feat: add Orgo provider#458
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 3, 2026, 4:50 PM ET / 20:50 UTC. Summary Reproducibility: not applicable. This is a new provider feature, and current-main plus v0.34.0 inspection show Orgo support is absent rather than broken. Review metrics: 2 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land the built-in Orgo provider only after maintainers accept the product direction, redacted hosted lifecycle proof is posted, and the release-owned changelog edit is removed. Do we have a high-confidence way to reproduce the issue? Not applicable. This is a new provider feature, and current-main plus v0.34.0 inspection show Orgo support is absent rather than broken. Is this the best way to solve the issue? Unclear. The adapter shape matches Crabbox’s provider boundary, but built-in Orgo support still needs maintainer product acceptance, real hosted lifecycle proof, and removal of the release-owned changelog edit. Full review comments:
Overall correctness: patch is correct AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 62831c8972de. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
d9aab2f to
482bc1b
Compare
8f551f1 to
6709b30
Compare
6709b30 to
7e56248
Compare
|
@clawsweeper re-review Rebased onto current main and fixed the review findings: provider and live-smoke readiness polling now wait for running state, terminal startup failures clean up resources, and provider capabilities satisfy current registry conformance. Exact head: |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
7e56248 to
5c9ff32
Compare
|
@clawsweeper re-review Updated #458 to current Validation now completed:
I am not merging this yet while |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Pushed maintainer fixes for the concrete security/release findings. Head: Changes made:
Local validation passed on this head: Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
Public CI is now green on current head Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and |
|
@clawsweeper re-review Updated the PR body with the canonical summary, validation evidence, and remaining merge gate for current head. No code changes in this update. Still not merging unless the live proof labels clear and the provider-specific proof/contract gate is satisfied. |
3de3cb8 to
a13a41a
Compare
|
@clawsweeper re-review Rebased Orgo onto current Head: Change made:
Local validation passed: Public CI is green on this head: https://github.com/openclaw/crabbox/actions/runs/28103708184 Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and |
|
🦞🧹 I asked ClawSweeper to review this item again. |
a13a41a to
8cb00c2
Compare
|
@clawsweeper re-review Rebased Orgo onto current Head: Change made:
Validation passed on the rebased head: Still not merging: hosted Orgo lifecycle proof remains blocked on paid-plan authorization, and |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review Updated the PR body to current head No code changes in this update. The remaining gate is still hosted Orgo lifecycle proof with real credentials; there are no Orgo API credentials in this environment. |
|
@clawsweeper re-review Current head Additional local reproduction while checking the earlier pending jobs:
Still not merging: hosted Orgo lifecycle proof remains blocked by missing real Orgo credentials, and |
Drives the real *orgoHTTPClient through the delegated-run backend against a fake Orgo REST API (httptest), covering the full lifecycle: create workspace, create computer, run bash, delete computer, delete workspace. Asserts the Bearer auth header, exit code, SyncDelegated, stdout, and that every expected API endpoint is hit. No real secrets: the API key is a dummy value via CRABBOX_ORGO_API_KEY and the base URL is the in-process test server via CRABBOX_ORGO_API_BASE, so the test never reaches the live Orgo API. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Regenerated internal/cli/provider_categories_generated.go via scripts/generate-provider-matrix.mjs so the benchmark provider categories include orgo (delegated-sandbox). Keeps scripts/check-docs.sh green after rebasing onto latest main. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Yossi Eliaz <yossi.eliaz@incredibuild.com>
Co-authored-by: Yossi Eliaz <yossi.eliaz@incredibuild.com>
8cb00c2 to
23b6847
Compare
|
🦞🧹 I asked ClawSweeper to review this item again. |
Summary
Adds a delegated-run Orgo provider for Linux cloud computers.
provider: orgowith aliasorgo-ai.--no-sync.Maintainer hardening
success: trueand then confirms both resources return 404.success: falseBash responses as failures even when an exit code is present.Verification
Exact candidate:
23b6847ef464396ff11762d848d00424fb4a24b2go test -race ./internal/providers/orgogo test -race ./...during the final rewrite; the only later changes were additional passing tests and the reviewed Bash fail-closed fixscripts/test-go-modules.shgo vet ./...go build -trimpath -o bin/crabbox ./cmd/crabboxRemaining live gate
Do not merge yet. The dedicated
scripts/live-orgo-smoke.shharness is ready to prove create, use, reuse, command-exit propagation, destroy, and zero residue on this exact candidate, but no Orgo credential is available in the approved environment or targeted 1Password records. No account or persistent key was created.