Skip to content

feat: add Orgo provider#458

Open
zozo123 wants to merge 17 commits into
openclaw:mainfrom
zozo123:codex/orgo-live-smoke
Open

feat: add Orgo provider#458
zozo123 wants to merge 17 commits into
openclaw:mainfrom
zozo123:codex/orgo-live-smoke

Conversation

@zozo123

@zozo123 zozo123 commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a delegated-run Orgo provider for Linux cloud computers.

  • Registers provider: orgo with alias orgo-ai.
  • Creates an owned workspace/computer, waits for readiness, runs Bash commands through the API, and performs guarded cleanup.
  • Resumes stopped, suspended, or stopping reused computers before command execution.
  • Keeps Orgo outside SSH/rsync and coordinator flows; runs require --no-sync.
  • Adds provider configuration, docs, generated metadata, fake-API lifecycle coverage, and a guarded shared live harness.

Maintainer hardening

  • Restricts destructive stop operations to exact local Orgo claims; stop rejects raw unclaimed computer IDs.
  • Retains claims when API 404 responses are authorization-ambiguous; partial cleanup retries only after an accessible workspace inventory proves the computer absent.
  • Bounds rollback and deferred cleanup contexts.
  • Handles terminal startup/status states without five-minute hangs.
  • Starts reused computers through the official action endpoint before Bash execution.
  • Applies unsupported machine-sizing validation to canonical and normalized alias names.
  • Keeps credentials out of argv, repository config, and proof output; redacts echoed secrets from provider errors.
  • Requires live Bash proof to report success: true and the expected marker.

Verification

Exact candidate: 7bc64fd2b085869a3d132ee13655261e44972b9d

  • go test -race ./internal/providers/orgo -count=1
  • go test -race ./internal/cli -run '^TestControllerGetReconcilesProviderExpiry$' -count=10
  • go vet ./...
  • go test -race ./internal/providers/orgo ./internal/providers/all ./internal/cli -run 'Orgo|orgo|TestController(GetReconcilesProviderExpiry|RestartDoesNotReacquireMissingKnownLease)' -count=1
  • node --test scripts/live-smoke.test.js (59/59)
  • bash -n scripts/live-smoke.sh
  • node scripts/build-docs-site.mjs
  • go build -trimpath -o bin/crabbox ./cmd/crabbox
  • focused AutoReview after accepted fixes: clean

Remaining live gate

Do not merge yet.

  1. Branch-wide security review found that a provider create request can commit remotely but return a timeout, transport failure, 429, 5xx, or identity-less 2xx. A bounded in-memory lookup is not enough: safe cleanup requires a durable pre-create recovery record plus later reconciliation/cleanup semantics. That storage/lifecycle contract is larger than this provider PR and must be designed before landing.
  2. CRABBOX_LIVE=1 CRABBOX_LIVE_PROVIDERS=orgo scripts/live-smoke.sh is ready to prove create, command execution, and successful resource deletion on this exact candidate, but no Orgo credential is currently available for the canary.

@zozo123 zozo123 marked this pull request as ready for review June 18, 2026 11:11
@clawsweeper

clawsweeper Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs real behavior proof before merge. Reviewed July 6, 2026, 10:28 AM ET / 14:28 UTC.

Summary
The branch adds a built-in Orgo delegated-run provider with config, docs, generated provider metadata, fake-API tests, live-smoke wiring, and a WebVNC resolved-provider hint fix.

Reproducibility: yes. for the blocking review findings: source inspection shows raw Orgo HTTP error bodies are returned and remote creates happen before any durable claim or recovery record. The live provider behavior itself is not yet reproduced because no hosted Orgo credentials are available.

Review metrics: 2 noteworthy metrics.

  • Changed files: 23 files; 3281 additions, 8 deletions. This is a broad new built-in provider surface, so maintainer proof needs to cover config, docs, live-smoke, and cleanup behavior.
  • Provider surface: 1 built-in provider added. Adding Orgo changes the supported provider matrix and the default CLI distribution rather than only adding optional documentation.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #449
Summary: The open Orgo provider request is the canonical tracking item; this PR is the current implementation candidate but is not merge-ready.

