chore: promote staging to staging-promote/89203225-23327092672 (2026-03-20 04:32 UTC)

.env.example

@@ -4,7 +4,7 @@ DATABASE_POOL_SIZE=10
 
 # LLM Provider
 # LLM_BACKEND=nearai           # default
-# Possible values: nearai, ollama, openai_compatible, openai, anthropic, tinfoil
+# Possible values: nearai, ollama, openai_compatible, openai, anthropic, github_copilot, tinfoil, openai_codex, gemini_oauth
 # LLM_REQUEST_TIMEOUT_SECS=120  # Increase for local LLMs (Ollama, vLLM, LM Studio)
 
 # === Anthropic Direct ===
@@ -24,14 +24,25 @@ DATABASE_POOL_SIZE=10
 # LLM_USE_CODEX_AUTH=true
 # CODEX_AUTH_PATH=~/.codex/auth.json
 
+# === GitHub Copilot ===
+# Uses the OAuth token from your Copilot IDE sign-in (for example
+# ~/.config/github-copilot/apps.json on Linux/macOS), or run `ironclaw onboard`
+# and choose the GitHub device login flow.
+# LLM_BACKEND=github_copilot
+# GITHUB_COPILOT_TOKEN=gho_...
+# GITHUB_COPILOT_MODEL=gpt-4o
+# IronClaw injects standard VS Code Copilot headers automatically.
+# Optional advanced headers for custom overrides:
+# GITHUB_COPILOT_EXTRA_HEADERS=Copilot-Integration-Id:vscode-chat
+
 # === NEAR AI (Chat Completions API) ===
 # Two auth modes:
 #   1. Session token (default): Uses browser OAuth (GitHub/Google) on first run.
 #      Session token stored in ~/.ironclaw/session.json automatically.
 #      Base URL defaults to https://private.near.ai
 #   2. API key: Set NEARAI_API_KEY to use API key auth from cloud.near.ai.
 #      Base URL defaults to https://cloud-api.near.ai
-NEARAI_MODEL=zai-org/GLM-5-FP8
+NEARAI_MODEL=Qwen/Qwen3.5-122B-A10B
 NEARAI_BASE_URL=https://private.near.ai
 NEARAI_AUTH_URL=https://private.near.ai
 # NEARAI_SESSION_TOKEN=sess_...                  # hosting providers: set this
@@ -92,6 +103,30 @@ NEARAI_AUTH_URL=https://private.near.ai
 #   long  = 1-hour TTL, 2.0× (200%) write surcharge
 # ANTHROPIC_CACHE_RETENTION=short
 
+# === OpenAI Codex (ChatGPT subscription, OAuth) ===
+# LLM_BACKEND=openai_codex
+# OPENAI_CODEX_MODEL=gpt-5.3-codex              # default
+# OPENAI_CODEX_CLIENT_ID=app_EMoamEEZ73f0CkXaXp7hrann  # override (rare)
+# OPENAI_CODEX_AUTH_URL=https://auth.openai.com  # override (rare)
+# OPENAI_CODEX_API_URL=https://chatgpt.com/backend-api/codex  # override (rare)
+
+# === Google Gemini (OAuth, Gemini CLI compatible) ===
+# LLM_BACKEND=gemini_oauth
+# GEMINI_MODEL=gemini-2.5-flash                  # default
+# GEMINI_CREDENTIALS_PATH=~/.gemini/oauth_creds.json  # default
+# GEMINI_API_KEY=...                             # optional: use API key instead of OAuth
+# GEMINI_API_KEY_AUTH_MECHANISM=query             # "query" (default) or "header"
+# GEMINI_SAFETY_BLOCK_NONE=true                  # disable safety filters (default: false)
+# GEMINI_CLI_CUSTOM_HEADERS=Key:Value,Key2:Value2
+# GEMINI_TOP_P=0.95
+# GEMINI_TOP_K=40
+# GEMINI_SEED=42
+# GEMINI_PRESENCE_PENALTY=0.0
+# GEMINI_FREQUENCY_PENALTY=0.0
+# GEMINI_RESPONSE_MIME_TYPE=application/json
+# GEMINI_RESPONSE_JSON_SCHEMA={"type":"object"}
+# GEMINI_CACHED_CONTENT=cachedContents/abc123
+
 # For full provider setup guide see docs/LLM_PROVIDERS.md
 
