Commit Graph

66965 Commits

Author SHA1 Message Date
Vincent Koc
a426213f0a fix(auth): use canonical session accessor 2026-07-12 07:40:35 +08:00
Vincent Koc
7edc4f11b6 test(auth): align session update mocks 2026-07-12 07:40:35 +08:00
Vincent Koc
6bba7eaa0d test(telegram): match private login reply fixture 2026-07-12 07:40:35 +08:00
Vincent Koc
a7764d4366 fix(auth): preserve Codex login profile identity 2026-07-12 07:40:35 +08:00
Eva
030fa62b79 fix(telegram): preserve codex login profile identity 2026-07-12 07:40:35 +08:00
Peter Steinberger
ecd7d6c787 docs(windows): link latest Hub installers (#104774) 2026-07-11 16:39:32 -07:00
Peter Steinberger
0ae352a648 fix(test): reclassify sqlite flip proof harness (#104784) 2026-07-11 16:38:37 -07:00
Vyctor H. Brzezowski
ff6dc43b8b feat(ui): paginate sidebar sessions (#104617)
* feat(ui): paginate sidebar sessions

* fix(ui): collapse sidebar session pages

* fix(ui): space sidebar pagination from footer

* fix(ui): keep required sidebar sessions visible

* fix(ui): reuse translated sidebar actions

* fix(ui): hide ineffective sidebar collapse

* fix(ui): advance sidebar pagination past required rows
2026-07-11 20:35:10 -03:00
Leon Ma
1338b0d0bc fix(ai/gemini): coerce numeric/boolean enum values to strings (#104567)
* fix(ai/gemini): coerce numeric/boolean enum values to strings

Gemini Function Calling only accepts string enum values (see
https://ai.google.dev/gemini-api/docs/function-calling). Tool schemas
containing enum: [1,2,3] or enum: [true,false] were passed through
unchanged, causing Gemini to reject the entire request with 400
TYPE_STRING errors at 'function_declarations[X].parameters...enum[N]'.

Extend cleanSchemaForGeminiWithDefs to coerce enum and const values
via a shared helper (number/boolean/bigint -> string, drop null and
non-coercible entries, de-duplicate), and retype the containing schema
as 'string' since Gemini's validator only accepts enum on string-typed
schemas.

Adds seven vitest cases covering numeric/boolean enum, const, nested
schemas, and dedup/empty-after-coercion edge cases.

Fixes #104566

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(ai/gemini): make enum retyping property-order independent

Address @clawsweeper review on #104567:

The initial patch set cleaned.type = 'string' inline while visiting the
'enum' or 'const' key. For schemas where 'type' appears AFTER 'enum' /
'const' in the input object — a valid ordering since JSON Schema property
order is not semantic — a later 'type' pass would overwrite the coercion
via the tail 'cleaned[key] = value' branch, and Gemini would still receive
an invalid declaration.

Move the type override out of the loop: track whether any enum/const was
coerced via a boolean flag, and force cleaned.type = 'string' after the
loop finishes. This makes the fix independent of input property order.

Also add curly braces around single-line ifs to satisfy check-lint
(eslint(curly)) which failed on the previous commit.

New reversed-order regression tests added.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(ai): preserve Gemini enum schema types

---------

Co-authored-by: leonme <leonme@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:34:31 -07:00
Peter Steinberger
2776bda1ea fix(checks): cover newly added files in the changed-format lane (#104771) 2026-07-11 16:29:25 -07:00
Artur
cc419f8f47 fix(telegram): prevent unlisted API calls from stalling delivery (#104526)
* fix(telegram): bound unlisted API requests

* test(telegram): prove unlisted request aborts

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:28:36 -07:00
RickLin
f0676a7a79 fix(cron): delete successful on-exit deleteAfterRun jobs (#104550)
* fix(cron): delete successful on-exit deleteAfterRun jobs

deleteAfterRun finalization was restricted to at schedules, so a successful
on-exit job with deleteAfterRun=true was retained as a disabled job instead
of being removed (the gateway exit watcher durably disables on-exit jobs
BEFORE firing as replay protection, and no later transition deleted them).
Successful delete-after-run now covers every one-shot schedule kind; the
pre-fire disable ordering is unchanged. Regression covers deletion on ok,
retention without the flag, and retention on failure through the same force
path the exit watcher fires.

