Build(deps): Bump actions/setup-python from 5 to 6#16
Open
dependabot[bot] wants to merge 350 commits into
Open
Build(deps): Bump actions/setup-python from 5 to 6#16dependabot[bot] wants to merge 350 commits into
dependabot[bot] wants to merge 350 commits into
Conversation
…sion - huggingface_space/app.py: footer trimmed to version/GitHub/Apache 2.0 - frontend/index.html: footer-version updated v10.0.0Bminus -> v11.0.1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
from version import __version__ as APP_VERSION (matches main.py pattern — version.py exports __version__ not APP_VERSION) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Tests: 720 -> 746 (verified live on DO) - API endpoints: 177 -> 161 (FastAPI OpenAPI introspection) - Lines scanned: 37,921 -> 61,278 (live Bandit) - HF URL: QuietfireAI -> QuietFireAI (case fix) - Contributing: test count updated - Claude Code note: full refresh with March 8 verified numbers, HF Space confirmed live, OSS files confirmed present Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Manners wire-up (core/openclaw.py): - Step 4 blocklist block: record CAPABILITY_VIOLATION, update manners_score - Step 7 trust level block: record OUT_OF_ROLE_ACTION, update manners_score - Both wrapped in try/except — Manners failure never breaks governance pipeline - manners_score_at_decision now reflects actual score in blocklist returns Per-agent key (api/openclaw_routes.py): - TelsonBase generates secrets.token_hex(32) at registration — agents no longer supply their own key (api_key field deprecated, ignored if provided) - agent_key returned in ClawInstanceResponse once at registration only - Action endpoint accepts X-Agent-Key header; verifies key → instance_id match - Admin key (X-API-Key) still accepted — backward compat and tooling
Returns full Manners breakdown: overall score, compliance status, per-principle scores, violation history (last 20), violations in last 24h, grace period flag. Shows WHY a score is moving — blocked actions now record violations (previous commit), this surfaces them.
Pipeline modal (triggered from Transparency card): - All 8 governance steps in plain language - Manners scoring explained: what moves scores, violation thresholds - Three API endpoints listed (manners, actions, trust-report) - Footer note: dashboard UI on the roadmap FAQ: new 'What's on the roadmap?' entry - Current state: governance engine complete - Next sprint: agent dashboard, demotion explanation cards, registration flow, audit log viewer - No mystery about what's built vs what's coming
Full agent lifecycle in 10 steps: register (shows agent_key returned once), blocked action, Manners score check, gated action, two promotions, capability unlock, trust report. Covers X-Agent-Key usage and the per-agent zero-trust pattern. Written for someone who just finished installation and wants to see the system actually work.
- Move 7 docs from root to docs/ (AMBASSADORS, GLOSSARY, MANNERS, PROJECT_STRUCTURE, TESTING, TERMS_OF_USE, USER_GUIDE) - Add PROOF_INDEX.md at root — 788 evidence documents, entry point visible on landing - Remove TEST_RESULTS_6.0.0CC.md and VALIDATION_REPORT_v7.4.0CC.md (archived, versioned out) - Fix CHANGELOG and proof_sheets/INDEX.md test count: 720 -> 746 - Update .gitignore: v11.0.1 header, exclude raw MP4 recordings from screenshots - Update cross-references in README, CONTRIBUTING, MANNERS_COMPLIANCE, DOC_INDEX
- .github/dependabot.yml: weekly pip + GitHub Actions updates - .github/workflows/codeql.yml: Python SAST on push/PR/weekly schedule - requirements-dev.txt: dev/lint/test tooling (isort, bandit, pip-audit, coverage) - ci.yml: install requirements-dev.txt in code-quality stage, enforce isort (remove || true)
- QUICKSTART.md: 5-minute path from clone to first governance decision - Makefile: make test/test-unit/test-security/run/build/lint/clean - RBAC endpoint count updated to 150 (grep-verified: main.py, api/*.py, tenant_rate_limiting.py) - README, proof_sheets/INDEX.md, TB-PROOF-014 all updated to match - DOC_INDEX.md: added QUICKSTART, Makefile, PROOF_INDEX entries; fixed proof count 773->788
… to 80% is a planned sprint)
- Fix stale test counts (5,416 → 5,777, 92 files → 94 files) - Fix stale version (v11.0.1 → v11.0.2, March 8 → March 19) - Fix clone URL (your-org/telsonbase → QuietFireAI/ClawCoat) - Fix directory in clone examples (telsonbase → ClawCoat) - Fix Traefik image version (v2.10 → v3) - Fix service count (12 → 11, MailHog is dev-profile only) - Fix security battery count (93 → 96) - Fix password requirements (remove unenfourced complexity claim) - Fix API endpoint count (140+ → 162+) - Fix Ollama pull command (docker exec container → docker compose exec service) - Add name: telsonbase to docker-compose.yml to lock project name regardless of clone directory
…files - All 6 docs: version v11.0.1 → v11.0.2, footer dates updated - USER_GUIDE: secrets generation → generate_secrets.sh, MFA endpoint corrected, Grafana port 3000 → 3001, container count 10 → 11, Manners reference fixed, test count 720 → 5777, project dir telsonbase → ClawCoat - DEVELOPER_GUIDE: test count 5400+ → 5700+ - YOUR_FIRST_AGENT: health response format corrected (no version/services fields) - OPENCLAW_INTEGRATION_GUIDE: hardcoded http://telsonbase:8000 → localhost - DASHBOARD_agent_registration: instance_id format claw_abc123 → real hex format - FAQ: routers/ → api/ for openclaw_routes, toolroom → main.py, 177 → 164 endpoints, 37921 → 93893 LoC, 720 → 5777 tests, Anthropic ref removed from Manners description