 # Channel Configuration

.github/workflows/e2e.yml

@@ -54,7 +54,7 @@ jobs:
           - group: features
             files: "tests/e2e/scenarios/test_skills.py tests/e2e/scenarios/test_tool_approval.py tests/e2e/scenarios/test_webhook.py"
           - group: extensions
-            files: "tests/e2e/scenarios/test_extensions.py tests/e2e/scenarios/test_extension_oauth.py tests/e2e/scenarios/test_telegram_token_validation.py tests/e2e/scenarios/test_telegram_hot_activation.py tests/e2e/scenarios/test_wasm_lifecycle.py tests/e2e/scenarios/test_tool_execution.py tests/e2e/scenarios/test_pairing.py tests/e2e/scenarios/test_mcp_auth_flow.py tests/e2e/scenarios/test_oauth_credential_fallback.py tests/e2e/scenarios/test_routine_oauth_credential_injection.py"
+            files: "tests/e2e/scenarios/test_extensions.py tests/e2e/scenarios/test_extension_oauth.py tests/e2e/scenarios/test_oauth_url_parameters.py tests/e2e/scenarios/test_telegram_token_validation.py tests/e2e/scenarios/test_telegram_hot_activation.py tests/e2e/scenarios/test_wasm_lifecycle.py tests/e2e/scenarios/test_tool_execution.py tests/e2e/scenarios/test_pairing.py tests/e2e/scenarios/test_mcp_auth_flow.py tests/e2e/scenarios/test_oauth_credential_fallback.py tests/e2e/scenarios/test_routine_oauth_credential_injection.py"
           - group: routines
             files: "tests/e2e/scenarios/test_owner_scope.py tests/e2e/scenarios/test_routine_event_batch.py"
     steps:

.github/workflows/regression-test-check.yml

@@ -121,6 +121,7 @@ jobs:
           fi
 
           # Whole-function context: detect edits inside existing test functions.
+          # Uses -W (whole function) which works when git recognises function boundaries.
           if git diff "${BASE_REF}...${HEAD_REF}" -W -- '*.rs' | awk '
             /^@@/           { if (has_test && has_add) { found=1; exit } has_test=0; has_add=0 }
             /^ .*#\[test\]/ || /^ .*#\[tokio::test\]/ || /^ .*#\[cfg\(test\)\]/ || /^ .*mod tests/ { has_test=1 }
@@ -132,6 +133,40 @@ jobs:
             exit 0
           fi
 
+          # Line-level check: detect changes inside #[cfg(test)] mod blocks.
+          # git -W relies on function boundary detection which misses Rust mod blocks,
+          # so this fallback checks whether changed line numbers fall within test modules.
+          # We specifically match #[cfg(test)] that is followed by `mod` (same or next
+          # line) to avoid false positives from standalone #[cfg(test)] items like
+          # individual statics or functions.
+          CHANGED_RS=$(echo "$CHANGED_FILES" | grep '\.rs$' || true)
+          if [ -n "$CHANGED_RS" ]; then
+            while IFS= read -r rs_file; do
+              [ -f "$rs_file" ] || continue
+
+              # Find the line where #[cfg(test)] precedes a `mod` declaration.
+              # Handles both `#[cfg(test)] mod tests` (same line) and the two-line form.
+              TEST_MOD_START=$(awk '
+                /^[[:space:]]*#\[cfg\(test\)\].*mod / { print NR; exit }
+                /^[[:space:]]*#\[cfg\(test\)\][[:space:]]*$/ { pending=NR; next }
+                pending && /^[[:space:]]*mod / { print pending; exit }
+                { pending=0 }
+              ' "$rs_file")
+              [ -n "$TEST_MOD_START" ] || continue
+
+              # Get changed line numbers in this file from the diff hunk headers.
+              # Each @@ line looks like: @@ -old,count +new,count @@
+              while IFS= read -r hunk_line; do
+                line_no=$(echo "$hunk_line" | sed -E 's/^@@ -[0-9,]+ \+([0-9]+).*/\1/')
+                [ -n "$line_no" ] || continue
+                if [ "$line_no" -ge "$TEST_MOD_START" ]; then
+                  echo "Test changes found: $rs_file has changes at line $line_no inside #[cfg(test)] mod block (starts at line $TEST_MOD_START)."
+                  exit 0
+                fi
+              done < <(git diff "${BASE_REF}...${HEAD_REF}" -U0 -- "$rs_file" | grep -E '^@@')
+            done <<< "$CHANGED_RS"
+          fi
+
           if grep -qE '^tests/' <<< "$CHANGED_FILES"; then
             echo "Test file changes found under tests/."
             exit 0

