Skip to content

feat: v7.1.0 community sync#351

Merged
saurabhjain1592 merged 1 commit into
mainfrom
sync/enterprise-20260418-114342-24603935041
Apr 18, 2026
Merged

feat: v7.1.0 community sync#351
saurabhjain1592 merged 1 commit into
mainfrom
sync/enterprise-20260418-114342-24603935041

Conversation

@saurabhjain1592

Copy link
Copy Markdown
Member

v7.1.0 Community Sync

Added

  • Execution boundary semantics: step gate decisions are idempotent by default — same (workflow_id, step_id) returns cached decision unless retry_policy=reevaluate is specified. Responses include cached (bool) and decision_source (fresh/cached) fields.
  • Workflow checkpoints: automatic governance-aware resume boundaries at every step gate. GET /api/v1/workflows/{id}/checkpoints (all tiers), POST /checkpoints/resume (Evaluation+), POST /checkpoints/{id}/resume (Enterprise).
  • Risk-tiered approval routing: HITL severity derived from policy config or risk score (replaces hardcoded "high"). Highest severity wins across multiple matching policies.
  • Governed session overrides: time-bounded, audit-logged override on policy denies with risk-level gating and critical-policy immunity.
  • Policy explainability: GET /api/v1/explain endpoint returns human-readable matched rules, risk levels, and override eligibility per policy match.
  • New examples: retry-semantics (Go, Python, TypeScript, Java), checkpoint-resume (Go), risk-tiered-approvals (Go, Python)
  • Migration 069: workflow_checkpoints table
  • Migration 070: policy risk_level, allow_override columns + override/explain tables
  • README: plugin table with install commands, docs links, and GitHub repos

Changed

  • Platform version bumped from 7.0.1 to 7.1.0
  • StepGateRequest accepts retry_policy field; StepGateResponse includes cached and decision_source
  • PolicyMatch type extended with risk_level, allow_override, matched_rule, policy_description
  • Deterministic approval deduplication via UUID v5 + ON CONFLICT
  • CI dependency bumps: actions/github-script 8→9, aws-actions/configure-aws-credentials 4→6

Fixed

  • Stack teardown workflows now clean up CloudFlare DNS records and Route53 entries
  • Checkpoint telemetry: digest schedule, DynamoDB query fixes, Scarf forwarding parallelized

### Added
- Execution boundary semantics: step gate decisions are idempotent by default — same (workflow_id, step_id) returns cached decision unless retry_policy=reevaluate is specified. Responses include cached (bool) and decision_source (fresh/cached) fields.
- Workflow checkpoints: automatic governance-aware resume boundaries at every step gate. GET /api/v1/workflows/{id}/checkpoints (all tiers), POST /checkpoints/resume (Evaluation+), POST /checkpoints/{id}/resume (Enterprise).
- Risk-tiered approval routing: HITL severity derived from policy config or risk score (replaces hardcoded "high"). Highest severity wins across multiple matching policies.
- Governed session overrides: time-bounded, audit-logged override on policy denies with risk-level gating and critical-policy immunity.
- Policy explainability: GET /api/v1/explain endpoint returns human-readable matched rules, risk levels, and override eligibility per policy match.
- New examples: retry-semantics (Go, Python, TypeScript, Java), checkpoint-resume (Go), risk-tiered-approvals (Go, Python)
- Migration 069: workflow_checkpoints table for step-gate checkpoint persistence
- Migration 070: policy risk_level, allow_override columns + override/explain tables
- README: plugin table with install commands, docs links, and GitHub repos for OpenClaw, Claude Code, Cursor, Codex

### Changed
- Platform version bumped from 7.0.1 to 7.1.0
- StepGateRequest accepts retry_policy field; StepGateResponse includes cached and decision_source
- PolicyMatch type extended with risk_level, allow_override, matched_rule, policy_description
- Deterministic approval deduplication via UUID v5 + ON CONFLICT (replaces race-prone SELECT-then-INSERT)
- CI dependency bumps: actions/github-script 8→9, aws-actions/configure-aws-credentials 4→6

### Fixed
- Stack teardown workflows now clean up CloudFlare DNS records and Route53 entries
- Checkpoint telemetry: digest schedule switched from unreliable rate(1 hour) to cron, DynamoDB query constraints fixed, Scarf forwarding parallelized

Source Commits: dcfba717,22e8dcb9,9fe88560,657e9571,d76f3a56,ac0cd718,4aea2552,4edf7c52,df7b5d46,c9943f0c,57855bd3,ee2119a8,2ce63934,cbb25b42,d89c43c9,32b2e2ef,15263eb3,960aa699,7136250a,43aad8ff,ab492026,45e84a9f,abd98eec,70eec512,06f58c68
@saurabhjain1592 saurabhjain1592 added the community-sync Sync from enterprise repository label Apr 18, 2026
@saurabhjain1592 saurabhjain1592 added this pull request to the merge queue Apr 18, 2026
Merged via the queue into main with commit e85588d Apr 18, 2026
33 checks passed
@saurabhjain1592 saurabhjain1592 deleted the sync/enterprise-20260418-114342-24603935041 branch April 18, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

community-sync Sync from enterprise repository

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants