ci(ohos): guard unsupported target dependencies

2026-06-03 23:41:21 -07:00
parent 8d9cd44078
commit 6a7063c912
10 changed files with 198 additions and 4 deletions
@@ -38,6 +38,7 @@
      script: |
        set -eu
        ./scripts/release/check-versions.sh
        ./scripts/release/check-ohos-deps.sh
        cargo fmt --all -- --check
        cargo check --workspace --all-targets --locked
        cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
@@ -75,6 +76,7 @@
      script: |
        set -eu
        ./scripts/release/check-versions.sh
        ./scripts/release/check-ohos-deps.sh
        cargo fmt --all -- --check
        cargo check --workspace --all-targets --locked
        cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
@@ -123,6 +125,7 @@ $:
            apt-get install -y git libdbus-1-dev nodejs pkg-config
            ./scripts/release/check-versions.sh
            ./scripts/release/check-ohos-deps.sh
            cargo build --release --locked -p codewhale-cli -p codewhale-tui
            mkdir -p target/cnb-release
@@ -27,6 +27,8 @@ jobs:
          node-version: 20
      - name: Check version drift
        run: ./scripts/release/check-versions.sh
      - name: Check OHOS dependency graph
        run: ./scripts/release/check-ohos-deps.sh
  lint:
    name: Lint
@@ -42,6 +42,8 @@ jobs:
        run: cargo fmt --all -- --check
      - name: Compile check
        run: cargo check --workspace --all-targets --locked
      - name: OHOS dependency graph
        run: ./scripts/release/check-ohos-deps.sh
      - name: Clippy
        run: cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
      - name: Workspace tests
@@ -19,6 +19,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  explicit Rustls ring-provider installation for the no-provider TLS build, and
  OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY,
  execpolicy Starlark parsing, and self-update surfaces.
 - Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release
  preflight so the OpenHarmony target graph fails if unsupported `nix`,
  `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter.
 - Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested
  commits use GitHub-mappable numeric noreply identities instead of `.local`,
  placeholder, bot/tool, or raw third-party emails.
@@ -7,6 +7,120 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
 - Added `/restore list [N]` so users can inspect more side-git rollback
  snapshots with UTC timestamps before choosing a restore point. Plain
  `/restore` now shows the 20 most recent snapshots, numeric restore targets can
  reach beyond that default listing up to a bounded index, and list requests
  above the visible cap fail explicitly instead of silently truncating.
 - Added HarmonyOS/OpenHarmony support scaffolding: environment-driven
  `OHOS_NATIVE_SDK` setup scripts and compiler wrappers, platform docs,
  explicit Rustls ring-provider installation for the no-provider TLS build, and
  OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY,
  execpolicy Starlark parsing, and self-update surfaces.
 - Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release
  preflight so the OpenHarmony target graph fails if unsupported `nix`,
  `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter.
 - Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested
  commits use GitHub-mappable numeric noreply identities instead of `.local`,
  placeholder, bot/tool, or raw third-party emails.
 - Added rich PlanArtifact support to `update_plan`: Plan mode can now carry
  grounded objectives, context, sources, critical files, constraints,
  verification, risks, and handoff notes through the transcript card, Plan
  confirmation prompt, `/relay`, fork-state, and saved-session replay.
 - Added `POST /v1/sessions` for runtime clients to save a completed thread as a
  managed session. The endpoint preserves thread title/model/mode/workspace
  metadata, maps missing threads to 404, and returns 409 instead of snapshotting
  queued or active turns.
 ### Changed
 - `/config` now reports the canonical `~/.codewhale/settings.toml` path for TUI
  settings while still reading legacy DeepSeek-branded settings fallbacks and
  migrating them into the CodeWhale home on load.
 - `PATCH /v1/threads/{id}` can now update a thread's persisted workspace for
  GUI/runtime clients. Workspace changes reject active turns and evict idle
  cached engines so the next turn starts in the new workspace.
 - Split `web_run` session/page cache state so cached page reads use shared
  page handles and do not serialize through the mutation path. The harvest also
  adds panic-safe state write-back and serializes cache-mutating unit tests so
  the global web cache remains stable under normal Cargo test parallelism.