…_routes (145) - test_agents_compliance_check_agent_depth.py: 103 tests covering all 14 methods including license status branches, disclosure checks, fair housing scan, CE tracking, violation override, compliance report, and check_all across all code paths - test_compliance_routes_depth.py: 145 tests covering all 28 compliance API endpoints (legal-holds, breach, retention, sanctions, training, contingency, BAA, HITRUST, PHI) — auth enforcement, 200/422/500 paths, parameter validation Coverage targets: api/compliance_routes.py (29%→~60%+) and agents/compliance_check_agent.py (23%→~80%+)
…, foreman methods, identiclaw paths - test_core_persistence_depth.py: +13 ApprovalStore tests + 11 FederationStore tests (store/get/update/list/filter/by-instance) - test_toolroom_foreman_depth.py: +70 tests covering handle_checkout_request (8 branches), handle_return, execute_add_approved_source, list_approved_sources, propose_tool_install, handle_new_tool_request, get_toolroom_status, _execution_result_to_response, sync_function_tools, _load/_save_approved_sources - test_identiclaw_depth.py (new): +72 tests covering _base58_decode, parse_did_key error paths, IdenticlawManager init/startup, get_agent Redis fallback, list_agents, update_agent_trust_level, refresh_credentials, nonce helpers, reinstate with record update, resolve_did cache/refresh, validate_credential edge cases (issuer dict, scope string, jti, type string)
…15), auth-required (14), validation (5), success paths + integration flow (66)
…nt FastAPI path shadowing
…, ollama_agent (50)
…nches, trust_order, tool validation, error paths
…t_get_db_closes_on_exception
…n mcp_gateway.py — core.config exports get_settings(), not a settings singleton
… also move import after validation so invalid_trust_level returns correct error
… sys.modules patching
…, coverage gate 80%
Update all documentation, proof sheets, and CLAUDE.md: - Version: v11.0.1/v11.0.2 → v11.0.3 across ~120 files - Test count: 5,416/5,777/854 → 6,254 everywhere - Skipped count: 3 → 54 - CI run: #309/#351/#360 → #367 - Coverage: 76.13%/77% → ≥80% (gate: 80%) - Date: March 19 → March 20, 2026 - CLAUDE.md: rebranded TelsonBase → ClawCoat, Sprint 1 complete status - proof_sheets/INDEX.md: 854 → 6,254 tests passing - TB-PROOF-001/052: exact claim, verdict, expected result all updated
Express ClawCoat's Agent Autonomy SLA in the JSON DSL proposed by Jouneaux & Cabot (arXiv:2511.02885, https://github.com/gwendal-jouneaux/AgentSLA). New file: docs/System Documents/agent-autonomy-sla-spec.json - Valid AgentSLA DSL document using their exact schema structure - Uses OversightLevel metric type (their vocabulary) for all 5 tiers - QUARANTINE=1.0, PROBATION=0.75, RESIDENT=0.50, CITIZEN=0.25, AGENT=0.10 - MCP protocol compliance, intercept coverage, audit chain completeness as SLOs - DerivedQoSMetric for rolling Manners Engine window (promotion evaluation) - QualifyingCondition for auto-demotion and promotion gate terms Updated: AGENT_AUTONOMY_SLA.md - New section 8: "Relationship to Jouneaux & Cabot (2025)" - Draws explicit parallel (spec problem vs. enforcement problem) - References agent-autonomy-sla-spec.json as the machine-readable form - Attribution for OversightLevel metric type and DSL - Cihon et al. (arXiv:2502.15212) citation added (source of OversightLevel) - Section 9 (Reference Implementation) updated with spec link - Section 10 (Citation) with both papers
README.md + huggingface_space/README.md: - Fix "Jouneaux et al." -> "Jouneaux and Cabot" (only 2 authors) - Add OversightLevel sentence and link to machine-readable spec agent-autonomy-sla-spec.json: add _license_note on schema attribution Website (frontend — local only, gitignored): new #research section added - Anthropic disposition dial quote connected to ClawCoat 5 tiers - Jouneaux & Cabot open challenge quote connected to OversightLevel adoption - Link to machine-readable spec JSON on GitHub
Shows numerical values (QUARANTINE=1.0 → AGENT=0.10) inline in prose so readers don't need to follow the JSON spec link to see them. Includes inverse relationship note: OversightLevel ↓ as Manners floor ↑.
- Em dashes throughout (hyphens replaced) - README stats: 6,254 tests, 162 API endpoints - HF README: 6,254 tests, v11.0.3 footer - Cihon et al. citation: full title and all five authors
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-python from 5 to 6.
Release notes
Sourced from actions/setup-python's releases.
... (truncated)
Commits
a309ff8Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)bfe8cc5Upgrade@actionsdependencies to Node 24 compatible versions (#1259)4f41a90Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)83679a8Bump@types/nodefrom 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...bfc4944Bump prettier from 3.5.3 to 3.6.2 (#1234)97aeb3eBump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)443da59Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...cfd55cagraalpy: add graalpy early-access and windows builds (#880)bba65e5Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)18566f8Improve wording and "fix example" (remove 3.13) on testing against pre-releas...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)