Omitted final on a confirmed message-tool-only source reply keeps main's terminate-on-delivery semantics and records a completed marker; only explicit final=false defers termination. Project the Codex-only final schema property in place on attempt-fresh tools instead of adding a public plugin-SDK clone export, resolving the SDK surface budget failure.
Distinguish progress from terminal source delivery across Codex telemetry,
payload suppression, terminal failure routing, and stranded-reply recovery.
Preserve legacy behavior when explicit markers are absent.
* fix(imessage): apply authoritative projection in anchorless recovery
Rebuild on latest main with imessage-only changes: authoritative history
projection (optional destination_caller_id), whole-path inbound proof tests,
and no unrelated restart.ts diff.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(imessage): restore recovery cursor API and format tests
Co-authored-by: Cursor <cursoragent@cursor.com>
* test(imessage): add monitor whole-path L3 proof for #104136 recovery
Exercise issue synthetic payloads through monitorIMessageProvider for
authoritative remote reply routing and from-me suppression before dispatch.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(imessage): clear stale destination_caller_id when history omits it
Exact-GUID history is authoritative for destination_caller_id. When the
history row omits that outgoing-only field, clear any stale notification
value instead of inheriting it into the recovered inbound projection.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: sm <sm@zwdeMacBook-Pro.local>
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat(firecrawl): add keyless Firecrawl Search (Free) provider + richer firecrawl_search options
Add an opt-in, keyless 'firecrawl-free' web_search provider (Firecrawl
Search (Free)) mirroring the Parallel plugin's parallel-free pattern:
requiresCredential false, no autoDetectOrder, never auto-selected. The
free path is credential-isolated — it never resolves or sends any
Firecrawl API key (no Authorization header), so opting out of credentials
cannot leak a configured/paid key — and its results and cache key carry a
distinct 'firecrawl-free' provider identity. The keyed 'firecrawl'
provider and core search auto-select behavior are unchanged, honoring the
maintainers' opt-in policy for keyless search.
Registered in index.ts, the web-search-provider barrel, the
web-search-contract-api metadata artifact (the onboarding/setup source),
manifest contracts, the official external plugin catalog snapshot, and
the doctor/contract registries.
Also extend the firecrawl_search tool to /v2/search parity:
includeDomains/excludeDomains (mutually exclusive), tbs, location,
country, and raise the result cap to 100.
* docs: regenerate docs_map for firecrawl heading rename
---------
Co-authored-by: developersdigest <jonathan@sideguide.dev>
The sidebar's expandable "MORE" section (uppercase header, chevron, persisted
sidebarMoreExpanded pref, dedicated "Edit pinned items" row) collapses into a
single More nav row that opens a transient popup menu with the unpinned
routes, dynamic plugin tabs, and the pin editor entry. Menu rows are real
anchors, so Cmd/middle-click keeps native link behavior; the More row carries
the active highlight when the current route lives inside the menu. The
sessions list gets the reclaimed vertical space, and one persisted setting is
gone (stale keys are ignored on load). The nav rows and menus move to
app-sidebar-nav-menus.ts to keep app-sidebar.ts under the TS LOC ratchet.
Docs: docs/web/control-ui.md sidebar-navigation section updated.
Fixes#105905
* refactor(plugins): trim path safety facade
* chore(deadcode): reconcile export baseline
* chore(deadcode): refresh baseline after main sync
* chore(deadcode): align baseline with linux scan
* feat(ui): make the sidebar agent chip body the menu trigger
The footer chip's big name/avatar area now opens the agent menu directly
and the chevron toggle button is removed. New-session plus stays as the
only trailing action; the unread dot moves onto the chip body.
* chore(ui): prune removed agentChip.openConversation key from locale bundles
* fix(ui): keep the agent name in the chip menu trigger accessible name
0aabf56242 relaxed the wrapper contract to .accessibilityLabel(title) while
the same pattern stayed in RAW_LOCALIZATION_BYPASSES, and #105859 then
restored Text(title) in SettingsProTabSections.swift, leaving main's
apple-app-i18n guard failing in both directions. Revert the contract to the
original required pattern; both guard tables validate against current main.
PR #105866 split the footer block inset evenly (calc(inset/2) top/bottom)
but left chat-responsive.browser.test.ts asserting the full inset, breaking
checks-ui on main.
5e9bc0916f switched two SettingsProTabSections accessibility labels
from .accessibilityLabel(Text(title)) to .accessibilityLabel(title);
title is LocalizedStringKey so lookup stays localized, but the wrapper
contract in apple-app-i18n.ts still required the old spelling and the
tooling shard only runs on PRs, so main broke silently.
Direct iOS/Android commits on main shifted source line numbers without
running the path-filtered native-i18n job, so `native:i18n:check` fails
on any PR that touches a native path. Metadata-only resync; entry count
unchanged (4200).