Skip to content

feat: add Orgo provider#458

Open
zozo123 wants to merge 16 commits into
openclaw:mainfrom
zozo123:codex/orgo-live-smoke
Open

feat: add Orgo provider#458
zozo123 wants to merge 16 commits into
openclaw:mainfrom
zozo123:codex/orgo-live-smoke

Conversation

@zozo123

@zozo123 zozo123 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a delegated-run Orgo provider for Linux cloud computers.

  • Registers provider: orgo with alias orgo-ai.
  • Creates an owned workspace/computer, waits for readiness, runs Bash commands through the API, and performs guarded cleanup.
  • Resumes stopped, suspended, or stopping reused computers before command execution.
  • Keeps Orgo outside SSH/rsync and coordinator flows; runs require --no-sync.
  • Adds provider configuration, docs, generated metadata, fake-API lifecycle coverage, and a guarded shared live harness.

Maintainer hardening

  • Restricts destructive stop operations to exact local Orgo claims; stop rejects raw unclaimed computer IDs.
  • Retains claims when API 404 responses are authorization-ambiguous; partial cleanup retries only after an accessible workspace inventory proves the computer absent.
  • Bounds rollback and deferred cleanup contexts.
  • Handles terminal startup/status states without five-minute hangs.
  • Starts reused computers through the official action endpoint before Bash execution.
  • Applies unsupported machine-sizing validation to canonical and normalized alias names.
  • Keeps credentials out of argv, repository config, and proof output; redacts echoed secrets from provider errors.
  • Requires live Bash proof to report success: true and the expected marker.

Verification

Exact candidate: 7bc64fd2b085869a3d132ee13655261e44972b9d

  • go test -race ./internal/providers/orgo -count=1
  • go test -race ./internal/cli -run '^TestControllerGetReconcilesProviderExpiry$' -count=10
  • go vet ./...
  • go test -race ./internal/providers/orgo ./internal/providers/all ./internal/cli -run 'Orgo|orgo|TestController(GetReconcilesProviderExpiry|RestartDoesNotReacquireMissingKnownLease)' -count=1
  • node --test scripts/live-smoke.test.js (59/59)
  • bash -n scripts/live-smoke.sh
  • node scripts/build-docs-site.mjs
  • go build -trimpath -o bin/crabbox ./cmd/crabbox
  • focused AutoReview after accepted fixes: clean

Remaining live gate

Do not merge yet.

  1. Branch-wide security review found that a provider create request can commit remotely but return a timeout, transport failure, 429, 5xx, or identity-less 2xx. A bounded in-memory lookup is not enough: safe cleanup requires a durable pre-create recovery record plus later reconciliation/cleanup semantics. That storage/lifecycle contract is larger than this provider PR and must be designed before landing.
  2. CRABBOX_LIVE=1 CRABBOX_LIVE_PROVIDERS=orgo scripts/live-smoke.sh is ready to prove create, command execution, and successful resource deletion on this exact candidate, but no Orgo credential is currently available for the canary.

@zozo123 zozo123 marked this pull request as ready for review June 18, 2026 11:11
@clawsweeper

clawsweeper Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs real behavior proof before merge. Reviewed July 5, 2026, 7:55 AM ET / 11:55 UTC.

Summary
The PR adds a built-in delegated-run Orgo provider with Orgo config, registration, docs, generated metadata, fake API lifecycle coverage, live-smoke wiring, and a WebVNC resolved-provider hint fix.

Reproducibility: yes. for the review blockers by source inspection: the branch creates the remote computer before a durable claim, surfaces raw Orgo error bodies, and modifies CHANGELOG.md. No hosted Orgo runtime behavior has been reproduced with real credentials.

Review metrics: 3 noteworthy metrics.

