Skip to content

fix(evaos): require signed Mac-control runtime proof#708

Merged
100yenadmin merged 17 commits into
evaos/beta-rc-20260612from
codex/v2136-mac-control-runtime-receipt
Jul 15, 2026
Merged

fix(evaos): require signed Mac-control runtime proof#708
100yenadmin merged 17 commits into
evaos/beta-rc-20260612from
codex/v2136-mac-control-runtime-receipt

Conversation

@100yenadmin

@100yenadmin 100yenadmin commented Jul 14, 2026

Copy link
Copy Markdown
Owner

Summary

  • close the v2.1.36 enrollment apparent-no-op path with the current long-lived IPC, immediate progress/failure handling, and value-free provider diagnostic
  • add the gateway-authenticated selected-binding runtime-receipt route and verify a real connector-executed Mac action with pinned Ed25519/OpenSSH signatures
  • keep Mac-control start local to Workbench while preserving remote status, stop, kill switch, and action tools
  • require exact candidate, selected-binding, causal-time, replay, negative-boundary, cleanup, and secret-scan proof before beta distribution

Release boundary

This PR is source and gate work only. It does not claim release or customer readiness. Publication remains blocked on current-head CI/review, signed/notarized installed-app proof, isolated-staging direct Mac-control proof, pristine-Mac proof, RC/live canaries, and verified public artifacts.

Focused proof

  • bunx vitest run on 7 affected suites: 243 passed
  • OpenClaw plugin contract suite: 21 passed, including real OpenSSH SSHSIG and mechanically emitted negative proof
  • just typecheck
  • just lint-strict (0 errors)
  • just fmt-check
  • ruff check on connector/receipt/QA modules
  • shellcheck on the Hermes adapter
  • actionlint .github/workflows/evaos-live-canary-proof.yml
  • vendored Workbench bridge source/provenance matches exact HEAD

Summary by CodeRabbit

  • New Features
    • Strengthened Mac-control canary flow with runtime receipt verification, deployed-route boundary probes, negative probes, and replay protection.
    • Bundled an Ed25519 verifier with supported macOS releases and required it for installed-app trust checks.
    • Added automated scanning/validation for Mac-control proof artifacts and expanded bridge tooling for guarded desktop/mobile access.
  • Bug Fixes
    • Improved fail-closed handling and diagnostics for forged/expired/replayed/malformed/unauthorized Mac-control requests.
  • Documentation
    • Expanded Workbench and bridge guidance for Mac connection/recovery and Mac-control verification boundaries.
  • Tests / CI
    • Added/expanded release and PR checks to validate required artifacts, prevent proof/report drift, and enforce deterministic build outputs.

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 37 minutes

Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 862a9cce-2705-45cb-8119-d7e11b64e9a3

📥 Commits

Reviewing files that changed from the base of the PR and between 0241ee8 and 5b1308f.

📒 Files selected for processing (5)
  • CHANGELOG.md
  • packages/desktop/src/process/services/evaosNativeCompanionStatus.ts
  • resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py
  • tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts
  • tests/unit/evaos/evaosNativeCompanionStatus.test.ts
📝 Walkthrough

Walkthrough

This PR adds an OpenClaw desktop bridge, signed Mac-control runtime receipts, deployed-route proofs, native Ed25519 verification, expanded release checks, artifact scanning, and coverage for replay protection, redaction, candidate binding, cleanup, and packaging.

Changes

Mac-control bridge and proof pipeline

Layer / File(s) Summary
OpenClaw bridge contract and execution
resources/evaos-beta/bridge/agent-tools/*
Adds guarded tool registration, command routing, provider flows, visual evidence handling, firewall checks, Hermes adapter behavior, and contract tests.
Signed runtime receipt flow
resources/evaos-beta/bridge/agent-tools/openclaw-plugin/src/*, resources/evaos-beta/bridge/src/evaos_desktop_bridge/*
Adds gateway-authenticated receipt handling, execution-context verification, replay protection, signed receipt bundles, public attestations, strict schemas, and connector canary generation.
Canary and release validation
scripts/*, .github/workflows/*
Adds runtime negative proofs, deployed-route probes, proof scanning, trust-anchor wiring, native verifier packaging, and release artifact requirements.
QA and desktop integration
tests/unit/*, packages/desktop/*
Adds cryptographic, replay, cleanup, installed-app, workflow, native-companion, and packaging tests, plus enrollment diagnostics and selected-binding trust wiring.
Documentation and provenance
CHANGELOG.md, resources/evaos-beta/bridge/agent-tools/SOURCE.json
Documents the bridge and Mac-control proof contracts and records vendored source metadata and digests.

