docs: add official-site and mirror provenance copy to codewhale.net#3440
docs: add official-site and mirror provenance copy to codewhale.net#3440donglovejava wants to merge 6 commits into
Conversation
The sidebar was only showing when terminal width >= 100 columns, which is too restrictive for many terminal setups. Reduced the minimum width to 60 columns to make the sidebar visible in more common terminal configurations. This fixes the issue where the sidebar would not appear in v0.8.62+ when using typical terminal sizes that are narrower than 100 columns.
Nightly builds: - Add artifact existence check to skip redundant builds for the same commit - Add build retry logic (up to 3 attempts) for transient failures - Add nightly-complete summary job for branch protection rules - Improve concurrency group to use ref_name instead of full ref Auto-tag idempotency: - Add semver validation for workspace version - Add annotated tags with release metadata - Add push retry logic with exponential backoff - Fail fast if version consistency check fails - Add concurrency control to prevent race conditions Addresses v0.8.64 reliability concerns for nightly builds and auto-tagging.
Update SECURITY.md email address from the legacy deepseek-tui.com domain to codewhale.com to match the project rebranding. Addresses v0.8.64 security hardening requirements.
- Add visual separator between approve (0-1) and deny/abort (2-3) groups - Render selected option as a solid button row with background strip - Add 'EXECUTE' indicator on the selected row for clear action feedback - Maintain keyboard shortcut emphasis with BOLD modifier Improves UX by making the decision surface read as two distinct choice clusters rather than a flat list, and gives the selected option a clear button-like appearance.
- Footer: add provenance section visible on all locales, distinguishing GitHub as the sole canonical source from mirror accelerators - Install page: add 'Official source' label to the China network section so users know GitHub Releases is the primary, mirrors are secondary - CNB_MIRROR.md: add Provenance section explaining GitHub is canonical and how to verify mirror integrity via SHA256 manifests Addresses v0.8.69 documentation and UX requirements.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces several enhancements and fixes to the CodeWhale TUI and website, including adding new interactive shell execution tools to the default tool catalog, reducing the minimum sidebar width, and improving the visual styling of the approval widget with locale-specific separators and selection indicators. It also adds a 'Provenance' section to the documentation and website footer to clarify that GitHub is the sole canonical source. The review feedback suggests updating the security email in SECURITY.md to use the canonical codewhale.net domain instead of codewhale.com for consistency.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| - **GitHub private advisory**: [github.com/Hmbown/CodeWhale/security/advisories/new](https://github.com/Hmbown/CodeWhale/security/advisories/new) | ||
| - **Email**: [security@deepseek-tui.com](mailto:security@deepseek-tui.com) — include `[SECURITY]` in the subject line | ||
| - **Email**: [security@codewhale.com](mailto:security@codewhale.com) — include `[SECURITY]` in the subject line |
There was a problem hiding this comment.
The security email domain here is configured as security@codewhale.com, but the canonical domain for the project is codewhale.net (as seen in the footer of the website and other documentation). Please update this to security@codewhale.net to ensure consistency and prevent potential delivery issues.
| - **Email**: [security@codewhale.com](mailto:security@codewhale.com) — include `[SECURITY]` in the subject line | |
| - **Email**: [security@codewhale.net](mailto:security@codewhale.net) — include `[SECURITY]` in the subject line |
|
This is so helpful - thank you so much!! |
|
Thanks @donglovejava. The provenance copy itself is welcome — For a clean, mergeable PR (target the v0.8.69 lane): open a fresh branch off current
Once it's just the provenance copy on a clean base I'm happy to review and credit it. Appreciate the work on the site provenance. |
State plainly that GitHub is the sole canonical source across the site: - footer: a Provenance section shown on all locales (was a zh-only mirror list), starring the official GitHub link and noting that mirrors are China-network accelerators (link labels localized for EN/ZH) - install: an "Official source" label on the Mainland China network section - docs/CNB_MIRROR.md: a Provenance section that accurately describes the CNB-built SHA256 manifest, with a verification path Harvested from PR #3440 by @donglovejava. Dropped that branch's unrelated churn (stray working files, workflow edits, and a SECURITY.md contact change that regresses the current address) and preserved the current Gitee URL. Co-authored-by: donglovejava <211940267+donglovejava@users.noreply.github.com> Claude-Session: https://claude.ai/code/session_01991fnUqBbWSgiUFw33L8XX
…B) (#3514) State plainly that GitHub is the sole canonical source across the site: - footer: a Provenance section shown on all locales (was a zh-only mirror list), starring the official GitHub link and noting that mirrors are China-network accelerators (link labels localized for EN/ZH) - install: an "Official source" label on the Mainland China network section - docs/CNB_MIRROR.md: a Provenance section that accurately describes the CNB-built SHA256 manifest, with a verification path Harvested from PR #3440 by @donglovejava. Dropped that branch's unrelated churn (stray working files, workflow edits, and a SECURITY.md contact change that regresses the current address) and preserved the current Gitee URL. Claude-Session: https://claude.ai/code/session_01991fnUqBbWSgiUFw33L8XX Co-authored-by: donglovejava <211940267+donglovejava@users.noreply.github.com>
|
Thanks @donglovejava — your contribution landed in
Closing this PR now that the code is on If you want to land more work and would prefer your future PRs merge cleanly without a harvest step, the |
2 participants
Summary
This PR adds explicit provenance (source-of-truth) documentation across the official site and mirror docs, making it clear that GitHub is the sole canonical source and mirrors are accelerators only.
Changes
1. Footer provenance section (
web/components/footer.tsx)font-semibold2. Install page source labeling (
web/app/[locale]/install/page.tsx)<strong>官方源 / Official source</strong>label to the China network install section3. CNB mirror provenance (
docs/CNB_MIRROR.md)Impact
Generated with Claude Code