Skip to content

chore: promote staging to staging-promote/90655277-23176260323 (2026-03-17 03:24 UTC)#1279

Merged
henrypark133 merged 2 commits intostaging-promote/90655277-23176260323from
staging-promote/4675e961-23176922462
Mar 17, 2026
Merged

chore: promote staging to staging-promote/90655277-23176260323 (2026-03-17 03:24 UTC)#1279
henrypark133 merged 2 commits intostaging-promote/90655277-23176260323from
staging-promote/4675e961-23176922462

Conversation

@ironclaw-ci
Copy link
Contributor

@ironclaw-ci ironclaw-ci bot commented Mar 17, 2026
edited by github-actions bot
Loading

Auto-promotion from staging CI

Batch range: c6128f4e41b5bd43d69a4432a6050df4d675590a..4675e9618c2f35e803c76476197fbb1d85059f43
Promotion branch: staging-promote/4675e961-23176922462
Base: staging-promote/90655277-23176260323
Triggered by: Staging CI batch at 2026-03-17 03:24 UTC

Commits in this batch (3):

Current commits in this promotion (2)

Current base: staging-promote/90655277-23176260323
Current head: staging-promote/4675e961-23176922462
Current range: origin/staging-promote/90655277-23176260323..origin/staging-promote/4675e961-23176922462

Auto-updated by staging promotion metadata workflow

Waiting for gates:

  • Tests: pending
  • E2E: pending
  • Claude Code review: pending (will post comments on this PR)

Auto-created by staging-ci workflow

@henrypark133
test(e2e): fix approval waiting regression coverage (#1270)
d0cb5f0 
* test(e2e): fix approval waiting regression coverage

* test(e2e): address Copilot review notes
@henrypark133
Fix Telegram auto-verify flow and routing (#1273)
4675e96 
* Fix Telegram auto-verify flow and routing

* Fix CI formatting and clippy follow-ups

* Simplify Telegram waiting state update

* Fix notification fallback scopes

* Fix message metadata routing and zh-CN copy
@github-actions github-actions bot added scope: agent Agent core (agent loop, router, scheduler) scope: channel/web Web gateway channel scope: tool Tool infrastructure scope: tool/builtin Built-in tools scope: extensions Extension management scope: docs Documentation size: XL 500+ changed lines risk: medium Business logic, config, or moderate-risk modules contributor: core 20+ merged PRs labels Mar 17, 2026
@henrypark133 henrypark133 merged commit 0e7eb7f into staging-promote/90655277-23176260323 Mar 17, 2026
30 checks passed
@henrypark133 henrypark133 deleted the staging-promote/4675e961-23176922462 branch March 17, 2026 03:25
@claude
Copy link

claude bot commented Mar 17, 2026

Code review

Found 9 issues:

  1. [CRITICAL:100] Logic inversion in Telegram auto-verification — result.verification.is_none() check inverts when AuthRequired SSE is broadcast, breaking verification flow. Previously sent AuthRequired when verification WAS present; now sends AuthCompleted when verification is ABSENT.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/channels/web/server.rs#L2243-L2250

  1. [HIGH:100] Variable shadowing causes fallback notification to use wrong target — let Some(user) = fallback_user at line 181 shadows the primary user from resolve_routine_notification_target(), causing fallback broadcast to use owner_scope-only target instead of extension-manager-aware target.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/agent/agent_loop.rs#L176-L187

  1. [HIGH:75] Inconsistent fallback logic violates DRY — fallback_user and user are redundantly computed with overlapping resolution logic (lines 564-620). fallback_user is resolve_owner_scope_notification_user() but user is resolve_routine_notification_target() which calls the same function internally as a fallback. Redundant computation creates maintenance burden.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/agent/agent_loop.rs#L564-L590

  1. [HIGH:75] notification_target_for_channel() assumes channel owner is always the notification target — No abstraction for custom routing logic or multi-user scenarios. Future requirements for flexible routing will require schema changes.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/extensions/manager.rs#L668-L671

  1. [MEDIUM:75] Event-triggered routines moved before handle_message() without regression testing — Changes message handling semantics: matching messages are now consumed via continue before reaching normal chat pipeline, potentially causing user confusion if routine behavior isn't observable.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/agent/agent_loop.rs#L696-L720

  1. [MEDIUM:75] Telegram verification UI state lacks server-side validation — telegramVerificationState is client-side only (DOM dataset) with no CSRF tokens, idempotency checks, or server-side state validation. DOM manipulation by user could desync client from server.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/channels/web/static/app.js#L2844-L2870

  1. [MEDIUM:75] has_auth field semantics inverted — Changed from hardcoded false to auth_state != ToolAuthState::NoAuth, but should be == ToolAuthState::Ready to distinguish "auth in progress" from "auth completed". Currently reports has_auth: true for pending NeedsSetup state.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/channels/web/server.rs#L1095-L1151

  1. [MEDIUM:50] Test uses busy-wait loop instead of proper async timeout — Manual timeout loop checking remaining.is_zero() is fragile; saturating_duration_since() can return zero immediately. Should wrap entire receiver loop with tokio::time::timeout().

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/tests/setup_telegram.rs#L324-L337

  1. [LOW:50] Async operation without timeout — extension_manager.notification_target_for_channel() called without timeout. If extension manager's RwLock or backing service hangs, message tool will block indefinitely.

https://github.com/anthropics/ironclaw/blob/6076ec3e6d6b74ecefcd5593889bb00f6c21aa78/src/tools/builtin/message.rs#L1085-L1095

This was referenced Mar 17, 2026
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor: core 20+ merged PRs risk: medium Business logic, config, or moderate-risk modules scope: agent Agent core (agent loop, router, scheduler) scope: channel/web Web gateway channel scope: docs Documentation scope: extensions Extension management scope: tool/builtin Built-in tools scope: tool Tool infrastructure size: XL 500+ changed lines staging-promotion

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henrypark133