Fixes #104518

* test(cron): prove durable on-exit finalization

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:26:43 -07:00
Peter Steinberger
7778663322 test(telegram): preserve projection fixture identities (#104777) 2026-07-11 16:26:26 -07:00
Yuval Dinodia
7cd2e482d1 fix(agents): lease session worktrees during runs (#103263)
* fix(agents): lease managed worktrees across a run with an exclusive removal claim

A resumed session's managed worktree could be removed mid-run by idle GC, a
separate remover, or a manual worktrees.gc, destroying in-flight work; a session
whose worktree was already removed was admitted anyway and ran without its
checkout.

Runs now take a shared run-lease and removal takes an exclusive claim, both held
as rows in the shared state_leases table so admission and removal serialize
through one BEGIN IMMEDIATE transaction. Lease rows carry an opaque token plus
pid and process start time; dead or reused-pid owners are pruned inside the same
transaction. Removal claims before any cleanliness or snapshot work and rejects
while a live run lease exists; a run releases only its own token. The worktree id
is resolved from the session binding or by containment over both the run cwd and
workspace dir, so a workspace-only child still leases. The git worktree lock is
retained as a secondary raw-Git guard and refcounted per process so a parent and
a same-process child do not unlock each other.

* fix(agents): serialize worktree git lock cleanup

* test(agents): seed worktree races in sqlite

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:26:22 -07:00
Peter Steinberger
724e90c3c8 feat(ui): redesign /btw side chat into a floating multi-turn panel (#104749)
* feat(ui): redesign /btw side chat into floating multi-turn panel

The inline BTW side-result card becomes a floating Side chat panel pinned
to the thread column: multi-turn conversation with markdown answers, a
follow-up input that carries the previous side answer as context, and
header actions to clear (retires the pending run) or close (conversation
and pending run survive; an arriving answer reopens the panel).

* fix(ui): carry prior side question in follow-ups; display typed question structurally

Review follow-ups: the /btw follow-up command now embeds both the previous
side question and answer (answers alone lose the referents), and the panel
shows the user's typed question via structured state (pending record
correlated by runId) instead of parsing a marker out of user-controlled
command text.

* fix(ui): stop pending side runs on clear and keep rejected follow-up drafts

Trash now sends a targeted chat.abort for the pending /btw run (the retire
set still suppresses its late events if the abort races), the follow-up
input is hidden while disconnected like other slash sends, and a rejected
detached send restores the typed follow-up into the panel input.

* test(ui): attach side-chat panel test container for restore assertion

* fix(ui): block side-chat follow-ups while pending; notify rejection on pre-send exits

A follow-up while a question is pending would retire the in-flight run and
silently drop its answer, so the panel input is disabled until the answer
lands. The rejection callback now fires on every non-accepted path of the
guarded detached send (early exits, guard dedupe, rejected acks), not just
rejected acknowledgements.

* fix(ui): render side-chat questions verbatim

Pending and turn questions are already display-ready (chat-send strips
composer commands, the server echo carries no /btw prefix, panel follow-ups
pass structured text); re-extracting corrupted questions that begin with a
command token.
2026-07-11 16:22:58 -07:00
Peter Steinberger
8fea7f5011 fix(docs): reject translated heading loss 2026-07-11 19:20:40 -04:00
Peter Steinberger
453c049ac8 test(telegram): table-drive funnel-parity chunk boundaries for streamed final pagination (#104760)
The behavior fix landed on main in #104608 (fe3884a7ad): draft-stream final
pagination now routes markdownSource previews through markdownToTelegramChunks,
the same chunker the durable reply funnel uses (delivery.replies.ts
buildChunkTextResolver), and the overflow-pagination golden was re-recorded on
safe boundaries there. This adds the missing parity regression coverage:
table-driven cases for mid-word, mid-entity, mid-tag, and fenced code-block
page boundaries assert the streamed pages equal the durable chunker's HTML
chunks exactly, and that retained/current page snapshots carry the durable
plainText projection so an HTML-parse 400 degrades both funnels identically.

Formatting proof: Testbox tbx_01kx9n9q7rksfxgr5baj0esw57 check:changed format
lane passed on this diff (local worktree has no node_modules for the hook).
2026-07-11 16:12:48 -07:00
llagy007
c059d7d062 fix(browser): refresh target after guarded existing-session actions (#104094)
* fix(browser): refresh target after guarded existing-session actions

* test(browser): isolate guarded target cases

* test(browser): mock safe replacement URL resolution

* fix(browser): refresh target after guarded evaluate

* style(browser): format guarded action matrix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:11:48 -07:00
Peter Steinberger
6852016b51 feat(ui): cron automation-ideas gallery and Create & run now in quick-create (#104761)
* feat(ui): cron automation-ideas gallery and Create & run now in quick-create

The cron page gains a curated automation-ideas gallery (six starter
automations that pre-fill the quick-create wizard with editable prompt,
name, schedule, and delivery presets); it stays expanded until the first
job exists, then collapses to a slim band. The quick-create wizard's
final step adds Create & run now, which chains cron.run (force) on the
job id returned by cron.add so a fresh automation shows output
immediately instead of waiting for its first scheduled tick.

Also hardens scripts/control-ui-i18n.ts against models wrapping JSON
replies in Markdown code fences.

Closes #104746

* chore(ui): regenerate locale bundles for cron suggestions strings

Generated via authenticated ui:i18n:sync (claude-sonnet-4-6) for the new
cron.suggestions/quickCreate keys; keeps the locale structural-alignment
gate green.

* fix(ui): deliver watchdog suggestion results via notify preset

Codex review: the night-watch idea promised alerts but pre-selected the
isolated preset, which maps to deliveryMode none, so results were never
delivered. Use notify and reword the prompt to an explicit one-line
verdict (renamed key so the locale pipeline retranslates).

* chore(ui): regenerate locale bundles for watchdog suggestion

* chore(ui): refresh raw-copy baseline after rebase
2026-07-11 16:10:00 -07:00
llagy007
4057d4b623 fix(browser): keep direct CDP version diagnostics (#104678) 2026-07-11 16:09:42 -07:00
NIO
c04c85b6f3 fix(mattermost): bound stalled inbound media header waits (#104575)
* fix(mattermost): bound stalled inbound media header waits

* test(mattermost): always close stalled media server

* test(mattermost): satisfy server cleanup lint

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:09:08 -07:00
Peter Steinberger
c3a8e60adc fix: doctor repairs Voice Call SQLite schema upgrades (#104752)
* fix(doctor): repair voice-call SQLite schema

* chore: keep release notes in PR body

* test(plugin-sdk): update public surface budget
2026-07-11 16:05:59 -07:00
Peter Steinberger
a4cd5625da fix(docs): localize visible MDX attributes 2026-07-11 19:03:01 -04:00
pick-cat
3d3796243f docs(gateway): add launchd supervisor loop troubleshooting (#89816)
* docs(gateway): add launchd supervisor loop troubleshooting

* docs(gateway): warn before disabling node LaunchAgent

* chore: trigger CI after rebase onto main

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs(gateway): modernize launchd recovery runbook

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:59:12 -07:00
Peter Steinberger
a68b4f4083 fix(docs): preserve fenced examples in translations 2026-07-11 18:58:37 -04:00
Josh Avant
793fe4bfc7 fix(android): require installed-apps disclosure consent (#97888)
* fix(android): require installed-apps disclosure consent

Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com>

* chore(android): sync native i18n inventory

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:56:12 -07:00
Peter Steinberger
08498f9828 ci: pass frozen UI test options to Vitest (#104758) 2026-07-11 15:54:44 -07:00
Vincent Koc
266d49cddb fix(codex): migrate legacy session ownership to sqlite 2026-07-12 06:50:30 +08:00
Vincent Koc
b4db960616 fix(codex): converge retained raw binding rows 2026-07-12 06:50:30 +08:00
Vincent Koc
8955f17f12 fix(codex): use shared binding fingerprint helper 2026-07-12 06:50:30 +08:00
Vincent Koc
6b688011ba fix(codex): bound legacy binding fingerprints 2026-07-12 06:50:30 +08:00
Eva
54995af3ae fix(codex): bound app-server binding fingerprints 2026-07-12 06:50:30 +08:00
xingzhou
8c98832a85 fix(mcp): reject hexadecimal timeout options (#104633) 2026-07-11 15:50:21 -07:00
xingzhou
4a0086d085 fix(sessions): prevent corrupted Unicode in persisted tool details (#104540)
* fix(sessions): prevent corrupted Unicode in persisted tool details

* test(sessions): consolidate UTF-16 persistence coverage

* test(sessions): build redaction fixture from placeholder

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:49:43 -07:00
computment
088a9dc335 fix(discord): refresh model picker after default changes (#104635)
* fix(discord): refresh model picker component config

* test(discord): model full hot-reload snapshot state

* fix(discord): keep pending model selection stable

* fix(discord): stabilize recent model actions

---------

Co-authored-by: compoodment <compoodment@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:34 -07:00
NianJiu
da6a24d7dc fix(reply): prevent hung pre-delivery hooks from blocking lanes (#104256)
* fix(reply): bound pre-delivery hook settlement

* test(plugins): preserve hook timeout fixtures

* fix(reply): preserve declared pre-delivery budgets

* chore(reply): finalize pre-delivery recovery

* fix(reply): preserve per-final recovery semantics

* fix(reply): guard pending-final settlement identity

* test(reply): align pending-final store fixture

* fix(reply): bind settlement to originating intent

* test(reply): satisfy timeout fixture lint

* chore(plugin-sdk): refresh rebased baseline

* fix(reply): preserve normalized retry ownership

* fix(reply): narrow pending retry metadata

* fix: align reply dispatch state access

* chore(plugin-sdk): refresh rebased surface baseline

* test(reply): align rebased accessor assertion

* chore(plugin-sdk): regenerate drifted API baseline

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:15 -07:00
chengzhichao-xydt
aa8f78788c fix(agents): keep failover detail truncation UTF-16 safe (#104487)
* fix(agents): keep failover detail truncation UTF-16 safe

Replace raw .slice(0, MAX_FAILOVER_DETAIL_CHARS) with truncateUtf16Safe
so provider error details containing emoji or other non-BMP characters
are not split at a surrogate-pair boundary before failover classification.

Adds a regression test via extractFailoverSignalDetails.

* test(agents): tighten failover UTF-16 coverage

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:43:52 -07:00
Peter Steinberger
1bd4887a5e fix(state): guide forward-schema recovery (#104751) 2026-07-11 15:43:42 -07:00
Peter Steinberger
50dd2db020 fix(process): preserve Unicode in captured output tails (#104754)
Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>
2026-07-11 15:43:16 -07:00
Peter Steinberger
94faf4d789 feat(ui): lobster pet rarely fills in for the sidebar brand logo (#104748)
On rare page loads (seeded, ~12%, once per load) the sidebar pet's first
scheduled visit perches in the brand-logo slot instead of the footer
ledge: the static mark crossfades out and the live sprite (palette,
build, accessory, blink) settles in, then departs and the logo returns.
One crab, two homes - never both at once. Offline/busy recalls the
stand-in to ledge duty; rides the existing visit scheduler and the
lobsterPetVisits setting, so no new config surface. Reduced motion keeps
the swap static.
2026-07-11 15:38:59 -07:00
Peter Steinberger
f09c709532 fix(nodes): preserve MCP hot-plug pairing (#104745)
* fix(nodes): preserve MCP hot-plug pairing

Fixes #104743

* chore: defer node MCP release note
2026-07-11 15:37:43 -07:00
Vyctor H. Brzezowski
2833eeece1 fix(ui): overlay chat scroll-to-bottom button (#104744) 2026-07-11 19:36:49 -03:00
xingzhou
2077ebe8b4 fix(exec): long retained process output corrupts boundary emoji (#104531)
* fix(process): preserve Unicode in captured output tails

* test(process): consolidate captured output coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:35:59 -07:00
NianJiu
b5bea9073d fix: recover Android permission request timeouts (#103011)
* fix(android): recover permission request timeouts

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* chore(android): sync native i18n inventory

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
2026-07-11 15:35:41 -07:00
Peter Steinberger
ce671c3513 ci: honor frozen target tool versions (#104740) 2026-07-11 15:35:05 -07:00
NIO
6c87afa7ca fix(gateway): keep worker bootstrap failure details UTF-16 safe (#104619)
* fix(gateway): keep worker bootstrap failure details UTF-16 safe

* test(gateway): isolate bootstrap diagnostic boundary

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:35:01 -07:00
Vincent Koc
52f88473d9 fix(memory): isolate qmd fallback service hosts 2026-07-12 06:33:57 +08:00
Vincent Koc
a7f021d5a7 fix(memory): scope cached managers by service host 2026-07-12 06:33:57 +08:00
Vincent Koc
1b0a34c9a9 fix(memory): default optional local service hook 2026-07-12 06:33:57 +08:00
Vincent Koc
c1e70b9a7f refactor(plugin-sdk): inject memory local service per call 2026-07-12 06:33:57 +08:00