chore(deps): bump docker/login-action from 3 to 4#3
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
dependabot
Bot
added
dependencies
joeltheunissen89-alt
pushed a commit
that referenced
this pull request
May 6, 2026
…26-05-06-03) Cross-platform GUI distribution via Tauri Updater (signed auto-update) + GitHub Releases (binary delivery). Tag-triggered CI workflow builds three platform binaries (macOS universal .dmg, Windows .exe NSIS, Linux .AppImage + .deb) on every gui-v* tag, signs each, uploads to the release. Changes: - src-tauri/Cargo.toml: tauri-plugin-updater = "2.0" - src-tauri/src/lib.rs: register updater plugin - src-tauri/tauri.conf.json: plugins.updater config + bundle targets expanded to ["app","dmg","nsis","appimage","deb"] - src-tauri/capabilities/default.json: updater:default permission - package.json: @tauri-apps/plugin-updater dep - .github/workflows/gui-release.yml: NEW cross-platform release workflow - docs/founder-actions/v243-tauri-updater-keys.md: NEW runbook for npx tauri signer generate + GitHub secrets upload + first-release verification OS-level binary code signing DEFERRED post-launch (per founder direction): - D-2026-05-06-03a Apple Developer cert (~$99/yr) — blocked on enrollment - D-2026-05-06-03b Windows EV cert (~$200+/yr) — blocked on cert purchase - D-2026-05-06-03c Linux package signing — deferred post-launch Customers see Gatekeeper/SmartScreen warnings on first install (normal indie posture). Subsequent updates ARE signed via Tauri Updater public-key — protects update integrity even without OS-level publisher trust. Per-platform certs land as individual D-* entries when reached. Founder action required: run npx tauri signer generate per the runbook, upload TAURI_UPDATER_PUBKEY/PRIVKEY/PRIVKEY_PASSWORD GitHub secrets, trigger first gui-v0.1.0 tag. Per founder direction 2026-05-06 autopilot grant: T3 decided autonomously per D-2026-05-06-03. Verify: typecheck/lint/format clean; 729/729 tests. Workflow YAML syntax verification + Rust build verification deferred to V-244+.
dependabot
Bot
force-pushed
the
dependabot/github_actions/docker/login-action-4
branch
from
1d40caa to
6650ebe
Compare
|
Dependabot bump type: |
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/docker/login-action-4
branch
from
6650ebe to
06ef5c0
Compare
|
Dependabot bump type: |
joeltheunissen89-alt
pushed a commit
that referenced
this pull request
May 17, 2026
Q.1 (orchestrator handoff #3) is a DESIGN-DOC gate per the loop directive. ClaudeAgentDecomposer wire shipped earlier this session (commit 11d7316) is a drop-in behind the AgentDecomposer interface, but the bootstrap-flip in production has five non-obvious choice points that each carry customer-visible UX consequences. Surfaced for orchestrator + founder verdict before implementation fires: Q.1.a Keying — bootstrap signal that picks Claude vs deterministic (env flag / fallback-key presence / per-customer-storage presence / either-of-two). Q.1.b Runtime fallthrough — what does runTurn do when the Claude call throws? hard-502, fall back to deterministic, refuse with retryable reason, hybrid. Q.1.c Per-customer key resolution at the route layer — header-only / stored-first-header-overrides / stored-only. Q.1.d Deployment-fallback consumption — burn fallback for unconfigured customers / hard-502-force-BYOK / per-account fallback consent. Q.1.e Cost-tracking on the fallback path — no tracking / track-but-unbilled / track-and-bill-at-bundled-rate. Each question has an orchestrator-recommended default + one or two "open" sub-considerations that affect the load-bearing answer. Implementation does NOT fire until verdicts land. Q.1.a + Q.1.b + Q.1.d are the load-bearing answers; Q.1.c + Q.1.e have safer defaults that can ship without explicit verdicts. Per the /loop directive ("land design + open questions, move to NEXT queue item — don't stall the whole queue"), the loop continues to Q.4 design doc next.
joeltheunissen89-alt
pushed a commit
that referenced
this pull request
May 17, 2026
Q.4 (orchestrator handoff #3) is a DESIGN-DOC gate per the loop directive. AI-B2.b replaces StubAgentExecutor with an in-process SessionsService dispatch — same node process as the route handlers, so we avoid HTTP round-trips and keep typed-error context. Surfaced for orchestrator + founder verdict before implementation fires: Q.4.a Halt-on-first-failure semantics across turns — discard plan on failure, resume from failed intent, or hybrid based on failure mode. Q.4.b Latency budget shape — no executor budget / total-plan deadline / per-intent enforced. Also whether tier-tiered (api_scale gets 5 min, api_starter gets 90 s). Q.4.c Capture aggregation in ExecutorRunResult — inline only / aggregated captureIds field / hybrid. Q.4.d Cross-context with EGRESS Phase 1 503-stubs — agent layer dispatches into SessionsService.navigate which today uses driftstack-default egress; what happens when Q.0 EG-API-1.6 lands and the gate activates? Q.4.e Mid-plan session destruction (customer DELETEs the driftstack session out-of-band while a plan runs) — halt with transcript / halt + close agent session / let the plan crash. Each question has an orchestrator-recommended default + one or two "open" sub-considerations. Q.4.a + Q.4.b are load-bearing; Q.4.c + Q.4.e have safer defaults that can ship without explicit verdicts. Doc includes a latency-budget summary (assuming Q.4.b option 2: 90s total-plan deadline) and a cross-context table showing how this slice interacts with EGRESS, captures, bundled-LLM billing. Per the /loop directive ("land design + open questions, move to NEXT queue item"), the loop continues to Q.5 recipe writer next.
joeltheunissen89-alt
pushed a commit
that referenced
this pull request
May 17, 2026
A follow-up orchestrator paste arrived mid-loop with three new
state items. Adds a new section to the handoff doc so the
next session reads them at session-start, alongside pointers
to the corresponding cross-session memory entries.
The three state items:
1. V2 customer warm-up arc PARKED per Wave 29-358 empirical
(Family-B-only V-583K atlas hit 22.9× Text closure;
warm-up is no longer the load-bearing path). Layer C
dispatch + warmUp SDK + dashboard UI + marketing reframe
all deferred to v1.1+. Saved as
project_v2_warmup_parked.md.
2. Multi-archetype coordination queued behind Agent 1's
fork-side foundation (est. 3-5 days). Agent 2's slot is
SDK archetype-id union + dashboard selector. Don't pre-
emptively type-narrow before Agent 1's actual IDs are
confirmed. Saved as
project_multi_archetype_coordination_queued.md.
3. Stripe LIVE post-BV-KvK is no-code — founder swaps the
STRIPE_SECRET_KEY in /opt/driftstack/api/.env after the
cutover; the Q.2 safety guard at startup is the
enforcement mechanism. Saved as
project_stripe_live_post_bv_kvk.md.
Memory + cross-session continuity section grew from 3 to 6
entries. The loop continues at the same exhausted-relative-
to-gates state as before — the AUTO #3 paste doesn't open
fresh actionable work today (multi-archetype is the closest
but still gated on Agent 1).
joeltheunissen89-alt
pushed a commit
that referenced
this pull request
May 17, 2026
…Item 1 Three new state items landed between the prior handoff-doc update (871d697) and now: 1. Cron 055b9123 cancelled at ~18:38 UTC per founder direction (AskUserQuestion answer "Stop the cron now"). 8 consecutive no-change fires confirmed the queue was exhausted relative to gates; each fire was consuming a conversation turn without commitable value. Session-only cron so cancellation has no durable impact. 2. Orchestrator AUTO #3 disengage at 18:38Z per founder request. Fire #14 enhanced visibility confirmed no active orchestrator processes at 18:35 UTC. 3. Agent 1 Wave 29-360 Item 1 LANDED — Navigator UA env-route via `DRIFTSTACK_ARCHETYPE_UA_FULL`. First slice of the multi-archetype foundation work. Items 2-5 incoming. SDK + dashboard archetype-selector slot still gated on items 2-5. Also notes the orchestrator paste's stale Q.5.f mention — Q.5.f actually shipped at f9e7dd1 + ad440af before the disengage; the paste was authored from an earlier state snapshot. Memory side-channel updated: project_multi_archetype_coordination_queued got an "Agent 1 progress as of 2026-05-17 18:38 UTC" section documenting the Item 1 landing + the env-var contract bridge. No code changes; doc + memory refresh only.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps docker/login-action from 3 to 4.
Release notes
Sourced from docker/login-action's releases.
... (truncated)
Commits
4907a6dMerge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...1e233e6chore: update generated content6c24eadbuild(deps): bump the aws-sdk-dependencies group with 2 updatesee034d7Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.11527209Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...d39362abuild(deps): bump lodash from 4.17.23 to 4.18.1a6f092bchore: update generated content60953f0build(deps): bump the proxy-agent-dependencies group with 2 updates62c6885Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...102c0e6chore: update generated content