Estimated code review effort: 5 (Critical) | ~120 minutes

Possibly related issues

Possibly related PRs

Suggested labels: evaos, area:release, risk:security, kind:integration

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description has summary and proof notes, but most required template sections and checklists are missing or incomplete. Add the missing template sections: Linked Work, Type of Change, PR Lifecycle, Release Notes And Proof details, Validation checkboxes, Screenshots, Next-Agent Notes, and Additional Context.
Docstring Coverage ⚠️ Warning Docstring coverage is 1.21% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: requiring signed Mac-control runtime proof.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/v2136-mac-control-runtime-receipt

Comment @coderabbitai help to get the list of available commands.

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review

@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

evaOS review status: stale head

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: d8c86df0cf855854831a40003efd0ad6e9890878
Updated: 2026-07-14T23:28:43.398Z

evaOS review stopped because this queued head is no longer the live PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Details: Superseded by a newer PR head.

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review

@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

evaOS review status: stale head

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 009c6f480a0e04e25907e94da6e0862b46fe0fa4
Updated: 2026-07-14T23:30:47.267Z

evaOS review stopped because this queued head is no longer the live PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Details: live=efb53fef9054b72064ec86a61dda86bace496571

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review

@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

evaOS review status: completed

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: efb53fef9054b72064ec86a61dda86bace496571
Updated: 2026-07-14T23:40:11.089Z

evaOS review completed for this PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Review URL: #708 (review)

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e39c6dfab

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread resources/evaos-beta/bridge/src/evaos_desktop_bridge/qa_canary.py

@evaos-code-review-bot evaos-code-review-bot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Walkthrough

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: efb53fef9054b72064ec86a61dda86bace496571 into evaos/beta-rc-20260612. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).

Estimated review effort: 5/5 (~70 min)

Changed Files

File Status Churn Purpose Risk
.github/workflows/evaos-live-canary-proof.yml modified +9/-64 Changed file Moderate: validated P3 finding
.github/workflows/workbench-functional-smoke.yml modified +4/-0 Changed file Low
scripts/afterSign.js modified +1/-0 Changed file Low
scripts/create-mock-release-artifacts.sh modified +12/-1 Changed file Low
scripts/evaosBetaReleaseGate.js modified +124/-54 Changed file Moderate: validated P3 finding
scripts/evaosBrokerLiveCanary.js modified +216/-21 Changed file Elevated: large change
scripts/evaosInstalledAppProductProof.js modified +41/-0 Changed file Low
scripts/evaosScanMacControlProofs.js added +224/-0 Changed file Elevated: large change
scripts/prepareEvaosDesktopBridgeResource.js modified +61/-0 Changed file Low
tests/unit/common-adapter/evaosIpcBridge.dom.test.ts modified +61/-0 Test coverage Low
tests/unit/evaos/evaosBrokerLiveCanary.test.ts modified +172/-34 Test coverage Elevated: large change
tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts added +304/-0 Test coverage Elevated: large change
tests/unit/evaos/evaosInstalledAppProductProof.test.ts modified +24/-0 Test coverage Low
tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts modified +150/-2 Test coverage Low
tests/unit/evaos/evaosNativeCompanionStatus.test.ts modified +22/-0 Test coverage Low
tests/unit/process/evaosBetaReleaseGate.test.ts modified +194/-32 Test coverage Elevated: large change
tests/unit/process/prepareEvaosDesktopBridgeResource.test.ts modified +68/-3 Test coverage Low

Review Signal

Validated inline findings: 3 (P0: 0, P1: 0, P2: 0, P3: 3).
Dropped findings before posting: 0. High-severity findings: 0.

Risk Taxonomy

  • CI/build: 1
  • Release regression: 2

Validation and Proof

2 required validation/proof recommendation(s) selected from changed files.

  • required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
  • required: CI/release smoke proof - CI, release, launchd, or package metadata changed. Proof: green GitHub check; release-status; coverage-audit; rollback note.
    Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
    Profile validation hints: Do not ask for broad local suites when remote CI or fast-smoke proof is the right gate.
    Profile proof expectations: Look for focused app smoke, packaged resource checks, or CI artifact proof when relevant.

Related Context

Related issues/PRs: none detected from PR metadata.
Suggested labels: tests.
Suggested reviewers: none from current metadata.

Review Settings Preview

  • Profile: assertive
  • Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
  • Path instructions: apps/eva-desktop-mac/** - Check macOS identity, helper path, TCC identity, and packaged resource shape risk.
  • Path instructions: scripts/** - Treat release, packaging, and artifact-shape changes as high risk.
  • Label suggestions: workbench, macos, regression-hardening
  • Reviewer suggestions: none
  • Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
  • Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks

Pre-merge checklist

  • Inline comments target current RIGHT-side diff lines.
  • No secret-like content survived into posted inline comments.
  • REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
  • Required behavior proof is present or not applicable.
  • Labels and reviewers are suggestions only; the bot did not auto-apply them.

Comment thread scripts/evaosBetaReleaseGate.js Outdated
Comment thread .github/workflows/evaos-live-canary-proof.yml Outdated
Comment thread scripts/evaosBetaReleaseGate.js
@100yenadmin

Copy link
Copy Markdown
Owner Author

@codex review

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review

@100yenadmin

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 15, 2026

Copy link
Copy Markdown

evaOS review status: stale head

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 029476730d855e8e0826a5d7b3e6fdbcbe1e61a1
Updated: 2026-07-15T00:28:52.378Z

evaOS review stopped because this queued head is no longer the live PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Details: Superseded by a newer PR head.

@coderabbitai coderabbitai Bot added area:release Packaging, signing, updater, rollback evaos evaOS public beta R&D work kind:integration Integration implementation issue risk:security Security, auth, secrets, permission risk labels Jul 15, 2026
@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 15, 2026

Copy link
Copy Markdown

evaOS review status: completed

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 560f3e3e305f7f0ea9cb777daad4c45a24e33731
Updated: 2026-07-15T00:44:00.287Z

evaOS review completed for this PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Review URL: #708 (review)

@100yenadmin

Copy link
Copy Markdown
Owner Author

@codex review

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review exact head 0241ee8 after deployed Mac-control proof integration.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

@100yenadmin Triggering a review of the exact head commit 0241ee874095618c2195981692fda99ce8e4152a, scoped to release-blocking (P0–P2) findings.

Note: CodeRabbit's incremental review system only evaluates changes since the last reviewed commit. If all prior threads are already resolved/terminal and no substantive new diff exists beyond that SHA, there may be nothing new to surface — but the review will confirm this.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot removed bug Something isn't working public-beta Blocks or contributes to the public beta gate area:broker evaOS broker/session/auth integration labels Jul 15, 2026

@evaos-code-review-bot evaos-code-review-bot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Walkthrough

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 0241ee874095618c2195981692fda99ce8e4152a into evaos/beta-rc-20260612. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).

Estimated review effort: 5/5 (~70 min)

Changed Files

File Status Churn Purpose Risk
.github/workflows/evaos-live-canary-proof.yml modified +15/-66 Changed file Low
.github/workflows/pr-checks.yml modified +33/-0 Changed file Moderate: validated P3 finding
.github/workflows/release-distribute.yml modified +3/-0 Changed file Low
.github/workflows/workbench-functional-smoke.yml modified +4/-0 Changed file Low
.gitignore modified +1/-0 Changed file Low
CHANGELOG.md modified +21/-0 Documentation Low
scripts/afterSign.js modified +1/-0 Changed file Low
scripts/create-mock-release-artifacts.sh modified +12/-1 Changed file Low
scripts/evaosBetaReleaseGate.js modified +235/-61 Changed file Elevated: large change
scripts/evaosBrokerLiveCanary.js modified +483/-23 Changed file Elevated: large change
scripts/evaosInstalledAppProductProof.js modified +41/-0 Changed file Low
scripts/evaosLiveCanaryEnvInventory.js modified +29/-0 Changed file Low
scripts/evaosMacControlSignedProof.js added +246/-0 Changed file Elevated: large change
scripts/evaosScanMacControlProofs.js added +366/-0 Changed file Elevated: large change
scripts/evaosValidateLiveCanaryProofRun.sh modified +9/-0 Changed file Moderate: validated P3 finding
scripts/prepareEvaosDesktopBridgeResource.js modified +61/-0 Changed file Low
tests/unit/common-adapter/evaosIpcBridge.dom.test.ts modified +61/-0 Test coverage Low
tests/unit/evaos/evaosBrokerLiveCanary.test.ts modified +308/-59 Test coverage Elevated: large change
tests/unit/evaos/evaosDesktopBridgeControlSafetyP0.test.ts modified +142/-0 Test coverage Low
tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts added +423/-0 Test coverage Elevated: large change
tests/unit/evaos/evaosInstalledAppProductProof.test.ts modified +24/-0 Test coverage Low
tests/unit/evaos/evaosLiveCanaryEnvInventory.test.ts modified +10/-1 Test coverage Low
tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts modified +338/-6 Test coverage Elevated: large change
tests/unit/evaos/evaosNativeCompanionStatus.test.ts modified +22/-0 Test coverage Low
tests/unit/evaos/evaosQaCanaryLocalControl.test.ts modified +161/-1 Test coverage Low

