Skip to content

release: v0.10.0-rc12 (consolidate #593/#594/#595/#597 + review hardening)#600

Open
bussyjd wants to merge 14 commits into
mainfrom
release/v0.10.0-rc12
Open

release: v0.10.0-rc12 (consolidate #593/#594/#595/#597 + review hardening)#600
bussyjd wants to merge 14 commits into
mainfrom
release/v0.10.0-rc12

Conversation

@bussyjd
Copy link
Copy Markdown
Contributor

@bussyjd bussyjd commented Jun 5, 2026
edited
Loading

release/v0.10.0-rc12main (tracking PR)

This is the rc12 release branch. It consolidates four PRs on top of main and folds in the post-review hardening, so the branch that ships as the v0.10.0-rc12 pre-release is exactly what lands on main.

Supersedes the closed tracking PR #598 (its head ref was renamed integration/pr-593-plusrelease/v0.10.0-rc12, which GitHub closes rather than retargets).

Consolidated PRs

PR Branch Subsystem Summary
#593 oisin/402-html-page x402 Improved 402 HTML payment-required page + per-offer-type prompts
#594 oisin/openapi x402 / controller OpenAPI spec + Scalar /api reference for offered services
#595 feat/buy-x402-set-default buy-x402 skill --set-default — agent self-adopts paid/<model> as primary
#597 oisin/streaming verifier Stream sub-agent responses (statusRecorder Flush/Hijack) to keep the tunnel alive

Merged #593 → #595 → #597 → #594. One conflict in internal/hermes/hermes.go (#594 predated 51fd708's deployment-strategy migration), resolved net-zero vs origin/main; go test ./internal/hermes/ passes.

Review hardening (folded in via #599)

The multi-agent review of the consolidated diff found no blockers; the three follow-ups (2 MED, 1 LOW) are now part of this branch:

  1. security(x402) — SRI-pin the Scalar bundle on the public /api page. scalarBundleSRI was empty → the browser executed unverified CDN bytes. Populated with the sha384 of the pinned @scalar/api-reference@1.34.0 bundle. Re-derive on every scalarBundleVersion bump.
  2. fix(buy-x402) — run the paid/<model> existence guard before the no-auto-refill warning, so a model LiteLLM would refuse no longer prints a misleading "chat will brick" warning.
  3. security(x402)sanitizeDisplayToken at the 402 render boundary. spec.model.name / metadata.name flow into copy-pasteable obol buy inference … commands on the public 402 page; CR tokens must match ^[A-Za-z0-9._:/-]+$ or collapse to a safe placeholder. Real ids (qwen3.5:9b, anthropic/claude-3-5-sonnet-latest) pass through; shell metacharacters cannot.

Verification

  • go build ./... clean; gofmt clean
  • full unit suite green, incl. new TestSanitizeDisplayToken + TestInferenceCopy_StripsShellMetacharsFromCommand

Do not merge to main until release-smoke is green and a second human has reviewed. Cut as the v0.10.0-rc12 pre-release for validation first.

Docs

OisinKyne and others added 14 commits June 3, 2026 13:51
@OisinKyne
Work on openapi spec for services
34041ef
@OisinKyne
Improve 402 html page
d2b30e2
@OisinKyne
Update storefronts
afdd495
feat(buy-x402): add --set-default so the agent self-adopts paid/<mode…
69a1c84 
…l> as primary

After a persistent inference buy publishes paid/<remote-model> in LiteLLM, the
agent adopts it as its own primary chat model in-pod via native
'hermes config set model.default' (atomic write, per-request re-read, no restart,
no host CLI, no new RBAC). Includes a LiteLLM /v1/models existence guard, an
auto-refill safety warning, and a PyYAML fallback writer.

