ops: Unity project persistence + save cadence (LFS + autosave cron + on-boundary save)#1617
ops: Unity project persistence + save cadence (LFS + autosave cron + on-boundary save)#1617100yenadmin wants to merge 2 commits into
Conversation
…osave cron, on-boundary save, off-box tarball) The 2026-07-16 audit found the GEX44 Unity project 242 files dirty / 15 days stale / remote empty — every scene/anim/shader change since #1433 lived only on the box disk. Fixed: Git LFS configured (binary asset classes + the worldos_actors bundle; build artifacts ignored), owner push credential installed, a commit-every-4h + push-daily autosave cron, and the on-boundary save rule folded into box claim-queue etiquette. Documents the ~7.4GB LFS payload → paid-data-pack owner decision, and the GitHub-independent off-box tarball as the disaster floor.
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 55 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughDocuments Unity project persistence for the GEX44 renderer box, including LFS, autosaves, boundary saves, and weekly backups. Updates bounded-operation guidance to require saving changed projects before claim release. Confidence: 99%. ChangesUnity project persistence
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
evaOS review status: stale headPR: #1617 - ops: Unity project persistence + save cadence (LFS + autosave cron + on-boundary save) evaOS review stopped because this queued head is no longer the live PR head. Automation note: agents should wait for this comment to reach PR URL: #1617 Details: live=2a058645b08efd5193ee535c603092abd7bc6590 |
…udget; no data-pack decision pending)
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/OPERATIONS.md`:
- Around line 136-141: Update the GEX44 Unity project description to identify it
as the only live/editable working copy or primary active source, rather than the
“ONLY copy.” Preserve the existing details about its contents, repository
separation, audit findings, and protection against regression.
- Around line 151-156: Update the Autosave cron documentation and the
corresponding claim-checklist sections to remove the guarantee that local
commits “always succeed.” Require verifying that the local commit completed
successfully before release, and explicitly define whether a failed best-effort
LFS push is logged/escalated while still permitting release or instead blocks
release; keep this policy consistent across all referenced sections.
- Around line 143-148: Update the OPERATIONS.md section describing Git LFS and
ignore safeguards to accurately reflect the repository’s actual .gitignore and
.gitattributes rules, removing unsupported claims about root-level Unity paths
and the extensionless worldos_actors bundle. Do not claim protections outside
the configured extensions/renderers/unity/** scope unless the corresponding
repository rules are added.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 6c541553-3336-4f4f-8fd3-ec9c3db53282
📒 Files selected for processing (1)
docs/OPERATIONS.md
📜 Review details
⏰ Context from checks skipped due to timeout. (6)
- GitHub Check: viewer-tests
- GitHub Check: test
- GitHub Check: Analyze (csharp)
- GitHub Check: Analyze (python)
- GitHub Check: test
- GitHub Check: viewer-tests
🧰 Additional context used
📓 Path-based instructions (2)
**/*
📄 CodeRabbit inference engine (AGENTS.md)
**/*: Treat/Users/lume/WorldOSas the canonical local Mac app/private-art checkout for WorldOS GUI and native-app testing.
Use/Volumes/LEXAR/Codexfor Codex artifacts, scratch files, screenshots, reports, and downloaded CI/VM artifacts.
Before install, build, or test commands, verifypwd; GUI/native app runs must use/Users/lume/WorldOSor an approved same-disk worktree configuration.
Use thecodex/prefix for new branches unless instructed otherwise.
Files:
docs/OPERATIONS.md
docs/OPERATIONS.md
📄 CodeRabbit inference engine (AGENTS.md)
Read
docs/OPERATIONS.mdfirst as the bootstrap document.
Files:
docs/OPERATIONS.md
🔇 Additional comments (3)
docs/OPERATIONS.md (3)
136-147: 🔒 Security & PrivacyDo not publish infrastructure and credential topology in general operations documentation.
This exposes the root SSH host, private repository, account name, and credential-file location. If
docs/OPERATIONS.mdis visible beyond trusted operators, it materially improves reconnaissance and secret-targeting. Move these details to a restricted runbook or replace them with approved secret/host aliases.Confidence: 97%.
162-166: LGTM!
157-160: 🩺 Stability & AvailabilityNo change needed for the save invocation.
sudo -u unityalready runs with Unity’s HOME on standard sudo defaults, so this does not create the credential-path failure described here.> Likely an incorrect or invalid review comment.
| The GEX44 Unity project (`/home/unity/worldos-unity` on `root@46.4.26.123`) is the ONLY copy of the | ||
| renderer's scenes, prefabs, shaders, camera rig, animator wiring, and the 10 purchased asset packs. | ||
| It is NOT the WorldOS git repo — it is its own repo (`100yenadmin/worldos-unity-2026-06-30_07-21-47`, | ||
| private). A 2026-07-16 audit found it **242 files dirty, last commit 15 days stale, remote empty** — | ||
| i.e. every scene/anim/shader change since #1433 lived only on the box's working disk. That is fixed; | ||
| do not let it regress. |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
Clarify “ONLY copy” to mean the only live/editable source.
