From 6a7063c912ff09e70abe29ec6a8a69022a579a02 Mon Sep 17 00:00:00 2001 From: Hunter B Date: Wed, 3 Jun 2026 23:41:21 -0700 Subject: [PATCH] ci(ohos): guard unsupported target dependencies --- .cnb.yml | 3 + .github/workflows/ci.yml | 2 + .github/workflows/release.yml | 2 + CHANGELOG.md | 3 + crates/tui/CHANGELOG.md | 114 +++++++++++++++++++++++++++++ docs/HarmonyOS.md | 14 ++++ docs/RELEASE_CHECKLIST.md | 3 + docs/V0_9_0_EXECUTION_MAP.md | 2 +- scripts/release/check-ohos-deps.sh | 41 +++++++++++ scripts/release/check-versions.sh | 18 ++++- 10 files changed, 198 insertions(+), 4 deletions(-) create mode 100755 scripts/release/check-ohos-deps.sh diff --git a/.cnb.yml b/.cnb.yml index ef440d1a..f1c4d5f8 100644 --- a/.cnb.yml +++ b/.cnb.yml @@ -38,6 +38,7 @@ script: | set -eu ./scripts/release/check-versions.sh + ./scripts/release/check-ohos-deps.sh cargo fmt --all -- --check cargo check --workspace --all-targets --locked cargo clippy --workspace --all-targets --all-features --locked -- -D warnings @@ -75,6 +76,7 @@ script: | set -eu ./scripts/release/check-versions.sh + ./scripts/release/check-ohos-deps.sh cargo fmt --all -- --check cargo check --workspace --all-targets --locked cargo clippy --workspace --all-targets --all-features --locked -- -D warnings @@ -123,6 +125,7 @@ $: apt-get install -y git libdbus-1-dev nodejs pkg-config ./scripts/release/check-versions.sh + ./scripts/release/check-ohos-deps.sh cargo build --release --locked -p codewhale-cli -p codewhale-tui mkdir -p target/cnb-release diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7fafe26e..1eb681cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,8 @@ jobs: node-version: 20 - name: Check version drift run: ./scripts/release/check-versions.sh + - name: Check OHOS dependency graph + run: ./scripts/release/check-ohos-deps.sh lint: name: Lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc9aa416..3edca98f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,8 @@ jobs: run: cargo fmt --all -- --check - name: Compile check run: cargo check --workspace --all-targets --locked + - name: OHOS dependency graph + run: ./scripts/release/check-ohos-deps.sh - name: Clippy run: cargo clippy --workspace --all-targets --all-features --locked -- -D warnings - name: Workspace tests diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ae1baa7..4af0523b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 explicit Rustls ring-provider installation for the no-provider TLS build, and OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY, execpolicy Starlark parsing, and self-update surfaces. +- Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release + preflight so the OpenHarmony target graph fails if unsupported `nix`, + `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter. - Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested commits use GitHub-mappable numeric noreply identities instead of `.local`, placeholder, bot/tool, or raw third-party emails. diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md index dec9b971..4af0523b 100644 --- a/crates/tui/CHANGELOG.md +++ b/crates/tui/CHANGELOG.md @@ -7,6 +7,120 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Added `/restore list [N]` so users can inspect more side-git rollback + snapshots with UTC timestamps before choosing a restore point. Plain + `/restore` now shows the 20 most recent snapshots, numeric restore targets can + reach beyond that default listing up to a bounded index, and list requests + above the visible cap fail explicitly instead of silently truncating. +- Added HarmonyOS/OpenHarmony support scaffolding: environment-driven + `OHOS_NATIVE_SDK` setup scripts and compiler wrappers, platform docs, + explicit Rustls ring-provider installation for the no-provider TLS build, and + OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY, + execpolicy Starlark parsing, and self-update surfaces. +- Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release + preflight so the OpenHarmony target graph fails if unsupported `nix`, + `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter. +- Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested + commits use GitHub-mappable numeric noreply identities instead of `.local`, + placeholder, bot/tool, or raw third-party emails. +- Added rich PlanArtifact support to `update_plan`: Plan mode can now carry + grounded objectives, context, sources, critical files, constraints, + verification, risks, and handoff notes through the transcript card, Plan + confirmation prompt, `/relay`, fork-state, and saved-session replay. +- Added `POST /v1/sessions` for runtime clients to save a completed thread as a + managed session. The endpoint preserves thread title/model/mode/workspace + metadata, maps missing threads to 404, and returns 409 instead of snapshotting + queued or active turns. + +### Changed + +- `/config` now reports the canonical `~/.codewhale/settings.toml` path for TUI + settings while still reading legacy DeepSeek-branded settings fallbacks and + migrating them into the CodeWhale home on load. +- `PATCH /v1/threads/{id}` can now update a thread's persisted workspace for + GUI/runtime clients. Workspace changes reject active turns and evict idle + cached engines so the next turn starts in the new workspace. +- Split `web_run` session/page cache state so cached page reads use shared + page handles and do not serialize through the mutation path. The harvest also + adds panic-safe state write-back and serializes cache-mutating unit tests so + the global web cache remains stable under normal Cargo test parallelism. +- Appended volatile `` blocks after user text in outgoing user + message content arrays so provider prefix caches can keep matching the stable + user-input prefix across date, route, and working-set changes. +- Softened contribution intake automation: external issues now receive a warm + triage note and are never auto-closed by the contribution gate, while the PR + gate copy makes clear that dry-run observations are about maintainer safety, + not contributor quality. +- Added a PR gate marker guard so reopened unapproved PRs do not get duplicate + intake comments, and clarified that PR reopening should happen after + allowlist approval is merged. +- Documented the agent and sub-agent stewardship ethos so future automation + preserves human issue intake, careful PR review, and contributor credit. +- Moved the TUI Starlark execpolicy parser and PTY support behind non-OHOS + target dependencies so published OpenHarmony builds no longer pull `nix` 0.28 + through `rustyline` or `portable-pty`. +- Explicit `skills_dir` configuration is now unioned with workspace skill + discovery instead of being shadowed by workspace-local skills, and configured + skills take precedence over global defaults when prompt space is constrained. +- Tool-agent sub-agent routing now inherits the parent session model, or an + explicit tool-agent override, instead of hard-coding `deepseek-v4-flash`; + the fast lane still disables thinking through provider-aware request shaping. +- Dense successful read/search/list tool runs now collapse into a single + expandable transcript row by default, while running, failed, shell, patch, + review, diff, and other risky tool cells remain visible. The setting + `tool_collapse = "compact" | "expanded" | "calm"` controls the behavior. +- Pending-input preview rows now label delivery mode explicitly as steer + pending, rejected steer, or queued follow-up, with wrapped continuation rows + aligned under the label so busy-turn input state is easier to read (#2054). +- Editing a queued follow-up is now an explicit pending-input state. Pressing + `Esc` while editing a queued follow-up restores the original queued message + instead of cancelling the active turn or silently dropping the queued work + (#2054). +- Sidebar hover details now use row-level metadata for truncated Work, Tasks, + and Agents rows. Mouse hover opens a bordered, wrapping popover with the full + underlying row text, long turn/agent ids, and current sub-agent progress + instead of repeating the already-ellipsized sidebar label (#2694, #2734). +- Sub-agents now preserve checkpoint metadata around long model calls. A + per-step API timeout marks the child as interrupted with a continuable + checkpoint instead of ending as a null failed result, and `agent_eval` can + explicitly continue a live checkpointed interrupted child while normal + completed/failed/cancelled follow-up behavior stays unchanged (#2029). +- Durable task recovery no longer requeues tasks that were `running` when the + previous CodeWhale process exited. On restart those records are marked failed + with a recovery note, and any running tool-call summaries are marked failed + too, so stale shell/task state cannot silently become live work again (#1786). +- Auto-generated project instructions now reuse the bounded Project Context + Pack data instead of running an unbounded summary/tree scan when no + `.codewhale/instructions.md` file exists. The fallback keeps later + top-level folders visible in noisy large workspaces while the dynamic + `` marker remains controlled by its own setting + (#697, #1827). + +### Community + +Thanks to **@cyq1017** for the restore-listing implementation (#2513) and +pending-input delivery-mode label work (#2532, #2054), +**@wywsoor** for the broader macOS/iTerm rollback UX report (#2494), +**@HUQIANTAO** for the `web_run` lock-splitting work (#2502) and turn-metadata +prefix-cache stability work (#2517), **@xyuai** for canonical CodeWhale +settings-path migration work (#2730), **@gaord** for the runtime thread +workspace update and completed-thread save APIs (#2640, #2639), +**@shenjackyuanjie** for the +HarmonyOS/OpenHarmony port and MatePad Edge validation trail (#2634), +**@idling11** for the PlanArtifact direction in Plan mode (#2733) and the +dense tool-call transcript collapse/sidebar detail direction (#2738, #2734, +#2692, #2694), and +**@h3c-hexin** for the tool-agent model inheritance and configured +`skills_dir` fixes (#2736, #2737). Thanks also to **@qiyuanlicn** for the +checkpoint/resume report that shaped the sub-agent recovery slice (#2029), +to **@bevis-wong** for the long-running shell/task liveness report (#1786), +and to **@NASLXTO** and +**@wuxixing** for the large-workspace startup reports (#697, #1827), and to +**@linzhiqin2003** and **@merchloubna70-dot** for earlier context-cap and +startup-diagnosis work that shaped this bounded fallback. + ## [0.8.53] - 2026-06-03 ### Added diff --git a/docs/HarmonyOS.md b/docs/HarmonyOS.md index f3c091f8..2c84eb88 100644 --- a/docs/HarmonyOS.md +++ b/docs/HarmonyOS.md @@ -76,3 +76,17 @@ chmod +x ./ohos-clang.sh ./ohos-clangxx.sh Cargo cannot expand environment variables inside `linker` or CMake toolchain path values there, so those values are exported by `scripts/ohos-env.ps1` and `scripts/ohos-env.sh` instead. + +## Dependency Guard + +Release prep runs a no-SDK dependency check: + +```bash +./scripts/release/check-ohos-deps.sh +``` + +The guard resolves the `codewhale-tui` dependency graph for +`aarch64-unknown-linux-ohos` and fails if unsupported host/UI crates re-enter +the target graph: `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, or +`keyring`. This does not replace a real SDK/sysroot build, but it catches the +known `starlark -> rustyline -> nix` and PTY/keyring regressions before release. diff --git a/docs/RELEASE_CHECKLIST.md b/docs/RELEASE_CHECKLIST.md index 626aafb7..dce3bd8f 100644 --- a/docs/RELEASE_CHECKLIST.md +++ b/docs/RELEASE_CHECKLIST.md @@ -39,6 +39,9 @@ publish-crates), see [`RELEASE_RUNBOOK.md`](RELEASE_RUNBOOK.md). - [ ] `Cargo.lock` is refreshed (`cargo update --workspace --offline`). - [ ] `./scripts/release/check-versions.sh` reports `Version state OK: workspace=X.Y.Z, npm=X.Y.Z, lockfile in sync.` +- [ ] `./scripts/release/check-ohos-deps.sh` reports that the OpenHarmony + target graph does not pull the unsupported `nix` 0.28/0.29, + `portable-pty`, `starlark`, `arboard`, or `keyring` crates. ## 3. Preflight gates diff --git a/docs/V0_9_0_EXECUTION_MAP.md b/docs/V0_9_0_EXECUTION_MAP.md index b5a0a06b..af7d803d 100644 --- a/docs/V0_9_0_EXECUTION_MAP.md +++ b/docs/V0_9_0_EXECUTION_MAP.md @@ -57,7 +57,7 @@ harvest/stewardship commits: | #1786 stale running task recovery | Locally implemented as the durable restart-safety slice. | `TaskManager::load_state` now marks tasks that were persisted as `running` in a prior process as failed with an explicit restart/interrupted error instead of requeueing them. Running tool-call summaries inside those stale tasks are also marked failed. `cargo test -p codewhale-tui --bin codewhale-tui --locked running_tasks_are_not_requeued_after_restart -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked task_manager -- --nocapture` passed. Credit @bevis-wong; keep #1786 open for foreground shell hang root cause and careful LIVE-state watchdog work that does not abort legitimate foreground commands. | | #697/#1827 bounded auto-generated project context | Locally implemented from the stabilization audit. | When no project instructions exist, startup now writes `.codewhale/instructions.md` from the bounded Project Context Pack data instead of an unbounded summary/tree scan. The generated file avoids the dynamic `` marker when that setting is disabled, keeps later top-level folders visible, and omits noisy directory tails. `cargo test -p codewhale-tui --bin codewhale-tui --locked auto_generated_context_is_bounded_for_many_file_workspace -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked project_context_pack -- --nocapture` passed. Credit reporters @NASLXTO and @wuxixing, plus earlier context-cap/startup work from @linzhiqin2003 and @merchloubna70-dot; leave #697/#1827 open pending real massive-repo/manual startup verification. | | #2636 project-context mtime cache | Defer direct merge; harvest only after cache key/signature is widened. | Must include constitution changes, auto-generated context deletion, canonical path equivalence, and overwrite detection before