惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
K
Kaspersky official blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Recorded Future
Recorded Future
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
H
Help Net Security
S
Schneier on Security
P
Palo Alto Networks Blog
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Hacker News
The Hacker News
C
Check Point Blog
L
LangChain Blog
腾讯CDC
小众软件
小众软件
T
Tenable Blog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
About on SuperTechFans
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
雷峰网
雷峰网
美团技术团队
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
博客园_首页

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
ci(mantis): add telegram proof label trigger · openclaw/openclaw@59efd95
obviyus · 2026-05-17 · via Recent Commits to openclaw:main

@@ -3,6 +3,8 @@ name: Mantis Telegram Desktop Proof

33

on:

44

issue_comment:

55

types: [created]

6+

pull_request_target:

7+

types: [labeled]

68

workflow_dispatch:

79

inputs:

810

pr_number:

@@ -25,6 +27,14 @@ on:

2527

description: Optional existing Crabbox desktop lease id or slug to reuse

2628

required: false

2729

type: string

30+

publish_artifact_name:

31+

description: Optional existing proof artifact name to publish without recapturing

32+

required: false

33+

type: string

34+

publish_run_id:

35+

description: Workflow run id that owns publish_artifact_name; required with publish_artifact_name

36+

required: false

37+

type: string

28382939

permissions:

3040

actions: read

@@ -47,6 +57,11 @@ jobs:

4757

if: >-

4858

${{

4959

github.event_name == 'workflow_dispatch' ||

60+

(

61+

github.event_name == 'pull_request_target' &&

62+

github.event.action == 'labeled' &&

63+

github.event.label.name == 'mantis: telegram-visible-proof'

64+

) ||

5065

(

5166

github.event_name == 'issue_comment' &&

5267

github.event.issue.pull_request &&

@@ -66,6 +81,12 @@ jobs:

6681

uses: actions/github-script@v8

6782

with:

6883

script: |

84+

if (context.eventName === "pull_request_target") {

85+

core.info(`Accepted Mantis label trigger from ${context.actor}.`);

86+

core.setOutput("authorized", "true");

87+

return;

88+

}

89+6990

const allowed = new Set(["admin", "maintain", "write"]);

7091

const { owner, repo } = context.repo;

7192

const { data } = await github.rest.repos.getCollaboratorPermissionLevel({

@@ -95,6 +116,8 @@ jobs:

95116

crabbox_provider: ${{ steps.resolve.outputs.crabbox_provider }}

96117

instructions: ${{ steps.resolve.outputs.instructions }}

97118

lease_id: ${{ steps.resolve.outputs.lease_id }}

119+

publish_artifact_name: ${{ steps.resolve.outputs.publish_artifact_name }}

120+

publish_run_id: ${{ steps.resolve.outputs.publish_run_id }}

98121

pr_number: ${{ steps.resolve.outputs.pr_number }}

99122

request_source: ${{ steps.resolve.outputs.request_source }}

100123

steps:

@@ -112,7 +135,11 @@ jobs:

112135113136

const inputs = context.payload.inputs ?? {};

114137

const prNumber =

115-

eventName === "workflow_dispatch" ? inputs.pr_number : String(context.payload.issue?.number ?? "");

138+

eventName === "workflow_dispatch"

139+

? inputs.pr_number

140+

: eventName === "pull_request_target"

141+

? String(context.payload.pull_request?.number ?? "")

142+

: String(context.payload.issue?.number ?? "");

116143

if (!prNumber) {

117144

core.setFailed("Mantis Telegram desktop proof requires a pull request.");

118145

return;

@@ -124,7 +151,12 @@ jobs:

124151

repo,

125152

pull_number: Number(prNumber),

126153

});

127-

const body = eventName === "workflow_dispatch" ? inputs.instructions || "" : context.payload.comment?.body || "";

154+

const body =

155+

eventName === "workflow_dispatch"

156+

? inputs.instructions || ""

157+

: eventName === "issue_comment"

158+

? context.payload.comment?.body || ""

159+

: "";

128160

const provider = inputs.crabbox_provider || "aws";

129161

if (!["aws", "hetzner"].includes(provider)) {

130162

core.setFailed(`Unsupported Crabbox provider for Mantis Telegram desktop proof: ${provider}`);

@@ -137,6 +169,8 @@ jobs:

137169

setOutput("instructions", body);

138170

setOutput("crabbox_provider", provider);

139171

setOutput("lease_id", inputs.crabbox_lease_id || "");

172+

setOutput("publish_artifact_name", inputs.publish_artifact_name || "");

173+

setOutput("publish_run_id", inputs.publish_run_id || "");

140174

setOutput("request_source", eventName);

141175142176

if (eventName === "issue_comment") {

@@ -151,6 +185,7 @@ jobs:

151185

validate_refs:

152186

name: Validate selected refs

153187

needs: resolve_request

188+

if: needs.resolve_request.outputs.publish_artifact_name == ''

154189

runs-on: ubuntu-24.04

155190

outputs:

156191

baseline_revision: ${{ steps.validate.outputs.baseline_revision }}

@@ -229,6 +264,7 @@ jobs:

229264

run_telegram_desktop_proof:

230265

name: Run agentic native Telegram proof

231266

needs: [resolve_request, validate_refs]

267+

if: needs.resolve_request.outputs.publish_artifact_name == ''

232268

runs-on: blacksmith-16vcpu-ubuntu-2404

233269

timeout-minutes: 360

234270

environment: qa-live-shared

@@ -473,3 +509,92 @@ jobs:

473509

run: |

474510

echo "Mantis Telegram desktop proof failed: comparison=${COMPARISON_STATUS:-unset}." >&2

475511

exit 1

512+513+

publish_existing_telegram_desktop_proof:

514+

name: Publish existing native Telegram proof

515+

needs: resolve_request

516+

if: needs.resolve_request.outputs.publish_artifact_name != ''

517+

runs-on: ubuntu-24.04

518+

environment: qa-live-shared

519+

steps:

520+

- name: Checkout harness ref

521+

uses: actions/checkout@v6

522+

with:

523+

persist-credentials: false

524+525+

- name: Setup Node environment

526+

uses: ./.github/actions/setup-node-env

527+

with:

528+

node-version: ${{ env.NODE_VERSION }}

529+

pnpm-version: ${{ env.PNPM_VERSION }}

530+

install-bun: "true"

531+532+

- name: Download existing proof artifact

533+

env:

534+

GH_TOKEN: ${{ github.token }}

535+

PUBLISH_ARTIFACT_NAME: ${{ needs.resolve_request.outputs.publish_artifact_name }}

536+

PUBLISH_RUN_ID: ${{ needs.resolve_request.outputs.publish_run_id }}

537+

shell: bash

538+

run: |

539+

set -euo pipefail

540+

if [[ -z "${PUBLISH_RUN_ID:-}" ]]; then

541+

echo "publish_run_id is required when publish_artifact_name is set." >&2

542+

exit 1

543+

fi

544+

run_id="$PUBLISH_RUN_ID"

545+

gh run download "$run_id" \

546+

--repo "$GITHUB_REPOSITORY" \

547+

--name "$PUBLISH_ARTIFACT_NAME" \

548+

--dir "$MANTIS_OUTPUT_DIR"

549+550+

artifacts_json="$(

551+

gh api \

552+

-H "Accept: application/vnd.github+json" \

553+

"repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts"

554+

)"

555+

artifact_id="$(jq -r --arg name "$PUBLISH_ARTIFACT_NAME" '.artifacts[] | select(.name == $name) | .id' <<<"$artifacts_json" | head -n 1)"

556+

if [[ -z "$artifact_id" || "$artifact_id" == "null" ]]; then

557+

echo "Could not resolve artifact id for '${PUBLISH_ARTIFACT_NAME}' in run ${run_id}." >&2

558+

exit 1

559+

fi

560+

echo "PUBLISH_RUN_ID=${run_id}" >> "$GITHUB_ENV"

561+

echo "PUBLISH_ARTIFACT_URL=https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}/artifacts/${artifact_id}" >> "$GITHUB_ENV"

562+563+

- name: Create Mantis GitHub App token

564+

id: mantis_app_token

565+

uses: actions/create-github-app-token@v3

566+

with:

567+

app-id: ${{ secrets.MANTIS_GITHUB_APP_ID }}

568+

private-key: ${{ secrets.MANTIS_GITHUB_APP_PRIVATE_KEY }}

569+

owner: ${{ github.repository_owner }}

570+

repositories: ${{ github.event.repository.name }}

571+

permission-issues: write

572+

permission-pull-requests: write

573+574+

- name: Comment PR with inline QA evidence

575+

env:

576+

GH_TOKEN: ${{ steps.mantis_app_token.outputs.token }}

577+

MANTIS_ARTIFACT_R2_ACCESS_KEY_ID: ${{ secrets.MANTIS_ARTIFACT_R2_ACCESS_KEY_ID }}

578+

MANTIS_ARTIFACT_R2_BUCKET: openclaw-crabbox-artifacts

579+

MANTIS_ARTIFACT_R2_ENDPOINT: ${{ vars.MANTIS_ARTIFACT_R2_ENDPOINT }}

580+

MANTIS_ARTIFACT_R2_PUBLIC_BASE_URL: https://artifacts.openclaw.ai

581+

MANTIS_ARTIFACT_R2_REGION: auto

582+

MANTIS_ARTIFACT_R2_SECRET_ACCESS_KEY: ${{ secrets.MANTIS_ARTIFACT_R2_SECRET_ACCESS_KEY }}

583+

REQUEST_SOURCE: ${{ needs.resolve_request.outputs.request_source }}

584+

TARGET_PR: ${{ needs.resolve_request.outputs.pr_number }}

585+

shell: bash

586+

run: |

587+

set -euo pipefail

588+

root="$MANTIS_OUTPUT_DIR"

589+

if [[ ! -f "$root/mantis-evidence.json" ]]; then

590+

echo "Downloaded artifact does not contain ${root}/mantis-evidence.json." >&2

591+

exit 1

592+

fi

593+

node scripts/mantis/publish-pr-evidence.mjs \

594+

--manifest "$root/mantis-evidence.json" \

595+

--target-pr "$TARGET_PR" \

596+

--artifact-root "mantis/telegram-desktop/pr-${TARGET_PR}/published-${PUBLISH_RUN_ID}-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" \

597+

--marker "<!-- mantis-telegram-desktop-proof -->" \

598+

--artifact-url "$PUBLISH_ARTIFACT_URL" \

599+

--run-url "https://github.com/${GITHUB_REPOSITORY}/actions/runs/${PUBLISH_RUN_ID}" \

600+

--request-source "$REQUEST_SOURCE"