Validated by a design+adversarial workflow and a live CLI smoke against a running
obol-agent: buy --set-default flips config.yaml model.default to paid/AEON-7/... and
the next agent chat settled via the x402-buyer pool (spent 0->1) with no restart;
rollback verified.
@OisinKyne
Have agent stream responses to keep the tunnel alive
9de9322
@bussyjd
merge(integration): PR #593 oisin/402-html-page
d1e445b
@bussyjd
merge(integration): PR #595 buy-x402 --set-default
9824b5f
@bussyjd
merge(integration): PR #597 agent SSE streaming
5232a4a
@bussyjd
merge(integration): PR #594 openapi spec
a38db07 
# Conflicts:
#	internal/hermes/hermes.go
@bussyjd
security(x402): SRI-pin the Scalar bundle on the public /api page
beae994 
The /api OpenAPI reference is served over the public tunnel and pulls the
@scalar/api-reference bundle from jsdelivr. The integrity hash was left empty
in phase 1, so the browser executed whatever the CDN returned, unverified.

Populate scalarBundleSRI with the sha384 of the pinned 1.34.0 bundle so a
tampered CDN response is blocked. Comment updated to stress the hash must be
re-derived in lockstep with every scalarBundleVersion bump.
@bussyjd
fix(buy-x402): run --set-default existence guard before auto-refill w…
8e31c42 
…arning

The 'paid/<model> not selectable in LiteLLM' guard ran *after* the
no-auto-refill WARNING. A model that LiteLLM would refuse still printed a
scary 'every chat turn fails when the pool empties' warning describing a
primary-model failure mode that cannot occur when the default was never
switched. Reorder so we refuse first and only warn when we are actually
about to adopt the model.
@bussyjd
security(x402): sanitize ServiceOffer-sourced tokens in 402 copy-past…
b39fe3c 
…e commands

spec.model.name and metadata.name flow from the ServiceOffer CR into
copy-pasteable 'obol buy inference ...' commands rendered on the public 402
page. A hostile or fat-fingered offer could smuggle shell metacharacters into
a command a reader might paste. Add sanitizeDisplayToken at the render
boundary: CR-sourced tokens must match the model-id/k8s-name charset
(^[A-Za-z0-9._:/-]+$) or collapse to the existing safe placeholder. Real ids
like qwen3.5:9b and anthropic/claude-3-5-sonnet-latest pass through unchanged.
@bussyjd
Merge pull request #599 from ObolNetwork/fix/integration-593plus-review
97c14e3 
review fixes for #598: Scalar SRI pin, buy-x402 guard order, 402 token sanitization
@bussyjd
docs(claude): compress and correct CLAUDE.md; fold in #597 streaming/…
d11028f 
…sell-agent facts

Terse rewrite of project CLAUDE.md (42725 -> 41797 bytes) corrected against the live codebase. Preserves all invariants, the 14 pitfalls, and flag warnings; adds #597's stream:true / statusRecorder.Flush guidance and agent-backed-offer (port 8642) facts so the compressed doc loses nothing rc12 ships.
This was referenced Jun 5, 2026
Open
Open
OisinKyne
OisinKyne reviewed Jun 5, 2026
View reviewed changes
Comment thread internal/embed/skills/buy-x402/scripts/buy.py
Comment on lines 1859 to +1879
@@ -1708,7 +1866,17 @@ def cmd_pay(url, method="GET", data=None, kind="http", network=None):

`network` is an optional safety guard: when set, the seller's advertised
chain must match it or `pay` aborts before signing.

`timeout` is the seconds to wait for the seller's response. Defaults to
~100s (Cloudflare's free-tier tunnel cap — longer requests are killed by
the edge before our client sees a response anyway). Override for slower
inference (reasoning models, large batches) up to the seller's own
upstream/edge limit.
"""
if timeout is None or float(timeout) <= 0:
timeout = 100.0
else:
timeout = float(timeout)
Copy link
Copy Markdown
Contributor

@OisinKyne OisinKyne Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting that when streaming is enabled we should set an e.g. 1000 second timeout because the tunnel will stay live

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OisinKyne OisinKyne OisinKyne left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bussyjd @OisinKyne