3 additional changed files omitted from this walkthrough.

Review Signal

Validated inline findings: 2 (P0: 0, P1: 0, P2: 0, P3: 2).
Dropped findings before posting: 0. High-severity findings: 0.

Risk Taxonomy

  • API compatibility: 1
  • CI/build: 1

Validation and Proof

2 required validation/proof recommendation(s) selected from changed files.

  • required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
  • required: CI/release smoke proof - CI, release, launchd, or package metadata changed. Proof: green GitHub check; release-status; coverage-audit; rollback note.
    Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
    Profile validation hints: Do not ask for broad local suites when remote CI or fast-smoke proof is the right gate.
    Profile proof expectations: Look for focused app smoke, packaged resource checks, or CI artifact proof when relevant.

Related Context

Related issues/PRs: none detected from PR metadata.
Suggested labels: docs, tests.
Suggested reviewers: none from current metadata.

Review Settings Preview

  • Profile: assertive
  • Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
  • Path instructions: apps/eva-desktop-mac/** - Check macOS identity, helper path, TCC identity, and packaged resource shape risk.
  • Path instructions: scripts/** - Treat release, packaging, and artifact-shape changes as high risk.
  • Label suggestions: workbench, macos, regression-hardening
  • Reviewer suggestions: none
  • Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
  • Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks

Pre-merge checklist

  • Inline comments target current RIGHT-side diff lines.
  • No secret-like content survived into posted inline comments.
  • REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
  • Required behavior proof is present or not applicable.
  • Labels and reviewers are suggestions only; the bot did not auto-apply them.

Comment thread scripts/evaosValidateLiveCanaryProofRun.sh
Comment thread .github/workflows/pr-checks.yml
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

Reviewed commit: 0241ee8740

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py`:
- Around line 3321-3337: The normal customer connector plist path currently
invokes _connector_mac_control_canary_environment() unconditionally, so partial
ambient canary configuration can abort startup. Update _connector_plist_payload
and its callers, including _launchctl_start() → _ensure_connector_user_plist(),
to perform strict canary validation only when an explicit canary-mode marker is
enabled; otherwise omit the canary variables from the plist.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6f7a5eac-128b-474b-98c7-9071c3ec8674

📥 Commits

Reviewing files that changed from the base of the PR and between 4898df6 and 0241ee8.

⛔ Files ignored due to path filters (1)
  • resources/evaos-beta/bridge/agent-tools/openclaw-plugin/dist/src/runtimeReceipt.js is excluded by !**/dist/**
📒 Files selected for processing (12)
  • .github/workflows/evaos-live-canary-proof.yml
  • resources/evaos-beta/bridge/agent-tools/SOURCE.json
  • resources/evaos-beta/bridge/agent-tools/openclaw-plugin/src/runtimeReceipt.ts
  • resources/evaos-beta/bridge/agent-tools/openclaw-plugin/tests/runtimeReceipt.test.mjs
  • resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py
  • scripts/evaosBetaReleaseGate.js
  • scripts/evaosBrokerLiveCanary.js
  • scripts/evaosScanMacControlProofs.js
  • tests/unit/evaos/evaosBrokerLiveCanary.test.ts
  • tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts
  • tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts
  • tests/unit/process/evaosBetaReleaseGate.test.ts
📜 Review details
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{js,jsx,ts,tsx}: Name utility files using camelCase, such as formatDate.ts.
Prefix unused parameters with _.
Format code with Oxfmt using Prettier-compatible rules: inline single-element arrays that fit on one line, require trailing commas in multiline arrays and objects, and use single quotes for strings.

