feat(deps): file-based secure-exec deps with transient publish-time version swap#1587
Closed
NathanFlurry wants to merge 1 commit into
Closed
feat(deps): file-based secure-exec deps with transient publish-time version swap#1587NathanFlurry wants to merge 1 commit into
NathanFlurry wants to merge 1 commit into
Conversation
40a6e80 to
8cfd617
Compare
|
🚅 Deployed to the agentos-pr-1587 environment in agentos
🚅 Environment agentos-pr-1587 in rivet-frontend has no services deployed. |
8cfd617 to
c2227c7
Compare
c2227c7 to
2c5dec1
Compare
…-time version swap
2c5dec1 to
99c30bd
Compare
Member
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@secure-exec/*npm dep islink:../secure-exec/..., everysecure-exec-*crate a path dep, and every@agentos-software/*registry package alink:into../secure-exec/registry/{software,agent}/*— local development needs no mode flippingsecure-exec.refpins the secure-exec sha;just secure-exec-bump [sha]advances it, and CI materializes + builds the sibling at that sha (prepare-build, cached per sha)verify-file-deps(plus the invertedcheck-no-escaping-local-deps, which now sanctions exactly the../secure-execescape) rejects any branch that commits published-version pinssecure-exec-dep.mjs release-swap: previews auto-cut (or reuse) a secure-exec preview at the committed ref (agentos-dep-<sha7>branch/dist-tag, needs theSECURE_EXEC_DISPATCH_TOKENsecret); releases require--secure-exec-version <v>to be a real secure-exec release verified on npm AND crates.iosecure-exec-*recipes manage the runtime track, newagentos-pkgs-local/pinned/status/set-version/updaterecipes manage the per-package-versioned registry trackPairs with rivet-dev/secure-exec#222 (which also makes secure-exec previews publish the registry packages under the branch dist-tag).