We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 6699e73 commit 724160bCopy full SHA for 724160b
1 file changed
AGENTS.md
@@ -211,6 +211,7 @@ Skills own workflows; root owns hard policy and routing.
211
- Never commit real phone numbers, videos, credentials, live config.
212
- Secrets: channel/provider creds in `~/.openclaw/credentials/`; model auth profiles in `~/.openclaw/agents/<agentId>/agent/auth-profiles.json`.
213
- Dependency patches/overrides/vendor changes need explicit approval. `pnpm-workspace.yaml` patched dependencies use exact versions only.
214
+- Release/package guards: no hard-coded retired-package denylists; use generic artifact/dependency checks or fix build source.
215
- Lockfiles/shrinkwrap are security surface: review `pnpm-lock.yaml`, `npm-shrinkwrap.json`, `package-lock.json`; root/plugin npm packages ship shrinkwrap, not package-lock.
216
- Carbon pins owner-only: do not change `@buape/carbon` unless Shadow (`@thewilloftheshadow`, verified by `gh`) asks.
217
- Releases/publish/version bumps need explicit approval. Use `$release-openclaw-maintainer`.
0 commit comments