Commit Graph

66940 Commits

Author SHA1 Message Date
wings1029
63859f73e6 fix(codex): preserve Unicode diagnostics boundaries (#103740)
* fix(codex): preserve Unicode diagnostics boundaries

Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test(codex): assert diagnostics preview boundary

* test(codex): narrow diagnostics result text

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:45:57 +01:00
Peter Steinberger
fef5c61a3c docs(gateway): document restart and crash recovery behavior (#103985)
* docs(gateway): document restart and crash recovery behavior

* chore(docs): allowlist intentional command:nwe hook example in spellcheck
2026-07-11 00:44:16 +01:00
Peter Steinberger
6d39ec5152 feat(ui): collapse session PR chips and add a CI monitoring popover (#103853)
* feat(ui): collapse session PR chips and add a CI monitoring popover

* chore(i18n): translate session PR chip strings

* docs(gateway): note Control UI contract shapes ship in lockstep

* chore(i18n): regenerate locale bundles after rebase
2026-07-11 00:37:06 +01:00
Peter Steinberger
2f9cb92006 fix(tasks): show registry restore errors in console (#103976) 2026-07-11 00:10:14 +01:00
wings1029
9bfecf46ee fix(acpx): preserve Unicode in wrapper diagnostics (#103738)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:06:14 +01:00
xingzhou
babc287afe fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads

* fix(slack): scope external upload timeout

* fix(slack): restrict external upload transport

* fix(slack): restrict external upload transport

* fix(slack): preserve external upload retry safety

* test(slack): use compatible guarded fetch runtime

* test(plugin-sdk): update public export baseline

* fix(slack): harden external upload delivery

* refactor(slack): isolate upload completion

Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.

* fix(slack): refresh upload release metadata

* chore(slack): leave release notes release-owned

* fix(slack): classify failed uploads before completion

* fix(slack): keep upload completion untimed

* test(plugin-sdk): refresh public export baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:52:35 +01:00
Bek
91ac7ca700 fix(tasks): repair legacy delivery statuses (#103946)
* fix(tasks): repair legacy delivery statuses

* docs(changelog): note task state migration repair

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:49:22 +01:00
Peter Steinberger
98902c790f fix(macos): preserve launchd gateway during port sweep (#103972) 2026-07-10 23:46:30 +01:00
Peter Steinberger
a0354e5243 fix(onboarding): make fresh AI setup reliable and transparent (#103962)
* fix(onboarding): harden inference setup

* fix(mac): preserve setup request cancellation

* test(crestodian): align setup audit expectation

* test(crestodian): cover approval persistence warning

* fix(crestodian): preserve setup credentials and success

* chore(pr): leave changelog to release flow

* fix(onboarding): repair native CI gates
2026-07-10 23:44:53 +01:00
Peter Steinberger
49941fab6d fix(ci): keep hydrate-github pnpm shims writable (#103971) 2026-07-10 23:36:10 +01:00
qingminlong
4f1f7c6fb0 fix(nodes): resolve Unicode browser node names when configured by display name (#103548)
* fix-nodes-unicode-browser-node-names

* fix(nodes): preserve compact browser node selectors

* fix(nodes): normalize unicode node names canonically

* fix(nodes): scope compact browser selectors

* fix(nodes): preserve meaningful unicode marks

* chore: leave changelog updates to release automation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:32:28 +01:00
soldforaloss
0e0c922cc5 fix: preserve current Node for node.exe env wrappers (#103907)
* fix: preserve current Node for node.exe env wrappers

* fix(scripts): preserve Windows Node aliases

* chore: keep contributor PR release-note only

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:30:57 +01:00
lsr911
9dee9ebffa fix(qa-lab): use truncateUtf16Safe for tool search gateway and mock OpenAI text truncation (#103219)
* fix(qa-lab): use truncateUtf16Safe for tool search and mock OpenAI text truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- tool-search-gateway.fixture.ts: 4 sites (provider input snippet,
  tool output snippet, gateway output text for normal/code lanes)
- mock-openai/server.ts: 1 site (tool output evidence snippet)

LLM output text may contain non-BMP characters (emoji, CJK
extension characters). Naive .slice(0, N) at a surrogate pair
boundary produces a lone surrogate.

Co-Authored-By: Claude <noreply@anthropic.com>

* test: add proof script for qa-lab UTF-16 safe truncation at all boundaries

* test(qa-lab): integrate UTF-16 boundary coverage

Co-authored-by: lsr911 <liao.shirong@xydigit.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:26:42 +01:00
Vincent Koc
b0e3c85a61 fix(release): bind publish children to trusted SHAs (#103913)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:25:26 +01:00
Vincent Koc
b1e688c657 fix(release): consume Kova model contract (#103966) 2026-07-10 15:17:15 -07:00
Peter Steinberger
53bcdf8fe2 fix(signal): drain accepted messages on shutdown (#103967) 2026-07-10 23:15:04 +01:00
SunnyShu
90250dcc9a fix(auth): repair stale orders and token health rollups (#98105)
* fix(auth): preserve token health after OAuth migration

After a user migrates from OAuth to a token/setup-token credential, the
gateway model-auth rollup reported the provider as missing, producing a
false "model auth expired" warning.

Rename aggregateOAuthStatus → aggregateRefreshableAuthStatus and
extract aggregateProfileStatus helper. OAuth remains authoritative when
present; token credentials are the fallback when no effective OAuth
profile exists. Empty effectiveProfiles stays authoritative (missing).
Token fallback applies regardless of expectsOAuth flag.

Fixes #97996

Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>

* test(auth): use fake token fixture

* fix(doctor): repair stale auth profile orders

* fix(doctor): inspect retained auth profile stores

* fix(doctor): harden retained auth store proof

---------

Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:11:01 +01:00
xingzhou
4257875448 fix(qa-lab): keep saved view text truncation UTF-16 safe (#103789)
* fix(qa-lab): keep saved view text truncation UTF-16 safe

* refactor(qa-lab): use semantic truncation helper

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:10:53 +01:00
Peter Steinberger
3f402f2c48 fix(telegram): suppress replies superseded during adoption (#103965)
* fix(telegram): preserve supersession through async adoption

* fix(auto-reply): stop superseded queued turns after adoption

* test(telegram): use dispatcher delivery return type
2026-07-10 23:10:05 +01:00
Peter Steinberger
42c80df6f5 docs(node): clarify headless identity and pairing state (#103964)
* docs(node): clarify headless identity storage

* docs: refresh node identity heading map
2026-07-10 22:55:45 +01:00
xingzhou
6f6c802ea5 fix(infra): keep restart log tails UTF-16 safe (#103757) 2026-07-10 22:50:25 +01:00
Vincent Koc
022dd9dc27 fix(release): unblock Meta npm bootstrap publication (#103951)
* fix(release): isolate Meta npm bootstrap

* test(release): assert OIDC npm version guard
2026-07-10 14:50:00 -07:00
Peter Steinberger
c3cd3a15d1 fix(nodes): correct system.which examples (#103960) 2026-07-10 22:45:54 +01:00
Vincent Koc
c5bdd64442 fix(telegram): detach adopted turns from reply fence (#103952) 2026-07-10 14:36:46 -07:00
Peter Steinberger
d92d5774f5 fix(node): report Mac exec policy defaults (#103945) 2026-07-10 22:07:44 +01:00
Peter Steinberger
4cb9cc689e fix(maint): avoid stale PR sync evidence (#103944) 2026-07-10 22:05:23 +01:00
Peter Steinberger
1b1120a69d fix(feishu): prevent duplicate content in streaming cards (#103915)
* fix(feishu): keep streaming card snapshots authoritative

Co-authored-by: Jun Ma <hpumajunhappy@163.com>

* refactor(feishu): use current snapshot as retry source

* fix(feishu): validate CardKit response bodies

* fix(feishu): keep close summaries accepted

* test(feishu): simplify close rejection state proof

* test(feishu): match normalized close summary

---------

Co-authored-by: Jun Ma <hpumajunhappy@163.com>
2026-07-10 22:05:18 +01:00
mushuiyu886
c52f660da0 fix(ui): preserve Unicode boundaries in config diffs (#103908) 2026-07-10 22:04:40 +01:00
Peter Steinberger
b5f3fe900f fix(release): pack local AI runtime for release checks (#103941) 2026-07-10 21:59:59 +01:00
Peter Steinberger
d395a8e6ec docs(pairing): correct setup-code expiry payload (#103943) 2026-07-10 21:58:28 +01:00
pick-cat
997a564c28 fix(agents): apply stale-run liveness check to aborted subagent orphan recovery (#90817)
* fix(agents): apply stale-run liveness to aborted subagent orphan recovery

Skip stale unended subagent runs during orphan recovery and registry
restore, even when they carry abortedLastRun. Previously, restart-aborted
runs were exempt from the stale-unended age check, allowing hours-old
aborted child sessions to be resurrected after long downtime.

Fixes #90766

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(agents): finalize stale aborted runs instead of only skipping them

Previously the stale-run check in recoverOrphanedSubagentSessions only
incremented the skipped counter. Stale active runs were left unended
because scheduleOrphanRecovery only retries failedRuns, not skipped runs.

Now stale runs are finalized via finalizeInterruptedSubagentRun so they
don't remain orphaned in the registry.

Ref: #90766 review feedback

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(agents): await stale-run finalization in orphan recovery

Await finalizeInterruptedSubagentRun for stale aborted runs and report
failedRuns when finalization does not update the registry, so the
scheduler retry path can recover from finalization failures.

Co-authored-by: Cursor <cursoragent@cursor.com>

* test(agents): faithful restart-path proof for stale orphan recovery

Drive the real recoverOrphanedSubagentSessions against the real subagent
registry, the real isStaleUnendedSubagentRun policy, and a real on-disk
session store, mocking only the outbound gateway transport and transcript
reader. Proves finalizeInterruptedSubagentRun actually ends the stale
aborted run in the registry (endedAt set, outcome error) instead of
resuming it, while a fresh aborted run still resumes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: amend author email

* fix(agents): scope orphan finalization to run generation

* fix(agents): preserve stale restart recovery ownership

* test(agents): isolate restart recovery scheduling

* fix(agents): make stale restart finalization durable

* fix(agents): keep stale retries generation-scoped

* test(agents): await restart recovery scheduling

* fix(agents): verify interrupted finalization

* fix(agents): defer interrupted finalization during restart

* fix(agents): preserve lifecycle type narrowing

* style(agents): use nonmutating recovery ordering

* chore: keep release note in PR body

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 21:56:57 +01:00
Peter Steinberger
b81cc598bf fix(cli): run remote node commands through bundled MCP (#103936)
* fix(cli): expose node exec to bundled MCP

* fix(cli): preserve MCP exec run context

* fix(gateway): honor sender policy for CLI node exec

* fix(cli): bind canonical sender policy identity

* fix(gateway): bind CLI node exec policy context

* fix(cli): type policy provenance inputs

* fix(cli): preserve elevated node exec policy

* fix(cli): preserve spawned policy provenance

* chore: keep release note in PR
2026-07-10 21:51:34 +01:00
Peter Steinberger
9b1c36d23c fix: prevent exec approval revocation races (#103515)
* fix(security): serialize exec approval mutations

* fix(security): preserve additive approval writes

* test(cli): expect normalized approval shape

* fix(security): preserve exec approval compatibility

* test(security): exercise locked approval initialization

* test(security): mock serialized approval helpers

* test(exec): derive enforced command path from plan

* fix(gateway): always return approval CAS conflicts

* fix(macos): serialize exec approvals writes

* fix(security): repair approval build errors

* fix(security): serialize exec approval mutations

* fix(security): fail closed on approval persistence errors

* test(security): cover detached approval persistence failures

* fix(security): harden exec approval state

* style(macos): format exec approval sources

* fix(security): complete exec approval hardening

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(macos): preserve approved login-shell semantics

* fix(macos): keep login shell approvals one-shot

* fix(security): linearize exec authorization

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(security): preserve durable approval basis

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(security): bind exec grants to current policy

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* test(security): fix exec revocation fixtures

* test(security): align gateway approval fixtures

* fix(macos): return approval decisions

* chore(i18n): sync native approval strings

* test(security): align approval hardening fixtures

* test(node): authorize completed event fixture

* test(security): fix approval decision fixtures

* test(security): await durable approval visibility

* fix(exec): preserve concurrent approval grants

* fix(exec): address exact-head CI failures

* fix(exec): preserve concurrent approval promotions

* fix(exec): make Swift shutdown state explicit

* test(macos): handle approval read failures

* fix(macos): harden approval socket paths

* fix(macos): preserve exact shell payload bytes

* test(macos): make approval fixtures explicit

* test(macos): fix approval suite compilation

* fix(macos): bound approval socket JSONL reads

* chore: move exec approval note to release process

* chore: move exec approval note to release process

---------

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
2026-07-10 21:35:05 +01:00
Vincent Koc
54cc90b1b1 fix(release): publish ClawHub bootstrap artifacts immutably (#103809)
* fix(release): harden ClawHub bootstrap

* fix(release): centralize publication artifact verification

* fix(release): harden publication artifact verification

* fix(release): lock ClawHub bootstrap toolchain

* test(release): assert locked ClawHub binary

* fix(release): pack with trusted ClawHub harness

* fix(release): bound beta verifier artifact reads

* fix(release): bind target and tooling identities

* fix(release): stabilize signed package ordering

* fix(release): bind ClawHub pretag proof

* fix(release): bind ClawHub OIDC readback

* fix(release): bind ClawHub OIDC readback
2026-07-10 13:33:20 -07:00
Peter Steinberger
941bbec619 fix(cli): keep owner tools in local agent runs (#103922)
* fix(cli): preserve owner tools for local agent runs

* chore: leave changelog to release automation
2026-07-10 21:31:32 +01:00
Vincent Koc
99e1a6081b fix(gateway): restore suspension validation (#103925) 2026-07-10 13:20:45 -07:00
Josh Avant
5dffe21a12 fix(agents): preserve provider replay signatures (#103628) 2026-07-10 15:13:50 -05:00
Peter Steinberger
615a5bdb7e fix(i18n): add Meta docs glossary terms (#103923) 2026-07-10 21:10:05 +01:00
Peter Steinberger
72e6fcab8a fix(qa-matrix): preserve Unicode error previews (#103909)
Co-authored-by: lsr911 <liao.shirong@xydigit.com>
2026-07-10 20:58:38 +01:00
Peter Steinberger
1bcc4c5e70 feat(gateway): add cooperative host suspension (#103618)
* feat(gateway): add cooperative suspension preparation

* style: satisfy suspension lint checks

* test(gateway): reset work admission between shared suites

* fix(gateway): reject upgrades during suspension

* fix(gateway): preserve admitted work during suspension

* test(gateway): isolate suspension and restart state

* fix(gateway): close suspension false-ready gaps

* refactor(protocol): slim suspension declaration graph

* refactor(plugin-sdk): sever protocol registry edges

* fix(gateway): preserve admitted restart follow-ups

* fix(gateway): make suspension recovery fail closed

* fix(protocol): keep validation formatter re-export only

* test(gateway): simplify deferred fixture type

* style(gateway): clarify suspension entry name

* fix(gateway): retain detached work admission
2026-07-10 20:24:53 +01:00
Peter Steinberger
fece8c9f54 fix(release): keep validation evidence immutable across reruns (#103906)
* fix(release): bind validation evidence to exact attempts

* test(release): cover exact validation attempts
2026-07-10 20:16:19 +01:00
Peter Steinberger
e1934d968e fix(nodes): stop advertising a disabled browser proxy (#103894)
* fix(nodes): hide disabled browser proxy capability

* chore: defer node fix changelog to release

* chore: ratchet plugin SDK surface budget
2026-07-10 20:06:53 +01:00
Vincent Koc
69f8198ba3 fix(release): keep no-push Docker images validation-only (#103891)
* fix(release): make no-push Docker artifacts portable

* fix(release): keep no-push images validation-only
2026-07-10 12:02:57 -07:00
pick-cat
fd5b121510 fix(terminal): strip no-argument C1 CSI sequences in sanitization (#103707)
* fix(terminal): strip no-argument C1 CSI sequences in sanitization

* test(agents): align shell-utils incomplete ANSI assertion with C1 CSI sanitization

* fix(terminal): parse CSI sequences without leaking output

* fix(terminal): preserve stripAnsi callback contract

* fix(terminal): sanitize Codex approval previews

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:57:14 +01:00
Peter Steinberger
5a48e73973 fix(macos): duplicate launches open SSH tunnels before handoff (#103892)
* fix(macos): gate tunnels behind singleton launch

* chore(macos): leave changelog to release workflow

* chore(macos): sync native i18n inventory
2026-07-10 19:54:04 +01:00
Peter Steinberger
7af7e41eed fix(ui): stop the worktrees table from always stacking inside settings (#103899) 2026-07-10 19:46:37 +01:00
Peter Steinberger
92f3c35ee9 fix(cron): keep Unicode list columns aligned (#103889)
* refactor(cron): size table cells by display width

* docs(changelog): credit cron table fix

* fix(cron): sanitize Unicode table cells

* test(cron): cover fitting ZWJ table cells

* refactor(cron): format table cells consistently
2026-07-10 19:46:26 +01:00
Vincent Koc
2a1d6e49d5 fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness

* fix(ci): restrict trusted Telegram QA candidate

* fix(ci): isolate trusted Telegram QA candidate

* fix(ci): harden Telegram QA process boundary

* fix(ci): pass Telegram QA release gates

* test(qa): stub Telegram env explicitly

* fix(ci): harden Telegram release QA boundary

* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
Peter Steinberger
7a38f140a2 fix(node): approved local commands no longer fail identity validation (#103886)
* fix(node): preserve approval replay identity

* docs(node): explain replay identity boundary

* fix(node): reuse persisted replay identity

* chore(release): leave changelog to release automation
2026-07-10 19:31:11 +01:00
Vincent Koc
b56bad33f2 fix(logging): redact Telegram tokens across chunk boundaries (#103861) 2026-07-10 11:20:46 -07:00