* fix(bedrock): stop injecting fake apiKey marker for aws-sdk auth when no env vars exist
When the Bedrock provider uses auth: "aws-sdk" and no AWS environment
variables are set (EC2 instance roles, ECS task roles, etc.),
resolveAwsSdkApiKeyVarName() fell back to "AWS_PROFILE" unconditionally.
This string was injected as apiKey in the provider config during
normalisation, which poisoned the downstream auth resolver — it treated
the marker as a literal key and failed with "No API key found".
The fix:
- resolveAwsSdkApiKeyVarName() now returns undefined (not "AWS_PROFILE")
when no AWS env vars are present
- resolveBedrockConfigApiKey() (extension) gets the same fix
- resolveMissingProviderApiKey() guards both the providerApiKeyResolver
and direct aws-sdk branches: if the resolver returns nothing, the
provider config is returned unchanged (no apiKey injected)
- The aws-sdk credential chain then resolves credentials at request time
via IMDS/ECS task role/etc. as intended
When AWS env vars ARE present (AWS_ACCESS_KEY_ID, AWS_PROFILE,
AWS_BEARER_TOKEN_BEDROCK), the marker is still injected correctly.
Closes#49891Closes#50699Fixes#54274
* test(bedrock): update resolveBedrockConfigApiKey test for undefined return on empty env
The test previously expected "AWS_PROFILE" when no env vars are set.
Now expects undefined (matching the fix), and adds a separate assertion
that AWS_PROFILE is returned when the env var is actually present.
* fix(bedrock): lock aws-sdk env marker behavior
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(google): restore proxy-safe image generation (#59873)
* fix(ssrf): preserve transport policy without pinned dns
* fix(ssrf): use undici fetch for dispatcher requests
* fix(ssrf): type dispatcher fetch path
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(telegram): enable voice-note transcription in DMs
The preflight transcription condition only triggered for group chats
(isGroup && requireMention), so voice notes sent in direct messages
were never transcribed -- they arrived as raw <media:audio> placeholders.
This regression was introduced when the Telegram channel was moved from
src/telegram/ to extensions/telegram/, losing the fix from c15385fc94.
Widen the condition to fire whenever there is audio and no accompanying
text, regardless of chat type. Group-specific guards (requireMention,
disableAudioPreflight, senderAllowedForAudioPreflight) still apply
only in group contexts.
* fix: restore Telegram DM voice-note transcription (#61008) (thanks @manueltarouca)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
* fix: ensure bypassPermissions on custom CLI backend args
When users override cliBackends.claude-cli.args (e.g. to add --verbose
or change --output-format), the override array replaces the default
entirely. The normalization step only re-added --permission-mode
bypassPermissions when the legacy --dangerously-skip-permissions flag
was present — if neither flag existed, it did nothing.
This causes cron and heartbeat runs to silently fail with "exec denied:
Cron runs cannot wait for interactive exec approval" because the CLI
subprocess launches in interactive permission mode.
Fix: always inject --permission-mode bypassPermissions when no explicit
permission-mode flag is found in the resolved args, regardless of
whether the legacy flag was present.
* test(anthropic): add claude-cli permission normalization coverage
* fix(test-utils): include video generation providers
* fix: preserve claude-cli bypassPermissions on custom args (#61114) (thanks @cathrynlavery)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(telegram): trim menu descriptions before dropping commands
* fix: note Telegram command menu trimming (#61129) (thanks @neeravmakwana)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
* UI: improve mobile chat layout
* change .chat-group-messages min-width: from 604 to 602
* UI: fix chat-group-messages overflow in split-view and mobile layouts
* UI: revert chat.css import order in styles.css and components.css
* UI: simplify mobile chat layout overrides in grouped.css
* ui: move .chat and .chat-thread styles to chat/layout.css
* fix: document mobile chat layout improvements
* fix: improve narrow mobile chat width
---------
Co-authored-by: Altay <altay@uinaf.dev>
* fix(agents): prefer completion wake over polling
* fix(changelog): note completion wake guidance
* fix(agents): qualify quiet exec completion wake
* fix(agents): qualify disabled exec completion wake
* fix(agents): split process polling from control actions
* fix(cron): suppress NO_REPLY sentinel in direct delivery path
* fix: set deliveryAttempted on filtered NO_REPLY to prevent timer fallback
* fix: mark silent NO_REPLY direct deliveries as delivered
* fix(cron): unify silent direct delivery handling
* fix: suppress NO_REPLY direct cron leaks (#45737) (thanks @openperf)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
* fix(agents): handle LiveSessionModelSwitchError in subagent execution
Add retry loop for cross-provider model switches in the subagent
command path, mirroring the existing logic in agent-runner-execution.ts.
- Wrap runWithModelFallback in a while(true) loop inside agentCommandInternal
- Catch LiveSessionModelSwitchError and update provider, model,
fallbackProvider, fallbackModel, providerForAuthProfileValidation,
sessionEntry.authProfileOverride, and storedModelOverride before retrying
- Guard storedModelOverride update: only set when the model genuinely
changed (compared before mutation) or a session override already existed
- Reset lifecycleEnded flag so the retried iteration can emit lifecycle events
- Add comprehensive tests covering retry success, error propagation,
lifecycle reset, auth-profile forwarding, and fallback override state
Fixes#57998
* fix(agents): include provider change in storedModelOverride guard
* fix(agents): validate allowlist and clear stale compaction count on live model switch
* fix(agents): remove broken allowlist guard on live model switch
* fix(agents): address security review — bound retry loop, validate allowlist, redact error in lifecycle events
* fix(agents): restore error observability in lifecycle events using err.message
* fix(agents): sanitize log inputs and shallow-copy sessionEntry on live model switch
* fix(agents): enforce allowlist on empty set and sanitize error message
* fix: handle subagent live model switches (#58178) (thanks @openperf)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
* fix(agents): classify generic provider errors for failover
Anthropic returns bare 'An unknown error occurred' during API instability
and OpenRouter wraps upstream failures as 'Provider returned error'. Neither
message was recognized by the failover classifier, so the error surfaced
directly to users instead of triggering the configured fallback chain.
Add both patterns to the serverError classifier so they are classified as
transient server errors (timeout) and trigger model failover.
Closes#49706Closes#45834
* fix(agents): scope unknown-error failover by provider
* docs(changelog): note provider-scoped unknown-error failover
---------
Co-authored-by: Aaron Zhu <aaron@Aarons-MacBook-Air.local>
Co-authored-by: Altay <altay@uinaf.dev>
* fix(cli): route skills list output to stdout when --json is active
runSkillsAction used defaultRuntime.log() which goes through console.log.
The --json preAction hook calls routeLogsToStderr(), redirecting console.log
to stderr. Switch to defaultRuntime.writeStdout() which writes directly to
process.stdout, consistent with how other --json commands (e.g. skills search)
already emit their output.
Fixes#57599
* test(cli): add skills JSON stdout regression coverage
* test(cli): refine skills CLI stream coverage
* fix(cli): add changelog entry for skills JSON stdout fix
---------
Co-authored-by: Aftabbs <aftabbs.wwe@gmail.com>
* fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows
Two issues prevented Gemini CLI OAuth from working on Windows:
1. resolveGeminiCliDirs: the first candidate `dirname(dirname(resolvedPath))`
can resolve to an unrelated ancestor directory (e.g. the nvm root
`C:\Users\<user>\AppData\Local\nvm`) when gemini is installed via nvm.
The subsequent `findFile` recursive search (depth 10) then picks up an
`oauth2.js` from a completely different package (e.g.
`discord-api-types/payloads/v10/oauth2.js`), which naturally does not
contain Google OAuth credentials, causing silent extraction failure.
Fix: validate candidate directories before including them — only keep
candidates that contain a `package.json` or a `node_modules/@google/
gemini-cli-core` subdirectory.
2. resolvePlatform: returns "WINDOWS" on win32, but Google's loadCodeAssist
API rejects it as an invalid Platform enum value (400 INVALID_ARGUMENT),
just like it rejects "LINUX".
Fix: use "PLATFORM_UNSPECIFIED" for all non-macOS platforms.
* test(google-gemini-cli-auth): keep oauth regressions portable
* chore(changelog): add google gemini cli auth fix note
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(cron): prevent agent default model from overriding cron payload model (#58065)
When a cron job specifies a model override via the Advanced settings,
runWithModelFallback could silently fall back to the agent's configured
primary model. This happened because fallbacksOverride was undefined
when neither payload.fallbacks nor per-agent fallbacks were configured,
causing resolveFallbackCandidates to append the agent primary as a
last-resort candidate. A transient failure on the cron-selected model
(rate limit, model-not-found, etc.) would then succeed on the agent
default, making it appear as if the override was ignored entirely.
Fix: when the cron payload carries an explicit model override, ensure
fallbacksOverride is always a defined array (empty when no fallbacks
are configured) so the agent primary is never silently appended.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: use stricter toEqual([]) assertion for fallbacksOverride
Replace toBeDefined() + toBeInstanceOf(Array) with toEqual([])
to catch regressions where the array unexpectedly gains entries.
Addresses review feedback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: preserve cron override fallback semantics (#58294)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
