ci(ohos): guard unsupported target dependencies

2026-06-03 23:41:21 -07:00
parent 8d9cd44078
commit 6a7063c912
10 changed files with 198 additions and 4 deletions
@@ -38,6 +38,7 @@
      script: |
        set -eu
        ./scripts/release/check-versions.sh
+        ./scripts/release/check-ohos-deps.sh
        cargo fmt --all -- --check
        cargo check --workspace --all-targets --locked
        cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
@@ -75,6 +76,7 @@
      script: |
        set -eu
        ./scripts/release/check-versions.sh
+        ./scripts/release/check-ohos-deps.sh
        cargo fmt --all -- --check
        cargo check --workspace --all-targets --locked
        cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
@@ -123,6 +125,7 @@ $:
            apt-get install -y git libdbus-1-dev nodejs pkg-config

            ./scripts/release/check-versions.sh
+            ./scripts/release/check-ohos-deps.sh
            cargo build --release --locked -p codewhale-cli -p codewhale-tui

            mkdir -p target/cnb-release
@@ -27,6 +27,8 @@ jobs:
          node-version: 20
      - name: Check version drift
        run: ./scripts/release/check-versions.sh
+      - name: Check OHOS dependency graph
+        run: ./scripts/release/check-ohos-deps.sh

  lint:
    name: Lint
@@ -42,6 +42,8 @@ jobs:
        run: cargo fmt --all -- --check
      - name: Compile check
        run: cargo check --workspace --all-targets --locked
+      - name: OHOS dependency graph
+        run: ./scripts/release/check-ohos-deps.sh
      - name: Clippy
        run: cargo clippy --workspace --all-targets --all-features --locked -- -D warnings
      - name: Workspace tests
@@ -19,6 +19,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  explicit Rustls ring-provider installation for the no-provider TLS build, and
  OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY,
  execpolicy Starlark parsing, and self-update surfaces.
+- Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release
+  preflight so the OpenHarmony target graph fails if unsupported `nix`,
+  `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter.
 - Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested
  commits use GitHub-mappable numeric noreply identities instead of `.local`,
  placeholder, bot/tool, or raw third-party emails.
@@ -7,6 +7,120 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+### Added
+
+- Added `/restore list [N]` so users can inspect more side-git rollback
+  snapshots with UTC timestamps before choosing a restore point. Plain
+  `/restore` now shows the 20 most recent snapshots, numeric restore targets can
+  reach beyond that default listing up to a bounded index, and list requests
+  above the visible cap fail explicitly instead of silently truncating.
+- Added HarmonyOS/OpenHarmony support scaffolding: environment-driven
+  `OHOS_NATIVE_SDK` setup scripts and compiler wrappers, platform docs,
+  explicit Rustls ring-provider installation for the no-provider TLS build, and
+  OHOS fallbacks for unsupported keyring, clipboard, sandbox, browser-open, TTY,
+  execpolicy Starlark parsing, and self-update surfaces.
+- Added `scripts/release/check-ohos-deps.sh` and wired it into CI/release
+  preflight so the OpenHarmony target graph fails if unsupported `nix`,
+  `portable-pty`, `starlark`, `arboard`, or `keyring` dependencies re-enter.
+- Added `.github/AUTHOR_MAP` and a CI co-author credit check so harvested
+  commits use GitHub-mappable numeric noreply identities instead of `.local`,
+  placeholder, bot/tool, or raw third-party emails.
+- Added rich PlanArtifact support to `update_plan`: Plan mode can now carry
+  grounded objectives, context, sources, critical files, constraints,
+  verification, risks, and handoff notes through the transcript card, Plan
+  confirmation prompt, `/relay`, fork-state, and saved-session replay.
+- Added `POST /v1/sessions` for runtime clients to save a completed thread as a
+  managed session. The endpoint preserves thread title/model/mode/workspace
+  metadata, maps missing threads to 404, and returns 409 instead of snapshotting
+  queued or active turns.
+
+### Changed
+
+- `/config` now reports the canonical `~/.codewhale/settings.toml` path for TUI
+  settings while still reading legacy DeepSeek-branded settings fallbacks and
+  migrating them into the CodeWhale home on load.
+- `PATCH /v1/threads/{id}` can now update a thread's persisted workspace for
+  GUI/runtime clients. Workspace changes reject active turns and evict idle
+  cached engines so the next turn starts in the new workspace.
+- Split `web_run` session/page cache state so cached page reads use shared
+  page handles and do not serialize through the mutation path. The harvest also
+  adds panic-safe state write-back and serializes cache-mutating unit tests so
+  the global web cache remains stable under normal Cargo test parallelism.
+- Appended volatile `<turn_meta>` blocks after user text in outgoing user
+  message content arrays so provider prefix caches can keep matching the stable
+  user-input prefix across date, route, and working-set changes.
+- Softened contribution intake automation: external issues now receive a warm
+  triage note and are never auto-closed by the contribution gate, while the PR
+  gate copy makes clear that dry-run observations are about maintainer safety,
+  not contributor quality.
+- Added a PR gate marker guard so reopened unapproved PRs do not get duplicate
+  intake comments, and clarified that PR reopening should happen after
+  allowlist approval is merged.
+- Documented the agent and sub-agent stewardship ethos so future automation
+  preserves human issue intake, careful PR review, and contributor credit.
+- Moved the TUI Starlark execpolicy parser and PTY support behind non-OHOS
+  target dependencies so published OpenHarmony builds no longer pull `nix` 0.28
+  through `rustyline` or `portable-pty`.
+- Explicit `skills_dir` configuration is now unioned with workspace skill
+  discovery instead of being shadowed by workspace-local skills, and configured
+  skills take precedence over global defaults when prompt space is constrained.
+- Tool-agent sub-agent routing now inherits the parent session model, or an
+  explicit tool-agent override, instead of hard-coding `deepseek-v4-flash`;
+  the fast lane still disables thinking through provider-aware request shaping.
+- Dense successful read/search/list tool runs now collapse into a single
+  expandable transcript row by default, while running, failed, shell, patch,
+  review, diff, and other risky tool cells remain visible. The setting
+  `tool_collapse = "compact" | "expanded" | "calm"` controls the behavior.
+- Pending-input preview rows now label delivery mode explicitly as steer
+  pending, rejected steer, or queued follow-up, with wrapped continuation rows
+  aligned under the label so busy-turn input state is easier to read (#2054).
+- Editing a queued follow-up is now an explicit pending-input state. Pressing
+  `Esc` while editing a queued follow-up restores the original queued message
+  instead of cancelling the active turn or silently dropping the queued work
+  (#2054).
+- Sidebar hover details now use row-level metadata for truncated Work, Tasks,
+  and Agents rows. Mouse hover opens a bordered, wrapping popover with the full
+  underlying row text, long turn/agent ids, and current sub-agent progress
+  instead of repeating the already-ellipsized sidebar label (#2694, #2734).
+- Sub-agents now preserve checkpoint metadata around long model calls. A
+  per-step API timeout marks the child as interrupted with a continuable
+  checkpoint instead of ending as a null failed result, and `agent_eval` can
+  explicitly continue a live checkpointed interrupted child while normal
+  completed/failed/cancelled follow-up behavior stays unchanged (#2029).
+- Durable task recovery no longer requeues tasks that were `running` when the
+  previous CodeWhale process exited. On restart those records are marked failed
+  with a recovery note, and any running tool-call summaries are marked failed
+  too, so stale shell/task state cannot silently become live work again (#1786).
+- Auto-generated project instructions now reuse the bounded Project Context
+  Pack data instead of running an unbounded summary/tree scan when no
+  `.codewhale/instructions.md` file exists. The fallback keeps later
+  top-level folders visible in noisy large workspaces while the dynamic
+  `<project_context_pack>` marker remains controlled by its own setting
+  (#697, #1827).
+
+### Community
+
+Thanks to **@cyq1017** for the restore-listing implementation (#2513) and
+pending-input delivery-mode label work (#2532, #2054),
+**@wywsoor** for the broader macOS/iTerm rollback UX report (#2494),
+**@HUQIANTAO** for the `web_run` lock-splitting work (#2502) and turn-metadata
+prefix-cache stability work (#2517), **@xyuai** for canonical CodeWhale
+settings-path migration work (#2730), **@gaord** for the runtime thread
+workspace update and completed-thread save APIs (#2640, #2639),
+**@shenjackyuanjie** for the
+HarmonyOS/OpenHarmony port and MatePad Edge validation trail (#2634),
+**@idling11** for the PlanArtifact direction in Plan mode (#2733) and the
+dense tool-call transcript collapse/sidebar detail direction (#2738, #2734,
+#2692, #2694), and
+**@h3c-hexin** for the tool-agent model inheritance and configured
+`skills_dir` fixes (#2736, #2737). Thanks also to **@qiyuanlicn** for the
+checkpoint/resume report that shaped the sub-agent recovery slice (#2029),
+to **@bevis-wong** for the long-running shell/task liveness report (#1786),
+and to **@NASLXTO** and
+**@wuxixing** for the large-workspace startup reports (#697, #1827), and to
+**@linzhiqin2003** and **@merchloubna70-dot** for earlier context-cap and
+startup-diagnosis work that shaped this bounded fallback.
+
 ## [0.8.53] - 2026-06-03

