release: keep evidence filenames download-stable#5
Merged
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packageFileNamealigned with the downloaded assetRoot cause and verification
GitHub normalized
agent-collab v3.1.0.plugintoagent-collab.v3.1.0.pluginduring upload, while the generated checksum and SPDX retained the pre-upload space name. A fresh download therefore failedshasum -c.TDD evidence:
shasum -cand records the dot name in SPDXValidation
python3 -m unittest discover -s tests -t . -q(223 tests)python3 -m unittest discover -s scripts -p 'test_*.py' -q(255 tests)python3 scripts/build_skills.py --checkpython3 scripts/build_marketplace.py --checkpython3 scripts/build-changelog.py --checkpython3 scripts/check_release_consistency.py --against-ref origin/mainpython3 scripts/check-public-export-safety.py --active-tree --historypython3 scripts/secret_scan.pygit diff --checkactionlintunavailable because neither the binary nor Go is installed; required CI remains authoritativeNo changelog fragment: this is an internal release-workflow correction and the affected v3.1.0 public evidence assets were repaired in place.
Operator override
On 2026-07-12, John Osumi explicitly directed: “Merge PR #5 without cross-family review.” This authorizes the operator-reserved merge despite the unavailable independent-review routes; the review blockers remain recorded rather than being relabeled as a review verdict.
author: Codex under John Osumi operator direction
standing_directives: Read and followed AGENTS.md, docs/public-governance.md, the v3.1.0 release plan, and the repository debugging and TDD workflow
tier: 3
cross_check: BLOCKED — quota: GitHub Gemini Code Assist exhausted its daily review quota; unified managed review is duplicate_blocked, and browser review is prohibited by user policy; explicit operator override to merge without cross-family review recorded above
post_condition: After the explicitly operator-directed merge, future releases generate checksum and SPDX evidence against the exact public asset filename
mcp_coverage_gap: NONE
contributor_rights: OWNER-AUTHORED
operator_reserved: yes — .github/workflows/release.yml; John Osumi explicitly directed this merge