Skip to content

Prepare CodeWhale v0.8.68 release candidate#4361

Merged
Hmbown merged 17 commits into
mainfrom
codex/v0868-underwater-release-prep
Jul 14, 2026
Merged

Prepare CodeWhale v0.8.68 release candidate#4361
Hmbown merged 17 commits into
mainfrom
codex/v0868-underwater-release-prep

Conversation

@Hmbown

@Hmbown Hmbown commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Completes the Codewhale v0.8.68 release candidate on one reviewable branch.

  • finishes the underwater TUI while preserving compact-terminal behavior, keyboard and mouse parity, reduced-motion semantics, and theme reachability
  • keeps permission posture changes coherent across live state, persistence, previews, and restart
  • persists complete Worker and Open chat artifacts beyond the bounded resident tail
  • restores CI portability across Rust targets and release workflows
  • gives the TUI state machine an explicit 16 MiB async-owner stack, eliminating modal-event stack overflows on macOS
  • retains the provider, Workflow, Fleet, tool, setup, URL, billing, and release-candidate work already consolidated in the original candidate

OpenHands runtime parity

This is runtime simplification, not benchmark setup.

The default model-facing prompt now centers the execution loop on inspecting the repository, editing only what the task requires, verifying the result, and finishing with evidence. UI tutorials and cache-management narration are no longer the default instructions. That makes normal Codewhale behavior closer to the lean OpenHands execution contract, so benchmark behavior can improve as a consequence without a benchmark-only mode or manifest.

Verification

  • cargo fmt and git diff checks pass
  • cargo clippy --workspace --all-targets --locked -- -D warnings passes
  • full codewhale-tui suite passes: 6,681 unit tests plus all active integration targets
  • qa_pty passes 13 of 13, including compact config, resize, wheel, and approval-click coverage
  • integration_mock_llm passes 41 of 41
  • release_runtime_qa passes 5 active tests; the explicitly ignored 32-worker storm remains ignored
  • locked optimized build succeeds for codewhale and codewhale-tui
  • both binaries report 0.8.68 at commit 2e368a0
  • npm pack/install/download-wrapper smoke passes with zero audit vulnerabilities
  • app-server stdio protocol smoke passes; all configured provider exec routes pass no-spend dry-run validation
  • all 18 crates pass the publish dry-run/package-content gate

Release boundary

This PR does not tag a release, create a GitHub Release, or publish crates/npm artifacts. After merge, the merged commit will be rebuilt and installed only as local dogfood for final testing.

Hmbown added 8 commits July 12, 2026 18:07
Extract the Tasks, To-do, and worker ledger into an owned work-surface module with stable focus, scrolling, mouse actions, compact overflow, and safe cancellation. Keep Classic as the rollback shell while removing the migrated underwater strip from the legacy sidebar.

Make route billing distinguish metered API usage from OAuth, token-plan, and local routes; align direct startup, mode truth, slash-model performance, modal stack safety, hermetic tests, PTY gates, and atomic dogfood receipts.
Add configurable top/left/right Ocean work-surface placement while preserving Classic and narrow-terminal fallbacks. Unify exact-route provider readiness across provider/model/Fleet/setup surfaces, keep saved private models visible, and prevent OAuth, endpoint, model, or custom-provider health leakage. Retire visible legacy mode vocabulary while retaining compatibility aliases and strengthen hermetic/product-language gates.
Integrate the underwater TUI renovation, coherent work surfaces, provider and settings flows, truthful runtime receipts, terminal session persistence, motion contracts, and release QA coverage.

Verified with locked workspace clippy/tests, focused PTY/runtime suites, and a production release build before publication.
@Hmbown Hmbown force-pushed the codex/v0868-underwater-release-prep branch from f3e3213 to ed77493 Compare July 13, 2026 21:46
Hmbown added 7 commits July 13, 2026 16:54
Gate Unix-only terminal session code so Windows builds do not fail under -D warnings. Resolve the remaining candidate lint and diff hygiene failures without changing runtime behavior.
Classify project approval, sandbox, and shell provenance using the same non-escalation rules as startup. Carry persisted approval policy into the live Config and apply setup posture files transactionally with rollback before mutating runtime state.
Keep printable input owned by the composer, mask links beneath modal surfaces, route model settings through the real picker, and retain config search state across live rebuilds. Hide the unready Operate affordance while preserving parse compatibility. Separate terminal frame-rate constraints from reduced-motion semantics so underwater motion and stream delivery remain truthful.
Replace model-facing context-management UI tutorials and cache-price narration with a compact inspect-edit-verify-finish contract. Keep compaction and prompt accounting host-owned, preserve repository law and approval boundaries, and expose the lean layer in prompt inspection.
Prioritize every selectable option over secondary detail at the minimum supported terminal size, and keep catalog-backed model rows routed through the full picker. Isolate config and transcript fixtures from host settings so the full TUI suite remains deterministic under parallel execution.
Route configuration preview events through a small dispatcher path so debug TUI builds do not exhaust the macOS main-thread stack when a live theme changes. Make release PTY readiness semantic under ambient ocean motion and fail with process logs if palette preview exits.
Run the async Codewhale owner on an explicit 16 MiB stack after process hardening and panic-hook setup, preventing debug builds from overflowing on modal events. Strengthen real-PTY approval mouse coverage across resize and freeze decoration in state-transition scenarios.
@Hmbown Hmbown marked this pull request as ready for review July 14, 2026 01:42
Copilot AI review requested due to automatic review settings July 14, 2026 01:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

@claude

claude Bot commented Jul 14, 2026

Copy link
Copy Markdown

Claude finished @Hmbown's task in 1m 31s —— View job


Reviewing PR #4361 (v0.8.68 release candidate)

Todo list

  • Gather context (PR body, changed files, CLAUDE.md/AGENTS.md)
  • Understand request (this is a code review request, not implementation)
  • Review diff for correctness bugs (in progress — fanning out across subsystems, this is a 100-file/25k-line diff)
  • Review provider/model/route safety (v0.8.65 EPIC v0.8.65 EPIC: Separate provider facts, model facts, offerings, and route resolution #2608 invariant)
  • Review reuse/simplification opportunities
  • Review test coverage
  • Review security concerns
  • Post final review summary

Keep terminal-specific motion tests independent from the legacy Windows console heuristic, pin the cadence test to its authored motion inputs, and serialize managed config paths as valid TOML on Windows. Exercise settings migration through persisted values so runtime terminal overlays cannot mask the migration contract.

Signed-off-by: Hunter B <hmbown@gmail.com>
@claude

claude Bot commented Jul 14, 2026

Copy link
Copy Markdown

Claude finished @Hmbown's task in 9m 19s —— View job


Reviewing PR #4361 (v0.8.68 release candidate)

Todo list

  • Gather context (PR body, changed files, CLAUDE.md/AGENTS.md)
  • Understand request (code review, not implementation)
  • Review provider/model/route safety (v0.8.65 EPIC v0.8.65 EPIC: Separate provider facts, model facts, offerings, and route resolution #2608 invariant)
  • Review correctness bugs across runtime_contract, engine, subagent, terminal_session, provider_readiness, route_billing
  • Review TUI-layer changes (config, mouse_ui, model_picker, settings_picker, motion)
  • Review reuse/simplification opportunities
  • Review test coverage
  • Review security concerns
  • Post final review summary

This is a 100-file, ~25.7k-line diff, so I fanned review out across three areas: provider/routing/billing safety, engine/runtime-contract correctness, and the TUI layer (config persistence, motion, mouse/keyboard). Inline comments are posted on the 5 most concrete findings; summary below.

1. Correctness bugs

  • crates/tui/src/main.rs:1264-1274 — the 16 MiB stack doesn't cover the engine. run_async_main (the #[tokio::main] fn) gets the widened codewhale-main OS thread, and only code directly .awaited there (tui::run_tui) benefits. Engine::run() (core/engine.rs:3956 spawn_engine) goes through spawn_supervised → plain tokio::spawn (utils.rs:356), landing on a default-stack Tokio worker — the #[tokio::main] macro never gets a thread_stack_size override. That's exactly the code this PR touches most (turn_loop.rs, dispatch.rs, new StuckGuard/subagent-coordination). The PR/CHANGELOG claim "gives the TUI state machine an explicit 16 MiB async-owner stack, eliminating modal-event stack overflows on macOS" only holds for the render/modal loop, not the engine half of that state machine. See inline comment for a concrete fix (build the runtime manually with thread_stack_size) or narrow the claim.
  • crates/tui/src/commands/groups/config/config.rs:1515-1519 vs 1586approval_mode's session-only (persist == false) edit path requires control == ApprovalPolicyControl::Unset exactly, while the parallel allow_shell path uses control.editable_root() regardless of persist. A session-only allow_shell toggle is permitted under RootConfig; the equivalent approval_mode toggle is rejected in the same state. Likely unintentional drift between two permission-posture controls this PR touches — no test covers either session-only + RootConfig case.
  • crates/tui/src/config_ui.rs:511-593apply_document's per-key loop bails on the first set_config_value error. Combined with the broadened approval_mode rejection above, a full settings save (theme, locale, etc.) while approval policy is environment/profile/managed/project-controlled now aborts after model (processed first) has already been applied to live state, with no rollback. Worth validating all keys up front or moving policy-gated keys to the end of the list.
  • crates/tui/src/compaction.rs:1279 — minor: ApiProvider::parse(client.provider_name()) replaces a previously-typed client.api_provider(); a future rename/typo in provider_name() would silently misattribute costs to Custom rather than failing loudly. Untested fallback path.
  • No unwrap/expect-on-fallible-path panics, no unbounded recursion, and no unguarded races were found in stuck_guard.rs, coord.rs, or the subagent spawn path — run_subagent_task is timeout-bounded and spawn depth is capped by max_spawn_depth.
  • motion/mode.rs + frame_requester.rs: reduced-motion gating is sound — should_request_animation_frames() consistently blocks frame coalescing/requests outside MotionMode::Full, and the UI falls back to the calm needs_redraw path otherwise. No stack-overflow-adjacent width/height underflow issues found in phase_strip.rs/composer_chrome.rs/plan_todo_bridge.rs (saturating arithmetic used throughout). Mouse/keyboard parity in model_picker.rs/provider_picker.rs looks consistent.

2. Provider/model/route safety (EPIC #2608 invariant)

No violations found. This is the area I scrutinized hardest given the two large new files (provider_readiness.rs, route_billing.rs), and both are explicitly designed around the invariant:

  • provider_readiness.rs scopes credential/readiness state by (provider, provider_id, endpoint, model, auth_class) tuples, never by string-matching a model prefix — tests explicitly assert cross-provider isolation for same-shaped model ids.
  • route_billing.rs derives BillingPresentation from explicit provider + auth_mode/base_url config; a test (unknown_is_unknown_not_zero_dollars) specifically checks a DeepSeek-shaped model id routed through NvidiaNim doesn't inherit DeepSeek billing.
  • fleet/profile.rs carries an explicit comment that provider is "never inferred by sniffing model for a provider-shaped substring (EPIC v0.8.65 EPIC: Separate provider facts, model facts, offerings, and route resolution #2608)" — provider is a validated, first-class field.
  • Pre-existing prefix checks in pricing.rs are capability/pricing lookups keyed by model id, not provider-selection decisions, and are unchanged by this diff.

One edge case worth a look: route_billing.rs:284 (xiaomi_is_explicit_pay_as_you_go) has an untested inconsistent-signal case (payg mode set alongside a token-plan key) that could show metered dollars for a token-plan account — not a provider-inference bug, just an env-var-precedence gap.

3. Reuse / simplification

  • crates/tui/src/core/mod.rs:17-27 — only model.rs and termination.rs from runtime_contract/ are wired in via #[path]; pub mod runtime_contract; is never declared, so budget.rs, context.rs, ledger.rs, manifest.rs, profile.rs, progress.rs, resources.rs, retry.rs, terminal.rs, work.rs (~1,576 lines) ship as intentionally uncompiled scaffolding (documented as staged per TUI-DOG-017). Reasonable as a rollout strategy, but means this PR adds ~1,576 lines with zero compiler or test verification — their mutual references (e.g. to RUNTIME_CONTRACT_SCHEMA_VERSION) could already be broken without CI catching it.
  • fleet/profile.rs:296 (load_workspace_agent_profiles_tolerant) parses every profile TOML twice per roster load (once for identity, once for the full profile) — harmless, just wasted I/O.

