Skip to content

feat: consolidate to the public release tree#261

Merged
Yambr merged 4 commits into
mainfrom
release/public-tree
Jun 10, 2026
Merged

feat: consolidate to the public release tree#261
Yambr merged 4 commits into
mainfrom
release/public-tree

Conversation

@Yambr

@Yambr Yambr commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Replaces the tracked tree with the curated public-release content: the canonical architecture set (docs/architecture), frozen contracts, skills, computer-use-server, docs linters, and CI gates, with internal working notes and retired drafts removed.

The tree is byte-identical to the next/v1 release root (verified: zero-line diff), which is green across all CI workflows (docs-lint, contracts-lint, security).

Recommended merge method: squash — main's tip then carries this tree as a single release commit.

🤖 Generated with Claude Code

@Yambr @claude
feat: consolidate to the public release tree
ecbd751 
Replaces the tracked tree with the curated public-release content: the
canonical architecture set (docs/architecture), frozen contracts, skills,
computer-use-server, docs linters, and CI gates, with internal working
notes and retired drafts removed.

The tree is byte-identical to the next/v1 release root, which is green
across all CI workflows (docs-lint, contracts-lint, security).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Too many files!

This PR contains 289 files, which is 139 over the limit of 150.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: a83e21a1-21e7-4f16-bdc5-f8e4ad3b6312

📥 Commits

Reviewing files that changed from the base of the PR and between 23ffdc9 and 9f29957.

📒 Files selected for processing (289)
  • .coderabbit.yaml
  • .githooks/pre-commit
  • .github/CODEOWNERS
  • .github/ISSUE_TEMPLATE/adr-proposal.md
  • .github/ISSUE_TEMPLATE/bug-report.md
  • .github/ISSUE_TEMPLATE/component-proposal.md
  • .github/ISSUE_TEMPLATE/config.yml
  • .github/ISSUE_TEMPLATE/dependency-proposal.md
  • .github/ISSUE_TEMPLATE/nfr-proposal.md
  • .github/SECURITY.md
  • .github/security-exceptions.yml
  • .github/workflows/build.yml
  • .github/workflows/contracts-lint.yml
  • .github/workflows/docs-lint.yml
  • .github/workflows/helm.yml
  • .github/workflows/release-chart.yml
  • .github/workflows/security.yml
  • .github/workflows/supply-chain.yml
  • .gitignore
  • .gitleaks.toml
  • .markdownlint.yaml
  • .semgrepignore
  • .vale.ini
  • .vale/styles/Architecture/ap13-data-class-substrate.yml
  • .vale/styles/Architecture/banned-phrases.yml
  • .vale/styles/Architecture/banned-vocab.yml
  • .vale/styles/Architecture/marketing-tone.yml
  • CHANGELOG.md
  • CLAUDE.md
  • CONTRIBUTING.md
  • Dockerfile
  • LICENSE
  • NOTICE
  • README.md
  • SECURITY.md
  • THIRD-PARTY-LICENSES.md
  • computer-use-server/Dockerfile
  • computer-use-server/app.py
  • computer-use-server/cli-defaults/README.md
  • computer-use-server/cli-defaults/codex.json
  • computer-use-server/cli-defaults/opencode.json
  • computer-use-server/cli_adapters/__init__.py
  • computer-use-server/cli_adapters/claude.py
  • computer-use-server/cli_adapters/codex.py
  • computer-use-server/cli_adapters/opencode.py
  • computer-use-server/cli_adapters/result.py
  • computer-use-server/cli_runtime.py
  • computer-use-server/context_vars.py
  • computer-use-server/docker_manager.py
  • computer-use-server/docs_html.py
  • computer-use-server/mcp_resources.py
  • computer-use-server/mcp_tools.py
  • computer-use-server/security.py
  • computer-use-server/skill_manager.py
  • computer-use-server/static/browser-viewer.js
  • computer-use-server/static/docs.html
  • computer-use-server/static/icons.js
  • computer-use-server/static/locale.js
  • computer-use-server/static/preview.js
  • computer-use-server/system_prompt.py
  • computer-use-server/uploads.py
  • contracts/README.md
  • contracts/audit/audit-fanin.asyncapi.yaml
  • contracts/exec/exec-channel.schema.json
  • contracts/mcp/2025-06-18/ocu-constraints.schema.json
  • contracts/storage/file-artifact-api.schema.json
  • contracts/storage/file-ops.schema.json
  • contracts/storage/mount-config.schema.json
  • cron/cleanup-quick.sh
  • cron/cleanup.sh
  • docker-compose.test.yml
  • docker-compose.webui.yml
  • docker-compose.yml
  • docs/architecture/02-trust-boundaries.md
  • docs/architecture/03-c4-context.md
  • docs/architecture/04-bounded-contexts.md
  • docs/architecture/05-c4-container.md
  • docs/architecture/06-threat-model.md
  • docs/architecture/08-contracts.md
  • docs/architecture/MANIFESTO.md
  • docs/architecture/PROCESS.md
  • docs/architecture/README.md
  • docs/architecture/adr/0000-template.md
  • docs/architecture/adr/0001-layer-0-gate-legacy-exclusion.md
  • docs/architecture/adr/0002-session-view-descriptor.md
  • docs/architecture/adr/0003-sandbox-runtime-tier-ladder.md
  • docs/architecture/adr/0004-operator-authentication-substrate.md
  • docs/architecture/adr/0005-egress-credential-delivery-envoy-sds.md
  • docs/architecture/adr/0006-egress-forward-proxy-substrate.md
  • docs/architecture/adr/0007-egress-auth-mechanism.md
  • docs/architecture/adr/0008-session-egress-attribution.md
  • docs/architecture/adr/0009-audit-pipeline-pluggable-by-contract.md
  • docs/architecture/adr/0010-storage-backend-pluggable-adapter.md
  • docs/architecture/adr/0011-storage-egress-lane.md
  • docs/architecture/adr/0012-implementation-language.md
  • docs/architecture/adr/README.md
  • docs/architecture/compliance/.gitkeep
  • docs/architecture/components/00-overview.md
  • docs/architecture/components/0000-template.md
  • docs/architecture/components/01-mcp-gateway.md
  • docs/architecture/components/02-control-operator-api.md
  • docs/architecture/components/04-storage-broker.md
  • docs/architecture/components/05-session-sandbox.md
  • docs/architecture/components/06-egress-trust-edge.md
  • docs/architecture/components/07-audit-pipeline.md
  • docs/architecture/diagrams/.gitkeep
  • docs/architecture/diagrams/02-trust-boundaries.mmd
  • docs/architecture/diagrams/06-threat-model.mmd
  • docs/architecture/diagrams/08-contracts.mmd
  • docs/architecture/diagrams/c4-container.mmd
  • docs/architecture/diagrams/c4-context.mmd
  • docs/architecture/glossary.md
  • docs/architecture/manifesto/.gitkeep
  • docs/architecture/manifesto/01-audience-and-buyer.md
  • docs/architecture/manifesto/02-nfrs.md
  • docs/architecture/manifesto/03-non-negotiables.md
  • docs/architecture/manifesto/04-non-goals.md
  • docs/architecture/manifesto/05-licensing-posture.md
  • docs/architecture/manifesto/06-starter-mode-policy.md
  • docs/architecture/manifesto/07-governance.md
  • docs/architecture/primitives-backlog.md
  • docs/claude-code-gateway.md
  • docs/cli-config-templates.md
  • docs/future-architecture/README.md
  • docs/future-architecture/adr/0001-control-plane-language-go.md
  • docs/future-architecture/adr/0002-guest-agent-language-go.md
  • docs/future-architecture/adr/0003-docker-poc-first-then-k8s.md
  • docs/future-architecture/adr/0004-pluggable-runtime-via-runtimeclass.md
  • docs/future-architecture/adr/0005-mcp-as-control-plane-gateway.md
  • docs/future-architecture/adr/0006-no-agpl-no-bsl-dependencies.md
  • docs/future-architecture/adr/0007-superseded-by-future-architecture.md
  • docs/future-architecture/adr/0008-internal-grpc-external-rest-mcp.md
  • docs/future-architecture/adr/0009-external-protocol-dialects.md
  • docs/future-architecture/adr/0010-lambda-as-inspiration-not-runtime.md
  • docs/future-architecture/adr/0011-kata-as-first-class-dind-runtime.md
  • docs/future-architecture/antipatterns.md
  • docs/future-architecture/architecture/01-layers.md
  • docs/future-architecture/architecture/02-layer4-control-plane.md
  • docs/future-architecture/architecture/03-layer3-providers.md
  • docs/future-architecture/architecture/04-layer2-runtimes.md
  • docs/future-architecture/architecture/04b-credential-broker.md
  • docs/future-architecture/architecture/05-layer1-guest-agent.md
  • docs/future-architecture/architecture/06-storage.md
  • docs/future-architecture/architecture/07-security.md
  • docs/future-architecture/architecture/08-networking.md
  • docs/future-architecture/architecture/09-templates.md
  • docs/future-architecture/architecture/10-observability.md
  • docs/future-architecture/design-notes.md
  • docs/future-architecture/gaps.md
  • docs/future-architecture/phase-template.md
  • docs/future-architecture/references.md
  • docs/future-architecture/research/01-kata-containers.md
  • docs/future-architecture/research/02-e2b-infra.md
  • docs/future-architecture/research/03-coder.md
  • docs/future-architecture/research/04-cloud-hypervisor.md
  • docs/future-architecture/research/05-firecracker.md
  • docs/future-architecture/research/06-agent-sandbox.md
  • docs/future-architecture/research/07-chromedp.md
  • docs/future-architecture/research/08-microsandbox.md
  • docs/future-architecture/research/09-agentbox.md
  • docs/future-architecture/research/10-sysbox.md
  • docs/future-architecture/research/11-firecracker-containerd.md
  • docs/future-architecture/research/12-docker-socket-proxy.md
  • docs/future-architecture/research/13-anthropic-sandbox-runtime.md
  • docs/future-architecture/research/14-e2b-desktop-and-surf.md
  • docs/future-architecture/research/15-claude-code-reverse-engineering.md
  • docs/future-architecture/research/16-anthropic-production-sandbox-observed.md
  • docs/future-architecture/research/17-anthropic-claude-code-remote-env-observed.md
  • docs/future-architecture/research/18-open-webui-terminals-observed.md
  • docs/future-architecture/research/19-anthropic-process-api.md
  • docs/future-architecture/research/20-snapstart-hot-swap.md
  • docs/future-architecture/research/21-environment-runner-go.md
  • docs/future-architecture/research/22-anthropic-firecracker-microvm-internals-observed.md
  • docs/future-architecture/research/23-anthropic-microvm-execution-network-secrets-observed.md
  • docs/future-architecture/research/advisor-fsl-internal-use.md
  • docs/future-architecture/research/bank-buyer.md
  • docs/future-architecture/research/enthusiast-audience.md
  • docs/future-architecture/research/proof-uipath-anthropic-2026-05.md
  • docs/future-architecture/research/widemoat-thesis-advisor.md
  • docs/future-architecture/roadmap.md
  • docs/kata-runtime.md
  • docs/multi-cli.md
  • docs/roadmap/implementation-roadmap.md
  • examples/helm/standalone/values.yaml
  • examples/helm/with-open-webui/values-computer-use.yaml
  • examples/helm/with-open-webui/values-open-webui.yaml
  • helm/computer-use-server/Chart.yaml
  • helm/computer-use-server/README.md
  • helm/computer-use-server/templates/NOTES.txt
  • helm/computer-use-server/templates/_helpers.tpl
  • helm/computer-use-server/templates/configmap-dind-init.yaml
  • helm/computer-use-server/templates/configmap.yaml
  • helm/computer-use-server/templates/deployment.yaml
  • helm/computer-use-server/templates/ingress.yaml
  • helm/computer-use-server/templates/networkpolicy.yaml
  • helm/computer-use-server/templates/pdb.yaml
  • helm/computer-use-server/templates/pvc-data.yaml
  • helm/computer-use-server/templates/pvc-skills-cache.yaml
  • helm/computer-use-server/templates/pvc-user-data.yaml
  • helm/computer-use-server/templates/pvc-var-lib-docker.yaml
  • helm/computer-use-server/templates/secret.yaml
  • helm/computer-use-server/templates/service.yaml
  • helm/computer-use-server/templates/serviceaccount.yaml
  • helm/computer-use-server/templates/tests/test-health.yaml
  • helm/computer-use-server/values.schema.json
  • helm/computer-use-server/values.yaml
  • lychee.toml
  • openwebui/Dockerfile
  • openwebui/functions/computer_link_filter.py
  • openwebui/init.sh
  • openwebui/patches/fix_artifacts_auto_show.py
  • openwebui/patches/fix_attached_files_position.py
  • openwebui/patches/fix_large_tool_args.py
  • openwebui/patches/fix_large_tool_results.py
  • openwebui/patches/fix_preview_url_detection.py
  • openwebui/patches/fix_skip_embedding_chat_files.py
  • openwebui/patches/fix_skip_rag_files_native_fc.py
  • openwebui/patches/fix_tool_loop_errors.py
  • openwebui/tools/computer_use_tools.py
  • package.json
  • scripts/check-config.sh
  • scripts/docs-lint/ai-slop-detector.sh
  • scripts/docs-lint/architecture-tree-whitelist.sh
  • scripts/docs-lint/ascii-diagram-detector.sh
  • scripts/docs-lint/front-matter-validator.sh
  • scripts/docs-lint/gitignored-ref-detector.sh
  • scripts/docs-lint/test-linters.sh
  • scripts/docs-lint/wc-budget.sh
  • settings-wrapper/Dockerfile
  • settings-wrapper/app.py
  • tests/integration/conftest.py
  • tests/integration/test_mcp_auth.py
  • tests/integration/test_mcp_tools.py
  • tests/integration/test_workspace_lifecycle.py
  • tests/orchestrator/mock_llm_server.py
  • tests/orchestrator/test_cli_adapters.py
  • tests/orchestrator/test_cli_adapters_live.py
  • tests/orchestrator/test_cli_runtime.py
  • tests/orchestrator/test_docker_manager.py
  • tests/orchestrator/test_dynamic_instructions.py
  • tests/orchestrator/test_mcp_resources.py
  • tests/orchestrator/test_mcp_tools.py
  • tests/orchestrator/test_passthrough_isolation.py
  • tests/orchestrator/test_readme_in_container.py
  • tests/orchestrator/test_render_cache.py
  • tests/orchestrator/test_runtime_cli_endpoint.py
  • tests/orchestrator/test_single_user_mode.py
  • tests/orchestrator/test_startup_warnings.py
  • tests/orchestrator/test_sub_agent_dispatch.py
  • tests/orchestrator/test_subagent_claude_compat.py
  • tests/orchestrator/test_system_prompt_endpoint.py
  • tests/orchestrator/test_tool_descriptions.py
  • tests/orchestrator/test_view_image.py
  • tests/patches/conftest.py
  • tests/patches/fixtures/__init__.py
  • tests/patches/fixtures/middleware_v0.9.6.py
  • tests/patches/fixtures/retrieval_v0.9.6.py
  • tests/patches/test_fix_attached_files_position.py
  • tests/patches/test_fix_large_tool_args.py
  • tests/patches/test_fix_large_tool_results.py
  • tests/patches/test_fix_skip_embedding_chat_files.py
  • tests/patches/test_fix_skip_rag_files_native_fc.py
  • tests/patches/test_fix_tool_loop_errors.py
  • tests/security/test_path_traversal_app.py
  • tests/security/test_path_traversal_docker.py
  • tests/security/test_path_traversal_settings.py
  • tests/security/test_safe_path_util.py
  • tests/security/test_xss_preview.py
  • tests/test-default-model-resolution.py
  • tests/test-docker-image.sh
  • tests/test-list-subagent-models.sh
  • tests/test-mcp-endpoint-live.sh
  • tests/test-mcp-native-surface.sh
  • tests/test-no-cyrillic.sh
  • tests/test-opencode-error-mapping.py
  • tests/test-pr88-skills.sh
  • tests/test-project-structure.sh
  • tests/test-single-user-mode.sh
  • tests/test-skill-no-hardcoded-models.sh
  • tests/test-subagent-cli-surface.py
  • tests/test-subagent-runtime.sh
  • tests/test_codex_toml_converter.py
  • tests/test_default_resolver_no_legacy_global.py
  • tests/test_filter.py
  • tests/test_init_sh_unchanged.sh
  • tests/test_opencode_alias_map_drop.py
  • tests/test_requirements.py
  • tests/test_subagent_docstring.py
  • tests/test_tools.py

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch release/public-tree

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Yambr and others added 3 commits June 10, 2026 17:31
@Yambr @claude
fix(ci): decode the base-ref gitleaks config robustly
12e9e06 
The contents API returns base64 with embedded newlines; strip them
before decoding, or the PR-mode config fetch fails on Linux runners.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Yambr @claude
fix(ci): treat a missing base-ref gitleaks config as absent
ecded7e 
gh api prints the 404 error JSON to stdout and exits non-zero when the
base ref has no .gitleaks.toml; reset content to empty in that case so
the useDefault stub is written instead of base64-decoding the error.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Yambr @claude
fix(ci): bootstrap the gitleaks config when the base ref has none
9f29957 
The base-ref-wins rule exists so a PR cannot weaken an existing config;
when the base ref has no .gitleaks.toml at all (it is introduced by the
change under review), fall back to the tree's own config instead of bare
defaults, which false-positive on vendored minified bundles.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Yambr Yambr merged commit a9588d8 into main Jun 10, 2026
35 of 37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Yambr