.github/workflows/test.yml

@@ -12,6 +12,7 @@ jobs:
   tests:
     name: Tests (${{ matrix.name }})
     runs-on: ubuntu-latest
+    timeout-minutes: 45
     strategy:
       fail-fast: false
       matrix:
@@ -40,11 +41,14 @@ jobs:
       - name: Build WASM channels (for integration tests)
         run: ./scripts/build-wasm-extensions.sh --channels
       - name: Run Tests
-        run: cargo test ${{ matrix.flags }} -- --nocapture
+        run: |
+          timeout --signal=INT --kill-after=30s 40m \
+            cargo test ${{ matrix.flags }} -- --nocapture
 
   heavy-integration-tests:
     name: Heavy Integration Tests
     runs-on: ubuntu-latest
+    timeout-minutes: 20
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
@@ -58,24 +62,31 @@ jobs:
       - name: Build Telegram WASM channel
         run: cargo build --manifest-path channels-src/telegram/Cargo.toml --target wasm32-wasip2 --release
       - name: Run thread scheduling integration tests
-        run: cargo test --no-default-features --features libsql,integration --test e2e_thread_scheduling -- --nocapture
+        run: |
+          timeout --signal=INT --kill-after=30s 15m \
+            cargo test --no-default-features --features libsql,integration --test e2e_thread_scheduling -- --nocapture
       - name: Run Telegram thread-scope regression test
-        run: cargo test --features integration --test telegram_auth_integration test_private_messages_use_chat_id_as_thread_scope -- --exact
+        run: |
+          timeout --signal=INT --kill-after=30s 10m \
+            cargo test --features integration --test telegram_auth_integration test_private_messages_use_chat_id_as_thread_scope -- --exact
 
   telegram-tests:
     name: Telegram Channel Tests
     if: >
       github.event_name != 'pull_request' ||
       github.base_ref != 'staging'
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
       - uses: Swatinem/rust-cache@v2
       - name: Run Telegram Channel Tests
-        run: cargo test --manifest-path channels-src/telegram/Cargo.toml -- --nocapture
+        run: |
+          timeout --signal=INT --kill-after=30s 10m \
+            cargo test --manifest-path channels-src/telegram/Cargo.toml -- --nocapture
 
   windows-build:
     name: Windows Build (${{ matrix.name }})
@@ -110,6 +121,7 @@ jobs:
       github.event_name != 'pull_request' ||
       github.base_ref != 'staging'
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
@@ -125,7 +137,9 @@ jobs:
       - name: Build all WASM extensions against current WIT
         run: ./scripts/build-wasm-extensions.sh
       - name: Instantiation test (host linker compatibility)
-        run: cargo test --all-features wit_compat -- --nocapture
+        run: |
+          timeout --signal=INT --kill-after=30s 20m \
+            cargo test --all-features wit_compat -- --nocapture
 
   bench-compile:
     name: Benchmark Compilation

AGENTS.md

@@ -1,6 +1,94 @@
 # Agent Rules
 
-## Feature Parity Update Policy
+## Purpose and Precedence
 
+- `AGENTS.md` is the quick-start contract for coding agents. It is not the full architecture spec.
+- Read the relevant subsystem spec before changing a complex area. When a repo spec exists, treat it as authoritative.
+Start with these deeper docs as needed:
+- `CLAUDE.md`
+- `src/agent/CLAUDE.md`
+- `src/channels/web/CLAUDE.md`
+- `src/db/CLAUDE.md`
+- `src/llm/CLAUDE.md`
+- `src/setup/README.md`
+- `src/tools/README.md`
+- `src/workspace/README.md`
+- `src/NETWORK_SECURITY.md`
+- `tests/e2e/CLAUDE.md`
+
+## Architecture Mental Model
+
+- Channels normalize external input into `IncomingMessage`; `ChannelManager` merges all active channel streams.
+- `Agent` owns session/thread/turn handling, submission parsing, the LLM/tool loop, approvals, routines, and background runtime behavior.
+- `AppBuilder` is the composition root that wires database, secrets, LLMs, tools, workspace, extensions, skills, hooks, and cost controls before the agent starts.
+- The web gateway is a browser-facing API/UI layered on top of the same agent/session/tool systems, not a separate product path.
+
+## Where to Work
+
+- Agent/runtime behavior: `src/agent/`
+- Web gateway/API/SSE/WebSocket: `src/channels/web/`
+- Persistence and DB abstractions: `src/db/`
+- Setup/onboarding/configuration flow: `src/setup/`
+- LLM providers and routing: `src/llm/`
+- Workspace, memory, embeddings, search: `src/workspace/`
+- Extensions, tools, channels, MCP, WASM: `src/extensions/`, `src/tools/`, `src/channels/`
+
+## Ownership and Composition Rules
+
+- Keep `src/main.rs` and `src/app.rs` orchestration-focused. Do not move module-owned logic into entrypoints.
+- Module-specific initialization should live in the owning module behind a public factory/helper, not be reimplemented ad hoc.
+- Keep feature-flag branching inside the module that owns the abstraction whenever possible.
+- Prefer extending existing traits and registries over hardcoding one-off integration paths.
+
+## Repo-Wide Coding Rules
+
+- Avoid `.unwrap()` and `.expect()` in production; prefer proper error handling. They are fine in tests, and in production only for truly infallible invariants (e.g., literals/regexes) with a safety comment.
+- Keep clippy clean with zero warnings.
+- Prefer `crate::` imports for cross-module references.
+- Use strong types and enums over stringly-typed control flow when the shape is known.
+
+## Database, Setup, and Config Rules
+
+- New persistence behavior must support both PostgreSQL and libSQL.
+- Add new DB operations to the shared DB trait first, then implement both backends.
+- Treat bootstrap config, DB-backed settings, and encrypted secrets as distinct layers; do not collapse them casually.
+- If onboarding or setup behavior changes, update `src/setup/README.md` in the same branch.
+- Do not break config precedence, bootstrap env loading, DB-backed config reload, or post-secrets LLM re-resolution.
+
+## Security and Runtime Invariants
+
+- Review any change touching listeners, routes, auth, secrets, sandboxing, approvals, or outbound HTTP with a security mindset.
+- Do not weaken bearer-token auth, webhook auth, CORS/origin checks, body limits, rate limits, allowlists, or secret-handling guarantees.
+- Treat Docker containers and external services as untrusted.
+- Session/thread/turn state matters. Submission parsing happens before normal chat handling.
+- Skills are selected deterministically. Tool approval and auth flows are special paths and must not be mixed into normal chat history carelessly.
+- Persistent memory is the workspace system, not just transcript storage; preserve file-like semantics, chunking/search behavior, and identity/system-prompt loading.
+
+## Tools, Channels, and Extensions
+
+- Use a built-in Rust tool for core internal capabilities tightly coupled to the runtime.
+- Use WASM tools or WASM channels for sandboxed extensions and plugin-style integrations.
+- Use MCP for external server integrations when the capability belongs outside the main binary.
+- Preserve extension lifecycle expectations: install, authenticate/configure, activate, remove.
+
+## Docs, Parity, and Testing
+
+- If behavior changes, update the relevant docs/specs in the same branch.
 - If you change implementation status for any feature tracked in `FEATURE_PARITY.md`, update that file in the same branch.
 - Do not open a PR that changes feature behavior without checking `FEATURE_PARITY.md` for needed status updates (`❌`, `🚧`, `✅`, notes, and priorities).
+- Add the narrowest tests that validate the change: unit tests for local logic, integration tests for runtime/DB/routing behavior, and E2E or trace coverage for gateway, approvals, extensions, or other user-visible flows.
+
+## Risk and Change Discipline
+
+- Keep changes scoped; avoid broad refactors unless the task truly requires them.
+- Security, database schema, runtime, worker, CI, and secrets changes are high-risk. Call out rollback risks, compatibility concerns, and hidden side effects.
+- Preserve existing defaults unless the task explicitly changes them.
+- Avoid unrelated file churn and generated-file edits unless required.
+- Respect a dirty worktree and never revert user changes you did not make.
+
+## Before Finishing
+
+- Confirm whether behavior changes require updates to `FEATURE_PARITY.md`, specs, API docs, or `CHANGELOG.md`.
+- Run the most targeted tests/checks that cover the change.
+- Re-check security-sensitive paths when touching auth, secrets, network listeners, sandboxing, or approvals.
+- Keep the final diff scoped to the task.

CLAUDE.md

@@ -158,6 +158,8 @@ src/
 │
 ├── secrets/            # Secrets management (AES-256-GCM, OS keychain for master key)
 │
+├── profile.rs          # Psychographic profile types, 9-dimension analysis framework
+│
 ├── setup/              # 7-step onboarding wizard — see src/setup/README.md
 │
 ├── skills/             # SKILL.md prompt extension system — see .claude/rules/skills.md