Members:

  • canonical: Add support orgo as provider #449 - The issue asks to add Orgo provider support and its discussion identifies this PR as the implementation candidate while keeping proof and product acceptance open.

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦪 silver shellfish
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Post a redacted hosted Orgo lifecycle transcript showing workspace/computer create, running command output, and successful cleanup.
  • [P1] Redact Orgo non-2xx response bodies and add a regression test for echoed bearer and raw API-key responses.
  • [P1] Define and implement durable pre-create recovery semantics, or pause this PR until maintainers approve that contract.

Proof guidance:

  • [P1] Needs real behavior proof before merge: Only fake API/local validation is present; the PR body and latest comment say hosted Orgo create/run/delete proof is still blocked by missing CRABBOX_ORGO_API_KEY or ORGO_API_KEY. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

  • [P2] A committed Orgo workspace or computer can be created remotely before Crabbox has durable recovery state, so a timeout, 429, 5xx, or identity-less success can leave resources without a cleanup path.
  • [P1] Non-2xx Orgo response bodies are surfaced without redacting the configured API key, which can leak credentials if the API or a custom endpoint echoes request secrets.
  • [P1] The PR still lacks a redacted hosted Orgo create, command execution, and cleanup transcript with real credentials, so fake API tests do not prove the live provider contract.

Maintainer options:

  1. Hold for recovery contract and proof (recommended)
    Require durable recovery before remote Orgo creates, redact HTTP error bodies, and post a redacted hosted lifecycle run before merge.
  2. Accept the current boundary explicitly
    Maintainers may choose to accept the best-effort cleanup and diagnostic-redaction risk as a deliberate provider-specific tradeoff.
  3. Pause or close until the contract exists
    If durable recovery is larger than this branch, preserve the tracking issue and stop treating this PR as the landing candidate for now.

Next step before merge

  • [P1] Manual review is needed because the remaining gates are a provider security/recovery contract and live hosted credentials proof, not a narrow automation repair.

Maintainer decision needed

  • Question: Should built-in Orgo support wait for a durable pre-create recovery contract plus hosted lifecycle proof before merge?
  • Rationale: The remaining blockers are not ordinary CI follow-up: maintainers need to decide the acceptable security and cleanup boundary for a provider that creates remote resources with user credentials.
  • Likely owner: steipete — steipete has the strongest recent history on provider cleanup, credential-boundary, and Orgo hardening work relevant to this decision.
  • Options:
    • Hold for recovery and proof (recommended): Require durable pre-create recovery semantics, Orgo HTTP error redaction, and redacted hosted create/run/delete proof before merging the provider.
    • Accept best-effort cleanup risk: Maintainers could intentionally merge the current provider with known orphan-resource and diagnostic-secret risks, but they would own that operational boundary.
    • Pause this branch: Keep the tracking issue open and pause or close this PR until the cross-provider recovery contract is designed elsewhere.

Security
Needs attention: The diff still has concrete security-boundary concerns around secret-bearing diagnostics and durable cleanup of remote Orgo resources.

Review findings

  • [P1] Persist recovery before remote Orgo creates — internal/providers/orgo/backend.go:346-354
  • [P1] Redact Orgo HTTP error bodies before returning them — internal/providers/orgo/client.go:315
Review details

Best possible solution:

Land Orgo only after HTTP error redaction, a durable remote-create recovery and cleanup contract, and redacted hosted create/run/delete proof are all in place.

Do we have a high-confidence way to reproduce the issue?

Yes for the blocking review findings: source inspection shows raw Orgo HTTP error bodies are returned and remote creates happen before any durable claim or recovery record. The live provider behavior itself is not yet reproduced because no hosted Orgo credentials are available.

Is this the best way to solve the issue?

No; the implementation direction is plausible, but it is not merge-ready until the redaction bug, durable recovery contract, and hosted lifecycle proof are resolved.

Full review comments:

  • [P1] Persist recovery before remote Orgo creates — internal/providers/orgo/backend.go:346-354
    This still creates the Orgo workspace and computer before Crabbox has any durable recovery record or claim. If Orgo commits the create but returns a timeout, 429, 5xx, transport failure, or identity-less success, later cleanup has no durable resource identity to reconcile, so this provider can leak remote resources.
    Confidence: 0.9
  • [P1] Redact Orgo HTTP error bodies before returning them — internal/providers/orgo/client.go:315
    doJSON still stores the raw non-2xx response body in orgoHTTPError. If Orgo or a configured endpoint echoes Authorization: Bearer <key> or the raw API key in an error response, the CLI will surface that secret in diagnostics.
    Confidence: 0.92

Overall correctness: patch is incorrect
Overall confidence: 0.9

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against cd9ede0bd461.

Label changes

Label justifications:

  • P2: This is a normal-priority new hosted provider feature with concrete security and proof blockers but no regression in existing providers.
  • merge-risk: 🚨 security-boundary: Merging can expose Orgo API credentials in diagnostics and can create remote resources without durable cleanup recovery.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦪 silver shellfish.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Only fake API/local validation is present; the PR body and latest comment say hosted Orgo create/run/delete proof is still blocked by missing CRABBOX_ORGO_API_KEY or ORGO_API_KEY. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
Evidence reviewed

Security concerns:

  • [medium] Orgo HTTP errors can expose API keys — internal/providers/orgo/client.go:315
    The client returns raw non-2xx response bodies, so reflected bearer tokens or raw keys can reach user-visible errors without redaction.
    Confidence: 0.92
  • [medium] Remote creates lack durable pre-create recovery — internal/providers/orgo/backend.go:346
    Workspace and computer creation can commit remotely before any durable recovery record exists, leaving Crabbox unable to reconcile or safely clean up ambiguous creates.
    Confidence: 0.9

What I checked:

  • Repository policy applied: AGENTS.md was read fully; its provider-adapter boundary and secret-handling guidance are directly relevant to a new hosted provider that creates remote resources and uses API credentials. (AGENTS.md:13, cb305ed2624d)
  • Current main does not already implement Orgo: Current main has no Orgo provider, config, docs page, or credential environment variable; the only matches are unrelated substrings such as 'forgotten' and 'ForGOOS'. (cb305ed2624d)
  • PR registers Orgo as a built-in provider: The PR imports internal/providers/orgo into the built-in provider registry, making this a core provider addition rather than a docs-only change. (internal/providers/all/all.go:52, 2fd67f9d0b27)
  • Remote mutation happens before durable recovery: createComputer calls CreateWorkspace and CreateComputer before claimLease writes any local lease claim or durable recovery record, so an ambiguous committed create can leave no durable identity for later cleanup. (internal/providers/orgo/backend.go:346, 2fd67f9d0b27)
  • Orgo HTTP errors still return raw response bodies: doJSON constructs orgoHTTPError with Body: string(data), so a non-2xx upstream response that echoes the bearer token or raw API key can be surfaced without redaction. (internal/providers/orgo/client.go:315, 2fd67f9d0b27)
  • Real hosted Orgo proof is still missing: The PR body and latest author comment say hosted Orgo lifecycle proof is blocked because CRABBOX_ORGO_API_KEY / ORGO_API_KEY are unavailable; current checks are green but are not a live create/run/delete proof. (2fd67f9d0b27)

Likely related people:

  • steipete: Recent main history shows work on External credential destinations, Lambda claim-bound cleanup, exact direct-cloud claims, provider live-smoke gating, and several Orgo hardening commits on this branch. (role: recent provider safety and credential-boundary contributor; confidence: high; commits: cb305ed2624d, d2660efa48df, 65634c2cecaf; files: internal/cli/credential_provenance.go, internal/providers/lambda/backend.go, docs/features/provider-live-smoke.md)
  • coygeek: Recent main history shows a large built-in provider addition with provider registration, docs, lifecycle, secrets, and cleanup surfaces adjacent to this Orgo provider work. (role: recent adjacent provider contributor; confidence: medium; commits: b2d058605239; files: internal/providers/sealosdevbox, docs/providers/sealos-devbox.md, internal/providers/all/all.go)
  • vincentkoc: The PR discussion shows vincentkoc carrying CI, local validation, rebase, and hosted Orgo proof-gate status for this provider candidate. (role: recent PR validation and proof-gate reviewer; confidence: medium; files: internal/providers/orgo, scripts/live-smoke.sh, scripts/live-smoke.test.js)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (4 earlier review cycles)
  • reviewed 2026-07-03T20:50:37.403Z sha 23b6847 :: needs real behavior proof before merge. :: [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-05T11:34:25.438Z sha 7bc64fd :: needs real behavior proof before merge. :: [P1] Persist recovery before remote Orgo creates | [P1] Redact Orgo error bodies before surfacing them | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-05T11:39:17.236Z sha 7bc64fd :: needs real behavior proof before merge. :: [P1] Persist recovery before remote Orgo creates | [P1] Redact Orgo error bodies before surfacing them | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-05T11:55:24.666Z sha 7bc64fd :: needs real behavior proof before merge. :: [P1] Persist recovery before remote Orgo creates | [P1] Redact Orgo error bodies before surfacing them | [P3] Remove the release-owned changelog entry

@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jun 18, 2026
@zozo123 zozo123 force-pushed the codex/orgo-live-smoke branch 2 times, most recently from d9aab2f to 482bc1b Compare June 20, 2026 23:02
@steipete steipete force-pushed the codex/orgo-live-smoke branch 3 times, most recently from 8f551f1 to 6709b30 Compare June 22, 2026 08:43
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jun 22, 2026
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 6709b30 to 7e56248 Compare June 22, 2026 16:10
@steipete

Copy link
Copy Markdown
Contributor

@clawsweeper re-review

Rebased onto current main and fixed the review findings: provider and live-smoke readiness polling now wait for running state, terminal startup failures clean up resources, and provider capabilities satisfy current registry conformance. Exact head: 7e5624855596586ca947eed50906a82b64d31fbf.

@clawsweeper

clawsweeper Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@zozo123

zozo123 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from 7e56248 to 5c9ff32 Compare June 24, 2026 04:41
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 24, 2026
@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated #458 to current main and pushed head 5c9ff329cb5b2e79a57aa0031f34cde2b8c51289.

Validation now completed:

  • GitHub CI is green: 6 successful, 0 failing, 0 pending on https://github.com/openclaw/crabbox/actions/runs/28075644227.
  • Local validation passed: go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox, node --test scripts/live-smoke.test.js, provider matrix/docs checks, go vet ./..., go build -trimpath -o bin/crabbox ./cmd/crabbox, and full go test ./....
  • Rebase conflicts were resolved by preserving current generated provider matrix state, regenerating it to 66 providers with Orgo included, and keeping both newer Morph live-smoke coverage and Orgo live-smoke coverage.

I am not merging this yet while status: 📣 needs proof remains. The remaining external proof is hosted Orgo lifecycle behavior with real credentials: create workspace/computer, wait to running, execute command, delete computer/workspace, and show no leaked token/output.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Pushed maintainer fixes for the concrete security/release findings.

Head: 3de3cb8bf89f3d8e603f6c646c8c7cf1abae6d0e

Changes made:

  • non-2xx Orgo HTTP response bodies are redacted with the configured API key before the error is surfaced
  • added TestHTTPErrorRedactsAPIKeyFromResponseBody, covering both Bearer <key> and raw key echoes from a custom/upstream API response
  • removed the release-owned CHANGELOG.md entry and kept release-note context in the PR body

Local validation passed on this head:

go test ./internal/providers/orgo
go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox
node --test scripts/live-smoke.test.js
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs
go vet ./...
go build -trimpath -o bin/crabbox ./cmd/crabbox
git diff --check

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

Public CI is now green on current head 3de3cb8bf89f3d8e603f6c646c8c7cf1abae6d0e: https://github.com/openclaw/crabbox/actions/runs/28084529432.

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated the PR body with the canonical summary, validation evidence, and remaining merge gate for current head. No code changes in this update.

Still not merging unless the live proof labels clear and the provider-specific proof/contract gate is satisfied.

