Skip to content

final closeout hardening#21

Merged
xiaojiou176 merged 11 commits intomainfrom
codex/final-closeout-hardening-owner2
Apr 7, 2026
Merged

final closeout hardening#21
xiaojiou176 merged 11 commits intomainfrom
codex/final-closeout-hardening-owner2

Conversation

@xiaojiou176
Copy link
Copy Markdown
Member

@xiaojiou176 xiaojiou176 commented Apr 7, 2026

Summary

  • enforce operator-manual desktop guards across CLI, workflows, and host-safety gate
  • harden local git-hook layering so pre-commit stays local-fast and pre-push no longer inherits generic full-repo hygiene hooks
  • repair CI security/tooling blockers surfaced during closeout, including detect-secrets baseline and false-positive fixes

Test Plan

  • pnpm check:host-safety
  • bash scripts/docs-gate.sh
  • bash scripts/ci/check-workflow-hygiene.sh
  • git diff --check
  • local pre-commit path during commit
  • local pre-push balanced path during branch push
  • remote PR checks after PR creation

Breaking Changes

None

Rollout / Risk

  • Risk: Medium
  • Rollback: revert the 7 closeout commits on this branch
  • Notes: branch exists to finish repo-side closeout; final merge should be followed by fresh rerun on main

Closeout Ledger Snapshot

  • repo-side host-safety guardrails: landed on branch
  • local-fast / pre-push layering repair: landed on branch
  • detect-secrets baseline + false-positive cleanup: landed on branch
  • remaining step after PR creation: non-author approve, merge, final rerun, final verdict

@xiaojiou176 xiaojiou176 dismissed a stale review via b241339 April 7, 2026 21:33
@xiaojiou176 xiaojiou176 dismissed a stale review via c4a0e9d April 7, 2026 21:59
@xiaojiou176 xiaojiou176 dismissed a stale review via 3fe8d61 April 7, 2026 22:08
@xiaojiou176 xiaojiou176 merged commit 68c1dcd into main Apr 7, 2026
23 checks passed
@xiaojiou176 xiaojiou176 deleted the codex/final-closeout-hardening-owner2 branch April 7, 2026 22:13
xiaojiou176 added a commit that referenced this pull request Apr 11, 2026
@xiaojiou176
final closeout hardening (#21)
9eacd26 
* fix(host-safety): enforce operator-manual desktop guards

* fix(tooling): keep shebang parity in pre-commit

* fix(ci): avoid private-key test literal false positive

* chore(ci): normalize sensitive gate file endings

* chore(security): add detect-secrets baseline

* test(ci): avoid typo false positive in ai routing pack

* fix(tooling): limit generic hooks to pre-commit

* fix(api): terminate process groups before child fallback

* fix(ci): allow host fallback in hooks equivalence

* fix(ci): unblock PR run and hooks equivalence gates

* test(e2e): align smoke navigation semantics
@xiaojiou176 xiaojiou176 changed the title [codex] final closeout hardening final closeout hardening Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xiaojiou176