惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
量子位
腾讯CDC
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
B
Blog
S
SegmentFault 最新的问题
P
Privacy & Cybersecurity Law Blog
T
Threatpost
博客园 - 聂微东
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
C
Check Point Blog
N
Netflix TechBlog - Medium
D
DataBreaches.Net
爱范儿
爱范儿
IT之家
IT之家
S
Secure Thoughts
M
MIT News - Artificial intelligence
NISL@THU
NISL@THU
C
Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
有赞技术团队
有赞技术团队
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
Schneier on Security
Schneier on Security
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
雷峰网
雷峰网
Project Zero
Project Zero
博客园 - Franky
H
Heimdal Security Blog
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hugging Face - Blog
Hugging Face - Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
ci(mantis): derive telegram proof refs from pr · openclaw/openclaw@663206a
obviyus · 2026-05-11 · via Recent Commits to openclaw:main

@@ -5,19 +5,9 @@ on:

55

types: [created]

66

workflow_dispatch:

77

inputs:

8-

baseline_ref:

9-

description: Ref, tag, or SHA to capture as the before GIF

10-

required: true

11-

default: main

12-

type: string

13-

candidate_ref:

14-

description: Ref, tag, or SHA to capture as the after GIF

15-

required: true

16-

default: main

17-

type: string

188

pr_number:

19-

description: Optional PR number to receive the QA evidence comment

20-

required: false

9+

description: PR number to capture

10+

required: true

2111

type: string

2212

instructions:

2313

description: Optional freeform proof instructions for the agent

@@ -35,19 +25,14 @@ on:

3525

description: Optional existing Crabbox desktop lease id or slug to reuse

3626

required: false

3727

type: string

38-

allow_fork_candidate:

39-

description: Allow a fork PR head candidate when pr_number points at that PR

40-

required: false

41-

default: false

42-

type: boolean

43284429

permissions:

4530

contents: write

4631

issues: write

4732

pull-requests: write

48334934

concurrency:

50-

group: mantis-telegram-desktop-proof-${{ github.event.issue.number || inputs.pr_number || inputs.candidate_ref || github.run_id }}-${{ github.run_attempt }}

35+

group: mantis-telegram-desktop-proof-${{ github.event.issue.number || inputs.pr_number || github.run_id }}-${{ github.run_attempt }}

5136

cancel-in-progress: false

52375338

env:

@@ -68,6 +53,7 @@ jobs:

6853

(

6954

github.event_name == 'issue_comment' &&

7055

github.event.issue.pull_request &&

56+

contains(github.event.issue.labels.*.name, 'mantis: telegram-visible-proof') &&

7157

(

7258

contains(github.event.comment.body, '@openclaw-mantis') ||

7359

contains(github.event.comment.body, '/openclaw-mantis')

@@ -100,15 +86,13 @@ jobs:

10086

needs: authorize_actor

10187

runs-on: ubuntu-24.04

10288

outputs:

103-

allow_fork_candidate: ${{ steps.resolve.outputs.allow_fork_candidate }}

10489

baseline_ref: ${{ steps.resolve.outputs.baseline_ref }}

10590

candidate_ref: ${{ steps.resolve.outputs.candidate_ref }}

10691

crabbox_provider: ${{ steps.resolve.outputs.crabbox_provider }}

10792

instructions: ${{ steps.resolve.outputs.instructions }}

10893

lease_id: ${{ steps.resolve.outputs.lease_id }}

10994

pr_number: ${{ steps.resolve.outputs.pr_number }}

11095

request_source: ${{ steps.resolve.outputs.request_source }}

111-

should_run: ${{ steps.resolve.outputs.should_run }}

11296

steps:

11397

- name: Resolve refs and target PR

11498

id: resolve

@@ -122,110 +106,47 @@ jobs:

122106

core.info(`${name}=${value ?? ""}`);

123107

}

124108125-

if (eventName === "workflow_dispatch") {

126-

const inputs = context.payload.inputs ?? {};

127-

setOutput("should_run", "true");

128-

setOutput(

129-

"allow_fork_candidate",

130-

String(inputs.allow_fork_candidate) === "true" ? "true" : "false",

131-

);

132-

setOutput("baseline_ref", inputs.baseline_ref || "main");

133-

setOutput("candidate_ref", inputs.candidate_ref || "main");

134-

setOutput("pr_number", inputs.pr_number || "");

135-

setOutput("instructions", inputs.instructions || "");

136-

setOutput("crabbox_provider", inputs.crabbox_provider || "aws");

137-

setOutput("lease_id", inputs.crabbox_lease_id || "");

138-

setOutput("request_source", "workflow_dispatch");

139-

return;

140-

}

141-142-

if (eventName !== "issue_comment") {

143-

core.setFailed(`Unsupported event: ${eventName}`);

144-

return;

145-

}

146-147-

const issue = context.payload.issue;

148-

const body = context.payload.comment?.body ?? "";

149-

if (!issue?.pull_request) {

150-

core.setFailed("Mantis issue_comment trigger requires a pull request comment.");

151-

return;

152-

}

153-154-

const normalized = body.toLowerCase();

155-

const requested =

156-

(normalized.includes("@openclaw-mantis") || normalized.includes("/openclaw-mantis")) &&

157-

normalized.includes("telegram") &&

158-

(normalized.includes("desktop") || normalized.includes("native")) &&

159-

normalized.includes("proof");

160-

if (!requested) {

161-

core.notice("Comment mentioned Mantis but did not request Telegram desktop proof.");

162-

setOutput("should_run", "false");

163-

setOutput("allow_fork_candidate", "false");

164-

setOutput("baseline_ref", "");

165-

setOutput("candidate_ref", "");

166-

setOutput("pr_number", "");

167-

setOutput("instructions", "");

168-

setOutput("crabbox_provider", "");

169-

setOutput("lease_id", "");

170-

setOutput("request_source", "unsupported_issue_comment");

109+

const inputs = context.payload.inputs ?? {};

110+

const prNumber =

111+

eventName === "workflow_dispatch" ? inputs.pr_number : String(context.payload.issue?.number ?? "");

112+

if (!prNumber) {

113+

core.setFailed("Mantis Telegram desktop proof requires a pull request.");

171114

return;

172115

}

173116174117

const { owner, repo } = context.repo;

175118

const { data: pr } = await github.rest.pulls.get({

176119

owner,

177120

repo,

178-

pull_number: issue.number,

121+

pull_number: Number(prNumber),

179122

});

180-

let mergedBaseline = "";

181-

let mergedCandidate = "";

182-

if (pr.merged) {

183-

const { data: commits } = await github.rest.pulls.listCommits({

184-

owner,

185-

repo,

186-

pull_number: issue.number,

187-

per_page: 100,

188-

});

189-

mergedCandidate = pr.merge_commit_sha || commits.at(-1)?.sha || "";

190-

mergedBaseline = mergedCandidate && commits.length > 0 ? `${mergedCandidate}~${commits.length}` : "";

191-

}

192-

const baselineMatch = body.match(/(?:baseline|base)[\s:=]+([^\s`]+)/i);

193-

const candidateMatch = body.match(/(?:candidate|head)[\s:=]+([^\s`]+)/i);

194-

const providerMatch = body.match(/(?:provider|crabbox_provider)[\s:=]+([^\s`]+)/i);

195-

const leaseMatch = body.match(/(?:lease|lease_id|crabbox_lease_id)[\s:=]+([^\s`]+)/i);

196-

const provider = providerMatch?.[1] || "aws";

123+

const body = eventName === "workflow_dispatch" ? inputs.instructions || "" : context.payload.comment?.body || "";

124+

const provider = inputs.crabbox_provider || "aws";

197125

if (!["aws", "hetzner"].includes(provider)) {

198126

core.setFailed(`Unsupported Crabbox provider for Mantis Telegram desktop proof: ${provider}`);

199127

return;

200128

}

201-

const rawCandidate = candidateMatch?.[1];

202-

const candidate =

203-

rawCandidate && !["head", "pr", "pr-head"].includes(rawCandidate.toLowerCase())

204-

? rawCandidate

205-

: mergedCandidate || pr.head.sha;

206-

const allowForkCandidate = /\bfork[-_]ok\b/i.test(body);

207129208-

setOutput("should_run", "true");

209-

setOutput("allow_fork_candidate", allowForkCandidate ? "true" : "false");

210-

setOutput("baseline_ref", baselineMatch?.[1] || mergedBaseline || "main");

211-

setOutput("candidate_ref", candidate);

212-

setOutput("pr_number", String(issue.number));

130+

setOutput("baseline_ref", pr.base.sha);

131+

setOutput("candidate_ref", pr.head.sha);

132+

setOutput("pr_number", String(pr.number));

213133

setOutput("instructions", body);

214134

setOutput("crabbox_provider", provider);

215-

setOutput("lease_id", leaseMatch?.[1] || "");

216-

setOutput("request_source", "issue_comment");

135+

setOutput("lease_id", inputs.crabbox_lease_id || "");

136+

setOutput("request_source", eventName);

217137218-

await github.rest.reactions.createForIssueComment({

219-

owner,

220-

repo,

221-

comment_id: context.payload.comment.id,

222-

content: "eyes",

223-

}).catch((error) => core.warning(`Could not add eyes reaction: ${error.message}`));

138+

if (eventName === "issue_comment") {

139+

await github.rest.reactions.createForIssueComment({

140+

owner,

141+

repo,

142+

comment_id: context.payload.comment.id,

143+

content: "eyes",

144+

}).catch((error) => core.warning(`Could not add eyes reaction: ${error.message}`));

145+

}

224146225147

validate_refs:

226148

name: Validate selected refs

227149

needs: resolve_request

228-

if: ${{ needs.resolve_request.outputs.should_run == 'true' }}

229150

runs-on: ubuntu-24.04

230151

outputs:

231152

baseline_revision: ${{ steps.validate.outputs.baseline_revision }}

@@ -241,7 +162,6 @@ jobs:

241162

- name: Validate refs are trusted

242163

id: validate

243164

env:

244-

ALLOW_FORK_CANDIDATE: ${{ needs.resolve_request.outputs.allow_fork_candidate }}

245165

BASELINE_REF: ${{ needs.resolve_request.outputs.baseline_ref }}

246166

CANDIDATE_REF: ${{ needs.resolve_request.outputs.candidate_ref }}

247167

GH_TOKEN: ${{ github.token }}

@@ -255,64 +175,48 @@ jobs:

255175

git fetch --no-tags origin "+refs/pull/${PR_NUMBER}/head:refs/remotes/origin/pr/${PR_NUMBER}" || true

256176

fi

257177258-

validate_ref() {

259-

local label="$1"

178+

resolve_commit() {

260179

local input_ref="$2"

261180

local revision=""

262-

local reason=""

263181264182

if ! revision="$(git rev-parse --verify "${input_ref}^{commit}" 2>/dev/null)"; then

265-

echo "${label} ref '${input_ref}' is not available in the workflow checkout." >&2

183+

echo "$1 ref '${input_ref}' is not available in the workflow checkout." >&2

266184

exit 1

267185

fi

268-

if git merge-base --is-ancestor "$revision" refs/remotes/origin/main; then

269-

reason="main-ancestor"

270-

elif git tag --points-at "$revision" | grep -Eq '^v'; then

271-

reason="release-tag"

272-

else

273-

local pr_head_count

274-

pr_head_count="$(

275-

gh api \

276-

-H "Accept: application/vnd.github+json" \

277-

"repos/${GITHUB_REPOSITORY}/commits/${revision}/pulls" \

278-

--jq '[.[] | select(.state == "open" and .head.repo.full_name == "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${revision}"'")] | length'

279-

)"

280-

if [[ "$pr_head_count" != "0" ]]; then

281-

reason="open-pr-head"

282-

elif [[ "$label" == "candidate" && "${ALLOW_FORK_CANDIDATE:-false}" == "true" && -n "${PR_NUMBER:-}" ]]; then

283-

local fork_pr_head_count

284-

fork_pr_head_count="$(

285-

gh api \

286-

-H "Accept: application/vnd.github+json" \

287-

"repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}" \

288-

--jq 'if .state == "open" and .head.repo.full_name != "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${revision}"'" then 1 else 0 end'

289-

)"

290-

if [[ "$fork_pr_head_count" == "1" ]]; then

291-

reason="maintainer-approved-fork-pr-head"

292-

fi

293-

fi

294-

fi

295-296-

if [[ -z "$reason" ]]; then

297-

echo "${label} ref '${input_ref}' resolved to ${revision}, which is not trusted for this secret-bearing Mantis run. Add fork-ok only for a maintainer-approved fork PR head." >&2

298-

exit 1

299-

fi

300-

printf '%s\t%s\n' "$revision" "$reason"

186+

printf '%s\n' "$revision"

301187

}

302188303-

baseline_revision="$(validate_ref baseline "$BASELINE_REF")"

304-

baseline_trust="${baseline_revision#*$'\t'}"

305-

baseline_revision="${baseline_revision%%$'\t'*}"

306-

candidate_revision="$(validate_ref candidate "$CANDIDATE_REF")"

307-

candidate_trust="${candidate_revision#*$'\t'}"

308-

candidate_revision="${candidate_revision%%$'\t'*}"

189+

baseline_revision="$(resolve_commit baseline "$BASELINE_REF")"

190+

candidate_revision="$(resolve_commit candidate "$CANDIDATE_REF")"

191+

if ! git merge-base --is-ancestor "$baseline_revision" refs/remotes/origin/main; then

192+

echo "baseline ref '${BASELINE_REF}' resolved to ${baseline_revision}, which is not on main." >&2

193+

exit 1

194+

fi

195+

pr_head="$(

196+

gh api \

197+

-H "Accept: application/vnd.github+json" \

198+

"repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}" \

199+

--jq '{state, head_sha: .head.sha, head_repo: .head.repo.full_name}'

200+

)"

201+

pr_state="$(jq -r '.state' <<<"$pr_head")"

202+

pr_head_sha="$(jq -r '.head_sha' <<<"$pr_head")"

203+

pr_head_repo="$(jq -r '.head_repo' <<<"$pr_head")"

204+

if [[ "$pr_state" != "open" || "$candidate_revision" != "$pr_head_sha" ]]; then

205+

echo "candidate ref '${CANDIDATE_REF}' resolved to ${candidate_revision}, which is not the open PR head." >&2

206+

exit 1

207+

fi

208+

candidate_trust="open-pr-head"

209+

if [[ "$pr_head_repo" != "$GITHUB_REPOSITORY" ]]; then

210+

candidate_trust="fork-pr-head"

211+

fi

212+309213

echo "baseline_revision=${baseline_revision}" >> "$GITHUB_OUTPUT"

310214

echo "candidate_revision=${candidate_revision}" >> "$GITHUB_OUTPUT"

311215

echo "candidate_trust=${candidate_trust}" >> "$GITHUB_OUTPUT"

312216

{

313217

echo "baseline: \`${BASELINE_REF}\`"

314218

echo "baseline SHA: \`${baseline_revision}\`"

315-

echo "baseline trust: \`${baseline_trust}\`"

219+

echo "baseline trust: \`main-ancestor\`"

316220

echo "candidate: \`${CANDIDATE_REF}\`"

317221

echo "candidate SHA: \`${candidate_revision}\`"

318222

echo "candidate trust: \`${candidate_trust}\`"

@@ -321,7 +225,6 @@ jobs:

321225

run_telegram_desktop_proof:

322226

name: Run agentic native Telegram proof

323227

needs: [resolve_request, validate_refs]

324-

if: ${{ needs.resolve_request.outputs.should_run == 'true' }}

325228

runs-on: blacksmith-16vcpu-ubuntu-2404

326229

timeout-minutes: 360

327230

environment: qa-live-shared