Source

Summary

Sibling pattern to PR #2029: chat upload/download forwards a credential to a workspace-controlled URL, but the consumer path relies on write-time validation that is not enforced by all URL writers.

resolveWorkspaceForwardCreds reads workspaces.url and returns it without forward-time validation. Upload and Download then build /internal/... URLs from that value and attach Authorization: Bearer <platform_inbound_secret>. The comment says this is safe because /registry/register validates the URL, but at least two production write paths bypass /registry/register validation.

Evidence pointers

• workspace-server/internal/handlers/chat_files.go:142-190 reads workspaces.url and explicitly relies on register-time validation instead of validating before use.
• workspace-server/internal/handlers/chat_files.go:328-340 forwards upload to strings.TrimRight(wsURL, "/") + "/internal/chat/uploads/ingest" and sets Authorization: Bearer <secret>.
• workspace-server/internal/handlers/chat_files.go:415-422 forwards download to strings.TrimRight(wsURL, "/") + "/internal/file/read?..." and sets Authorization: Bearer <secret>.
• workspace-server/internal/handlers/workspace.go:383-388 external workspace create writes payload.URL directly to workspaces.url and Redis cache without validateAgentURL.
• workspace-server/internal/handlers/org_import.go:245-248 external org import writes ws.URL directly to workspaces.url without validateAgentURL.
• Contrast: workspace-server/internal/handlers/registry.go:319-327 validates push-mode registration URLs with validateAgentURL, and A2A/MCP paths also validate before dispatch.

Reproducer shape

1. Create/import an external workspace with a URL pointing at an internal or attacker-controlled endpoint through a path that bypasses /registry/register, e.g. external create payload URL or org template external: true URL.
2. Trigger /workspaces/:id/chat/upload or /workspaces/:id/chat/download.
3. Platform constructs an outbound request to the stored URL and attaches the workspace platform_inbound_secret bearer.

Impact is SSRF plus credential forwarding. The token is workspace-scoped, but it is still a platform-minted credential and should not be sent to arbitrary targets.

Suggested fix

Fail closed at both layers:

• Validate external-create and org-import URLs before persisting/caching them, using the same validateAgentURL/isSafeURL policy used by registration and dispatch.
• Add forward-time validation in resolveWorkspaceForwardCreds before returning wsURL, so stale DB/Redis or legacy rows cannot bypass the gate.
• Add regression tests for external create, org import, and chat upload/download refusing metadata/link-local/internal targets.

Related audit anchor: PR #2029 Langfuse LANGFUSE_HOST SSRF + credential forwarding.

## Summary Sibling pattern to PR #2029: chat upload/download forwards a credential to a workspace-controlled URL, but the consumer path relies on write-time validation that is not enforced by all URL writers. `resolveWorkspaceForwardCreds` reads `workspaces.url` and returns it without forward-time validation. `Upload` and `Download` then build `/internal/...` URLs from that value and attach `Authorization: Bearer <platform_inbound_secret>`. The comment says this is safe because `/registry/register` validates the URL, but at least two production write paths bypass `/registry/register` validation. ## Evidence pointers - `workspace-server/internal/handlers/chat_files.go:142-190` reads `workspaces.url` and explicitly relies on register-time validation instead of validating before use. - `workspace-server/internal/handlers/chat_files.go:328-340` forwards upload to `strings.TrimRight(wsURL, "/") + "/internal/chat/uploads/ingest"` and sets `Authorization: Bearer <secret>`. - `workspace-server/internal/handlers/chat_files.go:415-422` forwards download to `strings.TrimRight(wsURL, "/") + "/internal/file/read?..."` and sets `Authorization: Bearer <secret>`. - `workspace-server/internal/handlers/workspace.go:383-388` external workspace create writes `payload.URL` directly to `workspaces.url` and Redis cache without `validateAgentURL`. - `workspace-server/internal/handlers/org_import.go:245-248` external org import writes `ws.URL` directly to `workspaces.url` without `validateAgentURL`. - Contrast: `workspace-server/internal/handlers/registry.go:319-327` validates push-mode registration URLs with `validateAgentURL`, and A2A/MCP paths also validate before dispatch. ## Reproducer shape 1. Create/import an external workspace with a URL pointing at an internal or attacker-controlled endpoint through a path that bypasses `/registry/register`, e.g. external create payload URL or org template `external: true` URL. 2. Trigger `/workspaces/:id/chat/upload` or `/workspaces/:id/chat/download`. 3. Platform constructs an outbound request to the stored URL and attaches the workspace `platform_inbound_secret` bearer. Impact is SSRF plus credential forwarding. The token is workspace-scoped, but it is still a platform-minted credential and should not be sent to arbitrary targets. ## Suggested fix Fail closed at both layers: - Validate external-create and org-import URLs before persisting/caching them, using the same `validateAgentURL`/`isSafeURL` policy used by registration and dispatch. - Add forward-time validation in `resolveWorkspaceForwardCreds` before returning `wsURL`, so stale DB/Redis or legacy rows cannot bypass the gate. - Add regression tests for external create, org import, and chat upload/download refusing metadata/link-local/internal targets. Related audit anchor: PR #2029 Langfuse `LANGFUSE_HOST` SSRF + credential forwarding.

devops-engineer commented 2026-06-23 18:17:44 +00:00

Member

Copy Link

Copy Source

Resolved by #3169 (merged). Closing as verified-fixed. — auto-cleanup via devops-engineer

Resolved by #3169 (merged). Closing as verified-fixed. — auto-cleanup via devops-engineer

devops-engineer closed this issue 2026-06-23 18:17:44 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/3230-local-provision-e2e-tracker-renewal