 - Appended volatile `<turn_meta>` blocks after user text in outgoing user
  message content arrays so provider prefix caches can keep matching the stable
  user-input prefix across date, route, and working-set changes.
 - Softened contribution intake automation: external issues now receive a warm
  triage note and are never auto-closed by the contribution gate, while the PR
  gate copy makes clear that dry-run observations are about maintainer safety,
  not contributor quality.
 - Added a PR gate marker guard so reopened unapproved PRs do not get duplicate
  intake comments, and clarified that PR reopening should happen after
  allowlist approval is merged.
 - Documented the agent and sub-agent stewardship ethos so future automation
  preserves human issue intake, careful PR review, and contributor credit.
 - Moved the TUI Starlark execpolicy parser and PTY support behind non-OHOS
  target dependencies so published OpenHarmony builds no longer pull `nix` 0.28
  through `rustyline` or `portable-pty`.
 - Explicit `skills_dir` configuration is now unioned with workspace skill
  discovery instead of being shadowed by workspace-local skills, and configured
  skills take precedence over global defaults when prompt space is constrained.
 - Tool-agent sub-agent routing now inherits the parent session model, or an
  explicit tool-agent override, instead of hard-coding `deepseek-v4-flash`;
  the fast lane still disables thinking through provider-aware request shaping.
 - Dense successful read/search/list tool runs now collapse into a single
  expandable transcript row by default, while running, failed, shell, patch,
  review, diff, and other risky tool cells remain visible. The setting
  `tool_collapse = "compact" | "expanded" | "calm"` controls the behavior.
 - Pending-input preview rows now label delivery mode explicitly as steer
  pending, rejected steer, or queued follow-up, with wrapped continuation rows
  aligned under the label so busy-turn input state is easier to read (#2054).
 - Editing a queued follow-up is now an explicit pending-input state. Pressing
  `Esc` while editing a queued follow-up restores the original queued message
  instead of cancelling the active turn or silently dropping the queued work
  (#2054).
 - Sidebar hover details now use row-level metadata for truncated Work, Tasks,
  and Agents rows. Mouse hover opens a bordered, wrapping popover with the full
  underlying row text, long turn/agent ids, and current sub-agent progress
  instead of repeating the already-ellipsized sidebar label (#2694, #2734).
 - Sub-agents now preserve checkpoint metadata around long model calls. A
  per-step API timeout marks the child as interrupted with a continuable
  checkpoint instead of ending as a null failed result, and `agent_eval` can
  explicitly continue a live checkpointed interrupted child while normal
  completed/failed/cancelled follow-up behavior stays unchanged (#2029).
 - Durable task recovery no longer requeues tasks that were `running` when the
  previous CodeWhale process exited. On restart those records are marked failed
  with a recovery note, and any running tool-call summaries are marked failed
  too, so stale shell/task state cannot silently become live work again (#1786).
 - Auto-generated project instructions now reuse the bounded Project Context
  Pack data instead of running an unbounded summary/tree scan when no
  `.codewhale/instructions.md` file exists. The fallback keeps later
  top-level folders visible in noisy large workspaces while the dynamic
  `<project_context_pack>` marker remains controlled by its own setting
  (#697, #1827).
 ### Community
 Thanks to **@cyq1017** for the restore-listing implementation (#2513) and
 pending-input delivery-mode label work (#2532, #2054),
 **@wywsoor** for the broader macOS/iTerm rollback UX report (#2494),
 **@HUQIANTAO** for the `web_run` lock-splitting work (#2502) and turn-metadata
 prefix-cache stability work (#2517), **@xyuai** for canonical CodeWhale
 settings-path migration work (#2730), **@gaord** for the runtime thread
 workspace update and completed-thread save APIs (#2640, #2639),
 **@shenjackyuanjie** for the
 HarmonyOS/OpenHarmony port and MatePad Edge validation trail (#2634),
 **@idling11** for the PlanArtifact direction in Plan mode (#2733) and the
 dense tool-call transcript collapse/sidebar detail direction (#2738, #2734,
 #2692, #2694), and
 **@h3c-hexin** for the tool-agent model inheritance and configured
 `skills_dir` fixes (#2736, #2737). Thanks also to **@qiyuanlicn** for the
 checkpoint/resume report that shaped the sub-agent recovery slice (#2029),
 to **@bevis-wong** for the long-running shell/task liveness report (#1786),
 and to **@NASLXTO** and
 **@wuxixing** for the large-workspace startup reports (#697, #1827), and to
 **@linzhiqin2003** and **@merchloubna70-dot** for earlier context-cap and
 startup-diagnosis work that shaped this bounded fallback.
 ## [0.8.53] - 2026-06-03
 ### Added
@@ -76,3 +76,17 @@ chmod +x ./ohos-clang.sh ./ohos-clangxx.sh
 Cargo cannot expand environment variables inside `linker` or CMake toolchain
 path values there, so those values are exported by `scripts/ohos-env.ps1` and
 `scripts/ohos-env.sh` instead.
 ## Dependency Guard
 Release prep runs a no-SDK dependency check:
 ```bash
 ./scripts/release/check-ohos-deps.sh
 ```
 The guard resolves the `codewhale-tui` dependency graph for
 `aarch64-unknown-linux-ohos` and fails if unsupported host/UI crates re-enter
 the target graph: `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, or
 `keyring`. This does not replace a real SDK/sysroot build, but it catches the
 known `starlark -> rustyline -> nix` and PTY/keyring regressions before release.
@@ -39,6 +39,9 @@ publish-crates), see [`RELEASE_RUNBOOK.md`](RELEASE_RUNBOOK.md).
 - [ ] `Cargo.lock` is refreshed (`cargo update --workspace --offline`).
 - [ ] `./scripts/release/check-versions.sh` reports
      `Version state OK: workspace=X.Y.Z, npm=X.Y.Z, lockfile in sync.`
 - [ ] `./scripts/release/check-ohos-deps.sh` reports that the OpenHarmony
      target graph does not pull the unsupported `nix` 0.28/0.29,
      `portable-pty`, `starlark`, `arboard`, or `keyring` crates.
 ## 3. Preflight gates
@@ -57,7 +57,7 @@ harvest/stewardship commits:
 | #1786 stale running task recovery | Locally implemented as the durable restart-safety slice. | `TaskManager::load_state` now marks tasks that were persisted as `running` in a prior process as failed with an explicit restart/interrupted error instead of requeueing them. Running tool-call summaries inside those stale tasks are also marked failed. `cargo test -p codewhale-tui --bin codewhale-tui --locked running_tasks_are_not_requeued_after_restart -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked task_manager -- --nocapture` passed. Credit @bevis-wong; keep #1786 open for foreground shell hang root cause and careful LIVE-state watchdog work that does not abort legitimate foreground commands. |
 | #697/#1827 bounded auto-generated project context | Locally implemented from the stabilization audit. | When no project instructions exist, startup now writes `.codewhale/instructions.md` from the bounded Project Context Pack data instead of an unbounded summary/tree scan. The generated file avoids the dynamic `<project_context_pack>` marker when that setting is disabled, keeps later top-level folders visible, and omits noisy directory tails. `cargo test -p codewhale-tui --bin codewhale-tui --locked auto_generated_context_is_bounded_for_many_file_workspace -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked project_context_pack -- --nocapture` passed. Credit reporters @NASLXTO and @wuxixing, plus earlier context-cap/startup work from @linzhiqin2003 and @merchloubna70-dot; leave #697/#1827 open pending real massive-repo/manual startup verification. |
 | #2636 project-context mtime cache | Defer direct merge; harvest only after cache key/signature is widened. | Must include constitution changes, auto-generated context deletion, canonical path equivalence, and overwrite detection before landing. |
-| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `cargo check --workspace --all-features --locked`, focused PTY/clipboard tests, and `cargo tree --locked -p codewhale-tui --target aarch64-unknown-linux-ohos -i nix@0.28.0` passed; full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. |
+| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `./scripts/release/check-ohos-deps.sh` now guards the OHOS graph against `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, and `keyring`; `cargo check --workspace --all-features --locked` and focused PTY/clipboard tests passed. Full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. |
 | #2687 append-only mode/approval prompt | Defer direct merge; draft has compile failures and Plan-mode prompt correctness risks. | Any future harvest must keep stable `message[0]` genuinely mode-agnostic, preserve mode/approval suffixes after capacity replans, and distinguish external overrides from persisted generated prompts. |
 | #2581 provider fallback chain design doc | Manually harvested as `docs/rfcs/2574-provider-fallback-chain.md` because the current PR head has no net file changes. | Keep issue #2574 open for implementation; close/comment on #2581 after the integration branch is public, crediting @idling11 and reporter @hsdbeebou. |
 | #2530 mention depth-cap hint | Already present in the current v0.9 stack as `a97675824` and `29f57665e`. | `cargo test -p codewhale-tui --locked try_autocomplete_file_mention_no_match` passed. |
@@ -0,0 +1,41 @@
 #!/usr/bin/env bash
 # Guard the OpenHarmony target dependency graph.
 #
 # This check intentionally does not require an OpenHarmony SDK or sysroot. It
 # only asks Cargo to resolve the codewhale-tui dependency graph for the OHOS
 # target and fails if crates known to break or be unsupported on OHOS re-enter
 # that graph.
 set -euo pipefail
 cd "$(dirname "$0")/../.."
 target="${1:-aarch64-unknown-linux-ohos}"
 package="${CODEWHALE_OHOS_DEP_PACKAGE:-codewhale-tui}"
 tree="$(
  cargo tree \
    --locked \
    --package "${package}" \
    --all-features \
    --target "${target}" \
    --prefix none \
    --no-dedupe
 )"
 disallowed="$(
  grep -E '^(nix v0\.(28|29)\.|portable-pty v|starlark v|arboard v|keyring v)' <<<"${tree}" || true
 )"
 if [[ -n "${disallowed}" ]]; then
  {
    echo "::error::OHOS target graph for ${package} includes unsupported dependencies:"
    echo "${disallowed}"
    echo
    echo "The OpenHarmony port avoids the rustyline/starlark/portable-pty/nix chain"
    echo "by target-gating those crates away from target_env=ohos. Keep this graph"
    echo "clean unless a real OHOS-compatible dependency update lands."
  } >&2
  exit 1
 fi
 echo "OHOS dependency graph OK for ${package} on ${target}."
@@ -96,10 +96,22 @@ if [[ -z "${compare_line}" ]]; then
  fail=1
 fi
 unreleased_section="$(
  awk '
    index($0, "## [Unreleased]") == 1 { in_section = 1; print; next }
    in_section && /^## \[/ { exit }
    in_section { print }
  ' CHANGELOG.md
 )"
 credit_sections="${current_section}
 ${unreleased_section}"
 # 6) Contributor-credit cross-check for README additions on the release branch.
 # This cannot prove every external PR author has been credited, but it does
 # catch the common release-polish failure mode: adding a README contributor row
-# without mentioning that credit/correction in the current release entry.
+# without mentioning that credit/correction in the current release entry. While
 # a release branch is still unbumped, `[Unreleased]` is also a valid credit
 # surface.
 previous_tag=""
 current_tag="v${workspace_version}"
 if [[ "${compare_line}" =~ compare/(v[0-9]+\.[0-9]+\.[0-9]+)\.\.\.${current_tag} ]]; then
@@ -114,8 +126,8 @@ if [[ -n "${previous_tag}" ]]; then
      [[ -z "${line}" ]] && continue
      handle="$(sed -E 's#.*github.com/([^)/]+).*#\1#' <<<"${line}")"
      if [[ -n "${handle}" && "${handle}" != "${line}" ]]; then
-        if ! grep -Fq "github.com/${handle}" <<<"${current_section}" && ! grep -Fq "@${handle}" <<<"${current_section}"; then
+        if ! grep -Fq "github.com/${handle}" <<<"${credit_sections}" && ! grep -Fq "@${handle}" <<<"${credit_sections}"; then
-          echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} does not mention that credit." >&2
+          echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} or [Unreleased] does not mention that credit." >&2
          fail=1
        fi
      fi