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from 3de3cb8 to a13a41a Compare June 24, 2026 13:54
@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Rebased Orgo onto current main and refreshed the generated provider matrix count.

Head: a13a41ac2543af91594e6d6e84f96792c6864d9f

Change made:

  • regenerated provider docs metadata after rebase; current built-in surface now reports 67 providers

Local validation passed:

go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox
node --test scripts/live-smoke.test.js
node scripts/generate-provider-matrix.mjs --check
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs
go vet ./...
go build -trimpath -o bin/crabbox ./cmd/crabbox
git diff --check

Public CI is green on this head: https://github.com/openclaw/crabbox/actions/runs/28103708184

Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and status: 📣 needs proof / merge-risk: 🚨 security-boundary remain.

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc vincentkoc force-pushed the codex/orgo-live-smoke branch from a13a41a to 8cb00c2 Compare June 24, 2026 15:53
@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Updated the PR body to current head 8cb00c22c5297179e574940ebe2c142f1dc6b0c2 and the current CI run: https://github.com/openclaw/crabbox/actions/runs/28111473550

No code changes in this update. The remaining gate is still hosted Orgo lifecycle proof with real credentials; there are no Orgo API credentials in this environment.

@vincentkoc

Copy link
Copy Markdown
Member

@clawsweeper re-review

Current head 8cb00c22c5297179e574940ebe2c142f1dc6b0c2 now has green public CI: 8 successful, 0 failing, 0 pending on https://github.com/openclaw/crabbox/actions/runs/28111473550.

Additional local reproduction while checking the earlier pending jobs:

  • goreleaser release --snapshot --clean --skip=publish passed locally in the feat: add Orgo provider #458 worktree.
  • go test ./internal/cli -covermode=atomic -count=1 -v passed locally after investigating a transient coverage-run flake.

Still not merging: hosted Orgo lifecycle proof remains blocked by missing real Orgo credentials, and status: needs proof / security-boundary remain the merge gate.

@clawsweeper clawsweeper Bot removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 24, 2026
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 8cb00c2 to 23b6847 Compare July 3, 2026 20:41
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 3, 2026
@clawsweeper

clawsweeper Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

zozo123 and others added 16 commits July 5, 2026 04:16
Drives the real *orgoHTTPClient through the delegated-run backend against a
fake Orgo REST API (httptest), covering the full lifecycle: create workspace,
create computer, run bash, delete computer, delete workspace. Asserts the
Bearer auth header, exit code, SyncDelegated, stdout, and that every expected
API endpoint is hit.

No real secrets: the API key is a dummy value via CRABBOX_ORGO_API_KEY and the
base URL is the in-process test server via CRABBOX_ORGO_API_BASE, so the test
never reaches the live Orgo API.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@steipete steipete force-pushed the codex/orgo-live-smoke branch from 23b6847 to 7bc64fd Compare July 5, 2026 11:31
Co-authored-by: Cursor <cursoragent@cursor.com>
@zozo123

zozo123 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

Updated #458 to current main and pushed head 2fd67f9d.

Changes made:

  • resolved the merge conflicts in docs/providers/README.md and internal/cli/credential_provenance.go
  • regenerated provider metadata at 73 built-in providers with Orgo plus current main
  • removed the release-owned Orgo CHANGELOG.md entry from the PR-local diff

Validation passed:

node --test scripts/live-smoke.test.js
node scripts/generate-provider-matrix.mjs --check
node scripts/check-command-docs.mjs
node scripts/check-docs-links.mjs
git diff --check
go test ./internal/providers/orgo ./internal/providers/all

Validation note:

go test ./internal/providers/orgo ./internal/providers/all ./internal/cli ./cmd/crabbox

passed the Orgo/provider packages and cmd/crabbox, but internal/cli failed at TestControllerTrackedChildDiesWithControllerProcess (lifecycle child ... survived controller crash). The same targeted test also fails on current main, so I did not change unrelated controller lifecycle code in this PR.

Still not merging: hosted Orgo lifecycle proof remains blocked here because CRABBOX_ORGO_API_KEY / ORGO_API_KEY are not set in this environment.

@clawsweeper

clawsweeper Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants