ai-workspace-lab/xworkmate-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b3f9d7e148
xworkmate-app/docs/cases/manual-bridge-login-state/README.md
Haitao Pan 6478f325f6
ci(release): load Vault secrets per-platform in build matrix (#44) 
* fix(artifacts): prioritize PDF deliverables in sidebar

* docs(cases): add gateway turn acceptance summary

* ci: add release/* branch source validation workflow (#19)

release/* 仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci: run desktop integration/patrol tests under xvfb (#22)

Headless Linux runners have no display, so 'flutter test integration_test'
fails to launch the GTK app ('The log reader stopped unexpectedly, or never
started'). Wrap integration/patrol layers in xvfb-run with a 24-bit screen
and install xvfb + mesa DRI driver for headless GL. macOS/local runs are
unaffected (no xvfb-run -> command runs directly).

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking

* fix: reveal artifact files without blocking (#20)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* Release/v1.1.5 (#25)

* ci: backport release/* source validation workflow to release/v1.1.5 (#21)

让现有 release/v1.1.5 分支自身包含门禁 workflow(pull_request_target 用 base 分支版本)。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking (#24)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update tested linux labels (#23)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* chore: sync app version to 1.1.5 (#26)

* fix: keep stopped gateway tasks out of pending queue

* chore: add ios release verification assets

* Fix managed bridge token priority

* fix: stabilize iOS login storage and mobile settings

* Refine assistant attachment payload handling

* Fix assistant continue task requeue

* Fix mobile account sign-in flow

* Fix ACP SSE no-result recovery

* Polish assistant UI and add Service Mesh video case

* feat(mobile): redesign mobile UX and iOS native experience

* feat(mobile): move configuration chips to + menu and add left drawer

* feat(mobile): redesign mobile ui to chatgpt minimalist style

* fix(mobile): tweak composer submit button size and wire up settings drawer

* fix(mobile): remove background from send button

* fix(mobile): use blue circle with upward arrow for send button

* feat(mobile): add navigation breadcrumb to return to chat from settings

* feat(mobile): refine composer ui with minimalist modern aesthetic

* Remove OpenClaw direct ACP route

* Add desktop navigation integration test

* Add desktop settings integration test

* Use remote workspace for OpenClaw execution

* Handle gateway default task workspace

* Keep sidebar task order stable

* Hide desktop agent dialog mode

* Release v1.1.3

* Fix Apple preflight for main builds

* Fix Apple preflight for main builds

* Fix Apple preflight for main builds

* Add bulk archive task selection

* Fix assistant skill picker loading

* Stabilize mobile provider sheet test

* chore: prepare v1.1.3 release metadata

* fix: unblock OpenClaw gateway task queue

* fix: keep running task follow-up in current thread

* fix: isolate openclaw e2e artifacts

* fix(assistant): pin task session on submit

* docs: record openclaw gateway e2e cases

* test: align openclaw e2e prompts

* refactor: classify gateway task load

* refactor: classify gateway task load

* feat: sync existing workspace directory artifacts recursively

* Use manual bridge config for ACP runtime

* Fix task refresh layout stability

* chore: update core integration cases and runtime helpers

* fix: stabilize complex openclaw artifact tasks

* fix: repair bridge login sync runtime state

* fix: repair bridge login sync runtime state

* Fix manual bridge save runtime config

* fix: use OpenClaw gateway protocol 4

* fix: use OpenClaw gateway protocol 4

* fix(openclaw): keep artifact runs session scoped

* chore(app): refresh build metadata

* fix(openclaw): recover final task snapshots

* fix(openclaw): recover long SSE task artifacts

* test(app): align thread artifact isolation assertions

* fix(openclaw): keep long artifact recovery synced

* feat(openclaw): implement artifact sync and ignore policies

* Reassociate OpenClaw tasks through Bridge control plane

* Preserve artifacts after interrupted bridge responses

* feat: Remote Desktop UI and Client WebRTC Integration

* refactor: simplify remote desktop UI and add maximize toggle

* fix(webrtc): pass SDP offer and answer as object to conform to backend format

* fix: revert sdpOffer to String to match Bridge SDP expectations

* feat: add runtime logs tab to settings page

* chore: prepare release v1.1.4 (app store compliance, remote desktop fixes, ci verification)

* fix: load nested bridge skills status

* fix(ci): parse provider catalog and gateway providers from capabilities fallback

* test: stabilize OpenClaw gateway active slot regression

* fix: WebRTC remote desktop connection, cleanup local fallback, and ignore .gradle cache

* feat: add collapse toggle to desktop control panel

* fix(runtime): restore skills loading and group rendering

* refactor(ui): eliminate unowned helper sprawl in assistant skill picker

* feat: improve webrtc keyboard mapping and add adaptive resolution default

* feat: improve webrtc keyboard mapping and add adaptive resolution default

* refactor(skills): clean Path B, add retry + auto-refresh, fix silent failures

- Remove Path B (direct WebSocket RPC), unify skills loading via ACP bridge sessionClient
- Delete skillsStatusPayloadInternal fragile nested-key parsing
- SkillsController: explicit error when offline (no more silent empty), auto-retry with 2s/4s backoff
- Auto-refresh on gateway connect via ChangeNotifier listener
- Gateway connect: concurrent Future.wait for independent controller refreshes
- UI: retry button in skill picker empty/error states
- Clean up skillsController from relayChildChangeInternal listeners

* refactor(skills): fix allowErrorPayload validation, improve auto-refresh guard

* feat(ui): apply BoxFit.fill for remote desktop WebRTC view to ensure no blank spaces

* refactor: remove multi-agent orchestration subsystem (Path B)

Remove the entire multi-agent collaboration execution path, including:
- MultiAgentOrchestrator and its 4-phase pipeline (Architect→Engineer→Tester→Iteration)
- ARIS framework preset and mount infrastructure
- Hardcoded model defaults (kimi-k2.5, minimax-m2.7, glm-5)
- Deprecated runCliPromptInternal() and its fallback call chain
- All related types: MultiAgentConfig, AgentWorkerConfig, MultiAgentRole, etc.

This collapses the architecture to a single clean path:
Flutter → GoTaskServiceClient → ACP Transport → Go Bridge → Remote Execution

2886 lines removed across 41 files.

* docs(cases): clean up test cases — remove ai-security-evolution scenario, fix issues

- Delete ai-security-evolution-content-scenario/ (8 files, referenced by removed MANUAL-LOCAL-001A)
- Remove MANUAL-LOCAL-001A from core-integration-manual-cases.md
- Fix duplicate section numbering (#5#6 for general thread scenarios)
- Remove misplaced workspace sync rules from MANUAL-ACP-004 (bridge auth case)
- Update README.md index

* test,docs: fix all stale references to deleted multi-agent subsystem

Test fixes (6 files, -303 lines):
- Delete app_controller_acp_mount_resilience_test.dart (entirely about deleted types)
- Remove multi-agent test cases from gateway_acp_client_auth_test.dart
- Rename _manifestWithDesktopMultiAgentEnabled → _defaultDesktopManifest
  in assistant_execution_target_test, assistant_lower_pane_test,
  mobile_assistant_page_test

Docs fixes (6 files):
- Regenerate public-symbol-inventory.json/md via make docs-public-api
- Remove multi-agent sections from public-api/models-and-config.md,
  app-orchestration.md, runtime-contracts.md
- Fix xworkmate/ → xworkmate-app/ paths in cloud-session doc
- Remove multiAgent references from app-external-service-api-test-matrix.md

* docs: add architecture README with categorized navigation

* docs(architecture): fix critical accuracy errors, stale refs, paths

Accuracy fixes:
- app-orchestration.md: remove non-existent constructor params
- models-and-config.md: remove wrong multiAgent field from SettingsSnapshot
- runtime-contracts.md: add missing multiAgent/collaborationMode/routingHint fields

Stale multi-agent refs:
- unified-routing-architecture.md: agent/multi-agent → agent (含 bridge 转发)
- bridge-runtime-routing-map.md: multi-agent tasks → multi-agent forwarding tasks
- cross-repo-task-state-workflow.md: remove multi-agent orchestration from mermaid
- runtime-contracts.md, feature-surfaces.md: 多 agent → agent

Organization:
- Move cloud-session-service and stage4-helper to archive/
- Fix 22 xworkmate/ → xworkmate-app/ paths in archive doc
- Fix XWorkmate.svc.plus repo name in simple-theme-default.md
- Update README.md index and public-api/README.md coverage stats (132/590)

* docs: rewrite README — fix repo name, remove stale multi-agent refs, add dependencies

- Title: XWorkmate → xworkmate-app
- Remove references to deleted multi-agent orchestration
- Fix download links: xworkmate.svc.plus → xworkmate-app
- Replace machine-specific /Users/shenlan/... paths with relative links
- Add Dependencies section: xworkmate-bridge, xworkspace-core-skills,
  openclaw-multi-session-plugins, playbooks
- Consolidate Learn More links to repo-relative paths

* fix desktop workspace stream fallback

* Fix WebRTC desktop video stream rendering and inputs

* refactor: eliminate dead codex_runtime methods, add anti-fallback policy

codex_runtime.dart (-290 lines):
- Remove 17 dead methods behind UnsupportedError guard
  (findCodexBinary, startStdio, request, startThread, resumeThread,
   sendMessage, interrupt, getAccount, listModels, listSkills, stop,
   dispose, _resolveLaunchConfiguration + 3 @visibleForTesting wrappers)
- Remove 10 dead fields (_process, _state, _pendingRequests, _events, etc.)
- Remove ChangeNotifier mixin (nothing to notify)
- Keep only model types, enums, and standalone helper functions

AGENTS.md (+21 lines):
- Add Fallback and Dead Code Elimination Policy section
- Forbidden: cascading fallbacks, lingering DEPRECATED code,
  dead code behind guards, silent catch blocks, redundant indirection,
  excessive JSON key probing
- Required: inline WHY comments on every retained fallback chain

Additional cleanup:
- gateway_acp_client.dart: remove unused _GatewayAcpSessionUpdate class
- runtime_controllers_entities.dart: replace _canRefreshThroughRuntime
  with runtimeInternal.isConnected
- runtime_models_gateway_entities.dart: relocate CollaborationAttachment

* Simplify RTCVideoView constraints and disable adaptive resolution by default

* refactor: remove stale runtime fallbacks

* fix: preserve openclaw failure artifacts

* fix: use default native track attach for desktop stream

* fix: poll openclaw task handle to terminal snapshot

* update architecture docs

* fix: finalize openclaw task polling results

* feat(xworkmate): optimize desktop thread actions and Go task service client

* docs: add cross-repo architecture chain maps and risk analysis

- Add 4 chain maps: task-execution, artifact-lifecycle, session-recovery, bridge-distributed
- Add cross-repo call analysis with top-10 fragile points
- Update AGENTS.md with 'Cross-Repo Architecture Chain Maps' section
- Document artifact path gap: OpenClaw tools output to ~/.openclaw/media/ but plugin export scans tasks/<session>/<run>/

* fix(webrtc): resolve remote desktop black screen by properly binding remote video tracks and removing legacy Plan B constraints

* fix: remaining webrtc stream and test artifact changes

* fix(arch): A1-A3 app layer anti-patterns cleanup

* fix(arch): conservative fallback for gateway error codes

* fix: merged cleanup branch and stashed fixes

* add design doc: multi-session-plugin-optimization

* fix: allow stopping archived tasks

* fix: sync openclaw terminal snapshots in app

* fix: resolve openclaw partial artifacts and eliminate legacy fallback code

* fix(assistant): clear pending tool calls when task completes to fix sticky running status

* refactor: Remove OpenClaw rigid time limits and false positive no-exported-artifacts judgment

* fix(ci): keep macos/ios build lanes running when Apple signing secrets are missing

The release preflight used to set should_build_platform=false whenever any
Apple signing secret was unset, which silently skipped the entire macos dmg
and ios ipa lanes (build + upload gated on that flag). Result: releases only
shipped linux, windows and android artifacts even when the iOS/macOS lanes
were otherwise healthy.

Make the preflight always release the lane, but emit a :⚠️: and
annotate the skip_reason when a secret is missing. The iOS branch in
build_matrix_artifacts.sh now picks the signed vs unsigned build path based
on actual secret availability instead of should_release alone, so it falls
back to flutter build ios --no-codesign + zip Runner.app whenever a secret
is absent. package-flutter-mac-app.sh already handled the no-secret case
locally (ad-hoc codesign --sign -) and needs no change.

Behavior matrix:
  macos: secret present -> signed DMG; secret missing -> unsigned DMG
  ios:   secret present + release -> signed IPA
         secret present + non-release -> unsigned zip
         secret missing (any) -> unsigned zip

* fix(chat): drop root-level expectedArtifactDirs to satisfy chat.send schema

- Remove the unexpected property at the root of gateway task metadata.
  Keep the value nested in xworkmateTaskArtifactContract where the
  OpenClaw chat.send schema allows it (-32002: invalid chat.send params).
- Drop dead local vars and the unused asInt helper in OpenClaw task
  association parsing.
- Remove the obsolete 'sendChatMessage restarts before handling
  OpenClaw artifact guard results' test superseded by the new terminal
  artifact failure test.

* fix(ci): drop ripgrep dependency from check-no-app-ffi.sh

The Flutter verification lane runs on Ubuntu 22.04 without ripgrep
installed, so the FFI integration guard silently fell through and
printed 'No app-side Codex FFI integration artifacts found' on every
run. Replace rg with the POSIX grep -RInE that ships with the runner,
keep the same excludes (check-no-app-ffi.sh, Pods, ephemeral, build,
.dart_tool) and emit the actual offending matches so the gate fails
loudly when a forbidden reference reappears.

* Document OpenClaw artifact dirs protocol boundary

* feat: pass OpenClaw artifact dir whitelist

* Remove Patrol from macOS package

* Add OpenClaw thin adapter refactor plan

* refactor/app-thread-key

* refactor: explicitly pass openclawSessionKey in task start

* Refactor OpenClaw task integration as thin adapter

* refactor: align OpenClaw session key state flow

* chore: retire rust ffi scaffold

* docs clarify openclaw artifact workspace ownership

* ci: read release secrets from vault

* fix: merge workflow env blocks

* fix: skip remote contract on push

* fix: align OpenClaw task key flow

* chore: retrigger workflow after vault data setup

* fix: backfill OpenClaw artifacts on sidebar refresh

* fix: trim OpenClaw task prompt context

* fix: keep OpenClaw artifact sync polling

* fix: require OpenClaw artifact export before completion

* fix: unify bridge auth token for desktop connect

* fix: keep bridge token usable after sync block

* fix: accept review bridge token from account sync

* fix: keep syncing partial OpenClaw artifacts

* Improve assistant task UX

* Sync artifact sidebar with selected task

* fix: show remote desktop first-frame state

* chore: log remote desktop WebRTC stats

* Stabilize OpenClaw artifact sync

* Add AI workspace management provisioning flow

* Fix gateway dispatch test pipeline

* Harden workspace prechecks

* Add AI workspace management provisioning flow

* Fix gateway dispatch test pipeline

* Harden workspace prechecks

* Relax workspace OS checks and add YAML import/export

* Relax workspace OS checks and add YAML import/export

* Make workspace advanced configs extensible

* Make workspace advanced configs extensible

* Clarify bridge DNS precheck message

* Clarify bridge DNS precheck message

* Relax workspace prechecks and add post-deploy validation

* Relax workspace prechecks and add post-deploy validation

* Improve workspace status summary wording

* Improve workspace status summary wording

* Add default bridge save action

* Add default bridge save action

* fix: isolate remote desktop webrtc sessions

* fix: isolate remote desktop webrtc sessions

* fix: smooth remote desktop input over webrtc

* fix: smooth remote desktop input over webrtc

* feat: align workspace ready actions and naming

* feat: align workspace ready actions and naming

* fix: clear desktop first-frame overlay after decode

* fix: clear desktop first-frame overlay after decode

* fix: use renderer first-frame signal for desktop video

* fix: use renderer first-frame signal for desktop video

* fix: split desktop mouse move data channel

* fix: split desktop mouse move data channel

* fix(app): bound OpenClaw artifact sync polling

* chore: remove stale Flutter code

* feat(assistant): include attachment source paths in gateway prompts

* chore(desktop): remove advanced options panel

* fix(desktop): bound WebRTC offer wait

* feat(workspace): run remote setup script

* fix: prioritize managed bridge sync state

* feat: add explicit gateway task case hints for openclaw-gateway-e2e-regression

* fix(settings): update account panel and assistant connection state

* fix: preserve primary bridge auth token

* test: ignore transient cleanup races

* fix: allow unsigned macos CI packaging

* fix: support macos validation on bash 3

* chore: temporarily disable desktop ai workspace

* ci: move remote_contract to test gate between build and release

Reposition the remote provider contract check as a skippable test-stage
quality gate (needs: build, continue-on-error) so it can never block
build or release. release uses always() to wait without being gated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update macOS deployment target to 14.0 and commit pending changes

* fix(gateway): day-1 stability — stop infinite "running" and un-stoppable tasks

Symptom: a gateway turn shows "任务运行中..." forever and 停止 has no effect,
even though the OpenClaw gateway has already finished (ACP_HTTP_CONNECTION_CLOSED).

- T3: add a hard deadline to the running-handle poll branch so the client no
  longer polls forever when tasks.get keeps returning "running". Budget is
  derived from taskLoadClass (10/30/60min, aligned with the bridge) + grace;
  on timeout the turn lands in a recoverable `interrupted` state
  (OPENCLAW_RUN_POLL_TIMEOUT) prompting the user to resend.
- T4: make 停止 locally authoritative — capture the association, mark the turn
  aborted immediately (clears pending, exits the poll loop), then fire
  tasks.cancel best-effort so a hung/failed cancel RPC can't block termination.
- T6: applyGatewayChatFailureInternal now authoritatively clears the pending
  flag (both raw + normalized key). Previously runOpenClawGatewayQueuedTurnInternal's
  finally never cleared it, leaving "error shown but still running".

Full cross-repo analysis + remaining TODO in docs/cases/06.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(gateway): harden OpenClaw task recovery tests

* docs(cases/06): mark T7/T8/T9 done with impl locations & design trade-offs

Records the durable per-session run-registry implementation (bridge branch
fix/gateway-durable-run-registry): T7 gateway-unconfirmed fallback, T8 terminal
result cache, T9 DeadlineAt interrupt — with the trade-offs (no gatewayruntime
pending-map rewrite; per-session in-memory store not yet cross-restart durable;
T9 only force-terminates when the gateway is unconfirmed) and the test names that
cover each.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases): record local bridge runtime validation

* ci: refresh app workflows for node 24

* test: keep layered flutter tests aligned with repo

* test: align gateway recovery expectations

* test: stabilize assistant gateway recovery cases

* docs(cases/06): record definitive root cause — xworkmate.* gateway protocol drift

Adds the 2026-06-26 decisive finding: the bridge forwards `xworkmate.*` method
names the OpenClaw 2026.6.2 gateway does not implement (it uses native
tasks.get/list/cancel and artifacts.list/get/download). Documents the corrected
end-to-end turn timeline with the three break points (tasks.get unknown method;
{taskId}-only param shape + taskId!=runId; artifacts.* drift blocking .md delivery),
the evidence (gateway source + schema + CHANGELOG), the implemented task-lifecycle
fix, and the precisely-specified remaining work (artifact-method alignment + test
fixture migration). Corrects the earlier (wrong) "push/pull mismatch" conclusion.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): correct root cause — plugin not loaded, not protocol drift

Live verification disproved the earlier "xworkmate.* protocol namespace drift"
conclusion. The xworkmate.* gateway methods are REAL — registered at runtime by
the openclaw-multi-session-plugins plugin (index.ts registerGatewayMethod). The
actual failure: the running OpenClaw gateway did not load that plugin because its
source path was the ephemeral /private/tmp/openclaw-multi-session-plugins/... and
the gateway booted (09:21) ~9h before those files were populated (18:40), so it
started with 5 plugins (no multi-session) and every xworkmate.* returned
"unknown method". Restarting the gateway loads 6 plugins and the methods work
(errors shift to plugin-level param validation).

Changes:
- Add a corrected conclusion banner up top distinguishing the primary root cause
  (plugin load) from the T1-T9 robustness hardening.
- Replace the wrong "protocol drift / native alignment" section with the
  plugin-not-loaded root cause + evidence + the abandoned-branch note
  (fix/gateway-task-protocol-alignment must NOT be merged).
- Fix failure-row 10, T13 (runtime-state check now covers gateway plugin load),
  and the landing-order to put the plugin fix as step 0.
- Cross-reference openclaw-gateway-e2e-regression/ROOT_CAUSE_ANALYSIS.md (which
  was already correct about the 4-layer chain).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): definitive 4-layer chain incl. multi-session plugin + live verification

Rewrites the timeline (§1) and topology (§2) as the correct FOUR-layer chain
App → bridge → openclaw-multi-session-plugins → OpenClaw gateway, and documents the
plugin's multi-session/multi-thread role: session mapping (appThreadKey⇄openclawSessionKey),
per-(session,run) artifactScope = tasks/<sanitize(sessionKey)>/<runId>, the strict
sessionKey/runId/artifactScope triplet validation, and the expectedArtifactDirs
workspace-root fallback scan.

Live-verified against 127.0.0.1:8787 (plugin loaded, commit 2333c3e):
- session.prepare returns a real mapping; chat.send returns runId; xworkmate.tasks.get
  is handled by the plugin but returns no_native_task_record with an empty task scope
  (chain reaches the plugin layer; the agent run produced no queryable task / no file —
  a layer-4 execution/landing issue).

Adds §7 stability improvements grounded in this live run:
- S0 install the plugin from a stable path (not /private/tmp) — the primary reliability fix.
- S1 expectedArtifactDirs was [] → the plugin's workspace-root fallback is inert; bridge
  should always pass default dirs (reports/, artifacts/).
- S2 no_native_task_record status ambiguity (running vs completed-without-artifact).
- S3 sessionKey/runId/artifactScope triplet consistency (don't pre-prefix agent:main:).
- S4 runtime observability across all four layers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): S0 done — stable plugin install verified

Root cause of the plugin not loading was a symlink
~/.openclaw/extensions/openclaw-multi-session-plugins -> /tmp/... (ephemeral).
Replaced with a real dir, registered via `openclaw plugins install --force`,
restarted the gateway: now boots with "6 plugins ... openclaw-multi-session-plugins"
from the stable path, provenance warning gone, and xworkmate.session.prepare returns
the real plugin mapping (no bridge fallback). Survives restart.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): mark S1 done — default expectedArtifactDirs (live-verified, bridge 0280893)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(gateway): harden OpenClaw polling and acceptance notes

* docs(case06): close out acceptance log

* docs(case06): reconcile TODO status + consolidated cross-repo stability backlog

- Flip stale §5 checkboxes (T1/T2/T3/T4/T6) to done with code anchors —
  they had lagged behind §2/§6 which already marked them merged.
- Add §9: authoritative full-chain status across all 4 repos' main
  (app/bridge/openclaw/playbooks HEADs), the completed stability closure,
  and the precise remaining backlog (S1 redo, S2 status ambiguity, T8b
  cross-restart persistence) with acceptance criteria + anti-regression
  recommendations.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(macos): suppress file selector deprecation warning

* docs(gateway): map durable agent terminal recovery

* docs(cases/06): 4-layer chain full live evaluation — end-to-end PASS

Live-verified one gateway turn across all four layers against 8787 (bridge 188ca4b,
gateway 6 plugins): session.start → real plugin session.prepare mapping → chat.send
→ xworkmate.tasks.get returns status=completed, constraintSatisfied=True, and
summary.md (438B) actually landed in tasks/<sani(sessionKey)>/<runId>/ and is
retrievable via xworkmate.artifacts.export. All xworkmate.* gateway methods ✓.
T12 metrics all 0 (no resilience fallback needed). Supersedes the earlier
no_native_task_record observation, which was a derived symptom of the plugin not
being loaded (the S0 symlink root cause).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(artifacts): route signed downloads through active bridge

* fix(prompt): simplify gateway workspace context to avoid conflicting paths (S5)

Every gateway turn's prompt prefix injected three near-duplicate absolute paths:
currentTaskWorkspace + localWorkspace + remoteWorkspaceHint. localWorkspace is the
App's LOCAL thread dir (~/.xworkmate/threads/...) which the gateway agent cannot
access, and remoteWorkspaceHint duplicates currentTaskWorkspace. The conflicting
paths leave the agent unsure where to work and can block conversation continuation.

For gateway turns the prompt now carries only currentTaskWorkspace (the plugin owns
the artifact scope); localWorkspace is kept only for non-gateway (local agent runs
there); remoteWorkspaceHint is dropped when equal to currentTaskWorkspace. sessionKey
is kept (short, not a path). UI is unaffected (chat bubble shows the raw user message;
the prompt-debug parser only special-cases Execution context / Preferred skills /
Attached files). Tests updated; assistant_execution_target_test green (74).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(macos): close file selector type branch

* fix(gateway): keep polling undecorated running snapshots

* docs(runbooks): record gateway turn stability case

* fix(artifacts): prioritize PDF deliverables in sidebar

* fix(artifacts): prioritize PDF deliverables in sidebar

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* docs(cases): add gateway turn acceptance summary

* ci: add release/* branch source validation workflow (#19)

release/* 仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci: run desktop integration/patrol tests under xvfb (#22)

Headless Linux runners have no display, so 'flutter test integration_test'
fails to launch the GTK app ('The log reader stopped unexpectedly, or never
started'). Wrap integration/patrol layers in xvfb-run with a 24-bit screen
and install xvfb + mesa DRI driver for headless GL. macOS/local runs are
unaffected (no xvfb-run -> command runs directly).

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking

* fix: reveal artifact files without blocking (#20)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* Release/v1.1.5 (#25)

* ci: backport release/* source validation workflow to release/v1.1.5 (#21)

让现有 release/v1.1.5 分支自身包含门禁 workflow(pull_request_target 用 base 分支版本)。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking (#24)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update tested linux labels (#23)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* chore: sync app version to 1.1.5

---------

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Cowork 3P <cowork-3p@localhost>
Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix(assistant): keep manual bridge usable when signed out of svc.plus

The gateway connection resolver short-circuited to "请先登录 svc.plus"
whenever the account was signed out, before checking whether a manual
bridge was configured or whether capability discovery was still running.
A saved manual bridge could therefore never be used while signed out.

- Only emit the signed-out prompt when neither an account session nor a
  manual bridge is configured (`!accountSignedIn && !bridgeConfigured`).
- Gate the sync-blocked branch on `accountSignedIn` so it no longer
  hijacks the manual-bridge discovery path.

Adds tests covering manual-bridge discovery and discovery-failure while
signed out. See docs/cases/manual-bridge-login-state/README.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* security(docs): remove plaintext review credentials, inject from .env

The svc.plus review password and the two bridge tokens were committed in
plaintext across the manual case / API test docs. Replace every value
with a `.env` / secret-store reference and add a tracked .env.example
template. Harden .gitignore (.env.*, *.local.env, secrets.env) while
keeping !.env.example.

Note: git history was rewritten separately to purge the leaked values;
the credentials must be rotated regardless.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(security): add gitleaks config allowlisting vendored/test fixtures

Suppress false positives so `gitleaks detect` is clean:
- third_party/* (cargokit ships a public binary-verification key)
- workspace_management_unit_test.dart (obfuscated "token" fixture)
- gatewayruntime/runtime_test.go (hardcoded "device-1" test key pair)

Real leaked secrets are purged from history, not allowlisted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(assistant): keep manual bridge usable when signed out of svc.plus

The gateway connection resolver short-circuited to "请先登录 svc.plus"
whenever the account was signed out, before checking whether a manual
bridge was configured or whether capability discovery was still running.
A saved manual bridge could therefore never be used while signed out.

- Only emit the signed-out prompt when neither an account session nor a
  manual bridge is configured (`!accountSignedIn && !bridgeConfigured`).
- Gate the sync-blocked branch on `accountSignedIn` so it no longer
  hijacks the manual-bridge discovery path.

Adds tests covering manual-bridge discovery and discovery-failure while
signed out. See docs/cases/manual-bridge-login-state/README.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(security): remove historical secret fixtures

* ci(release): load Vault secrets per-platform in build matrix

The build matrix loaded all 17 signing secrets in one shared block for
every platform. vault-action's ignoreNotFound only suppresses path-level
404s, not field-level "No match data" errors, so a single missing field
(e.g. APPLE_MAC_PROVISION_PROFILE_BASE64) failed every leg — including
linux/windows/android that need no Apple secrets.

Split the load into per-OS-family steps gated by matrix.platform:
- Apple (macos/ios): Apple cert + provisioning + keychain + export method
- Windows: WINDOWS_PFX_* + codesign subject
- Android: ANDROID_KEYSTORE_* + key alias/password
Linux requests nothing.

Also drop APP_STORE_CONNECT_* from the build matrix: only
testflight_upload.sh consumes them and it runs in the release job, which
loads them itself. The build matrix no longer depends on them.

Add shell: bash to the Export step (its `{ … } >> $GITHUB_ENV` brace
syntax is bash-only and would fail under the default pwsh on windows).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* ci: load Vault secrets per-platform in build matrix (#43)

The build matrix loaded every signing secret in one shared block for all
platforms. vault-action's ignoreNotFound only suppresses path-level 404s,
not field-level "No match data" errors, so a single missing field failed
every leg — including linux/windows/android that need no Apple secrets.

Split the load into per-OS-family steps gated by matrix.platform (Apple
for macos/ios, Windows, Android); linux requests nothing. Add shell: bash
to the Export step (its `{ … } >> $GITHUB_ENV` brace syntax is bash-only
and would fail under the default pwsh on windows).

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* feat: add one-line XWorkmate installer (#42)

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Cowork 3P <cowork-3p@localhost>
2026-06-29 15:58:04 +08:00

6.3 KiB
Raw Blame History

手动 Bridge 登录状态误判 Case

目标

验证用户未登录 svc.plus、但已经保存有效手动 Bridge 配置时,任务线程应使用手动 Bridge不应显示“请先登录 svc.plus”或因此阻止发送消息。

当前状态

  • 状态:已定位并完成最小修复,待设计评估和 UI 手动验收。
  • 影响范围:桌面端任务线程连接状态、顶部连接标签、发送消息前的连接守卫。
  • 不涉及账号登录协议、Token 存储格式、Bridge ACP 请求协议。

问题现象

  1. Settings -> Integrations 选择“手动 Bridge”。
  2. 填写 Bridge URL 和 Token 并保存。
  3. 设置页显示“手动 Bridge / 已保存”。
  4. 返回任务线程后,顶部仍显示“已退出登录 · 请先登录 svc.plus”。
  5. 发送消息时同样被“请先登录 svc.plus”拦截。

根因

resolveGatewayThreadConnectionStateInternal() 原先在判断手动 Bridge 是否已配置、是否正在发现能力之前,先检查 accountSignedIn

if (!accountSignedIn) {
  return signedOut;
}

因此在下面这个合法状态中,账号分支错误覆盖了 Bridge 分支:

accountSignedIn = false
bridgeConfigured = true
bridgeReady = false

手动 Bridge 与 svc.plus 托管账号是两种独立连接来源。只有没有任何可用 Bridge 配置时,未登录账号才应产生 请先登录 svc.plus 提示。

相关调用链

任务线程状态 / 发送消息
  -> assistantConnectionStateForSession()
  -> isBridgeAcpRuntimeConfiguredInternal()
  -> bridgeCapabilityReadyForExecutionTargetInternal()
  -> resolveGatewayThreadConnectionStateInternal()
  -> 已连接 / 正在发现 / 连接失败 / 请先登录

关键代码:

文件 函数 职责
lib/app/app_controller_desktop_thread_sessions.dart assistantConnectionStateForSession() 汇总账号、Bridge 配置和 capability 状态。
lib/app/app_controller_desktop_thread_sessions.dart resolveGatewayThreadConnectionStateInternal() 生成任务线程最终连接状态和 UI 文案。
lib/app/app_controller_desktop_runtime_helpers.dart resolveBridgeAcpEndpointInternal() 在托管和手动配置之间解析 Bridge Endpoint。
lib/app/app_controller_desktop_runtime_helpers.dart isBridgeAcpRuntimeConfiguredInternal() 判断当前是否存在可运行的 Bridge 配置。
lib/app/app_controller_desktop_thread_actions.dart dispatchGatewayChatTurnInternal() 发送前刷新 capability并按连接状态决定是否拦截。
lib/runtime/runtime_controllers_settings_account_impl.dart resolveAcpBridgeServerEffectiveConfigInternal() 解析当前有效配置来源cloud、bridge 或 default。
lib/runtime/runtime_controllers_settings_account_impl.dart buildSavedAccountProfileSettingsInternal() 校验并保存手动 Bridge URL 和 Token 引用。

当前最小修复

连接状态决策调整为:

if (!accountSignedIn && !bridgeConfigured) {
  return signedOut;
}

账号同步错误只在确实存在账号会话时参与状态决策:

if (accountSignedIn && (tokenMissing || failed || blocked)) {
  return accountSyncError;
}

预期状态矩阵:

账号登录 Bridge 配置 Bridge Ready 预期状态
已退出登录 / 请先登录 svc.plus
手动 否,尚未发现 正在发现 / 正在加载 Bridge 能力...
手动 否,发现失败 显示实际 Bridge capability/连接错误
手动 已连接 / <手动 Bridge Host>
托管 Token 缺失 缺少令牌 / xworkmate-bridge 授权不可用
托管 已连接 / xworkmate-bridge.svc.plus

自动化覆盖

测试文件:test/features/assistant/assistant_connection_status_test.dart

新增覆盖:

  • manual bridge discovery does not require a svc.plus account session
  • manual bridge discovery failure is shown while signed out

同时保留原有覆盖,确认没有 Bridge 配置且未登录时仍提示登录。

已执行:

flutter test \
  test/features/assistant/assistant_connection_status_test.dart \
  test/runtime/assistant_connection_state_test.dart \
  test/runtime/assistant_execution_target_test.dart

结果:101 个测试全部通过。

手动验收

MANUAL-BRIDGE-LOGIN-001 未登录账号使用本地 Bridge

前置条件:

  • 退出 svc.plus 账号。
  • 本地 Bridge 正常运行。
  • 准备有效的测试 Token文档中不记录明文。

步骤:

  1. 打开 Settings -> Integrations -> 手动 Bridge
  2. 输入 http://127.0.0.1:<port> 和有效 Token。
  3. 保存并返回任务线程。
  4. 等待 capability 刷新完成。
  5. 选择 Gateway/OpenClaw 并发送一条简单消息。

验收标准:

  • 不显示“请先登录 svc.plus”。
  • capability 刷新期间显示“正在加载 Bridge 能力...”。
  • Bridge 可用时显示已连接,并允许发送消息。
  • Bridge 不可用时显示真实连接错误,不退化为账号登录提示。

MANUAL-BRIDGE-LOGIN-002 未配置 Bridge 且未登录

  1. 退出账号并清除手动 Bridge 配置。
  2. 返回任务线程并尝试发送消息。

验收标准:

  • 继续显示“已退出登录 / 请先登录 svc.plus”。
  • 不尝试向默认托管 Bridge 发送未授权请求。

MANUAL-BRIDGE-LOGIN-003 托管账号回归

  1. 清除手动 Bridge 配置。
  2. 登录 svc.plus 并完成托管配置同步。
  3. 返回任务线程并发送消息。

验收标准:

  • 托管 Bridge Ready 时正常连接。
  • Token 缺失或同步 blocked 时继续显示专用账号同步错误。

待设计评估

  1. 是否引入明确的连接来源枚举,例如 managedCloudmanualBridgeenvironmentnone,避免通过多个布尔值间接推断。
  2. 账号退出后 AccountSyncState 是否可能残留,以及是否应在状态模型层主动清除。
  3. 手动 Bridge 和托管 Bridge 同时有效时,当前“托管优先”是否符合产品预期。
  4. UI 状态和发送守卫是否应统一依赖单一 BridgeConnectionState,避免状态分叉。
  5. 是否增加完整集成测试:保存手动 Bridge -> 未登录账号 -> capability 刷新 -> 成功发送消息。