fix: salvage EJClaw runtime hardening

- add dist freshness guard to deploy flow
- preserve message source provenance for IPC injection
- harden Codex usage fallback and workspace package manager detection
- document owner branch return protocol
This commit is contained in:
ejclaw
2026-04-24 15:02:09 +09:00
parent a36c8a5f07
commit e036521054
19 changed files with 1059 additions and 51 deletions

View File

@@ -5,9 +5,11 @@ import path from 'path';
import { TIMEZONE } from './config.js';
import {
buildWorkspaceCommandEnvironment,
buildWorkspaceScriptCommand,
ensureWorkspaceDependenciesInstalled,
hasInstalledNodeModules,
type WorkspacePackageManager,
} from './workspace-package-manager.js';
import { computeVerificationSnapshotId } from '../shared/verification-snapshot.js';
@@ -44,6 +46,7 @@ export interface VerificationSnapshot {
}
interface VerificationCommandSpec {
packageManager: WorkspacePackageManager;
file: string;
args: string[];
commandText: string;
@@ -111,6 +114,7 @@ export function buildVerificationCommand(
: 'lint';
const command = buildWorkspaceScriptCommand(repoDir, scriptName);
return {
packageManager: command.packageManager,
file: command.file,
args: command.args,
commandText: command.commandText,
@@ -334,7 +338,11 @@ export async function runVerificationRequest(
command.args,
{
cwd: repoDir,
env: directExecution.env,
env: buildWorkspaceCommandEnvironment(
repoDir,
command.packageManager,
directExecution.env,
),
},
);
const afterSnapshot = computeVerificationSnapshot(repoDir);