4. Tests

  • stuck_guard.rs has solid unit coverage, but no integration test drives its StuckSignal::Stop path through turn_loop.rs's new injection points.
  • coord.rs/subagent/tests.rs cover per-tool interrupt/timeout cases well, but there's only one test (completion_claim_preserves_running_gate_and_excludes_late_cancel) for the manager-level race between concurrent agents/interrupt and natural completion — a partial gap given how central that race is to the new coordination logic.
  • The approval_mode/allow_shell control-inconsistency and the apply_document partial-apply case above have no test coverage either direction.
  • The dead runtime_contract/* files have no tests since they don't compile into the test binary.

5. Security

Nothing new stood out — no secret-handling, shell/exec-policy, or input-validation regressions found in the reviewed subsystems.

Good choices worth noting

  • The provider/routing/billing redesign (provider_readiness.rs, route_billing.rs, fleet/profile.rs) is genuinely careful about the EPIC v0.8.65 EPIC: Separate provider facts, model facts, offerings, and route resolution #2608 invariant, with tests written specifically to catch prefix-based provider inference regressions.
  • motion/mode.rs's reduced-motion gating is clean and consistently applied.
  • Panic supervision (spawn_supervised) and depth/timeout bounding in the new subagent coordination code are solid safety nets even though the 16 MiB stack claim doesn't reach that code (finding Fix cargo fmt formatting issues #1).

Comment on lines +1515 to +1519
let control_allows_change = if persist {
control.editable_root()
} else {
matches!(control, crate::config::ApprovalPolicyControl::Unset)
};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correctness: approval_mode's session-only (persist == false) editability requires control to be exactly ApprovalPolicyControl::Unset (line 1517-1518), whereas the parallel allow_shell branch below (line 1586) calls control.editable_root() unconditionally, regardless of persist. That means a session-only toggle of allow_shell is permitted whenever editable_root() returns true (e.g. under RootConfig), but the equivalent session-only toggle of approval_mode is rejected in that same state. This is an unflagged behavioral inconsistency between two permission-posture controls added/touched in this PR, and no test in config/tests.rs exercises the RootConfig + session-only case for either key to confirm which behavior is intended.

// tokens through the side-channel so the dashboard total
// matches the website (#526).
crate::cost_status::report(client.api_provider(), &response.model, &response.usage);
let api_provider = crate::config::ApiProvider::parse(client.provider_name())

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: replacing the previous typed client.api_provider() with ApiProvider::parse(client.provider_name()) silently falls back to ApiProvider::Custom on any mismatch between a provider's provider_name() string and what ApiProvider::parse recognizes. A future rename/typo here would misattribute costs to "Custom" silently rather than failing loudly or falling back to the client's actual typed provider. No test covers this fallback path.

Comment on lines 17 to +27
pub mod authority;
pub mod engine;
pub mod events;
// The first production consumer of the staged runtime contract is the
// provider-neutral model boundary. Keep the remaining contract files staged
// until their own consumers land instead of compiling dead scaffolding.
#[path = "runtime_contract/model.rs"]
pub mod model_client;
pub mod ops;
#[path = "runtime_contract/termination.rs"]
pub mod termination;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reuse/simplification note: per this comment, runtime_contract/budget.rs, context.rs, ledger.rs, manifest.rs, profile.rs, progress.rs, resources.rs, retry.rs, terminal.rs, work.rs (~1,576 lines total) are intentionally left uncompiled scaffolding — pub mod runtime_contract; is never declared, only model.rs and termination.rs are wired in via #[path]. That's a reasonable staged-rollout strategy per TUI-DOG-017, but it means this PR ships ~1,576 lines that get zero compiler checking and zero test execution (they don't even build under cfg(test)). Their cross-module references to each other (e.g. ledger.rs, manifest.rs, profile.rs importing super::RUNTIME_CONTRACT_SCHEMA_VERSION) could already be broken and CI would not catch it until a later PR wires them in. Worth a tracking issue/comment reference so this doesn't get lost.

Comment thread crates/tui/src/main.rs
Comment on lines +1264 to +1274
// The interactive runtime intentionally carries a large state machine:
// terminal rendering, modal dispatch, provider setup, and fleet/workflow
// events all share one async owner. Debug builds retain enough stack
// temporaries that nesting a modal event over the TUI loop can exceed the
// platform main-thread default (8 MiB on macOS). Give that owner an
// explicit stack while keeping process hardening and the global panic hook
// above this boundary, before Tokio or any worker thread exists.
let runtime_thread = std::thread::Builder::new()
.name("codewhale-main".to_string())
.stack_size(CODEWHALE_MAIN_STACK_BYTES)
.spawn(run_async_main)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correctness / claim mismatch: this gives the codewhale-main OS thread (which runs run_async_main, a #[tokio::main] fn) a 16 MiB stack. But run_async_main's #[tokio::main] macro builds its own multi-thread Tokio runtime with the default (un-overridden) worker stack size — there's no Builder::thread_stack_size call anywhere in the crate. Only code directly .awaited on this thread (i.e. tui::run_tui(...), main.rs:7339) benefits from the widened stack.

Engine::run() (crates/tui/src/core/engine.rs:3956 spawn_engine) is dispatched via spawn_supervised → plain tokio::spawn (utils.rs:356), so it runs on a different OS thread from Tokio's default worker pool — still the un-widened default stack. That's exactly the code this PR touches most (turn_loop.rs, dispatch.rs, new StuckGuard/subagent-coordination logic).

So the PR description's claim — "gives the TUI state machine an explicit 16 MiB async-owner stack, eliminating modal-event stack overflows on macOS" — only holds for the render/modal-dispatch loop, not the engine half of the state machine. If any of the stack-overflow reports motivating this change were actually inside engine/turn-loop code (not pure rendering), this change doesn't fix them.

[Fix this →](https://claude.ai/code?q=In+crates%2Ftui%2Fsrc%2Fmain.rs%2C+the+%23%5Btokio%3A%3Amain%5D+macro+on+run_async_main+builds+a+tokio+runtime+with+default+worker+thread+stack+size%2C+so+tokio%3A%3Aspawn+tasks+%28e.g.+Engine%3A%3Arun%28%29+via+spawn_engine+in+crates%2Ftui%2Fsrc%2Fcore%2Fengine.rs%3A3956%2C+which+goes+through+spawn_supervised+in+utils.rs%3A356%29+do+NOT+get+the+16+MiB+CODEWHALE_MAIN_STACK_BYTES+stack+-+that+only+applies+to+the+codewhale-main+OS+thread+itself.+Replace+%23%5Btokio%3A%3Amain%5D+with+a+manually+built+tokio%3A%3Aruntime%3A%3ABuilder%3A%3Anew_multi_thread%28%29.thread_stack_size%2816+*+1024+*+1024%29.build%28%29%3F.block_on%28...%29+so+worker+threads+running+the+engine+state+machine+also+get+the+larger+stack%2C+or+narrow+the+PR%2FCHANGELOG+claim+to+the+render+loop+only.&repo=Hmbown/CodeWhale

Comment on lines 516 to +519
("low_motion", bool_str(doc.settings.low_motion)),
("fancy_animations", bool_str(doc.settings.fancy_animations)),
("ocean_treatment", doc.settings.ocean_treatment.as_setting()),
(

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correctness (plausible): this loop (starting at apply_document, line ~511) applies each (key, value) pair via set_config_value and bail!s on the first error (line 593). approval_mode is processed right after model, before work_surface_placement and most other settings below. This PR broadened approval_mode's error condition in set_config_value (commands/groups/config/config.rs:1520) to reject whenever ApprovalPolicyControl is Environment/Profile/ManagedConfig/ProjectConfig/Requirements (previously narrower). So a full settings-editor save while approval policy is externally controlled now aborts the whole apply after model (and any earlier key) has already been applied to live app state — with no rollback of keys already processed and no test covering this interaction. Consider validating all keys up front, or moving policy-gated keys to the end of the list, so an approval-mode rejection can't leave other edits (like theme/locale in this same call) half-applied.

