ai-workspace-lab/xworkmate-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
316 Commits 9 Branches 86 Tags 19 MiB
Go 91%
Shell 8.9%
runtime-b8f4ed6102ca
Go to file
Haitao Pan b8f4ed6102 fix(ci): key per-job SHA256SUMS by os and arch 
The runtime-release matrix builds linux+darwin × amd64+arm64, but each job
wrote its checksum to SHA256SUMS-<arch> (arch only). The linux/<arch> and
darwin/<arch> jobs therefore emitted the same filename, which clobbered each
other under the publish job's `merge-multiple: true` download. The merged
SHA256SUMS ended up with only 2 of the 4 platforms, so consumers of the
missing tarballs (notably xworkmate-bridge-linux-arm64.tar.gz) failed with
"missing checksum" — breaking the console offline arm64 package build.

Name the per-job file SHA256SUMS-<os>-<arch> so all four are unique and the
merged SHA256SUMS lists every published tarball.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 17:26:05 +08:00
.github fix(ci): key per-job SHA256SUMS by os and arch 2026-06-22 17:26:05 +08:00
docs feat(bridge): implement unified bridge entrypoints and routing 2026-06-17 21:03:08 +08:00
example feat(acp): implement distributed task router and openclaw gateway ingress 2026-06-02 12:19:27 +08:00
internal fix: stabilize gateway device token reissue 2026-06-18 14:48:03 +08:00
scripts feat(bridge): implement unified bridge entrypoints and routing 2026-06-17 21:03:08 +08:00
tests Refine bridge routing and remove fallback paths 2026-04-23 15:58:37 +08:00
.dockerignore ci: ship bridge via image ref artifact 2026-04-12 14:23:23 +08:00
.gitignore chore: remove unused legacy bridge helpers 2026-06-12 14:49:51 +08:00
AGENTS.md refactor(acp): replace artifact fallback chain with snapshot+export and stable session mapping 2026-06-05 12:07:28 +08:00
Dockerfile Fix Docker image build metadata 2026-04-24 14:59:54 +08:00
go.mod feat: Remote Desktop WebRTC Integration 2026-06-03 10:49:58 +08:00
go.sum feat: Remote Desktop WebRTC Integration 2026-06-03 10:49:58 +08:00
main_test.go add traced bridge version output 2026-04-22 12:28:16 +08:00
main_tools.go Add GitHub Actions pipeline for bridge deploy 2026-04-10 16:17:32 +08:00
main.go Merge branch 'codex/fix-openclaw-probe-terminal' into release/v1.1.4 2026-06-03 16:59:53 +08:00
Makefile Initial standalone ACP bridge repository 2026-04-09 09:49:48 +08:00
README.md feat(bridge): implement unified bridge entrypoints and routing 2026-06-17 21:03:08 +08:00

README.md

XWorkmate Bridge

xworkmate-bridge is the standalone repository for the XWorkmate ACP Bridge Server and the embedded Go helper previously stored under xworkmate-app/go/go_core.

What lives here

  • ACP Bridge HTTP/WebSocket server
  • ACP stdio bridge entrypoint
  • Go helper runtime packages used by the ACP bridge
  • Unit tests for bridge routing, RPC contracts, mounts, runtime dispatch, and provider sync

ACP Forwarding Topology

This repository exposes one APP-facing bridge entrypoint and proxies traffic to four independent upstream production services. The APP-facing canonical ACP path is WebSocket /acp; HTTP /acp/rpc remains available for CI, scripts, debugging, and compatibility fallback under https://xworkmate-bridge.svc.plus. OpenClaw task submission is the only dedicated HTTP task route: POST /gateway/openclaw for session.start and follow-up session.message. It is not a global ACP base endpoint.

Architecture topology: docs/architecture/acp-forwarding-topology.md

ADR for the unified APP-facing bridge contract: docs/architecture/adr-unified-bridge-entrypoints.md

Example provider sync config: example/config.yaml

API reference: docs/api-reference.md

Backend API design: docs/backend-api-design.md

Compatibility

For compatibility with xworkmate-app, the built helper binary name remains xworkmate-go-core.

Commands

make test
make build
./build/bin/xworkmate-go-core serve --listen 127.0.0.1:8787

GitHub Actions

This repository includes one GitHub Actions pipeline with four stages:

  • prep: Go static checks
  • build: build the linux/amd64 artifact for the x86 target host and upload it
  • deploy: run Ansible CD with x-evor/playbooks
  • validate: verify the public endpoints after deployment

GitHub Releases are published only after deploy and validate both succeed. In this repository, a published Release means the built image has been deployed to xworkmate-bridge.svc.plus and passed post-deploy validation there.

Deploy stage

The deploy stage checks out:

  • this service repository into xworkmate-bridge/
  • the x-evor/playbooks repository into playbooks/

Then it installs the native linux/amd64 bridge binary with scripts/github-actions/deploy-native-binary.sh. The native bridge runs as the ubuntu user's systemd user service:

  • binary: /home/ubuntu/.local/bin/xworkmate-go-core
  • unit: /home/ubuntu/.config/systemd/user/xworkmate-bridge.service
  • restart: systemctl --user restart xworkmate-bridge.service

During migration the script performs a one-time stop/disable of the old system unit, then deploys and restarts through ubuntu@<target>.

Validate stage

The validate stage proves production alignment against the bridge public contract:

  • bridge root and /api/ping
  • strict image / tag / commit / version match against the built image ref
  • upstream ACP capability probes for codex, opencode, and gemini
  • minimal session.start smoke tests through the bridge JSON-RPC contract

Required GitHub secrets:

  • SINGLE_NODE_VPS_SSH_PRIVATE_KEY: private key used by the Actions runner to SSH into the target host
  • WORKSPACE_REPO_TOKEN: token with access to checkout x-evor/playbooks

Optional GitHub secrets:

  • SSH_KNOWN_HOSTS: pre-seeded known_hosts content for stricter host verification

Optional workflow input:

  • ai_workspace_auth_token: manual dispatch input that is forwarded as AI_WORKSPACE_AUTH_TOKEN

Environment

  • ACP_LISTEN_ADDR: listen address for serve mode, default 127.0.0.1:8787
  • OUTPUT_DIR: optional output directory for make build
  • OUTPUT_PATH: optional explicit build path for make build