landing. | -| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `cargo check --workspace --all-features --locked`, focused PTY/clipboard tests, and `cargo tree --locked -p codewhale-tui --target aarch64-unknown-linux-ohos -i nix@0.28.0` passed; full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. | +| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `./scripts/release/check-ohos-deps.sh` now guards the OHOS graph against `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, and `keyring`; `cargo check --workspace --all-features --locked` and focused PTY/clipboard tests passed. Full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. | | #2687 append-only mode/approval prompt | Defer direct merge; draft has compile failures and Plan-mode prompt correctness risks. | Any future harvest must keep stable `message[0]` genuinely mode-agnostic, preserve mode/approval suffixes after capacity replans, and distinguish external overrides from persisted generated prompts. | | #2581 provider fallback chain design doc | Manually harvested as `docs/rfcs/2574-provider-fallback-chain.md` because the current PR head has no net file changes. | Keep issue #2574 open for implementation; close/comment on #2581 after the integration branch is public, crediting @idling11 and reporter @hsdbeebou. | | #2530 mention depth-cap hint | Already present in the current v0.9 stack as `a97675824` and `29f57665e`. | `cargo test -p codewhale-tui --locked try_autocomplete_file_mention_no_match` passed. | diff --git a/scripts/release/check-ohos-deps.sh b/scripts/release/check-ohos-deps.sh new file mode 100755 index 00000000..0d1bf9f5 --- /dev/null +++ b/scripts/release/check-ohos-deps.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# Guard the OpenHarmony target dependency graph. +# +# This check intentionally does not require an OpenHarmony SDK or sysroot. It +# only asks Cargo to resolve the codewhale-tui dependency graph for the OHOS +# target and fails if crates known to break or be unsupported on OHOS re-enter +# that graph. +set -euo pipefail + +cd "$(dirname "$0")/../.." + +target="${1:-aarch64-unknown-linux-ohos}" +package="${CODEWHALE_OHOS_DEP_PACKAGE:-codewhale-tui}" + +tree="$( + cargo tree \ + --locked \ + --package "${package}" \ + --all-features \ + --target "${target}" \ + --prefix none \ + --no-dedupe +)" + +disallowed="$( + grep -E '^(nix v0\.(28|29)\.|portable-pty v|starlark v|arboard v|keyring v)' <<<"${tree}" || true +)" + +if [[ -n "${disallowed}" ]]; then + { + echo "::error::OHOS target graph for ${package} includes unsupported dependencies:" + echo "${disallowed}" + echo + echo "The OpenHarmony port avoids the rustyline/starlark/portable-pty/nix chain" + echo "by target-gating those crates away from target_env=ohos. Keep this graph" + echo "clean unless a real OHOS-compatible dependency update lands." + } >&2 + exit 1 +fi + +echo "OHOS dependency graph OK for ${package} on ${target}." diff --git a/scripts/release/check-versions.sh b/scripts/release/check-versions.sh index f260b803..241289e4 100755 --- a/scripts/release/check-versions.sh +++ b/scripts/release/check-versions.sh @@ -96,10 +96,22 @@ if [[ -z "${compare_line}" ]]; then fail=1 fi +unreleased_section="$( + awk ' + index($0, "## [Unreleased]") == 1 { in_section = 1; print; next } + in_section && /^## \[/ { exit } + in_section { print } + ' CHANGELOG.md +)" +credit_sections="${current_section} +${unreleased_section}" + # 6) Contributor-credit cross-check for README additions on the release branch. # This cannot prove every external PR author has been credited, but it does # catch the common release-polish failure mode: adding a README contributor row -# without mentioning that credit/correction in the current release entry. +# without mentioning that credit/correction in the current release entry. While +# a release branch is still unbumped, `[Unreleased]` is also a valid credit +# surface. previous_tag="" current_tag="v${workspace_version}" if [[ "${compare_line}" =~ compare/(v[0-9]+\.[0-9]+\.[0-9]+)\.\.\.${current_tag} ]]; then @@ -114,8 +126,8 @@ if [[ -n "${previous_tag}" ]]; then [[ -z "${line}" ]] && continue handle="$(sed -E 's#.*github.com/([^)/]+).*#\1#' <<<"${line}")" if [[ -n "${handle}" && "${handle}" != "${line}" ]]; then - if ! grep -Fq "github.com/${handle}" <<<"${current_section}" && ! grep -Fq "@${handle}" <<<"${current_section}"; then - echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} does not mention that credit." >&2 + if ! grep -Fq "github.com/${handle}" <<<"${credit_sections}" && ! grep -Fq "@${handle}" <<<"${credit_sections}"; then + echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} or [Unreleased] does not mention that credit." >&2 fail=1 fi fi