Skip to content

fix(install): resolve ATX review blocking issues#7

Merged
ric03uec merged 1 commit intomainfrom
fix/atx-review-blocking-issues
Mar 22, 2026
Merged

fix(install): resolve ATX review blocking issues#7
ric03uec merged 1 commit intomainfrom
fix/atx-review-blocking-issues

Conversation

@ric03uec
Copy link
Owner

@ric03uec ric03uec commented Mar 22, 2026
edited
Loading

Summary

Resolves blocking issues from ATX code review on Phase 04 installation implementation.

  • Fix path bug in _get_base_playbook_path() - moved base.yaml to consistent location
  • Add SHA256 checksum verification for binary downloads (supply chain security)
  • Add architecture validation pre-task to fail early on unsupported platforms
  • Remove nodejs dependency from zeroclaw manifest (self-contained binary)
  • Fix test isolation with XDG_CONFIG_HOME and update_host mocking

Test plan

  • All 213 tests pass
  • Lint passes
  • Manual test: clm install zeroclaw <host> on supported architecture

ATX Review Summary

Review 1: Rating 2/5

Blocking Issues

# Issue Location Status
1 Path bug in _get_base_playbook_path() install.py:64 ✅ Fixed
2 No checksum/signature verification on binary download playbooks/install.yaml:29-33 ✅ Fixed
3 Unsupported architecture crashes mid-play playbooks/install.yaml:10 ✅ Fixed
4 nodejs dependency declared but never installed manifest.yaml:24,33,43,53 ✅ Fixed (removed)
5 Test isolation failure — real filesystem access tests/test_install.py:100-260 ✅ Fixed
6 Zero test coverage for _get_claw_user Missing tests ⏳ Deferred
7 key_id not validated at call site install.py:176-177 ⏳ Deferred

Co-Authored-By: @atx-ci 269048218+atx-ci@users.noreply.github.com

🤖 Generated with Claude Code

@claude @atx-ci
fix(install): resolve ATX review blocking issues
4f2a765 
Issue 1: Fix path bug in _get_base_playbook_path()
- Move platform/playbooks/base.yaml to src/clawrium/platform/playbooks/
- Update path to use parent.parent (consistent with claw playbook)

Issue 2: Add checksum verification on binary download
- Add sha256 field to all zeroclaw manifest entries
- Pass claw_sha256 to playbook via inventory vars
- Add checksum: sha256:{{ claw_sha256 }} to get_url task

Issue 3: Add architecture validation pre-task
- Add supported_architectures list to playbook vars
- Add pre_task that fails early with clear message for unsupported arch

Issue 4: Remove nodejs dependency from zeroclaw
- Zeroclaw is self-contained binary, doesn't need nodejs

Issue 5: Fix test isolation
- Add XDG_CONFIG_HOME isolation via monkeypatch.setenv
- Add update_host mock to tests that access filesystem
- Update mock manifests with sha256 and remove nodejs

ATX Review Summary
Review 1: Rating 2/5
Blocking issues addressed: 1, 2, 3, 4, 5
Issues deferred: 6, 7 (test coverage, key_id validation)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: @atx-ci <269048218+atx-ci@users.noreply.github.com>
@ric03uec ric03uec merged commit 68b3e4d into main Mar 22, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ric03uec