Add shared upstream DMG acceptance gate#834
Conversation
7a7515e to
3ab8880
Compare
|
@avifenesh I like this. I’m going to set something up, but we should borrow from "OpenClaw" (https://github.com/openclaw/openclaw/blob/main/CONTRIBUTING.md) before PRs pile up. Their rules welcome agent work but demand scope, evidence, and accountability. Steinie’s "transcript skill" (https://github.com/openclaw/openclaw/blob/main/.agents/skills/agent-transcript/SKILL.md) is smart too: opt-in, redacted, and focused on intent and proof—not raw chats. Jorge Castro is taking "Project Bluefin" (https://docs.projectbluefin.io/agentic-contributing/) further: agent instructions, scoped skills, an agent-ready queue, "/claim", human gates, and attribution. The repo itself tells agents how to work in it. We should not copy either whole. But #834 gives us the right base. A small follow-up could make this repo agent-ready. It would also send OpenAI a clear signal: we are not just bringing Codex to Linux. We are building it with Codex, in the open. At least we tried |
3ab8880 to
27049bd
Compare
27049bd to
223523d
Compare
Summary
Why
Local installation and CI previously evaluated upstream drift through separate paths, and the normal install flow could overwrite the working app before late checks completed. The earlier transactional swap also left a two-rename interruption window, while updater caches and app backups could grow without bounds. Automated user-local rebuilds additionally forced a developer override that permitted replacing a running Electron runtime.
This change makes reports and policy the single source of truth, keeps the canonical install path continuously available, refuses automated promotion while the installed app is running, and retains only the immediately previous working app. Disabled Linux Features are not probed; drift in a user-enabled feature rejects the candidate until the user disables or repairs that feature.
Prior work and ideas
This PR consolidates or responds to ideas from:
Thanks to @joshyorko, @avifenesh, and @ryan-mt for the investigation and proposals that informed this design.
Checks
cargo fmt --check,cargo check, and all 235 updater testsci-local corereaches the unchanged Computer Use runtime fixture; that local container fixture cannot resolve its required app-server manifest path, while all affected updater, shell, Node, and packaging suites passNotes
CODEX_INSTALL_ALLOW_RUNNING=0andCODEX_ACCEPTANCE_OVERRIDE=0; the direct installer retains an explicit developer-only running-app override