fix/3232-design-token-drift-gate-tracker-renewal

fix/concierge-mgmt-mcp-reprovision-deadlock-33

fix/renew-prune-stale-dns-tracker-3234

fix/renew-design-token-drift-tracker-3232

fix/renew-lifecycle-real-tracker-3230

fix/merge-gate-live-recheck-3210d

fix/deploy-gate-hardening-3210c

fix/merge-gate-hardening-3210b

fix/merge-gate-failopen-3210

draft/obs-railway-loki-drain-3214

fix/template-autorefresh-on-cache-miss-3211

fix/mcp-contract-legacy-removal-2

test/push-package-coverage

ci/required-contexts-enforced-ssot-3181

fix/handlers-activity-cte-expectation

fix/provider-base-url-fallback

fix/restart-preserves-switched-runtime

fix/runtime-switch-auto-reset-model

fix/create-workspace-complete-llm-config

ux/configtab-runtime-resets-model

fix/handlers-untested-helpers-2026-05-16

harden-merge-failclosed-1676-probe

fix/handlers-test-async-drain

test/org-import-pure-funcs

fix/scheduler-coverage-gaps

feat/canvas-growParentsToFitChildren-coverage

test/issue-1156-messaging-coverage

test/workspace-adapter-base-coverage

sre/fix-sop-test-parse-directives

fix/issue-1183-settingspanel-act-wrap

fix/queue-label-filter-all-ids

test-1675-canvas-user-activity-log-regression

docs/reconcile-platform-mcp-plugin

governance/require-sop-checklist-all-items-acked

docs/rfc-platform-mcp-plugin-lego-revision

governance/sop-checklist-scope-publicrepo

security/remove-public-runbooks-20260623

docs/rfc-platform-mcp-plugin-signoff

fix/rc12082-provision-time-provider-aware

fix/2141-sop-tier-check-fail-closed-tests

fix/2328-byok-create-gate-provider-aware

fix/3147-prune-stale-e2e-dns-tracker-renewal

fix/3089-design-token-drift-tracker-renewal

fix/delegation-list-shows-both-directions

test/canvas/Toolbar-a11y

fix/read-stored-model-secret-fail-closed

fix/2129-write-path-ssrf

fix/2129-chat-files-ssrf-2316

fix/2127-can-delegate-capability

fix/3168-rc13387-rest-delegate-gate

fix/3162-byok-fail-closed

staging

fix/issue-1171-rows-err-memory-events-channels

fix/channels-json-unmarshal-guard

fix/tokens-rate-limit-scan-err

pr-1117-check

fix/core-1117-proxy-test-races

fix/concierge-provider-empty-model

fix/schedules-cron-next-run-wallclock-race

feat/prune-dns-coe-tracker-renewal

feat/gitea-private-repo-fastfail

feat/mcp-contract-drift-runtime

feat/reserved-path-review-refire

feat/prune-cf-e2e-dns

fix/prune-dns-stale-mc3140-ref

ci/required-review-gates-3141

fix/2248-canvas-platform-managed-credential-gating

fix/sweep-cf-orphans-fail-closed

fix/sweep-aws-workspace-config-secrets

ops/ecr-lifecycle-iac

fix/3082-mcp-loaded-grace-window

fix/plugins-tab-loading-state

fix/csp-img-src-pin-exact-r2-host

fix/p0-sev-promote-platform-boot-blocking

fix/a2a-queue-drain-gateway-misclass

fix/csp-img-src-generated-images

feat/manifest-entry-existence-check

chore/local-tenant-smoke-script

fix/3123-redis-smoke-mirror-ci

fix/saas-listinstalled-eic-dispatch

fix/smoke-variant-b-core-infra

fix/smoke-health-path-healthz-to-health

fix/p0-sev-smoke-gate-add-redis

chore/bump-platform-agent-pin-ssot-molecule-platform

harden/platform-boot-merge-blocking

fix/ssot-degrade-gate-tool-from-contract

fix/313-block-staging-trigger

fix/p0-sev-image-smoke-gate

chore/internal-33-template-assets-consumed

rfc/image-gen-platform-metered

feat/2948-phase1-template-decouple

fix/canvas-approval-clamp-2026-06

core-3082-concierge-mcp-fail-loud

core-3080-mcp-plugin-delivery-contract

fix/concierge-e2e-poll-for-mcp-tool

fix/canvas-provisioning-loader

ssot/extend-mcp-plugin-delivery-contract

fix/3087-audit-force-merge-drift

fix/orgtoken-mint-ceiling

ci/core-3081-concierge-a2a-probe

fix/design-token-drift-tracker-ref

fix/main-red-concierge-mcp-name

fix/unskip-a2a-busy-predicate-test-3056

devops/fix-concierge-mcp-undefined-symbol

fix/3068-merge-queue-review-filter

fix/manifest-path-dev-test-cwd

fix/ratelimit-xff-bypass-test-179

fix/merge-queue-dismissed-request-changes-3068

fix/template-delivery-e2e-config-flake-3062

fix/drift-test-copy-chmod-v2

fix/canvas-chat-history-cap-f4

feat/org-token-audit-log

fix/concierge-plugin-fetch-auth

fix/3057-wedged-agent-health-signal

fix/3056-proxy-a2a-error-classification

feat/provision-request-contract

fix/saas-restart-template-redelivery

fix/concierge-mcp-gitea-source

fix/1269-secrets-compile-error-tests

fix/3048-staging-redeploy-diagnostics

fix/3047-redeclare-platform-mcp-on-boot

fix/3046-gate-platform-mcp-install-path

fix/concierge-provider-seed

rfc/platform-mcp-as-plugin

feat/canvas-app-token-drift-gate

fix/remove-stale-platform-agent-drift-test

hotfix/main-red-skip-stale-platform-agent-drift-test

fix/audit-force-merge-required-checks-drift

fix/mobile-chat-f9-loadolder-without-container

fix/mobile-chat-f7-composer-state-on-error

fix/mobile-chat-f8-token-cleanup-omap

fix/mobile-chat-f6-socket-error-logging

fix/mobile-chat-f5-history-error-banner

fix/316-drop-github-token-fallback

fix/orgtoken-session-userid

fix/rfc2843-32-fire-reconcile-on-register

fix/rfc2843-32-prevstatus-enum-coalesce

ci/template-delivery-e2e-include-registry

fix/2990-platform-agent-drift-test-copy-chmod

fix/template-asset-fetch-by-template-not-runtime

docs/rfc-marketplace-delivery

docs/rfc2948-phase1-template-engine-decoupling

fix/2983-continue-on-error-tracker

fix/2970-platform-agent-entrypoint-wiring

fix/drift-test-copy-chmod

fix/platform-agent-copy-chmod

fix/platform-agent-base-on-tenant

fix/platform-agent-image-autobump

fix/wire-platform-agent-image-build

fix/runtime-compat-resolved-model

fix/2919-sibling-identity-fallback

fix/2970-concierge-register-model-gate

feat/template-delivery-e2e-gate

fix/2967-safedialcontrol-fail-closed-lookupip

cr2/sec-c-2130-transcript-ssrf

fix/2132-transcript-ssrf-control-pre-sy

fix/core-2594-concierge-model-seed-regression

fix/2132-transcript-proxy-ssrf

fix/patch-runtime-resolved-model-workspace-secrets

fix/deploy-staging-silence

fix/redeploy-staging-on-main-image-publish

fix/seo-agent-runtime-patch-validation

fix/2929-post-restart-settle-window

feat/2930-a2a-queue-sweeper

fix/2946-redact-only

fix/2929-a2a-proxy-debounce-settle

fix/2884-gate-check-label-actor

fix/2942-production-deploy-fail-closed

fix/2929-rule8-staging-redeploy-redact

fix/local-provision-a2a-queue-poll

fix/deploy-staging-silent-failure

fix/canvas-requests-markdown

fix/auto-redeploy-staging-on-main

fix/2927-manifest-ref-pinning

fix/2921-github-token-redaction-cleanup

fix/2918-memories-redaction-exempt

fix/2929-a2a-restart-debounce

fix/2929-maybeMarkContainerDead-settle-window

refactor/concierge-dehardcode-rfc-10a

fix/patch-runtime-model-compat-validation

feat/2489-canvas-display-defaults-ssot

fix/fleet-credential-tenant-admin-restart

feat/820-platform-paths-drift-gate

fix/2863-cp-stub-handlers-and-env

fix/2601-canvas-resilience-p2p3

fix/2883-local-provision-orphan-sweeper

feat/2917-staging-a2a-infra-skip

feat/pr-b-template-asset-channel

fix/2601-org-map-fallback

fix/lint-ignore-redaction-tuple-labels

fix/image-publish-timeout

fix/staging-e2e-approval-gate-subtest-isolation

fix/mobile-inbox-3-high-audit-findings

fix/2130-update-card-ssrf

fix/2875-pr-diff-guard

fix/131-runtime-bump-exemption

fix/2888-handlers-pg-timeout

feat/public-fetch-activation

test/2737-canary-smoke-a2a-pong-harness-capture

ci/require-secret-scan-core

docs/template-asset-delivery-2843

fix/2601-org-map-resilience-hardening

fix/byo-compute-meta-runtime-ssot

fix/2832-redaction-extension

feat/131-runtime-bump-exemption

fix/handlers-pg-integration-timeout

fix/2594-canvas-config-effective-values

fix/e2e-ws-teardown

fix/2875-destructive-diff-guard

fix/audit-force-merge-stale-contexts

fix/2863-cp-stub-provision-handler

fix/2489-ssot-display-default

fix/2851-lifecycle-harness-resolvable-url

fix/chat-history-assertion-robustness

fix/24-pr-b-gitea-fetcher

fix/harness-runner-skip-xfail-counting

fix/chat-panel-false-green-or-assertion

fix/2864-burn-down-org-create-400-capture

fix/2818-async-dispatch-202-taskid

fix/2865-peer-discovery-404-replay

fix/2851-containerized-platform-advertise-host

fix/76-staging-llm-preflight-model-auth

fix/2859-redeploy-fleet-transient-retry

fix/2520-extend-platform-boot-deadline

fix/2851-local-provision-real-image-hostname

fix/dedup-cfg-config-files-init

fix/2845-scaffold

fix/rfc-2843-24-asset-channel

fix/2489-ssot-instance-allowlist-endpoint

fix/66-approval-requester-withdraw

fix/concierge-slug-cap-2839

fix/rfc-2843-23-delete-seo-patch

fix/approvals-no-auto-expire

fix/60-staging-e2e-org-create-hardening

rfc/decouple-config-skill-delivery

fix/approvals-list-auto-expiry

fix/2796-e2e-server-received-assertion

fix/2802-detect-changes-debug-output

fix/2834-test-recover-panic-race

fix/provider-endpoint-gone-coverage

fix/2796-activity-log-selector

fix/2762-mobile-attach-sending-gate

test/approvals-policy-coverage

fix/2766-mobile-inbox-stale-action

fix/1286-admin-delegations-error-coverage

fix/2782-seed-param-auth

fix/2800-rc-detached-ws-delivery

fix/2788-e2e-chat-residual

fix/2786-desktop-echo-fixture

fix/2751-canvas-async-dispatch-contract

fix/2794-remove-retired-configtab-skips

fix/2770-governance-pr-status-shadows

test/offered-models-coverage

fix/2422-deadlock-and-routing

fix/2802-e2e-chat-echo-render

fix/2809-org-template-fail-closed

fix/2764-chat-separation-fail-closed

fix/2809-org-template-import-fail-closed

fix/core2782-collision-proof-slugs

fix/2751-canvas-async-dispatch

fix/concierge-moreinfo-icon-size

fix/2798-context-menu-delete-false-green

fix/2794-remove-retired-configtab-skips-clean

fix/mobile-chat-tooltrace-and-banner

fix/2796-chat-desktop-activity-log-skip

fix/2725-usechatsend-concurrent-messages

fix/2759-consolidated-11471-11472

fix/2759-rc3-11471-error-batch-consume

fix/33-e2e-chat-main-red

fix/2759-rc2-11463-followup

fix/2775-legacy-no-id-exact-one-fallback

fix/new-workspace-parent-fallback

fix/2761-remove-stale-termsgate-skip

fix/2764-chat-separation-e2e

feat/canvas-async-dispatch-flag

fix/2762-attach-cursor-residual

fix/2766-mobile-inbox-wrong-action-race

fix/core2771-create-restart-gate

docs/mobile-ia-ssot

feat/mobile-agent-tree

feat/mobile-inbox-tasks-approvals

fix/core2675-llm-preflight

fix/mobile-chat-parity

ci/autoroll-fleet-on-publish

fix/migrate-set-compute-instance

fix/core2611-register-401-retry

fix/core2566-concierge-self-secret-write

fix/2752-local-provision-minimax-model

fix/canvas-ssot-aa-contrast

fix/2748-adapter-base-double-v1

fix/chat-524-not-unreachable

fix/a2a-response-header-timeout-long-turns

fix/2743-staging-concierge-create-retry

fix/chat-clear-error-while-thinking

fix/2739-reproject-byok-restart-recovery

feat/mobile-palette-canvas-ssot

fix/migrate-revoke-stale-auth-token

fix/chat-clear-stale-error-on-reply

fix/2712-restart-byok-minimax-projection

fix/core2721-deeper-nav-to-org-map

ci/required-contexts-add-peervis

fix/core2724-workspace-server-ack-first

fix/core2723-client-side-chat-timeout-align

fix/core2721-staging-tabs-workspace-id-selector

fix/a2a-idle-timeout-raise

fix/chat-multisend-concurrent

fix/2712-diagnose-staging-result-error

fix/chat-thinking-indicator-currenttask

fix/chat-textarea-reset-baseline

fix/ci-required-drift-url-error

fix/chat-user-message-dedup-id

fix/restart-context-register-400-diagnostics

fix/2437-a2a-ready-boundary-poll

ci/peer-visibility-required-flip

fix/2437-queue-status-404-distinction

fix/a2a-proxy-body-truncation-2677

feat/2697-canvas-chat-ux

fix/restart-context-callerid-normalize

fix/chat-mobile-flake-2699

fix/request-moreinfo-reaches-requester

fix/canvas-user-identity-2691

fix/2694-a2a-queue-callerid

fix/drop-claude-fable-5-disabled

fix/restart-context-2530-callerid-normalize

fix/restart-context-degraded-2680

fix/wsauth-token-kinds-1644

fix/staging-platform-boot-known-answer-queued

test/external-runtime-requests-e2e

sync/providers-opus-4-8

fix/statuses-pagination-clamp

fix/2594-followup-per-workspace-byok-ssot

fix/ws1b-claude-code-attribution-header

fix/restart-race-provision-gate

fix/registry-clear-failure-on-healthy-heartbeat

fix/staging-tabs-hydration-sentinel

fix/local-provision-container-race-poll

fix/missed-coe-tracker-1982-to-2654

fix/2594-resolved-model-fail-closed

fix/e2e-chat-push-hydration

fix/2660-recover-bp-directive

test/2606-workspace-requests-e2e

fix/staging-tabs-x-molecule-org-id

fix/chat-desktop-visible-panel

fix/52bb9d6f-local-provision-e2e-build-e2e-names

fix/cf-preflight-sweep-cf-orphans

fix/action-pin-hygiene-e2e-chat

fix/2645-stall-watchdog-uuid-type

feat/2636-decision-chip-in-mychat

feat/2636b-reconstruct-tooltrace-from-agentlog

fix/2617-recover-atomic-byok-create

feat/2636-decision-visible-and-tooltrace-persist

fix/2608-hardfail-byok-at-create

feat/2606-respond-notifies-requester

fix/all-required-aggregation-regression-test

fix/core-2615-2496-platform-agent-on-conflict-runtime-test

fix/registry-boot-register-log-regression-test

fix/merge-queue-non-main-base-skip-test

fix/core-2615-2460-jq-install-fail-closed-test

fix/internal-797-postgres-integration-runner-label

fix/platform-tunnel-hostname-normalize

feat/ws-switch-provider-endpoint

fix/concierge-no-self-secret-ops-test

fix/handlers-postgres-neutral-required

fix/gate-check-v3-governance-regression-tests

fix/core-2615-2125-regression-test

fix/cross-cloud-register-url-fallback

fix/2608-billing-org-default

fix/2609-default-parent-platform-root

fix-2579-e2e

fix/2573-concierge-prompt-rule

fix/2573-no-autorestart-platform-root

fix/staging-e2e-preseed-cookie-consent

fix/chat-e2e-scope-panel-chat

fix/org-token-mint-verified-session

chore/core-self-merge-guard-reserved-paths

fix/core-2573-skip-self-restart-on-secret-write

fix-2540-ci

fix/gate-check-trusted-governance-contexts

fix/core-2530-register-failure-degraded

pull/1287

fix/core-2574-admin-token-gate

fix/duplicate-tab-ids-concierge-embed

fix/core-1362-delegation-list-both-directions

test/core-1988-matcheschatid-templateimageref

fix/handlers-admin-delegations-coverage

refactor/workspace-compute-status-constants

pr-2029

fix/core-2517-memory-write-fk-integration-test

fix/chat-e2e-scope-node-click

pr-1321

fix/activity-logs-13arg-test-expectations

fix/core-2508-install-platform-agent-hardening

fix/KI-013-migrate-legacy-names

fix/chat-ux-persist-and-autoscroll

fix/sev-2499-shared-volume-name-helper

chore/remove-dead-arm64-darwin-lanes

fix/ecr-disable-buildx-attestations

fix/core-2509-org-switcher-audit

perf/e2e-api-minimax-wait-budget

test/2505-backward-compat-full

fix/provision-timeout-720s

fix/2500-register-boot-logging

fix/heartbeat-promote-provisioning-to-online

fix/gate-check-v3-timeout

fix/lint-setup-go-cache-flip-hard-gate

fix/platform-agent-install-runtime-on-conflict

fix/2490-rebased

ci/guard-setup-go-cache

fix/core-2525-self-approval-authz-gap

fix/sev-2500-status-transition

fix/core-2490-bootstrapfailed-rescue-race

fix/core-2528-compile

fix/merge-queue-silent-base-skip

fix/sev-2499-status-transition-followup

fix/ops-scripts-snapshot-frozen-ts-2550

feat/canvas-chat-queue-and-child-lock

feat/2489-ssot-compute-metadata

fix/setup-go-cache-vs-bind-mount

fix/sev-2499-ssot-volume-names

fix/review-check-tests-jq-fail-closed

feat/2507-kind-wire-contract-truth-up

fix/sev-2499-enhanced-drift-guard

harden/e2e-ki013-drift-guard

ci/guard-no-coe-on-required

feat/agent-liveness-a2-stall-watchdog

fix/agent-stale-window-and-heartbeat

test/backward-compat-migrate-unit-tests

fix/core-2509-org-switcher

fix/add-missing-provisioner-unit-tests

docs/rfc-agent-liveness

feat/unified-requests-inbox-p3-canvas

feat/unified-requests-inbox-p4-nudge

fix/concierge-mcp-declaration

feat/unified-requests-inbox-p1

feat/envelope-bounce-animation

feat/support-claude-fable-5

fix/memories-http-upsert-namespace

fix/chat-timeout-not-unreachable

feat/2502-consume-conductor-snapshot

ci/publish-image-registry-layer-cache

fix/concierge-home-chat-follows-selection

fix/sev-2499-e2e-ki013-full-id-names

feat/cp-provision-forward-kind

feat/canvas-org-switcher

fix/ssot-consolidate-compute-options

fix/KI-013-provisioner-uuid-truncation

fix/add-missing-scheduler-unit-tests

pr2485-merge-test

fix/add-missing-middleware-unit-tests

fix/deploy-straggler-tolerance

fix/e2e-chat-testcontainer-leak

fix/sop-checklist-author-self-ack

fix/remove-dead-code-QueueDepth

fix/1093-adapter-py-test-margin

fix/local-provision-e2e-ipv4-hardcode

fix/main-red-e2e-act-runner-docker-detect

test/2148-registry-auth-real-postgres-v2

fix/all-required-aggregate-fail-closed

fix/envelope-anchor-dot-and-scale

test/2148-registry-auth-real-postgres

fix/main-red-e2e-ssrf-publish-retry

fix/status-reader-paginate-to-exhaustion

feat/in-place-provider-switch

test/2391-hydrate-inflight-turn-status

fix/2450-local-provision-dynamic-port

refile/2155-migration-replay-from-scratch

fix/2448-ops-scripts-fail-closed-zero-tests

fix/handlers-pg-required-tables-widen

fix/ci-fail-on-zero-tests-collected

fix/2421-heartbeat-backfill-agent-card

fix/scheduler-enqueue-cron-on-busy

fix/sev1-812-approval-validator

fix/2442-chat-desktop-enter-map-view

feat/a2a-message-flight-envelope

fix/e2e-chat-desktop-concierge-reskin-selector

fix/concierge-role-truncate

fix/2429-case-fold-trailing-dot-tunnel-hostname

fix/provider-on-isrunning-status

feat/canvas-concierge-ui

fix/validate-agent-url-pending-tunnel

fix/memories-commit-error-server-log

fix/gate-context-target-suffix

feat/ws-compute-provider-validation

fix/2396-sop-auto-tier-and-trigger

fix/1306-gitea-label-singular

remove/data-residency-banner

fix/2392-stop-by-instance-id-on-persist-fail

harden/merge-control-required-checks-json

fix/2398-enrich-commit-memory-log

fix/ec2-orphan-instance-id-persist-failure

fix/merge-control-script-hardening

fix/provider-derivation-fail-closed

fix/restart-sync-update-status-guard

fix/restart-guard-removed-workspace

fix/fail-open-status-persist-trio

fix/2248-suppress-platform-managed-credentials

fix/2386-send-provider-on-deprovision

fix/delegate-task-async-sender-pushback-2244

fix/2331-sop-ceremony-required-checks

feat/platform-agent-gate-wiring

fix/umbrella-reaper-1780

fix/block-internal-paths-hard-gate

fix/backends-md-drift-risk-6-stale

cp455-minimal-cell-boot-e2e-stage1

fix/chat-seed-admin-auth

fix/goroutine-panic-recovery

fix/1080-org-helpers-typo-main

fix/canvas-e2e-transient-failed-2632

fix/admin-images-codex-and-std-encoding

fix/render-status-body-state

fix/memory-section-marker

design/secrets-accessibility-fix

fix/channels-matchesChatID-tests

fix/workspace-server-healthcheck

fix/ci-org-helpers-demorgan

test/delegate-record-db-errors

infra-sre/fix-platform-go-test

fix/ci-drift-pagination

fix/merge-queue-direct-merge-no-update-churn

fix/stdio-clean

feat/platform-agent-install

fix/audit-force-merge-curl-fail-closed

fix/fail-closed-hardening-trio

feat/platform-agent-kind

docs/mark-drift-risk-6-resolved

feat/byok-create-gate-and-liveness

feat/workspace-provider-field

fix/main-red-2308-lint-trackers-fast

fix/status-reaper-observability

fix/internal-805-sweep-cf-cloudflare-fallback-clean

feat/platform-agent-approval-gate

fix/lint-pre-flip-fail-closed-clean

fix/main-red-2305-lint-and-e2e-platform-managed

fix/sop-checklist-hold

fix/main-red-e2e-chat-auth-token

fix/internal-802-bp-directive-comments

fix/reconciler-debounce-coupling-2284

fix/main-red-canvas-e2e-tablist-strict-mode

fix/canvas-pause-resume-cascade-param-2122-followup

fix/2251-delegate-task-message-role-contract-test

fix/817-canvas-deploy-reminder-per-step-gate

fix/2139-sop-tier-check-real-qa-security-teams

fix/sop-checklist-hold-volume-skip

fix/lint-pre-flip-fail-closed

feat/2185-manifest-entry-existence-check

feat/2151-chunk2-integration-tests

fix/status-reaper-pagination-observability

fix/http-client-timeout-panic-recovery-main

fix/pause-resume-cascade-opt-in-1991

fix/plugin-uninstall-exec-errors

fix/gitea-merge-queue-pagination

fix/review-check-remove-generic-comment-bypass

fix/sop-tier-remove-fail-open-dead-code

fix/sop-tier-check-remove-fail-open-core

feat/merge-queue-auto-discovery

rfc/platform-agent

test/flip-probe-governance-gates-2331

fix/block-internal-paths-fail-open

test/governance-gate-flip-probe-2331

fix/merge-queue-hold-on-409-conflict-update

fix/e2e-smoke-diagnose-detail-767

fix/sop-checklist-emdash-slug-parse

fix/2352-merge-queue-409-hold

fix/merge-queue-autonomous-genuine-approvals

researcher-gate-probe-1780730963

fix/578-google-adk-image-refresh-allowlist

e2e/data-persistence-recreate-2332

fix/channels-unmarshal-fallback-invalid-json

feat/workspace-provider-routing

fix/google-adk-model-registration-coremirror

fix/renew-lint-coe-tracker-837-clean

fix/renew-lint-coe-tracker-837

test/channels-dataprune-e2e-p110

core2332-p110-workspace-lifecycle-staginge2e

chore/providers-gen-docker-target

feat/core-2332-display-reconnect-renewal-e2e

cr2/google-adk-e2e-coverage

fix/vertex-ssot-registry-drift

fix/port-cp544-fail-closed

fix/sop-tier-authz-no-org-fallback

fix/core-ci-fail-closed

docs/sop-fail-closed-ci

fix/restore-seo-adk-templates-manifest-auth

rfc/byok-fail-closed-billing

fix/forensic145-preserve-workspace-scm-token

fix/ci-coe-trackers-e2e-chat-staging-external

fix/e2e-reconciler-platform-model-and-boot-error

fix/e2e-saas-step9-hma-surface

fix/e2e-staging-byok-opt-in-before-vendor-key

fix/e2e-saas-model-slug-bare

fix/e2e-claude-code-minimax-bare-slug

fix/e2e-tenant-call-surface-body

fix/main-red-peer-visibility-platform-managed-secrets

fix/main-red-minimax-model-slug

fix/sop-tier-check-and-token-parse

harden/staging-saas-all-runtimes

harden/no-fail-open-auth

fix/main-red-lint-continue-on-error-2294

harden/keyless-feature-e2e-coverage

harden/derive-provider-matrix-e2e

harden/enforce-ci-gates-core-v2

fix/cascade-true-callers-ahead-of-2122

fix/2151-chunk1-activity-delegation-a2a-integration-tests

harden/sop-tier-check-remove-expired-coe

fix/2255-e2e-smoke-poll-parser-kind-discriminator

fix/a2a-2251-go-role-default

fix/2140-sop-tier-refire-real-exit-code

harden/regression-coverage-v2

fix/521-claude-code-colon-form-overclaim

fix/core2261-reconciler-toctou-degraded-hardening

fix/core2261-providers-byte-sync-cp521

fix/core2261-e2e-instanceid-tag-fallback

fix/core2261-reconciler-e2e-create

fix/cascade-canvas-callers

harden/e2e-staging-saas-failclosed

harden/e2e-staging-external-chat-failclosed

harden/e2e-staging-canvas-deflake

feat/umbrella-reaper

feat/2261-gap1-takecontrol-e2e

fix/1997-canary-minimax-m2.7

fix/2263-staging-canary-namespaced-model

fix/security-review-owners-na-eligibility

feat/core2261-reconciler-live-e2e

feat/core2261-takecontrol-wsproxy-test

feat/security-review-owners-na-eligibility

feat/core2261-instance-state-reconciler

fix/cp529-enforcer-test-unbreak-main

feat/cp529-byok-vendor-providers

fix/activity-feed-stable-ordering

fix/2245-platform-managed-provider-credential-gate

fix/2245-platform-managed-no-cred

harden/contract-tests-core

feat/cp529-byok-routability-enforcer

feat/core2235-canvas-buildinfo

fix/2235-canvas-buildinfo-docker-sha

review/pr3029-pr3033-local

feat/traces-v1-workspace-secrets-2976

fix/816-sop-tier-check-stale-reviews

fix/818-sop-checklist-na-declarations-terminal-success

fix/core2226-canvas-ordered-deploy

fix/2222-a2a-delegate-task-attachments

chore/cp514-byte-sync-drop-vertex-arm

fix/2205-e2e-api-health-wait-migration-gate

fix/core2225-staging-canvas-e2e-fixture

fix/2225-e2e-canvas-stale-hermes-model

fix/2185-bp-directive-window

fix/2192-manifest-repo-existence-check-v2

fix/desktop-takecontrol-reconnect-renewal

fix/2212-peer-visibility-missing-model

fix/2172-provider-validation-setmodel

fix/2192-manifest-repo-existence-check

fix/prod-deploy-verify-tenant-lag-2213

fix/2204-liveness-probe-max-tokens

fix/internal-805-cf-auth-drift

fix/internal-804-parser-json-variant

fix/peer-visibility-test-model-required-2212

fix/77-bp-directive-4-emitters

fix/e2e-api-health-wait-migration-chain

devops/saas-a2a-empty-completion-diagnostic

fix/e2e-staging-canvas-tabs-red

fix/e2e-chat-readiness-curl-tempfile-2198

test/provider-matrix-boot-regression-moonshot

sre/fix-auto-deploy-writable-home-2193

fix/e2e-chat-mobile-history-reload-flake

fix/deploy-production-superseded-false-stale

fix/manifest-rm-deleted-org-templates

fix/2158-auto-sync-token-hard-fail

fix/create-dialog-registry-provider-catalog

fix/ensure-default-config-stamp-derived-provider

fix/2183-remove-missing-free-beats-all

feat/google-adk-platform-provider-mirror-ssot

fix/core-2176-a2a-full-body-guard

fix/publish-latest-tag-platform-tenant

feat/2172-config-save-provider-validation

feat/handler-admin-test-token

feat/plugins-listing-and-sources-coverage

feat-handler-admin-test-token

test/2175-a2a-full-body-delivery-guard

regression/2149-scheduler-real-pg

fix/internal-760-review-event-trigger

fix/2166-blocker2-integration-fail-open

dev-b/sec-c-2132-reorder

fix/2163-cr2-live-fire-freshness

fix/test-async-cleanup-order

fix/shellcheck-arm64-pilot-main-red-2146

docs/2159-pr-head-workflow-selection

fix/2152-unmask-real-infra-gates

cherry-pick-2167-suspenders-to-main

fix/2159-qa-security-auto-trigger-review-state-guard

cp/469-tenant-proxy-env-delivery

fix/2162-platform-managed-fail-closed-missing-proxy

docs-test/gate-auto-fire-livefire-2159

fix/gate-followup-refire-token-direct-trigger-regression

regression/2150-migration-replay-from-scratch-real-pg

ci/unmask-required-real-infra-gates-mc1982

fix/internal-760-qa-security-pr-review-trigger

fix/internal-760-ceremony-ai-sop-ack

runtime/lazy-workspace-id

fix/2134-chat-files-forward-ssrf-2316

feat/rfc742-rescue-read

fix/2131-patch-abilities-atomic

cr2/sec-d-2316-chat-files-ssrf

cr2/sec-a-2029-traces-ssrf

fix/continue-on-error-triage-2113

feat/rescue-rebase-2019-v2

feat/rfc742-rescue-capture

test/handlers-misc-coverage

fix/errcheck-unchecked-errors-main

fix/broadcast-org-root-test-cleanup

fix/broadcast-itest-cleanup-hygiene-2108

fix/log-execasroot-errors-plugin-cleanup-main

fix/http-client-timeouts-panic-recovery-error-checks-main

fix/panic-recovery-goroutines-channels-handlers-scheduler-main

fix/canvas-e2e-transient-failed-2632-main

fix/backends-md-drift-risk-6-stale-main

fix/ci-required-drift-1739

fix/audit-force-merge-branch-aware

test/org-scope-abilities-coverage-clean

fix/renew-coe-tracker-mc774-clean-20260601

fix/registry-root-sibling-leak-1955

fix/registry-cancommunicate-cross-tenant-roots-1955

fix/broadcast-itest-status-enum-online

fix/rows-affected-core

fix/broadcast-org-root-cte

fix/broadcast-org-root-cte-1959

sync/providers-serving-urls

fix/staging-test-hermetic-env

fix/restart-context-defer-rows-close

fix/channels-rows-err-check

fix/ci-lint-suppression-1062

fix/defer-rows-close-audit

fix/delegation-rows-err-check

fix/errcheck-unchecked-errors-1062

fix/execcontext-err-check-high-impact

fix/execcontext-err-check-sweep2

fix/execcontext-error-audit

fix/http-defaultclient-auth-paths

fix/registry-rows-err-check

fix/secrets-scan-error-restart

fix/workspace-restart-rows-err

pr-3033

fix/restart-context-rows-err

fix/discovery-rows-err-check

fix/broadcast-org-root-cte-1959-staging

fix/rowserr-checks-events-channels-manager

fix/rowserr-memory-schedules-audit

fix/channels-duplicate-encrypt

fix/audit-rows-err-check

feat/minimax-m3-sync

fix/missing-rows-err-llm-billing-mode

fix/ci-scheduler-fanout

feat/openapi-management-spec

pr2056

fix/channels-memory-rows-err-check

fix/traces-error-handling

fix/codeql-sarif-export

fix/instructions-rows-err-check

fix/providers-ssot-sync-codex-subscription

fix/github-token-fallback-timeout-1101

fix/codex-central-refresher

feat/google-adk-runtime-ssot

worktree-agent-aa572c7374a57f03a

fix/sync-providers-yaml-openai-split-20260531

feat/workspace-data-persistence

e2e/google-adk-ci-wiring

feat/register-google-adk-runtime

feat/mc-multiperiod-workspace-budget

feat/schedule-orphan-monitor-cleaner

fix/schedule-migration-on-recreate

fix/google-adk-runtime-doc-accuracy

fix/setglobal-drop-retired-org-billing-guard

fix/internal-728-provider-matched-cred-injection

fix/internal-724-prod-auto-deploy-straggler-surfacing

fix/1994-provision-billing-model-passthrough

test/a2a-queue-status-depth-coverage

fix/broadcast-cte-non-root-sender-1959

feat/internal-718-p3b-canvas-consume-registry

test/patch-abilities-coverage-1312

feat/internal-718-p4-followup-llm-provider-removal

fix/cancel-in-progress-flip-1357

feat/internal-718-p4-pr2-hard-reject-unregistered

feat/internal-718-p4-pr1-reconcile-colon-vocab-sync

fix/mcp-tools-slim-residue

feat/internal-718-p3a-templates-from-registry

feat/internal-718-p2a-registry-codegen-distribution

feat/internal-718-p2b-billing-derives-from-provider

refactor/drop-org-tier-llm-billing-mode

fix/suppression-rationales-1769

pr1930

eng-b/rebase-1952

fix/ssot-provider-selection-billing-mode-711-713

fix/1769-suppression-rationales

fix/byok-global-llm-cred-leak-internal-711

fix/workspace-broadcast-cte-1959

fix/1953-scope-peer-discovery-a2a-to-org

fix/cancel-in-progress-low-risk-9

fix/cross-tenant-isolation-1953

fix/python-open-encoding

fix-1644-workspace-create-returns-auth-token

fix/1837-docs-stale-monorepo-ref

fix/review-check-all-403-diagnostic

fix/audit-force-merge-staging-drift-1739

fix/nil-safe-scans-validation-hardening

fix/delegate-async-return-after-marshal-fail

fix/canvas-user-verified-session-1673

fix/canvas-chat-poll-mode-1673

fix/mcp-tools-marshal-error-return

fix/ci-remove-race-from-blocking-gate-1184

fix/watchdog-close-stale-contexts-on-red

fix/time-after-single-retry-delegation

fix/time-after-goroutine-leaks

fix/json-marshal-log-continue-2nd-pass

fix/cp329-retire-config-files-userdata-cap

fix/703-provider-billing-mode-ui

fix/internal-703-byok-billing-mode-env

eng-b-test-1779917746

fix/workspace-ec2-leak-delete-retry

fix/ci-arm64-tracker

fix/1669-syntax-error

fix/docs-monorepo-refs

refactor/drop-org-tier-llm-billing-mode-canvas

fix/publish-buildx-writable-config

fix/publish-docker-config-api-20260520

feat/seed-schedules-from-ws-template

feat/canvas-llm-billing-mode-section

feat/per-workspace-llm-billing-mode

fix/memory-v2-upsert-namespace-20260526

fix/platform-managed-provider-key-leak

fix/mcp-tools-test-db-import-20260526

pr-3029

fix-tiny-readme

fix-shellcheck-arm64-pilot-runner-label

feat/canvas-lib-tests

docs/fix-stale-channel-install-refs-230

design/modal-a11y-followup

fix-1769-suppression-justifications

fix-365-scope-divergence-gate-check

fix-1763-org-include-test

docs/readme-quickstart-context

style/fix-ruff-e501-etc

fix/main-ci-display-deploy-blockers

fix/display-keyboard-clipboard

fix/runtime-template-repo-cache

fix/create-dialog-platform-defaults

fix/pending-upload-preview-after-ack

fix/create-dialog-runtime-provider-flow

fix/platform-us-default-provider

fix/seo-template-provider-env-prompt

chore/advisory-legacy-e2e

fix/seo-template-visible

fix/panel-contained-attachment-preview

fix/pdf-preview-csp

fix/pdf-preview-visible

fix/prod-auto-deploy-scoped-rollout

fix-1763-test-minimal

feat/llm-native-auth-flow

fix/issue-1823-delete-confirm-name

fix/display-control-browser-session

fix/agent-message-attachment-broadcast

chore/maintained-runtime-registry

fix/issue-1686-cost-efficient-workspace-defaults

fix/hermes-user-attachments-core

fix/gate-check-v3-ruff-f401-e741

docs/issue-1793-workspace-placement-rfc

fix/ruff-batch-2026-05-24

chore/issue-1760-rename-go-module

fix/platform-managed-llm-default

chore/issue-1812-remove-backfill-from-image

fix/ruff-f401-f541-f841-e741-batch

fix/ruff-e501-merge-queue

fix-1763-webhook-token-redaction-skip

fix/ruff-final-batch-f401-e741-f841

fix/ruff-e501-batch-4

fix/ruff-lint-batch-3

fix/ruff-lint-more-scripts

fix/user-message-fanout-1440

fix/workspace-compute-settings-control

fix/1763-finding-3-token-test-integration-tag

fix-1775-deploy-wait-alignment

fix/memory-plugin-nil-jsonb-marshal

fix/pv-staging-tenant-auth

fix/real-user-upload-staging-e2e

feat/issue-1791-bundle-memory-backfill

feat/issue-1754-mcp-memory-activity-broadcast

feat/issue-1791-memories-commit-v2-plugin

fix-1763-discord-token-test

chore/remove-stale-runtime-comment

fix/revert-1781-templates-runtime-relax

chore/remove-unmaintained-runtimes

fix/e2e-orphan-guard

docs/issue-1780-compensating-status-runbook

fix/issue-1778-templates-test-fixtures

fix/templates-supported-runtime-tests

fix/prod-auto-deploy-aggregate-context

chore/issue-1753-awareness-docs-sweep

chore/issue-1755-seed-initial-memories-v2

fix/ci-all-required-bookkeeping

fix/supported-runtime-catalog

chore/issue-1733-memory-plugin-schema-isolation

chore/issue-1735-remove-awareness-backend

fix/memory-list-rows-err

feat/1686-display-session-proxy

chore/issue-1733-a1-kill-v1-fallback

fix/issue-1734-memory-tab-v2

fix/codex-scheduled-a2a-timeout

fix/prod-auto-deploy-nonblocking

fix/arm64-pilot-label-macfix

fix/review-check-empty-pr-guard

fix/canvas-publish-docker-config

fix/channels-manager-rows-err

fix/rows-err-restart-discovery

fix/slack-webhook-response-body-close

fix/sweeper-rows-err

feat/1686-display-workspace-flow

fix-1700-A-github-token-http-timeout

fix/workspace-crud-descrows-err

task342/local-e2e-harness

fix/messagestore-extractfiles-unmarshal

fix/pgplugin-writejson-encode-error

feat/1686-display-control-ui

fix/discord-read-body-error

fix/capturebroadcaster-data-race

fix-scheduler-detect-result-kind-message-allow

fix/lark-read-body-error

fix/memory-decode-error-read-body

fix/slack-read-body-errors

fix/traces-read-body-error

fix/schedules-events-rows-err

fix/channels-json-unmarshal-errors

rfc-1706-openapi-phase1-schedules

fix/mcp-tools-scanpeers-err

fix/handlers-rows-err-batch

fix/slack-webhook-response-body-close-clean

fix/github-token-http-timeout

minimax-autonomous-test

fix/scheduler-1696-sdk-error-detection

fix/1696-scheduler-adapter-error-status

feat/1686-phase1-compute-schema

fix/1692-mount-schedule-routes

fix/1684-native-session-enqueue-on-busy

fix/1646-staging-saas-timeout

fix/ci-path-scope-main-push

fix/e2e-wait-after-config-put

fix/e2e-delegation-a2a-retry

fix/e2e-minimax-m2-default

platform-kill-defaultmodel-require-model-at-create

fix/e2e-a2a-busy-retry

fix/e2e-a2a-readiness-body

fix/t4-pid-probe-agent-safe

fix/t4-gitea-egress-ssot

docs-fix-claude-code-channel-template

fix/activity-flat-upload-attachments

fix/aws-secrets-janitor-literal-region

fix/activity-feed-peer-info-enrichment

fix/aws-secrets-janitor-fail-loud

fix/aws-secrets-janitor-staging

fix/staging-token-diagnostic

chore/publish-staging-ecr-with-ssot-publisher

fix/e2e-bash32-empty-array

chore/mirror-tenant-image-staging-ecr

fix/mcp-delegate-platform-path

chore/retrigger-peer-visibility-after-publish

fix/publish-buildx-docker-config

docs/multi-external-workspace-registration

fix/e2e-token-fallback-diagnostics

ci/clean-superseded-push-noise

ci/path-scope-go-handler-pr

fix/main-red-watchdog-action-run-status-filter

fix/admin-workspace-token-mint

test/e2e-chat-a2a-dns-regression

fix/staging-peer-visibility-token

chore/delete-core-workspace-runtime

fix/split-heavy-e2e-required-path

fix/ci-cron-bots-prebake-1357

fix/self-delegation-peer-list-hardening

fix/523-allow-user-set-workspace-secrets

feat/canvas-org-info-tab

fix/624-file-write-restart-debounce

fix/377-canvas-polite-cancel-before-restart

task227/external-mcp-progress-ux

fix/canvas-chat-a2a-hint-activity-tab-closeout-212

fix/t4-probe-docker-socket-and-pid-host

chore/ssot4-delete-dead-github-workflows

task335/drop-runtime-image-pins-mig-fresh

chore/ssot10-ecr-registry-var

fix/sop-checklist-stream-pagination-oom

task335/drop-dead-runtime-image-pins-mig-047

fix/a2a-error-hint-timeout-class

fix/a2a-error-detail-field-rename

feat/uploads-limits-ssot-task-320

core-devops/cascade-structural-hardening

chore/retrigger-publish-after-eacces

fix/poll-mode-pending-uploads-100mb-mc1588

fix/redeploy-fleet-confirm-callers

fix/lint-workflow-yaml-slash-in-name

retrigger/publish-workspace-server-after-pr110-deploy

infra-runtime-be/upload-100mb-and-correct-reason-errors

infra-sre/rfc596-publish-runtime-dual-push-gitea-pypi

fix/workflow-name-no-token-slash

infra-sre/audit-log-phase1-emit-secrets

fix/main-red-watchdog-skip-cancel-cascade-mc1564

feat/rfc563-ws-server-binary-strip

ci/146-lint-no-tenant-gitea-token

feat/agent-card-identity-seed-prod-team-internal-492-followup

fix/rfc524-layer1-bare-go-conversion

fix/ci-docker-host-guardrail-red

test/e2e-todays-pr-coverage

feat/146-forbidden-env-guard

fix/sop-checklist-widen-ack-internal-442

ci/mac-arm64-pilot-shellcheck

e2e/peer-visibility-local-backend-task166

fix/canvas-surface-error-detail

fix/wsserver-broadcast-error-detail

ci/oom-storm-concurrency-fix

fix/chat-upload-ssot-100mb-1520

feat/provisioner-inject-gitea-credential-helper

sre/fix-remaining-scheduled-cancel-in-progress

fix/user-message-role-1514

sre/fix-gate-check-cancel-in-progress

sre/fix-ci-drift-false-positive-and-queue-limit

ci-retry-noop

test/plugin-listing-coverage-1488

infra/canvas-ci-retry-20260518145806

fix/json5-comments-manifest-1496

test/canvas-hook-coverage

feat/canvas-agent-abilities-toggle

fix/sop-tier-check-secrets-read-v2

fix/canvas-configtab-wcag-alert-v2

fix/canvas-configtab-wcag-alert

fix/sop-tier-check-secrets-read

fix/ci-sop-tier-check-secrets-read

fix/runtime-registry-manifest-v2

test/runtime-provision-timeouts-coverage

fix/sev1-secrets-read-v2

fix/sev1-missing-secrets-read-perms

test/canvas-secret-formats-coverage

test/canvas-hook-tests

test/canvas-theme-ts-coverage

feat/canvas-agent-abilities-toggles

test/canvas-theme-lib-coverage

fix/runtime-registry-json5-comment

fix/ws-server-188-failclosed-template-runtime

test/plugins-listing-coverage

fix/issue-1480-manifest-json5

fix/review-check-wrong-event-string-diagnostic

test/workspace-abilities-name-coverage

ci-fix-main-runtime-secret-scan

fix/secret-scan-exclude-secrets-detector-test-fixtures

fix/secrets-read-qa-security-main

fix/secrets-read-qa-security-workflows

test/workspace-broadcast-coverage

fix/1473-bp-all-required-suffix

infra/secrets-read-qa-security-main-fix

fix/pr1450-staging-main-conflict

fix/issue-1420-actionable-errors

fix/issue-228-user-message-fanout

design/externalconnectmodal-a11y

fix/tabs-error-aria-alert

fix/settings-a11y-fixes

fix/canvas-errors-aria-alert

fix/canvas-loading-aria-live

sre/fix-scheduled-workflow-cancel-in-progress

feat/handler-test-abilities-and-sources

fix/handlers-plugin-listing-tests

fix/tabs-a11y-scattered

runtime/port-identity-tools-staging

runtime/fix-merge-queue-cancel-in-progress

fix/canvas-misc-wcag-fixes

infra/quirks-789-fills

infra/queue-runbook-updates

design/skills-accessibility-v2

design/skills-a11y-followup

fix/a2a-delegation-detached-ctx-canceled-internal-497

fix/secrets-honest-ui-491-490

design/mobile-comms-a11y

design/mobile-chat-a11y

fix/mcp-tools-sql-fix

design/mobile-tabbar-a11y

feat/mobile-tabbar-a11y

fix/mobile-ios-focus-zoom

fix/mobile-canvas-render-parity

ci/arm64-advisory-mac-offload-pilot

fix/canvas-user-message-cross-session-fanout

test/a2a-proxy-pure-coverage

fix/mobile-focus-visible-rings

fix/external-workspace-progress-feedback

fix/canvas-mobile-ws-wake-resume

fix/mobile-chat-input-ios-focus-zoom

test/org-helpers-coverage

ci/timing-test-hygiene-host-load-internal

fix/setup-node-pin-corrupt-1432

fix/ci-required-drift-polling-sentinel

fix/issue212-actionable-agent-error-reason

runtime/fix-api03-test-fixture

test/traces-list-http-coverage

runtime/fix-test-fixture-v3

runtime/fix-test-fixture-on-1420

fix/queue-status-sort

runtime/fix-test-fixture-secret-scan-false-positive

test/workspace-abilities-coverage-20260517

fix/sop-engineers-main

fix/queue-merge-permanent-error

fix/delegations-list-deduplication

fix/canvas-npm-ci

fix/sop-staging-engineers-backport

offsec-015-staging-v2

fix/queue-skip-permanent-merge-error

design/settings-button-focus-v2

test/coverage-broadcast-listing-20260517

fix/workspace-tokens-global-sentinel-500

fix/sop-workflow-secrets-read

test/coverage-abilities-design-tokens-20260517

design/agentcomms-focus-visible

design/skills-aria-accessibility

infra/action-sha-pin-e2e-chat

fix/sop-checklist-na-gate-probe-bug

test/coverage-2026-05-17

fix/queue-merge-error-surfacing-v2

test/all-coverage-v5

fix/settings-panel-focus-visible

sre/ci-coldrunner-main-fix

fix/skills-tab-focus-visible

test/all-coverage-v4

test/all-coverage-v3

fix/aria-live-errors-v2

fix/canvas-attachment-focus-visible

fix/queue-merge-error-surfacing

test/all-coverage-v2

fix/app-page-focus-v2

fix/app-page-focus-visible