 ### Added
@@ -76,3 +76,17 @@ chmod +x ./ohos-clang.sh ./ohos-clangxx.sh
 Cargo cannot expand environment variables inside `linker` or CMake toolchain
 path values there, so those values are exported by `scripts/ohos-env.ps1` and
 `scripts/ohos-env.sh` instead.
+
+## Dependency Guard
+
+Release prep runs a no-SDK dependency check:
+
+```bash
+./scripts/release/check-ohos-deps.sh
+```
+
+The guard resolves the `codewhale-tui` dependency graph for
+`aarch64-unknown-linux-ohos` and fails if unsupported host/UI crates re-enter
+the target graph: `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, or
+`keyring`. This does not replace a real SDK/sysroot build, but it catches the
+known `starlark -> rustyline -> nix` and PTY/keyring regressions before release.
@@ -39,6 +39,9 @@ publish-crates), see [`RELEASE_RUNBOOK.md`](RELEASE_RUNBOOK.md).
 - [ ] `Cargo.lock` is refreshed (`cargo update --workspace --offline`).
 - [ ] `./scripts/release/check-versions.sh` reports
      `Version state OK: workspace=X.Y.Z, npm=X.Y.Z, lockfile in sync.`
+- [ ] `./scripts/release/check-ohos-deps.sh` reports that the OpenHarmony
+      target graph does not pull the unsupported `nix` 0.28/0.29,
+      `portable-pty`, `starlark`, `arboard`, or `keyring` crates.

 ## 3. Preflight gates

@@ -57,7 +57,7 @@ harvest/stewardship commits:
 | #1786 stale running task recovery | Locally implemented as the durable restart-safety slice. | `TaskManager::load_state` now marks tasks that were persisted as `running` in a prior process as failed with an explicit restart/interrupted error instead of requeueing them. Running tool-call summaries inside those stale tasks are also marked failed. `cargo test -p codewhale-tui --bin codewhale-tui --locked running_tasks_are_not_requeued_after_restart -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked task_manager -- --nocapture` passed. Credit @bevis-wong; keep #1786 open for foreground shell hang root cause and careful LIVE-state watchdog work that does not abort legitimate foreground commands. |
 | #697/#1827 bounded auto-generated project context | Locally implemented from the stabilization audit. | When no project instructions exist, startup now writes `.codewhale/instructions.md` from the bounded Project Context Pack data instead of an unbounded summary/tree scan. The generated file avoids the dynamic `<project_context_pack>` marker when that setting is disabled, keeps later top-level folders visible, and omits noisy directory tails. `cargo test -p codewhale-tui --bin codewhale-tui --locked auto_generated_context_is_bounded_for_many_file_workspace -- --nocapture` and `cargo test -p codewhale-tui --bin codewhale-tui --locked project_context_pack -- --nocapture` passed. Credit reporters @NASLXTO and @wuxixing, plus earlier context-cap/startup work from @linzhiqin2003 and @merchloubna70-dot; leave #697/#1827 open pending real massive-repo/manual startup verification. |
 | #2636 project-context mtime cache | Defer direct merge; harvest only after cache key/signature is widened. | Must include constitution changes, auto-generated context deletion, canonical path equivalence, and overwrite detection before landing. |
-| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `cargo check --workspace --all-features --locked`, focused PTY/clipboard tests, and `cargo tree --locked -p codewhale-tui --target aarch64-unknown-linux-ohos -i nix@0.28.0` passed; full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. |
+| #2634 HarmonyOS port | Locally harvested with additional Nix-chain clearance; keep credited and do not close until the integration branch is public. | User-supplied MatePad Edge demo (`https://bilibili.com/video/av116689597368905`) confirms real-device interest. Added env-driven OpenHarmony SDK setup, OHOS platform guards/fallbacks, self-update disablement, and OHOS target gating for Starlark execpolicy parsing plus PTY support so published OHOS builds do not pull `nix` 0.28 through `rustyline` or `portable-pty`. `./scripts/release/check-ohos-deps.sh` now guards the OHOS graph against `nix` 0.28/0.29, `portable-pty`, `starlark`, `arboard`, and `keyring`; `cargo check --workspace --all-features --locked` and focused PTY/clipboard tests passed. Full OHOS target check is blocked on this host because `OHOS_NATIVE_SDK`/target CC/sysroot are not configured and `ring` cannot find `assert.h`. |
 | #2687 append-only mode/approval prompt | Defer direct merge; draft has compile failures and Plan-mode prompt correctness risks. | Any future harvest must keep stable `message[0]` genuinely mode-agnostic, preserve mode/approval suffixes after capacity replans, and distinguish external overrides from persisted generated prompts. |
 | #2581 provider fallback chain design doc | Manually harvested as `docs/rfcs/2574-provider-fallback-chain.md` because the current PR head has no net file changes. | Keep issue #2574 open for implementation; close/comment on #2581 after the integration branch is public, crediting @idling11 and reporter @hsdbeebou. |
 | #2530 mention depth-cap hint | Already present in the current v0.9 stack as `a97675824` and `29f57665e`. | `cargo test -p codewhale-tui --locked try_autocomplete_file_mention_no_match` passed. |
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+# Guard the OpenHarmony target dependency graph.
+#
+# This check intentionally does not require an OpenHarmony SDK or sysroot. It
+# only asks Cargo to resolve the codewhale-tui dependency graph for the OHOS
+# target and fails if crates known to break or be unsupported on OHOS re-enter
+# that graph.
+set -euo pipefail
+
+cd "$(dirname "$0")/../.."
+
+target="${1:-aarch64-unknown-linux-ohos}"
+package="${CODEWHALE_OHOS_DEP_PACKAGE:-codewhale-tui}"
+
+tree="$(
+  cargo tree \
+    --locked \
+    --package "${package}" \
+    --all-features \
+    --target "${target}" \
+    --prefix none \
+    --no-dedupe
+)"
+
+disallowed="$(
+  grep -E '^(nix v0\.(28|29)\.|portable-pty v|starlark v|arboard v|keyring v)' <<<"${tree}" || true
+)"
+
+if [[ -n "${disallowed}" ]]; then
+  {
+    echo "::error::OHOS target graph for ${package} includes unsupported dependencies:"
+    echo "${disallowed}"
+    echo
+    echo "The OpenHarmony port avoids the rustyline/starlark/portable-pty/nix chain"
+    echo "by target-gating those crates away from target_env=ohos. Keep this graph"
+    echo "clean unless a real OHOS-compatible dependency update lands."
+  } >&2
+  exit 1
+fi
+
+echo "OHOS dependency graph OK for ${package} on ${target}."
@@ -96,10 +96,22 @@ if [[ -z "${compare_line}" ]]; then
  fail=1
 fi

+unreleased_section="$(
+  awk '
+    index($0, "## [Unreleased]") == 1 { in_section = 1; print; next }
+    in_section && /^## \[/ { exit }
+    in_section { print }
+  ' CHANGELOG.md
+)"
+credit_sections="${current_section}
+${unreleased_section}"
+
 # 6) Contributor-credit cross-check for README additions on the release branch.
 # This cannot prove every external PR author has been credited, but it does
 # catch the common release-polish failure mode: adding a README contributor row
-# without mentioning that credit/correction in the current release entry.
+# without mentioning that credit/correction in the current release entry. While
+# a release branch is still unbumped, `[Unreleased]` is also a valid credit
+# surface.
 previous_tag=""
 current_tag="v${workspace_version}"
 if [[ "${compare_line}" =~ compare/(v[0-9]+\.[0-9]+\.[0-9]+)\.\.\.${current_tag} ]]; then
@@ -114,8 +126,8 @@ if [[ -n "${previous_tag}" ]]; then
      [[ -z "${line}" ]] && continue
      handle="$(sed -E 's#.*github.com/([^)/]+).*#\1#' <<<"${line}")"
      if [[ -n "${handle}" && "${handle}" != "${line}" ]]; then
-        if ! grep -Fq "github.com/${handle}" <<<"${current_section}" && ! grep -Fq "@${handle}" <<<"${current_section}"; then
-          echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} does not mention that credit." >&2
+        if ! grep -Fq "github.com/${handle}" <<<"${credit_sections}" && ! grep -Fq "@${handle}" <<<"${credit_sections}"; then
+          echo "::error::README.md adds contributor @${handle}, but CHANGELOG.md ${workspace_version} or [Unreleased] does not mention that credit." >&2
          fail=1
        fi
      fi