Exercise the production settings load and migration logic with explicit candidate paths. Windows resolves roaming config through the Win32 known-folder API, so APPDATA and XDG overrides cannot safely isolate that location in a parallel test runner.

Signed-off-by: Hunter B <hmbown@gmail.com>
@claude

claude Bot commented Jul 14, 2026

Copy link
Copy Markdown

Claude finished @Hmbown's task in 1m 36s —— View job


Reviewing PR #4361 (v0.8.68 release candidate) — re-review after synchronize

Todo list

  • Gather context (PR body, prior review comments, CLAUDE.md/AGENTS.md)
  • Diff against previous review point to see what changed since last pass
  • Check whether the 5 previously flagged findings were addressed
  • Review new commits for fresh correctness/provider-safety issues
  • Post updated review summary

What changed since the last review

The last full review (02:09–02:10 UTC) was against 2e368a0. Two commits landed after that:

  • fd8254btest(tui): isolate cross-platform release contracts
  • 9cf5522test(tui): isolate Windows config migration path

Together they touch only crates/tui/src/settings.rs, crates/tui/src/tui/ui/tests.rs, and crates/tui/src/tui/views/mod.rs. I reviewed this incremental diff (git diff 2e368a0..9cf5522):

  • settings.rs — extracts load_persisted_from_candidates(primary, legacy_home, legacy_config_dir) out of load_persisted() so tests can inject explicit paths instead of depending on dirs::config_dir() (which uses the Win32 known-folder API and can't be isolated via APPDATA/XDG_CONFIG_HOME env overrides in a parallel test runner). The extraction is a faithful behavior-preserving split — load_persisted() still calls it with the real settings_path_candidates(). Two migration tests were updated to use the new helper and a WT_SESSION marker was added so Windows test runs aren't misclassified as legacy ConHost by an unrelated heuristic. This is a legitimate test-isolation fix, no production-path behavior changes.
  • tui/ui/tests.rs — pins app.low_motion = false; app.fancy_animations = true; in underwater_motion_keeps_its_smoother_cadence_during_live_status so the test's authored motion cadence doesn't inherit a host's real saved low-motion/legacy-console policy from create_test_app(). Reasonable, self-contained.
  • views/mod.rs — replaces manual format!("...{}...", path.display()) with toml::Value::String(path...).to_string() when writing a test's managed config TOML. This is a real correctness improvement for the test itself: path.display() on Windows can contain backslashes that aren't valid inside an unescaped TOML string, so building the value through toml::Value guarantees correct escaping.

No new correctness, provider-safety, or security issues in this incremental diff — it's test-quality-only, matching both commit messages.

Status of the 5 previously-flagged findings

None of the files involved in this synchronize were touched, so all 5 remain open as reported in the prior review pass (unchanged, re-verified against current HEAD at 9cf5522):

  1. crates/tui/src/main.rs:1273 — the 16 MiB stack (CODEWHALE_MAIN_STACK_BYTES) covers the codewhale-main OS thread only; #[tokio::main] (main.rs:1289) still builds its runtime with default worker stack size, so spawn_engine (core/engine.rs:3956) → spawn_supervisedtokio::spawn still lands on an un-widened stack.
  2. crates/tui/src/commands/groups/config/config.rs:1516-1519 vs 1586approval_mode's session-only edit path still requires control == ApprovalPolicyControl::Unset exactly, while allow_shell's session-only path still uses control.editable_root() unconditionally — confirmed still present at current line numbers.
  3. crates/tui/src/config_ui.rs apply_document — still bails on first set_config_value error with no rollback of already-applied keys.
  4. crates/tui/src/compaction.rs:1279ApiProvider::parse(client.provider_name()) fallback-to-Custom behavior unchanged.
  5. crates/tui/src/core/mod.rs:23-28runtime_contract/ still ships ~1,576 lines of uncompiled scaffolding (only model.rs/termination.rs wired via #[path], no pub mod runtime_contract;).

None of these block the test-isolation commits themselves, but they're still open items against the release-candidate claims in the PR description (particularly #1, which contradicts the "eliminates modal-event stack overflows" claim for engine-side stack overflows, and #2/#3, which have no test coverage either direction).

@Hmbown Hmbown merged commit 9bfa466 into main Jul 14, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants