Skip to content

Commit 47a2f98

Browse files
Sdvegas21claude
andcommitted
ci: refresh stale workflow truth surfaces for the 0.4.2/mvar-1.6.0 era
- engine-parity embedded leg: set CLAWZERO_ALLOW_EMBEDDED=1 — the leg exists to test the embedded engine, so it uses the documented opt-in; the 0.4.1 fail-closed engine requirement (first CI exposure today) correctly refused without it. Verified locally: 60 failed -> 74 passed/12 skipped across the parity trio. - test.yml download-smoke + release-gate: clawzero==0.2.0 -> ==0.4.2; ledger-signer grep HMAC fallback -> Ed25519 (QSEAL) (mvar >=1.5.x signs the ledger); policy grep v1.4.3 -> v1.6.0. Every grep verified against a live-PyPI install of 0.4.2 before commit. NOTE: these pins assert the CURRENT release and must be bumped as part of each release (the 0.2.0-era strings going stale is exactly how this run went red). - mvar-integrated.yml: mvar-security>=1.4.3 -> >=1.6.0. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1 parent 2ea60ea commit 47a2f98

3 files changed

Lines changed: 9 additions & 5 deletions

File tree

.github/workflows/engine-parity.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ jobs:
1717
engine-mode: ["mvar", "embedded"]
1818
env:
1919
CLAWZERO_ENGINE_MODE: ${{ matrix.engine-mode }}
20+
# The embedded leg exists to test the embedded engine's parity, so it uses
21+
# the documented explicit opt-in; without it the 0.4.1 fail-closed engine
22+
# requirement (correctly) refuses to run on the weaker engine.
23+
CLAWZERO_ALLOW_EMBEDDED: ${{ matrix.engine-mode == 'embedded' && '1' || '' }}
2024

2125
steps:
2226
- name: Checkout

.github/workflows/mvar-integrated.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
run: |
2020
python -m pip install --upgrade pip
2121
pip install -e .[dev]
22-
pip install "mvar-security>=1.4.3"
22+
pip install "mvar-security>=1.6.0"
2323
2424
- name: Run required Ed25519 witness test (no skip allowed)
2525
run: |

.github/workflows/test.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ jobs:
5252
python3 -m venv /tmp/gate_test
5353
source /tmp/gate_test/bin/activate
5454
python -m pip install --upgrade pip
55-
pip install clawzero==0.2.0
55+
pip install clawzero==0.4.2
5656
5757
clawzero doctor openclaw | tee /tmp/doctor.out
5858
grep -q "Status: SECURE" /tmp/doctor.out
@@ -80,13 +80,13 @@ jobs:
8080
python3 -m venv /tmp/download_smoke
8181
source /tmp/download_smoke/bin/activate
8282
python -m pip install --upgrade pip
83-
pip install --no-cache-dir clawzero==0.2.0
83+
pip install --no-cache-dir clawzero==0.4.2
8484
8585
clawzero doctor openclaw | tee /tmp/doctor.out
8686
grep -q "Status: SECURE" /tmp/doctor.out
8787
grep -q "Witness signer: Ed25519 (QSEAL) ✓" /tmp/doctor.out
88-
grep -q "Ledger signer: HMAC fallback" /tmp/doctor.out
88+
grep -q "Ledger signer: Ed25519 (QSEAL) ✓" /tmp/doctor.out
8989
9090
clawzero demo openclaw --mode compare --scenario shell | tee /tmp/demo.out
9191
grep -q "MVAR-Protected → BLOCKED ✓" /tmp/demo.out
92-
grep -q "Policy: mvar-security.v1.4.3" /tmp/demo.out
92+
grep -q "Policy: mvar-security.v1.6.0" /tmp/demo.out

0 commit comments

Comments
 (0)