Main

[henrypark133]

Summary

Change Type

• Bug fix
• New feature
• Refactor
• Documentation
• CI/Infrastructure
• Security
• Dependencies

Linked Issue

Validation

• cargo fmt --all -- --check
• cargo clippy --all --benches --tests --examples --all-features -- -D warnings
• cargo build
• Relevant tests pass:
• cargo test --features integration if database-backed or integration behavior changed
• Manual testing:
• If a coding agent was used and supports it, review-pr or pr-shepherd --fix was run before requesting review

Security Impact

Database Impact

Blast Radius

Rollback Plan

Review Follow-Through

---

Review track:

[gemini-code-assist]

Code Review

This pull request prepares the project for the 0.26.0 release, involving version bumps across the workspace, comprehensive changelog updates, and artifact refreshes for various tools and channels. Key additions include a per-project sandbox with cost tracking and the inclusion of the sandbox_daemon.exe in the Windows installer. Feedback highlights that a deprecation notice regarding the verification field was lost during the changelog transition and that a Slack-related fix is misplaced in the skills-specific changelog.

[gemini-code-assist]

The specific entry regarding ActionResponse payloads and the removal of the legacy verification field (previously under [Unreleased]) appears to have been lost during the transition to the 0.26.0 section. While the onboarding_state unification is mentioned, the explicit deprecation of the verification wire field should be preserved for client developers to ensure documentation accurately reflects the current implementation state.

References

1. Documentation must precisely match the code implementation and clearly distinguish between the current implementation state and future or planned states.

[gemini-code-assist]

This entry regarding the Slack relay OAuth fix seems misplaced in the ironclaw_skills changelog. Slack is a communication channel, and this fix is correctly categorized under *(channels)* in the root CHANGELOG.md. Unless the fix was specifically implemented within the ironclaw_skills crate, it should be removed from this file to avoid confusion.

[Copilot]

Pull request overview

This PR appears to be a release/version bump and packaging/registry update across the IronClaw workspace, aligning crate versions, changelogs, and published WASM extension artifact pointers for the 0.26.0 release.

Changes:

• Add sandbox_daemon.exe to the Windows WiX installer feature set.
• Update registry entries to point at ironclaw-v0.26.0 released WASM artifacts (tools/channels) and add missing portfolio artifact metadata.
• Bump workspace/crate versions (ironclaw → 0.26.0, ironclaw_common → 0.3.0, ironclaw_skills → 0.2.0) and update changelogs/lockfile accordingly.

Reviewed changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
wix/main.wxs	Ships sandbox_daemon.exe alongside ironclaw.exe in the MSI.
registry/tools/portfolio.json	Adds published WASM artifact URL+sha for portfolio tool.
registry/tools/github.json	Updates GitHub tool artifact URL+sha to v0.26.0 and tool version to 0.2.4.
registry/channels/telegram.json	Updates Telegram channel artifact URL+sha to v0.26.0 and version to 0.2.10.
registry/channels/slack.json	Updates Slack channel artifact URL+sha to v0.26.0 and version to 0.3.1.
registry/channels/feishu.json	Updates Feishu/Lark channel artifact URL+sha to v0.26.0 and version to 0.2.2.
crates/ironclaw_tui/Cargo.toml	Updates dependency version for ironclaw_common to 0.3.0.
crates/ironclaw_skills/Cargo.toml	Bumps ironclaw_skills crate version to 0.2.0.
crates/ironclaw_skills/CHANGELOG.md	Adds a new crate changelog for the 0.2.0 release.
crates/ironclaw_engine/Cargo.toml	Updates ironclaw_common/ironclaw_skills dependency versions.
crates/ironclaw_common/Cargo.toml	Bumps ironclaw_common crate version to 0.3.0.
crates/ironclaw_common/CHANGELOG.md	Adds 0.3.0 release notes.
Cargo.toml	Bumps root crate to 0.26.0 and updates workspace path dependency versions.
Cargo.lock	Updates locked versions to reflect the release bump.
CHANGELOG.md	Adds 0.26.0 release notes to the root changelog.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The previous changelog included specific migration notes about the web SSE event rename to onboarding_state and the removal of the legacy verification field from extension setup/auth ActionResponse payloads, but those notes are no longer present anywhere in the changelog. Please add these migration notes back (ideally under the 0.26.0 entry in a "Changed"/"Breaking" section) so external clients have clear upgrade guidance.

Suggested change

	### Changed
	- *(web)* rename the SSE event emitted for onboarding updates to `onboarding_state`. Migration note: clients listening for the previous onboarding event name must update their subscriptions/handlers to consume `onboarding_state` instead.
	### Breaking
	- *(extensions)* remove the legacy `verification` field from extension setup/auth `ActionResponse` payloads. Migration note: external clients should stop reading `verification` from these responses and rely on the current `ActionResponse` payload shape instead.

[Copilot]

The PR description template is still largely unfilled (summary bullets, linked issue, validation checklist, review track). Since this PR bumps release versions and registry artifacts, please fill out the PR metadata to document intent and verification steps.