Commit Graph

15600 Commits

Author SHA1 Message Date
Vincent Koc
b67417909b refactor: remove dead core and extension exports (#104963)
* refactor(agents): remove obsolete exec eligibility helper

* refactor(diffs): internalize viewer-only state

* refactor(qa-lab): internalize implementation helpers
2026-07-12 13:06:23 +08:00
Vincent Koc
4040267af9 fix(qa): run mixed channel suites 2026-07-12 06:51:59 +02:00
Vincent Koc
5d03825597 refactor(qa): isolate scenario command lifecycle (#104958) 2026-07-12 12:27:29 +08:00
Vincent Koc
982efe51e4 refactor: remove dead UI and parser helpers (#104944)
* refactor(tool-call-repair): remove unused parser wrapper

* refactor(ui): remove dead private helper surfaces
2026-07-12 12:08:56 +08:00
Peter Steinberger
6b95f98fe7 fix(core): make indexed access explicit across remaining src (NUIA phase 3b) (#104773)
* fix(core): make indexed access explicit in auto-reply, infra, and config

Part 1/3 of the src NUIA phase-3b burn-down (#104600): iteration and
destructuring over index reads, boundary guards on parsed input, and
named invariants. Config path walkers bind the path head once; SQLite
migration key handling is hoisted without query-shape changes.

* fix(core): make indexed access explicit in cli, gateway, commands, security, shared

Part 2/3: argv/token selection restructured, gateway event/attachment
invariants named, security parsers stay fail-closed (invariant
violations throw), edit-distance matrices access checked entries.

* fix(core): make indexed access explicit across remaining src surfaces

Part 3/3: channels, plugins, process, cron, plugin-sdk, media, logging,
tui, hooks, daemon, and small directories. Latent bug fixed: a tailnet
resolver could leak undefined through a string|null contract and now
fails with a descriptive local error.

* fix(core): keep optional boundaries optional after per-commit review

Review findings: expectDefined misused where absence is a legitimate
state. CLI --profile/route-args missing next tokens take their existing
miss paths; help normalization compares --help against the last
positional again; first-time plugin install spreads absent cfg.plugins;
denylist scan iterates manifest dependency entries instead of throwing
on omitted sections; tailnet resolver returns a guaranteed string at
the source instead of a caller-side undefined throw.

* refactor(core): closed-key provider labels and honest optional passthroughs

PROVIDER_LABELS becomes a satisfies-typed closed record (static reads
provably defined; dynamic lookups go through providerUsageLabel with
honest string|undefined). Status-scan overview passes its optional
params through unchanged instead of asserting them.

* fix(channels): make getChatChannelMeta honestly optional

The original signature claimed ChatChannelMeta while leaking undefined
on bundled channel id metadata drift; three of four callers already
handled absence. The return type now says so, and the one assuming
caller falls back to the raw channel label.

* fix(core): index-safety for post-rebase main drift

Covers the sqlite-sessions flip and auth-source-plan code that landed
mid-phase, plus the channel-validation test consuming the now honestly
optional getChatChannelMeta.

* refactor(channels): split chat-meta accessors along the SDK contract

getChatChannelMeta keeps its shipped plugin-SDK signature (defined for
bundled ids, fail-loud on impossible misses); new findChatChannelMeta
carries the drift-tolerant optional contract for core auto-enable and
formatting paths.

* fix(qa-channel): own channel metadata instead of a guaranteed-undefined catalog lookup

qa-channel spread getChatChannelMeta over an id that is never in the
bundled catalog, shipping an empty setup meta by accident; the fail-loud
SDK accessor exposed it. The channel now declares its metadata once.

* fix(gateway): heartbeat projection lookahead is optional at the transcript tail

expectDefined wrapped messages[i + 1] whose absence on the final message
is the normal case; the adjacent ternary already handled it. Restores
the plain optional read with an explicit guard in the pair condition.

* fix(plugin-sdk): channel plugin factory tolerates non-bundled channel ids again

createChannelPluginBase spreads bundled catalog meta for ANY channel id,
where absence is the normal case for external plugins; the resolver is
honestly optional again while the exported bundled-id accessor keeps the
fail-loud contract.

