* 🐛 fix(server): rehydrate subagent runs from DB on cold replica
Server-side hetero persistence kept per-operation state in a module-level
map. On a cold serverless replica (or any cross-replica batch), the main
agent state is rebuilt from DB but `MainAgentRunState.subagents` was seeded
empty. A continuing subagent event then hit the `!existing` branch of
`ensureRun` and forked a brand-new isolation thread for a parentToolCallId
that already had one — producing piles of generic "Subagent" threads that
were never attached to the right thread. Desktop never hit this (one
long-lived run-state closure).
Rebuild `state.main.subagents` from DB the same way the main half is
rehydrated: add `rehydrateSubagentRunsState` to @lobechat/heterogeneous-agents
and call a new `refreshSubagentRunsFromDb` each ingest. Only runs MISSING
from memory are rehydrated (warm accumulators win); finalized (Active)
threads are excluded so completed spawns are never resurrected.
Sibling of #15783 (main message chaining) — same root cause, subagent half.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(server): scope subagent rehydration to operation + de-dupe inner tools
Two follow-up fixes on the cold-replica subagent rehydration:
- P1: de-dupe inner tool creation against the run-lifetime tool set, not just
the per-turn `persistedIds`. Per-turn state is reset on every turn boundary
and starts empty after a rehydration, so a replayed / continued tools_calling
on a cold replica minted a SECOND tool message for an id the run already
wrote. `lifetimeToolCallIds` survives boundaries and is restored from DB, so
it is the durable de-dupe key. Mirrors the main-agent retry protection.
- P2: scope `refreshSubagentRunsFromDb` to the current operation. Topics are
reused across turns; a prior crashed/cancelled run can leave a subagent
thread stuck `Processing`. Rehydrating purely by topic+status would merge
that unrelated thread into the new operation's reducer state and finalize it
on the new run's terminal drain. Stamp `operationId` on the subagent thread
metadata at creation and filter rehydration by it.
Adds regression cases for both (each verified to fail without its fix).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ✨ feat(device): share remote-device gateway RPC between desktop and CLI
Extract the desktop's remote-device gateway RPC surface into a shared
`@lobechat/device-control` package and wire it into the CLI so `lh connect`
serves the same git / workspace / file device RPCs as the desktop app.
- local-file-shell: relocate all git operations (branches, working-tree
patches, branch diff, checkout/rename/delete/pull/push/revert) from the
desktop GitCtr into the shared package as pure functions
- device-control (new): the `executeDeviceRpc` dispatch + workspace scan +
portable file-preview / file-index defaults, with platform hooks injected
- desktop: GitCtr / WorkspaceCtr / GatewayConnectionCtr become thin wrappers
delegating to the shared package (local IPC path unchanged)
- cli: handle `rpc_request` over the gateway via the shared dispatcher
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ✅ test(device): cover git branch ops and device-control portable defaults
- local-file-shell: real-git integration tests for branch checkout / rename /
delete (+ validation), working-tree files & patches, revert, branch-diff with
no remote, and push / pull / ahead-behind against a bare origin
- device-control: defaultGetLocalFilePreview (text / image / accept filter /
workspace containment / missing file) and defaultGetProjectFileIndex (git
ls-files path + glob fallback)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(device): preserve directory entries in the glob project-file index
The CLI `getProjectFileIndex` glob fallback used `globLocalFiles`, which returns
only non-hidden file paths and no directory entries — so the Files tree builder
flattened nested files to the root and dropped dot-directories.
Walk with fast-glob (`dot: true`) and synthesize directory entries via the same
`collectProjectDirectories` path the git branch uses, so nesting and dot-dirs
(e.g. `.agents`) render correctly. Extracted a shared `buildEntries` helper.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Hover a branch row in the branch switcher to rename or delete it. Wires
new renameGitBranch / deleteGitBranch operations through both transports
(Electron IPC for the local machine, device.* TRPC RPCs for remote/web),
mirroring the existing checkoutGitBranch / revertGitFile stack.
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(model-runtime): classify untyped Error throws via message patterns
`refineErrorCode` only re-derived a specific code when the incoming errorType
was `ProviderBizError`, so raw `Error` throws — which `formatErrorForState`
wraps as `InternalServerError` (HTTP 500) — never reached `matchErrorPattern`.
Persistence-layer (`Failed query: …`) and state-store drops therefore landed
as bare, un-classified 500s instead of `DatabasePersistError` etc.