The same section documents an off-box tarball copy later, so “ONLY copy” is literally contradictory and may confuse recovery decisions. Use wording such as “only live/editable working copy” or “primary active source.”
Confidence: 99%.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/OPERATIONS.md` around lines 136 - 141, Update the GEX44 Unity project
description to identify it as the only live/editable working copy or primary
active source, rather than the “ONLY copy.” Preserve the existing details about
its contents, repository separation, audit findings, and protection against
regression.
| **Git LFS is ON** (set up 2026-07-16). `.gitattributes` routes binary asset classes | ||
| (`*.fbx/.glb/.png/.tga/.psd/.exr/.wav/.dll/.unitypackage/…` + the extensionless | ||
| `Assets/StreamingAssets/worldos_actors` bundle) through LFS; `.gitignore` excludes build artifacts | ||
| (`Library*/`, `AssetBundles/`, `Logs/`, `Temp/`, `obj/`, `*.bak/`). The box has the owner's push | ||
| credential stored (`~unity/.git-credentials`, mode 600). **Never commit `Library/` or re-add the | ||
| `*.bak` dirs** — they were the bulk of the historical bloat. |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -eu
pwd
fd -H -t f '^\.gitattributes$|^\.gitignore$|worldos-unity-save\.sh$' .
rg -n -C3 'filter=lfs|StreamingAssets/worldos_actors|Library|AssetBundles|Logs|Temp|obj|\.bak' \
-g '.gitattributes' -g '.gitignore' .Repository: electricsheephq/WorldOS
Length of output: 4823
🏁 Script executed:
#!/bin/bash
set -eu
printf 'PWD=%s\n' "$(pwd)"
echo '--- .gitattributes (relevant lines) ---'
sed -n '1,120p' .gitattributes
echo '--- .gitignore (relevant lines) ---'
sed -n '1,160p' .gitignore
echo '--- worldos_actors / Library / AssetBundles / Temp / obj / bak references ---'
rg -n 'worldos_actors|Library\*|AssetBundles|Logs|Temp|obj|\.bak|git-credentials|~unity' .
echo '--- path match probe ---'
python3 - <<'PY'
from pathlib import PurePosixPath
patterns = [
"extensions/renderers/unity/**/*.fbx",
"extensions/renderers/unity/**/*.glb",
"extensions/renderers/unity/**/*.png",
"extensions/renderers/unity/**/*.tga",
"extensions/renderers/unity/**/*.psd",
"extensions/renderers/unity/**/*.exr",
"extensions/renderers/unity/**/*.wav",
"extensions/renderers/unity/**/*.dll",
"extensions/renderers/unity/**/*.unitypackage",
]
candidate = "Assets/StreamingAssets/worldos_actors"
print("candidate:", candidate)
for pat in patterns:
# very rough glob sanity: prefix/suffix only
print(pat, "=>", candidate.startswith("extensions/renderers/unity/"))
PYRepository: electricsheephq/WorldOS
Length of output: 50381
🏁 Script executed:
#!/bin/bash
set -eu
printf 'PWD=%s\n' "$(pwd)"
echo '--- .gitattributes (relevant lines) ---'
sed -n '1,120p' .gitattributes
echo '--- .gitignore (relevant lines) ---'
sed -n '1,160p' .gitignore
echo '--- worldos_actors / Library / AssetBundles / Temp / obj / bak references ---'
rg -n 'worldos_actors|Library\*|AssetBundles|Logs|Temp|obj|\.bak|git-credentials|~unity' .
echo '--- path match probe ---'
python3 - <<'PY'
from pathlib import PurePosixPath
patterns = [
"extensions/renderers/unity/**/*.fbx",
"extensions/renderers/unity/**/*.glb",
"extensions/renderers/unity/**/*.png",
"extensions/renderers/unity/**/*.tga",
"extensions/renderers/unity/**/*.psd",
"extensions/renderers/unity/**/*.exr",
"extensions/renderers/unity/**/*.wav",
"extensions/renderers/unity/**/*.dll",
"extensions/renderers/unity/**/*.unitypackage",
]
candidate = "Assets/StreamingAssets/worldos_actors"
print("candidate:", candidate)
for pat in patterns:
print(pat, "=>", candidate.startswith("extensions/renderers/unity/"))
PYRepository: electricsheephq/WorldOS
Length of output: 50381
🏁 Script executed:
#!/bin/bash
set -eu
echo '--- .gitignore ---'
cat -n .gitignore | sed -n '1,220p'
echo '--- repo paths ---'
rg -n 'worldos_actors|git-credentials|Library\*|AssetBundles|Logs|Temp|obj|\.bak' .gitattributes .gitignore docs/OPERATIONS.mdRepository: electricsheephq/WorldOS
Length of output: 7196
Fix the OPERATIONS.md LFS/ignore claim
docs/OPERATIONS.md:143-148 describes safeguards that are not present in the repo config: .gitignore does not exclude Library*/, AssetBundles/, Logs/, Temp/, obj/, or *.bak/, and .gitattributes only applies LFS rules under extensions/renderers/unity/**, not Assets/StreamingAssets/worldos_actors. That gap misleads operators into trusting protections that do not exist; either update the doc to match the actual rules or add the missing patterns. Confidence 91%.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/OPERATIONS.md` around lines 143 - 148, Update the OPERATIONS.md section
describing Git LFS and ignore safeguards to accurately reflect the repository’s
actual .gitignore and .gitattributes rules, removing unsupported claims about
root-level Unity paths and the extensionless worldos_actors bundle. Do not claim
protections outside the configured extensions/renderers/unity/** scope unless
the corresponding repository rules are added.
| - **Autosave cron (installed on the box, runs as `unity`):** commit-if-dirty every 4h | ||
| (`17 */4 * * *`), commit + best-effort LFS push daily (`12 3 * * *`), via | ||
| `/home/unity/worldos-unity-save.sh` → `~unity/worldos-autosave.log`. It skips a tree whose source | ||
| changed in the last 90s (never captures a mid-write Unity state). The LOCAL commit is the primary | ||
| save and always succeeds; the push is best-effort (starts working the moment LFS quota + creds are | ||
| green). This is the safety net — it is NOT a substitute for boundary saves. |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Define the release gate when the best-effort LFS push fails.
The policy says the push may fail because of quota while the claim checklist says to run --push and then release. Explicitly require verification that the local commit succeeded, then state whether a failed LFS push is logged/escalated but still permits release—or blocks release. Also avoid promising that local commits “always succeed”; disk-full, permission, hook, or process failures remain possible.
Confidence: 96%.
Also applies to: 168-172, 264-268
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/OPERATIONS.md` around lines 151 - 156, Update the Autosave cron
documentation and the corresponding claim-checklist sections to remove the
guarantee that local commits “always succeed.” Require verifying that the local
commit completed successfully before release, and explicitly define whether a
failed best-effort LFS push is logged/escalated while still permitting release
or instead blocks release; keep this policy consistent across all referenced
sections.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2b2475d1cb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| of box claim-queue etiquette (§ Box claim-queue). | ||
| - **Off-box backup (weekly, or before any risky box op — Mac/agent-initiated):** the box can't reach | ||
| LEXAR, so pull a working-tree tarball to the primary drive from the Mac: | ||
| `ssh …@box 'tar --exclude=worldos-unity/Library* --exclude=worldos-unity/.git --exclude=worldos-unity/AssetBundles -czf /home/unity/worldos-unity-backups/worktree-<date>.tgz worldos-unity'` |
There was a problem hiding this comment.
Fix the backup tar command to run from /home/unity
When agents follow the documented root@... box connection, this SSH command runs tar from the login user's home, but the Unity project is documented as /home/unity/worldos-unity. Because the archive operand is relative (worldos-unity) and the command neither cds nor uses tar -C /home/unity (confirmed via tar --help: -C, --directory=DIR changes directory), the weekly/risky-op backup will fail with a missing path or archive the wrong tree, leaving the advertised off-box disaster backup absent while LFS pushes are over quota.
Useful? React with 👍 / 👎.
|
|
||
| ## Unity project persistence — the box is the renderer's source of truth (owner-ratified 2026-07-16) | ||
|
|
||
| The GEX44 Unity project (`/home/unity/worldos-unity` on `root@46.4.26.123`) is the ONLY copy of the |
There was a problem hiding this comment.
Remove the tracked GEX44 SSH endpoint
This tracked operations doc now embeds the GEX44 root SSH endpoint even though the repo’s own box guidance keeps connection refs operator-only (AGENTS.md says GEX44 connection refs belong in ~/.openclaw/secrets/gex44.env, and WorldOS-GUI-RUNBOOK.md:367 says to never put the endpoint in tracked docs). For public or broadly shared repo copies, this exposes the host address and login user that the existing policy intentionally keeps out of source control; use the existing secret/env reference instead.
Useful? React with 👍 / 👎.
| **LFS quota reality:** the tracked binary payload is ~7.4 GB — over GitHub's 1 GiB free LFS tier, so | ||
| the daily push needs a paid LFS data pack on the `100yenadmin` account (~$5/mo per 50 GB, covers | ||
| storage + bandwidth) OR the payload trimmed. Until that's resolved the local commits + off-box |
There was a problem hiding this comment.
Correct the LFS billing/quota guidance
This guidance says the 7.4 GB payload is over a 1 GiB free tier and needs a paid 50 GB data pack, but current GitHub billing docs list Free/Pro/org accounts as including 10 GiB of LFS storage/bandwidth and state that prepaid data packs have been removed in favor of metered billing (https://docs.github.com/en/billing/concepts/product-billing/git-lfs). In the common Free/Pro/org account case this can make operators believe pushes are blocked and ask the owner to buy a product that no longer exists, instead of checking the actual account plan/budget.
Useful? React with 👍 / 👎.
evaOS review status: completedPR: #1617 - ops: Unity project persistence + save cadence (LFS + autosave cron + on-boundary save) evaOS review completed for this PR head. Automation note: agents should wait for this comment to reach PR URL: #1617 Review URL: #1617 (review) |
There was a problem hiding this comment.
Walkthrough
PR: #1617 - ops: Unity project persistence + save cadence (LFS + autosave cron + on-boundary save)
Head: 2a058645b08efd5193ee535c603092abd7bc6590 into main. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).
Estimated review effort: 1/5 (~10 min)
Changed Files
| File | Status | Churn | Purpose | Risk |
|---|
Review Signal
No validated inline findings.
Dropped findings before posting: 1. High-severity findings: 0.
Risk Taxonomy
No finding categories.
Validation and Proof
Documentation-only changed surface; runtime execution proof is not required by default.
- recommended: Docs/readme review - All reviewed files are documentation paths. Proof: PR description notes the docs intent.
- not_applicable: Unity editor or Play Mode smoke - WorldOS repo profile implies Unity runtime risk. Proof: Unity editor smoke; Play Mode log; scene/prefab screenshot or recording.
Proof status: not_applicable - No required behavior proof selected for this changed surface.
Profile validation hints: Prefer correctness, persistence, CI, release, and regression findings over style-only feedback.
Profile proof expectations: Look for Unity editor, play-mode, fixture, or focused smoke evidence when runtime behavior changes.
Related Context
Related issues/PRs: #1433.
Suggested labels: none.
Suggested reviewers: none from current metadata.
Review Settings Preview
- Profile: assertive
- Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
- Path instructions:
Assets/**- Prioritize scene, prefab, save-state, asset-reference, and gameplay regressions. - Path instructions:
ProjectSettings/**- Treat build, platform, input, graphics, and release behavior changes as high risk. - Label suggestions: unity, gameplay, regression-hardening
- Reviewer suggestions: none
- Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
- Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks
Pre-merge checklist
- Inline comments target current RIGHT-side diff lines.
- No secret-like content survived into posted inline comments.
- REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
- Required behavior proof is present or not applicable.
- Labels and reviewers are suggestions only; the bot did not auto-apply them.
Why
A 2026-07-16 audit (triggered by the owner's playtest report "you're also not saving unity
consistently ... the unity connected repo is missing all assets and the actual project") found the
GEX44 Unity project (
/home/unity/worldos-unity, the renderer's ONLY copy of scenes/prefabs/shaders/camera-rig/animator/purchased-packs) 242 files dirty, last commit 15 days stale (since
#1433), and its GitHub remote EMPTY — the initial push never happened (6 tracked files exceeded
GitHub's 100 MB limit;
.gitwas 11 GB of build-artifact bloat).Done on the box (this is infra, documented here)
.gitattributesroutes binary asset classes (*.fbx/.glb/.png/.tga/.psd/.exr/ .wav/.dll/.unitypackage/…+ the extensionlessAssets/StreamingAssets/worldos_actorsbundle)through LFS;
.gitignoreexcludesLibrary*/,AssetBundles/,Logs/,Temp/,obj/,*.bak/.The 15-day drift was committed as one clean checkpoint (4097 LFS objects;
.git11 GB → clean).~unity/.git-credentials, mode 600, the100yenadminaccount that owns the privateworldos-unity-*repo).worldos-unity-save.sh, runs asunity): commit-if-dirty every 4h, commit +best-effort LFS push daily; skips a tree modified in the last 90 s (never a mid-write Unity state).
Local commit is the primary save and always succeeds; push is best-effort.
This PR (docs)
Adds the Unity project persistence section to
docs/OPERATIONS.md(save cadence: autosave cronetiquette so box-users save before releasing.
Owner decision surfaced (not blocking this PR)
The tracked LFS payload is ~7.4 GB — over GitHub's 1 GiB free tier. The daily push needs a paid
LFS data pack on
100yenadmin(~$5/mo per 50 GB) or a trimmed payload. Until resolved, local commits