Files:

  • scripts/evaosScanMacControlProofs.js
  • tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts
  • scripts/evaosBetaReleaseGate.js
  • tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts
  • tests/unit/evaos/evaosBrokerLiveCanary.test.ts
  • tests/unit/process/evaosBetaReleaseGate.test.ts
  • resources/evaos-beta/bridge/agent-tools/openclaw-plugin/src/runtimeReceipt.ts
  • scripts/evaosBrokerLiveCanary.js
**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use strict TypeScript; do not use any and do not leave implicit returns.
Use the path aliases @/*, @process/*, and @renderer/*.
Prefer type over interface according to the Oxlint configuration.
Write code comments in English and use JSDoc for public functions.

Files:

  • tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts
  • tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts
  • tests/unit/evaos/evaosBrokerLiveCanary.test.ts
  • tests/unit/process/evaosBetaReleaseGate.test.ts
  • resources/evaos-beta/bridge/agent-tools/openclaw-plugin/src/runtimeReceipt.ts
**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Use Vitest 4 for tests and maintain at least 80% coverage.

Files:

  • tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts
  • tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts
  • tests/unit/evaos/evaosBrokerLiveCanary.test.ts
  • tests/unit/process/evaosBetaReleaseGate.test.ts
🪛 ast-grep (0.44.1)
scripts/evaosScanMacControlProofs.js

[warning] 299-299: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.readFileSync(proofPath, 'utf8')
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename)

tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts

[warning] 313-320: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(
path.join(proofDir, 'mac-control-session-cleanup.json'),
${JSON.stringify({ schema: 'evaos-mac-control-canary-session-cleanup/v1', sessionRevoked: false, sensitiveOutput: 'passed', })}\n
)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename-typescript)


[warning] 342-350: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(
path.join(proofDir, 'mac-control-session-cleanup.json'),
${JSON.stringify({ schema: 'evaos-mac-control-canary-session-cleanup/v1', sessionRevoked: false, sensitiveOutput: 'passed', connectorToken: 'opaque-token-value-123456', })}\n
)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename-typescript)


[warning] 361-368: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(
path.join(proofDir, 'mac-control-session-cleanup.json'),
${JSON.stringify({ schema: 'evaos-mac-control-canary-session-cleanup/v1', sessionRevoked: false, sensitiveOutput: 'failed', })}\n
)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename-typescript)


[warning] 396-403: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(
path.join(proofDir, 'mac-control-session-cleanup.json'),
${JSON.stringify({ schema: 'evaos-mac-control-canary-session-cleanup/v1', sessionRevoked: false, sensitiveOutput: 'passed', })}\n
)
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename-typescript)

tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts

[warning] Importing child_process exposes a command-execution surface; ensure any command/argument built from input is validated, and prefer execFile/spawn with an argument array over exec.
Context: import { execFileSync } from 'node:child_process';
Note: [CWE-78] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

(detect-child-process-typescript)

scripts/evaosBrokerLiveCanary.js

[warning] 1478-1478: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(descriptor, ${JSON.stringify(proof, null, 2)}\n, 'utf8')
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename)

🔇 Additional comments (15)
resources/evaos-beta/bridge/agent-tools/SOURCE.json (1)

1-34: LGTM!

tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts (2)

10-16: LGTM!

Also applies to: 37-110, 253-338, 340-410, 412-473


353-353: 🎯 Functional Correctness

Assertions match the scanner error text.

.github/workflows/evaos-live-canary-proof.yml (1)

111-115: LGTM!

Also applies to: 263-275, 298-298

scripts/evaosBetaReleaseGate.js (1)

3022-3025: LGTM!

Also applies to: 3274-3556, 3696-3716

resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py (1)

17-17: LGTM!

Also applies to: 3285-3298, 3350-3350

scripts/evaosBrokerLiveCanary.js (2)

3-22: LGTM!

Also applies to: 48-48, 171-235, 379-385, 553-558, 858-869, 902-990, 1159-1238, 1274-1388, 1449-1474, 1476-1484, 1508-1512


1240-1272: 🔒 Security & Privacy

No issue: deployed-staging is handled server-side

The runtime-receipt route branches on proofMode before any connector call and returns the negative-proof envelope with connectorActionAttempted: false from that path.

			> Likely an incorrect or invalid review comment.
scripts/evaosScanMacControlProofs.js (1)

15-45: LGTM!

Also applies to: 167-176, 211-215, 282-328, 330-358, 360-366

tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts (1)

9-83: LGTM!

tests/unit/evaos/evaosBrokerLiveCanary.test.ts (1)

39-104: LGTM!