Add the two un-typed fallback wrappers (`InternalServerError`, `AgentRuntimeError`)
to `REFINABLE_CODES` so their message runs through the pattern registry before
falling back. The existing `Failed query:` pattern already classifies these;
this just lets it run again.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(model-runtime): classify Upstash readonly-upgrade & dropped-caller drops
Add `READONLY Writes are temporarily rejected` and `ERR caller gone` to the
StateStorePersistError pattern block — both are Redis/Upstash state-store
failures that otherwise fall through to a bare 500. They describe the
connection/server condition rather than a specific command, so there is no
read-vs-write signal to split on.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(model-runtime): split caller-gone state-store reads into StateStoreReadError
`ERR caller gone` is an Upstash reply when an in-flight blocking READ
(XREAD on the agent event stream, BLPOP on a tool result) is aborted because
the originating caller disconnected — a benign client abandonment tied to the
request lifecycle, not a write/persist fault. Bucketing it under
StateStorePersistError mislabelled it as a harness failure (attribution:
harness, countAsFailure: true).
Add a dedicated StateStoreReadError (E7007, attribution: system, severity:
warning, countAsFailure: false) and route `ERR caller gone` to it. The
write-side rejection `READONLY Writes are temporarily rejected` stays under
StateStorePersistError.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(model-runtime): scope HTTP-status fallback to provider catch-alls
Opening the un-typed wrappers (InternalServerError / AgentRuntimeError) to the
full refine path also let them hit the leadingStatusFromMessage /
codeFromHttpStatus fallback. A harness/DB/Redis throw like `Error('429 …')` or
`Error('500 …')` with no registered pattern would then be recast as
RateLimitExceeded / ProviderServiceUnavailable — provider retry/failure
semantics on a harness error.
Split the sets: PATTERN_REFINABLE_CODES (message matching) stays open to the
wrappers; STATUS_REFINABLE_CODES (the coarse HTTP-status bucket) is limited to
ProviderBizError, where a leading status is a real upstream signal.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(desktop): detect bundled Codex CLI from Codex.app on macOS
OpenAI's Codex desktop app bundles the real codex CLI inside Codex.app
(Contents/Resources/codex) but never symlinks it onto PATH. A user with
only the desktop app installed failed PATH-based detection, so codex was
never spawned and the chat silently produced no reply.
Add a well-known install-location fallback inside detectHeterogeneousCliCommand
(tried after the PATH lookup, so a user's own install still wins), covering
both /Applications and ~/Applications. The fallback runs at detection time,
not module load, so it touches no node:os named exports on import. Feed the
detector-resolved absolute path through to spawn so a bare `codex` doesn't
ENOENT under spawn's leaner env.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(desktop): carry login-shell PATH into CLI spawn env
When the detector resolved a bare command via the login-shell PATH, only
the absolute shim path was kept; the PATH used for resolution was dropped.
spawn() then built its env from the leaner Finder-inherited PATH, so an
absolute shim with `#!/usr/bin/env node` still failed with
`env: node: No such file or directory` even though preflight succeeded
(npm/Homebrew/mise installs launched from Finder on macOS).
Surface the resolved PATH through ToolStatus.resolvedPathEnv, stash it on
the session, and merge it into spawnEnv (session.env still wins). Only set
when resolution fell back to the login-shell PATH, so the common on-PATH
case is unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Follow-up to #15719 addressing a Codex P2 review note.
After #15719, legacy v1.0.7 clients that only send `deviceId` were
silent-OKed unconditionally. But `publicProcedure` still receives
`ctx.userId` from `createLambdaContext` — and in the *active*
sign-out path (the user is still authenticated when logout fires)
that userId is valid. Skipping the delete in that case orphans the
existing `(userId, deviceId)` row, so `PushChannel.deliver` keeps
fanning notifications out to a signed-out device. Expo's
`DeviceNotRegistered` receipt only fires on uninstall, not on
logout, so the cron worker doesn't catch this either.
Fix: add a Path B fallback — when `ctx.userId` is available, run
the original `(userId, deviceId)` delete. Path A (expoToken pair)
still wins when present; Path C (silent OK) is now reserved for
the case the original PR was actually targeting: a v1.0.7 client
whose session is already gone, which is the source of the 401
storm.
Path matrix:
expoToken present → Path A: precise delete by (expoToken, deviceId)
no expoToken, ctx.userId present → Path B: legacy (userId, deviceId) delete
no expoToken, no session → Path C: silent OK, cron cleans up
Tests added:
- legacy + valid session → falls back to (userId, deviceId)
- legacy + no session → silent OK
- expoToken always takes precedence over userId fallback
Symptom: app.lobehub.com production logs show ~50+ TRPCError
UNAUTHORIZED traces per second on /trpc/mobile/pushToken.unregister,
starting from the v1.0.7 mobile release. Only `unregister` is hit
— `register` never appears in logs.
Root cause: the v1.0.7 client calls unregister *during* sign-out,
after the session is already invalid in practice (expired OIDC
token / cleared cookie). With authedProcedure gating, every logout
turns into a 401 that the client mistakes for an auth-expired
event and retries → a storm. Inside the client this also creates
a logout → 401 → authExpired.redirect → logout recursion.
Fix: change `unregister` to publicProcedure and authorize by the
(deviceId, expoToken) pair the client received at registration —
holding both is proof of ownership of that row, same trust model
as APNs/FCM unregister. Legacy v1.0.7 clients that only send
deviceId get a silent 200; the stale row is cleaned up by the
existing `process-push-receipts` worker via Expo's
DeviceNotRegistered receipts.
Returning 200 to those legacy calls also breaks the client-side
recursion at the source — the in-the-wild v1.0.7 fleet stops 401
flooding the moment this ships, before users update.
Tests:
- Router (mocked): expoToken path deletes by (expoToken, deviceId);
no-expoToken path silently succeeds; unauthenticated caller
succeeds; empty-string fields rejected.
- Model (integration): only the row matching both fields is
removed; mismatched expoToken is preserved (defense against
callers who only guess deviceId).
Fixes LOBE-10174
* ✨ feat(document): coalesce autosave history versions into 10-minute windows
* ✨ feat(document): break autosave history window on new page load session
* 🐛 fix(agent): persist file attachments in hetero early-exit user message
The hetero-agent early exit in execAgent created the user message without
the `files` relation, so attachments sent from the SPA gateway path
(executionTarget=device / sandbox) were never linked via messagesFiles and
disappeared once the optimistic client message was replaced by the server
snapshot. Attach the deduped `fileIds` the same way sendMessageInServer
does on the local-mode path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ✨ feat(agent): deliver image attachments to device/sandbox hetero runs
Persisting the messagesFiles relation fixed display, but the dispatched
CLI still never saw the image — local mode feeds the persisted imageList
into sendPrompt for vision, while the device/sandbox dispatch protocols
(agent_run_request / sandbox runner) only carried a text prompt.
- resolve attached images into signed URLs in the hetero early exit
(metadata-only, non-fatal) and carry them through heteroParams
- add imageList to the agent_run_request wire type and dispatchAgentRun
params (gateway client + server service)
- extract buildHeteroExecStdinPayload into @lobechat/heterogeneous-agents
so the three dispatch sites (desktop spawnLhHeteroExec, lh connect
daemon, server sandbox runner) build the same content-block payload:
systemContext, prompt, then image blocks
- lh hetero exec already coerces image blocks via coerceJsonPrompt and
normalizeImage (url → base64 for Claude Code, materialized path for
Codex), so no CLI consumer changes are needed
openclaw/hermes (runHeteroTask) keep text-only prompts — their dispatch
goes through a separate one-shot tool protocol.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ♻️ refactor(heterogeneous-agents): move exec stdin wire contract to a pure /protocol entry
The server sandbox runner imported `buildHeteroExecStdinPayload` through the
`/spawn` barrel, which (with no `sideEffects` hint) bundles the whole spawn
machinery into the Next.js server chunk. Its `process.cwd()`-rooted dynamic
fs calls then make Vercel's output file tracing glob the entire repo source
tree into every serverless function (+~69 MB each), pushing the 4 largest
functions past the 250 MB uncompressed limit and failing the deployment.
Split the dispatch wire contract (stdin payload builder + content-block
types) into a new pure, isomorphic `/protocol` export and point all three
dispatch sites (server sandbox runner, desktop main, `lh connect` daemon) at
it. `/spawn` re-exports the moved symbols so executor-side callers are
unaffected. Also declare `sideEffects: false` for the package.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* fix(agentDocument): listDocuments returns templateId and derived fields
* fix(agentDocument): useFetchAgentDocuments use listDocuments instead of getDocuments
* fix(agentDocument): derive AgentDocumentItem from listDocuments return type
* fix(agentDocument): export AgentDocumentListItem type
* 🐛 fix(agentDocument): align list projections and consumers after rebase onto canary
- listDocumentsForTopic now returns the same projection as listDocuments
(derived fields + templateId), so the tRPC union no longer collapses
the inferred client type to the old 8-field shape
- add description/updatedAt to both projections for sidebar consumers
- AgentDocumentsGroup switches getDocuments -> listDocuments (it already
shared the documentsList SWR key)
- makePendingDocument trimmed to the lean list item shape
- update useFetchAgentDocuments test to the listDocuments behavior
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agentDocument): migrate agentDocumentSkills sync to slim listDocuments
The tool store's skill registry sync shared agentDocumentSWRKeys.documentsList
with the working sidebar and the new useFetchAgentDocuments hook, but still
fetched the full getDocuments payload. Sharing one SWR key across different
payload shapes made the cached result order-dependent: whichever consumer
mounted first decided whether the cache held the heavy full documents or the
slim list items. Migrate the skills sync to listDocuments, whose projection
covers every field mapDocsToSkills reads.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* ♻️ refactor(agent): single-track device-tool injection via execution plan
P3 follow-up to #15669 — downstream layers now consume the resolved
ExecutionPlan instead of re-deriving device capability:
- ExecutionPlan carries the effective `target`; persisted into
state.metadata.executionPlan via createOperation
- call_llm executor gates buildStepToolDelta's activeDeviceId signal on
the plan (none/sandbox can never re-inject local-system mid-run)
- AgentToolsEngine consumes the plan's target; redundant rule-level
canUseDevice checks removed (physical manifest walls remain)
- builtin agent runtime config can now override agencyConfig
(web-onboarding pins executionTarget=none)
- hetero desktop 'local' selection persists this desktop's deviceId so
opening the agent from web dispatches to the same machine via gateway
- 'local' vs 'device' stay distinct user choices even for the same
machine: gateway dispatch streams progress to all clients (mobile),
IPC is faster but desktop-session-only — guarded by a regression test
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agent): enforce device access policy on hetero dispatch
resolveDeviceAccessPolicy now runs BEFORE the hetero early exit and feeds
canUseDevice into the hetero execution plan: a denied sender (external
bot user) degrades local/device-bound CLI hetero runs to the cloud
sandbox instead of dispatching to the owner's machine, and requestedDeviceId
cannot bypass the policy. Remote hetero agents (openclaw/hermes) are
device-only with no sandbox fallback, so denied senders are refused
outright.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 💄 style(agent): fix interface field order in RuntimeSelectionContext
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agent-runtime): always persist assistant reasoning to DB
PR #13494 gated message reasoning persistence behind preserveThinking
(agent chatConfig + model extendParams / qwen|zhipu fallback). That gate
is only meant to control whether reasoning is replayed into the next LLM
payload — applying it to the DB write dropped thinking content for every
non-qwen/zhipu reasoning model in server-side agent mode: reasoning
streamed live via stream_end but vanished after refresh.
Restore unconditional reasoning persistence in messageModel.update and
keep the preserveThinking gate only for state.messages payload replay.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 💄 style(i18n): localize callSubAgent tool labels
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
- add resolveExecutionPlan as THE device decision (none/sandbox never
route to a device; offline bindings stay unrouted; single-online-device
auto-activation only for device-capable targets)
- fix executionTarget=none being bypassed by single-device auto-activation
(background runs executed device tools despite 无设备)
- stop exposing the remote-device proxy in none/sandbox sessions
- converge native execAgent, hetero dispatch fork and client
selectRuntimeType onto the shared resolution
- drop the legacy per-platform chatConfig.runtimeEnv.runtimeMode fallback
entirely (no migration: unset targets resolve to platform defaults)
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* ✨ feat(model-bank): backfill knowledgeCutoff batch 2 and restore lost Anthropic values
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 📝 docs(skills): add model-bank-metadata skill for cutoff/family backfill
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(model-bank): Claude Fable 5 belongs to the claude-mythos family
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 💄 style(desktop): always surface the tab bar by creating a tab on first navigation
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* ♻️ refactor(model-bank): family is the product lineage (claude-opus/sonnet/haiku), not the brand
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agent): backfill activeAgentId before paint on tab/route switches
Tab switches are plain route navigations, so leaving an agent page cleared
activeAgentId via a passive useUnmount and the next page re-set it in a
passive useEffect — the first painted frame always had no active id, flashing
a skeleton even when agentMap already cached the config. Move both the
backfill and the unmount clear to layout effects: removed-tree layout
cleanups run before new-tree layout effects in one commit, so the clear can
never wipe a freshly synced id and the id is in place before paint.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* ✨ feat(agent): surface agent config fetch errors with a retry action
isAgentConfigLoading only knows "no data yet", so a failed fetch (e.g. a 401
that SWR deliberately does not retry, with no focus revalidation inside a
single Electron window) left the agent page on a skeleton forever — only a
manual reload recovered. Record per-agent fetch errors in
agentConfigErrorMap (set by onError, cleared on data / retry), expose
currentAgentConfigError / isAgentConfigError selectors, add a
retryAgentConfigFetch action that revalidates the agent's SWR entries, and
show an error alert with a retry button above the main chat input while the
config is still missing.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(ci): sync model metadata test expectations
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* ✨ feat(connector): support API key / custom header / OAuth auth in custom connector
Make the connector backend a full replacement for the legacy custom-MCP plugin form:
- connector create/update now accept bearer/apikey/header credentials (encrypted at rest);
oauth2 stays callback-only
- map apikey → bearer auth and header → request headers in both the sync path
(syncTools + callTool) and the agent-runtime manifest path
- pass custom HTTP headers through to the MCP client
- AddConnectorModal becomes a rich form: MCP type (HTTP/STDIO), auth type
(None / API Key / Custom Headers / OAuth), reusing the plugin form inputs;
OAuth keeps the existing popup authorize flow, others create + sync directly
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ♻️ refactor(connector): fold OAuth into the PluginDevModal MCP form
Pivot the custom-MCP entry to reuse the rich PluginDevModal / MCPManifestForm
instead of a bespoke connector modal, and add OAuth as an auth type inside it:
- MCPManifestForm: gated `enableOAuth` adds an "OAuth" auth type with
Client ID / Secret (optional) + redirect-URI hint. Only the custom-connector
entry enables it, so plain custom-plugin DevModal callers (editing plugins,
agent tools, …) are unaffected.
- DevModal: opens the OAuth popup synchronously on the save click (browsers
block window.open once an async boundary is crossed), validates, then hands
the popup to onSave which navigates it to the authorize URL.
- New CustomConnectorModal wraps DevModal and persists every auth type onto the
connector backend (none / bearer / custom headers → create + sync; OAuth →
create with OIDC config + run the authorize popup).
- settings/skill entry now opens CustomConnectorModal; the standalone
AddConnectorModal rich rewrite from the previous commit is reverted to the
canary original (it is only referenced by the unused ConnectorList).
- i18n: dev.mcp.auth.oauth* keys (default + en-US + zh-CN).
Backend stays as in the prior commit (connector create/update accept
bearer/apikey/header credentials; sync + manifest paths apply them).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(connector): route the OAuth auth type through the authorize flow, not the token-less manifest test
Selecting OAuth and clicking "Test connection" called the plugin manifest test
(getStreamableMcpServerManifest), which connects with no token and 401s on any
OAuth-gated server (e.g. Linear MCP / DCR). For OAuth there is nothing to test
without authorizing first, so the button now becomes "Authorize & Connect" and
runs the connector OAuth flow (discovery + DCR + authorize popup), shared with
the footer save button via DevModal.runOAuthFlow.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(connector): make connector.create idempotent on (user, identifier)
Re-adding or re-authorizing a custom connector with an existing identifier hit
the user_connectors unique constraint and 500'd. Now an existing row is updated
(reset to disconnected, refreshed name/url/oidcConfig/credentials) and its id
reused, instead of inserting a duplicate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ♻️ refactor(skill-store): route Add Custom MCP through the connector modal, drop the Custom tab
- Skill Store "Add → Add Custom MCP Skill" now opens CustomConnectorModal
(connector backend + OAuth), matching the settings/skill entry, instead of
the legacy plugin DevModal (installCustomPlugin + togglePlugin).
- Remove the now-redundant "Custom" tab from the Skill Store (custom MCP lives
in the connector list now): drop SkillStoreTab.Custom, its tab option,
CustomList render, and the matching search branch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ✨ feat(model-bank): backfill knowledgeCutoff for OpenAI/Claude/Llama/Phi families (batch 1)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* ✨ feat(model-bank): add family/generation fields with rule-derived data for chat models
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* ✨ feat(model-bank): add canonical knowledge-cutoff map with build-time backfill
Adds MODEL_KNOWLEDGE_CUTOFFS (canonical id → YYYY-MM, all values verified
against official provider docs) plus normalizeModelIdForCutoff, which reduces
provider-specific spellings (openrouter/bedrock prefixes, dated snapshots,
-thinking/-fast/-latest/-preview variants, claude dot-versions) to canonical
ids. buildDefaultModelList backfills knowledgeCutoff from the map when a model
card has no inline value, so all aggregator providers inherit cutoffs
automatically; inline values always win.
Covers Anthropic (incl. legacy 3.x), OpenAI, Google Gemini/Gemma, xAI Grok,
Meta Llama, Amazon Nova, and Cohere. DeepSeek/Qwen/GLM/Kimi/MiniMax/Mistral
publish no official cutoffs and are intentionally absent. Anthropic inline
PoC entries migrate into the map (single source of truth).
Cross-checked against the batch-1 inline backfill: 0 value mismatches.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(model-bank): correct Claude Sonnet 4.6 cutoff
* ✅ test(model-bank): sync metadata expectations
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agent): deliver sub-agent resume bridge via QStash webhook in queue mode
The callSubAgent completion bridge was a handler-only hook, which lives in
process memory: in queue mode (AGENT_RUNTIME_MODE=queue) HookDispatcher only
delivers webhook-configured hooks, so the bridge never fired — the parent op
stayed parked in waiting_for_async_tool forever after all sub-agents finished.
- Give the bridge hook a webhook config (delivery: qstash) targeting the new
/api/agent/webhooks/subagent-callback endpoint; local mode keeps the
in-process handler. Both paths converge on
AgentRuntimeService.completeSubAgentBridge (backfill + barrier/CAS resume).
- Park-time self-check: after the parked state and operation row are
persisted, re-run the resume barrier once to recover children that
completed before the parent finished parking.
- One-shot verify watchdog: when a completion finds the parent not yet
resumable, schedule a delayed verifyAsyncToolBarrier re-check (no step
lock, CAS-idempotent, never re-arms).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 📝 docs(agent): correct verify-watchdog rationale comment
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 📝 docs(agent): clarify eventFields trimming rationale
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* ♻️ refactor(agent): align subagent-callback with workspace-scoped step worker
Post-rebase adaptation to canary's runtime restructure (#15609):
- Route the webhook bridge through AiAgentService (like the /run step
worker) so the runtime's models stay workspace-scoped — a bare
AgentRuntimeService would be personal-scoped and the tool-message
backfill / resume barrier could miss workspace-scoped rows.
- Extract SubAgentBridgeParams into agentRuntime/types and add the
completeSubAgentBridge passthrough next to executeStep.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(agent): fail sub-agent callback loudly on backfill or delivery failure
Address two review findings on the resume bridge:
- completeSubAgentBridge now checks updateToolMessage's { success } result
(it swallows transaction errors instead of throwing) and propagates all
infrastructure failures. The webhook endpoint then returns non-2xx so
QStash redelivers the whole bridge — previously a failed backfill was
acked with 200 and the parent stayed parked forever, since the verify
recheck only re-reads the barrier and cannot retry the backfill.
- New AgentHookWebhook.fallback: 'none' opts a qstash-delivered hook out of
the unsigned plain-fetch fallback, which can never authenticate against a
QStash-signed endpoint and only masked publish failures as silently
dropped 401s. The bridge hook uses it; dispatch escalates such delivery
failures to console.error instead of the debug namespace.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* 🐛 fix(cli): handle agent_run_request in `lh connect` so device dispatch doesn't time out
`lh connect` auto-registers the CLI as a device, so the gateway can pick it
as the dispatch target for a heterogeneous agent run (`agent_run_request`).
But the connect daemon only listened for `system_info_request` and
`tool_call_request` — it never handled `agent_run_request`, so it never sent
`agent_run_ack`. The gateway waited out its ack window and returned
`{error:'TIMEOUT',success:false}`, surfaced server-side as "Hetero agent
device dispatch failed".
Add an `agent_run_request` handler mirroring the desktop app: spawn
`lh hetero exec` fire-and-forget and ack `accepted` immediately. The spawned
process owns the full execution + server-ingest pipeline. It re-invokes the
current CLI entry (process.execPath + argv[1]) rather than relying on `lh`
being on PATH, so it works inside the detached daemon.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix: bump the cli version
* chore: bump the cli manifest
* 🐛 fix(cli): ack agent run only after spawn succeeds, reject on spawn error
`child_process.spawn` reports a missing/inaccessible cwd asynchronously via
the child's `error` event, after the handler had already sent an `accepted`
ack. The gateway/server then recorded dispatch success while no `lh hetero
exec` process existed to emit `heteroFinish`, leaving the assistant message
stuck instead of surfacing a failure.
`spawnHeteroAgentRun` now resolves on the child's outcome: `accepted` on the
`spawn` event (stdin is written only then), `rejected` on an early `error`. A
rejected ack returns the gateway 422 → execAgent writes a ServerAgentRuntimeError
onto the assistant message, so a failed dispatch is visible. Still resolves in
milliseconds, well within the gateway's 10s ack window.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🐛 fix: skill list/search commands returning empty results
tRPC endpoints return { data, total } but CLI was treating the result as
an array; switch to result?.data ?? [] and update mocks to match.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* ♻️ refactor(hetero-agent): shared subagent-run coordinator + fix device-mode subagent streaming
Remote-device (gateway) hetero runs corrupted SubAgent text on the wire: the
CLI `SerialServerIngester`'s main-agent text-snapshot coalescing was subagent-
unaware, so subagent full-block text got mixed into the main accumulator and
re-`append`ed as `replace` snapshots server-side. Fix: exclude `data.subagent`
text from the coalescer so it forwards raw (the server appends it once).
The deeper cause was duplication: the renderer executor and the server
persistence handler each hand-wrote the SAME subagent-run state machine (lazy
thread create, turn-boundary cut, finalize, orphan drain, chain parenting) —
the epicenter of past hetero subagent bugs. Extract it into ONE pure,
transactional reducer (`reduceSubagentRuns`) in `@lobechat/heterogeneous-agents`
that emits declarative intents; each engine keeps a thin interpreter for its
own I/O (renderer: messageService + live store dispatch; server: messageModel).
The reducer pre-allocates ids so intents carry parentId chains with no
create→backfill round-trip; this needs `messageService.createMessage` to accept
a caller id (threaded through; the model already supported it). Also widened the
message nanoid 14→18 for the higher per-run id volume.
Behavior unifications (vs the two old copies):
- transactional commit-on-success subsumes the renderer's `pendingFlushTarget`
(a failed flush leaves the run intact for the onComplete-drain retry; the
renderer keeps a local pending-flush map pinned to the original assistant).
- finalize DELETES the run (server-style); a second finalize / orphan drain is
a clean no-op with the same DB end-state.
Scoped to subagent runs only; main-agent persistence stays per-engine. A future
pass can absorb the main-agent path into a unified agent-event reducer.
Tests: reducer 13, CLI hetero 22, server hetero 84, renderer executor 58.
Refs: LOBE-10175
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ✅ test(hetero-agent): strengthen subagent flush-retry assertion
The earlier rewrite of this assertion (caused by ids moving from server-
generated to caller-pre-allocated) weakened it to "all streamed writes share
one id", which would also pass if they all wrongly hit the terminal row. Pin it
back to the test's real intent: resolve the FIRST streaming-turn assistant by
its create payload and assert every streamed write targets it AND that it
differs from the terminal assistant's id — so `resultContent` is never clobbered.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(hetero-agent): honor commit-on-success for renderer subagent intents + fix stale id-length tests
- renderer interpreter: createThread / createMessage failures now rethrow so
reduceAndApplySubagent skips the state commit — the next event retries the
lazy create / turn boundary instead of orphaning the run (review P2)
- catch around the intent loop so a failed intent can't poison persistQueue
- regression test: transient createThread failure retries on next event
- update message id length assertions 18 → 22 (nanoid widened 14→18 + msg_)
- update messageService.createMessage spy assertions for the new (params, id) call
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ✨ feat(agent): block nested sub-agent calls
Sub-agents must not recursively spawn further sub-agents. Plumb an
`isSubAgent` flag from the spawning thread through the conversation /
operation / tool-call metadata, and refuse nested dispatch at every layer:
- streamingExecutor marks the spawned sub-agent context with `isSubAgent`
- aiAgent strips the LobeAgent tool from a sub-agent's plugin config
- client builtin-tool executor + server tool runtime return a clear error
- RuntimeExecutors blocks both single and batch sub-agent dispatch
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(test): align execSubAgentTask expectation with isSubAgent appContext
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent): don't mark group sub-agent tasks as isSubAgent
Group sub-agents are real agent dispatches and must keep the ability to
spawn their own sub-agents; only the LobeAgent-tool virtual sub-agent
path should carry isSubAgent. Drop the flag from execSubAgentTask.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
- Carry a `reason` payload on the `authorizationRequired` IPC event so the
cause behind the Session Expired modal (proxy 401, refresh non-retryable,
startup proactive refresh exception, etc.) lands in `electron-log` and the
renderer debug namespace for postmortem.
- On 401 + `X-Auth-Required`, enrich the reason with `hadToken`, the upstream
`www-authenticate` header and a truncated body snippet so OAuth/tRPC error
details are captured without consuming the forwarded stream.
- Fix returning users (token refresh failed -> active=false -> relaunch)
landing on the Welcome screen of desktop onboarding. Persist an
`everCompleted` flag in localStorage and resume at the Login screen for
anyone who has already completed onboarding once.
- Extract the screen-resolution logic into a pure `resolveInitialScreen`
helper with unit tests; cover the new storage flag and reason payload in
AuthCtr / BackendProxy tests.
* 🐛 fix(hetero): chain step boundary off tool row when tools[] backfill is unseen
On a warm replica that did not drain the prior step's `tools_calling` (or
before the assistant's `tools[]` JSONB has its `result_msg_id` backfilled),
the in-memory tool state is empty, so the step boundary falls back to the
previous assistant and forks the wire into two disconnected bubbles.
Fall back to the authoritative anchor — the `role:'tool'` rows themselves,
committed in Phase 2 independently of the JSONB mirror's Phase-3 backfill —
via a new `MessageModel.getLastChildToolMessageId`. Excludes subagent tool
rows (threadId set) so they never anchor the main-agent wire.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(hetero): write per-device cwd when adding topic from project group
The sidebar "+ new topic in this directory" action wrote the working
directory to the legacy per-agent slot (localAgentWorkingDirectoryMap),
which sits below agencyConfig.workingDirByDevice in the resolution
precedence. Once a directory had been picked via the ControlBar (which
writes workingDirByDevice), the "+" action was silently shadowed and the
new topic was created with the previously-picked directory instead.
Route the action through useCommitWorkingDirectory.commitAgentDefault so
it writes the same high-precedence per-device slot the picker uses,
keeping the two write paths from drifting again.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ✅ test(hetero): cover MessageModel.getLastChildToolMessageId
The fallback anchor query added in 599eea5bda had no DB-level test — the
persistence handler mocks it, so its real SQL was never exercised and
patch coverage dropped. Add direct PGlite tests covering all branches:
latest-tool ordering, no-tool → undefined (ignoring non-tool children),
subagent thread exclusion (threadId IS NULL), and ownership isolation.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(server): restore sub-agent forking in QStash step worker
In QStash mode every agent step runs in a fresh HTTP request via the
hono `runStep` handler, which built a bare AgentRuntimeService without
the `execSubAgent` fork callback. As a result `lobe-agent.callSubAgent`
failed with SUB_AGENT_UNAVAILABLE in cloud (the in-process callback
never survives the queue boundary).
Step through AiAgentService.executeStep instead, reusing its internal
runtime that is already wired with the fork callback — no second runtime,
no manual rebinding.
Also rename the internal `execSubAgentTask` → `execSubAgent` (method,
runtime/tool context fields, options, ExecSubAgent{Params,Result} types)
to separate the "task" concept from "sub-agent", and make the method an
auto-bound arrow field so it no longer needs `.bind(this)`. The external
lambda procedure name (`execSubAgentTask`) and the client service are
left unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ♻️ refactor(server): group runtime upward-calls into an AgentRuntimeDelegate
`execSubAgent` was a loose top-level option on AgentRuntimeService, which
hid that it is not ordinary config but an upward call: the low-level
runtime, mid-step, triggering a high-level pipeline that lives in
AiAgentService (the layer above it).
Introduce `AgentRuntimeDelegate` as the single named home for these
upward-call capabilities, and inject it as `delegate: { execSubAgent }`.
The interface doc states the convention so future "runtime must trigger a
higher-layer pipeline" capabilities land in the same place instead of
sprawling as ad-hoc options.
Scope is deliberately the injection surface (options + service field +
AiAgentService wiring). The downstream executor/tool context keeps its
flat `execSubAgent` field — the tool runner wants the unpacked capability,
not the whole delegate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(desktop): preserve Error cause across IPC so renderer sees real failure reason
Electron's IPC error serialization carries an Error's message/stack/name plus
its enumerable own properties, but a standard `cause` (set via
`new Error(msg, { cause })`) is non-enumerable — so the real failure reason
(e.g. undici wrapping ENOTFOUND/ECONNREFUSED under a generic
`TypeError: fetch failed`) was dropped on the way to the renderer.
- IPC base: re-expose `cause` as an enumerable, clone-safe field in the central
handler catch (nested Errors flattened to { name, message, code }) so every
IPC method's error carries it.
- Heterogeneous agent executor: include `cause` in the ChatMessageError body so
the surfaced error structure exposes the underlying reason alongside message.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🐛 fix(desktop): ferry IPC error cause via a serializable envelope
Making `cause` enumerable before rethrowing didn't actually reach the renderer:
Electron's `ipcRenderer.invoke` rebuilds a thrown handler error from its *string*
form (`Error invoking remote method '<channel>': <String(error)>`), so the
original error object — and any `cause` — never crosses the boundary.
Switch to an explicit serializable envelope:
- `~common/ipcError`: `toIpcErrorEnvelope` (clone-safe plain object, recursively
captures name/message/stack/code/cause) + `isIpcErrorEnvelope` /
`fromIpcErrorEnvelope` to rebuild a real Error.
- IPC base handler: return the envelope instead of throwing.
- preload `invoke`: detect the envelope and re-throw a rebuilt Error (with
`cause`), preserving the "promise rejects on failure" contract.
- hetero executor: flatten the Error cause to a plain object for the
DB-persisted `ChatMessageError.body`.
Adds unit tests for the envelope round-trip and the preload unwrap.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ✨ feat(hetero): add --raw-dump to persist agent raw stream-json for debugging
The remote-device path (`spawnLhHeteroExec`) leaves no local execution
record: `lh hetero exec` consumes the agent's stdout internally and only
POSTs adapted events to the server, so a misbehaving remote run can't be
inspected. The adapted/ingested view also can't distinguish a CC-side
empty `tool_result` from an adapter extraction bug.
Add `lh hetero exec --raw-dump <dir>`: spawnAgent gains an `onRawStdout`
tee that captures the child's untouched stdout BEFORE the adapter; the
CLI writes it (plus stderr + a meta.json) to
`<dir>/<timestamp>-<operationId>/`, one file pair per spawn attempt.
Fully best-effort — a dump failure never affects the run or exit code.
Wire the desktop device path to pass `--raw-dump` (gated by the existing
`shouldTraceCliOutput` toggle, into `resolveTraceRootDir`), so remote-device
CC runs now leave a raw stream on the device — the same toggle/location the
local trace path already uses. Reusable later for the server sandbox path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* 🔖 chore(cli): bump version to 0.0.27
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Arvin Xu