Commit Graph

66940 Commits

Author SHA1 Message Date
Vincent Koc
01b9c428aa chore(i18n): reconcile native locale inventory 2026-07-12 13:45:20 +08:00
Vincent Koc
78d142e84f fix(i18n): scan typed fallback copy 2026-07-12 13:45:20 +08:00
Vincent Koc
b3fb295e94 fix(i18n): preserve localized helper inventory 2026-07-12 13:45:20 +08:00
Vincent Koc
484c3a18b2 fix(i18n): validate native locale artifacts 2026-07-12 13:45:20 +08:00
Vincent Koc
9b5fbee3b0 fix(ui): localize usage views 2026-07-12 13:45:11 +08:00
Vincent Koc
77207c9784 fix(ui): localize channel and session views 2026-07-12 13:45:11 +08:00
Vincent Koc
27da133957 fix(ui): localize chat surfaces 2026-07-12 13:45:11 +08:00
Vincent Koc
0faeb8e9c3 fix(ui): localize cron and workboard controls 2026-07-12 13:45:11 +08:00
Vincent Koc
65f8e27900 fix(ui): localize plugins and skills 2026-07-12 13:45:11 +08:00
Vincent Koc
ca5195418b fix(ui): localize configuration and node controls 2026-07-12 13:45:11 +08:00
Vincent Koc
b9f6cae6bc fix(ui): localize agent controls 2026-07-12 13:45:11 +08:00
Vincent Koc
eb4e3b2472 fix(ui): localize shared preview controls 2026-07-12 13:45:11 +08:00
Vincent Koc
c90ca4e968 fix(ui): add remaining localization source copy 2026-07-12 13:45:11 +08:00
Peter Steinberger
05e95b7b45 fix: hide external files from the session workspace rail (#105015)
* fix(ui): hide external files from workspace rail

Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>

* chore: leave release notes to release workflow

---------

Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>
2026-07-12 06:42:49 +01:00
Ayaan Zaidi
47ce757c0f fix(auto-reply): adopt the target run slot when command turns continue into agent turns
Native command turns keep #104144 source-keyed admission, but a turn that
continues into a full agent turn (/steer fallback, /goal, /learn, unhandled
body) now moves its reservation and lifecycle lease to the target session
before running. Concurrent target inbounds see the owner and queue/steer
instead of double-admitting and splitting the session into two conversation
families; steering also targets the registered run owner instead of a stale
source-keyed reservation.

Fixes #104844
2026-07-12 11:12:04 +05:30
pick-cat
3c7edce61e fix(codex): preserve UTF-16 pairs in tool output delta truncation (#104116)
* fix(codex): preserve UTF-16 pairs in tool output delta truncation

* chore: trigger CI re-run

* test(codex): add UTF-16 safety regression test for progress message cap

* chore: trigger CI re-run

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): tighten UTF-16 progress regression

* test(codex): match progress label

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 06:40:48 +01:00
thomas.szbay
4dfffeb4ce fix(infra): bound ed25519 base64url decode input length (#104921) 2026-07-12 06:39:35 +01:00
Vincent Koc
8f8b44a3ce fix(qa): isolate plugin tools MCP smoke 2026-07-12 07:37:47 +02:00
Peter Steinberger
d14bb8ec44 fix: resume replay-safe work after gateway restarts (#104997)
* fix: resume replay-safe work after gateway restart

* chore: leave restart note to release process

* fix: sync restart recovery protocol artifacts
2026-07-12 06:37:22 +01:00
Peter Steinberger
096cb91175 feat(tooling): enforce noUncheckedIndexedAccess in core and ui lanes (NUIA phase 3c) (#104981)
* fix(ui): make indexed access explicit across the Control UI

Burns down all 322 ui-lane noUncheckedIndexedAccess errors: untrusted
markdown/diff/patch parsing gets miss-tolerant guards (renderer rules
degrade to empty output instead of throwing mid-render), accumulators
use canonical sparse initialization, DOM lookups stay null-guarded, and
length-checked constructions carry named invariants.

* feat(tooling): enforce noUncheckedIndexedAccess in the core and ui lanes

Flips the flag on for tsconfig.core.json and tsconfig.ui.json (covering
src, all packages including the two deferred ones, and ui) and retires
the strict-ratchet lane wholesale: config, script, projects reference,
check/CI wiring, changed-lane routing, and sync test. The assertion-ban
oxlint override stays as an independent surface.
2026-07-12 06:36:36 +01:00
Peter Steinberger
a40e43e46e feat(mac): redesign the menu bar critter to match the mascot (#104846)
* feat(mac): redesign menu bar critter to match the mascot

* fix(mac): draw happy-eye arcs upward and guard stale celebration expiry

* docs(mac): update menu bar icon states for critter redesign

* fix(mac): own celebration expiry with a start-only generation counter

* fix(mac): give voice-wake antennae real headroom at 18pt
2026-07-12 06:35:02 +01:00
Peter Steinberger
176647aa84 ci: gate frozen QA smoke by capability (#105006) 2026-07-12 06:32:26 +01:00
dependabot[bot]
33da64c5d0 build(deps): bump the android-deps group across 1 directory with 4 updates (#104807)
Bumps the android-deps group with 4 updates in the /apps/android directory: [gradle-wrapper](https://github.com/gradle/gradle), [io.kotest:kotest-assertions-core-jvm](https://github.com/kotest/kotest), [io.kotest:kotest-runner-junit5-jvm](https://github.com/kotest/kotest) and [com.google.devtools.ksp](https://github.com/google/ksp).


Updates `gradle-wrapper` from 9.4.1 to 9.6.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](https://github.com/gradle/gradle/compare/v9.4.1...v9.6.1)

Updates `io.kotest:kotest-assertions-core-jvm` from 6.2.1 to 6.2.2
- [Release notes](https://github.com/kotest/kotest/releases)
- [Commits](https://github.com/kotest/kotest/compare/6.2.1...6.2.2)

Updates `io.kotest:kotest-runner-junit5-jvm` from 6.2.1 to 6.2.2
- [Release notes](https://github.com/kotest/kotest/releases)
- [Commits](https://github.com/kotest/kotest/compare/6.2.1...6.2.2)

Updates `io.kotest:kotest-runner-junit5-jvm` from 6.2.1 to 6.2.2
- [Release notes](https://github.com/kotest/kotest/releases)
- [Commits](https://github.com/kotest/kotest/compare/6.2.1...6.2.2)

Updates `com.google.devtools.ksp` from 2.3.9 to 2.3.10
- [Release notes](https://github.com/google/ksp/releases)
- [Commits](https://github.com/google/ksp/compare/2.3.9...2.3.10)

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: android-deps
- dependency-name: io.kotest:kotest-assertions-core-jvm
  dependency-version: 6.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: android-deps
- dependency-name: io.kotest:kotest-runner-junit5-jvm
  dependency-version: 6.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: android-deps
- dependency-name: io.kotest:kotest-runner-junit5-jvm
  dependency-version: 6.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: android-deps
- dependency-name: com.google.devtools.ksp
  dependency-version: 2.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: android-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-12 06:30:17 +01:00
Peter Steinberger
23d4e48172 fix: harden live updater snapshot recovery (#105007)
* fix(updater): harden snapshot recovery

* fix(updater): avoid snapshot code execution
2026-07-12 06:29:41 +01:00
thomas.szbay
a9e2b06812 fix(nextcloud-talk): align supported message actions (#104906)
Nextcloud Talk's supportsAction advertised support for all non-send
actions (including delete, pin, edit, read), but the handler only
implements 'react'. Unsupported actions passed the dispatcher boundary
check only to fail inside the handler.

This aligns supportsAction with actual implementation, matching the
pattern from PR #104788 (Signal adapter fix).
2026-07-12 06:28:07 +01:00
WhatsSkiLL
604c026409 fix(android): keep session search in context (#104792)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-12 06:27:07 +01:00
Vincent Koc
f696430fd8 refactor(tts): split complex command handlers (#105005) 2026-07-12 13:23:27 +08:00
Peter Steinberger
36da65d050 fix(tests): relocate provider auth-literal parity test outside core source (#104995)
The parity test loaded the test-only bundled-plugin public-surface
helper from src/plugins, which the extension-test boundary forbids for
core source files; every PR touching the build-artifacts shard now
fails. Moving it to test/plugins keeps the dynamic-import lane
protection and passes both the boundary and parity suites.
2026-07-12 06:20:30 +01:00
RickLin
4cfe0077ff fix(models): redact synthetic auth credentials from models status --json (#104734)
The provider auth overview passed the caller's synthetic-auth object
through to the JSON payload. Status hands it the full runtime shape,
which also carries the raw credential, so structural typing let live
API keys/tokens ship in a diagnostic surface (#104713). Re-project to
the declared value/source fields at the overview boundary.

Fixes #104713
2026-07-12 06:20:28 +01:00
Peter Steinberger
3d9b912b88 feat: sidebar session state slot, worktree/automation badges, archive disables bound cron jobs (#104730)
* feat(gateway): flag sessions with attached automations and disable bound cron jobs on archive

Session rows now carry hasAutomation, derived from a lifecycle-owned index
over the cron service's in-memory jobs; cron events push refreshed rows so
badges stay live. sessions.patch { archived: true } disables enabled cron
jobs bound to the session (locked binding re-check, internal/operator-admin
callers only); restore intentionally does not re-enable them.

Refs #104700

* feat(ui): sidebar session state slot and worktree/automation badges

The run spinner moves into a leading state slot shared with the unread dot,
keeping the timestamp visible during runs; muted fork/clock badges sit after
the title (outside the trail/action overlap so pinned rows and touch devices
keep them). New strings localized via ui:i18n:sync (English fallback pending
a keyed translation run).

Refs #104700

* test(gateway): pin cron binding broadcast test to the event mechanism

The shard shares one process; session-store state from earlier tests can make
the row load return null, which legitimately produces a keyless refresh
payload. Row-field projection stays covered by session-utils and
session-automation-index tests.
2026-07-12 06:19:01 +01:00
Vincent Koc
a2c2c5576e fix(qa): restore OpenAI web search smoke 2026-07-12 07:17:48 +02:00
Vincent Koc
66cd7b1f4c refactor(acp): share runtime option action handling (#104998) 2026-07-12 13:13:31 +08:00
Vincent Koc
da78d6f2a5 chore(i18n): reconcile native locale artifacts 2026-07-12 13:12:45 +08:00
github-actions[bot]
0a957a265e chore(i18n): refresh native locales 2026-07-12 13:12:45 +08:00
Vincent Koc
dc6b447c07 fix(release): verify named backport provenance 2026-07-12 13:12:30 +08:00
Vincent Koc
16d9ef5848 refactor(tasks): centralize managed flow mutations (#104994) 2026-07-12 13:11:03 +08:00
Peter Steinberger
b163dbb97d ci: harden current and frozen release checks (#104956)
* test(qa): wait for complete process pid fixture

* style(qa): format pid readiness predicate

* test(sqlite): allow schema version pragma

* ci: install target playwright for frozen UI checks
2026-07-11 22:08:49 -07:00
Vincent Koc
b67417909b refactor: remove dead core and extension exports (#104963)
* refactor(agents): remove obsolete exec eligibility helper

* refactor(diffs): internalize viewer-only state

* refactor(qa-lab): internalize implementation helpers
2026-07-12 13:06:23 +08:00
Vincent Koc
dd084b29dd fix(tasks): make registry reads index-safe (#104990) 2026-07-12 13:05:51 +08:00
Vincent Koc
2ff8fcab07 refactor(agents): share top-level resource collection (#104988) 2026-07-12 13:05:34 +08:00
Sally O'Malley
f3971bbd56 feat(mcp): support sandboxed MCP Apps (#69039)
Implement stable opt-in MCP Apps negotiation, caller-specific tool
visibility, bounded ephemeral UI resources, a dedicated-origin double
iframe host, restrictive CSP, configuration, docs, and regression tests.

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Sally O'Malley <11166065+sallyom@users.noreply.github.com>
2026-07-11 22:04:38 -07:00
Peter Steinberger
dd5928711a feat(ui): fold Skills and Skill Workshop into a Plugins hub (#104834)
* feat(ui): fold Skills and Skill Workshop into a Plugins hub

One sidebar entry (Plugins) now covers plugins, skills, and skill-workshop
routes via a shared hub tab strip (Installed / Discover / Skills / Workshop).
Routes and URLs are unchanged; /settings/plugins gains ?tab= deep links and
the sidebar highlights Plugins for all hub routes.

Also latches Skill Workshop proposal loading so updated() no longer re-kicks
loads while one is pending or after one fails - the early-return finally
used to spin the page at 100% CPU whenever skills.proposals.list stalled.

* feat(mock): plugin catalog and skill-workshop fixtures for the mock harness

* docs(web): describe the Plugins hub tabs in the Control UI guide

* test(ui): backfill initialTab in plugins route-data fixtures

* fix(ui): review fixes for the plugins hub

- plugins route declares loaderDeps on the ?tab= param so query-only
  navigation and back/forward re-run the loader instead of reusing the
  cached match with the previous tab
- catalog tab clicks navigate so the URL and history stay in sync with
  the documented ?tab=discover deep link (local switch stays instant)
- skill-workshop error banner gains a Try again button so a transient
  proposals-list failure is recoverable without remounting the route

* fix(ui): restore the Installed tab on bare plugins URLs in history navigation

* fix(ui): manual-activation hub tablist with cross-route focus hand-off

Arrow keys only move focus now; activation stays on click/Enter so arrowing
can never unmount the strip under the user's focus. Keyboard activation of a
cross-route tab hands focus to the destination strip's active tab, and the
hub-route set uses a Set per lint.

* fix(ui): defer hub-tab focus reclaim until the strip is connected

* fix(ui): skip focus recovery for same-tab hub activation

* docs(css): note the hub-panel flex ownership for the workshop board

* fix(ui): adapt hub test to retired Overview route

* chore(i18n): sync locale bundles for the plugins hub keys

* docs(map): regenerate for the plugins hub section
2026-07-11 22:03:38 -07:00
Peter Steinberger
2263272a32 fix(updater): build snapshot control client safely (#104964) 2026-07-11 22:02:50 -07:00
Peter Steinberger
4b82e1af19 test(plugins): move auth parity integration coverage (#104974) 2026-07-11 21:55:33 -07:00
Vincent Koc
4040267af9 fix(qa): run mixed channel suites 2026-07-12 06:51:59 +02:00
Peter Steinberger
4139938dcf fix(docs): preserve translated list structure 2026-07-12 00:37:05 -04:00
Vincent Koc
fbfa1378c0 test(sqlite): allow schema version pragma (#104960) 2026-07-12 12:36:57 +08:00
Ayaan Zaidi
33186b0f54 test(plugins): fail closed when an api-key auth method cannot be probed
An unprobeable api-key choice left its flag/env literals unchecked while CI
stayed green (ClawSweeper finding). The probe now supplies a real agent dir
and placeholder preflight opts (sentinel still bound to the declared
optionKey only, preserving the key-correctness proof), so every api-key
method must reach resolveApiKey — this immediately exercised
cloudflare-ai-gateway's account/gateway preflight path.
2026-07-12 10:06:26 +05:30
Ayaan Zaidi
fe9af7dfc7 test(plugins): keep auth-literal parity test out of the unit-fast lane
Loading built plugin dists pulls large module graphs into the shared vitest
worker cache and broke co-resident vi.mock unit tests (memory-host-sdk
embeddings, checks-node-compact-large-2). An explicit dynamic import of the
surface loader trips the lane classifier's dynamic-import rule, moving the
file to the plugins project where dist loading is the norm.
2026-07-12 10:06:26 +05:30
Ayaan Zaidi
8f14f88690 test(plugins): fail auth-literal parity when a declared provider never registers
Silent skip on missing runtime registration recreated the drift class the
test guards (ClawSweeper finding); capability-only plugins now must register
zero text providers to be exempt.
2026-07-12 10:06:26 +05:30