fix/delete-dialog-focus

fix/sop-checklist-probe-na-gate

test/all-handler-lib-coverage

test/handlers-and-lib-coverage-v2

test/delegation-sweeper-pure-funcs

fix/queue-update-then-wait-loop

fix/workspace-abilities-test-coverage

test/workspace-crud-validators

fix/canvas-user-message-persist-at-ingest

test/handlers-and-lib-coverage

fix/filetree-wcag-icons

fix/mobile-wcag-focus-visible

sre/pr1381-retrigger

infra/add-missing-workflow-concurrency

infra/scheduled-workflow-cancel-in-progress

fix/canvas-wcag-focus-visible-2

ci/twine-verbose-403-reason-body

test/handlers-and-theme-coverage

fix/ci-required-drift-skip-f1

fix/sop-checklist-na-declarations

test/workspace-abilities-and-theme

test/plugins-sources-and-theme

sre/comment-dispatch-consolidation-v2

chore/remove-crewai-deepagents-gemini-cli

test/workspace-broadcast-handler

test/workspace-abilities-patch

fix/inbox-self-echo

feat/test-status-config-constants

feat/test-plugins-install-handlers

test/local-provisioner-token-ownership-parity

infra/internal-462-publish-deploy-lane

fix/staging-sync-persist-fix

feat/broadcast-coverage

__disk-test-137017

fix/main-red-watchdog-close-on-pending

fix/review-refire-comments-token-scope

feat/canvas-abilities-banner-test

pr-1307

staging-dev-lead-test-4107230

feat/workspace-abilities-test-coverage

ci/scheduled-cancel-in-progress-1357

feat/broadcast-test-coverage

fix/a2a-queue-status-coverage

pr-1351

ci/e2e-peer-visibility-bp-pending-1296

ci/e2e-peer-visibility-bp-required-1328

fix/review-refire-conflict

sre/consolidated-main-to-staging

fix/org-helpers-duplicate-comment

fix/a2a-self-delegation-echo-inbox

perf/canvas-favicon-shrink

perf/canvas-toolbar-logo-shrink

perf/canvas-bundle-analyzer-optimize-imports

fix/offsec-015-staging

fix/workspace-token-injection-agent-owned

ci/sop-checklist-narrow-issue-comment-trigger

fix/broadcast-handler-coverage-1343

fix/test-patchAbilities-toolbar-1313-1334

docs/gitea-actions-quirks-runbook

fix/1256-enable-button-focus-ring

pr-1327

feat/workspace-sizing-override

fix/sop-checklist-na-post

canvas/broadcast-chat-wcag

fix/test-matchesChatID-1304

test/canvas/FileTree-render-a11y

test/canvas/ChatTab-subtab-a11y

test/canvas/SidePanel-a11y-and-state

enforce/peer-visibility-bp-directive-1296

infra/main-ci-retrigger

sre/queue-api-fix

sre/sop-na-fix

promote/staging-to-main

infra/detect-changes-shallow-v2

feat/publish-lane-runs-on-394

test/canvas/FilesToolbar-a11y

fix/workspace-abilities-coverage-1312

fix/sop-checklist-merged-blank-line

fix/e2e-chat-setup-node-mirror-sha

e2e/peer-visibility-local-backend

fix/secrets-coverage-compile-err-1274

e2e/peer-visibility-mcp-gate

fix/e2e-chat-setup-node-mirror

fix/canvas-arrangeChildren-coverage

sre/fix-queue-null-created-at-sort

fix/sop-checklist-blank-line-detect

fix/a2a-proxy-test-async-drain

sre/platform-go-timeout-60m

infra/sop-tier-check-token-guard

fix/gate-check-login-aliases

fix/secrets-scan-test-fixture-exclusion

fix/secrets-coverage-tests-v2

fix/ci-concurrency-cancel-superseded-storm

fix/secret-scan-exclude-secrets-tests

fix/secrets-patterns-100pct-coverage

fix/secrets-100-coverage

standalone/review-check-403-fix

feat/files-agent-home-stub

feat/agent-home-docker-exec-internal-425-phase-2b

sre/secret-scan-timeout

feat/canvas-files-agent-home-internal-425-phase-3

fix/top-level-modules-add-a2a-tools-identity

feat/secrets-patterns-ssot-internal-425-phase-2a

stub/files-api-agent-home-root-2026-05-15

fix/sop-n-a-v2

fix/files-api-agent-home-stub

be/workspace-server-accumulated-fixes

fix/sop-n-a-clean

design/themetoggle-test-teardown-fix

fix/openclaw-skip-config-write-and-canvas-timeout-to-main

feat/agent-card-update-and-runtime-identity-tools-relocated

fix/openclaw-skip-config-write-and-canvas-timeout

fix/prod-auto-deploy-timeout

feat/chat-unify-clean

fix/autobump-skip-existing-tags

fix/issue-1187-broadcast-abilities-coverage

fix/runtime-autobump-next-free-tag

pr-1211

feat/queue-status-abilities-handler-tests

fix/queue-channels-coverage

infra-sre/golangci-lint-connectivity-fix

infra/main-sop-na-fix

fix/staging-golangci-30m-v2

fix/channels-rows-err-and-cwe312

fix/container-name-no-uuid-truncation

fix/staging-golangci-noconfig

fix/provisioner-uuid-no-truncate

fix/review-check-403-skip

fix/ki-010-container-name-truncation

fix/provisioner-no-uuid-truncation

fix/issue-1176-db-db-race

fix/channels-rows-err

sre/fix-test-sop-parse-directives

infra/staging-sop-na-fix

fix/pr-1070-push-tokens

hotfix/offsec-015-org-isolation

infra/sop-n-a-plus-drift-fix

pr-1185-current

infra/main-golangci-no-config

test/qa-broadcast-abilities-coverage

fix/delegations-list-endpoint-wrong-column

core-be/fix/platform-go-timeout

fix/issue-1152-delegation-activity-db-err-tests

core-be/fix/tokens-rate-limit-scan-err-v2

fix/handlers-rows-err-missing

infra/canvas-deploy-reminder-polling-list

fix/staging-ci-timeouts

fix/settingspanel-act-flush

fix/rows-err-instructions-resolve

fix/ci-cold-runner-timeout

fix/sentinel-remove-phas3-masked

infra/fix-all-required-combined-status-check

pr1165-rebase

fix/approvals-json-marshal-guard

feat/canvas-broadcast-handler

sre/fix-ci-drift-false-positive

sre/fix-queue-remove-label-bug

infra/workspace-server-healthcheck

fix/ci-drift-canvas-deploy-reminder

fix/offsec-015-broadcast-org-isolation

fix/delegation-list-callee-plus-golangci-lint

sre/fix-queue-gate-context

core-be/test/delegate-record-db-errors-v2

pr-1117

pr-1117-latest

infra/staging-golangci-no-config

fix/openclaw-molecule-mcp-version-pin

offsec015

fix/openclaw-mcp-version-check

feat/provider-routing-base-v2

feat/e2e-chat-stabilization

fix/sop-concurrency-throttle

p1102

p1117

fix/canvas-deploy-reminder-deadlock

infra/main-golangci-timeout-fix

feat/provider-routing-base

sre/sweep-cf-orphans-aws-timeout

sre/queue-merge-conflict-handling

fix/na-declarations-gate

fix/handlers-log-db-scan-errors

fix/channels-marshal-errors

fix/channels-silent-json-errors

sre/channels-unmarshal-errors

sre/queue-pre-receive-hook-fix

sre/ci-timeout-increase

fix/approvals-terminal-db-err-logging

infra/ci-platform-go-timeout-fix

fix/push-notifications

fix/main-rows-err-instructions

fix/main-test-fix-from-0c152a24

fix/staging-offsec010-cp-wiring

fix/handlers-instructions-test-bugs

fix/ci-allrequired-needs

fix/staging-goasync-configseed

fix/issue-1080-org-helpers-comment

fix/issue-1081-errors-import

fix/1080-org-helpers-comment-typo

infra-sre/fix-missing-test-imports

fix/offsec-010-wiring

fix/saas-t4-cp-config-seed

fix/offsec-010-clean

fix/offsec-003-boundary-wrapping

fix/offsec-003-escaped-markers-main

fix/mobile-chat-history

fix/staging-CWE-78-rows-err

fix/1062-mobilechat-history

hotfix/cwe-78-staging

fix/stdio-v2

fix/offsec-010-symlink-walkdir

fix/test-stdio-function-name

fix/offsec-010-symlink-walkdir-isSaaS-fix

sre/fix-stale-platform-server-port

fix/offsec-010-from-pr1047

staging-v6

fix/e2e-api-port-collision

fix/main-async-db-race

infra/sync-staging-v6-to-main

pr/1030

fix/handlers-instructions-test-compile

fix/instructions-test-compile

fix/openclaw-empty-required-keys

sre/main-rows-err-checks

fix/staging-v6-conflict-markers

fix/delegation-list-test-conflict-marker

fix/main-red-cdb0b040-ci-tests

fix/theme-toggle-selector-main-red

sre/ci-required-drift-canvas-reminder-skip

test/instructions-handler-coverage

sre/canvas-build-timeout

test/externalconnectmodal

fix/resolve-conflict-marker-delegation-list-test

fix/1008-themetoggle-css-selector

design/826-searchdialog-mount-v2

test/orgcancelbutton

fix/2088-themetoggle-queryselectorall-errors

design/704-tree-test-fix

fix/ci-required-drift-github-ref-skip

ci/975-db-pollution-fix

fix/968-remove-duplicate-test-declarations

fix/980-schedules-handler-test-coverage

design/tier-legend-contrast-2026-05-14

sre/platform-go-timeout-fix

fix/delegation-list-test-db-leak

fix/984-delegation-id-response-body

sre/queue-bot-fix-ctx-check

fix/983-remove-duplicate-test-declarations

fix/986-canvas-wcag-focus-rings

fix/993-agent-handler-test-coverage

design/wcag-focus-contrast-2026-05-14

design/wcag-focus-rings-round5-2026-05-14

fix/activity-logs-delegation-id-response-body

fix/982-expand-posix-identifier-guard

fix/test-offsec003-redundant-file

feat/976-schedules-handler-test-coverage

fix/org-helpers-test-panic

promote/main-to-staging-v5

fix/965-test-panic-resolveInsideRoot

promote/main-to-staging-v4

feat/delegation-list-tests

fix/test-a2a-sanitization-v3

promote/main-to-staging-v3

fix/duplicate-test-declarations

feat/org-helpers-security-tests

fix/main-push-operational-red

promote/main-to-staging-v2

fix-sop-concurrency-v2

fix/sop-checklist-gate-name

fix/docker-info-pipefail

fix/publish-healthcheck-pipefail

fix/sop-checklist-workflow-rename

promote/main-to-staging

sre/fix-sop-checklist-context-name-mc948

design/wcag-contrast-round4-2026-05-14

fix/org-helper-tests

fix/test-a2a-sanitization-main

fix/publish-image-on-every-main-push

fix/remove-canvas-reminder-from-all-required

fix/staging-integration-test-ctx

fix/staging-canvas-reminder-deadlock

design/wcag-a11y-round3-2026-05-14

ci/remove-canvas-reminder-from-all-required

fix/test-a2a-sanitization-assertions

fix/staging-ci-drift-canvas-reminder

fix/handlers-pg-integ-event-before

ci/platform-build-flip-coe

fix/staging-python-test-and-tier-check-lint

fix/offsec-006-slug-injection

runtime/fix-pr916-integration-test-ctx

design/chat-tab-wcag-contrast-2026-05-14

fix/offsec-006-slug-validation

design/wcag-contrast-fixes-2026-05-14

fix/904-handler-test-blockers

fix/ci-drift-canvas-reminder

fix/comment-trigger-storm

infra/660-codify-promote-tenant-image

fix/917-canvas-test-failures

fix/917-runtime-prbuild-detect-changes-fix

fix/filesTab-test-stale-reference

fix/files-tab-test-missing-helper

fix/runtime-prbuild-compat-detect-changes

fix/staging-test-compilation-fixes

fix/qa-review-token-fallback-v2

test/hydrate-canvas-coverage

fix/contextmenu-react-error-185

test/external-runtimes-coverage

fix/main-sqlmock-import-ineffassign-20260513

fix/redeploy-tenants-on-main-lint-cleanup

sre/docker-daemon-gate-fix

fix/897-listdelegations-use-ledger-table

fix/901-listdelegations-ledger-table

fix/core-main-handlers-hotfix

fix/e2e-api-platform-port

fix/main-green-monitor-status

fix/mobile-MobileChat-infinite-render

fix/delegations-ledger-fallback-rows-err

fix/874-extractmessagetext-clean

feat/881-untested-helpers

fix/874-extractmessagetext-bug

fix/status-reaper-api-timeout-retry-20260513130514

fix/831-admin-token-placeholder-bootstrap

feat/canvas-test-coverage-738

feat/files-tab-tree-coverage

feat/canvas-untested-components-coverage

feat/canvas-tab-test-coverage-2

fix/main-bundle-test-sqlmock-import

fix/stdio-fallback-all-environments

staging-sync-v3

ci/burn-in-remove-sop-tier-check-coe

fix/issue-860-delivery-mode-tests

design/approval-banner-emerald-fix

fix/issue-854-termsgate-a11y

fix/issue-859-wcag-contrast

fix/delegations-rows-err-bbc40cb8

design/approvalbanner-a11y

design/pricingtable-a11y

design/toolbar-help-toggle-fix

staging-sync-v2

fix/canvas-approvalbanner-a11y

feat/canvas-external-connect-modal-coverage

staging-sync-rm

fix/test-sanitize-agent-error-stderr

test/a2a-queue-extractExpiresInSeconds

fix/pr-829-test-issues

design/826-searchdialog-mount

fix/chat-createMessage-attachments-key

fix/762-recall-memory-canary

fix/367-a2a-tools-coverage-v2

feat/search-dialog-mount

feat/org-layout-test-coverage

fix/offsec-003-builtin-a2a-sanitize

fix/canvas-playwright-install-timeout

fix/805-audit-force-merge-main-required-checks

fix/cf-sweep-api-error

fix/e2e-diagnose-detail

fix/a2a-mcp-server-http-transport

fix/core-main-red-golangci-install

fix/test-declarations

fix/sop-checklist-body-hard-gate

merge-792

feat/mcp-tools-test-coverage

feat/workspace-crud-test-coverage

feat/socket-handler-test-coverage

fix/686-delegation-integration-tests

feat/a2a-proxy-helpers-test-coverage

fix/publish-canvas-disable-gha-cache-20260512

fix/publish-canvas-docker-probe-20260512

fix/canvas-image-ecr-20260512

fix/687-send-ssh-public-key-detail

feat/tier-2g-required-context-exists-in-bp

feat/tier-2f-bp-emit-match

fix/mc-664-class-2-mcp-offsec-contract-test

fix/main-ci-green-20260512

infra/dockerfile-add-docker-cli-for-local-build

test/workspace-crud-helpers-coverage

fix/681-recallmemory-offsec-contract

fix/org-layout-helpers-test-coverage

fix/735-extractResponseText-tests

test/713-workspace-crud-validators

test/713-org-helpers-pure-coverage

fix/713-eic-diagnose-detail

fix/730-filterpeers-nil-guard

infra/all-required-coe-false-v2

fix/phase3-tracker-comments

fix/mc-664-class-1-delegation-tests-postgres-integration

fix/canvas-keyboard-shortcuts-dialog-guard

infra/664-lint-coe-trackers

ci/lint-tracker-regex-fix-v2

fix/731-nil-guard-filter-peers-by-query

fix/lint-TRACKER_RE-mid-sentence

ci-retrigger-747

feat/709-handler-pure-coverage

fix/697-canvas-geticon-topology

ci/lint-tracker-regex-fix

test/2071-canvas-drop-target-badge-coverage

feat/2071-canvas-orgdeploystate-coverage

feat/mobile-canvas-comms-spawn-coverage

ci/lint-coe-self-fix

fix/ssm-refresh-ecr-auth-json-escaping

design/729-fix

ci/gate-check-v3-permissions-fix

fix/730-discovery-filter-nil-role

infra/publish-docker-daemon-diagnostic

fix/714-all-required-coe-false

fix/717-mobile-agentMessages-selector

infra/fix-all-required-status-reporting

fix/687-e2e-surface-diagnose-detail

infra/docker-runner-label

test/701-canvas-hydrate-coverage

test/mobile-primitives-coverage

infra/664-interim-platform-build-exempt

fix/693-offsec-recallmemory-scrub-staging

sync/main-to-staging-514-v2

fix/693-offsec-recallmemory-global-scrub

fix/693-offsec-recallmemory-scrub

fix/634-handler-test-fixes-to-main

test/699-socket-handler-coverage

sre/workflow-run-replacement

infra/676-ssm-auth-json-hardening

fix/offsec-001-method-scrub-hotfix

fix/offsec-001-method-scrub-main

feat/workspace-crud-validation-tests

test/canvas-hydrate-coverage

infra/lint-pre-flip-continue-on-error

fix/workflow_run-to-push-gitea-1.22.6

feat/tier-2e-tracking-issue

fix/684-offsec-scrub-method-default

feat/sop-checklist-gate-mvp

feat/tier-2d-lint-mask-pr-atomicity

infra/lint-workflow-yaml-hostile-shapes

infra/lint-required-no-paths-filter

cleanup/pr-641-clean

feat/mobile-tabbar-wcag-a11y

fix/canvas-mobile-chat-loop

fix/651-canvas-chat-mobile-crash

fix/664-interim-remask-platform-build

fix/mobile-chat-max-update-depth

infra/622-force-merge-protection-fix

test/attachment-lightbox-clean-v2

ci/652-gitea-1-22-status-key

test/memorytab-2

infra/status-reaper-rev4-status-key-fix

infra/weekly-platform-go-vet-hard

fix/audit-force-merge-pipefail

infra/status-reaper-rev3-widen-window

test/canvas-externalconnectmodal-coverage

fix/sop-tier-check-token-graceful

infra/ci-required-drift-token-scope

test/console-modal-coverage

ci/review-check-tests-wire

test/canvas-workspacenode-coverage

test/memorytab

infra/interim-disable-reaper-watchdog-crons

test/attachment-lightbox-coverage

fix/issue-639-workspacenode-test-coverage

test/channels-tab

fix/canvas-searchdialog-test-fixtures

fix/598-attachmentLightbox-tests

fix/529-307-localbuild-async-test-fix

fix/582-attachmentviews-tests

fix/308-a2a-response-push-mode-tests

fix/529-preflight-localbuild

fix/sop-tier-check-token-graceful-staging

fix/545-approvalbanner-isolation

fix/519-memorytab-tests

infra/status-reaper-rev2-sweep-recent-commits

fix/handlers-test-fixtures

test/skill-helpers-coverage

test/ui-primitive-coverage

docs/gitea-quirks-10-11

test/platform-bundle-exporter-coverage

infra/status-reaper-rev1-drop-concurrency

fix/608-filesTab-focusTest

test/budget-section-coverage

infra/revert-docker-runner-label

fix/weekly-platform-go-latent-error-surface

infra/revert-publish-runs-on-pin

sre/gate-check-timeout

test/a2a-error-hint-coverage

test/chat-attachment-views-coverage

test/attachment-video-coverage

infra/option-b-status-reaper

infra/gate-check-v3-timeout

infra/576-docker-runner-label

fix/593-filetab-tests

test/files-tab-notavailablepanel-coverage

fix/591-forminputs-tests

fix/471-cwe117-stderr-scrubbing

infra/diagnostic-publish-workspace-server-image

fix/582-bundle-import-tests

test/form-inputs-coverage

fix/publish-workspace-server-image-json5-comments

sre/fix-all-required-null-result

fix/publish-workspace-server-image-optional-token

pr-251

test/ui-statusbadge-coverage

fix/all-required-null-result-assertion

fix/568-palette-context-tests

pr-527

infra/merge-563-autobump-fix

test/mobile-palette-context-coverage

sre/fix-gate-check-v3-combined-state-loop

ci/540-review-check-bats-tests

fix/publish-runtime-autobump-push-condition

ci/558-verify-publish-runtime-marker

test/canvas-empty-state-coverage

infra/publish-runtime-verify-2026-05-11

ci/554-oci-labels-publish-workflow

infra/drift-bot-token

infra/rfc-219-phase-4-all-required-sentinel

ci/551-gate-checkout-trusted-ref

fix/gate-check-v3-pr-HEAD-security

fix/541-token-argv-security

sre/fix-gate-check-v3-bugs

fix/537-cwe117-a2a-tools-sanitize

fix/gate-check-v3-http-error-crash

sre/fix-localbuild-preflight

infra/rfc-324-workflow-add

test/offsec-003-sanitization-backstop

fix/test-sanitize-agent-error-stderr-exc

fix/approval-banner-test-isolation

infra/scope-workflows-fix

sre/fix-pr530-deadlock

sre/reopen-516-gate-check-fix

fix/ci-scope-operational-workflows-504-419

sre/scope-operational-workflows-to-schedule

ci/harness-replays-detect-changes-quoting-fix

fix/test-blocks-until-inflight-completes

fix/test-enrich-peer-metadata-nonblocking

sre/fix-enrich-nonblocking-cache-check

merge-pr490

runtime/fix-offsec-003-tool-delegate-task

fix/508-update-boundary-assertions

sre/fix-test-delegation-sync-polling-assertions

fix/366-shared-runtime-coverage

fix/506-unused-imports

ci/lint-fixes

fix/367-a2a-tools-coverage

test/a2a-client-enrich-peer-rebase

fix/354-delegation-auto-resume-rebase

ci/fix-detect-changes-commits-array

fix/307-async-rebase

runtime/fix-harness-replays-push-event

sre/fix-test-polling-sanitization

fix/harness-replays-detect-changes-gitea-api

ci/fix-test-polling-sanitization

test/eventstab

runtime/335-rebase-platfrom-url

hotfix/491-offsec-003-staging-v2

fix/pr477-test-fixes

runtime/335-rebase-platform-url

fix/354-auto-resume-delegations

fix/368-audit-hooks-coverage

runtime/temporal-platform-url-fix

infra/secret-reconciliation-v2

fix/purchase-success-modal-test-isolation

pr-476

sre/fix-gitea-runbook-network-quirks

tools/gate-check-v3

fix/376-activity-delegation-polling

runtime/platform-url-fix-merge

fix/canvas-purchase-success-modal-test-timing

fix/secret-naming-reconciliation

docs/gitea-operational-quirks-runbook

test/canvas-toolbar-coverage

fix/canvas-tier-config-v2

fix/455-offsec003-sanitize-alignment

fix/sweep-stale-e2e-orgs-secret-name

fix/approvalbanner-mockreset-452

fix/canvas-approvalbanner-mockreset

fix/publish-runtime-autobump-fetch-depth

fix/321-cwe22-loadWorkspaceEnv-path-traversal

fix/canonicalize-staging-admin-token-rebase-462

canvas-followup

fix/canonicalize-staging-admin-token-rest

refactor/drop-canary-prefix

fix/canvas-test-and-design-fixes

runtime/432-followup-helper-extraction

fix/harness-replays-detect-changes-fetch-depth

fix/stderr-include-a2a-error-response

feat/internal-292-sop-tier-refire

docs/update-remote-agent-tutorial-sdk-api

fix/canvas-confirm-dialog-backdrop-a11y-v3

fix/canvas-confirm-dialog-backdrop-a11y-v2

fix/388-github-token-501-gitea-staging

fix/dialog-backdrop-a11y

runtime/414-idle-loop-skip-pending-results-v3

fix/test-extract-tool-trace

fix/test-plugins-atomic-tar-coverage

fix/harness-replays-fetch-depth

fix/test-instructions-handler-coverage

sre/fix-workflow-secret-naming

fix/canvas-tiers-config-string-keys

fix/offsec-003-promote-to-main

fix/class-e-secret-name-reconciliation

fix/sop-tier-check-apt-get-first

fix/307-async-test-pollution

fix/sop-tier-check-jq-install-order

fix/canvas-test-failures-2026-05-10

runtime/fix-a2a-tools-duplicate-error-block-v2

infra/sop-tier-check-jq-install-fix

runtime/fix-a2a-push-delivery-mode

feat/main-never-red-watchdog-internal-420

feat/internal-219-phase-2bc-port-to-molecule-core

fix/a11y-canvas-clean

sweep/internal-219-cat-C1-port-gates-lints

sweep/internal-219-cat-B-delete-github-only

sweep/internal-219-cat-A-delete-mirrored

fix/offsec-003-json-endpoint-sanitize

sweep/internal-219-cat-C3-port-deploy-janitors

sweep/internal-219-cat-C2-port-e2e

fix/publish-runtime-cascade-sha-capture

feat/internal-219-phase-3-port-ci-yml

fix/413-a2a-delegation-offsec-003

runtime/381-idle-loop-pending-messages

fix/delegations-rows-err-check

fix/a11y-canvas-buttons-staging

runtime/fix-399-a2a-delegation-missing-import-v2

fix/380-cwe59-symlink-traversal

fix/388-github-token-501-staging

fix/confirm-dialog-wcag-backdrop

infra/sop-tier-check-jq-script-fallback

fix/revert-391-broken-jq-install

fix/a2a-tools-duplicate-dead-code

fix/confirm-dialog-backdrop

fix/canvas-confirm-dialog-backdrop-a11y

infra/jq-install-main

fix/sop-tier-check-jq-main

fix/canvas-dialog-backdrop-a11y

fix/388-github-token-501

runtime/offsec-003-polling-path-v2

fix/361-sanitize-delegation-results

runtime/offsec-003-executor-sanitize

fix/cwe22-loadWorkspaceEnv-main

fix/qa-audit-307-308-clean

ci/fix-293-sqlalchemy-pip-install

fix/354-delegation-auto-resume

runtime/platform-url-host-docker-internal

fix/canvas-repair-tests-344

fix/canvas-statusdot-ts-errors

test/molecule-audit-hooks-coverage

test/a2a-tools-and-send-message-coverage

fix/sop-tier-check-jq-install

test/shared-runtime-helpers-coverage

fix/canvas-topology-sort-orphan

fix/executor-helpers-offsec-003-sanitize

runtime/offsec-003-polling-path

fix/354-a2a-delegation-auto-resume

runtime/fix-a2a-push-delivery-mode-v2

fix/publish-runtime-add-_sanitize_a2a-to-allowlist

fix/publish-runtime-missing-working-directory

ci/add-sqlalchemy-to-pip-install

ci-resolve-github-gitea-triplicate

sre/offsec-003-boundary-escape

fix/sec-321-path-traversal-clean

fix/a2a-proxy-response-header-timeout-v2

fix/publish-runtime-workflow-dispatch-inputs

fix/a2a-push-mode-queue-envelope

fix/351-split-publish-runtime-triggers

feat/348-publish-runtime-restore-path-trigger

fix/issue-workspace-dup-name-409-autosuffix

fix/security-OFFSEC003-boundary-escape-334

fix/security-CWE22-loadWorkspaceEnv-330

fix/canvas-test-fixes-20260510

fix/canvas-extractMessageText

fix/qa-307-async-pollution-direct

test/a2a-client-enrich-peer-metadata

fix/docs-309-remote-faq-staging-env

fix/qa-308-push-mode-queue-tests

fix/qa-307-async-pollution

runtime/fix-plugin-registry-import-path

fix/a2a-proxy-response-header-timeout-clean

fix/publish-workspace-server-ci-clone-manifest-retry-main

infra/remove-pr303-tracking

fix/issue-296-plugin-registry-sysmodules

infra/pin-compose-image-digests

chore/sync-main-to-staging

fix/sec-321-path-traversal

fix/a2a-proxy-response-header-timeout

docs/a11y-billing-wcag-patterns

fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor

runtime/fix-test-config-model-isolation

ci/docker-daemon-health-guard

docs/fix-remote-workspaces-faq

fix/publish-workspace-server-ci-clone-manifest-retry

fix/test-config-env-isolation

ci/staging-sha-pinning

fix/external-connection-user-facing-urls

fix/workspace-server-registry-config-helper

fix/issue-272-sqlalchemy-ci-install

fix/canvas-yaml-utils-nested-arrays-clean

fix/self-delegation-guard

promote/staging-to-main-100546

fix/a2a-tools-v2

fix/a2a-tools-and-workflow-cleanup

fix/canvas-test-isolation-fixes-v2

fix/molecule-model-env-go

runtime/fix-delegate-empty-parts-regression

infra/runtime-doc-playwright-limitation

fix/offsec-001-error-message-scrubbing

fix/offsec-001

fix/a2a-tools-string-error-handling-clean

fix/core-248-pluginresolver-and-plgh

infra/fix-source-resolver-dup

fix/model-provider-misnomer

fix/a2a-tools-string-error-handling-v2

fix/canvas-yaml-utils-test-failure

fix/a2a-tools-string-error-handling

fix/internal-214-gosum-vanity-import

fix/canvas-test-isolation-fixes

chore/canvas-statusbadge-test-fix-cherry-pick

fix/canvas-statusbadge-test-role-ambiguity

runtime/fix-mcp-client-localhost-default

fix/core-257-delegation-test-stray-brace

revert/core-d0126662-restart-signals-undefined-h

revert/core-123-plugin-drift-detector

ci/pin-action-and-base-images

fix/org-232-per-workspace-required-env-preflight

fix/ssrf-guard-before-begintx

test/issue-232-per-workspace-required-env-preflight

fix/issue232-org-import-required-env-aggregation

fix/canvas-ts-test-errors

fix/delegations-list-ledger-fallback

wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip

wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix

fix/pluginresolver-conflict

wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict

wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff

feat/keyboard-shortcuts-dialog

wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog

wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config

test/canvas-cssvar-tests

fix/internal-229-sop-tier-check-tier-low-relaxation

test/canvas-utility-pure-tests

test/canvas-preflight-utils-tests

test/canvas-runtimeprofiles-tests

test/canvas-yaml-utils-tests

test/canvas-pure-function-tests

fix/ci-port-publish-workspace-server-image-228

fix/ssrf-validate-agent-url-212

ci/sop-tier-check-approver-teams-fix

fix/sop-tier-check-legacy-flip-229

wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel

wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125

wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123

fix/sweeper-race-error-counter

infra/fix-issue-75-gh-cli-gitea-sweep

wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75

feat/keyboard-shortcuts-dialog-test

wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86

ci/fix-issue-87-root-skip

fix/test-local-resolver-root-skip

fix/workspace-tests-clear-auth-cache

wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error

wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync

wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net

wip-snapshot-2026-05-10/core-lead/fix-168-mine

wip-snapshot-2026-05-10/core-lead/fix-167-uiux

wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text

fix/canvas-agent-comms-show-task-text

wip-snapshot-2026-05-10/core-lead/fix-vitest-pool

fix/info-disclosure-errors

infra/add-temporal-to-main-compose

design/verify-canvas-design-system

fix/workspace-persona-git-identity

fix/175-env-matched-pair-guard

wip-snapshot-2026-05-10/core-lead/fix-149

refactor/sop-tier-check-extract-script

fix/sop-tier-check-pr-target-security

ci/sop-tier-check-deploy

fix/issue53-admin-token-pair-guard

fix/org-import-started-event-name

refactor/delete-uses-cascade-helper

fix/org-import-reconcile-and-audit

fix/preserve-model-secret-on-restart

feat/persona-bind-mount-local-dev

feat/canary-tier-filter

feat/plugin-version-subscription

feat/plugin-hot-reload-classifier

feat/plugin-atomic-install

feat/air-hot-reload-dev

feat/persona-env-injection

fix/external-resolver-hardening

fix/issue75-class-D-gh-api-to-gitea-rest

fix/cherry-3-files-vitest-postgres-e2eapi

fix/promote-vitest-postgres-fixes

fix/saas-plugin-install-eic

fix/issue-94-e2e-api-parallel-safe-class-b

migrate/issue-71-vanity-imports

fix/handlers-postgres-port-collision-class-b

fix/issue-96-canvas-vitest-cold-start-timeout

fix/hermes-agent-doc-gitea-migration

fix/196-retarget-main-to-staging-gitea-rest

fix/gitea-ci-flakes-issue-88

fix/pin-upload-artifact-v3-gitea

fix/issue-72-auto-sync-token-canary-v2

fix/issue75-class-F-gh-run-list-to-statuses

fix/issue75-class-A-gh-pr-to-gitea-rest

feat/issue-63-local-build-from-gitea-v2

fix/195-auto-promote-staging-gitea-rest

fix/144-branch-protection-check-name-parity-audit

fix/harness-replays-pre-clone-manifest

chore/trigger-auto-sync-verification

fix/codeql-stub-on-gitea-156

chore/issue173-retrigger-after-ecr-repo-create

fix/issue173-inline-aws-ecr-login

fix/issue173-shell-docker-push

chore/retrigger-harness-replays-post-class-g

fix/issue173-buildx-driver-and-cache

fix/post-suspension-clone-manifest

fix/issue173-followup-platform-dockerfile

fix/post-suspension-github-urls

fix/170-goroutine-bleed-test-isolation

fix/issue173-publish-workspace-server-image

fix/issue36-a2a-proxy-preflight

fix/codeql-continue-on-error-156

feat/demo-mock-3-bigorg-mock-runtime

feat/demo-mock-1-purchase-success-modal

fix/publish-path-filter-add-scripts

fix/clone-manifest-gitea

chore/touch-publish-workflow-to-trigger

chore/retrigger-publish-post-aws-secrets

chore/cherry-pick-pr23-into-main

chore/backsync-main-into-staging-task-166

fix/auto-sync-use-devops-token

chore/retrigger-staging-on-fixed-runner-image

chore/drop-github-app-auth-and-ecr-swap

docs/readme-comprehensive-refresh-2026-05-06

feat/rfc-2945-pr-c-2-canvas-chat-history

fix/issue10-runtime-aware-plugin-install

fix/s8-bind-loopback-dev

fix/14-cascade-gitea-dispatch

docs/molecule-core-bulk-sed

chore/pin-artifact-actions-v3

fix/lowercase-org-slug

fix/script-ghcr-and-lint-paths

docs/workspace-runtime-readme-source-edit

feat/eic-tunnel-pool-core-11

chore/rfc-2945-pr-c-3-delete-historyhydration

fix/2872-sqlmock-regex-tightening

fix/cp-orphan-sweeper-2989

feat/registry-prefix-env-driven-issue-6

docs/readme-refresh-2026-05-06

runtime-v0.1.1013

runtime-v0.1.1011

runtime-v0.1.1010

runtime-v0.1.1009

runtime-v0.1.1008

runtime-v0.1.1007

runtime-v0.1.1006

runtime-v0.1.1005

runtime-v0.1.1004

runtime-v0.1.1001

runtime-v0.1.1003

runtime-v0.1.1000

runtime-v0.1.131

runtime-v0.1.130

runtime-v1.0.0

runtime-v0.0.35

runtime-v0.0.34

runtime-v0.0.33

runtime-v0.0.32

runtime-v0.0.31

runtime-v0.0.30

runtime-v0.0.29

runtime-v0.0.28

runtime-v0.0.27

runtime-v0.0.26

runtime-v0.0.25

runtime-v0.0.24

runtime-v0.0.23

runtime-v0.0.22

runtime-v0.0.21

runtime-v0.0.20

runtime-v0.0.19

runtime-v0.0.18

runtime-v0.0.17

runtime-v0.0.16

runtime-v0.0.15

runtime-v0.0.14

runtime-v0.0.13

runtime-v0.0.12

runtime-v0.0.11

runtime-v0.0.10

runtime-v0.0.9

runtime-v0.0.8

runtime-v0.0.7

runtime-v0.0.6

runtime-v0.0.5

runtime-v0.0.4

runtime-v0.0.3

runtime-v0.0.2

runtime-v0.0.1

ci-trigger-1776771586

ci-retry-1776771601

ci-retrigger-1776771591

Labels

Clear labels

approved

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

needs-engineer

platform/go

Go platform test issues

ready-to-build

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2129