hongming-ceo-delegated
46bb1eb7b4
ci-arm64-advisory / fast-checks (pull_request) Waiting to run
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Successful in 12s
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
CI / Python Lint & Test (pull_request) Successful in 5s
CI / Detect changes (pull_request) Successful in 9s
E2E Chat / detect-changes (pull_request) Successful in 10s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s
E2E API Smoke Test / detect-changes (pull_request) Successful in 10s
Harness Replays / detect-changes (pull_request) Successful in 3s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 4s
Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 5s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
gate-check-v3 / gate-check (pull_request) Successful in 7s
sop-checklist / review-refire (pull_request) Has been skipped
sop-tier-check / tier-check (pull_request) Successful in 6s
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
sop-checklist / na-declarations (pull_request) N/A: (none)
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m11s
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Successful in 5m10s
qa-review / approved (pull_request) Refired via /qa-recheck by unknown
security-review / approved (pull_request) Refired via /security-recheck by unknown
CI / Platform (Go) (pull_request) Successful in 3s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 4s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s
E2E Chat / E2E Chat (pull_request) Successful in 9s
Harness Replays / Harness Replays (pull_request) Successful in 3s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 4s
CI / Canvas (Next.js) (pull_request) Successful in 5m13s
CI / all-required (pull_request) Successful in 30m1s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
audit-force-merge / audit (pull_request) Successful in 4s
Selecting a non-Platform provider in the workspace Config tab previously wrote only the credential env (CLAUDE_CODE_OAUTH_TOKEN / vendor key) and left llm_billing_mode at its resolved default (platform_managed). CP's tenant_config then kept injecting the platform proxy base URLs, so the OAuth token / vendor key was never used and BYOK silently no-op'd (the live jrs-auto SEO-Agent symptom in #703). The workspace-server even hard-blocks vendor-key writes on platform_managed workspaces, pointing the user at this exact billing-mode switch. ConfigTab.handleSave now derives the implied billing_mode from the selected provider (Platform / empty -> platform_managed; any other vendor -> byok) and, when the provider changed and the implied mode differs, PUTs it to /admin/workspaces/:id/llm-billing-mode (the same per-tenant endpoint the LLM Billing section uses). The write is gated on the provider PUT succeeding and on the mode actually changing, so a BYOK->BYOK vendor swap or an unrelated Save does not issue a redundant PUT or trigger a needless restart. A failed billing-mode write is surfaced as a partial-save warning so the user knows BYOK may not take. This is the UI half of #703; the CP/workspace-server env-injection half (Gap 1) lands in parallel (workspace_provision.go), composing cleanly. Refs: internal#703, internal#691. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>