* fix(core): spreads of optional config sections stay optional

Fresh-setup and first-install paths (crestodian setup inference, hook
installs, agent config base, target agent models) legitimately lack the
section being rebuilt; spreading undefined is the shipped {} semantics.
Removes the remaining gratuitous assertion wraps found by tree audit.
2026-07-11 20:47:34 -07:00
Alix-007
d0764f3566 fix(browser): preserve own profile entries (#101694)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 20:10:59 -07:00
scoootscooob
f5eafc1515 Recover cron tool warnings with final text (#104908) 2026-07-11 19:45:33 -07:00
pick-cat
b874258ace fix(browser): invalidate stale roleRefs on main-frame navigation (#104308)
* fix(browser): bind refs to document lifecycle

Co-authored-by: Pick-cat <huang.ting3@xydigit.com>

* fix(browser): guard absent ref cache entries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 19:32:00 -07:00
Peter Steinberger
7a456e362d feat(channels): add typed cross-surface approval actions (#103679)
* fix(gateway): approval registry hardening and protocol-surface follow-ups

Follow-up delta to the merged #103579 head, rebased onto current main:
- gateway-protocol wire types derive from owner-module schema consts
  (types.ts tombstone) and ProtocolSchemas leaves the package index so the
  public plugin-sdk d.ts graph tree-shakes the registry declaration
- approval access authority follows the operator.approvals scope tier with
  reviewerDeviceIds as the opt-in restriction (cross-surface
  first-answer-wins; requester identity gates only legacy adapters)
- plugin node.invoke approvals register directly so unrenderable
  presentations fail closed before request routing
- exec-approval manager reconciliation with #103515 revocation hardening
  (resolution source attribution, one-shot ask-fallback consumption)
- surface-report pins and plugin-sdk API baseline refreshed; Swift models
  regenerated

* feat(channels): add typed operator approval actions

Squash-rebased #103679 segment onto the durable-approval-registry tip on
current main. Typed approval/command/select presentation actions replace
raw-string inference across slack/telegram/discord/matrix/imessage/whatsapp,
approval.resolve carries an explicit kind, and channel adapters map native
callback envelopes through the typed action registry.

Drift reconciliation: deprecated buildExecApprovalInteractiveReply assertions
dropped (#104650 removed the shims); worker_environments bootstrap-column
migration kept alongside the approval resolution_ref backfill; plugin-sdk API
baseline regenerated.

(cherry picked from commit 68765a5d39d2118c88a7a54d00387337912d4494)
(cherry picked from commit 8642ac12af142e4b751f4f30d4b114615e7e5f66)
(cherry picked from commit 036c4bc39499925fc03de16ec9302e346769350a)
(cherry picked from commit 19dc350d6bc34e29a5169c6bc80971b0ad12adde)
(cherry picked from commit fc978b0bad86aef421c79f6a211b25cc1b743c01)
(cherry picked from commit 10de4d1ed5071f9be6ad1ee5d1e32c0fa8c9d11c)
(cherry picked from commit 9a664ced1b1fa740172b258f355f1a82925ae41c)
(cherry picked from commit c5ff69abbf444139e9e007bfa45beb0f00ffea54)
(cherry picked from commit d466a80795)
(cherry picked from commit f5b4fe40dd5c961322f8553cc80b2fdfb3f6503e)
(cherry picked from commit 7340b4749a4cc4c72f7a41cce1bc9cb550cae038)
(cherry picked from commit a151f41808f23ae60b10305ccd2bc959b9169a86)

* fix(approvals): preserve typed transport ownership

* test(imessage): narrow chunked approval text

* refactor(protocol): remove retired type tombstone

* fix(plugin-sdk): align surface budgets after rebase

* docs(changelog): note typed operator approvals

* docs(changelog): defer typed approval release note
2026-07-11 18:31:05 -07:00
Vincent Koc
350c810256 fix(codex): preserve beta5 MCP bindings 2026-07-12 09:30:50 +08:00
Peter Steinberger
508f6a2996 refactor(config): retire legacy flat streaming keys to doctor-owned migration (#104693)
* chore(config): regenerate bundled channel config metadata for retired flat streaming keys

* refactor(config): retire legacy flat streaming keys to doctor-owned migration

* fix(config): restore zod locale installer dropped in rebase and repin SDK surface
2026-07-11 18:15:03 -07:00
Peter Steinberger
ecefc6cab6 fix(slack): align App Home with active commands 2026-07-11 17:47:25 -07:00
Peter Steinberger
12f7d9c784 fix(slack): honor configured App Home command
Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>
2026-07-11 17:47:25 -07:00
Alix-007
e7c3f7be6c fix(discord): add timeouts to PluralKit lookup requests (#104121)
* fix(discord): add timeouts to PluralKit lookup requests

* fix(discord): bound PluralKit preflight cancellation

* docs(changelog): note PluralKit lookup deadline

* chore: keep changelog release-owned

* test(discord): reject PluralKit aborts with errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:44:52 -07:00
Vincent Koc
16a647041c fix(providers): load trusted external thinking policies 2026-07-12 08:40:22 +08:00
llagy007
d8bcd014c7 fix(signal): align supported message actions (#104788)
* fix(signal): align supported message actions

* test(signal): clarify supported message actions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:34:07 -07:00
litang9
a0c4c31a17 fix(feishu): configure websocket ping timeout (#103763) 2026-07-11 17:31:59 -07:00
Peter Steinberger
3255b3218a feat: unify external sessions with native catalog pagination (#104717)
* feat(gateway): add generic sessions.catalog surface with plugin SDK registration seam

* feat(agents): support one-shot forked CLI session resume with successor rebinding

* feat(anthropic): adopt local Claude CLI sessions into native chats via catalog continue

* feat(codex): register the session catalog provider independently of supervision

* refactor(ui): delete the retired custom Claude/Codex session tab views

* feat(ui): render external session catalogs as native sidebar sessions and chat panes

* docs: describe the unified native session catalog

* fix: harden forked CLI resume and catalog transcript mapping after review

* fix: satisfy strict typecheck for catalog source guard and imported message cast

* chore(i18n): regenerate session catalog locales

* fix(codex): simplify session source guard type

* fix(ui): paginate sidebar session catalogs

* chore(i18n): refresh catalog metadata after main merge

* fix(ui): harden session catalog pagination refresh

* test(agents): use sqlite session accessor in fork tests

* fix(ci): refresh session catalog generated surfaces

* fix(ui): align session catalog locales

* fix: address session catalog review findings

* fix(sessions): roll back failed plugin catalog adoption

* test(sessions): preserve CLI binding literals

* fix(ui): restore native session pagination label

* docs: note external session catalogs

* Revert "docs: note external session catalogs"

This reverts commit cfb503f160.
2026-07-11 17:26:26 -07:00
Sarah Fortune
fd37c0318d fix(slack): prefer configured slash command (#104736)
* fix(slack): preserve resolved secrets for slash replies

* fix(slack): register configured slash command with native commands

* fix(slack): preserve slash config refresh semantics

* refactor(slack): keep slash fix focused

---------

Co-authored-by: Sarah Fortune <sarah.fortune@gmail.com>
2026-07-11 17:14:02 -07:00
Alix-007
78a98a7efa fix(telegram): add timeouts to getChat lookup requests (#104289)
* fix(telegram): add timeouts to getChat lookup requests

* fix(telegram): reuse shared timeout abort helper
2026-07-11 17:13:14 -07:00
wuqxuan
dfa9569ca7 fix(google): exclude versioned Gemini client header from memory identity (#104759)
* fix(google): exclude versioned Gemini client header from memory identity

* test(google): focus memory identity coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:06:21 -07:00
mushuiyu886
d886059520 fix(line): preserve Unicode boundaries in recipient errors (#104109) 2026-07-11 17:03:58 -07:00
llagy007
7027d2c227 fix(browser): reject non-page json new targets (#104129)
* fix(browser): reject non-page json new targets

* fix(browser): adopt only validated raw CDP targets

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:58:43 -07:00
qingminlong
8e216310b8 fix(parallel): stop MCP search when initialized ack fails (#104554)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 07:52:23 +08:00
Harjoth Khara
b2cd0e428d fix(workboard): preserve active claim error precedence (#104065)
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-12 07:45:25 +08:00
ZOOWH
fb702e5cae fix(memory): harden embedding batch workflows (#103472)
* fix(memory): harden embedding batch workflows

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>

* test(memory): align batch redaction expectation

* test(memory): tighten batch dependency types

* refactor(google): clarify batch state control flow

* test(google): make batch stage fallback lint-safe

* build(plugin-sdk): refresh memory batch surface budget

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
2026-07-11 16:43:58 -07:00
Peter Steinberger
847460600f feat(macos): redesign device-code sign-in (#104766)
* feat(macos): redesign device-code sign-in

* chore(i18n): refresh native string inventory

* fix(macos): localize device-code completion action

* fix(auth): preserve device-code fallback copy

* fix(xai): report browser launch accurately
2026-07-11 16:43:21 -07:00
Vincent Koc
6bba7eaa0d test(telegram): match private login reply fixture 2026-07-12 07:40:35 +08:00
Vincent Koc
a7764d4366 fix(auth): preserve Codex login profile identity 2026-07-12 07:40:35 +08:00
Eva
030fa62b79 fix(telegram): preserve codex login profile identity 2026-07-12 07:40:35 +08:00
Artur
cc419f8f47 fix(telegram): prevent unlisted API calls from stalling delivery (#104526)
* fix(telegram): bound unlisted API requests

* test(telegram): prove unlisted request aborts

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:28:36 -07:00
Peter Steinberger
7778663322 test(telegram): preserve projection fixture identities (#104777) 2026-07-11 16:26:26 -07:00
Peter Steinberger
453c049ac8 test(telegram): table-drive funnel-parity chunk boundaries for streamed final pagination (#104760)
The behavior fix landed on main in #104608 (fe3884a7ad): draft-stream final
pagination now routes markdownSource previews through markdownToTelegramChunks,
the same chunker the durable reply funnel uses (delivery.replies.ts
buildChunkTextResolver), and the overflow-pagination golden was re-recorded on
safe boundaries there. This adds the missing parity regression coverage:
table-driven cases for mid-word, mid-entity, mid-tag, and fenced code-block
page boundaries assert the streamed pages equal the durable chunker's HTML
chunks exactly, and that retained/current page snapshots carry the durable
plainText projection so an HTML-parse 400 degrades both funnels identically.

Formatting proof: Testbox tbx_01kx9n9q7rksfxgr5baj0esw57 check:changed format
lane passed on this diff (local worktree has no node_modules for the hook).
2026-07-11 16:12:48 -07:00
llagy007
c059d7d062 fix(browser): refresh target after guarded existing-session actions (#104094)
* fix(browser): refresh target after guarded existing-session actions

* test(browser): isolate guarded target cases

* test(browser): mock safe replacement URL resolution

* fix(browser): refresh target after guarded evaluate

* style(browser): format guarded action matrix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:11:48 -07:00
llagy007
4057d4b623 fix(browser): keep direct CDP version diagnostics (#104678) 2026-07-11 16:09:42 -07:00
NIO
c04c85b6f3 fix(mattermost): bound stalled inbound media header waits (#104575)
* fix(mattermost): bound stalled inbound media header waits

* test(mattermost): always close stalled media server

* test(mattermost): satisfy server cleanup lint

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:09:08 -07:00
Peter Steinberger
c3a8e60adc fix: doctor repairs Voice Call SQLite schema upgrades (#104752)
* fix(doctor): repair voice-call SQLite schema

* chore: keep release notes in PR body

* test(plugin-sdk): update public surface budget
2026-07-11 16:05:59 -07:00
Vincent Koc
266d49cddb fix(codex): migrate legacy session ownership to sqlite 2026-07-12 06:50:30 +08:00
Vincent Koc
b4db960616 fix(codex): converge retained raw binding rows 2026-07-12 06:50:30 +08:00
Vincent Koc
8955f17f12 fix(codex): use shared binding fingerprint helper 2026-07-12 06:50:30 +08:00
Vincent Koc
6b688011ba fix(codex): bound legacy binding fingerprints 2026-07-12 06:50:30 +08:00
Eva
54995af3ae fix(codex): bound app-server binding fingerprints 2026-07-12 06:50:30 +08:00
computment
088a9dc335 fix(discord): refresh model picker after default changes (#104635)
* fix(discord): refresh model picker component config

* test(discord): model full hot-reload snapshot state

* fix(discord): keep pending model selection stable

* fix(discord): stabilize recent model actions

---------

Co-authored-by: compoodment <compoodment@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:34 -07:00
NianJiu
da6a24d7dc fix(reply): prevent hung pre-delivery hooks from blocking lanes (#104256)
* fix(reply): bound pre-delivery hook settlement

* test(plugins): preserve hook timeout fixtures

* fix(reply): preserve declared pre-delivery budgets

* chore(reply): finalize pre-delivery recovery

* fix(reply): preserve per-final recovery semantics

* fix(reply): guard pending-final settlement identity

* test(reply): align pending-final store fixture

* fix(reply): bind settlement to originating intent

* test(reply): satisfy timeout fixture lint

* chore(plugin-sdk): refresh rebased baseline

* fix(reply): preserve normalized retry ownership

* fix(reply): narrow pending retry metadata

* fix: align reply dispatch state access

* chore(plugin-sdk): refresh rebased surface baseline

* test(reply): align rebased accessor assertion

* chore(plugin-sdk): regenerate drifted API baseline

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:15 -07:00
Vincent Koc
52f88473d9 fix(memory): isolate qmd fallback service hosts 2026-07-12 06:33:57 +08:00
Vincent Koc
a7f021d5a7 fix(memory): scope cached managers by service host 2026-07-12 06:33:57 +08:00
Vincent Koc
1b0a34c9a9 fix(memory): default optional local service hook 2026-07-12 06:33:57 +08:00
Vincent Koc
c1e70b9a7f refactor(plugin-sdk): inject memory local service per call 2026-07-12 06:33:57 +08:00
Vincent Koc
eae846e3e5 refactor(memory): inject local service host hooks 2026-07-12 06:33:57 +08:00
Vincent Koc
dc3c55418a refactor(memory): scope embedding service acquisition 2026-07-12 06:33:57 +08:00