chore: promote staging to staging-promote/9ea65a5c-24606711930 (2026-04-18 14:49 UTC)

[ironclaw-ci]

Auto-promotion from staging CI

Batch range: a53eac5c2dec6b6cd5c08189086093fde64aa9cb..695e6fa13e289a78ab41515e6ce698a5503c7202
Promotion branch: staging-promote/695e6fa1-24607103256
Base: staging-promote/9ea65a5c-24606711930
Triggered by: Staging CI batch at 2026-04-18 14:49 UTC

Commits in this batch (117):

• 7be3b91 [codex] Label migration PRs with DB MIGRATION ([codex] Label migration PRs with DB MIGRATION #1967)
• 6f7575d Fix Telegram UTF-16 message splitting (Fix Telegram UTF-16 message splitting #1961)
• f0db0a3 chore: bump registry versions for github tool, whatsapp and telegram channels
• 92388b7 revert: undo 2 main-only commits to unblock staging-promote merge (revert: undo 2 main-only commits to unblock staging-promote merge #2297)
• fda3767 chore: release (chore: release #2075)
• be6de43 fix(ci): unblock v0.25.0 release — fix tag filter and publish config (fix(ci): unblock v0.25.0 release — fix tag filter and publish config #2306)
• 72829db chore: update WASM artifact SHA256 checksums [skip ci] (chore: update WASM artifact checksums and version-pinned URLs #2308)
• a7401ec fix(gateway): scope chat approvals to the active thread (fix(gateway): scope chat approvals to the active thread #2267)
• 4032f6d Fix paired Telegram owner scope routine visibility (Fix paired Telegram owner scope routine visibility #2258)
• 7d66d83 fix(engine): always append ActionResult for every tool call (fix(engine): always append ActionResult for every tool call #2322)
• 764e586 feat(engine): LLM council via per-call model override in CodeAct (feat(engine): LLM council via per-call model override in CodeAct #2320)
• 70862ed feat(config): default CLI_MODE to TUI instead of REPL (feat(config): default CLI_MODE to TUI #2329)
• 207c4d4 ci: build docker image in release process (ci: build docker image in release process #2321)
• cd9b60c fix: re-apply Telegram UTF-16 splitting and DB MIGRATION label (fix: re-apply Telegram UTF-16 splitting and DB MIGRATION label #2304)
• 88b87c0 feat: user-facing temperature setting (feat: user-facing temperature setting #2275)
• fdb0a13 chore: sync staging and main (chore: sync staging and main #2337)
• 3cb77fe fix: resolve cargo-deny failures (wildcard deps + rand advisory) (fix: resolve cargo-deny failures (wildcard deps + rand advisory) #2370)
• ed2d6dc fix web chat refresh active thread ([codex] Fix web chat refresh active thread #2330)
• 66ccafb chore(engine): update monty to v0.0.11 (chore(engine): update monty to v0.0.11 #2364)
• 4529f00 fix(engine): track consecutive action errors in orchestrator Tier 0 path (Orchestrator: add action error counting to Python execution loop #2325) (fix(engine): track consecutive action errors in orchestrator (#2325) #2340)
• 50fc280 fix(agent): detect and escalate repeated identical failing tool calls (Agent retries same failing tool call up to 50 times with no duplicate detection #2240) (fix(agent): detect and escalate repeated identical failing tool calls #2338)
• 3f6149c feat(cli): add ironclaw profile list subcommand (feat(cli): add ironclaw profile list subcommand #2288)
• 625cd85 Suppress LLM_BACKEND warning when config.toml and .env values match (Suppress LLM_BACKEND warning when config.toml and .env values match #2388)
• a9cea6c fix(ci): skip NearAI URL DNS validation for non-NearAI backends (fix(ci): skip NearAI URL DNS validation for non-NearAI backends #2080)
• 160a75e fix(llm): image detail field + /v1 base URL normalization (fix(llm): image detail field + /v1 base URL normalization #2380)
• 4dbb44c fix(docker): make runtime-staging the default Docker target for Railway (fix(docker): make runtime-staging the default Docker target for Railway #2244)
• 532fc61 feat: admin management panel — web UI for users and usage monitoring (feat: admin management panel — web UI for users and usage monitoring #1963)
• 16b7b06 feat(web): add ironclaw docs link (feat(web): add ironclaw docs link #2398)
• ba81044 fix(mcp): Install NEAR AI MCP server from environment config (fix(mcp): Install NEAR AI MCP server from environment config #2181)
• 57d7b54 Fix Feishu webhook auth refresh and extension card overflow (fix: Feishu webhook auth refresh and extension card overflow #2443)
• 7425dc0 fix(security): harden approval thread safety (TOCTOU + error handling) (fix(security): harden approval thread safety (TOCTOU + error handling) #2366)
• 86a9d0b fix: image generation with nearai models (fix: image generation with nearai models #1819)
• 46ff740 docs(setup): warn that Telegram open mode splits history (docs(setup): warn that Telegram open mode splits history #2427)
• aea2e87 fix(ux): actionable auth errors and improved CLI help for new users (should make it easy to use #1852) (fix(ux): actionable auth errors and improved CLI help for new users (#1852) #2315)
• ab1f279 fix: more strict check for registry to avoid false positives (fix: more strict check for registry to avoid false positives #2222)
• 019c048 refactor(llm): promote decorator chain settings from NearAiConfig to top-level LlmConfig (refactor(llm): promote decorator chain settings from NearAiConfig to top-level LlmConfig #1749)
• b6f5da8 perf(tunnel): reuse HTTP client in CustomTunnel health checks (perf(tunnel): reuse HTTP client in CustomTunnel health checks #1201)
• fe2b134 fix(engine): guard consecutive-error checks against None limit (fix(engine): guard consecutive-error checks against None limit #2460)
• 37669e6 fix(web): prevent browser crash from timer leaks, DOM growth, SSE buffer ([QA] Pages Unresponsive dialog and black screen crashes #2406) (fix(web): prevent browser crash from timer leaks, DOM growth, SSE buffer (#2406) #2441)
• 1041094 style: fix cargo fmt line wrapping in thread_ops.rs (style: fix cargo fmt in thread_ops.rs #2451)
• 0a9d816 fix(responses-api): thread creation, GET by ID, streaming delta, context injection (fix(responses-api): thread creation, GET by ID, streaming delta, context injection #2167)
• 1fa73a4 docs: add Responses API section to USER_MANAGEMENT_API (docs: add Responses API reference #2440)
• 5140279 docs: guide how to host ironclaw on google cloud (docs: add google tutorial #2262)
• d85c11d fix(telegram): route WASM owner_id fallback (fix(telegram): route WASM owner_id fallback #2349)
• 28c6a15 fix(ci): exclude test files from PR size classification (fix(ci): exclude test files from PR size classification #2387)
• d63601e fix(security): gate test URL rewriters behind #[cfg(test)] (fixes SECURITY: Remove env-var-controlled API URL rewriters from production WASM channel wrapper (Telegram & Slack) #2056) (fix(security): gate test URL rewriters behind #[cfg(test)] (fixes #2056) #2401)
• 82d341d fix(sandbox): try Docker socket before CLI binary check (fix(sandbox): try Docker socket before CLI binary check #2467)
• 2dc78b2 feat(db): add per-user CachedSettingsStore decorator (feat(db): add per-user CachedSettingsStore decorator #2425)
• 8973d1b fix: use gateway owner_id for relay OAuth nonce storage (fix: use gateway owner_id for relay OAuth nonce storage #2473)
• 16a0731 test(e2e): add Playwright persistence happy-path test (test(e2e): add Playwright persistence happy-path test #2475)
• ... and 67 more (see compare view)

Current commits in this promotion (1)

Current base: staging-promote/9ea65a5c-24606711930
Current head: staging-promote/695e6fa1-24607103256
Current range: origin/staging-promote/9ea65a5c-24606711930..origin/staging-promote/695e6fa1-24607103256

• 695e6fa refactor(gateway): extract OAuth / relay callbacks into features/oauth/ — ironclaw#2599 stage 4a (refactor(gateway): extract OAuth / relay callbacks into features/oauth/ — ironclaw#2599 stage 4a #2645)

Auto-updated by staging promotion metadata workflow

Waiting for gates:

• Tests: pending
• E2E: pending
• Claude Code review: pending (will post comments on this PR)

---

Auto-created by staging-ci workflow

[claude]

Code review

Found 4 issues:

1. [HIGH:75] Off-by-one in Slack team_id length validation. Comment states "max 20 chars" but code allows 21 characters. The check should be <= 20, not <= 21.

https://github.com/anthropics/ironclaw/blob/695e6fa13e289a78ab41515e6ce698a5503c7202/src/channels/web/features/oauth/mod.rs#L611-L616

let team_id = params.get("team_id").cloned().unwrap_or_default();
if !team_id.is_empty() {
    let valid_team_id = team_id.len() <= 21  // Should be <= 20

2. [MEDIUM:75] Back-edge dependency on server.rs violates platform-vs-features layering. Per src/channels/web/CLAUDE.md (lines 33-38), feature modules must depend only on platform/ submodules, but line 35 imports clear_auth_mode from server.rs. This should either be moved to platform/ as a platform-level service or refactored locally in the oauth feature.

https://github.com/anthropics/ironclaw/blob/695e6fa13e289a78ab41515e6ce698a5503c7202/src/channels/web/features/oauth/mod.rs#L33-L37

use crate::channels::web::server::clear_auth_mode;

3. [LOW:50] Stringly-typed query parameter handling uses Query<HashMap<String, String>> (lines 82, 596). Per .claude/rules/types.md, domain values crossing module boundaries should use newtypes/enums. While consistent with pre-existing code, this is a type-driven improvement for future refactors.

https://github.com/anthropics/ironclaw/blob/695e6fa13e289a78ab41515e6ce698a5503c7202/src/channels/web/features/oauth/mod.rs#L82-L84

Query(params): Query<std::collections::HashMap<String, String>>,

4. [LOW:50] Helper function documentation. Lines 47-107 define oauth_error_page and redact_oauth_state_for_logs as private (correct), but the module-level doc comment could be strengthened with #[doc(hidden)] or explicit markers if adopted across feature slices.

https://github.com/anthropics/ironclaw/blob/695e6fa13e289a78ab41515e6ce698a5503c7202/src/channels/web/features/oauth/mod.rs#L20-L22

//! The helpers below (`oauth_error_page`, `redact_oauth_state_for_logs`)
//! are slice-local and must not be called from outside this module.