Also applies to: 668-692, 723-738, 797-815, 933-991

tests/unit/process/evaosBetaReleaseGate.test.ts (1)

47-51: LGTM!

Also applies to: 842-954, 2699-2708

resources/evaos-beta/bridge/agent-tools/openclaw-plugin/tests/runtimeReceipt.test.mjs (1)

43-48: LGTM!

Also applies to: 685-784

resources/evaos-beta/bridge/agent-tools/openclaw-plugin/src/runtimeReceipt.ts (2)

279-420: LGTM!

Also applies to: 430-511, 1382-1393


513-576: 🩺 Stability & Availability

No expiry-boundary bug hereverifyAuthority() treats context.expires_at <= nowSeconds as expired, so passing authority.context.expires_at * 1000 still produces execution_context_expired at the boundary.

			> Likely an incorrect or invalid review comment.

Comment thread resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py
@100yenadmin

Copy link
Copy Markdown
Owner Author

Exact-head release blocker repair at 5b1308f: genuine Mac App Store Tailscale now uses the Apple Mac App Store signing OID while exact Tailscale TeamIdentifier, bundle identifier, approved path, and strict/deep verification remain required. Local genuine App Store proof changed codesign result from exit 3 to exit 0; 104 focused tests pass. The LaunchAgent signer settings are also now explicit-staging-only, with incomplete staging still fail-closed.

@100yenadmin

Copy link
Copy Markdown
Owner Author

@codex review exact head 5b1308f; report only release-relevant P0-P2 findings.

@100yenadmin

Copy link
Copy Markdown
Owner Author

@coderabbitai review exact head 5b1308f; prior actionable thread is fixed and resolved.

@100yenadmin

Copy link
Copy Markdown
Owner Author

@copilot review exact head 5b1308f after pristine-Mac Tailscale and staging-only LaunchAgent fixes.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

@100yenadmin Triggering a review of the exact head commit 5b1308fadc481f83116c54de2b9713ab2363bed2, scoped to release-blocking (P0–P2) findings, per your note that the prior actionable thread (Tailscale Apple Mac App Store signing OID / LaunchAgent staging-only fix) is fixed and resolved.

Note: CodeRabbit's incremental review only evaluates changes since the last reviewed commit. If no substantive new diff exists beyond confirming that fix, there may be nothing further to surface, but the review will confirm.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@evaos-code-review-bot

evaos-code-review-bot Bot commented Jul 15, 2026

Copy link
Copy Markdown

evaOS review status: completed

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 5b1308fadc481f83116c54de2b9713ab2363bed2
Updated: 2026-07-15T08:58:49.872Z

evaOS review completed for this PR head.

Automation note: agents should wait for this comment to reach completed, stale_head, closed_or_merged_before_review, skipped, or failed before treating evaOS review as settled for this head. provider_deferred means evaOS still intends to retry.

PR URL: #708

Review URL: #708 (review)

@evaos-code-review-bot evaos-code-review-bot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Walkthrough

PR: #708 - fix(evaos): require signed Mac-control runtime proof
Head: 5b1308fadc481f83116c54de2b9713ab2363bed2 into evaos/beta-rc-20260612. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).

Estimated review effort: 5/5 (~70 min)