  • PR surface: 23 files changed, +3283/-7. The branch spans provider code, CLI config, docs, generated metadata, live-smoke scripts, and tests, so proof and security gates matter before merge.
  • Status checks: 6 successful, 0 failing, 0 pending. Green CI confirms the normal checks are passing, but it does not prove hosted Orgo lifecycle behavior.
  • Release-owned files: 1 changed. CHANGELOG.md is still modified even though release notes should stay out of normal feature PRs.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #449
Summary: This PR is the implementation candidate for the open Orgo provider request.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🧂 unranked krab
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Post redacted hosted Orgo lifecycle proof showing create, command execution, and successful cleanup with private data removed.
  • [P1] Resolve the durable pre-create recovery contract and add focused coverage for the failure mode.
  • Remove the release-owned CHANGELOG.md entry.

Proof guidance:

  • [P1] Needs real behavior proof before merge: Only fake API/CI validation is present and comments say no hosted Orgo credential is available; post a redacted live run or terminal/log transcript showing create, command execution, and cleanup, then update the PR body for re-review.

Risk before merge

  • [P1] A committed Orgo create whose response is lost, timed out, rate-limited, or malformed can leave a remote computer/workspace outside durable Crabbox cleanup.
  • [P1] Non-2xx Orgo responses can echo the API key or Authorization header into CLI-visible errors because the body is surfaced raw.
  • [P1] The branch has only fake API and CI validation; no hosted Orgo create/run/delete proof with real credentials has been posted.
  • [P1] The branch edits release-owned CHANGELOG.md, which should stay out of normal feature PRs.

Maintainer options:

  1. Fix recovery and proof before merge (recommended)
    Require a durable pre-create recovery/cleanup contract, Orgo error redaction, release-note cleanup, and redacted live create/run/delete proof before landing.
  2. Accept Orgo-specific risk
    Maintainers can explicitly accept the remote orphan risk after reviewing the security tradeoff and live proof, but CI alone should not settle it.
  3. Pause the provider addition
    If the shared recovery contract is out of scope, pause or close this PR and keep Add support orgo as provider #449 as the product request.

Next step before merge

  • [P1] Manual review is needed because the remaining blocker is a provider recovery/security contract plus hosted credentials, not a narrow automation repair.

Maintainer decision needed

  • Question: Should this Orgo provider wait for a durable pre-create recovery contract before merge, or may maintainers explicitly accept the bounded orphan-cleanup risk for this provider?
  • Rationale: The branch itself identifies a storage/lifecycle contract gap that affects remote resource ownership and cleanup; automation should not choose that security and product boundary.
  • Likely owner: steipete — Recent main history and branch commits put this person closest to provider cleanup, credential redaction, and the remaining Orgo security gate.
  • Options:
    • Require recovery and proof first (recommended): Keep the PR open but block merge until durable recovery/redaction fixes and redacted hosted Orgo lifecycle proof are present.
    • Accept bounded risk explicitly: A maintainer may choose to land with documented Orgo-specific orphan risk after live proof, but that should be an explicit security-boundary sign-off.
    • Pause or close until contract exists: If the recovery contract is too large for this PR, pause or close the provider addition and revive it when the shared cleanup design is ready.

Security
Needs attention: The diff still has concrete credential and remote-resource cleanup concerns before merge.

Review findings

  • [P1] Persist recovery before remote Orgo creates — internal/providers/orgo/backend.go:354
  • [P1] Redact Orgo error bodies before surfacing them — internal/providers/orgo/client.go:315
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:7
Review details

Best possible solution:

Land Orgo only after durable pre-create recovery or an approved equivalent cleanup contract exists, Orgo HTTP errors redact secrets, release notes move out of CHANGELOG.md, and redacted live proof shows create, command execution, and cleanup.

Do we have a high-confidence way to reproduce the issue?

Yes for the review blockers by source inspection: the branch creates the remote computer before a durable claim, surfaces raw Orgo error bodies, and modifies CHANGELOG.md. No hosted Orgo runtime behavior has been reproduced with real credentials.

Is this the best way to solve the issue?

No. A built-in Orgo provider may be useful, but this branch is not the safest merge path until the recovery contract, redaction, release-note ownership, and live proof gaps are resolved.

Full review comments:

  • [P1] Persist recovery before remote Orgo creates — internal/providers/orgo/backend.go:354
    The provider calls the remote create API before any durable local claim or recovery record exists. If Orgo creates the computer but the response is lost, times out, returns 429/5xx, or omits identity, Crabbox has no durable identity to reconcile or delete later; the PR body also calls this out as a remaining merge gate.
    Confidence: 0.92
  • [P1] Redact Orgo error bodies before surfacing them — internal/providers/orgo/client.go:315
    Non-2xx responses are stored as string(data) and Error() prints that body unchanged. If Orgo or a custom API base echoes the API key or Authorization header, the CLI can leak the credential in user-visible errors.
    Confidence: 0.94
  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:7
    The branch still adds a CHANGELOG.md entry, but this repository keeps release notes release-owned for normal PRs. Keep the user-visible release context in the PR body or commit message instead.
    Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.92

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 8b1242493774.

Label changes

Label justifications:

  • P2: This is a normal-priority provider feature with limited blast radius, but it has merge blockers rather than an active emergency.
  • merge-risk: 🚨 security-boundary: The diff touches remote provider mutation and credentials, with unresolved orphan cleanup and unredacted API error body risks.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🧂 unranked krab.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Only fake API/CI validation is present and comments say no hosted Orgo credential is available; post a redacted live run or terminal/log transcript showing create, command execution, and cleanup, then update the PR body for re-review.
Evidence reviewed

Security concerns:

  • [high] Remote Orgo creates lack durable recovery — internal/providers/orgo/backend.go:354
    CreateComputer can commit remotely before Crabbox persists a claim or recovery record, so response failures can leave provider-owned compute outside reliable cleanup.
    Confidence: 0.9
  • [high] Orgo HTTP error bodies are not redacted — internal/providers/orgo/client.go:315
    The HTTP client returns non-2xx response bodies unchanged, allowing an upstream/custom error response that echoes secrets to leak credentials in CLI output.
    Confidence: 0.94

What I checked:

  • AGENTS.md policy applied: Repository policy keeps provider-specific lifecycle and security behavior behind provider adapters, treats generated outputs as generated, and warns against passing secrets on argv; those points informed the provider/security review. (AGENTS.md:1, 8b1242493774)
  • Current main does not already implement Orgo: A current-main search for Orgo provider names found no implementation, so the PR is not obsolete or implemented on main. (8b1242493774)
  • PR registers a new delegated-run provider: The branch registers provider name orgo, alias orgo-ai, delegated-run kind, Linux target, and no coordinator use. (internal/providers/orgo/provider.go:19, 7bc64fd2b085)
  • Remote create precedes durable claim: createComputer calls client.CreateComputer before claimLease, so a committed remote create with a lost/error response can lack durable recovery metadata. (internal/providers/orgo/backend.go:354, 7bc64fd2b085)
  • HTTP error body is surfaced raw: The HTTP client stores string(data) directly in orgoHTTPError.Body, and the error formatter prints the body without redacting the configured API key. (internal/providers/orgo/client.go:315, 7bc64fd2b085)
  • Release-owned changelog is modified: The branch still adds an Orgo entry to CHANGELOG.md, which this review policy treats as release-owned for normal PRs. (CHANGELOG.md:7, 7bc64fd2b085)

Likely related people:

  • steipete: Recent main commits cover provider cleanup ownership, repository config trust, and credential redaction, and this person authored many Orgo hardening commits on the branch. (role: recent provider security and cleanup contributor; confidence: high; commits: 574e917a6e3c, 85efe354ab2f, b62586c99afb; files: internal/providers/all/all.go, internal/cli/credential_provenance.go, internal/providers/orgo/backend.go)
  • vincentkoc: Recent main history and PR comments show work on provider live-smoke dispatch, provider lifecycle docs, and Orgo validation/proof gating. (role: recent live-smoke and provider-docs contributor; confidence: high; commits: 8bfebcffa7e4, 0c9fda4632dc, 44778fe4660b; files: scripts/live-smoke.sh, scripts/live-smoke.test.js, docs/providers/README.md)
  • Coy Geek: Recent provider work introduced adjacent ambiguous-launch, orphan metadata, and rollback patterns that are directly relevant to Orgo create/cleanup safety. (role: adjacent lifecycle recovery contributor; confidence: medium; commits: fba067282b84, 959abdacf59a, 16744f30c9f4; files: internal/providers/lambda, internal/providers/coder)
  • zozo123: Beyond this PR, prior main history includes delegated-run and provider work such as OpenComputer, FastAPI Cloud, Freestyle, smolvm, and Slurm external-provider examples. (role: feature origin and adjacent provider contributor; confidence: medium; commits: 3b92643ab361, e079b3dde742, 8b246f6f96b7; files: internal/providers/opencomputer, internal/providers/fastapicloud, internal/providers/freestyle)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (3 earlier review cycles)
  • reviewed 2026-07-03T20:50:37.403Z sha 23b6847 :: needs real behavior proof before merge. :: [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-05T11:34:25.438Z sha 7bc64fd :: needs real behavior proof before merge. :: [P1] Persist recovery before remote Orgo creates | [P1] Redact Orgo error bodies before surfacing them | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-05T11:39:17.236Z sha 7bc64fd :: needs real behavior proof before merge. :: [P1] Persist recovery before remote Orgo creates | [P1] Redact Orgo error bodies before surfacing them | [P3] Remove the release-owned changelog entry

@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jun 18, 2026
@zozo123 zozo123 force-pushed the codex/orgo-live-smoke branch 2 times, most recently from d9aab2f to 482bc1b Compare June 20, 2026 23:02
@steipete steipete force-pushed the codex/orgo-live-smoke branch 3 times, most recently from 8f551f1 to 6709b30 Compare June 22, 2026 08:43
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jun 22, 2026
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 6709b30 to 7e56248 Compare June 22, 2026 16:10
@steipete

Copy link
Copy Markdown
Contributor

@clawsweeper re-review

Rebased onto current main and fixed the review findings: provider and live-smoke readiness polling now wait for running state, terminal startup failures clean up resources, and provider capabilities satisfy current registry conformance. Exact head: 7e5624855596586ca947eed50906a82b64d31fbf.

@clawsweeper

clawsweeper Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@zozo123

zozo123 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from 7e56248 to 5c9ff32 Compare June 24, 2026 04:41
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 24, 2026
@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated #458 to current main and pushed head 5c9ff329cb5b2e79a57aa0031f34cde2b8c51289.

Validation now completed:

  • GitHub CI is green: 6 successful, 0 failing, 0 pending on https://github.com/openclaw/crabbox/actions/runs/28075644227.
  • Local validation passed: go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox, node --test scripts/live-smoke.test.js, provider matrix/docs checks, go vet ./..., go build -trimpath -o bin/crabbox ./cmd/crabbox, and full go test ./....
  • Rebase conflicts were resolved by preserving current generated provider matrix state, regenerating it to 66 providers with Orgo included, and keeping both newer Morph live-smoke coverage and Orgo live-smoke coverage.

I am not merging this yet while status: 📣 needs proof remains. The remaining external proof is hosted Orgo lifecycle behavior with real credentials: create workspace/computer, wait to running, execute command, delete computer/workspace, and show no leaked token/output.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Pushed maintainer fixes for the concrete security/release findings.

Head: 3de3cb8bf89f3d8e603f6c646c8c7cf1abae6d0e

Changes made:

  • non-2xx Orgo HTTP response bodies are redacted with the configured API key before the error is surfaced
  • added TestHTTPErrorRedactsAPIKeyFromResponseBody, covering both Bearer <key> and raw key echoes from a custom/upstream API response
  • removed the release-owned CHANGELOG.md entry and kept release-note context in the PR body

Local validation passed on this head:

go test ./internal/providers/orgo
go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox
node --test scripts/live-smoke.test.js
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs
go vet ./...
go build -trimpath -o bin/crabbox ./cmd/crabbox
git diff --check

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

Public CI is now green on current head 3de3cb8bf89f3d8e603f6c646c8c7cf1abae6d0e: https://github.com/openclaw/crabbox/actions/runs/28084529432.

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated the PR body with the canonical summary, validation evidence, and remaining merge gate for current head. No code changes in this update.

Still not merging unless the live proof labels clear and the provider-specific proof/contract gate is satisfied.

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from 3de3cb8 to a13a41a Compare June 24, 2026 13:54
@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Rebased Orgo onto current main and refreshed the generated provider matrix count.

Head: a13a41ac2543af91594e6d6e84f96792c6864d9f

Change made:

  • regenerated provider docs metadata after rebase; current built-in surface now reports 67 providers

Local validation passed:

go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox
node --test scripts/live-smoke.test.js
node scripts/generate-provider-matrix.mjs --check
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs
go vet ./...
go build -trimpath -o bin/crabbox ./cmd/crabbox
git diff --check

Public CI is green on this head: https://github.com/openclaw/crabbox/actions/runs/28103708184

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from a13a41a to 8cb00c2 Compare June 24, 2026 15:53
@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Rebased Orgo onto current main after the Slurm and Coder provider landings and refreshed the provider matrix count.

Head: 8cb00c22c5297179e574940ebe2c142f1dc6b0c2

Change made:

  • resolved provider matrix drift after the new Slurm and Coder providers landed; current built-in surface now reports 68 providers

Validation passed on the rebased head:

git diff --check
go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox
node --test scripts/live-smoke.test.js
node scripts/generate-provider-matrix.mjs --check
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: needs proof / security-boundary remain.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated the PR body to current head 8cb00c22c5297179e574940ebe2c142f1dc6b0c2 and the current CI run: https://github.com/openclaw/crabbox/actions/runs/28111473550

No code changes in this update. The remaining gate is still hosted Orgo lifecycle proof with real credentials; there are no Orgo API credentials in this environment.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Current head 8cb00c22c5297179e574940ebe2c142f1dc6b0c2 now has green public CI: 8 successful, 0 failing, 0 pending on https://github.com/openclaw/crabbox/actions/runs/28111473550.

Additional local reproduction while checking the earlier pending jobs:

  • goreleaser release --snapshot --clean --skip=publish passed locally in the feat: add Orgo provider #458 worktree.
  • go test ./internal/cli -covermode=atomic -count=1 -v passed locally after investigating a transient coverage-run flake.

Still not merging: hosted Orgo lifecycle proof remains blocked by missing real Orgo credentials, and status: needs proof / security-boundary remain the merge gate.

@clawsweeper clawsweeper Bot removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 24, 2026
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 8cb00c2 to 23b6847 Compare July 3, 2026 20:41
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 3, 2026
@clawsweeper

clawsweeper Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

zozo123 and others added 16 commits July 5, 2026 04:16
Drives the real *orgoHTTPClient through the delegated-run backend against a
fake Orgo REST API (httptest), covering the full lifecycle: create workspace,
create computer, run bash, delete computer, delete workspace. Asserts the
Bearer auth header, exit code, SyncDelegated, stdout, and that every expected
API endpoint is hit.

No real secrets: the API key is a dummy value via CRABBOX_ORGO_API_KEY and the
base URL is the in-process test server via CRABBOX_ORGO_API_BASE, so the test
never reaches the live Orgo API.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 23b6847 to 7bc64fd Compare July 5, 2026 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants