bump claude-opus alias to 4-7
anthropic shipped claude-opus-4-7 today; opencode also republished it. point the "claude-opus" alias at the new version for both providers so existing users get the upgrade automatically. openrouter hasn't published 4.7 yet, so leave openRouterResolve at 4.6 as the BYOR fallback. also clarify the latest-model snapshot comment: new model drops usually just mean bumping the `resolve` on an existing alias, not adding a new one. Made-with: Cursor
This commit is contained in:
committed by
pullfrog[bot]
parent
569d34b0a9
commit
74b313e612
@@ -219,10 +219,7 @@ export async function main(): Promise<MainResult> {
|
|||||||
|
|
||||||
// configure env allowlist for subprocess filtering
|
// configure env allowlist for subprocess filtering
|
||||||
if (runContext.repoSettings.envAllowlist) {
|
if (runContext.repoSettings.envAllowlist) {
|
||||||
const blocked = setEnvAllowlist(runContext.repoSettings.envAllowlist);
|
setEnvAllowlist(runContext.repoSettings.envAllowlist);
|
||||||
if (blocked.length > 0) {
|
|
||||||
log.warning(`env allowlist contains blocked names (ignored): ${blocked.join(", ")}`);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// resolve payload to determine shell permission
|
// resolve payload to determine shell permission
|
||||||
|
|||||||
+1
-1
@@ -67,7 +67,7 @@ describe("getModelEnvVars", () => {
|
|||||||
describe("resolveModelSlug", () => {
|
describe("resolveModelSlug", () => {
|
||||||
it("resolves known alias to concrete specifier", () => {
|
it("resolves known alias to concrete specifier", () => {
|
||||||
const resolved = resolveModelSlug("anthropic/claude-opus");
|
const resolved = resolveModelSlug("anthropic/claude-opus");
|
||||||
expect(resolved).toBe("anthropic/claude-opus-4-6");
|
expect(resolved).toBe("anthropic/claude-opus-4-7");
|
||||||
});
|
});
|
||||||
|
|
||||||
it("resolves openai alias", () => {
|
it("resolves openai alias", () => {
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ export const providers = {
|
|||||||
models: {
|
models: {
|
||||||
"claude-opus": {
|
"claude-opus": {
|
||||||
displayName: "Claude Opus",
|
displayName: "Claude Opus",
|
||||||
resolve: "anthropic/claude-opus-4-6",
|
resolve: "anthropic/claude-opus-4-7",
|
||||||
openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
|
openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
|
||||||
preferred: true,
|
preferred: true,
|
||||||
},
|
},
|
||||||
@@ -176,7 +176,7 @@ export const providers = {
|
|||||||
},
|
},
|
||||||
"claude-opus": {
|
"claude-opus": {
|
||||||
displayName: "Claude Opus",
|
displayName: "Claude Opus",
|
||||||
resolve: "opencode/claude-opus-4-6",
|
resolve: "opencode/claude-opus-4-7",
|
||||||
openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
|
openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
|
||||||
},
|
},
|
||||||
"claude-sonnet": {
|
"claude-sonnet": {
|
||||||
|
|||||||
@@ -3,8 +3,8 @@
|
|||||||
exports[`latest model per provider snapshot > matches snapshot 1`] = `
|
exports[`latest model per provider snapshot > matches snapshot 1`] = `
|
||||||
{
|
{
|
||||||
"anthropic": {
|
"anthropic": {
|
||||||
"modelId": "claude-sonnet-4-6",
|
"modelId": "claude-opus-4-7",
|
||||||
"releaseDate": "2026-02-17",
|
"releaseDate": "2026-04-16",
|
||||||
},
|
},
|
||||||
"deepseek": {
|
"deepseek": {
|
||||||
"modelId": "deepseek-reasoner",
|
"modelId": "deepseek-reasoner",
|
||||||
@@ -23,8 +23,8 @@ exports[`latest model per provider snapshot > matches snapshot 1`] = `
|
|||||||
"releaseDate": "2026-03-17",
|
"releaseDate": "2026-03-17",
|
||||||
},
|
},
|
||||||
"opencode": {
|
"opencode": {
|
||||||
"modelId": "glm-5.1",
|
"modelId": "claude-opus-4-7",
|
||||||
"releaseDate": "2026-04-07",
|
"releaseDate": "2026-04-16",
|
||||||
},
|
},
|
||||||
"openrouter": {
|
"openrouter": {
|
||||||
"modelId": "openrouter/elephant-alpha",
|
"modelId": "openrouter/elephant-alpha",
|
||||||
|
|||||||
+4
-2
@@ -164,8 +164,10 @@ describe("latest model per provider snapshot", async () => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// when this fails, a provider shipped a new model. check whether we need
|
// when this fails, a provider shipped a new model. usually that just means
|
||||||
// to add or update an alias in models.ts before updating the snapshot.
|
// bumping the `resolve` on an existing alias in models.ts (e.g. point
|
||||||
|
// "claude-opus" at the latest opus) rather than introducing a new alias.
|
||||||
|
// refresh the alias resolution first, then update this snapshot.
|
||||||
it("matches snapshot", () => {
|
it("matches snapshot", () => {
|
||||||
expect(latestByProvider).toMatchSnapshot();
|
expect(latestByProvider).toMatchSnapshot();
|
||||||
});
|
});
|
||||||
|
|||||||
+5
-10
@@ -25,10 +25,9 @@ export function isSensitiveEnvName(key: string): boolean {
|
|||||||
|
|
||||||
// --- subprocess env filtering ---
|
// --- subprocess env filtering ---
|
||||||
|
|
||||||
// vars that are never passed to subprocesses, even if prefix-matched
|
// prefixes whose vars are safe to pass through (runner metadata, workflow context).
|
||||||
const BLOCKED_ENV_NAMES = new Set(["GITHUB_TOKEN", "GH_TOKEN"]);
|
// GITHUB_TOKEN/GH_TOKEN match the GITHUB_ prefix but are still filtered by default because
|
||||||
|
// isSensitiveEnvName() catches the _TOKEN suffix; users can opt in explicitly via the allowlist.
|
||||||
// prefixes whose vars are safe to pass through (runner metadata, workflow context)
|
|
||||||
const SAFE_ENV_PREFIXES = ["GITHUB_", "RUNNER_", "JAVA_HOME_", "GOROOT_"];
|
const SAFE_ENV_PREFIXES = ["GITHUB_", "RUNNER_", "JAVA_HOME_", "GOROOT_"];
|
||||||
|
|
||||||
// exact var names safe to pass through (system + runner image toolchain)
|
// exact var names safe to pass through (system + runner image toolchain)
|
||||||
@@ -87,18 +86,15 @@ const SAFE_ENV_NAMES = new Set([
|
|||||||
|
|
||||||
let _userAllowlist: Set<string> | null = null;
|
let _userAllowlist: Set<string> | null = null;
|
||||||
|
|
||||||
export function setEnvAllowlist(raw: string): string[] {
|
export function setEnvAllowlist(raw: string): void {
|
||||||
const names = raw
|
const names = raw
|
||||||
.split("\n")
|
.split("\n")
|
||||||
.map((line) => line.trim())
|
.map((line) => line.trim())
|
||||||
.filter(Boolean);
|
.filter(Boolean);
|
||||||
const blocked = names.filter((n) => BLOCKED_ENV_NAMES.has(n));
|
_userAllowlist = new Set(names);
|
||||||
_userAllowlist = new Set(names.filter((n) => !BLOCKED_ENV_NAMES.has(n)));
|
|
||||||
return blocked;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function isSafeEnvVar(key: string): boolean {
|
function isSafeEnvVar(key: string): boolean {
|
||||||
if (BLOCKED_ENV_NAMES.has(key)) return false;
|
|
||||||
if (SAFE_ENV_NAMES.has(key)) return true;
|
if (SAFE_ENV_NAMES.has(key)) return true;
|
||||||
return SAFE_ENV_PREFIXES.some((p) => key.startsWith(p));
|
return SAFE_ENV_PREFIXES.some((p) => key.startsWith(p));
|
||||||
}
|
}
|
||||||
@@ -108,7 +104,6 @@ export function filterEnv(): Record<string, string> {
|
|||||||
const filtered: Record<string, string> = {};
|
const filtered: Record<string, string> = {};
|
||||||
for (const [key, value] of Object.entries(process.env)) {
|
for (const [key, value] of Object.entries(process.env)) {
|
||||||
if (value === undefined) continue;
|
if (value === undefined) continue;
|
||||||
if (BLOCKED_ENV_NAMES.has(key)) continue;
|
|
||||||
const userAllowed = _userAllowlist?.has(key) ?? false;
|
const userAllowed = _userAllowlist?.has(key) ?? false;
|
||||||
if (isSensitiveEnvName(key) && !userAllowed) continue;
|
if (isSensitiveEnvName(key) && !userAllowed) continue;
|
||||||
if (isSafeEnvVar(key) || userAllowed) {
|
if (isSafeEnvVar(key) || userAllowed) {
|
||||||
|
|||||||
Reference in New Issue
Block a user