Changed Files

File Status Churn Purpose Risk
.github/workflows/evaos-live-canary-proof.yml modified +15/-66 Changed file Moderate: validated P3 finding
.github/workflows/pr-checks.yml modified +33/-0 Changed file Low
.github/workflows/release-distribute.yml modified +3/-0 Changed file Low
.github/workflows/workbench-functional-smoke.yml modified +4/-0 Changed file Low
.gitignore modified +1/-0 Changed file Low
CHANGELOG.md modified +29/-0 Documentation Low
scripts/afterSign.js modified +1/-0 Changed file Low
scripts/create-mock-release-artifacts.sh modified +12/-1 Changed file Low
scripts/evaosBetaReleaseGate.js modified +235/-61 Changed file Elevated: large change
scripts/evaosBrokerLiveCanary.js modified +483/-23 Changed file Moderate: validated P2 finding
scripts/evaosInstalledAppProductProof.js modified +41/-0 Changed file Low
scripts/evaosLiveCanaryEnvInventory.js modified +29/-0 Changed file Low
scripts/evaosMacControlSignedProof.js added +246/-0 Changed file Moderate: validated P3 finding
scripts/evaosScanMacControlProofs.js added +366/-0 Changed file Elevated: large change
scripts/evaosValidateLiveCanaryProofRun.sh modified +9/-0 Changed file Low
scripts/prepareEvaosDesktopBridgeResource.js modified +61/-0 Changed file Low
tests/unit/common-adapter/evaosIpcBridge.dom.test.ts modified +61/-0 Test coverage Low
tests/unit/evaos/evaosBrokerLiveCanary.test.ts modified +308/-59 Test coverage Elevated: large change
tests/unit/evaos/evaosDesktopBridgeControlSafetyP0.test.ts modified +142/-0 Test coverage Low
tests/unit/evaos/evaosDesktopBridgeReceipt.test.ts added +438/-0 Test coverage Elevated: large change
tests/unit/evaos/evaosInstalledAppProductProof.test.ts modified +24/-0 Test coverage Low
tests/unit/evaos/evaosLiveCanaryEnvInventory.test.ts modified +10/-1 Test coverage Low
tests/unit/evaos/evaosLiveCanaryWorkflow.test.ts modified +338/-6 Test coverage Elevated: large change
tests/unit/evaos/evaosNativeCompanionStatus.test.ts modified +28/-1 Test coverage Low
tests/unit/evaos/evaosQaCanaryLocalControl.test.ts modified +161/-1 Test coverage Low

3 additional changed files omitted from this walkthrough.

Review Signal

Validated inline findings: 4 (P0: 0, P1: 0, P2: 2, P3: 2).
Dropped findings before posting: 0. High-severity findings: 0.

Risk Taxonomy

  • CI/build: 1
  • Runtime correctness: 1
  • Security boundary: 2

Validation and Proof

2 required validation/proof recommendation(s) selected from changed files.

  • required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
  • required: CI/release smoke proof - CI, release, launchd, or package metadata changed. Proof: green GitHub check; release-status; coverage-audit; rollback note.
    Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
    Profile validation hints: Do not ask for broad local suites when remote CI or fast-smoke proof is the right gate.
    Profile proof expectations: Look for focused app smoke, packaged resource checks, or CI artifact proof when relevant.

Related Context

Related issues/PRs: none detected from PR metadata.
Suggested labels: docs, tests.
Suggested reviewers: none from current metadata.

Review Settings Preview

  • Profile: assertive
  • Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
  • Path instructions: apps/eva-desktop-mac/** - Check macOS identity, helper path, TCC identity, and packaged resource shape risk.
  • Path instructions: scripts/** - Treat release, packaging, and artifact-shape changes as high risk.
  • Label suggestions: workbench, macos, regression-hardening
  • Reviewer suggestions: none
  • Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
  • Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks

Pre-merge checklist

  • Inline comments target current RIGHT-side diff lines.
  • No secret-like content survived into posted inline comments.
  • REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
  • Required behavior proof is present or not applicable.
  • Labels and reviewers are suggestions only; the bot did not auto-apply them.

Comment thread scripts/evaosBrokerLiveCanary.js
Comment thread scripts/evaosBrokerLiveCanary.js
Comment thread scripts/evaosMacControlSignedProof.js
Comment thread .github/workflows/evaos-live-canary-proof.yml
@100yenadmin 100yenadmin merged commit 5c86e8e into evaos/beta-rc-20260612 Jul 15, 2026
19 checks passed
@100yenadmin 100yenadmin deleted the codex/v2136-mac-control-runtime-receipt branch July 15, 2026 09:02

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5b1308fadc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread resources/evaos-beta/bridge/src/evaos_desktop_bridge/cli.py
@100yenadmin

Copy link
Copy Markdown
Owner Author

v2.1.36 superseding checkpoint and Mac Access handoff — 2026-07-15

Exact lineage

Connector contracts Mac Access must inherit

  • v2.1.36 ownership remains Workbench bundle identity com.evaos.workbench and the bundled Desktop Bridge. This checkpoint creates no standalone Mac Access identity or helper ownership.
  • Selected-binding authority is broker-selected and delivered through the ws-proxy callback. Connector and OpenClaw callers do not mint authority.
  • ws-proxy signs the execution context; OpenClaw and Desktop Bridge verify signature, context key, selected binding, freshness, and replay state.
  • The selected Mac connector signs the runtime receipt and public attestation.
  • Explicit staging mode is fail-closed: all four context and receipt signer settings must exist before plist creation or any launchctl mutation.
  • Production signer remains disabled and staging signer authority remains isolated.
  • Candidate binding includes the exact GUI commit, vendored bridge digest, app version and build, bundle identity, and active packaged connector process.
  • Runtime receipt remains gateway-authenticated, POST-only, exact-route and strict-body, expiry and replay checked, binding checked, and sanitized.
  • Installed-app local-control proof and signed proxy-runtime receipt proof are separate required gates.

Remaining dependencies and proof boundary

#699 and #707 refresh decision

#699 and #707 may safely refresh their contract analysis from f92d45f. That refresh does not grant Workbench ownership to Mac Access, does not freeze a standalone identity from this PR, and is not runtime or release proof.

No packages/mac-access, packages/mac-connector-core, com.evaos.mac-access identities, standalone pairing, helper ownership, or Workbench-as-client refactor were started here.

@100yenadmin

Copy link
Copy Markdown
Owner Author

Durable v2.1.36 checkpoint for the separate Mac Access lane

The canonical GUI checkpoint has advanced by a metadata-only supersession. Mac Access may refresh from the merge SHA below without inheriting any new helper identity, standalone pairing, or extraction work from this lane.

Exact lineage

PR #710 changes only five agent-tools provenance/version metadata files from 0.2.0 to 0.2.1. It does not change connector/runtime source, generated output, tool contracts, Workbench 2.1.36, bundle/helper identities, or any Mac Access surface.

Connector contracts Mac Access must inherit

  1. Local authority boundary: starting Mac control remains a visible local Workbench/customer action. Agent-facing surfaces may read status and may stop, activate the kill switch, or perform actions only inside an already customer-granted control session. Do not introduce remote or silent control start.
  2. Selected-binding readiness: preserve evaos.mac_control_runtime_readiness.v1. The launch and nested runtime status must agree on customer/runtime, required, tools_ready, active grant, exact normalized capability set, non-empty binding_id, binding_version, and future binding_expires_at. Mismatch, replay conflict, expiry, revoked grant, or missing capability fails closed. The launch target remains constrained to exactly one customer scope and one opaque session reference.
  3. Runtime-receipt route: preserve POST /api/v1/evaos/mac-control/runtime-receipt, signed evaos.mac_control_execution_context.v1, the 60-second bounded authority window, causal-time checks, one-use replay burn, selected customer/VM/binding binding, bounded connector request/response sizes and timeout, and private connector credentials that never enter public proof.
  4. Direct-control proof: the current canary executes a real connector action under the active control generation, requires an audit record, proves control state is unchanged, and returns signed evaos.mac_control.runtime_receipt_bundle.v2 plus public evaos.mac_control.public_runtime_attestation_envelope.v1. The public attestation proof kind remains selected_binding_direct_mac_control and is bound to exact source commit/digest and Workbench app version/build.
  5. Trust and cleanup: retain pinned Ed25519/OpenSSH verification, exact candidate identity, signed audit evidence, replay rejection, stop/kill-switch behavior, and fail-closed cleanup. Do not publish connector tokens, raw URLs, IPs, temp paths, or customer identifiers in proof artifacts.

Server/ws-proxy dependency

No ws-proxy source dependency remains unmerged. electricsheephq/evaos-ws-proxy#72 merged as 06cb5fdc933072a299119ba0bc69ccc475b9e9dd; the isolated staging image is built from that merge. Runtime proof against the final GUI checkpoint remains a release gate, not a source-merge blocker.

Review and proof state

  • PR chore(evaos): version agent tools for v2.1.36 #710 exact-head CI: green, including macOS build/install smoke, unit/coverage, release audit, and OpenClaw plugin contract.
  • Exact-head review: evaOS review complete, CodeRabbit settled, zero GitHub review threads, four independent adversarial lanes, zero surviving PR defects.
  • Still not proven for 0cf0c309...: immutable 0.2.1 tag, component-only staging rollout and signed doctor proof, exact-head selected-binding/direct-control canary and cleanup, signed/notarized installed-app proof, pristine-Mac onboarding, RC/live canaries, or public distribution.
  • Publication remains fail-closed. No customer-readiness claim is made.

The separate Mac Access lane may refresh from 0cf0c3092587ecbaa301cc9fbd18408ca8e0a664; this supersession changes provenance metadata only and does not alter the inherited runtime contracts above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:release Packaging, signing, updater, rollback evaos evaOS public beta R&D work kind:integration Integration implementation issue risk:security Security, auth, secrets, permission risk

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant