惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
S
SegmentFault 最新的问题
D
DataBreaches.Net
博客园_首页
罗磊的独立博客
B
Blog
T
Threat Research - Cisco Blogs
C
Cisco Blogs
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
G
GRAHAM CLULEY
H
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
SecWiki News
SecWiki News
T
Threatpost
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
Google Online Security Blog
Google Online Security Blog
T
Tor Project blog
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Y
Y Combinator Blog
H
Hacker News: Front Page
V
V2EX
Security Latest
Security Latest
Cloudbric
Cloudbric
Simon Willison's Weblog
Simon Willison's Weblog
Attack and Defense Labs
Attack and Defense Labs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
NISL@THU
NISL@THU
S
Secure Thoughts
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
P
Palo Alto Networks Blog
IT之家
IT之家
MyScale Blog
MyScale Blog
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
D
Docker
Google DeepMind News
Google DeepMind News
Webroot Blog
Webroot Blog

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs(agents): clarify crabbox testbox routing · openclaw/openclaw@7c70954
vincentkoc · 2026-05-16 · via Recent Commits to openclaw:main

@@ -1,23 +1,32 @@

11

---

22

name: crabbox

3-

description: Use Crabbox for OpenClaw remote validation across Linux, macOS, Windows, and WSL2. Default to the repo Crabbox config, use brokered AWS for normal broad proof, and keep Blacksmith Testbox as an explicit opt-in or outage diagnostic path.

3+

description: Use the Crabbox wrapper for OpenClaw remote validation across Linux, macOS, Windows, and WSL2, including delegated Blacksmith Testbox proof. Report the actual provider and id.

44

---

5566

# Crabbox

778-

Use Crabbox when OpenClaw needs remote Linux proof for broad tests, CI-parity

9-

checks, secrets, hosted services, Docker/E2E/package lanes, warmed reusable

10-

boxes, sync timing, logs/results, cache inspection, or lease cleanup.

8+

Use the Crabbox wrapper when OpenClaw needs remote Linux proof for broad tests,

9+

CI-parity checks, secrets, hosted services, Docker/E2E/package lanes, warmed

10+

reusable boxes, sync timing, logs/results, cache inspection, or lease cleanup.

111112-

Default backend: the repo `.crabbox.yaml`, currently brokered AWS. Do not

13-

override it to Blacksmith unless the user explicitly asks for Blacksmith proof,

14-

the task is specifically about Testbox behavior, or AWS/brokered Crabbox is the

15-

broken layer.

12+

Crabbox is the transport/orchestration surface. The actual backend can be:

161317-

Blacksmith Testbox is a delegated fallback, not the default router. If a

18-

Blacksmith run queues, fails capacity, fails auth, or cannot allocate, stop

19-

after one real attempt and switch to the repo default or report the blocker.

20-

Do not retry Blacksmith in a loop.

14+

- brokered AWS Crabbox: direct provider, `provider=aws`, lease ids like

15+

`cbx_...`, `syncDelegated=false`

16+

- Blacksmith Testbox through Crabbox: delegated provider,

17+

`provider=blacksmith-testbox`, ids like `tbx_...`, `syncDelegated=true`

18+19+

For OpenClaw maintainer broad `pnpm` gates, Blacksmith Testbox through the

20+

Crabbox wrapper is acceptable and often preferred when the standing Testbox

21+

rules apply. Do not describe those runs as "AWS Crabbox"; report them as

22+

Testbox-through-Crabbox with the `tbx_...` id and Actions run.

23+24+

Use the repo `.crabbox.yaml` brokered AWS path when the task specifically needs

25+

direct AWS Crabbox behavior, persistent direct-provider leases, `--fresh-pr`,

26+

`--full-resync`, environment forwarding, capture/download support, or provider

27+

comparison. Use `--provider blacksmith-testbox` when the task needs OpenClaw

28+

maintainer Testbox proof, prepared CI environment, broad/heavy pnpm gates, or

29+

the user asks for Testbox/Blacksmith.

21302231

## First Checks

2332

@@ -34,10 +43,15 @@ pnpm crabbox:run -- --help | sed -n '1,120p'

34433544

- OpenClaw scripts prefer `../crabbox/bin/crabbox` when present. The user PATH

3645

shim can be stale.

37-

- Check `.crabbox.yaml` for repo defaults and honor them. For normal Linux

38-

validation, omit `--provider` so the wrapper uses brokered AWS.

39-

- Pass `--provider blacksmith-testbox` only for explicit Blacksmith/Testbox

40-

work or a deliberate comparison.

46+

- Check `.crabbox.yaml` for direct-provider defaults. Omitting `--provider`

47+

means brokered AWS today.

48+

- For broad OpenClaw maintainer `pnpm` gates, prefer the repo wrapper with

49+

`--provider blacksmith-testbox` or the repo Testbox helpers when the standing

50+

Testbox policy applies.

51+

- Always report the actual provider and id. `cbx_...` means AWS Crabbox;

52+

`tbx_...` means Blacksmith Testbox through Crabbox. If the output only says

53+

`blacksmith testbox list`, use `blacksmith testbox list --all` before

54+

concluding no box exists.

4155

- If a warm direct-provider lease smells stale, retry with `--full-resync`

4256

(alias `--fresh-sync`) before replacing the lease. This resets the remote

4357

workdir, skips the fingerprint fast path, reseeds Git when possible, and

@@ -83,11 +97,10 @@ Crabbox supports static SSH targets:

8397

with `../crabbox/bin/crabbox run --help`, config/flag tests, and the Crabbox

8498

Go test suite.

859986-

## Default Brokered AWS Backend

100+

## Direct Brokered AWS Backend

8710188-

Use this for `pnpm check`, `pnpm check:changed`, `pnpm test`,

89-

`pnpm test:changed`, Docker/E2E/live/package gates, or anything likely to fan

90-

out across many Vitest projects.

102+

Use this when the task needs direct AWS Crabbox semantics rather than the

103+

prepared Blacksmith Testbox CI environment.

9110492105

Changed gate:

93106

@@ -124,9 +137,9 @@ pnpm crabbox:run -- \

124137125138

Read the JSON summary. Useful fields:

126139127-

- `provider`: should normally be `aws`

140+

- `provider`: `aws`

128141

- `leaseId`: `cbx_...`

129-

- `syncDelegated`: should normally be `false`

142+

- `syncDelegated`: `false`

130143

- `commandPhases`: populated when the command prints `CRABBOX_PHASE:<name>`

131144

- `commandMs` / `totalMs`

132145

- `exitCode`

@@ -138,6 +151,41 @@ cleanup when a run fails, is interrupted, or the command output is unclear:

138151

../crabbox/bin/crabbox list --provider aws

139152

```

140153154+

## Blacksmith Testbox Through Crabbox

155+156+

Use this for OpenClaw maintainer broad/heavy `pnpm` gates when the prepared CI

157+

environment is the right proof surface:

158+159+

```sh

160+

node scripts/crabbox-wrapper.mjs run \

161+

--provider blacksmith-testbox \

162+

--blacksmith-org openclaw \

163+

--blacksmith-workflow .github/workflows/ci-check-testbox.yml \

164+

--blacksmith-job check \

165+

--blacksmith-ref main \

166+

--idle-timeout 90m \

167+

--ttl 240m \

168+

--timing-json \

169+

-- \

170+

CI=1 NODE_OPTIONS=--max-old-space-size=4096 OPENCLAW_TEST_PROJECTS_PARALLEL=6 OPENCLAW_VITEST_MAX_WORKERS=1 OPENCLAW_VITEST_NO_OUTPUT_TIMEOUT_MS=900000 OPENCLAW_TESTBOX=1 OPENCLAW_TESTBOX_REMOTE_RUN=1 pnpm check:changed

171+

```

172+173+

Read the JSON summary and the Testbox line. Useful fields:

174+175+

- `provider`: `blacksmith-testbox`

176+

- `leaseId`: `tbx_...`

177+

- `syncDelegated`: `true`

178+

- `syncPhases`: delegated/skipped because Blacksmith owns checkout/sync

179+

- Actions run URL/id from the Testbox output

180+

- `exitCode`

181+182+

`blacksmith testbox list` may hide hydrating or ready boxes. Use:

183+184+

```sh

185+

blacksmith testbox list --all

186+

blacksmith testbox status <tbx_id>

187+

```

188+141189

## Observability Flags

142190143191

Use these on debugging runs before inventing ad hoc logging: