#### 💻 Change Type
- [ ] ✨ feat
- [ ] 🐛 fix
- [ ] ♻️ refactor
- [ ] 💄 style
- [x] 👷 build
- [ ] ⚡️ perf
- [ ] ✅ test
- [ ] 📝 docs
- [ ] 🔨 chore
#### 🔗 Related Issue
- None
#### 🔀 Description of Change
- Extract the document history database changes from the feature branch
onto a branch based on main.
- Add the document history migration, schema, relations, model, and
database tests only.
- Exclude UI, router, and service-layer changes so the PR stays focused
on the database layer.
#### 🧪 How to Test
- Run: cd packages/database && bunx vitest run --silent=passed-only
src/models/__tests__/document.test.ts
src/models/__tests__/documentHistory.test.ts
- [x] Tested locally
- [x] Added or updated tests
- [ ] No tests needed
#### 📸 Screenshots / Videos
| Before | After |
| ------ | ----- |
| N/A | N/A |
#### 📝 Additional Information
- This PR intentionally targets main because the database migration
needs to land on the release branch first.
* update
* update
* 🔧 chore: update CLI build command in electron-builder and ensure proper newline in package.json
* Changed the CLI build command from 'npm run build' to 'npm run build:cli' in electron-builder.mjs.
* Added a newline at the end of package.json for consistency.
Signed-off-by: Innei <tukon479@gmail.com>
---------
Signed-off-by: Innei <tukon479@gmail.com>
Co-authored-by: Innei <tukon479@gmail.com>
* feat: add some lost lobe-kb builtin tools
* feat: add the list files and get file detail
* feat: add the list files and get file detail
* fix: update the search limit
* ♻️ refactor: add backgroundColor to TaskParticipant and rename name to title
Add backgroundColor field and rename name→title in TaskParticipant interface
to match agent avatar data. Add LobeAI fallback for inbox agent in
getAgentAvatarsByIds when avatar/title are missing.
Update `pageEditor.editorPlaceholder` from `Start writing your page. Press / to open the command menu` to `Press "/" for AI and commands.` across all supported locales and the default locale source.
* 🐛 fix: default execAgent approval mode to headless
Backend execAgent calls should run headlessly by default since only
frontend scenarios require manual human approval. This prevents cron
jobs and other server-side triggers from unexpectedly waiting for
human intervention.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add regression test for headless approval default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: createAgent uses agentModel.create directly
The createAgent router was still going through sessionModel.create,
which is a legacy path that doesn't pass all agent fields (like
agencyConfig) to the agents table. Switch to agentModel.create
which directly inserts into the agents table with full field support.
- Add CreateAgentSchema in types package for proper input validation
- Remove dependency on insertAgentSchema from database package
- Remove sessionId from CreateAgentResult
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🏷️ chore: mark session-based agent creation as deprecated
Add @deprecated JSDoc tags to the legacy session-based agent creation
path (session router, SessionService, SessionModel.create, session store,
insertAgentSchema). New code should use agent.createAgent / agentModel.create
directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: honor groupId when creating agents
Pass input.groupId as sessionGroupId to agentModel.create so that
agents created from a sidebar folder are correctly assigned to that group.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve type errors from createAgent refactor
- Remove sessionId fallback in AddAgent.tsx and ForkAndChat.tsx
- Use z.custom<T>() for agencyConfig and tts in CreateAgentSchema
to match agentModel.create parameter types
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: extract agent-stream into @lobechat/agent-gateway-client package
Move the Agent Gateway WebSocket client from src/libs/agent-stream/ into
a standalone workspace package at packages/agent-gateway-client/. This
eliminates the duplicate AgentStreamEvent type in apps/cli and provides
a single source of truth for the Gateway WS protocol types shared by
SPA, server, and CLI consumers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add agent-gateway-client
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor(chat): remove reject-only button, unify to rejected_continue
Server-side `decision='rejected'` and `decision='rejected_continue'`
share the exact same code path — both surface the rejection to the
LLM as user feedback. Having a separate "reject only" button added UI
complexity without behavioural difference.
- Remove the "仅拒绝" button from InterventionBar popover; the single
"拒绝" button now calls `rejectAndContinueToolCall` directly
- `rejectToolCalling` Gateway branch sends `rejected_continue` instead
of `rejected` so all rejection paths use one decision value
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Update ApprovalActions.tsx
* ✨ feat(tool): add executors field to BuiltinToolManifest and dispatch page-agent to client
Add `executors?: ('client' | 'server')[]` to `BuiltinToolManifest` so
each builtin tool declares where it can run. The server-side dispatch
logic in `aiAgent/index.ts` now reads this field instead of hardcoding
per-identifier checks.
- `lobe-local-system`: `executors: ['client', 'server']` — runs on
client via Electron IPC or server via Remote Device proxy
- `lobe-page-agent`: `executors: ['client']` — requires EditorRuntime,
client-only
- Stdio MCP plugins still use the `customParams.mcp.type` heuristic
(not manifest-driven)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(gateway): route approve/reject via lab flag, not transient server op state
After the coordinator fix for `waiting_for_human` (#13860) the paused
`execServerAgentRuntime` op is marked `completed` client-side as soon
as the server emits `agent_runtime_end`. `startOperation` then runs
`cleanupCompletedOperations(30_000)`, which deletes any op completed
more than 30 seconds ago — so by the time the user sees the
InterventionBar and clicks approve/reject, the running (or recently
completed) server op is gone.
The previous `#hasRunningServerOp` check therefore kept returning
false against a live Gateway backend, flipping approve/reject into
the client-mode `internal_execAgentRuntime` branch and stranding the
server-side paused conversation.
Switch the helper to `#shouldUseGatewayResume`, which checks the same
`isGatewayModeEnabled()` lab flag used to route the initial send. The
signal now mirrors how the conversation was dispatched and survives
the op-cleanup window.
New regression test exercises the post-coordinator-fix state: the
paused `execServerAgentRuntime` op is explicitly `completed` before
the approve call runs, and we still expect the Gateway branch to
fire with `decision='approved'`.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(gateway): clean up paused server op after human approve/reject
In Gateway mode with userInterventionConfig.approvalMode='ask', the
paused execServerAgentRuntime op was never released — the loading
spinner kept spinning after the user approved, rejected, or
reject-and-continued, and reject-only silently did nothing on the
server.
- ToolAction.rejectToolCall now delegates to chatStore.rejectToolCalling
so the Gateway resume op actually fires with decision='rejected';
previously it only mutated local intervention state and the server's
paused op waited forever.
- AgentRuntimeCoordinator treats waiting_for_human as end-of-stream so
the coordinator emits agent_runtime_end when request_human_approve
flips state, letting the client close the paused op via the normal
terminal-event path.
- conversationControl adds #completeRunningServerOps as a fallback
guard in the approve/reject/reject-continue Gateway branches — if
the server-side signal is delayed or missing, the client still clears
the orphan op before starting the resume op.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(gateway): defer paused-op cleanup until resume starts successfully
If `executeGatewayAgent` failed (transient network/auth/server error),
the paused `execServerAgentRuntime` op was already marked completed
locally by the pre-call `#completeRunningServerOps`. Retries would
then see no running server op, miss `#hasRunningServerOp`, and fall
through to the non-Gateway client-mode path — while the backend was
still paused awaiting human input.
Snapshot the paused op IDs before the resume call and retire them
only inside the try block after `executeGatewayAgent` resolves. On
failure the running marker stays intact so a retry still lands on
the Gateway branch and can re-issue the resume.
The helper was renamed from `#completeRunningServerOps(context)` to
`#completeOpsById(ids)` to reflect the new contract: callers must
snapshot beforehand, not re-query at completion time (which would
incorrectly match the new resume op too).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(gateway): avoid double reject dispatch in reject-and-continue
Now that `rejectToolCall` delegates to `chatStore.rejectToolCalling`,
the chained `await get().rejectToolCall(...)` inside
`rejectAndContinueToolCall` fired a full halting reject before the
continue call. In Gateway mode that meant two resume ops on the same
tool_call_id (`decision='rejected'` followed by
`decision='rejected_continue'`) racing server-side; in client mode it
duplicated reject bookkeeping that `chatStore.rejectAndContinueToolCalling`
already handles internally.
Drop the chained call and fire `onToolRejected` inline so hook
semantics are preserved. `chatStore.rejectAndContinueToolCalling` is
now the single entry point for both the rejection persist and the
continue dispatch.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(toolEngineering): drop manifests missing `api` before feeding ToolsEngine
`ToolsEngine.convertManifestsToTools` calls `manifest.api.map(...)`
without a null check, so any manifest that is truthy but lacks a valid
`api` array crashes the entire tools build with "Cannot read properties
of undefined (reading 'map')". This takes down anything that touches
the tools pipeline on that agent — including TokenTag in ChatInput,
which is why users see the crash on the chat page load path.
Manifests are merged from 5 sources (installed plugins, builtin tools,
Klavis, LobeHub skills, caller-supplied extras), only some of which
filter falsy entries, and none validate `api`. Guard defensively at
the merge point and log the offending source + identifier so the
underlying bad data can be traced.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(builtin-tool-gtd): add server runtime for GTD tool
Implement server-side execution runtime so the GTD tool works when
agents run in a pure server context (bot platforms, async task workers,
QStash workflows). Previously only the client executor existed, which
relied on `useNotebookStore` and `notebookService` and would break on
the server.
- `packages/builtin-tool-gtd/src/ExecutionRuntime/index.ts`: pure
`GTDExecutionRuntime` class with an injected service interface,
covering createPlan/updatePlan/createTodos/updateTodos/clearTodos
and execTask/execTasks. Since server runtime has no stepContext,
todo state is read from / written back to the Plan document's
`metadata.todos` field.
- `src/server/services/toolExecution/serverRuntimes/gtd.ts`: factory
wiring `DocumentModel` + `TopicDocumentModel` into the runtime and
registering under `GTDIdentifier`.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor(builtin-tool-gtd): share runtime logic between executor and server
Make the client executor a thin adapter over `GTDExecutionRuntime` so
all processing logic (todo reducer, plan CRUD flow, execTask state
builder, output formatting) lives in one place. Previously the server
runtime was a near-duplicate of the client executor.
- Expand `GTDRuntimeContext` with `currentTodos`, `messageId`, `signal`
so both callers can thread their environment through:
- client supplies `currentTodos` from stepContext / pluginState via
`getTodosFromContext`, and `messageId` for execTask parentMessageId
- server lets the runtime resolve todos from the plan document's
metadata when `currentTodos` is not supplied
- Split service surface into `updatePlan` (user-facing: goal / desc /
context — client routes through `useNotebookStore` to refresh SWR)
vs `updatePlanMetadata` (silent todos sync — client stays on the
raw `notebookService`)
- Runtime methods now return `BuiltinToolResult` (superset of
`BuiltinServerRuntimeOutput`), so `stop: true` on execTask /
execTasks is typed cleanly without `@ts-expect-error`
Net effect: `executor/index.ts` shrinks from 510 → 134 lines; the
server factory just maps models to the service interface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🌐 chore: translate non-English comments to English in lambda router tests
Translated all Chinese/CJK comments to English in 6 test files under
src/server/routers/lambda/__tests__/. Code logic and string literals
are unchanged; only explanatory comments were translated.
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
💄 style(chat): tighten `execServerAgentRuntime` loading copy
Current text was trying to do too much in one line — status + two
separate user affordances — and read as an explanation, not a status.
Replaces it with a status-first line that mentions where the work is
happening and the single reassurance users actually need.
- EN: "Task is running in the server. You are safe to leave this page."
- zh-CN: "任务正在服务器运行,您可以放心离开此页面。"
Only en-US and zh-CN are edited; CI translates the rest from the
default file.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(conversation): improve workflow display when user intervention is pending
Made-with: Cursor
* 🐛 fix(builtin-tool-activator): add ActivatedToolInfo typing to requestedTools for tsgo compat
requestedTools was inferred as `{ identifier, name }[]` which lacks the
`avatar` property required by `ActivatedToolInfo`, causing tsgo errors.
`messageModel.findById(parentMessageId)` only returns the row from the
`messages` table — the tool-call metadata (identifier / apiName /
arguments / type / toolCallId) lives in the separate `message_plugins`
table. The resumeApproval path was reading `(resumeParentMessage as any).plugin`
and `(resumeParentMessage as any).tool_call_id`, both always undefined,
which meant:
- Approved tool calls were dispatched with `identifier: undefined`,
causing the server-side tool executor to throw
`Builtin tool "undefined" is not implemented`. The follow-up LLM
step could still describe success (it sees the user prompt + picks
plausible output) but the tool message content is permanently the
error string.
- The toolCallId mismatch guard was silently disabled because the
stored value was always null → validation always passed regardless
of what the client sent.
Fix: query `messagePlugins.findFirst` by message id, use the fetched
row for both the toolCallId equality check and the approvedToolCall
payload that the runtime dispatches.
Tests:
- Mock `db.query.messagePlugins.findFirst` with the plugin fields so
existing asserts on `approvedToolCall.identifier`/`apiName` pass
against real values.
- Move `tool_call_id` / identifier / apiName / arguments / type out of
the mock `messages` row fixture into a separate `pendingToolPlugin`
fixture that mirrors the actual DB layout.
- Flip the "toolCallId mismatch" guard test to mutate the plugin mock
(not the message mock) — this is exactly the class of bug the fetch
guards against, so the test would have masked it before.
- New guard test: throw when `messagePlugins.findFirst` returns
undefined (stale message id, wrong user, etc.).
Discovered during E2E verification of LOBE-7152 approve flow — the
approve decision was flipping to the new op correctly but every tool
execution was failing with the "undefined" error.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat(chat): server-mode human approval via new Gateway op + resumeApproval
When the current agent runtime is Gateway-mode (execServerAgentRuntime),
approve / reject / reject_continue now start a **new** Gateway op carrying
a `resumeApproval` decision instead of resuming the paused op in place
over tRPC — mirroring the "interrupt + new op" pattern from LOBE-7142
(stop/interrupt). This sidesteps the stepIndex / executeStep early-exit
race that was blocking the in-place resume path and matches the Linear
spec for LOBE-7152. Client mode is unchanged.
### Client
- `conversationControl.ts`
- `approveToolCalling` / `rejectToolCalling` / `rejectAndContinueToolCalling`:
server-mode branch calls `executeGatewayAgent({ message: '',
parentMessageId: toolMessageId, resumeApproval: { decision, ... } })`.
The local runtime never spins up; the new op's `agent_runtime_end`
clears loading.
- `#hasRunningServerOp` replaces the old `#getServerOperationId` helper
(we no longer need the paused op's id). Forwards scope/groupId/
subAgentId from `ConversationContext` into the operation lookup so
group/thread conversations correctly resolve their running server op
— `operationsByContext` is keyed on the full `messageMapKey`.
- `gateway.ts` — `executeGatewayAgent` takes an optional `resumeApproval`
and forwards it to `aiAgentService.execAgentTask`.
- `services/aiAgent.ts` — `ExecAgentTaskParams.resumeApproval` with new
`ResumeApprovalParam` shape (decision + parentMessageId + toolCallId
+ optional rejectionReason).
- `gatewayEventHandler.ts` — kept the `toolMessageIds` branch that fetches
pending tool messages on `tools_calling`.
- `services/agentRuntime/{type,index}.ts` — removed the short-lived
`toolMessageId` / `reject_continue` additions; this flow no longer
routes through `processHumanIntervention`.
- `store/chat/slices/operation/selectors.ts` — `getOperationsByContext` /
`hasRunningOperationByContext` now take `MessageMapKeyInput` so scope/
group/subAgent fields are honoured end-to-end.
### Server
- `ExecAgentSchema` / `InternalExecAgentParams.resumeApproval` — optional
`{ decision, parentMessageId, rejectionReason?, toolCallId }`.
- `AiAgentService.execAgent`
- `resumeApproval` implies resume semantics (skip user-message creation,
reuse `parentMessageId` as the target tool message). Folded into a
single `effectiveResume` flag so the existing resume branches apply.
- Validates parent is a `role='tool'` message whose `tool_call_id`
matches the request — guards stale / double-clicks.
- Writes the decision to DB before `historyMessages` is fetched so the
runtime sees the updated tool message on the first step:
* `approved` → `intervention: { status: 'approved' }`
* `rejected` / `rejected_continue` → tool content =
"User reject this tool calling [with reason: X]",
`intervention: { status: 'rejected', rejectedReason }`.
- Branches initial runtime context:
* `approved` → `phase: 'human_approved_tool'` + `approvedToolCall`
payload rebuilt from the tool message plugin → runtime executes
the tool.
* `rejected` / `rejected_continue` → `phase: 'user_input'` with
empty content → LLM re-reads history (now including the rejected
tool) and responds. Both decisions share this path: the client
split is only about optimistic writes and button UX; once the
rejection is persisted there's nothing meaningful to differentiate
server-side.
### Tests
- `conversationControl.test.ts` — rewrote the three server-mode blocks
to spy `executeGatewayAgent` and assert the `resumeApproval` payload
shape. Added a regression test covering group-scope lookup so dropping
scope/groupId from `#hasRunningServerOp` breaks the suite.
- `execAgent.resumeApproval.test.ts` (new) — covers approved and the
unified rejected branches (parameterized), the no-reason fallback, and
the role/tool_call_id validation guards.
Relates to LOBE-7152.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: forward serverUrl in WS auth for apiKey verification
The agent gateway verifies an apiKey by calling
\`\${serverUrl}/api/v1/users/me\` with the token, so \`serverUrl\` has to be
part of the WebSocket auth handshake. The device-gateway-client already
does this; \`lh agent run\` was missing it, producing
"Gateway auth failed: Missing serverUrl for apiKey auth".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔨 chore: bump cli to 0.0.7
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🧹 chore: remove builtin-agent-onboarding and consolidate web onboarding
- Merge agent system role into builtin-agents; colocate toolSystemPrompt in builtin-tool-web-onboarding
- Drop unused QuestionRenderer client bundle
- Gate onboarding footer switch/skip on AGENT_ONBOARDING_ENABLED for agent route
Made-with: Cursor
* 🧪 test: fix onboarding layout translation mock
* 🧪 test: align onboarding layout test with feature flag
* 🧪 test: type onboarding business const mock
When `call_llm` pushed the assistant turn into `state.messages`, it
dropped the DB id even though the row was already persisted. The
downstream `request_human_approve` executor filters parent lookup on
`m.role === 'assistant' && m.id`, and the DB fallback query is not
reliably finding the just-written row on every topology — so when
human-approve fires on the fresh LLM turn the op errors out with
"No assistant message found as parent for pending tool messages".
Attach `assistantMessageItem.id` to the pushed message so the existing
in-memory lookup hits, and nextContext's `parentMessageId` and
`state.messages` agree on a single source of truth.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Introduced a new `document_histories` table to track changes made to documents, including fields for `editor_data`, `save_source`, and `saved_at`.
- Updated foreign key relationships to link `document_histories` with `documents` and `users`.
- Modified existing models and tests to accommodate the new document history functionality, including changes to pagination and retrieval methods.
- Removed the versioning system from documents in favor of a more flexible history tracking approach.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(agent-runtime): implement server-side human approval flow
Port the client-mode human approval executors (request_human_approve,
call_tool resumption, handleHumanIntervention) to the server agent
runtime so that execServerAgentRuntime can correctly pause on
waiting_for_human and resume on approve / reject / reject_continue.
- request_human_approve now creates one `role='tool'` message per pending
tool call with `pluginIntervention: { status: 'pending' }` and ships
the `{ toolCallId → toolMessageId }` mapping on the `tools_calling`
stream chunk.
- call_tool gains a `skipCreateToolMessage` branch that updates the
pre-existing tool message in-place (prevents duplicate rows / parent_id
FK violations that show up as LOBE-7154 errors).
- AgentRuntimeService.handleHumanIntervention implements all three
paths: approve → `phase: 'human_approved_tool'`; reject → interrupted
with `reason: 'human_rejected'`; reject_continue → `phase: 'user_input'`.
- ProcessHumanIntervention schema carries `toolMessageId` and a new
`reject_continue` action; schema remains permissive (handler no-ops on
missing toolMessageId) to keep legacy callers working.
Fixes LOBE-7151
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent-runtime): address LOBE-7151 review (P1 reject_continue, P2 duplicate tool msg)
P1 — reject_continue with remaining pending tools must NOT resume the LLM.
Previously `handleHumanIntervention` kept `status='waiting_for_human'` but
returned `nextContext: { phase: 'user_input' }`, which `executeStep` would
hand to `runtime.step` immediately, breaking batch semantics. Now when
other tools are still pending, the rejection is persisted but no context
is returned; the `user_input` continuation only fires when this is the
last pending tool.
P2 — request_human_approve was pushing an empty placeholder
`{ role: 'tool', tool_call_id, content: '' }` into `newState.messages`
to "reflect" the newly-created pending DB row. On resume, the `call_tool`
skip-create path appends the real tool result, leaving two entries for
the same `tool_call_id` in runtime state. The downstream short-circuit
(`phase=human_approved_tool` → `call_tool`) doesn't consult
state.messages, so the placeholder was unused cost. Removed.
Also fixes a TS 2339 in the skipCreateToolMessage test where
`nextContext.payload` is typed `{}` and needed an explicit cast.
Tests: 99 pass (82 RuntimeExecutors + 17 handleHumanIntervention), type-check clean.
Verified end-to-end via the human-approval eval — it now exercises a
multi-turn retry path (LLM calls the gated tool twice) and both
approvals resolve cleanly through to `completionReason=done`.
Relates to LOBE-7151
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* pin @react-pdf/renderer
* 🐛 fix(deps): pin @react-pdf/image to 3.0.4 to avoid privatized @react-pdf/svg
@react-pdf/image@3.1.0 (auto-resolved via layout@4.6.0 ← renderer@4.4.1)
declares `@react-pdf/svg@^1.1.0` as a dependency, but the svg package was
unpublished/made private on npm (returns 404). CI installs blow up with
ERR_PNPM_FETCH_404.
Upstream issue: https://github.com/diegomura/react-pdf/issues/3377
Pin image to 3.0.4 (the last release before the broken svg dep was
introduced) via pnpm.overrides until react-pdf publishes a fix.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: fail fast when tool/assistant message persist hits a missing parent
When a conversation parent was deleted mid-operation (LOBE-7154), the
runtime was silently swallowing the parent_id FK violation in three tool
persist paths and continuing with a stale parentMessageId. The next LLM
call hit the same FK without context, surfacing as a raw SQL error to
the user after burning several LLM + tool call round trips.
Changes
- packages/types: add AgentRuntimeErrorType.ConversationParentMissing
- new messagePersistErrors.ts helper: FK detection + structured error
constructor + persist-fatal marker (keeps RuntimeExecutors smaller)
- RuntimeExecutors:
- call_tool: publish error event + re-throw on persist failure;
outer catch propagates when persist-fatal
- call_tools_batch: same, mark so the per-tool outer catch doesn't
swallow and fall back to the already-deleted parent
- resolve_aborted_tools: same pattern
- call_llm: preflight parent existence via findById so we fail before
the LLM call instead of after
- tests: replace old swallow-on-fail expectations, add LOBE-7158 cases
for each executor plus focused unit tests for the helper module
Fixes LOBE-7158
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 chore: publish normalized ConversationParentMissing on persist failure
Review feedback on LOBE-7158: the three persist catches were emitting
the raw DB exception as a stream `error` event before normalizing it.
Clients treat `error` events as terminal and surface `event.data.error`
directly, so the raw SQL text leaked to users and ended the stream
before the typed `ConversationParentMissing` throw could propagate.
Move normalization ahead of the publish in call_tool, call_tools_batch,
and resolve_aborted_tools so the stream event always carries the
intended business error. Add a regression assertion on the
call_tool FK test that the error event's `errorType` is
`ConversationParentMissing` and no `Failed query` text leaks through.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop the `motion/react` slide + fade transition on NavPanel content
switches (e.g. navigating from `/` to `/agent`). The new content now
renders directly without the 0.28s x-translate animation.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat: add headless approval and apiKey ws auth to `lh agent run`
Two fixes so `lh agent run` works end-to-end against the WebSocket agent
gateway when the user is authenticated via LOBEHUB_CLI_API_KEY.
- Default to `userInterventionConfig: { approvalMode: 'headless' }` when
running the agent from the CLI. Without this flag the runtime waits
for human tool-call approval and local-device commands hang forever.
Users who want interactive approval can pass `--no-headless`.
- Pass `tokenType` (`jwt` | `apiKey`) in the WebSocket auth handshake so
the gateway knows how to verify the token. Previously the CLI sent
only the raw token value and the gateway assumed JWT, rejecting valid
API keys.
Fixes LOBE-6939
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent-runtime): harden classifyLLMError so it never masks the original provider error
Production traces across multiple providers (openrouter, openai, google)
surface a single opaque error — `e.trim is not a function` with
`errorType: 'unknown'` — hiding whatever the upstream actually returned.
Root cause: `normalizeCode` / `normalizeErrorType` assumed their input is
always `string | undefined` (matching the TypeScript signature), but real
provider error objects frequently carry a numeric `code` (HTTP status) or
a structured object in `errorType`. `value?.trim()` short-circuits only
on null/undefined, so a truthy non-string turns into a TypeError that
the outer catch records as the "final" error, erasing the upstream one.
Fixes:
- Guard `normalizeCode` / `normalizeErrorType` on `typeof value ===
'string'`, widen parameter type to `unknown`.
- Wrap the whole `classifyLLMError` in a try/catch that falls back to a
conservative `stop` decision and preserves the best-effort message of
the ORIGINAL error. A classifier that throws is worse than a
classifier that's wrong — it must never shadow the real failure.
- `bestEffortMessage` swallows property-access errors (hostile Proxy
etc.) to guarantee the fallback itself can't throw.
Regression tests cover: numeric `code`, structured `errorType`, nested
OpenAI-SDK-shaped `error.error.code`, and a hostile Proxy that throws on
every property access.
This is a forcing function for root-cause diagnosis: after this lands,
the real upstream errors behind the 'e.trim' mask will finally surface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Remove fallback warning in classifyLLMError
Removed console warning for classification failure.
* 🐛 fix(agent-runtime): treat numeric provider code as status fallback
Bare HTTP proxies sometimes surface the HTTP status ONLY as a numeric `code`
on the error object (no `status`/`statusCode`, no digits in the message).
After widening `normalizeCode` to require `typeof === 'string'`, those numeric
codes were dropped entirely and auth/permission failures fell through to
retry — wasting the full retry budget on permanent errors.
Forward numeric `raw.code` / `nested?.code` / `nestedError?.code` into the
status chain (after the real status/statusCode lookups, before the
message-digit extractor) so classifyKind still maps 401/403 → stop and
429/5xx → retry.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: detect truncated tool_call arguments in builtin tools
When an LLM hits max_tokens mid tool_call, the arguments JSON is
truncated. The previous flow passed `{}` to the tool, which returned a
generic "required field missing" error; the model re-tried with the same
payload and the truncation repeated — one observed trace burned 17 min
and $2.46 on 5 blind retries.
Detect structural truncation (unclosed braces/brackets/strings) in
BuiltinToolsExecutor before schema validation, and return a dedicated
TRUNCATED_ARGUMENTS error telling the model to reduce payload size or
raise max_tokens instead of retrying.
Fixes LOBE-7148
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 chore: echo raw arguments string and reject all unparseable JSON
Two improvements based on review:
- Append the received arguments string to the error content so the model
can verify the payload is exactly what it produced (stops it from
blaming upstream or guessing what went wrong).
- Treat ANY unparseable non-empty argsStr as an error (new code
INVALID_JSON_ARGUMENTS), not just truncation. The previous fallback
of passing `{}` to the tool produced generic "missing field" errors
that hid the real cause. Empty argsStr still falls through to `{}`
for tools that take no parameters.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: wire Gateway-mode stop button to WS interrupt
Frontend half of [LOBE-7142](https://linear.app/lobehub/issue/LOBE-7142)
— the stop button previously silently failed in Gateway mode because:
1. `stopGenerateMessage` only filtered `execAgentRuntime`, so
`execServerAgentRuntime` ops (Gateway) were skipped.
2. Even if the local op got cancelled, nothing bridged the cancel to
the server-side agent loop running behind the Agent Gateway WS.
## Changes
**`conversationControl.ts::stopGenerateMessage`** — extend the type
filter to include both op types so both client-side and Gateway-mode
runs are cancelled from the same entry point.
**`gateway.ts::executeGatewayAgent` + `reconnectToGatewayOperation`** —
register an `onOperationCancel` handler on the local `gatewayOpId` that
forwards the server-side operation id to `interruptGatewayAgent(...)`,
which sends `{ type: 'interrupt' }` over the Agent Gateway WS. The
closure cleanly resolves the "local op id vs server op id" mapping —
no metadata lookup needed.
**`operation/actions.ts::cancelOperation`** — `isAborting` flag was
gated on `execAgentRuntime`. Extend to `execServerAgentRuntime` too so
the UI loading state transitions out immediately on Gateway-mode stop,
without waiting for the round-trip `session_complete` from the server.
## What this doesn't do (follow-ups)
- **Backend**: new `POST /api/agent/interrupt` route + Redis LPUSH
(LOBE-7145). Without it, the WS interrupt reaches Agent Gateway but
never gets forwarded to cloud.
- **Agent loop**: `AgentRuntimeService.executeStep` LPOP polling of the
interrupt key (LOBE-7146). Without it, the state never flips to
`interrupted` server-side.
- **Agent Gateway DO** (external repo): `_forwardInterrupt` HTTP POST
from the WS interrupt handler (LOBE-7147).
With only this PR merged, clicking stop will clear the local UI state
and send the WS frame correctly — the server-side loop keeps running
until those three are merged too.
## Tests
- `conversationControl.test.ts`: +1 — stopGenerateMessage cancels
`execServerAgentRuntime`, invokes the onCancel handler, sets
`isAborting: true`.
- `gateway.test.ts`: +1 — `executeGatewayAgent` registers a handler
against the local opId, handler invokes `interruptGatewayAgent`
with the server opId.
All 123 touched-slice tests pass; type-check clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔨 chore: switch Gateway stop to direct tRPC instead of WS roundtrip
Rewiring only — no new behaviour on top of the previous commit. See
the discussion in PR #13815 for the full reasoning.
TL;DR the WS-based path (client → Agent Gateway WS → DO forwards
HTTP → cloud route → Redis LPUSH → loop LPOP) has the same end-effect
as the tRPC-direct path (client → tRPC → AgentRuntimeService
.interruptOperation → DB state flip), except:
- the tRPC path is one hop instead of three
- the tRPC path reuses infrastructure that's *already on canary* —
`aiAgentService.interruptTask` → `AiAgentService.interruptTask` →
`AgentRuntimeService.interruptOperation` → `coordinator.saveAgentState`
with status='interrupted' — and the existing step-boundary polling
in `executeStep` (AgentRuntimeService.ts:474, 565) already picks it up
- zero new server code required; zero Agent Gateway (external repo)
coordination required
The only reason the WS path was in the original spec (LOBE-7142) was
symmetry with the Phase 6.4 tool_execute/tool_result path, but
`interrupt` is a one-shot control signal, not stream data — there's
no actual benefit to routing it through the same channel. Mid-step
abort would require threading an AbortSignal into `runtime.step(...)`,
which WS doesn't help with either.
Closes out the need for LOBE-7145 / LOBE-7146 / LOBE-7147.
Changes:
- `gateway.ts`: both `executeGatewayAgent` and
`reconnectToGatewayOperation` register the cancel handler against
the local op id, but the handler body now calls
`aiAgentService.interruptTask({ operationId: serverOpId })` via
tRPC instead of `this.interruptGatewayAgent(serverOpId)` (which sent
the WS interrupt frame).
- `gateway.test.ts`: adjust the one new test case to verify the
tRPC call rather than the WS-path spy; add `interruptTask` to the
`aiAgentService` mock.
`AgentStreamClient.sendInterrupt()` and `interruptGatewayAgent()` are
kept as-is — public API, might be useful elsewhere. Just not called
from the cancel handler anymore.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: gateway sync
* fix: skip error connection
* feat: add disconnect all & MESSAGE_GATEWAY_ENABLED env vairable
* chore: add gateway test case
* chore: clean lobehub connnections when switch to message gateway
* chore: optimize disconnect all
* chore: disconnect gateway connnections when using lobehub gateway
* chore: clean up exsiting gateway connections after reconnect and avoid gateway callback when not enabled
* ✨ feat: receive and execute executor=client tools on desktop Electron
Frontend half of LOBE-7076 (Phase 6.4). Pairs with server PR #13790,
which adds the `clientRuntime` signal + `hasClientExecutor` gate so
`local-system` and stdio MCP can enter the manifest for desktop callers.
Data flow, client side:
Agent Gateway WS
└─ tool_execute event ──► AgentStreamClient
└─ 'agent_event' ──► gatewayEventHandler (case 'tool_execute')
└─ internal_executeClientTool (fire-and-forget)
├─ parse args → params
├─ mark pendingClientToolExecutions[toolCallId]
├─ dispatch: builtin → invokeExecutor,
│ else → mcpService.invokeMcpToolCall
├─ clear pending
└─ AgentStreamClient.sendToolResult(...)
└─ WS → /api/agent/tool-result → LPUSH
→ server BLPOP unblocks → loop continues
Key guarantees:
- `internal_executeClientTool` never throws; ALL error paths (parse
failure, no executor match, thrown executor, missing connection, MCP
error) still call `sendToolResult({ success: false, error })`. The
server's BLPOP must never hang on a silent client.
- `case 'tool_execute'` uses `void`, not `await`. A long-running tool
must not block subsequent `stream_chunk` / `tool_end` events on the
same WebSocket.
- UI loading state is kept separate from `toolCallingStreamIds` (the
LLM-streaming animation) via a dedicated
`pendingClientToolExecutions: Record<toolCallId, true>` map, so a
renderer can show a distinct "running on device" indicator without
entangling existing selectors.
Client → server signal:
`executeGatewayAgent` now passes `clientRuntime: isDesktop ? 'desktop' : 'web'`
so the server knows this Electron caller can receive `tool_execute`.
Tests: 39 new cases across AgentStreamClient / internal_executeClientTool
/ gatewayEventHandler covering success, error, MCP fallback, pending
state lifecycle, and fire-and-forget semantics. 148 total in affected
suites.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: pass server operationId to tool_result dispatch (operationId mismatch)
The gateway event handler received `tool_execute` events but the resulting
`internal_executeClientTool` call looked up `gatewayConnections` by the
*local* operation id (e.g. `op_8chrnd`) instead of the *server-side*
operation id (e.g. `op_1776171452938_...`) the WS connection is actually
keyed on. `conn` was therefore always `undefined`, the early-return in
`send(...)` swallowed the response, and the server's BLPOP waiter timed
out after 60 s.
This was reproducible on canary E2E: server logs showed
`dispatching client tool lobe-local-system/readLocalFile` followed by
`client tool ... timed out after 60027ms`, with no outbound `tool_result`
frame ever reaching the Agent Gateway.
Fix: thread a distinct `gatewayOperationId` through
`createGatewayEventHandler` and use it for the `case 'tool_execute'`
dispatch. The existing `operationId` (used for `dispatchContext` →
`internal_dispatchMessage` keying) is untouched. Both `executeGatewayAgent`
and `reconnectToGatewayOperation` now pass the server id explicitly; when
a caller omits it, it falls back to the local `operationId` for backwards
compatibility.
Verified live on canary: WS now shows
`[in] tool_execute` → `[out] tool_result success=true content=...` and
the agent returns the real local-file contents.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: slove the execAgents tools exec types not correct
* fix: should inject source:discovery when tools type is lost
* fix: delete the source inject test
* fix: slack not respond to text commands
* feat: add slack slash commands instructions
* chore: add slack validate in test connections
* chore: update slack docs
* chore: remove text commands for slack
* fix: execAgent should get all tools manifests
* fix: should add the tools source into payload source
* fix: add the discoverable tools into tools enginer
* fix: update the test, should include the discoverable tools
* ✨ fix: implement stable navigation hook and refactor navigation handling
- Introduced `useStableNavigate` hook to provide a stable `navigate` function that can be used across the application.
- Refactored components to utilize the new stable navigation approach, replacing direct access to the navigation function from the global store.
- Updated `NavigatorRegistrar` to sync the `navigate` function into a ref for consistent access.
- Removed deprecated navigation handling from various components and actions, ensuring a cleaner and more maintainable codebase.
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 fix: refactor navigation handling to prevent state mutation
- Updated navigation reference handling in the global store to use a dedicated function for creating navigation refs, ensuring that the initial state is not mutated by nested writes.
- Adjusted tests and components to utilize the new navigation ref creation method, enhancing stability and maintainability of navigation logic.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ test: mock Electron's net.fetch in unit tests
- Added a mock for Electron's net.fetch in the AuthCtr and BackendProxyProtocolManager tests to ensure proper handling of remote server requests.
- This change allows tests to simulate network interactions without relying on the actual fetch implementation, improving test reliability.
Signed-off-by: Innei <tukon479@gmail.com>
---------
Signed-off-by: Innei <tukon479@gmail.com>
messageModel.query() calls inside RuntimeExecutors were missing a
postProcessUrl callback, so imageList/videoList/fileList entries retained
raw S3 keys (e.g. `files/user_xxx/icon.png`). After the first tool batch,
the refreshed state fed those raw keys straight into the next LLM call,
and providers like Anthropic reject anything that isn't an absolute URL or
data URI ("Invalid image URL"). Wire a lazy FileService-backed
postProcessUrl into all three query sites (topic reference resolution,
compression, and post-batch refresh) so imageLists stay resolved across
multi-step operations.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix: dispatch executor=client tools to desktop caller even with DEVICE_GATEWAY configured
Two fixes to make Phase 6.4 (LOBE-7076) actually reach a desktop caller on
canary, where DEVICE_GATEWAY is configured and a separate remote device
may be registered.
### 1. AgentToolsEngine: suppress RemoteDevice for desktop callers
The `lobe-remote-device` tool is meant for the legacy "tunnel commands to
a separately registered desktop" flow. When the caller itself is a
desktop Electron client, that's redundant — and worse, the LLM was
picking `listOnlineDevices` + `activateDevice` *first*, then routing the
subsequent `readLocalFile` to a different registered host (a remote
Linux VM in our E2E trace, returning ENOENT for a path that only exists
on the caller).
Adds `&& !hasClientExecutor` to the RemoteDevice enable rule. Desktop
callers now see only `local-system` in their manifest.
### 2. aiAgent.execAgent: mark executor='client' for desktop callers
The existing gate was `if (!gatewayConfigured) { executorMap[...] = 'client' }`.
On canary, `gatewayConfigured === true` (DEVICE_GATEWAY set), so
`local-system` / stdio MCP stayed server-executed and were dispatched to
the Remote Device proxy instead of back to the caller's Agent Gateway WS.
Extends the gate to:
`if (clientRuntime === 'desktop' || !gatewayConfigured)`
So a caller that explicitly signals it can receive `tool_execute` bypasses
the DEVICE_GATEWAY heuristic. Legacy behaviour unchanged for web callers
and for callers that don't send `clientRuntime`.
### Tests
- AgentToolsEngine: +1 case verifying RemoteDevice is suppressed when
`clientRuntime === 'desktop'` even with `gatewayConfigured: true`
- execAgent.deviceToolPipeline: +3 cases
- local-system gets executor='client' for desktop + DEVICE_GATEWAY
- stdio MCP gets executor='client' for desktop + DEVICE_GATEWAY
- web caller preserves legacy routing (executor unset)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: enable executor=client tools for desktop Electron callers
Adds a `clientRuntime` signal to execAgent so the server knows the caller
itself can execute `executor: 'client'` tools (local-system, stdio MCP) over
its Agent Gateway WebSocket. This is the missing server piece for Phase 6.4
(LOBE-7076): previously `local-system` only entered the manifest when a
*separately registered* remote device was online & auto-activated, so a
desktop Electron caller sitting on the other end of the Gateway WS could
never actually be dispatched to via `tool_execute`.
The new signal is orthogonal to the legacy device-proxy `deviceContext` —
it describes the caller itself, not a third-party device. The enable rule
for LocalSystemManifest simply gets one extra OR branch:
local && gatewayConfigured && (hasClientExecutor || legacy-device-online-activated)
`toolExecutorMap[LocalSystemManifest.identifier] = 'client'` (LOBE-7067)
then kicks in as soon as the manifest entry is present, so
`RuntimeExecutors.call_tool` (LOBE-7068) will push `tool_execute` over the
Agent Gateway WS to this caller.
Plumbing:
- packages/types: `ExecAgentParams.clientRuntime?: 'desktop' | 'web'`
- lambda router: accepts + forwards `clientRuntime`
- aiAgent service: forwards to `createServerAgentToolsEngine`
- AgentToolsEngine: +1 field, +1 OR branch in LocalSystem enable rule.
Zero changes to `runtimeMode` / `platform` / `RemoteDeviceManifest` /
`deviceContext` semantics.
Tests: 3 new cases in AgentToolsEngine covering desktop / web / gateway-off
branches; 3 new cases in execAgent.deviceToolPipeline verifying the
`clientRuntime` param is forwarded verbatim.
Follow-up (separate PR): frontend receives `tool_execute`, runs the tool
via Electron IPC, and sends `tool_result` back over the same WS.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: untangle runtime / platform / device-proxy flags in AgentToolsEngine
Renames and separates two orthogonal concerns that used to share the
misleading `isDesktopClient` name:
- `hasClientExecutor` — caller itself can receive `tool_execute` over
the Agent Gateway WS (Phase 6.4). Property of the caller.
- `hasDeviceProxy` — server has a device-proxy configured that tunnels
to a separately registered device (legacy Remote Device). Property of
the server.
`platform` is now derived from the caller (`clientRuntime`) first,
falling back to the device-proxy signal for backwards compat — it was
previously derived purely from the server's proxy config, which
conflated "server can reach a desktop" with "caller is a desktop".
LocalSystem enable rule restructured to read in natural order:
runtimeMode === 'local' // user opted in
&& hasDeviceProxy // server has a Gateway path
&& (hasClientExecutor || ...) // an execution target exists
Behavior is identical to the previous commit; this is a pure rename /
regrouping refactor. 38 existing tests still pass without changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: decouple hasClientExecutor from hasDeviceProxy in local-system gate
The previous rule required `hasDeviceProxy` as a shared prerequisite for
BOTH enable paths, which is wrong: `hasDeviceProxy` reflects the legacy
device-proxy (`deviceProxy.isConfigured`), while Phase 6.4's
`tool_execute` rides the Agent Gateway WebSocket that this request is
already on. The two systems are orthogonal — a desktop caller on the
Gateway WS can receive `tool_execute` without any device-proxy being
configured server-side.
Correct enable rule:
runtimeMode === 'local'
&& (hasClientExecutor // Phase 6.4, self
|| (hasDeviceProxy && deviceOnline && autoActivated)) // legacy
Updated the `still requires gateway to be configured` test, which was
asserting the incorrect coupling, to instead verify that agent-level
`runtimeMode.desktop === 'none'` opt-out is respected for desktop
callers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add image-to-video options to CLI generate video command
Why: CLI only supported text-to-video. Backend already accepts imageUrl/endImageUrl
for image-to-video, but the CLI had no way to pass them.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update cli version
* update cli version
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* use Electron's net.fetch() so system trusted certs are honored
* 🐛 fix(tests): mock netFetch in unit tests broken by net.fetch migration
Both LocalFileCtr and RemoteServerConfigCtr tests were patching
global.fetch / stubGlobal, which no longer intercepts calls now that
the controllers route through Electron's net.fetch via @/utils/net-fetch.
Hoist the fetch mock and point vi.mock('@/utils/net-fetch') at it directly.
Tools flagged as `executor: 'client'` are dispatched via `dispatchClientTool`
through the Agent Gateway WS path. In cloud deployments where the gateway is
configured but no desktop device is connected, this path 404s on
`/api/operations/tool-execute` and the tool fails with `dispatch_failed`.
Only mark local-system and stdio MCP plugins as `'client'` when the gateway
is NOT configured (standalone Electron). When deviceContext is available,
tool routing goes through the RemoteDevice proxy instead.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(desktop): use low urgency for Linux notifications to prevent GNOME Shell freeze
On Linux/GNOME Shell, desktop notifications with urgency 'normal' appear
as banner pop-ups. Clicking the dismiss (X) button on these banners can
cause the system to freeze for 30-45 seconds due to heavy gnome-shell
CPU and memory usage.
Setting urgency to 'low' on Linux routes notifications to the message
tray instead of displaying them as banners, which avoids the problematic
X button interaction. The urgency option is ignored on macOS and Windows.
Fixes#13538
Co-authored-by: octo-patch <octo-patch@github.com>
* ✨ feat(task): add participants array to task.list response
Return a participants array per task (id / type / avatar / name) so
clients can show avatar groups on task cards. For now participants
only contains the assignee agent; future iterations can aggregate
comment authors and topic executors.
Also extract TaskItem into @lobechat/types as an explicit type
definition so it no longer relies on drizzle schema inference.
* ♻️ refactor(task): extract NewTask to @lobechat/types
Remove the drizzle $inferInsert NewTask from schemas and define it
explicitly in @lobechat/types alongside TaskItem.
* ✅ test(task): cover participants in task.list response
✨ feat(agent-runtime): dispatch client-executor tools via Agent Gateway WS
Wire the block-await dispatch path for tools marked as `executor: 'client'`:
- `aiAgent/index.ts` (6.3a) — derive `toolExecutorMap` from manifests:
* `local-system` builtin → `'client'` (requires Electron IPC)
* MCP plugins with `customParams.mcp.type === 'stdio'` → `'client'`
(subprocess runs on the user's machine)
Purely manifest-driven; no new context / capability fields needed.
- `dispatchClientTool` (6.3b) — helper that:
* Pushes a `tool_execute` event via `streamManager.sendToolExecute`
* Block-awaits on Redis BLPOP via `ToolResultWaiter`
* Returns a `ToolExecutionResultResponse`-shaped object (drop-in with
the existing server path)
* Never throws — timeouts / gateway errors / missing infra all
produce a failed-but-structured result so the agent loop continues
- `RuntimeExecutors.call_tool` / `call_tools_batch` — route to
`dispatchClientTool` when `payload.executor === 'client'` AND the
stream manager exposes `sendToolExecute`. Otherwise fall through to
the existing server path unchanged. Response API (`source: 'client'`)
interrupt branch is untouched.
Capped at 270s per tool to match Vercel's streaming function window;
longer tools will be handled by the resumable path in Phase 6.3c.
Covered by:
- 5 unit tests on `dispatchClientTool` (gateway missing, redis missing,
happy path, timeout, dispatch error)
- 286 existing tests still pass in adjacent suites
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace 6 per-path Next.js `route.ts` handlers (using `@upstash/workflow/nextjs` serve) with a single Hono app mounted at `[[...route]]`. Workflow logic moves to `src/server/workflows-hono/memory-user-memory/`; all public URLs remain unchanged so existing `MemoryExtractionWorkflowService.triggerXxx` callers need no update.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(agent-runtime): add ToolResultWaiter for Redis BLPOP-based tool result await
Introduce ToolResultWaiter — a Promise-based wrapper around Redis BLPOP
that server-side agent loops will use to block-await client-side tool
execution results delivered via the callback API (LPUSH on another
connection).
Design highlights:
- Takes two ioredis clients: a dedicated blocking connection for BLPOP
(must not be shared with business traffic) and a normal producing
connection for side effects (cancel sentinel).
- `waitForResult(id, timeoutMs)` returns the parsed payload or null on
timeout / cancel, never throws for timeout (caller decides fallback).
- `waitForResults(ids[], timeoutMs)` fans out via Promise.all, aligning
results with input order.
- `cancel(id)` LPUSHes a poison-pill sentinel to wake a pending waiter,
used when the agent loop is terminated mid-tool.
Covered by unit tests (6 cases: push-before / push-after / timeout /
batch / cancel / malformed payload).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent-runtime): use multi-key BLPOP in waitForResults to avoid N×timeout latency
Promise.all-ing waitForResult over a shared blocking Redis connection
actually serializes: BLPOP holds the socket, so calls run back-to-back
rather than concurrently. A batch of N where some results never arrive
would take up to N × timeoutMs to resolve, stalling tool-call loops
and delaying cancellation.
Rewrite waitForResults to use Redis's multi-key BLPOP in a loop with a
shared deadline: each iteration blocks on all remaining keys with the
remaining budget, wakes when any one arrives, drops that key, and
re-enters with the rest. Total latency is bounded by one timeoutMs
regardless of N. Single-key waitForResult now delegates to this path.
Covered by a new regression test asserting that an N=3 batch of
never-arriving keys completes in ~1 timeout window, not N×.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat(api): add POST /api/agent/tool-result callback endpoint
Agent Gateway forwards client tool execution results to this endpoint;
the handler LPUSHes into a per-toolCallId Redis list with a 120s TTL so
the server-side agent loop's BLPOP can wake and continue.
- Auth via AGENT_GATEWAY_SERVICE_TOKEN bearer header
- Zod-validated body: { toolCallId, content, success, error? }
- Key: tool_result:{toolCallId}
- Idempotency not required; duplicates sit under TTL until expired
No runtime caller yet — wiring lands with the BLPOP waiter in LOBE-7068.
Covered by unit tests (6 cases: missing/wrong token, missing token env,
invalid body, Redis unavailable, happy path, Redis write error).
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat(agent-runtime): add GatewayStreamNotifier.sendToolExecute
Expose a request-response-style push for tool_execute on top of the
existing Gateway HTTP pipe. Callers use this to delegate tool execution
to the client; failures surface back to the caller so the agent loop
can decide whether to fall back to the interrupt-resume path.
- `IStreamEventManager.sendToolExecute?` — optional interface method,
only the Gateway-backed notifier implements it (InMemory/Redis-only
managers intentionally leave it undefined)
- `GatewayStreamNotifier.sendToolExecute(operationId, ToolExecuteData)`
POSTs to Gateway `/api/operations/tool-execute`
- New private `httpPostAwait` helper preserves the 5s timeout but,
unlike the fire-and-forget `httpPost`, rejects on non-ok / network
failure so callers can react
No runtime caller yet; the dispatch branch lands with LOBE-7068.
Covered by unit tests (3 new cases: happy path payload, non-ok
response, network error).
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(agent-stream): add tool_execute / tool_result protocol types
Introduce the type-level scaffold for the Gateway-mediated client tool
execution flow:
- `tool_execute` server→client event with `ToolExecuteData` payload
(toolCallId, identifier, apiName, arguments, executionTimeoutMs)
- `tool_result` client→server message with success/error and content,
added to the `ClientMessage` union
No runtime wiring yet; this PR is pure type scaffolding so subsequent
server (Redis BLPOP waiter, Gateway notifier, RuntimeExecutors branch)
and client (gateway handler) work can land independently.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Update types.ts
* 💄 style(agent-stream): reorder ToolResultMessage fields for perfectionist
Move `error?` before `state?` to satisfy `perfectionist/sort-interfaces`
after the `state?: any` field was added to align with ChatToolResult.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(agent): support multimodal input for server-side agent execution
Wires already-uploaded file IDs through the Gateway-mode execAgent path so
SPA-attached images / documents / videos reach the LLM when the agent runs
server-side. Resolves attachments via FileModel.findByIds, classifies by
MIME, parses documents idempotently, and persists the messages_files link
for history replay.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent): dedupe repeated fileIds before writing messages_files
messages_files has a composite PK on (file_id, message_id); a fileIds array
containing the same id twice would fail the insert and abort execAgent. Dedupe
the input while preserving caller-provided order so rendering stays stable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ToolExecutor ('client' | 'server') as a new orthogonal dimension
alongside ToolSource to describe where a tool invocation is dispatched.
Thread executorMap through OperationToolSet / ResolvedToolSet / AgentState
and attach executor to the ChatToolPayload emitted in onToolsCalling.
Defaults remain empty (all server-side), so behavior is unchanged. This
is pure scaffolding to unblock subsequent work on client-side dispatch.
Also remove the unused 'plugin' value from ToolSource (no downstream
consumers branched on it; installed plugins now labeled 'mcp').
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix: guard non-string content in context-engine to prevent `e.trim is not a function`
Two unguarded `.trim()` / string-concatenation paths in the context-engine
could throw or produce garbage text when a message's `content` is not a
plain string (multimodal parts array, null tool turns). Both are reached
in normal chat and trigger `e.trim is not a function` in production.
- `resolveTopicReferences`: filter out non-string content in the fallback
`lookupMessages` path before calling `.trim()`. Without this guard, the
outer try/catch swallows the TypeError and drops the whole fallback.
- `MessageContent` processor: normalize `message.content` (string or
parts array) before concatenating file context, instead of relying on
implicit `toString()` coercion which emitted `[object Object]` into
the LLM prompt.
Adds regression tests for both paths.
🐛 fix(local-system): restore loc param when calling readLocalFile IPC
The `denormalizeParams` method in `LocalSystemExecutionRuntime` was
missing a case for `readLocalFile`. It fell through to `default`, which
passed `{startLine, endLine, path}` as-is to the IPC layer. However,
the IPC handler (`LocalFileCtr.readFile`) expects `LocalReadFileParams`
with `loc?: [number, number]`, not `startLine`/`endLine`. As a result,
`loc` was always `undefined` on the IPC side, causing `readLocalFile`
to default to `[0, 200]` and always return content from line 0.
Fix: add an explicit `readLocalFile` case that reconstructs the `loc`
tuple from `startLine` and `endLine` before forwarding to the IPC layer.
Fixes#13735
Co-authored-by: octo-patch <octo-patch@github.com>
* 🐛 fix: refine ProviderBizError classification for insufficient balance and quota limit errors
Extract inline "Insufficient Balance" check into a dedicated `isInsufficientQuotaError` utility with case-insensitive matching and broader patterns. Add "too many tokens" pattern to `isQuotaLimitError` for Moonshot rate-limit messages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update
* 🐛 fix: remove "account has been deactivated" from InsufficientQuota patterns
Account deactivation can be triggered by policy, security, or account review — not just billing. Classifying it as InsufficientQuota misleads users into topping up balance when the fix is usually permission or support escalation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add AccountDeactivated error type for deactivated/suspended accounts
Separate account deactivation from InsufficientQuota so users get actionable guidance (contact support) instead of misleading billing advice.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: preserve error message in ChatCompletionErrorPayload for ProviderBizError
Add `message` field to `ChatCompletionErrorPayload` and extract SDK error messages in `handleOpenAIError` and `handleAnthropicError`, so downstream consumers (agent tracing, error state) receive human-readable error details instead of generic "ProviderBizError".
Closes LOBE-7019
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: guard nullish error in handleAnthropicError
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: resolve author info (avatar + name) for task activity list
Add `author` field to `TaskDetailActivity` with `{id, type, name, avatar}`.
Backend resolves agent/user info via batch queries in `getTaskDetail`:
- Topics: author is the task's assignee agent
- Briefs: author is the brief's agentId
- Comments: author is authorAgentId or authorUserId
Fixes LOBE-7013
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: move author resolution queries to model layer
Replace direct db.select() calls in TaskService with:
- AgentModel.getAgentAvatarsByIds() for agent info
- UserModel.findByIds() for user info
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix: show loading state for assistant message during sendMessage phase
During optimistic update, the assistant message content is "..." but the
loading indicator was not shown because isGenerating only checks
AI_RUNTIME_OPERATION_TYPES (execAgentRuntime), not sendMessage. Include
isCreating state so the loading dots appear immediately when message is sent.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add delete action to agent profile dropdown menu
Add a "Delete" option to the three-dot menu in Agent Profile header,
with confirmation modal. Uses existing `removeAgent` from homeStore.
Fixes LOBE-6582
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: navigate to home after deleting agent from profile
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: complete operation and show error on gateway error event
- Error event handler writes inline error immediately via
internal_dispatchMessage, then fetches from DB for richer detail.
This ensures the UI always shows an error even when the server
hasn't persisted the error into the message table.
- disconnected listener only fires onSessionComplete after a terminal
agent event (agent_runtime_end / error), not on auth failures or
explicit disconnect calls.
- Track terminal events via agent_event listener with dedup guard to
prevent double-firing onSessionComplete.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: persist error into assistant message on agent runtime failure
When an agent runtime step fails, the error was written to error_logs
and Redis state but not to the assistant message in the DB. This caused
the frontend to show an empty message after fetchAndReplaceMessages,
since the message had no error field set.
Now dispatchCompletionHooks writes the error to the assistant message
via messageModel.update when reason is 'error', matching the pattern
used by updateAbortedAssistantMessage.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add `cancelIfRunning` to TaskTopicModel: atomically cancel only if topic
is still running, preventing overwrite of concurrent completed/timeout transitions
- Skip topic cancellation when `interruptTask` fails, keeping DB state
consistent with the still-running remote operation
- Add test for interrupt failure scenario
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat(subscription): add cross-platform subscription i18n and mobile subscription router
- Add crossPlatform.title/desc/manageOnMobile translations for 18 languages
- Register mobileSubscriptionRouter in mobile tRPC router
- Add mobileSubscription business router placeholder
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ Restructure sidebar layout: extract Lobe AI entry, move New Agent button
- Extract Lobe AI (InboxItem) from agent list to standalone top entry in sidebar body
- Move "New Agent" button from header to below Lobe AI entry
- Add "Create" to bottom menu items alongside Community and Resources
- Filter hidden items in BottomMenu component
Fixes LOBE-6938
https://claude.ai/code/session_01RtfXck3GUngoLAgP2yHArz
* ✨ Add unified Recents section to home page
- New TRPC router `recent.getAll` aggregating topics, documents, files, and tasks
- New client service and SWR-based store integration for recents data
- Unified Recents component on home page with type-based icons
- Items sorted by updatedAt, limited to 10, mixed across all types
Fixes LOBE-6938
https://claude.ai/code/session_01RtfXck3GUngoLAgP2yHArz
* ⚡ Prefetch agent config on hover for faster page loads
- Add usePrefetchAgent hook using SWR mutate to warm cache
- Trigger prefetch on mouseEnter for sidebar agent items
- Reduces or eliminates loading screen when navigating to agent pages
Fixes LOBE-6938
https://claude.ai/code/session_01RtfXck3GUngoLAgP2yHArz
* ✨ Redesign agent homepage with info, recent topics, and tasks
- New AgentHome feature replacing the old AgentWelcome component
- Agent info section: avatar, name, description, opening questions
- Recent Topics: horizontal scrollable cards for agent-specific topics
- Tasks section: list with status labels for agent-assigned tasks
- Preserve ToolAuthAlert for tool authorization flows
Fixes LOBE-6938
https://claude.ai/code/session_01RtfXck3GUngoLAgP2yHArz
* fix: common misstakes in layout
* chore: add fetch Recents cache
* chore: add back createagents
* chore: add back lobe ai
* feat: add display count
* feat: add create agent button
* feat: add sidebar section order
* chore: move divider
* ✨ feat: show current page size in display items submenu
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add sidebar display management with customize sidebar modal
- Add "Hide section" and "Customize sidebar" to Recents/Agents dropdown menus
- Create CustomizeSidebarModal with eye toggle for section visibility
- BottomMenu (Community/Resources) also manageable via modal
- Show customize sidebar button in footer when all sections hidden
- Add hiddenSidebarSections to store with localStorage persistence
- Rename "Display Items" to "Show" in dropdown menus
- Add 12px margin between accordion sections and bottom menu
- Add i18n keys for en-US and zh-CN
Fixes LOBE-6938
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: use SlidersHorizontal icon for customize sidebar
Replace Settings2/PanelLeft icon with SlidersHorizontal to avoid
confusion with the settings gear icon.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: refine sidebar customization UX
- Move Settings entry from Footer to BottomMenu alongside Community/Resources
- Add Settings to Customize sidebar modal with eye toggle
- Allow hiding all sections (remove disabled constraint)
- Move Customize sidebar button next to help button in Footer
- Merge Agent dropdown: group Create items with Category items
- Use SlidersHorizontal icon for Customize sidebar
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add recents item actions and "more" drawer
- Add inline rename (same as Agent Topic) and delete to Recents items
- Topic/document/file support rename + delete, task supports delete only
- Add "more" button when items exceed pageSize, opens AllRecentsDrawer
- AllRecentsDrawer shows all cached recents from store (up to 50)
- Fetch max(pageSize, 50) items to support drawer without extra request
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add create agent/group modal with ChatInput and examples
- Add CreateAgentModal using base-ui Modal with ChatInputProvider
- Show suggestion examples (agent/group mode) in 2-column grid
- Submit triggers sendAsAgent/sendAsGroup to auto-generate via Agent Builder
- "Create Blank" button for skipping the prompt
- Integrate modal into AgentModalProvider for shared state across sidebar
- Wire up AddButton, NewAgentButton, and dropdown menus to open modal
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: optimitic update rename
* chore: prefetch agent detail
* feat: add recent topic meta data
* feat: add recents search
* ⚡ perf: optimize recents API with single UNION query and prefetch
- Replace 3 separate DB queries with single UNION ALL query (RecentModel)
- Add optimistic updates for rename and delete actions
- Add hover prefetch for resources (usePrefetchResource)
- Add hover prefetch for agent config on topic/task items
- Change default pageSize to 5 for both Agents and Recents
- Unify delete confirmation messages per item type
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: adjust settings page
* chore: optimize side bar
* feat: recents support right click
* chore: add pin icon to Agents
* chore: add custom side bar modal
* chore: reserve rencent drawer status
* feat: add prefetch route
* feat: add LobeAI prefetch
* fix: document and task rename and delete operation lost
* fix: group route id
* fix: lint error
---------
Co-authored-by: Claude <noreply@anthropic.com>
* chore: bump lucide-react from ^0.577.0 to ^1.8.0
Breaking change: Github icon was removed from lucide-react v1.x (brand icons removed).
Replaced with Github from @lobehub/icons in 5 affected files.
* fix: use GithubIcon from @lobehub/ui/icons instead of @lobehub/icons
When a task's status changes from `running` to another state (backlog/paused/completed/canceled),
automatically cancel all associated running topics and interrupt their operations.
This prevents 409 CONFLICT errors when users try to re-run a task after manually changing its status.
Fixes LOBE-6719
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## 📦 Weekly Release 20260410
This release includes **67 commits**. Key user-facing updates below.
### New Features and Enhancements
- Introduced **Prompt Rewrite & Translate** feature for assisted input
editing.
- Added **Skill Panel** with dedicated skills tab in the skill store and
fixed skill icon rendering.
- Introduced `lh notify` CLI command for external agent callbacks.
- Added `migrate openclaw` CLI command.
- Added **GraphAgent** and `agentFactory` for graph-driven agent
execution (experimental).
- New topic auto-creation every 4 hours for long-running sessions.
### Models and Provider Expansion
- Added a new provider: **StreamLake (快手万擎)**.
- Added **GLM-5.1** model support with Kimi CodingPlan fixes.
- Added **Seedance 2.0** & **Seedance 2.0 Fast** video generation models
(pricing adjusted with 20% service fee).
- Expanded AIGC parameter support for image and video generation.
- Improved model type normalization for better provider compatibility.
- Multi-media and multiple connection mode support for ComfyUI
integration.
### Desktop Improvements
- **Embedded CLI** in the desktop app with PATH installation support.
- Added Electron version display in system tools settings.
- Fixed RuntimeConfig instant-apply working directory with recent list.
- Fixed desktop locale restore — now uses stored URL parameter instead
of system locale.
- Improved remote re-auth for batched tRPC and clean OIDC on gateway
disconnect.
### Stability, Security, and UX Fixes
- **Security**: prevented path traversal in
`TempFileManager.writeTempFile`; patched IDOR in
`addFilesToKnowledgeBase`; upgraded `better-auth` with hardened
`humanIntervention` requirement in builtin-tool-activator.
- **Context engine**: added `typeof` guard before `.trim()` calls to
prevent runtime crashes.
- **Agent runtime**: preserved reasoning state across OpenAI providers;
fixed service error serialization producing `[object Object]`; surfaced
error `reasonDetail` in `agent_runtime_end` events.
- **Knowledge Base**: cleaned up vector storage when deleting knowledge
bases.
- **Templates**: allow templates to specify `policyLoad` so default docs
are fully injected.
- **Skills**: inject current agents information when `lobehub_skill` is
activated; filter current agent out of available agents list; fix
`agents_documents` overriding `systemRole`.
- **Google Tools**: use `parametersJsonSchema` for Google tool schemas.
- **Web Crawler**: prevent happy-dom CSS parsing crash in
`htmlToMarkdown`.
- **Mobile/UI**: fixed video page icon collision, missing locale keys,
model query param; hidden LocalFile actions on topic share page; allow
manual close of hidden builtin tools.
- **Auth**: `ENABLE_MOCK_DEV_USER` now supported in `checkAuth` and
openapi auth middleware.
- **Sandbox**: stopped using `sanitizeHTMLContent` to block scripts &
sandbox styles.
### Refactors
- Library/resource tree store for hierarchy and move sync.
- Removed legacy `messageLoadingIds` from chat store.
- Removed promptfoo configs and dependencies.
- `OnboardingContextInjector` wired into context engine.
### Credits
Huge thanks to these contributors (alphabetical):
@arvinxx @canisminor1990 @cy948 @hardy-one @hezhijie0327 @Innei
@MarcellGu @ONLY-yours @rdmclin2 @rivertwilight @sxjeru @tjx666
Add `typeof !== 'string'` checks before `.trim()` calls in BaseSystemRoleProvider,
SystemRoleInjector, and BaseProcessor to prevent TypeError when a non-string truthy
value (e.g. object, array, number) is passed at runtime.
* fix(builtin-tool-activator): add humanIntervention required field to activateTools manifest
- Add humanIntervention: "required" to the activateTools API manifest
- Update better-auth dependency from 1.4.6 to 1.4.9 (GHSA-xg6x-h9c9-2m83, 分数: 7.4)
* Downgrade better-auth version to 1.4.6
Thanks for your correction.
* ✨ feat: add gateway mode branch to regenerateUserMessage
When gateway mode is enabled, regenerateUserMessage now calls
executeGatewayAgent with parentMessageId instead of running
internal_execAgentRuntime locally. The server handles branching
and agent execution.
Fixes LOBE-6934
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: switch branch before gateway regeneration and keep operation open
- Move switchMessageBranch before the gateway/client branch so
activeBranchIndex is advanced and the UI shows the new response
immediately (fixes regression from client path)
- Add onComplete callback to executeGatewayAgent so callers can
run cleanup when the gateway session finishes
- Keep regenerate operation running until onComplete fires,
preventing duplicate concurrent regenerations via isMessageRegenerating
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: fix Kimi K2.5 model icon display by using deploymentName
- Change model id from 'k2p5' to 'kimi-k2.5' to match Moonshot icon keywords
- Add deploymentName 'k2p5' for API calls to use original model name
- Add KimiCodingPlan to providersWithDeploymentName list
This allows the model icon to display correctly while maintaining
backward compatibility with the API using the original 'k2p5' name.
* 🐛 fix: normalize messages for KimiCodingPlan thinking models
Add message normalization for Kimi K2.5 and K2 Thinking models to ensure
every assistant message has a thinking block when thinking is enabled.
This fixes the issue where regenerating with KimiCodingPlan after using
other providers would fail with "thinking is enabled but reasoning_content
is missing" error, because historical messages from other providers don't
have reasoning fields.
The normalization adds a placeholder thinking block when:
1. Thinking is enabled for Kimi K2.5/K2 Thinking models
2. Assistant message doesn't have reasoning content
* ✨ feat(siliconcloud): add GLM-5.1 model support
Add GLM-5.1 (Pro) model configuration with:
- 198K context window
- Function call and reasoning capabilities
- Tiered pricing (0-32k / 32k+)
- reasoningBudgetToken32k extension parameter
* 🐛 fix: use hardcoded maxOutput mapping for KimiCodingPlan models
Replace getModelPropertyWithFallback with a simple hardcoded mapping to fix
the issue where max_tokens lookup fails when using deploymentName (k2p5).
The model id is converted to deploymentName in ChatService layer before
reaching the provider, causing getModelPropertyWithFallback('k2p5', ...) to
fail since the model card uses id 'kimi-k2.5'.
By using a hardcoded mapping that supports both model id and deploymentName,
we avoid the lookup issue while keeping the code simple (KimiCodingPlan only
has a few models).
* ✅ test(kimiCodingPlan): add tests for thinking and max_tokens handling
Add comprehensive tests for KimiCodingPlan provider covering:
- Hardcoded maxOutput mapping for k2p5, kimi-k2.5, kimi-k2-thinking
- Thinking parameter handling for kimi-k2.5 and kimi-k2-thinking models
- Message normalization with forceThinking for assistant messages
- Tool calls with reasoning content to prevent API error
* ✅ test(kimiCodingPlan): add tests for thinking and max_tokens handling
Add comprehensive tests for KimiCodingPlan provider covering:
- Hardcoded maxOutput mapping for k2p5, kimi-k2.5, kimi-k2-thinking
- Thinking parameter handling for kimi-k2.5 and kimi-k2-thinking models
- Message normalization with forceThinking for assistant messages
- Tool calls with reasoning content to prevent API error
* refactor(workflow): rewrite WorkflowSummary with status dot and minimal flat style
* refactor(workflow): rewrite WorkflowCollapse with unified borderless container
* ✨ feat(workflow): add WorkflowExpandedList component and fix type errors
* ♻️ refactor(workflow): add missing Workflow components with Minimal Flat design
- WorkflowReasoningLine: cssVar tokens, aligned padding
- WorkflowToolDetail: new expandable result panel with motion animation
- WorkflowToolLine: expand chevron, getToolColor, detail panel integration
- WorkflowExpandedList: flat rendering with reasoning + tool lines
* Add tool call collapse support
Made-with: Cursor
* 💄 style(workflow): align WorkflowCollapse UI with @lobehub/ui design system
- Align border-radius, gap, padding tokens across all Workflow components
- Replace chevron expand/collapse with status icons (CheckCircle2, CircleX, Loader2)
- Use @lobehub/ui Highlighter for tool detail panel with JSON auto-formatting
- Use @lobehub/ui Flexbox for WorkflowExpandedList with proper gap and padding
- Fix delete action to use removeToolFromMessage instead of deleteAssistantMessage
- Wire debug button to existing Tool/Debug panel with full tabs
- Fix auto-collapse to only trigger on incomplete→complete transition
- Single ChevronDown with rotation for WorkflowSummary (match @lobehub/ui pattern)
* 💄 style(workflow): use AccordionItem and inspectorTextStyles for WorkflowCollapse
- Replace custom WorkflowSummary with @lobehub/ui AccordionItem
- Use StatusIndicator pattern (Block outlined 24x24) for status icon
- Apply inspectorTextStyles.root for title text (colorTextSecondary)
- Remove WorkflowSummary.tsx (dead code)
- Match Tool component AccordionItem usage (paddingBlock/Inline=4, borderless)
* 💄 style(workflow): remove divider and gap from WorkflowExpandedList
* 💄 style(workflow): align WorkflowCollapse title bar with Thinking component
* 💄 style(workflow): unify inner item spacing, font size, and colors
* ✨ feat(workflow): add streaming scroll behavior with max-height and auto-scroll
* 💄 refactor(assistant-group): refine workflow collapse UI and duration
- Use Accordion for collapse; align tool/reasoning lines with generation state
- Show workflow header duration from summed block performance, not reasoning only
Made-with: Cursor
* ✨ feat(inspector): enhance ActivateToolsInspector to display not found tools count
- Added localization for not found tools message in English, Chinese, and default locales.
- Updated ActivateToolsInspector to show a tooltip with the count of tools not found.
- Modified StatusIndicator to support a warning state for scenarios where no tools are activated but some are not found.
Signed-off-by: Innei <tukon479@gmail.com>
* 💄 style(workflow): simplify padding in WorkflowExpandedList component
- Removed unnecessary paddingInline from Flexbox elements in WorkflowExpandedList for cleaner layout.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(assistant-group): introduce constants and utility functions for workflow management
- Added constants for workflow timing, limits, and tool display names to enhance the assistant group's functionality.
- Implemented utility functions for processing and scoring post-tool answers, improving the workflow's response handling.
- Created new components for rendering content blocks and managing scroll behavior in the assistant group.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(assistant-group): enhance ContentBlock and Group components with content handling logic
- Added logic to conditionally render message content based on content availability and tool presence in ContentBlock.
- Introduced utility functions to determine substantive content and reasoning in Group, improving block partitioning for workflow management.
- Updated partitioning logic to handle trailing reasoning candidates and streamline answer and working block separation.
Signed-off-by: Innei <tukon479@gmail.com>
* 🙈 chore(gitignore): clarify superpowers local paths
Document that `.superpowers/` and `docs/superpowers/` are plugin/local outputs
and must not be committed.
Made-with: Cursor
* 👷 chore(ci): restore auto-tag-release workflow from canary
Revert unintended workflow edits so release tagging stays on main with
sync-main-to-canary dispatch.
Made-with: Cursor
---------
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 feat(db): add findExclusiveFileIds, deleteWithFiles, deleteAllWithFiles to KnowledgeBaseModel
Add methods to safely clean up vector storage when deleting knowledge bases:
- findExclusiveFileIds: identifies files belonging only to a specific KB
- deleteWithFiles: deletes KB and its exclusive files with chunks/embeddings
- deleteAllWithFiles: bulk version for deleting all user KBs
* 🐛 fix(kb): wire vector cleanup in TRPC router, OpenAPI service, and client
- TRPC removeKnowledgeBase: use deleteWithFiles when removeFiles=true + S3 cleanup
- TRPC removeAllKnowledgeBases: use deleteAllWithFiles + S3 cleanup
- OpenAPI deleteKnowledgeBase: use deleteWithFiles + S3 cleanup
- Client service: default removeFiles=true when deleting knowledge base
* 🐛 fix(knowledgeBase): change default behavior of deleteKnowledgeBase to not remove files and update related tests
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(knowledgeBase): add optional query parameter to deleteKnowledgeBase for file removal
- Introduced `removeFiles` query parameter to control the deletion of exclusive files and derived data when deleting a knowledge base.
- Updated `KnowledgeBaseController`, `KnowledgeBaseService`, and related schemas to support this new functionality.
This change enhances the flexibility of the delete operation, allowing users to choose whether to remove associated files.
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 fix: cascade knowledge base deletion and add orphan cleanup runbook
* ✨ feat(knowledgeRepo): implement cascading deletion for file-backed documents
- Enhanced the `KnowledgeRepo` to ensure that when a document with an associated file is deleted, all related data (files, chunks, embeddings) are also removed.
- Introduced a new method `deleteDocumentWithRelations` to handle the cascading deletion logic.
- Updated tests to verify that all related entities are deleted when a file-backed document is removed.
This change improves data integrity by ensuring that no orphaned records remain after deletions.
Signed-off-by: Innei <tukon479@gmail.com>
* Defer DocumentService file initialization
* Fix flaky database tests and knowledge repo fixtures
* Add deletion regression tests for folders and external files
* ⏪ chore: remove kb orphan cleanup files from pr
---------
Signed-off-by: Innei <tukon479@gmail.com>
* 🌐 chore: update execServerAgentRuntime i18n copy
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: extend execAgent with parentMessageId for regeneration/continue via Gateway
Add parentMessageId support to the execAgent API, enabling regeneration and continue-generation flows through the Gateway WebSocket path. When parentMessageId is provided, user message creation is skipped (resume mode) and the new assistant message branches from the specified parent.
Fixes LOBE-6933
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: propagate parentMessageId through execAgents batch and fix test types
- Forward parentMessageId in execAgents executeTask to maintain batch parity with execAgent
- Fix ExecAgentResult mock types in gateway tests
- Fix messages table insert type cast in server router test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(modelParse): enhance model type normalization and add tests for invalid types
* feat(modelParse): optimize imports and improve model type handling
* 🐛 fix: buffer and deduplicate events during resume to prevent out-of-order display
When reconnecting with empty lastEventId (page reload), live broadcast
events can arrive before resume replay completes, causing content to
appear out of order. Now AgentStreamClient enters resume mode: buffers
all events, waits for a 500ms gap (resume replay is dense, live events
are sparse), then deduplicates by event ID and emits in order.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: clear runningOperation on agent finish + resume timeout for completed sessions
- RuntimeExecutors.finish clears topic metadata.runningOperation when
agent reaches terminal state, so stale entries don't trigger reconnect
- AgentStreamClient resume mode: add 3s timeout for empty buffer —
if no events arrive after resume request, session has already completed,
emit session_complete and disconnect
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: eagerly fetch messages after topic switch to avoid skeleton flash
After switchTopic in Gateway mode, immediately fetch messages from DB
and replace in store, so the UI renders content right away instead of
showing a skeleton loading state while SWR re-fetches.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: eliminate skeleton flash on gateway topic switch
Match the client-mode pattern: fetch messages from DB and replaceMessages
BEFORE calling switchTopic with skipRefreshMessage: true. This ensures
messages are already in the store when the topic switches, preventing
a skeleton loading flash.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: flush resume buffer on session_complete before disconnect
session_complete is a top-level ServerMessage (not an agent_event), so
it bypassed the resume buffer. When it arrived during resume mode,
disconnect() cleared the buffer and all replayed events were lost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: limit resume buffering to explicit reconnect scenarios only
Resume mode was triggered for ALL new connections (lastEventId always
empty on first connect), delaying live streaming for normal operations.
Now resume buffering requires explicit opt-in via resumeOnConnect option,
which is only set by reconnectToGatewayOperation (page-reload reconnect).
Normal executeGatewayAgent connections stream events immediately.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: should inject current agnets information when actived the lobehub skill
* fix: not inject the agent systemRole in lobehub skill inject
* fix: should use the isLobeHubSkillActive hook to judge
* fix: change the tools inject to vars replace function
* fix: add the lost topic id & agent title
* fix: later the PlaceholderVariablesProcessor
* fix: update the description
* ✨ feat: add StreamLake (快手) support
* style: add thinking support
style: add thinking support
style: add thinking support
style: add thinking support
style: add thinking support
🐛 fix(server): prevent path traversal in TempFileManager.writeTempFile
Use path.basename() to strip directory components from user-supplied
filenames before writing temp files, preventing arbitrary file write
via crafted filenames like "../../app/startServer.js".
Fixes LOBE-6904
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: persist runningOperation to topic metadata for gateway reconnect
- Add runningOperation field to ChatTopicMetadata type
- execAgent writes { operationId, assistantMessageId } to topic metadata
after creating the operation
- onSessionComplete clears runningOperation from metadata (best-effort)
- Extend updateTopicMetadata tRPC schema + service to support the field
Fixes LOBE-6905
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add refreshGatewayToken tRPC endpoint
Signs a fresh JWT for Gateway WebSocket reconnection after page reload.
The token is scoped to the authenticated user via signUserJWT.
Fixes LOBE-6906
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: auto-reconnect to running Gateway operation on topic load
- Add reconnectToGatewayOperation to GatewayActionImpl — refreshes JWT,
creates local operation, and connects WebSocket with event replay
- Add useGatewayReconnect hook — checks topic metadata.runningOperation
when entering a topic and triggers reconnection
- Wire hook into ConversationArea
Fixes LOBE-6907
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: preserve thread scope in reconnect context and subscribe to topic metadata
- Store scope + threadId in topic metadata.runningOperation
- reconnectToGatewayOperation uses stored scope/threadId instead of
hardcoded main/null
- useGatewayReconnect subscribes to runningOperation via useChatStore
selector so it triggers when topic data arrives from SWR (not just
on mount when data may be empty)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: update device tests to allow runningOperation metadata writes
The tests asserted updateMetadata was never called, but now execAgent
persists runningOperation. Changed to assert no device-binding metadata
was written (boundDeviceId), which is the actual intent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: use SWR for gateway reconnect lifecycle
Replace useEffect + ref with useSWR keyed by operationId. SWR
naturally deduplicates (same key = no re-fetch), handles the async
reconnect, and doesn't fire when key is null (no runningOperation).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: validate topic has running operation before issuing gateway token
refreshGatewayToken now requires topicId, verifies the topic belongs to
the user and has a runningOperation in metadata before signing a JWT.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: break signin title into two lines
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix signin.title formatting in auth.json
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: allow templates to specify policyLoad so default docs are fully injected
All documents were hardcoded to PolicyLoad.PROGRESSIVE on creation,
causing CLAW template docs (IDENTITY, SOUL, BOOTSTRAP, AGENTS) to be
progressively disclosed instead of fully injected into context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: forward policyLoad through upsertDocument and persist on update
- Add policyLoad to UpsertDocumentParams and pass it through to model
- Add policyLoad param to update() so upsert's existing-document path
writes the value instead of silently discarding it
- Ensures re-running template init migrates pre-existing docs to ALWAYS
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: change update() to use named params object instead of positional args
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: change create() and upsert() to use named params object
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: improve agentDocuments test coverage to 99%
Add tests for uncovered branches:
- normalizeLoadRule default branch (unknown rule)
- explicit 'always' rule match
- by-time-range with NaN dates
- resolveDocumentLoadPosition fallback paths
- composeToolPolicyUpdate with existing context values
- upsert create path for new filenames
- getAgentContext empty docs path
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: preserve policyLoad when copying documents
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ fix: align test assertion with refactored create() params object signature
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(database): add ownership check in addFilesToKnowledgeBase to prevent IDOR
Verify that the target knowledge base belongs to the authenticated user
before inserting files, preventing unauthorized file injection into
other users' knowledge bases.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: reuse existing messages in execAgent when existingMessageIds provided
When existingMessageIds contains [userMsgId, assistantMsgId], skip
creating new messages and reuse the existing ones. This fixes duplicate
messages in Gateway mode where sendMessageInServer already created
the messages before execAgentTask is called.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: allow clicking NavItem while loading
Loading state should only show a visual indicator, not block onClick.
This fixes topic sidebar items being unclickable during agent execution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Revert "🐛 fix: reuse existing messages in execAgent when existingMessageIds provided"
This reverts commit 43b808024d5c4a0074b692a85083a72046ab47e0.
* 🐛 fix: skip sendMessageInServer in Gateway mode to avoid duplicate messages
Gateway mode now calls execAgentTask directly instead of going through
sendMessageInServer first. The backend creates user + assistant messages
and topic in one call. executeGatewayAgent handles topic switching
internally after receiving the server response.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🌐 chore: add i18n for execServerAgentRuntime operation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: move temp message cleanup after executeGatewayAgent succeeds
Keep temp messages visible during the gateway call so the UI isn't
blank. On failure, mark the operation as failed instead of silently
returning — temp messages remain so the user sees something went wrong.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove manual temp message cleanup in gateway mode
switchTopic handles new topic navigation, and fetchAndReplaceMessages
replaces the message list from DB — no need to manually delete temp
messages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: clear _new key temp messages when gateway creates new topic
Pass clearNewKey: true to switchTopic so temp messages from the
optimistic create don't persist in the _new key after switching
to the server-created topic.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: import ExecAgentResult from @lobechat/types
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(desktop): embed CLI in app and PATH install
Made-with: Cursor
* ✨ feat(desktop): add CLI command execution feature and UI integration
- Implemented `runCliCommand` method in `ElectronSystemService` to execute CLI commands.
- Added `CliTestSection` component for testing CLI commands within the app.
- Updated `SystemCtr` to include CLI command execution functionality.
- Enhanced `generateCliWrapper` to create short aliases for CLI commands.
- Integrated CLI testing UI in the system tools settings page.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: enhance working directory handling for desktop
- Updated working directory logic to prioritize topic-level settings over agent-level.
- Introduced local storage management for agent working directories.
- Modified tests to reflect changes in working directory behavior.
- Added checks to ensure working directory retrieval is only performed on desktop environments.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(desktop): implement CLI command routing and cleanup
- Introduced `CliCtr` for executing CLI commands, enhancing the desktop application with CLI capabilities.
- Updated `ShellCommandCtr` to route specific commands to `CliCtr`, improving command handling.
- Removed legacy CLI path installation methods from `SystemCtr` and related services.
- Cleaned up localization files by removing obsolete entries related to CLI path installation.
Signed-off-by: Innei <tukon479@gmail.com>
* 🚸 settings(system-tools): show CLI embedded test only in dev mode
Made-with: Cursor
---------
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: integrate Gateway connection management into chat store
Add GatewayActionImpl to aiChat slice for managing Agent Gateway
WebSocket connections per operationId. Includes connect, disconnect,
interrupt, and status tracking. Also type the execAgentTask return value.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add Gateway mode branch in sendMessage for server-side agent execution
When agentGatewayUrl is set in server config (enableQueueAgentRuntime),
sendMessage now triggers server-side agent execution via execAgentTask
and receives events through the Agent Gateway WebSocket, instead of
running the agent loop client-side.
Includes:
- Expose agentGatewayUrl in GlobalServerConfig when queue mode is enabled
- Gateway event handler mapping stream events to UI message updates
- Fallback to client-side agent loop when Gateway is not configured
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: emit disconnected event on intentional disconnect
disconnect() was only calling setStatus('disconnected') but not emitting
the 'disconnected' event. This caused the store's cleanup listener to
never fire after terminal events (agent_runtime_end), leaving stale
connections in gatewayConnections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: enhance Gateway event handler for multi-step agent streaming
Support multi-step agent execution display (LLM → tool calls → next LLM)
using hybrid approach: real-time streaming for current step, DB refresh at
step transitions.
Fixes LOBE-6874
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: wire up Gateway JWT token from execAgent to connectToGateway
Pass the RS256 JWT token returned by execAgentTask to connectToGateway
for WebSocket authentication. Also use ExecAgentResult from @lobechat/types
instead of local duplicate definition.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: handle wss:// protocol in AgentStreamClient buildWsUrl
When gatewayUrl already uses ws:// or wss:// protocol, use it directly
instead of stripping and re-adding the protocol prefix. Previously,
wss://host would become ws://wss://host (double protocol).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: queue gateway events to ensure stream_chunk waits for refreshMessages
Use a sequential Promise chain to process gateway events, so that
stream_chunk dispatches only run after stream_start's refreshMessages
resolves. Previously, chunks arrived before the new assistant message
existed in dbMessagesMap, causing updates to be silently dropped.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: pass operationId context to internal_dispatchMessage in gateway handler
Without operationId, internal_dispatchMessage falls back to global state
to compute the messageMapKey, which may differ from the key where
refreshMessages stored the server-created messages. Passing operationId
ensures the correct conversation context is resolved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve gateway streaming display issues
- Use fetchAndReplaceMessages (direct DB fetch + replaceMessages) instead
of refreshMessages which mutates an orphaned SWR key
- Create dedicated execServerAgentRuntime operation with correct topicId
context for internal_dispatchMessage to resolve the right messageMapKey
- Complete operation on agent_runtime_end instead of relying on
onSessionComplete callback
- Keep loading state active between steps (only clear on agent_runtime_end)
so users don't think the session ended during tool execution gaps
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: maintain loading state across gateway step transitions
- Create dedicated execServerAgentRuntime operation with correct topicId
- Use fetchAndReplaceMessages instead of orphaned refreshMessages SWR key
- Re-apply loading after tool_end refresh so UI stays active between steps
- Complete operation on agent_runtime_end
- Add record-app-screen.sh for automated screen recording
- Output recordings to .records/ (gitignored)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: show loading on assistant message immediately in stream_start
Set loading on the current assistant message BEFORE awaiting
fetchAndReplaceMessages, so the UI shows a loading indicator while
waiting for the DB response instead of appearing frozen.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: drive gateway loading state via operation system instead of messageLoadingIds
Associate the assistant message with the gateway operation via
associateMessageWithOperation so the Conversation store's operation-based
loading detection (isGenerating) works correctly. This shows the proper
loading skeleton on the assistant message while waiting for gateway events.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove unused internal_toggleMessageLoading from gateway handler
Loading state is now fully driven by the operation system via
associateMessageWithOperation + completeOperation. The old
messageLoadingIds-based approach is no longer needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: rewrite record-app-screen.sh to use CDP screenshot assembly
Replace broken ffmpeg avfoundation live recording (corrupts on kill) with
agent-browser CDP screenshot capture + ffmpeg assembly on stop. This works
reliably on any screen including external monitors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add Gateway Mode lab toggle and fix CI type error
- Add enableGatewayMode to UserLabSchema as experimental feature
- Add lab selector and settings UI toggle in Advanced > Labs
- Gateway mode now requires both server config (agentGatewayUrl) AND
user opt-in via Labs toggle
- Fix TS2322: result.token (string | undefined) → fallback to ''
- Add i18n keys for gateway mode feature
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: hide Gateway Mode toggle when agentGatewayUrl is not configured
Only show the lab toggle when the server has AGENT_GATEWAY_URL set,
so users without gateway infrastructure don't see the option.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: move Gateway Mode toggle below Input Markdown in labs section
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: remove default AGENT_GATEWAY_URL value and make schema optional
Without an explicit env var, the gateway URL should be undefined so the
lab toggle and gateway mode are not available.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 docs: update SKILL.md to reference record-app-screen.sh
Replace outdated record-gateway-demo.sh references with the renamed
record-app-screen.sh and its start/stop lifecycle documentation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 docs: add record-app-screen reference doc and slim down SKILL.md
Move detailed recording documentation to references/record-app-screen.md
and keep SKILL.md concise with a link to the full reference.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: guard GatewayStreamNotifier with AGENT_GATEWAY_URL check
AGENT_GATEWAY_URL is now optional, so check both URL and service token
before wrapping with GatewayStreamNotifier to avoid TS2345.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: extract gateway execution logic to GatewayActionImpl
Move server-side gateway execution logic from conversationLifecycle.ts
into GatewayActionImpl.startGatewayExecution(). The sendMessage flow
now does a simple early return when gateway mode is active, keeping
the existing client-mode code path untouched.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: split gateway into isGatewayModeEnabled check + executeGatewayAgent
Replace fire-and-forget startGatewayExecution with explicit check/execute
pattern. Caller does: if (check) { await execute(); return; } — giving
proper error handling and clearer control flow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(ResourceManager): integrate tree store for folder management and enhance file operations
- Added `useTreeStore` to manage folder structure and state, replacing previous file store dependencies.
- Updated `EmptyPlaceholder` to utilize `currentFolderId` for file uploads.
- Refactored `MoveToFolderModal` to use tree store for moving items, improving folder navigation.
- Enhanced drag-and-drop functionality in `DndContextWrapper` to support moving items between folders.
- Removed obsolete `LibraryHierarchy` state management, streamlining folder operations.
- Improved file renaming and deletion processes to ensure tree state consistency.
This update enhances the overall file management experience by leveraging a dedicated tree store for better performance and maintainability.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(TreeAction): enhance resource movement and update handling
- Updated mutation logic for moving resources to differentiate between items visible in the Explorer and those not visible, improving performance and user experience.
- Added refresh functionality for the file list after resource updates (move, update, delete) to ensure the Explorer reflects the latest state.
- Refactored mutation methods to use async/await for better readability and error handling.
This update streamlines resource management within the tree structure, ensuring a more responsive and consistent user interface.
Signed-off-by: Innei <tukon479@gmail.com>
* Fix file updates and tree move fallback regressions
---------
Signed-off-by: Innei <tukon479@gmail.com>
🐛 fix: hide LocalFile actions (Open/Show in Folder) in share page
In topic share pages, the LocalFile component was showing 'Open' and
'Show in Folder' action buttons on hover, which are desktop-only
operations not available to share page viewers.
- Add 'readonly' prop to LocalFile component to disable interactive actions
- Detect share page context via topicShareId in LocalFile Render plugin
- Skip Popover rendering when readonly is true
* ♻️ refactor: remove legacy messageLoadingIds from chat store
The messageLoadingIds state and internal_toggleMessageLoading action in the
chat store have been fully superseded by the operation system. The state was
being written to but never read by any consumer — all UI components and
selectors already use operation-based selectors (isMessageGenerating,
isMessageProcessing, etc.).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 chore: update skill docs to remove messageLoadingIds references
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: replace messageLoadingIds with operationSelectors in generation action
The Conversation store's regenerateUserMessage was reading messageLoadingIds
from the chat store to check if a message is already being processed. Replace
with operationSelectors.isMessageProcessing which is the correct way to check
operation state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add operationsByMessage to test mocks for operation selector
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): add `lh notify` command for external agent callbacks
Add a new `lh notify` CLI command and server-side TRPC endpoint that allows
external agents (e.g. Claude Code) to send callback messages to a topic and
trigger the agent loop to process them.
Fixes LOBE-6888
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔧 chore(cli): replace sessionId with agentId and threadId in notify command
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
♻️ refactor: remove promptfoo configs and dependencies from packages
Migrate all prompt evaluation tests to the cloud repo's agent-evals framework.
Remove promptfoo directories, configs, dependencies, and generator scripts
from @lobechat/prompts, @lobechat/memory-user-memory, and @lobechat/builtin-tool-memory.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: use parametersJsonSchema for Google tool schemas to support full JSON Schema
Replace Google's restrictive Schema subset with parametersJsonSchema, which accepts
standard JSON Schema directly. This eliminates the need for resolveRefs and
sanitizeSchemaForGoogle, fixing nullable enum (LOBE-6607) and $ref (LOBE-6680) issues.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: update remaining tests to use parametersJsonSchema
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 fix(RuntimeConfig): instant-apply working directory with recent list
Remove Save/Cancel buttons from working directory selector.
Directories now apply immediately on click. Show recent directories
list with checkmark for active selection and "Choose a different folder"
entry at bottom.
* ✨ feat(SystemCtr): enhance folder selection to return repository type
Updated the `selectFolder` method to return an object containing the selected folder path and its repository type (either 'git' or 'github'). Added a new private method `detectRepoType` to determine the repository type based on the presence of a `.git/config` file. Introduced a new utility for managing recent directories, allowing the application to display appropriate icons based on the repository type in the UI.
Signed-off-by: Innei <tukon479@gmail.com>
---------
Signed-off-by: Innei <tukon479@gmail.com>
* ♻️ refactor: remove redundant update-status call from GatewayStreamNotifier
Gateway now handles session completion directly in pushEvent when it
receives agent_runtime_end, so the separate update-status HTTP call
is no longer needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: update GatewayStreamNotifier tests for removed update-status call
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat: generate JWT token for Gateway WebSocket auth in execAgent
Sign a short-lived RS256 JWT via signUserJWT(userId) when creating an agent
operation, and return it in ExecAgentResult.token so the client can
authenticate with the Agent Gateway WebSocket.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Disable CSS file loading and JS evaluation in happy-dom Window (root cause)
- Add try-catch around Readability.parse() for defense in depth
- Add regression tests for invalid CSS selectors and external stylesheet links
Closes LOBE-6869
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: support nested subtask tree in task.detail
Replace flat subtask list with recursive nested tree structure.
Backend builds the complete subtask tree in one response,
eliminating the need for separate getTaskTree API calls.
Fixes LOBE-6814
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: return empty array for root subtasks instead of undefined
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 docs: add cli-backend-testing skill
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Each instruction interface now extends AgentInstructionBase directly instead of intersection
- Group instructions by category: LLM, Tool, Task, Human Interaction, Control
- Extract AgentHookType and AgentHookEvent into agent-runtime package
- Keep AgentHook, AgentHookWebhook, SerializedHook in server layer (webhook is server-specific)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add GraphAgent and agentFactory for graph-driven agent execution
- Add GraphAgent: a decorator around GeneralChatAgent that drives execution via declarative ReasoningGraph
- Agent nodes: delegate to GeneralChatAgent for tool-calling loops, then extract structured output
- LLM nodes: single structured LLM call
- Programmatic transition evaluation (not LLM-driven)
- Backtracking with configurable limits
- Add AgentInstruction.stepLabel: allows any Agent to label steps for display in stream events and hooks
- Add agentFactory to AgentRuntimeServiceOptions: external injection of custom Agent implementations
- Add stepLabel propagation: stream_start/stream_end events and afterStep hooks carry the label
- Fix: sanitize null bytes in MessageModel.create content (consistent with existing plugin argument sanitization)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(agent-runtime): validate graph node existence and preserve transitions at backtrack limit
- Add node existence check in startNode to prevent runtime crash on invalid entry/transition targets
- Evaluate all transitions even when backtrack limit is reached; only suppress actual backtrack targets
* 🐛(device-gateway-client): prevent uncaught error when closing connecting WebSocket
Detach ws event listeners safely, temporarily handle close-phase errors, and guard ws.close() so logout/token clear does not surface a main-process uncaught exception.
Made-with: Cursor
* 🧹 refactor(tests): remove unused mockProps from ComfyUIForm test
Cleaned up the ComfyUIForm test by removing the unused mockProps object, streamlining the test setup for better clarity and maintainability.
Signed-off-by: Innei <tukon479@gmail.com>
* Hide onboarding finish tool call and preserve close error listener
---------
Signed-off-by: Innei <tukon479@gmail.com>
🐛 fix(desktop): use stored locale from URL parameter instead of system language
When the desktop app restarts, the UI language was reverting to the system
language instead of respecting the user's saved language preference.
Root cause: The inline script in index.html was setting document.documentElement.lang
from navigator.language (system language) before i18n initialization could read
the stored locale from Electron store.
Fix: Check the URL's `lng` query parameter first (which is set by Electron main
process from stored settings in Browser.ts:buildUrlWithLocale()), then fall back
to navigator.language.
Fixes#13616https://claude.ai/code/session_0128LZAbJL1a5vkGboH4U5FP
Co-authored-by: Claude <noreply@anthropic.com>
* 🐛 fix(desktop): remote re-auth for batched tRPC and clean OIDC on disconnect
- Notify authorization required when X-Auth-Required is set, not only on HTTP 401 (207 batch)
- Show AuthRequiredModal after remote config init; do not gate on dataSyncConfig.active
- Desktop: market 401 only silent refresh; avoid community sign-in UI (AuthRequiredModal handles cloud)
- Disconnect: clearRemoteServerConfig to wipe encrypted OIDC tokens
Made-with: Cursor
* 🐛 Reset user-data Zustand stores on remote disconnect and sync refresh
- Add ResetableStoreAction helper and batched reset via userDataStores
- Wire reset into Electron remote disconnect and refreshUserData
- Handle refreshUserData failures in data sync SWR onSuccess
Made-with: Cursor
* 🐛 fix(useUserAvatar): refactor desktop environment checks to use mockConstEnv
- Replace direct manipulation of mockIsDesktop with mockConstEnv.isDesktop for better encapsulation.
- Update all relevant test cases to utilize the new mock structure, ensuring consistent behavior across tests.
This change improves the clarity and maintainability of the test code.
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 test: update mocks for ShikiLobeTheme and refactor session/agent mocks
- Added ShikiLobeTheme mock to ComfyUIForm and AddFilesToKnowledgeBase tests for consistent theming.
- Refactored session and agent mocks to use async imports, improving test isolation and performance.
This enhances the clarity and maintainability of the test suite.
Signed-off-by: Innei <tukon479@gmail.com>
---------
Signed-off-by: Innei <tukon479@gmail.com>
* 🤖 chore(skills): add electron-dev.sh script and update local-testing skill
Add reusable electron-dev.sh script with start/stop/status/restart commands
that reliably manages all Electron processes (main + helpers + vite).
Update SKILL.md to reference the script instead of inline bash commands.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add AgentStreamClient for Agent Gateway WebSocket communication
Browser-compatible WebSocket client for receiving agent execution events
from the Agent Gateway. Supports auto-reconnect with exponential backoff,
heartbeat keep-alive, and event replay via lastEventId resume.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add the availableAgents into the prompt inject
* fix: should auto inject the avaiable agents into context when use the auto model
* fix: update the prompt
* fix: test fixed
* ♻️ refactor(onboarding): add OnboardingContextInjector and wire context engine
Made-with: Cursor
* 🔧 refactor(onboarding): update tool call references to use `lobe-user-interaction________builtin`
Modified onboarding documentation and utility functions to standardize the use of the `lobe-user-interaction________builtin` tool call for structured input collection, enhancing clarity and consistency across the codebase.
Signed-off-by: Innei <tukon479@gmail.com>
* 🔧 refactor(onboarding): standardize tool call references to `lobe-user-interaction____askUserQuestion____builtin`
Updated documentation and utility functions to replace instances of the `lobe-user-interaction________builtin` tool call with `lobe-user-interaction____askUserQuestion____builtin`, ensuring consistency in structured input collection across the onboarding process.
Signed-off-by: Innei <tukon479@gmail.com>
* ♻️ refactor(onboarding): move onboarding context before first user
* ♻️ refactor(context-engine): add virtual last user provider
* update v3
* 🐛 fix(onboarding): add early exit escape hatch for boundary cases
The `<next_actions>` directive only prompted finishOnboarding in the
summary phase, but phase transition required all fields + 5 discovery
exchanges — a condition extreme cases rarely meet. This left the model
stuck in discovery, never calling finishOnboarding.
- Add EARLY EXIT hint in discovery phase next_actions
- Add universal completion-signal REMINDER across all phases
- Add minimum-viable discovery fallback in systemRole
- Add explicit completion signal list in Early Exit section
- Add off-topic redirect limit in Boundaries
- Add CRITICAL persistence rule in toolSystemRole
* ✅ test(context-engine): fix OnboardingContextInjector tests to match BaseFirstUserContentProvider
Remove brittle MessagesEngine onboarding test that hardcoded XML content.
---------
Signed-off-by: Innei <tukon479@gmail.com>
🐛 fix(prompts): enforce user perspective in input completion prompt
The autocomplete prompt was generating completions from the AI assistant's
perspective (e.g., "How can I help you?") instead of the user's perspective.
Added explicit perspective constraints with good/bad examples.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add WebSocket gateway support to CLI agent run
CLI `agent run` now connects to Agent Gateway via WebSocket by default,
falling back to SSE when `--sse` is passed. After auth, sends `resume`
to fetch buffered events (covers race between exec and WS connect).
- Add `streamAgentEventsViaWebSocket` in agentStream.ts
- Add `resolveAgentGatewayUrl` in settings
- Add `OFFICIAL_AGENT_GATEWAY_URL` constant
- Support `AGENT_GATEWAY_SERVICE_TOKEN` env for gateway auth
- Add `--sse` flag for forced SSE fallback
Fixes LOBE-6800
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add WebSocket gateway stream tests for CLI
Cover auth flow, resume, event rendering, JSON mode, auth failure,
heartbeat_ack, URL construction, and a multi-step tool-call scenario.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: persist agentGatewayUrl in saveSettings/loadSettings
saveSettings and loadSettings now handle agentGatewayUrl so custom
gateway configuration survives across CLI runs. Default URL is
stripped like serverUrl to keep the settings file minimal.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: remove AGENT_GATEWAY_SERVICE_TOKEN and fix JSON double-print in WS stream
1. Remove AGENT_GATEWAY_SERVICE_TOKEN env var — gateway auth should
only use Oidc-Auth / X-API-Key from the existing auth flow.
2. Fix --json mode printing duplicate JSON arrays: agent_runtime_end,
session_complete, and onclose all called console.log independently.
Add jsonPrinted guard so only the first path outputs JSON.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Google Gemini / Vertex AI rejects `additionalProperties` and `$ref` in
function declaration schemas. The previous fix (PR #13524) resolved most
`$ref` via `resolveRefs()` but missed two cases:
1. `additionalProperties` was never stripped
2. `$ref` survived when `resolveRefs` hit its depth limit (>10) on
recursive schemas
Add both keys to UNSUPPORTED_SCHEMA_KEYS so `sanitizeSchemaForGoogle()`
strips them after ref resolution.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(github-copilot): surface quota exhaustion 429 instead of retrying
When the GitHub Copilot API returns a 429 with a Retry-After header
exceeding 5 minutes (indicating quota exhaustion rather than transient
rate limiting), throw the error immediately instead of retrying up to
MAX_RATE_LIMIT_RETRIES times with a silently capped 10s delay.
Fixes#13572
* 🐛 fix: use main scope messages for thread fork to fix subtopic re-fork failure
When inside a subtopic (activeThreadId set), openThreadCreator and portalAIChats
used activeDisplayMessages which included activeThreadId in the key, returning
thread-scoped messages instead of main conversation messages. This caused
genParentMessages to fail finding the target message, resulting in empty parent
messages and a broken/loading fork UI.
Fix: use messageMapKey with only agentId/topicId to always get main scope messages.
Closes LOBE-5023
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: include groupId in main scope key for group session support
Address Codex review: pass activeGroupId to messageMapKey so that
fork and thread selectors work correctly in group conversations
where messages are keyed by group scope instead of main scope.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔧 chore: disable input completion by default
The input auto-completion experience is not polished enough yet,
so disable it by default. Users can still enable it manually in
Settings > Agent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: update snapshot for disabled input completion default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add GatewayStreamNotifier for Agent Gateway WebSocket push
Add a decorator that wraps IStreamEventManager to additionally push
events to the Agent Gateway via HTTP (fire-and-forget). When
AGENT_GATEWAY_SERVICE_TOKEN is configured, the factory automatically
wraps the base stream manager with the gateway notifier. Redis SSE
remains the primary event channel; the gateway is an additive push
layer for WebSocket delivery.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add GatewayStreamNotifier and factory gateway wrapping tests
Ensure the decorator always delegates to the inner stream event manager
first, gateway failure never drops Redis events, and the factory
correctly wraps/skips based on AGENT_GATEWAY_SERVICE_TOKEN.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add timeout, bounded concurrency and url-join to gateway notifier
- 5s AbortSignal timeout on every gateway POST to prevent hanging sockets
- Max 20 inflight requests; excess silently dropped with a debug log
- Use url-join for URL construction instead of string concatenation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve TS18048 possibly undefined in test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: move gateway env vars to appEnv
Read AGENT_GATEWAY_SERVICE_TOKEN and AGENT_GATEWAY_URL from the
validated appEnv config instead of raw process.env.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: move gateway URL default into appEnv
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔒 fix: remove XOR auth header and legacy apiKey bypass (GHSA-5mwj-v5jw-5c97)
Completely remove the forgeable X-lobe-chat-auth XOR obfuscation mechanism:
- Remove apiKey fallback in checkAuthMethod (auth bypass vector)
- Rewrite checkAuth to use session/OIDC userId only, never trust client header
- Delete XOR encoding/decoding utilities and tests
- Delete dead keyVaults TRPC middleware (no consumers)
- Simplify createHeaderWithAuth (no longer sends XOR payload)
- Remove SECRET_XOR_KEY constant
- Remove authorizationHeader from TRPC lambda context
- Clean up CLI to only send Oidc-Auth header
- Update all affected tests
The LOBE_CHAT_AUTH_HEADER constant is retained for the async caller
(server-to-server) path which uses AES encryption via KeyVaultsGateKeeper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: restore createPayloadWithKeyVaults for fetchOnClient path
The client-side model runtime (fetchOnClient) needs getProviderAuthPayload
and createPayloadWithKeyVaults to build provider SDK init params directly
in the browser. These functions are unrelated to XOR encoding.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: guard against null session before accessing user id
Add explicit null check before accessing session.user.id to prevent
TypeError when session is null (e.g. unauthenticated requests).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add missing AgentRuntimeError import
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: remove dead createRuntime code path causing type error
The createRuntime property was removed from checkAuth's RequestHandler
type but still referenced in the route handler, causing TS2339.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- clarify in the channels overview that WeChat currently requires an
active subscription
- note that community edition users may not see the WeChat option in
channel settings yet
- keep the English and Chinese overview pages aligned
## Testing
- `git diff --check`
Related to #13461.
* ♻️ refactor(bot): migrate Bot service to Agent Runtime Hooks framework
Migrate the last consumer (Bot/AgentBridgeService) from legacy
completionWebhook/stepWebhook/stepCallbacks dual-track pattern
to the unified hooks API. This completes LOBE-6208 Step 4.
- Enrich AgentHookEvent with step presentation + tracking data
- Enrich afterStep hook dispatch with full step context
- Merge executeWithWebhooks + executeWithInMemoryCallbacks into unified hooks
- Remove legacy triggerCompletionWebhook, triggerStepWebhook, stepCallbacks
- Remove completionWebhook/stepWebhook/webhookDelivery from params
LOBE-6675
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(hooks): dispatch completion hooks on early-terminal return and fix totalToolCalls lag
- Add dispatchCompletionHooks in early-terminal branch of executeStep
so onComplete hooks fire when operation is already interrupted/done/error
between queued steps (e.g., via /stop)
- Include current step's toolsCalling in afterStep totalToolCalls so
consumers get an accurate cumulative count instead of lagging by one step
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: update tests to match hooks-based architecture
- Rewrite executeStep tests to use hookDispatcher spies instead of
removed registerStepCallbacks/getStepCallbacks API
- Rewrite completionWebhook tests to use hooks param and _hooks metadata
instead of removed completionWebhook param
- Delete stepLifecycleCallbacks.test.ts (tests removed API, coverage
now provided by HookDispatcher.test.ts + executeStep.test.ts)
- Update AgentRuntimeService.test.ts abort test to remove stepCallbacks
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve remaining CI failures from hooks migration
- Fix TS18048 errors: guard metadata access with null check in
_stepTracking block
- Migrate remaining registerStepCallbacks usage in
AgentRuntimeService.test.ts to hookDispatcher.dispatch spies:
onComplete error tests and onAfterStep tool result extraction tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(bot): update AgentBridgeService tests for hooks-based execution
Old tests expected execAgent to NOT be called (because APP_URL check
would throw in queue mode). With hooks migration, the APP_URL check
is gone (hooks use relative URLs resolved by HookDispatcher), so
execAgent is now called. Update tests to verify hooks are passed
correctly instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(bot): add hook payload compatibility tests for BotCallbackService
Add tests verifying that webhook payloads from HookDispatcher (containing
hookId/hookType fields) are correctly handled by BotCallbackService.
This validates the critical contract between the hooks framework and
the bot callback endpoint for step progress, completion, and error paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add hooks integration tests for e2e payload verification
Add integration tests that verify the full executeStep → hookDispatcher
chain produces events with all fields bot consumers depend on:
- afterStep event includes content, stepType, totalTokens, executionTimeMs
- afterStep event includes cross-step tracking (lastLLMContent, totalToolCalls)
- afterStep event includes toolsResult for tool_result phases
- onComplete fires on early-terminal states (interrupted) with lastAssistantContent
- All RenderStepParams-required fields are present and correctly typed
These tests catch payload format regressions without needing production
infrastructure (Redis, QStash, real bot platforms).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(chat-input): memoize mentionOption and slashOption to prevent page freeze on paste
Stabilize mentionOption and slashOption references with useMemo/useCallback to break the
infinite re-render loop that occurs when pasting text triggers autocomplete.
Fixes LOBE-6684
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(chat-input): trim trailing newlines from autocomplete result to prevent empty lines
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(chat-input): skip autocomplete during IME composition to prevent interrupting Chinese input
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): add `migrate openclaw` command for importing OpenClaw workspace
Add a new CLI command `lh migrate openclaw` that imports all files from the
OpenClaw workspace (~/.openclaw/workspace) as agent documents into the LobeHub
inbox agent. Supports --source, --agent-id, --slug, --dry-run, and --yes options.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor(cli): restructure migrate as directory for future providers
Refactor `migrate` command from a single file to a directory structure
(`migrate/index.ts` + `migrate/openclaw.ts`) to support future migration
sources like ChatGPT, Claude, Codex, etc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(cli): remove unnecessary `as any` casts in migrate openclaw
Use proper TrpcClient type instead of casting to any. Extract
resolveInboxAgentId helper with correct typing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor(cli): migrate openclaw creates a new "OpenClaw" agent by default
Instead of importing into the inbox, the default behavior now creates a
dedicated "OpenClaw" agent and imports workspace files as its documents.
Use --agent-id to import into an existing agent instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): restore --agent-id and --slug options for migrate openclaw
Support three modes: --agent-id (by ID), --slug (by slug, e.g. "inbox"),
or default (create a new "OpenClaw" agent).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): print agent URL after migrate openclaw completes
Show a clickable link (e.g. https://app.lobehub.com/agent/<id>) at the
end of the import so users can open the agent directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): check login state early in migrate openclaw
Verify authentication before scanning files so users get a clear
"Run 'lh login' first" message upfront instead of after confirmation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): read agent name, description, avatar from OpenClaw workspace
Parse IDENTITY.md (or SOUL.md) for Name, Creature/Vibe/Description, and
Emoji fields to populate the new agent's title, description, and avatar
instead of hardcoding "OpenClaw".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style(cli): show emoji + name instead of agent ID in migrate output
Display the agent avatar emoji and title throughout the migrate flow
(confirmation, creation, importing). The agent ID only appears in the
final URL.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(cli): exclude .venv from openclaw workspace scan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔧 chore(cli): expand excluded dirs/files for openclaw workspace scan
Filter out IDE configs, VCS dirs, OS artifacts, dependency dirs, Python
caches, build outputs, env files, and other common non-content items.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update version
* ✨ feat(cli): use `ignore` package for gitignore-based file filtering & improve output
- Replace hardcoded EXCLUDED_NAMES set with `ignore` package (gitignore syntax)
- Respect workspace .gitignore if present, plus comprehensive default rules
- Cover all common languages/tools: Python, Ruby, Rust, Go, Java, .NET, etc.
- Improve final output: friendlier completion message with agent name + URL
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(cli): add tests for migrate openclaw command
Cover profile parsing, file filtering (gitignore + default rules),
dry-run, agent resolution (--agent-id, --slug, default create),
confirmation flow, error handling, and output formatting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): filter placeholder emoji and binary/database files
- Skip avatar values like (待定), _(待定)_, TBD, N/A, etc.
- Add ignore rules for database files (*.sqlite, *.db, *.mdb, etc.),
images, media, fonts, lock files, and compiled binaries
- Runtime binary detection: check first 8KB for null bytes and skip
binary files that slip through the extension filter
- Add tests for placeholder emoji filtering, binary skip, and db exclusion
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(api,cli): support optional createdAt for agent document upsert
Thread an optional `createdAt` parameter through all layers:
- Model: AgentDocumentModel.create/upsert accept optional createdAt,
set both createdAt and updatedAt on documents + agent_documents rows
- Service: UpsertDocumentParams includes createdAt
- Router: agentDocument.upsertDocument accepts optional z.date()
- CLI: migrate openclaw passes file mtime as createdAt to preserve
original file timestamps
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style(cli): add npx usage hint to auth error message
Show 'npx -y @lobehub/cli login' alongside 'lh login' so users who
haven't installed the CLI globally know how to authenticate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update version
* ✨ feat(api,cli): support optional updatedAt for agent document upsert
Add updatedAt alongside createdAt through all layers. When both are
provided, updatedAt is used independently; when only createdAt is
given, updatedAt falls back to createdAt.
CLI now passes file birthtime as createdAt and mtime as updatedAt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(cli): use os.homedir() for default source & wrap file reads in try
- Replace process.env.HOME || '~' with os.homedir() so the default
--source path resolves correctly on Windows and when HOME is unset
- Move fs.readFileSync/statSync inside the try block so a single
unreadable file doesn't abort the entire migration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(openapi): fix response.completed output missing message, wrong tool name & id
Fix three bugs in extractOutputItems for the Response API:
1. Assistant message with text+tool_calls was dropped from output
2. Function call names kept internal ____-separated format instead of identifier/apiName
3. Function call IDs were off by one due to missing message item
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(openapi): exercise real ResponsesService in regression tests
Replace local reimplementation with vi.mock stubs + real class import
so the tests fail if the production extractOutputItems regresses.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: move skills/tools from slash menu to @ mention with direct context injection
Separates slash menu (/) and @ mention responsibilities:
- Slash menu: only commands (compact, newTopic)
- @ mention: agents, topics, skills, tools
Replaces fake activateSkill tool-call preload messages with direct
content injection via SelectedSkillInjector/SelectedToolInjector,
preventing models from mimicking activateSkill calls.
Fixes LOBE-6048
* ♻️ refactor: skip activateSkill when skill content already injected via selected_skill_context
Fixes LOBE-6048
* ♻️ refactor: align @-mention skills/tools with context injectors and preload
Made-with: Cursor
* 🐛 fix(chat): preserve editorData across queue and home input sends
* Update home send APIs and align related tests
Remove hardcoded pnpm versions in the model-bank release workflow so CI uses the repository packageManager setting and avoids pnpm version mismatch failures. Also align release commit identity with the lobehub bot account used by other release workflows.
Made-with: Cursor
* fix: add the cronjob tools executiors
* fix: should use mutate to refresh the cronjob when it changes && add it into backend runtime
* fix: add the lost deps
* fix: should await the delete servers
* 🐛 fix(model-runtime): resolve Vertex AI $ref schema error and toolConfig incompatibility
1. Dereference $ref in JSON Schema before sending to Google/Vertex AI — the memory
tool manifest (from neko's recent refactor) uses $ref which Vertex AI rejects.
2. Skip includeServerSideToolInvocations for Vertex AI — only Google AI supports it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(model-runtime): preserve sibling schema fields when resolving $ref
When a schema node has $ref plus sibling keys (e.g. description from
allOf unwrapping), the resolved definition now merges with those siblings
instead of dropping them. This preserves argument-level descriptions for
fields like timeIntent, improving tool-call quality.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔒 fix: sanitize HTML artifact content and sandbox iframe to prevent XSS-to-RCE
- Add sanitizeHTMLContent() using DOMPurify to strip dangerous tags (script, embed, object, etc.) and all on* event handler attributes
- Add sandbox="" attribute to HTML artifact iframe to block all script execution and parent frame access
- Replace doc.write() with srcDoc for cleaner rendering
- Extract shared FORBID_EVENT_HANDLERS list to DRY up SVG and HTML sanitization
Ref: GHSA-xq4x-622m-q8fq
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: correct import path from @lobehub/utils to @lobechat/utils
The package name is @lobechat/utils, not @lobehub/utils. This caused a build failure in Electron desktop app.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: implement AI input auto-completion with ReactAutoCompletePlugin
Adds GitHub Copilot-style ghost text completion to the chat input,
powered by a configurable system agent (disabled by default).
Key changes:
- Add `inputCompletion` system agent config (type, default, selector, i18n)
- Create `chainInputCompletion` prompt chain (V2 few-shot, benchmarked)
- Mount `ReactAutoCompletePlugin` in InputEditor when enabled
- Wire `getMessages` through ChatInput store for conversation context
- Add settings UI in Service Model page with enable toggle
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: update systemAgent snapshot for inputCompletion
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: restrict auto-complete context to visible user/assistant turns
Filter getMessages to use displayMessages (active visible thread)
instead of dbMessages (raw DB records including tool messages and
inactive branches). Also limit to last 10 user/assistant turns to
keep payload small and relevant.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: enable input completion by default
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ⚡️ perf: use non-streaming for input completion requests
Autocomplete needs the full result before displaying ghost text,
so streaming adds unnecessary overhead. Setting stream: false
reduces latency by avoiding SSE chunking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: revert stream:false for input completion
fetchPresetTaskResult uses fetchSSE internally which cannot handle
non-streaming JSON responses, causing the editor to freeze after
receiving the completion result.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ⚡️ perf: use non-streaming for input completion requests
Autocomplete waits for the full result before displaying ghost text.
fetchSSE handles non-streaming responses via its fallback path
(response.clone().text()), avoiding SSE chunking overhead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ⚡️ perf: skip contextEngineering for input completion
Call getChatCompletion directly instead of fetchPresetTaskResult
to avoid triggering agentDocument.getDocuments on every autocomplete
request. Input completion only needs a simple LLM call with the
prompt chain, not the full context engineering pipeline.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: revert to fetchPresetTaskResult for input completion
Use the standard contextEngineering pipeline. The agentDocument
overhead will be addressed separately.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: stream tool call arguments incrementally in Response API
The tool_calling stream chunks contain accumulated arguments (not
deltas), but the Response API was treating each chunk as a complete
independent output_item — creating a new lifecycle (added → delta →
done) per token and incrementing output_index to 90+.
Fix: track active tool calls by call_id and compute true incremental
deltas by slicing off previously-seen content. Each tool call now
gets a single stable output_item with proper streaming deltas,
finalized only when the stream ends or tool execution begins.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: clear stale tool-call state on LLM stream retry
When call_llm retries after a failed attempt, activeToolCalls may
contain entries from the failed stream that never received a
tool_end. Without clearing, finishActiveToolCalls would emit
phantom function_call done events and misalign output_index for
the successful attempt. Reset the map on stream_retry.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(cli): register task command and add kanban board view
Register the missing `registerTaskCommand` in program.ts so `lh task` commands are accessible. Add `--board` flag to `task list` that renders a kanban-style view grouping tasks by status columns (backlog, running, paused, completed, etc.) with color-coded borders.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove @lobehub/chat-plugin-sdk dependency
Plugins have been deprecated. This removes the SDK entirely:
- Define built-in ToolManifest, ToolManifestSettings, ToolErrorType types
- Delete src/features/PluginsUI/ (plugin iframe rendering)
- Delete src/store/tool/slices/oldStore/ (deprecated plugin store)
- Delete src/server/services/pluginGateway/ (plugin gateway)
- Delete src/app/(backend)/webapi/plugin/gateway/ (plugin API route)
- Migrate all ~50 files from SDK imports to @lobechat/types
- Remove @lobehub/chat-plugin-sdk, @lobehub/chat-plugins-gateway deps
- Remove @swagger-api/apidom-reference override and patch
Fixes LOBE-6655
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add missing getInstalledPlugins mock in customPlugin test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔧 chore: increase Vercel build memory limit to 8192MB
The 6144MB limit was causing OOM during Vite SPA chunk rendering.
Aligned with other build commands that already use 8192MB.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: unify default tool type to builtin and fix CustomRender
- Remove `invokeDefaultTypePlugin` — default type now falls through to builtin in both server and client execution paths
- Fix `CustomRender` to actually render builtin tool components via `getBuiltinRender` instead of always returning null
- Increase SPA build memory limit from 7168MB to 8192MB to fix OOM
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove legacy plugin gateway and type-specific invocations
- Delete `runPluginApi`, `internal_callPluginApi`, `invokeMarkdownTypePlugin`, `invokeStandaloneTypePlugin`
- Remove plugin gateway endpoint (`/webapi/plugin/gateway`) from URL config
- Remove special `builtin → default` runtimeType mapping in plugin model
- Clean up unused imports and related tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add 'builtin' to runtimeType union to fix type error
Use ToolManifestType instead of inline union for runtimeType fields
so that 'builtin' is included as a valid type.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix(electron): add nodrag to userinfo dropdown menus
Add `-webkit-app-region: no-drag` to ThemeButton and LangButton
dropdown popups to prevent Electron from capturing click events
when the dropdown appears in the titlebar drag region.
https://claude.ai/code/session_01K6FLLJ4PMhKWqbRmrGEZkS
Co-authored-by: Claude <noreply@anthropic.com>
* ♻️ refactor: unify tool content formatting with ComputerRuntime and shared UI components
Introduce `@lobechat/tool-runtime` with `ComputerRuntime` abstract class to ensure consistent
content formatting (via `formatCommandResult`, `formatFileContent`, etc.) across local-system,
cloud-sandbox, and skills packages. Create `@lobechat/shared-tool-ui` to share Render and
Inspector components, eliminating duplicated UI code across tool packages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: address review issues — state mapping for renders and IPC param denormalization
- Add legacy state field mappings in local-system executor (listResults, fileContent,
searchResults) for backward compatibility with existing render components
- Add denormalizeParams in LocalSystemExecutionRuntime to map ComputerRuntime params
back to IPC-expected field names (file_path, items, shell_id, etc.)
- Fix i18n type casting for dynamic translation keys in shared-tool-ui inspectors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: inject render capabilities via context, unify state shape for cross-package render reuse
- Add ToolRenderContext with injectable capabilities (openFile, openFolder,
isLoading, displayRelativePath) to shared-tool-ui
- Update local-system render components (ReadLocalFile, ListFiles, SearchFiles,
MoveLocalFiles, FileItem) to use context instead of direct Electron imports
- Enrich ReadFileState with render-compatible fields (filename, fileType,
charCount, loc, totalCharCount)
- Cloud-sandbox now fully reuses local-system renders — renders degrade
gracefully when capabilities are not provided (no open file buttons in sandbox)
- Remove executor-level state mapping hacks
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: fix sandbox render bugs — SearchFiles, GrepContent, MoveFiles, GlobFiles
- SearchFiles: ensure results is always an array (not object passthrough)
- GrepContent: update formatGrepResults to support object matches
`{path, content, lineNumber}` alongside string matches
- MoveFiles: render now handles both IPC format (items/oldPath/newPath) and
ComputerRuntime format (operations/source/destination)
- GlobFiles: fallback totalCount to files.length when API returns 0
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: unify SearchLocalFiles inspector with shared factory
SearchLocalFiles inspector now supports all keyword field variants
(keyword, keywords, query) and reads from unified state (results/totalCount).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: handle missing path in grep matches to avoid undefined display
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: improve render field compatibility for sandbox
- EditLocalFile render: support both file_path (IPC) and path (sandbox) args
- SearchFiles render: support keyword/keywords/query arg variants
- FileItem: derive name from path when not provided
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add missing cloud-sandbox i18n key for noResults
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(task): add task.groupList API for kanban board view
Support querying tasks grouped by status in a single request, with per-group independent pagination. Returns array structure with hasMore/limit/offset for each group.
LOBE-6589
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(task): bound groupList groups and statuses array size
Prevent query storms from oversized requests by capping groups to 20
and statuses per group to 10.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔧 chore(task): reduce groupList max groups from 20 to 10
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(task): add generic updateTaskConfig method for safe config merging
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add updateTaskConfig tests and use deep merge
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add agent avatar data to brief list API
Enrich brief list and listUnresolved endpoints with agent avatars
from the task tree. For each brief's associated task, walks up to
find the root task, then collects all agents (assignee + creator)
across the full tree.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add BriefService and unit tests for brief agent enrichment
Extract enrichBriefsWithAgents logic into BriefService for reuse.
Add unit tests for TaskModel.getTreeAgentIdsForTaskIds,
AgentModel.getAgentAvatarsByIds, and BriefService.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔒 fix: scope recursive CTE to current user in getTreeAgentIdsForTaskIds
Add created_by_user_id filter to both the ancestor walk-up and
descendant walk-down recursive legs to prevent cross-tenant tree
traversal.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(chat-input): preserve editor state and behavior in fullscreen
Keep chat input content and interaction consistent when toggling fullscreen by restoring editor JSON state, adjusting Enter/Cmd+Enter semantics, and rendering fullscreen input in the desktop layout container.
Made-with: Cursor
* 🐛 fix(chat-input): auto-collapse fullscreen after send
Automatically exit fullscreen after sending from chat input so users do not need a second manual collapse action, and clear saved editor snapshot to avoid stale restore.
Made-with: Cursor
🐛 fix: hide loading placeholder when AI generation is stopped
Only render ContentLoading for LOADING_FLAT messages when actively generating.
Previously, stopping AI mid-generation left the "..." placeholder visible
with a loading animation even though nothing was being generated.
* 🐛 fix(fetch-sse): stop injecting contextBody into structured provider errors
Structured errors (ProviderBizError etc.) already contain complete context.
Spreading contextBody into their body overwrites fields like `provider` and
pollutes the error structure that downstream renderers depend on.
Fixes#13476
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(fetch-sse): add regression test for structured error body pollution
Ensures structured provider errors (e.g. ProviderBizError) are passed through
unchanged without contextBody injection, and that contextBody is only applied
to unknown/unstructured errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: gate agent onboarding with dedicated business flag
Made-with: Cursor
* 🗑️ chore(migrations): remove agent onboarding column from users table
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): enable agent onboarding based on environment and add redirect to classic onboarding
- Updated AGENT_ONBOARDING_ENABLED to be true in development mode.
- Introduced RedirectToClassicOnboarding component to handle navigation to classic onboarding.
- Simplified ClassicOnboardingPage by removing the mode switch button for non-development environments.
- Adjusted OnBoardingContainer to conditionally render the skip onboarding button based on the current route.
This change enhances the onboarding experience by ensuring that the agent onboarding feature is only available in development, while also improving navigation for users.
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 fix(test): inline emoji-mart and @lobehub/* deps in Vitest to fix ESM JSON import error
Widen server.deps.inline to include `emoji-mart` and all `@lobehub/*`
packages so their transitive `@emoji-mart/data` import (a .json main
entry) goes through Vite's transform pipeline instead of Node's native
ESM loader, which requires `with { type: "json" }`.
---------
Signed-off-by: Innei <tukon479@gmail.com>
Restores the original body.message / body.name fields that downstream error
handlers rely on. The previous PR renamed them to errorMessage / errorName
which broke existing error renderers.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(model-runtime): add toolConfig for Gemini 3+ combined tools
When Gemini 3+ models combine built-in tools (googleSearch/urlContext)
with functionDeclarations, the API requires
toolConfig.includeServerSideToolInvocations to be set to true.
Without this flag, requests return 400: "Please enable
tool_config.include_server_side_tool_invocations to use Built-in tools
with Function calling."
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test(google): fix incomplete grounding metadata test
The test defined grounding response data but never used it as mock
input and had no assertions. Rewrote to properly feed grounding chunks
through the stream and verify the output contains grounding events
with citations and search queries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(test): use type assertion for grounding test data
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✨ feat(fetch-sse): enrich error context with provider, model, and network diagnostics
When a fetch error occurs (e.g. TypeError: Failed to fetch), the error body now
includes provider, model, apiMode, fetchOnClient, elapsedMs, networkStatus, and
traceId to help diagnose issues instead of only showing a useless minified stack.
Fixes LOBE-6594
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add disableTools option to execAgent for eval/benchmark scenarios
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: short-circuit tool discovery when disableTools is set
Move all tool-related fetches (plugin DB query, LobeHub/Klavis manifest
fetches, device list probing, model-bank import) inside the disableTools
guard so they are fully skipped in eval/benchmark runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add unit tests for disableTools short-circuit behavior
Verify that when disableTools=true, all expensive tool discovery
(plugin query, manifest fetches, ToolsEngine creation) is skipped.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: hoist variables referenced outside disableTools guard
Move lobehubSkillManifests, klavisManifests, agentPlugins, and
LOBE_DEFAULT_MODEL_LIST declarations outside the else block since
they are also used by agent management context and skill engine.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: support per-task model/provider override via task.config
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: extract agent execution types into dedicated agentExecution module
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add unit tests for execAgent model/provider override
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 👷 chore(ci): unify CI package manager from bun to pnpm
Replace bun with pnpm across all GitHub Actions workflows to ensure
lockfile consistency with pnpm-lock.yaml as single source of truth.
* 👷 chore(ci): replace bun run with pnpm run in package.json scripts
Fix build failure in CI where bun is not installed. Replace bun run
references in root and e2e package.json scripts with pnpm run.
* 👷 chore(e2e): replace bunx with npx in e2e server startup
* 👷 chore(ci): create unified setup-env action, use pnpm install + bun run
- Add .github/actions/setup-env composite action (pnpm + bun + node)
- Refactor desktop-build-setup to use setup-env internally
- All workflows: pnpm install for deps, bun run for scripts
- Revert package.json/e2e scripts back to bun run
- Remove all direct pnpm/action-setup and oven-sh/setup-bun from workflows
* 🐛 fix(test): inline lexical ESM deps for vitest under pnpm
pnpm's strict node_modules layout causes vitest ESM resolution to fail
for lexical's named exports. Add lexical and @lexical/* to inline deps.
* ✨ feat: show live elapsed timer during tool execution
Display a real-time elapsed timer on tool call inspector while the tool is executing.
The timer automatically hides once execution completes.
Fixes LOBE-6331
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: stop execution timer for rejected tool calls and reset elapsed on restart
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix: auto-reload on chunk load error instead of showing toast
When a chunk fails to load the old version is already unusable,
so reload the page automatically. Uses sessionStorage guard to
prevent infinite reload loops.
Fixes LOBE-6572
♻️ refactor(tool): inject topic reference runtime in app layer
Move topic-reference executor to runtime injection so package code no longer imports app-level TRPC client aliases. Keep the TRPC call in store executor wiring for clear package/app boundaries.
Made-with: Cursor
* ✨ feat: add imageAspectRatio support and update payload handling for image models
* ✨ feat: enhance image model handling and support imageAspectRatio configuration
* ✨ feat: add support for new image model "Nano Banana 2" and enhance image configuration handling
* ✨ feat: add 'thinkingLevel4' to extendParams and improve image configuration handling
* ✨ feat: add new AI models including DeepSeek V3.2 and Ministral 3 series, enhancing model capabilities and configurations
* ✨ feat: update context window tokens and add new models in AIChatModelCard
* ✨ feat: update Mistral model IDs and add new models; change AiHubMix base URL to API endpoint
🐛 fix: set context before replaceMessages in layout effect
replaceMessages calls onMessagesChange(messages, get().context) internally.
Without updating context first, it writes new topic's messages to the old
topic's key in ChatStore, corrupting cached data.
* ⬆️ chore: bump Lexical to 0.42 and align editor imports
- Bump lexical and @lexical/utils; pin lexical in pnpm overrides
- Return serialized nodes from ActionTag/ReferTopic XML readers (no INodeHelper require)
- Drop IEditorPlugin implements; import MenuRenderProps and IEditor from @lobehub/editor barrel
Made-with: Cursor
* ✨ chore: add lexical dependency version 0.42.0 to package.json
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ test: enhance MCPClient Stdio Transport tests with local stdio entry
- Updated the test configuration to use a local stdio entry instead of `npx`, improving test reliability in CI environments.
- Added necessary imports for path resolution to support the new configuration.
Signed-off-by: Innei <tukon479@gmail.com>
---------
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(glmCodingPlan): update default URL and add GLM-5.1 model
- Change default URL to open.bigmodel.cn/api/coding/paas/v4
- Add GLM-5.1 model with 200K context window, 128K max output, reasoning support
* 🐛 fix: update test baseline URL for GLM Coding Plan provider
* 🐛 fix: support multiple artifacts rendering in the same message
When a message contains multiple `<lobeArtifact>` tags, only the first one
rendered correctly. The rest stayed in loading state or showed incorrect content.
Root causes:
- processWithArtifact used non-global regex, only removing newlines from first artifact
- artifactCode selector only extracted first artifact's content
- isArtifactTagClosed returned true if ANY artifact was closed
- Render onClick compared only messageId, closing portal instead of switching
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: add comprehensive tests for multiple artifacts rendering
- rehypePlugin: test multiple artifact tags in same tree (both p-wrapped and raw)
- action: test openArtifact switching between artifacts (same message, different messages)
- selectors: test artifactCode/isArtifactTagClosed with identifier edge cases
(non-existent identifier, unclosed artifact, both closed)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve type error in rehypePlugin test
Cast tree.children elements to any when accessing tagName property
to fix TS2339 error in the raw node test case.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: escape regex special characters in artifact identifier
Artifact identifiers interpolated directly into `new RegExp()` could cause
SyntaxError or incorrect matching when containing regex metacharacters
like (, [, +, etc. Now escapes identifiers before building regex patterns.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: support client-side function tool execution in Response API
Implement LOBE-6543: when the Response API receives tools with type='function',
inject them into the LLM and pause execution when the LLM calls them, allowing
the client to provide results via function_call_output input items.
Key changes:
- Add 'client' to ToolSource type
- Inject function tools into LLM via execAgent with source='client' in sourceMap
- Pause agent loop (interrupt) when LLM calls a client function tool
- Handle function_call_output resume flow via previous_response_id
- Add response.function_call_arguments.done streaming event
- Emit response.incomplete when interrupted for client tool execution
- Use original function name for client tools instead of identifier/apiName
- Simplify response ID to use topicId directly (includes LOBE-6536 fix)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: remove MessageModel import, use prompt-based resume flow
MessageModel is not exported from @lobechat/database package.
Replace direct DB writes with prompt-based approach for tool result resume.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: use separator-safe client function identifier and add client to ToolSource
CLIENT_FN_IDENTIFIER `__fn__` caused ambiguous splits with PLUGIN_SCHEMA_SEPARATOR `____`,
breaking tool name resolution. Renamed to `lobe-client-fn` and added `client` to the
ToolSource union in @lobechat/types to match context-engine's definition.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(model-runtime): allow Gemini 3+ models to combine search tools with function declarations
Gemini 3+ models support urlContext, googleSearch, and functionDeclarations coexisting in the tools array. Previously, enabling search/urlContext would exclude function declarations (MCP tools/skills), causing them to silently fail.
Fixes LOBE-6450
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(model-runtime): restore hasToolCalls guard for pre-Gemini 3 multi-turn tool sessions
Restores the hasToolCalls check for pre-Gemini 3 models so that when
tool_calls exist in message history, functionDeclarations are prioritized
over search tools to maintain multi-turn tool-calling sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: mount DynamicFavicon to enable favicon state switching during agent operations
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add favicon link tags to SPA HTML templates and handle missing links in updateFaviconDOM
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: resolve InterventionBar context errors and rendering issues
- Replace useMessageAggregationContext with prop drilling for assistantGroupId,
fixing crash when ApprovalActions renders outside MessageAggregationContext
- Filter out tmp_ message IDs from pending interventions to prevent
disabled buttons during message creation
- Portal ApprovalActions outside scroll container in InterventionBar
so buttons are always accessible for long content
- Clear stale displayMessages synchronously on topic change to prevent
old interventions from persisting during transitions
* 🐛 fix: use useLayoutEffect to clear stale interventions on topic switch
Replace render-phase side effect with useLayoutEffect to properly clear
displayMessages before browser paint when context changes, preventing
old topic interventions from flashing during transitions.
* 🐛 fix: synchronously reset store on context change to prevent stale data flash
Use React's "setState during render" pattern instead of useLayoutEffect.
When contextKey changes, React bails out and re-renders StoreUpdater
before rendering sibling components (ChatList/ChatInput), ensuring they
read fresh store state with no visible flash of old topic data.
* 🐛 fix: remount store on context change to eliminate stale data flash
Add key={contextKey} to zustand Provider so the store is recreated on
topic switch. Seed the new store with initialMessages in createStore to
render correct data on first mount — no intermediate skeleton or stale
flash. Remove render-phase reset hack from StoreUpdater as it's no
longer needed.
* 🐛 fix: revert Provider key approach, use useLayoutEffect for context reset
Provider key={contextKey} caused ChatHydration to remount and reset
activeTopicId from URL query, preventing topic switches entirely.
Reverted to stable Provider. Instead, use useLayoutEffect in StoreUpdater
to atomically reset displayMessages + messagesInit when contextKey changes.
This fires after commit but before paint, and React processes store updates
from layout effects synchronously, ensuring subscribers re-render with
correct state before the browser paints.
🐛 fix: add ReactMentionPlugin to ChatInput so mention nodes render
The ChatInput editor plugins did not include ReactMentionPlugin, causing
mention nodes inserted via @ to be invisible. Move the plugin into
CHAT_INPUT_EMBED_PLUGINS so all ChatInput instances (including Home)
render mention nodes, and remove the now-duplicate entry from EditorCanvas.
Fixes LOBE-6270
* ♻️ refactor: move Marketplace below Resources in sidebar
Move the Marketplace (Community) nav item from topNavItems to bottomMenuItems,
positioning it below Resources in the sidebar navigation.
Closes LOBE-6320
* 🐛 fix(cli): auto-reconnect on auth expiry instead of exit
- Add `updateToken()` and `reconnect()` methods to GatewayClient
- On `auth_expired`, refresh JWT then reconnect automatically (no more process.exit)
- Add heartbeat ack timeout detection: force reconnect after 3 missed acks
- Reset missed heartbeat counter on `heartbeat_ack` receipt
- Add comprehensive tests for updateToken, reconnect, and missed heartbeat scenarios
Closes connection drop issue when JWT expires after long-running sessions.
* ✨ feat: add cross-platform message tool for AI bot channel operations
Implement a unified message tool (`lobe-message`) that provides AI with
messaging capabilities across Discord, Telegram, Slack, Google Chat,
and IRC through a single interface with platform-specific extensions.
Core APIs: sendMessage, readMessages, editMessage, deleteMessage,
searchMessages, reactToMessage, getReactions, pin/unpin management,
channel/member info, thread operations, and polls.
Architecture follows the established builtin-tool pattern:
- Package: @lobechat/builtin-tool-message (manifest, types, executor,
ExecutionRuntime, client components)
- Registry: registered in builtin-tools (renders, inspectors,
interventions, streamings)
- Server runtime: stub service ready for platform adapter integration
https://claude.ai/code/session_011sHc6R7V4cSYKere9RY1QM
* feat: implement platform specific message service
* chore: add wechat platform
* chore: update wechat api service
* chore: update protocol implementation
* chore: optimize platform api test
* fix: lark domain error
* feat: support bot message cli
* chore: refactor adapter to service
* chore: optimize bot status fetch
* fix: bot status
* fix: channel nav ignore
* feat: message tool support bot manage
* feat: add lobe-message runtime
* feat: support direct message
* feat: add history limit
* chore: update const limit
* feat: optimize server id message history limit
* chore: optimize system role & inject platform environment info
* chore: update readMessages vibe
* fix: form body width 50%
* chore: optimize tool prompt
* chore: update i18n files
* chore: optimize read message system role and update bot message lh
* updage readMessage api rate limit
* chore: comatible for readMessages
* fix: feishu readMessage implementation error
* fix: test case
* chore: update i18n files
* fix: lint error
* chore: add timeout for conversaction case
* fix: message test case
* fix: vite gzip error
---------
Co-authored-by: Claude <noreply@anthropic.com>
♻️ refactor(store): migrate slices to class actions with flattenActions
- Video store: generationConfig/Topic/Batch/createVideo as *ActionImpl; aggregate with flattenActions
- Eval store: benchmark/dataset/run/testCase as classes; top-level flattenActions
- Tool agentSkills: AgentSkillsActionImpl + Pick typing
- groupProfile: flattenActions around ActionImpl instead of spreading instance
- agentGroup: wrap chatGroupAction with flattenActions for consistent aggregation
Made-with: Cursor
* ✨ feat: use skill-specific icons in slash menu instead of generic wrench icon
Each skill/tool in the slash menu now displays its own avatar (emoji or image URL)
instead of the generic 🔧 wrench icon for all items.
https://claude.ai/code/session_01KbUecMiAUDHvFtEULkSDvr
* ♻️ refactor: use SkillsIcon as default slash menu skill icon
https://claude.ai/code/session_01KbUecMiAUDHvFtEULkSDvr
* ✨ feat: enhance slash action item rendering and mention menu styles
- Updated `useSlashActionItems.ts` to improve icon rendering for URLs, now supporting blob and data-URI images.
- Modified `MenuItem.tsx` to conditionally apply additional styles for items with extra categories.
- Added new style for `itemWithCategoryExtra` in `style.ts` to enhance layout consistency.
These changes aim to improve the visual presentation and functionality of the chat input components.
Signed-off-by: Innei <tukon479@gmail.com>
* 🐛 fix(mention-menu): satisfy cx ClassNamesArg types in MenuItem
Made-with: Cursor
---------
Signed-off-by: Innei <tukon479@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
* ✨ docs: add screenshots to Telegram channel guide
* 📝 docs: Remove "feature in development" callout and developer mode requirement from channels documentation.
* docs: Migrate Telegram channel images to local assets and update CDN cache.
* docs: Add screenshots to channel setup guides for various platforms.
* chore: Update documentation image paths from GitHub user attachments to local blog assets.
---------
Co-authored-by: Rdmclin2 <rdmclin2@gmail.com>
* 🐛 fix: defer scroll-to-user-message until spacer is mounted
The scroll that pins a user message to the top of the viewport was
racing with the conversation spacer mount. When the spacer hadn't
rendered yet, there wasn't enough scrollable height, so the scroll
had no effect.
Now `useScrollToUserMessage` accepts a `spacerActive` flag and
defers the scroll until the spacer is mounted, guaranteeing the
fill height is available before scrolling.
https://claude.ai/code/session_016GDASpf7Rh5yN7BJTdXYwT
* 🐛 fix: always scroll immediately, re-scroll when spacer mounts
The previous fix deferred scrolling entirely until spacerActive was
true. This regressed the no-spacer case (content fills viewport,
spacer height = 0, mounted stays false) — the scroll never fired.
Now the hook always scrolls immediately on message send (preserving
original behavior), and additionally fires a follow-up scroll when
spacerActive transitions to true. This covers both cases:
- Content fills viewport: immediate scroll works, no spacer needed
- Content is short: immediate scroll may under-scroll, but the
follow-up scroll after spacer mounts corrects the position
https://claude.ai/code/session_016GDASpf7Rh5yN7BJTdXYwT
* 🐛 fix(conversation): shrink bottom spacer on scroll-up when idle
- Track scroll delta to reduce spacer height while not streaming
- Disable height transition during scroll-shrink for immediate feedback
- Reset reduction on new user/assistant pair and generation state changes
Made-with: Cursor
---------
Co-authored-by: Claude <noreply@anthropic.com>
Remove resp_ prefix and random suffix encoding from response IDs.
Response ID now equals topicId directly, simplifying multi-turn
conversation support via previous_response_id.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(openapi): support hosted builtin tools in Response API
Allow declaring builtin tools via { type: 'lobe-xxx' } syntax in the
tools array of POST /api/v1/responses. Hosted tool identifiers are
extracted and passed as additionalPluginIds to execAgent, where the
existing ToolsEngine handles manifest resolution automatically.
LOBE-6535
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(openapi): stream tool calls and results in Response API
Add full streaming support for tool execution events in the Response
API. Previously only text deltas were streamed; tool calls and results
were only visible in the final response.completed event.
Now emits:
- response.output_item.added (function_call) when LLM invokes a tool
- response.function_call_arguments.delta for tool arguments
- response.output_item.done (function_call) when tool call is complete
- response.output_item.added/done (function_call_output) when tool
execution finishes with results
- Proper text message lifecycle (added/delta/done) across multi-step
agent loops
LOBE-6535
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix(openapi): handle nullable tools param in extractHostedToolIds
The tools field from CreateResponseRequest uses .nullish() in zod,
so it can be null. Accept null in the parameter type.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add unread completion notification for group topic orchestration
Group orchestration was missing markUnreadCompleted() call after completion,
and group topic NavItem lacked the unread completion indicator UI.
Fixes LOBE-4878
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: extract neon dot inline styles to createStaticStyles
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: add test screenshot 01.jpg for LOBE-4878
* docs: add test screenshot 02.jpg for LOBE-4878
* docs: add test screenshot 03.jpg for LOBE-4878
* 🔥 chore: remove temporary test screenshots
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: change unread neon dot color from green to blue (colorInfo)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: replace remaining successColor references with infoColor in group topic item
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(onboarding): add agent-guided web onboarding flow
Made-with: Cursor
* Update onboarding prompts
Co-authored-by: Codex <noreply@openai.com>
* 🐛 fix web onboarding builtin tool flow
* ✨ feat(onboarding): enhance agent onboarding flow with new dimensions and refined rules
- Updated onboarding structure to include new nodes: agentIdentity, userIdentity, workStyle, workContext, and painPoints.
- Revised system role instructions to emphasize a conversational approach and concise interactions.
- Adjusted manifest and type definitions to reflect the new onboarding schema.
- Implemented tests to ensure proper functionality of the onboarding context and flow.
This update aims to improve user experience during onboarding by making it more engaging and structured.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): enhance onboarding experience with localized welcome messages and interaction hints
- Added localized welcome messages for onboarding in English and Chinese.
- Refactored system role handling to support dynamic interaction hints based on user locale.
- Updated onboarding context to include interaction hints for improved user engagement.
- Implemented tests to validate the new interaction hint functionality.
This update aims to create a more personalized and engaging onboarding experience for users across different languages.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): overhaul onboarding flow with new question structure and refined interaction rules
- Replaced existing interaction hints with a focused question structure to enhance user engagement.
- Updated system role instructions to clarify onboarding protocols and improve conversational flow.
- Refactored type definitions and manifest to align with the new onboarding schema.
- Removed deprecated interaction hint components and tests to streamline the codebase.
This update aims to create a more structured and engaging onboarding experience for users, ensuring clarity and efficiency in interactions.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): introduce builtin agent onboarding package with structured roles and prompts
- Added a new package for agent onboarding, including a package.json configuration and initial TypeScript files.
- Implemented system role templates and tool prompts to guide the onboarding process.
- Established a client interface for rendering questions and handling user interactions.
- Updated dependencies in related packages to integrate the new onboarding functionality.
This update aims to enhance the onboarding experience by providing a structured approach for agents, ensuring clarity and efficiency in user interactions.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): enhance agent onboarding with new question renderer and refined interaction logic
- Introduced a new `QuestionRendererView` component to streamline the rendering of onboarding questions.
- Refactored the `QuestionRenderer` to utilize a runtime hook for improved state management and separation of concerns.
- Updated the onboarding context to fallback to stored questions when the current question is empty, enhancing user experience.
- Simplified the onboarding API by removing unnecessary read token requirements from various endpoints.
- Added tests to validate the new question rendering logic and ensure proper functionality.
This update aims to create a more efficient and user-friendly onboarding experience by improving the question handling and rendering process.
Signed-off-by: Innei <tukon479@gmail.com>
* Add dev history view for onboarding
* remove: prosetting
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): inline response language step in agent conversation
- Add ResponseLanguageInlineStep and wire into Conversation flow
- Extend agent onboarding context and update ResponseLanguageStep route
- Add tests and onboarding agent document design spec
Made-with: Cursor
* ✨ feat(onboarding): enhance onboarding flow with inbox integration and schema refactor
- Updated onboarding process to migrate conversation topics to the inbox upon completion, ensuring users can revisit their onboarding discussions.
- Introduced a new schema-driven normalizer and node handler registry to streamline onboarding data handling, reducing code duplication and improving maintainability.
- Added comprehensive tests for new document builders and onboarding service methods to ensure functionality and reliability.
- Refactored existing components to support the new onboarding structure and improve user experience.
This update aims to create a more cohesive onboarding experience by integrating user identity data into the inbox and simplifying the underlying code structure.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(agent-documents): add listDocuments, readDocumentByFilename, upsertDocumentByFilename APIs
* ✨ feat(onboarding): add generic user interaction builtin tool
* ✨ feat(onboarding): wire generic tool interaction semantics
Register user-interaction tool in builtin-tools registry with manifest,
intervention components, client executor, and server runtime. Extend
BuiltinInterventionProps with interactionMode and onInteractionAction
to support custom (non-approval) interaction UIs. Add submit/skip/cancel
actions to conversation store with full operation lifecycle management.
* 🔧 fix: add builtin-tool-user-interaction to root workspace dependencies
* ♻️ refactor(onboarding): remove onboarding-owned question persistence
Drop askUserQuestion from the web-onboarding tool and remove
questionSurface from persisted state. Question presentation is now
delegated to the generic lobe-user-interaction tool.
* ♻️ refactor(onboarding): switch UI to generic interaction tool
Enable UserInteraction and AgentDocuments tools in web-onboarding and
inbox agent configs. Remove obsolete inline question renderers
(QuestionRenderer, QuestionRendererView, questionRendererRuntime,
questionRendererSchema, ResponseLanguageInlineStep) and simplify
Conversation component to only render summary CTA.
* 🔥 refactor(onboarding): remove identity doc and rewrite soul sync
* 🐛 fix(user-interaction): add humanIntervention to manifest and implement form UI
* 🐛 fix(onboarding): create user message on interaction submit instead of re-executing tool
* ♻️ refactor(onboarding): rebuild generic interaction flow
Align agent/tool roles and onboarding UI/runtime around the generic interaction rebuild.
Made-with: Cursor
* ✨ feat(onboarding): implement onboarding document and persona management
Introduce a new onboarding document structure that separates agent identity and user persona data. Replace existing `readSoulDocument` and `updateSoulDocument` APIs with `readDocument` and `updateDocument` to handle both SOUL.md and user persona documents. Update related services, client executors, and localization keys to reflect these changes. Ensure document updates are driven by the agent, allowing for incremental updates and improved content management.
Signed-off-by: Innei <tukon479@gmail.com>
* refactor
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(workflow): introduce unified tool call collapse UI and supporting components
Add a new workflow collapse feature that groups tool calls and reasoning into a single collapsible unit, enhancing the user interface for tool call progress. This includes the creation of several components: `WorkflowCollapse`, `WorkflowSummary`, `WorkflowExpandedList`, `WorkflowToolLine`, and `WorkflowReasoningLine`. Update the design specifications and implementation plans to reflect this new structure, aiming for a more cohesive and user-friendly experience.
Signed-off-by: Innei <tukon479@gmail.com>
* feat(types): add discovery pacing types and constant
* feat(onboarding): add countTopicUserMessages and pacing gate to derivePhase
* feat(onboarding): capture discovery baseline and return pacing data in getState
* ✨ feat(onboarding): add pacing hints to discovery phase tool result
* test(onboarding): add discovery pacing gate tests
* ♻️ refactor(onboarding): soften discovery pacing gate and add early exit exception
- MIN_DISCOVERY_USER_MESSAGES lowered from 4 to 2 (hard floor)
- RECOMMENDED_DISCOVERY_USER_MESSAGES = 4 (advisory hint)
- Tool protocol rule 2 now has explicit early exit exception
- Pacing hint text changed from imperative to advisory
* ✨ feat(onboarding): update .gitignore and remove outdated onboarding plans
- Added `docs/superpowers` to .gitignore to exclude documentation files from version control.
- Deleted several outdated onboarding implementation plans, including those for onboarding inbox integration, generic interaction rebuild, and user question simplification, to streamline project documentation.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): refine agent onboarding, streaming, and AskUserQuestion
Made-with: Cursor
* ✨ feat(store): add pending interventions selector
* 🐛 fix(store): handle standalone tool messages and structural children traversal in pending interventions selector
* ✨ feat(conversation): create InterventionBar component
Add InterventionBar UI component with tab bar for multiple pending
interventions, reusing the existing Intervention detail component.
* 🐛 fix(conversation): use stable toolCallId for active tab state and add min-height: 0
Track active intervention by toolCallId instead of array index to prevent
stale selection when interventions are resolved. Add min-height: 0 to
scrollable content for correct overflow in flex column layout.
* feat(chatinput): show InterventionBar when pending interventions exist
* feat(tool): collapse inline intervention to one-line summary with scroll-to-bottom
* feat(i18n): add intervention bar translation keys
* 🐛 fix(chatinput): prevent infinite render loop from pendingInterventions selector
* 🐛 fix(chatinput): use equality function for pendingInterventions to break render loop
* refactor(tool): remove CollapsedIntervention, return null for pending inline
* feat(i18n): add form.other translation key
* feat(tool): add styles for select field with Other option
* feat(tool): add SelectFieldInput with Other option row
* feat(tool): wire SelectFieldInput and update validation in AskUserQuestion
* fix(tool): add keyboard handler to Other row, fix label flex
* refactor(tool): restore Select dropdown, add Other toggle row below
* refactor(tool): change Other to form-level escape hatch, restore antd Select
* refactor(tool): replace checkbox toggle with minimal text link escape hatch
* feat(tool): use lucide icons, auto-focus on escape toggle, createStaticStyles
* refactor(onboarding): update onboarding model references and improve styling in ModeSwitch component
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): add greeting entry animation keyframes and card styles
* ✨ feat(onboarding): add LogoThree and entry animations to greeting card
* ✨ feat(onboarding): add View Transition morph from greeting to conversation
* refactor(onboarding): simplify ModeSwitch component by removing segmentedGlass styling
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat(onboarding): increase maximum onboarding steps to 5 and add ProSettingsStep component
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: enhance user interaction question handling with validation schema
- Introduced Zod validation for askUserQuestion arguments to ensure correct structure.
- Updated test to reflect new question format with fields.
- Added error handling in AskUserQuestion component to log submission errors.
This improves the robustness of user interactions by enforcing schema validation and enhancing error reporting.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: enhance agent metadata handling and onboarding synchronization
- Updated `useAgentMeta` to prioritize custom titles from the database, falling back to the default Lobe AI title if none exists.
- Integrated `refreshBuiltinAgent` into the onboarding process to ensure the latest agent data is reflected during user interactions.
- Adjusted the `InboxItem` component to display the correct agent title and avatar based on the updated metadata.
- Refactored optimistic update actions to improve message handling and synchronization across components.
This improves the user experience by ensuring that the most relevant agent information is displayed and updated in real-time during onboarding and conversation flows.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: enhance conversation lifecycle and onboarding agent synchronization
- Updated `ConversationLifecycleActionImpl` to include additional context parameters (agentId, groupId, threadId, topicId) when updating message plugins for aborted interactions.
- Integrated `refreshBuiltinAgent` for the inbox during the onboarding process to ensure the latest agent data is synchronized.
These changes improve the handling of conversation lifecycle events and ensure that onboarding reflects the most current agent information, enhancing user experience during interactions.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: implement agent onboarding feature toggle and enhance ModeSwitch component
- Introduced `AGENT_ONBOARDING_ENABLED` configuration to control the visibility of the agent onboarding options.
- Updated `ModeSwitch` component to conditionally render onboarding options based on the feature toggle.
- Enhanced tests for `ModeSwitch` to cover scenarios for both enabled and disabled states of agent onboarding.
- Refactored `AgentOnboardingRoute` to navigate to the classic onboarding if the agent onboarding feature is disabled.
These changes improve the onboarding experience by allowing dynamic control over the agent onboarding feature, ensuring that users only see relevant options based on the configuration.
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: update agent onboarding feature toggle to include development mode
- Modified `AGENT_ONBOARDING_ENABLED` to also activate in development mode using `isDev`.
- This change allows for easier testing and development of the agent onboarding feature without needing to alter production configurations.
Signed-off-by: Innei <tukon479@gmail.com>
* Prevent welcome message when onboard
* 🐛 fix: satisfy ToolExecutionContext and updateMessageTools typings
Made-with: Cursor
* 🐛 fix: update tests for custom builtin agent title and discovery phase constants
* 🐛 fix: use custom inbox agent title and avatar in InboxWelcome
* 🧹 chore(onboarding): remove HistoryPanel unit test
Made-with: Cursor
* 🐛 fix: add missing onboarding/agent and onboarding/classic routes to desktop config
* ✅ test: fix failing tests for onboarding container, document helpers, and executor
* ✅ test: mock LogoThree to prevent Spline runtime fetch errors in CI
---------
Signed-off-by: Innei <tukon479@gmail.com>
Co-authored-by: Codex <noreply@openai.com>
* ✨ feat: show interrupted hint when AI generation is stopped
Display "Interrupted · What should I do instead?" text below the message
when user stops AI generation, replacing the infinite dotting animation.
Fixes LOBE-4462
Fixes LOBE-5726
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add edit button to queued messages tray
Allow users to edit queued messages by clicking the pencil icon,
which removes the message from the queue and restores its content
to the input editor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 chore: move record-electron-demo.sh to electron-testing skill
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: derive isInterrupted from latest runtime operation only
Previously isInterrupted used .some() to check if any cancelled AI
runtime operation existed for a message. In stop-then-retry flows,
the old cancelled op persisted alongside the new completed one,
causing the interrupted hint to reappear after the retry finished.
Now only the latest AI runtime operation is checked, so completed
retries correctly clear the interrupted state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: read group interruption from active block ID
For assistant groups, continuation runs attach cancelled operations to
lastBlockId (contentId) rather than the group root. Check isInterrupted
on both the group root and the active block so the interrupted hint
is shown correctly for stopped group continuations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✅ test: update test to expect cancelled status after user stop
The test for resolving aborted tools after cancellation now correctly
expects 'cancelled' status, since completeOperation preserves the
user's intentional cancellation rather than overwriting it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🐛 fix: use Anthropic SDK for Kimi Coding Plan provider
- Switch from OpenAI SDK to Anthropic SDK for Kimi Coding Plan
- Update baseURL from `/coding/v1` to `/coding` (Anthropic-compatible endpoint)
- Update model IDs: `kimi-k2.5` → `k2p5`, remove `kimi-k2`
- Fix max_tokens resolution to use KimiCodingPlan model list
- Rewrite tests for Anthropic SDK compatibility
🔥 refactor: remove DefaultAgentForm UI from settings pages
Remove the user-facing Default Agent configuration form from both
the agent settings page and the service-model settings page.
The underlying store action and selectors are preserved for
programmatic use (e.g. onboarding).
Fixes LOBE-1125
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add businessElement and getFetchOptions plumbing to signin page
Add extension points to the signin flow so cloud overrides can inject
custom UI elements and modify fetch options for social sign-in requests.
- Add businessElement slot to SignInEmailStep component
- Pass getFetchOptions to signIn.social() and signIn.oauth2() calls
- Add businessElement and getFetchOptions defaults to useBusinessSignin
* 🐛 fix: resolve TS error on signIn.social result type with fetchOptions
♻️ refactor: move Marketplace below Resources in sidebar
Move the Marketplace (Community) nav item from topNavItems to bottomMenuItems,
positioning it below Resources in the sidebar navigation.
Closes LOBE-6320
* ✨ feat: add message queue for agent runtime (soft interrupt)
Implement per-context message queue that allows users to send messages
while the agent is executing. Messages are queued and consumed via two
paths: injected at step boundaries during execution (Path A), or
triggering a new sendMessage after completion (Path B).
- Add QueuedMessage type and queuedMessages state in operation store
- Add enqueue/drain/remove/clear actions and selectors
- Modify sendMessage to enqueue when execAgentRuntime is running
- Add queue checkpoint in step loop (streamingExecutor)
- Add Path B: drain remaining queue after completion → new sendMessage
- Keep input enabled during agent execution (remove isInputLoading guard)
- Add QueueTray component showing "N Queued" above ChatInput
- Add electron-testing skill for agent-browser CLI automation
Fixes LOBE-6001
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: Path B deferred execution to avoid recursive internal_execAgentRuntime
Use setTimeout(0) to break out of the current execution context when
triggering a new agent runtime for queued messages after completion.
Direct recursive calls caused issues with zustand state batching.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: remove premature Path A drain, fix Path B with fresh store ref
Path A (step checkpoint injection) was draining the queue before the
last LLM step, leaving nothing for Path B. For agents without tool
calls, this meant queued messages were consumed but never acted upon.
Fix: remove Path A for now (will be re-added for tool-call scenarios),
and use useChatStore.getState() in Path B setTimeout to get a fresh
store reference instead of a stale closure capture.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📝 docs: update electron-testing skill with real-world patterns
Based on lessons learned during message queue testing:
- Must cd to apps/desktop before npx electron-vite dev
- Use polling loop for startup detection
- snapshot -i -C required for contenteditable (chat input)
- Use sleep + screenshot instead of agent-browser wait for long ops
- Access store via window.__LOBE_STORES.chat()
- Add error interceptor and store inspection patterns
- Document all gotchas (HMR, daemon blocking, fill vs type)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add Path A - early handoff to Path B at tool completion
When tools finish and queue has messages, break the step loop early
and let Path B create user message + start new operation. The new
LLM call sees full context including tool results + new user message.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: Path B use sendMessage for proper message creation
Use sendMessage instead of optimisticCreateMessage + internal_execAgentRuntime.
sendMessage handles the full lifecycle correctly: creates user message
on server, creates assistant message placeholder, and triggers
internal_execAgentRuntime — ensuring both messages are visible in UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: redesign QueueTray to Codex-style card layout
Each queued message shows as a card with icon, text preview,
and delete button. Uses antd CSS variables for consistent theming.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: connect QueueTray with ChatInput as unified container
QueueTray and ChatInput now share a connected border:
- QueueTray has top-rounded corners, no bottom border
- ChatInput gets bottom-only rounded corners when queue has items
- Uses cssVar for proper theme token styling
- Zero gap between tray and input
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: move queue check logic into GeneralChatAgent
Move the "finish early when queue has messages" decision from
streamingExecutor into GeneralChatAgent.runner(). The agent now
checks stepContext.hasQueuedMessages at tools_batch_result phase
and returns finish instruction, which is architecturally cleaner.
- Add hasQueuedMessages to RuntimeStepContext and computeStepContext
- GeneralChatAgent returns finish when tools complete + queue non-empty
- Remove Path A/B labels from comments
- streamingExecutor just passes hasQueuedMessages via stepContext
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: forward queued files in sendMessage and drain only on success
- Forward merged file attachments when replaying queued messages
(sendMessage now receives files from merged queue)
- Move drainQueuedMessages inside the status==='done' branch so
queued messages are preserved on error/interrupted states
- Add queued_message_interrupt to FinishReason enum
- Add hasQueuedMessages check to tool_result and tasks_batch_result
phases in GeneralChatAgent (not just tools_batch_result)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: use full operationContext for context key indexing
- operationsByContext index now uses messageMapKey(context) with full
context (including threadId, scope, etc.) instead of stripped key
- Fixes key mismatch where thread/scoped contexts couldn't find
running operations, causing overlapping generations
- Move mergeQueuedMessages from services/messageQueue.ts into
operation/types.ts alongside QueuedMessage type
- Delete services/messageQueue.ts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat(resource): add select all hint and improve resource explorer selection
Made-with: Cursor
* ♻️ refactor(resource): flatten store actions and improve type imports
Made-with: Cursor
* ♻️ refactor resource explorer list view
* refactor: engine
Signed-off-by: Innei <tukon479@gmail.com>
* ✨ feat: checkpoint current workspace updates
* ♻️ refine resource explorer fetch ownership
* 🐛 fix: resolve resource manager ci regressions
* 🐛 fix(lambda): delete page-backed knowledge items by document id
* 🐛 fix(lambda): include knowledge-base files in remove-all
* 🐛 fix(resource): preserve cross-page select-all exclusions
* 🐛 fix(resource): retain off-screen optimistic resources
* 🐛 fix(resource): hide moved root items from current query
* 🐛 fix(resource): reset explorer selection on query change
* 🐛 fix(resource): fix select-all batchChunking and optimistic replace visibility
- batchChunking: pass through server-resolved IDs not in local resourceMap
when selectAllState is 'all', letting server filter unsupported types
- replaceLocalResource: keep replacement visible if the optimistic item was
already in the list, avoiding slug-vs-UUID mismatch in visibility check
* 🐛 fix(resource): reset selectAllState after batch operations and preserve off-screen optimistic items
- Reset selectAllState to 'none' after delete, removeFromKnowledgeBase,
and batchChunking to prevent stale 'all' state causing unintended
re-selection of remaining items
- Preserve off-screen optimistic resources in clearCurrentQueryResources
so background uploads from other folders survive delete-all-by-query
* 🐛 fix: satisfy import-x/first in resource action test
Made-with: Cursor
* 🎨 lint: sort imports in ResourceExplorer
Made-with: Cursor
* 🐛 fix: widen searchQuery type in useResetSelectionOnQueryChange test
Made-with: Cursor
---------
Signed-off-by: Innei <tukon479@gmail.com>
* fix: add the user github oauth in community home page profiles
* fix: change the oauth from social Profiles into skill connector way
* feat: add the claims user mcp and skills in community profiles
* fix: improve some claim model and skills/mcp
* 🐛 fix(github-copilot): switch codex models to responses api
* ♻️ refactor(github-copilot): simplify responses api routing
style: update model list
style: update model list
🐛 fix: align github copilot payload mapping and tests
style: update model list
style: update model list
* chore: add debug stream support
* refactor: use anthropic sdk for claude
* fix: fix ci error
* fix: fix github copilot reasoning_text chunk
* style: update Raptor mini base config, same as gpt-5-mini
style: update Raptor mini base config, same as gpt-5-mini
style: update Raptor mini base config, same as gpt-5-mini
* style: update model contextWindowTokens
* style: set default reasoning.summary to detailed, default as vscode
Introduce a unified SafeBoundary component (silent/alert variants) to
replace scattered custom ErrorBoundary class components. Automatically
wraps Inspector, ContentBlock sub-components, MessageItem, and
EditorCanvas to prevent individual component crashes from propagating
to the entire app.
* ✨ feat: improve error messages for Google AI block reasons and enhance handling of blocked content
* ✨ feat: add error localization for Google provider in createAgentExecutors
* ♻️ refactor: implement SkillResolver to replace ad-hoc skill assembly
Introduces a two-layer skill resolution architecture mirroring ToolsEngine + ToolResolver:
- SkillEngine (assembly layer): accepts raw skills + enableChecker, outputs OperationSkillSet
- SkillResolver (resolution layer): merges operation + step delta + accumulated activations
Key changes:
- Add SkillResolver, OperationSkillSet, StepSkillDelta, ActivatedStepSkill types
- Enhance SkillEngine with enableChecker and generate() method
- Wire SkillResolver into RuntimeExecutors call_llm
- Replace manual skillMetas assembly in aiAgent with SkillEngine.generate()
- Update client-side skillEngineering to use SkillEngine + enableChecker
- Add activatedStepSkills to AgentState for step-level skill accumulation
Fixes: agent-browser content injected into non-desktop scenarios (Discord bot)
due to missing filterBuiltinSkills call in aiAgent
LOBE-6410
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: extract agent-templates to standalone package and inject documents server-side
- Create @lobechat/agent-templates package with types, templates, and registry
- Move DocumentLoadPosition, DocumentLoadFormat, DocumentLoadRule, etc. to new package
- Move claw templates (AGENTS, BOOTSTRAP, IDENTITY, SOUL) with .md file imports
- Add BOOTSTRAP.md as new onboarding template (priority 1, system-append)
- Fix template positions: AGENTS→before-system, IDENTITY/SOUL→system-append
- Update database package to re-export from @lobechat/agent-templates
- Migrate all consumers to import directly from @lobechat/agent-templates
- Add agent documents injection in server-side RuntimeExecutors (was missing)
- Support -p CLI flag in devStartupSequence for port configuration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: correct import statement for non-type exports from agent-templates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 📦 build: add @lobechat/agent-templates to root dependencies
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove template proxy files from database package
Stop re-exporting template/templates from database — consumers import
directly from @lobechat/agent-templates. Keep types.ts re-exports for
internal database code only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: create BaseSystemRoleProvider to unify system message append pattern
All providers that append to the system message now inherit from
BaseSystemRoleProvider and only implement buildSystemRoleContent().
The base class handles find-or-create and join logic.
Migrated providers:
- EvalContextSystemInjector
- BotPlatformContextInjector
- SystemDateProvider
- ToolSystemRoleProvider
- HistorySummaryProvider
- SkillContextProvider
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: restore metadata tracking in BaseSystemRoleProvider via onInjected hook
Add onInjected() callback to BaseSystemRoleProvider so subclasses can
update pipeline metadata after successful injection. Also add raw-md
plugin to context-engine vitest config for .md imports.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: add enabled field to AgentDocumentInjector config
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: add enabled field to all providers, remove spread conditionals in MessagesEngine
All providers now accept an `enabled` config field. MessagesEngine
pipeline is a flat array with no spread conditionals — each provider
is always instantiated and uses `enabled` to skip internally.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: clean up MessagesEngine pipeline comments
Remove numbered prefixes, keep descriptive comments for each provider.
Only phase headers use separator blocks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: reorganize MessagesEngine pipeline phases by injection target
Phase 1: History Truncation
Phase 2: System Message Assembly (all BaseSystemRoleProvider)
Phase 3: Context Injection (before first user message, BaseFirstUserContentProvider)
Phase 4: User Message Augmentation (last user message injections)
Phase 5: Message Transformation (flatten, template, variables)
Phase 6: Content Processing & Cleanup (multimodal, tool calls, cleanup)
Moved SkillContext, ToolSystemRole, HistorySummary from Phase 3 to
Phase 2 since they append to system message, not user context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 💄 style: split Phase 6 into Content Processing (6) and Cleanup (7)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: split AgentDocumentInjector into three position-based injectors
- AgentDocumentSystemInjector (Phase 2): before-system, system-append, system-replace
- AgentDocumentContextInjector (Phase 3): before-first-user
- AgentDocumentMessageInjector (Phase 4): after-first-user, context-end
Shared utilities (filterByRules, formatDocument, sortByPriority) extracted
to AgentDocumentInjector/shared.ts. Old monolithic injector removed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: split AgentDocumentSystemInjector into three separate injectors
- AgentDocumentBeforeSystemInjector: prepends as separate system message (before-system)
- AgentDocumentSystemAppendInjector: appends to system message (system-append)
- AgentDocumentSystemReplaceInjector: replaces entire system message (system-replace)
Each has distinct semantics and correct pipeline placement:
- BeforeSystem → before SystemRoleInjector
- SystemAppend → after HistorySummary (end of Phase 2)
- SystemReplace → last in Phase 2 (destructive)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ✨ feat: auto-enable agent-documents tool when agent has documents
- Add AgentDocumentsManifest to defaultToolIds
- Add hasAgentDocuments rule in server createServerAgentToolsEngine
- Query agent documents in AiAgentService.execAgent to determine flag
- Pattern matches KnowledgeBase auto-enable via enableChecker rules
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔨 chore: add agent documents status to execAgent operation log
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update content
* fix tests
* 🐛 fix: add raw-md plugin to database vitest configs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: prevent first assistant message re-animation on assistantGroup transition
When tool calls arrive during streaming, the message transitions from
assistant to assistantGroup, causing a full React remount. The first
content block's text was re-animating because isGenerating was still
true. Pass isFirstBlock prop through the render chain to disable
animation for the first block, since its text is guaranteed complete
by the time the group forms.
Fixes LOBE-6414
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove redundant isToolSingleLine animation check
isFirstBlock already covers the first block case, and subsequent blocks
should not have animation disabled just because they are single-line
with tools — they may still be streaming.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: sanitize search grounding image titles to prevent XSS
Replace dangerouslySetInnerHTML with stripHtml() for image result titles
in SearchGrounding and ImageSearchRef components to prevent stored XSS
attacks via malicious search result data.
Ref: GHSA-m5qx-g8hx-5f2p
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🔒 fix: remove SystemJS plugin renderer to eliminate arbitrary JS execution risk
The old plugin render system (ui.mode === 'module') that used SystemJS
to dynamically load and execute JS from untrusted URLs has been fully
retired. Remove SystemJsRender and systemjs dependency entirely.
Ref: GHSA-46v7-wvmj-6vf7
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Revert "🔒 fix: remove SystemJS plugin renderer to eliminate arbitrary JS execution risk"
This reverts commit 99a7603a72.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move `e.preventDefault()` before the `disabled || loading` early return
in NavItem's onClick handler. Previously, when a NavItem was in disabled
or loading state, the early return skipped `preventDefault()`, allowing
the underlying `<a>` tag's default navigation to trigger a full browser
page load instead of SPA routing.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ♻️ refactor: remove langchain dependency, use direct document loaders
Replace langchain and @langchain/community with self-implemented text
splitters and direct usage of underlying libraries (pdf-parse, d3-dsv,
mammoth, officeparser, epub2). This eliminates unnecessary dependency
bloat and addresses CVE-2026-26019 in @langchain/community.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* 🐛 fix: add missing @types/html-to-text and @types/pdf-parse
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🔒 fix: remove SystemJS plugin renderer to eliminate arbitrary JS execution risk
The old plugin render system (ui.mode === 'module') that used SystemJS
to dynamically load and execute JS from untrusted URLs has been fully
retired. Remove SystemJsRender and systemjs dependency entirely.
Ref: GHSA-46v7-wvmj-6vf7
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
description: 'Bot platform architecture (Discord, Slack, Telegram, Feishu/Lark, QQ, WeChat). Use when working on inbound webhooks, Chat SDK message routing, agent execution from chat platforms, queue-mode callbacks, gateway lifecycle (websocket/polling), bot provider CRUD/credentials, or platform-specific clients/adapters/schemas. Triggers on bot, channel, webhook, mention, Chat SDK, agent bot provider, gateway, bot-callback, qstash bot.'
---
# Bot System
> **Last updated: 2026-04-08.** Implementation evolves quickly — this doc is a map, not the source of truth. Always read the key files below to verify behavior, especially per-platform quirks. Update this doc when the architecture changes.
LobeChat agents can answer inside external chat platforms. Inbound messages flow through the Chat SDK (`chat` npm package), get routed to the right agent by `(platform, applicationId)`, executed via `AiAgentService`, and replied back through a per-platform `PlatformClient`. There are **two execution modes** (in-memory vs queue/QStash) and **three connection modes** (`webhook`, `websocket`, `polling`).
`supportsMarkdown=false` ⇒ outbound markdown is stripped to plain text via `stripMarkdown` and the AI is told not to use markdown. `supportsMessageEdit=false` ⇒ no progress edits — only the final reply is sent.
**Multi-mode connection** — Slack/Feishu/Lark/QQ shipped as websocket but support `webhook` per-provider via `settings.connectionMode`. Legacy rows without that field stay on `webhook` (see `LEGACY_WEBHOOK_PLATFORMS` in `platforms/utils.ts`) — **never add new platforms to that list**.
→ returns immediately, callbacks land at /api/agent/webhooks/bot-callback
```
The router caches loaded bots in memory. Cache is **invalidated** by `BotMessageRouter.invalidateBot(platform, appId)` whenever the TRPC `update`/`delete` mutations run, so new credentials/settings take effect on the next webhook.
## Execution Modes
### In-memory (default)
`AgentBridgeService.executeWithInMemoryCallbacks` wraps `execAgent` with `stepCallbacks`. Lives in one process — Promise-based wait, 30-min timeout, edits the same `progressMessage` after every step. Topic title is summarized inline via `SystemAgentService`.
### Queue (`isQueueAgentRuntimeEnabled`)
`AgentBridgeService.executeWithWebhooks`:
1. Posts the `renderStart` placeholder, captures `progressMessageId`.
2. Calls `execAgent` with `stepWebhook` and `completionWebhook` pointing at `${INTERNAL_APP_URL ?? APP_URL}/api/agent/webhooks/bot-callback`, plus `webhookDelivery: 'qstash'`.
3. Returns immediately; the bridge `finally` block keeps the active-thread marker held until the `completion` callback fires.
`/api/agent/webhooks/bot-callback/route.ts` verifies the QStash signature and hands off to `BotCallbackService.handleCallback`:
-`type: 'step'` → `handleStep` re-renders `renderStepProgress`, edits `progressMessageId` (skipped if `displayToolCalls=false` or platform `supportsMessageEdit=false`).
-`type: 'completion'` → `handleCompletion` writes the final reply (or error/interrupted message), removes the 👀 reaction, clears active-thread tracker, fires async `summarizeTopicTitle`.
`BotCallbackService.createMessenger` reloads provider + credentials from DB and rebuilds a `PlatformClient` per call (no in-memory state).
## Commands
Defined in `BotMessageRouter.buildCommands` and registered via two paths:
- **Text-based fallback** (Telegram/Feishu/QQ/Lark/WeChat): `bot.onNewMessage(/^\/(new|stop)(\s|$|@)/, ...)` plus a per-mention `tryDispatch` so commands work even before subscribe.
Built-in commands:
-`/new` — clears `topicId` in thread state, next message starts a fresh topic.
-`/stop` — interrupts the active execution (calls `AiAgentService.interruptTask` if `operationId` is known; otherwise queues a deferred stop via `requestStop`/`pendingStopThreads`, also aborts the startup phase via `startupControllers`).
To add a command, append to `buildCommands` — it auto-registers everywhere; on Telegram it also surfaces in the `/` menu via `client.registerBotCommands` → `setMyCommands`.
## Active-thread State (statics on `AgentBridgeService`)
-`activeThreads: Set<threadId>` — prevents duplicate runs per thread (must guard before stale-topic check, otherwise concurrent messages can drop).
-`activeOperations: Map<threadId, operationId>` — needed by `/stop` once `execAgent` returns.
-`startupControllers: Map<threadId, AbortController>` — cancels pre-`operationId` work (topic/tool prep).
-`pendingStopThreads: Set<threadId>` — `/stop` arrived before `operationId` existed; consumed once available.
In **queue mode**, the bridge `finally` skips cleanup so the marker persists until `BotCallbackService.handleCompletion` calls `clearActiveThread`.
## Topic Lifecycle in Threads
-`handleMention` always treats the message as the start of a new conversation.
-`handleSubscribedMessage` reads `topicId` from `thread.state`. If the topic is stale (`> 4 hours` since `updatedAt`), state is cleared and it retries as a fresh mention.
- If `execAgent` fails with a Postgres FK violation on `topic_id` (cached topic was deleted), the bridge clears state and retries as a mention.
-`subscribe()` is gated by `client.shouldSubscribe(threadId)` — Discord top-level channels return `false` so we don't follow up there.
## Attachments
`AgentBridgeService.extractFiles` resolves attachments in priority order:
1.`att.buffer` — already downloaded by the adapter (WeChat/Feishu inbound).
2.`att.fetchData()` — adapter-provided lazy download with auth (Telegram, Slack, Feishu history). **Required** when URLs are token-protected — naive `fetch(url)` later in `ingestAttachment.ts` has no credentials.
3.`att.url` — public CDN fallback (Discord, public QQ).
`inferMimeType` / `inferName` patch Telegram-style `photo` payloads (no `mimeType`/`name` from Bot API → defaults to `image/jpeg`) so vision models actually see them. Quoted-message attachments are also pulled from `raw.referenced_message.attachments` (Discord).
## Concurrency
`settings.concurrency` is `'queue'` or `'debounce'`:
-`debounce` → Chat SDK debounces inbound messages by `debounceMs`; `mergeSkippedMessages` joins skipped texts/attachments into the current message before handing to the agent.
-`queue` → Chat SDK serializes per-thread; the bridge's own `activeThreads` set is still required because in queue mode the SDK lock releases before the agent finishes.
## Gateway (persistent platforms)
Webhook platforms run fine in serverless functions. Persistent platforms (`websocket`, `polling`) need a long-running listener — that's the **gateway**.
- Iterates registered platforms and starts every enabled persistent provider with `durationMs = 10min`, then in `after(...)` polls `BotConnectQueue` every 30s for new connect requests, until the window expires.
-`getEffectiveConnectionMode(platform, settings)` is the only place that resolves per-provider mode — respect it everywhere.
**`POST /api/agent/gateway/start/route.ts`** is the non-Vercel `ensureRunning` entry point (`Bearer ${KEY_VAULTS_SECRET}`).
**Runtime status** is stored in Redis at `bot:runtime-status:platform:appId` with TTL ≈ `durationMs + 60s`. States: `starting | connected | disconnected | failed | queued`. Updated by each `PlatformClient.start/stop` and by the gateway service.
## Platform Definitions
Each platform exposes a `PlatformDefinition` registered in `platforms/index.ts`:
`schema` drives both server validation (`mergeWithDefaults`, `extractDefaults`) **and** the auto-generated UI form. Top-level keys `applicationId` / `credentials` / `settings` map to DB columns. Common settings fields live in `platforms/const.ts` (`displayToolCallsField`, `serverIdField`, `userIdField`).
Each platform implements `PlatformClient` (see `platforms/types.ts`):
`ClientFactory.validateCredentials` is called from the TRPC `testConnection` mutation — implement it to hit the platform API and return useful per-field errors.
- User-scoped: `create / update / delete / query / findById / findByAgentId / findEnabledByApplicationId`. Credentials are encrypted/decrypted via the injected `KeyVaultsGateKeeper`.
- Static (system-wide): `findByPlatformAndAppId`, `findEnabledByPlatform` — used by webhook routing & gateway sync, since they don't have a user context yet.
Client service: `src/services/agentBotProvider.ts`. Store actions: `src/store/agent/slices/bot/action.ts`. UI: `src/routes/(main)/agent/channel/{list,detail}` — settings form is auto-generated from each platform's `schema`.
## Reply Templates
`src/server/services/bot/replyTemplate.ts` exports `renderStart`, `renderStepProgress`, `renderFinalReply`, `renderError`, `renderStopped`, `splitMessage`. Step progress carries elapsed time, last LLM content, last tools, totals; final reply uses `client.formatMarkdown` then `client.formatReply` (which optionally appends `formatUsageStats`). `splitMessage(text, charLimit)` chunks at paragraph → line → hard cut.
-`const.ts` — `DEFAULT_X_CONNECTION_MODE`, history limits, etc.
-`protocol-spec.md` — protocol notes (every existing platform has one)
2. Pick the right `connectionMode` — webhook is much simpler if the platform supports it.
3. If the platform can't render markdown, set `supportsMarkdown: false` and implement `formatMarkdown` via `stripMarkdown`.
4. If it can't edit messages, set `supportsMessageEdit: false` — `BotCallbackService` will skip step edits and only send the final reply.
5. Implement `validateCredentials` so the UI's "Test connection" button gives useful errors.
6. Add the platform icon in `src/routes/(main)/agent/channel/const.ts` and register the platform in `src/server/services/bot/platforms/index.ts`.
7. Add i18n keys under `channel.*` in `src/locales/default/setting.ts` (or wherever the channel namespace lives) — the schema's `label`/`description`/`placeholder`/`enumLabels` are i18n keys.
- **If reachable** (returns any HTTP status): server is running. Skip to Step 2.
- **If unreachable**: start the server:
```bash
# From cloud repo root
pnpm run dev:next
```
To **restart** (pick up server-side code changes):
```bash
lsof -ti:3011 | xargs kill
pnpm run dev:next
```
**Important:** Server-side code changes in the submodule (`lobehub/src/server/`, `lobehub/packages/`) require a server restart. Next.js hot-reload may not pick up changes in submodule packages.
- **If file exists and contains `"serverUrl": "http://localhost:3011"`**: already authenticated. Skip to Step 3.
- **If file missing or points to wrong server**: login is needed. Ask the user to run:
```bash
! cd lobehub/apps/cli &&LOBEHUB_CLI_HOME=.lobehub-dev bun src/index.ts login --server http://localhost:3011
```
> Login requires interactive browser authorization (OIDC Device Code Flow), so the user must run it themselves via `!` prefix. After login, credentials are saved to `lobehub/apps/cli/.lobehub-dev/` and persist across sessions.
### Step 3: Test with CLI Commands
CLI runs from source (`bun src/index.ts`), so CLI-side code changes take effect immediately without rebuilding.
```bash
cd lobehub/apps/cli
LOBEHUB_CLI_HOME=.lobehub-dev bun src/index.ts <command>
```
### Step 4: Clean Up Test Data
Delete any test data created during verification:
```bash
LOBEHUB_CLI_HOME=.lobehub-dev bun src/index.ts task delete < id > -y
LOBEHUB_CLI_HOME=.lobehub-dev bun src/index.ts agent delete < id > -y
2.**Read images**: If the issue description contains images, MUST use `mcp__linear-server__extract_images` to read image content for full context
3.**Check for sub-issues**: Use`mcp__linear-server__list_issues` with `parentId` filter
4.**Mark as In Progress**: When starting to plan or implement an issue, immediately update status to **"In Progress"** via`mcp__linear-server__update_issue`
5.**Update issue status** when completing: `mcp__linear-server__update_issue`
Use `agent-browser` to automate Chromium-based apps via Chrome DevTools Protocol.
Install via `npm i -g agent-browser`, `brew install agent-browser`, or `cargo install agent-browser`. Run `agent-browser install` to download Chrome. Run `agent-browser upgrade` to update.
## Core Workflow
Every browser automation follows this pattern:
1.**Navigate**: `agent-browser open <url>`
2.**Snapshot**: `agent-browser snapshot -i` (get element refs like `@e1`, `@e2`)
3.**Interact**: Use refs to click, fill, select
4.**Re-snapshot**: After navigation or DOM changes, get fresh refs
Use `&&` when you don't need to read intermediate output. Run commands separately when you need to parse output first (e.g., snapshot to discover refs, then interact).
## Essential Commands
```bash
# Navigation
agent-browser open <url> # Navigate (aliases: goto, navigate)
agent-browser close # Close browser
agent-browser close --all # Close all active sessions
# Snapshot
agent-browser snapshot -i # Interactive elements with refs (recommended)
agent-browser snapshot -s "#selector"# Scope to CSS selector
# Interaction (use @refs from snapshot)
agent-browser click @e1 # Click element
agent-browser click @e1 --new-tab # Click and open in new tab
agent-browser fill @e2 "text"# Clear and type text
agent-browser type @e2 "text"# Type without clearing
Refs (`@e1`, `@e2`, etc.) are invalidated when the page changes. Always re-snapshot after clicking links/buttons that navigate, form submissions, or dynamic content loading.
## Annotated Screenshots (Vision Mode)
```bash
agent-browser screenshot --annotate
# Output includes the image path and a legend:
# [1] @e1 button "Submit"
# [2] @e2 link "Home"
agent-browser click @e2 # Click using ref from annotated screenshot
```
## Parallel Sessions
```bash
agent-browser --session site1 open https://site-a.com
agent-browser --session site2 open https://site-b.com
agent-browser --cdp 9222 snapshot # Explicit CDP port
```
## iOS Simulator (Mobile Safari)
```bash
agent-browser device list
agent-browser -p ios --device "iPhone 16 Pro" open https://example.com
agent-browser -p ios snapshot -i
agent-browser -p ios tap @e1
agent-browser -p ios swipe up
agent-browser -p ios screenshot mobile.png
agent-browser -p ios close
```
## Observability Dashboard
```bash
agent-browser dashboard install
agent-browser dashboard start # Background server on port 4848
agent-browser dashboard stop
```
## Cloud Providers
Use `-p <provider>` to run against cloud browsers: `agentcore`, `browserbase`, `browserless`, `browseruse`, `kernel`.
## Browser Engine Selection
```bash
agent-browser --engine lightpanda open example.com # 10x faster, 10x less memory
```
## Electron (LobeHub Desktop)
### Setup / Teardown
Use the `electron-dev.sh` script to manage the Electron dev environment. It handles process lifecycle, waits for SPA readiness, and reliably kills all child processes (main + helpers + vite).
# Or auto-discover running Chrome with remote debugging
agent-browser --auto-connect snapshot -i
```
---
# Part 2: osascript (Native macOS App Bot Testing)
Use AppleScript via `osascript` to control native macOS desktop apps for bot testing. Works with any app that supports macOS Accessibility, no CDP or Chromium needed.
The pattern is the same for every platform:
1.**Activate** the app (`tell application "X" to activate`)
2.**Navigate** to a channel/chat (Quick Switcher `Cmd+K` or Search `Cmd+F`)
3.**Send** a message (clipboard paste `Cmd+V` + Enter)
4.**Wait** for the bot response
5.**Screenshot** for verification (`screencapture` + `Read` tool)
## Per-Platform References
Pick the file for your target platform — each contains activation, navigation, send-message, and verification snippets specific to that app:
For **shared osascript patterns** (activate, type, paste, screenshot, read accessibility, common workflow template, gotchas), see [references/osascript-common.md](./references/osascript-common.md). Read this first if you're new to osascript automation.
---
# Scripts
Ready-to-use scripts in `.agents/skills/local-testing/scripts/`:
| `test-discord-bot.sh` | Send message to Discord bot via osascript |
| `test-slack-bot.sh` | Send message to Slack bot via osascript |
| `test-telegram-bot.sh` | Send message to Telegram bot via osascript |
| `test-wechat-bot.sh` | Send message to WeChat bot via osascript |
| `test-lark-bot.sh` | Send message to Lark / 飞书 bot via osascript |
| `test-qq-bot.sh` | Send message to QQ bot via osascript |
### Window Screenshot Utility
`capture-app-window.sh` captures a screenshot of a specific app window using `screencapture -l <windowID>`. It uses Swift + CGWindowList to find the window by process name, so screenshots work correctly even when the window is on an external monitor or behind other windows.
Each script: activates the app, navigates to the channel/contact, pastes the message via clipboard, sends, waits, and takes a screenshot. Use the `Read` tool on the screenshot for visual verification.
---
# Screen Recording
Record automated demos using `record-app-screen.sh` (start/stop lifecycle, CDP screenshots + ffmpeg assembly). See [references/record-app-screen.md](references/record-app-screen.md) for full documentation.
Outputs to `.records/` directory (gitignored): `<name>.mp4` (video) + `<name>/` (screenshots every 3s).
---
# Gotchas
### agent-browser
- **Daemon can get stuck** — if commands hang, `agent-browser close --all` or `pkill -f agent-browser` to reset
- **HMR invalidates everything** — after code changes, refs break. Re-snapshot or restart
- **`snapshot -i` doesn't find contenteditable** — use `snapshot -i -C` for rich text editors
- **`fill` doesn't work on contenteditable** — use `type` for chat inputs
- **Screenshots go to `~/.agent-browser/tmp/screenshots/`** — read them with the `Read` tool
- **Dialogs block all commands** — if commands time out, check `agent-browser dialog status`
- **Default timeout is 25s** — override with `AGENT_BROWSER_DEFAULT_TIMEOUT` (ms) or use explicit waits
- **Shell quoting corrupts eval** — use `eval --stdin <<'EVALEOF'` for complex JS
### Electron-specific
- **Always use `electron-dev.sh stop` to clean up** — `pkill -f "Electron"` only kills the main process; helper processes (GPU, renderer, network) survive. The script finds and kills all of them via PID matching against the project's electron binary path.
- **`npx electron-vite dev` must run from `apps/desktop/`** — running from project root fails silently. The `electron-dev.sh` script handles this automatically.
- **Don't resize the Electron window after load** — resizing triggers full SPA reload
- **Store is at `window.__LOBE_STORES`** not `window.__ZUSTAND_STORES__`
### osascript
See [references/osascript-common.md](./references/osascript-common.md#gotchas) for the full osascript gotchas list (accessibility permissions, `keystroke` non-ASCII issues, locale-specific app names, rate limiting, etc.).
Shared AppleScript / `osascript` patterns used by all platform bot tests. Read this first, then refer to the per-platform file for app-specific quirks.
## Core Patterns
### Activate an App
```bash
osascript -e 'tell application "Discord" to activate'
```
### Type Text
```bash
# Type character by character (reliable, but slow for long text)
osascript -e 'tell application "System Events" to keystroke "Hello world"'
# Press Enter
osascript -e 'tell application "System Events" to key code 36'
# Press Tab
osascript -e 'tell application "System Events" to key code 48'
# Press Escape
osascript -e 'tell application "System Events" to key code 53'
```
### Paste from Clipboard (fast, for long text)
```bash
# Set clipboard and paste — much faster than keystroke for long messages
osascript -e 'set the clipboard to "Your long message here"'
osascript -e 'tell application "System Events" to keystroke "v" using command down'
```
Or in one shot:
```bash
osascript -e '
set the clipboard to "Your long message here"
tell application "System Events" to keystroke "v" using command down
'
```
### Keyboard Shortcuts
```bash
# Cmd+K (quick switcher in Discord/Slack)
osascript -e 'tell application "System Events" to keystroke "k" using command down'
# Cmd+F (search)
osascript -e 'tell application "System Events" to keystroke "f" using command down'
# Cmd+N (new message/chat)
osascript -e 'tell application "System Events" to keystroke "n" using command down'
# Cmd+Shift+K (example: multi-modifier)
osascript -e 'tell application "System Events" to keystroke "k" using {command down, shift down}'
```
### Click at Position
```bash
# Click at absolute screen coordinates
osascript -e '
tell application "System Events"
click at {500, 300}
end tell
'
```
### Get Window Info
```bash
# Get window position and size
osascript -e '
tell application "System Events"
tell process "Discord"
get {position, size} of window 1
end tell
end tell
'
```
### Screenshot
```bash
# Full screen
screencapture /tmp/screenshot.png
# Interactive region select
screencapture -i /tmp/screenshot.png
# Specific window (by window ID from CGWindowList)
# Get all UI elements of the frontmost window (can be slow/large)
osascript -e '
tell application "System Events"
tell process "Discord"
entire contents of window 1
end tell
end tell
'
# Get a specific element's value
osascript -e '
tell application "System Events"
tell process "Discord"
get value of text field 1 of window 1
end tell
end tell
'
```
> **Warning:** `entire contents` can be extremely slow on complex UIs. Prefer screenshots + `Read` tool for visual verification.
### Read Screen Text via Clipboard
For reading the latest message or response from an app:
```bash
# Select all text in the focused area and copy
osascript -e '
tell application "System Events"
keystroke "a" using command down
keystroke "c" using command down
end tell
'
sleep 0.5
# Read clipboard
pbpaste
```
---
## Common Bot Testing Workflow
Regardless of platform, the pattern is:
```bash
APP_NAME="Discord"# or "Slack", "Telegram", "微信"
CHANNEL="bot-testing"
MESSAGE="Hello bot!"
WAIT_SECONDS=10
# 1. Activate
osascript -e "tell application \"$APP_NAME\" to activate"
sleep 1
# 2. Navigate to channel/chat (via Quick Switcher or Search)
osascript -e 'tell application "System Events" to keystroke "k" using command down'
sleep 0.5
osascript -e "tell application \"System Events\" to keystroke \"$CHANNEL\""
sleep 1
osascript -e 'tell application "System Events" to key code 36'
sleep 2
# 3. Send message
osascript -e "set the clipboard to \"$MESSAGE\""
osascript -e '
tell application "System Events"
keystroke "v" using command down
delay 0.3
key code 36
end tell
'
# 4. Wait for bot response
sleep "$WAIT_SECONDS"
# 5. Screenshot for verification
screencapture /tmp/"${APP_NAME,,}"-bot-test.png
echo"Result saved to /tmp/${APP_NAME,,}-bot-test.png"
```
### Tips
- **Use clipboard paste** (`Cmd+V`) for messages containing special characters or long text — `keystroke` can mangle non-ASCII
- **Add `delay`** between actions — apps need time to process UI events
- **Screenshot for verification** — use `screencapture` + `Read` tool for visual checks
- **Use a dedicated test channel/chat** — avoid polluting real conversations
- **Check app name** — some apps have different names in different locales (e.g., `微信` vs `WeChat`)
- **Accessibility permissions required** — System Events automation requires granting Accessibility access in System Preferences > Privacy & Security > Accessibility
---
## Gotchas
- **Accessibility permission required** — first run will prompt for access; grant it in System Preferences > Privacy & Security > Accessibility for Terminal / iTerm / Claude Code
- **`keystroke` is slow for long text** — always use clipboard paste (`Cmd+V`) for messages over \~20 characters
- **`keystroke` can mangle non-ASCII** — use clipboard paste for Chinese, emoji, or special characters
- **`key code 36` is Enter** — this is the hardware key code, works regardless of keyboard layout
- **`entire contents` is extremely slow** — avoid for complex UIs; use screenshots instead
- **App name varies by locale** — `微信` vs `WeChat`, `企业微信` vs `WeCom`; handle both
- **WeChat Enter sends immediately** — use `Shift+Enter` for newlines within a message
- **Rate limiting** — don't send messages too fast; platforms may throttle or flag automated input
- **Lark / 飞书 app name varies** — `Lark` (international) vs `飞书` (China mainland); scripts auto-detect
- **QQ uses `Cmd+F` for search** — not `Cmd+K` like Discord/Slack/Lark
- **Bot response times vary** — AI-powered bots may take 10-60s; use generous sleep values
General-purpose screen recording tool for the Electron app. Captures CDP screenshots as video frames and gallery snapshots, then assembles into an MP4 on stop.
## Why CDP Screenshots Instead of ffmpeg Screen Capture
- **Works on any screen** — CDP screenshots capture the browser viewport directly, so external monitors, Retina scaling, and window positioning are all handled automatically
- **No signal handling issues** — ffmpeg-static (npm) produces corrupt MP4 files when killed (missing moov atom). CDP screenshots avoid this entirely
- **Consistent output** — Screenshots are resolution-independent and don't require crop coordinate calculations
## Commands
```bash
# Start recording (Electron must be running with CDP)
agent_ref=$(echo"$snapshot"| grep 'link "'| grep -vE '"Home"|"Pages"|"Settings"|"Search"|"Resources"|"Marketplace"'| head -1 | grep -oE 'ref=e[0-9]+'| sed 's/ref=//'||true)
fi
if[ -z "$agent_ref"];then
echo"[error] No agent link found in snapshot"
echo"$snapshot"| head -30
return1
fi
echo"[demo] Clicking agent ref: @$agent_ref"
agent-browser --cdp "$port" click "@$agent_ref"
sleep 3
echo"[demo] Step 2: Send first message (triggers AI generation)"
local input_ref
input_ref=$(find_input_ref "$port")
agent-browser --cdp "$port" click "@$input_ref"
agent-browser --cdp "$port"type"@$input_ref""Write a 3000 word essay about the complete history of space exploration from Sputnik to the James Webb Space Telescope"
sleep 1
agent-browser --cdp "$port" press Enter
sleep 3
echo"[demo] Step 3: Queue message 1"
input_ref=$(find_input_ref "$port")
agent-browser --cdp "$port" click "@$input_ref"
agent-browser --cdp "$port"type"@$input_ref""This message should be edited"
echo"[demo] Queue was already drained. Retrying..."
input_ref=$(find_input_ref "$port")
agent-browser --cdp "$port" click "@$input_ref"
agent-browser --cdp "$port"type"@$input_ref""Now write another 3000 word essay about artificial intelligence from Turing to transformers covering every major breakthrough"
sleep 1
agent-browser --cdp "$port" press Enter
sleep 2
input_ref=$(find_input_ref "$port")
agent-browser --cdp "$port" click "@$input_ref"
agent-browser --cdp "$port"type"@$input_ref""This message should be edited"
@@ -6,8 +6,14 @@ description: React component development guide. Use when working with React comp
# React Component Writing Guide
- Use antd-style for complex styles; for simple cases, use inline `style` attribute
- **Prefer `createStaticStyles` with `cssVar.*`** (zero-runtime) — module-level, no hook call required
- Only fall back to `createStyles` + `token` when styles genuinely need runtime computation (dynamic props, JS color fns like `readableColor`/`chroma`)
- See `.cursor/docs/createStaticStyles_migration_guide.md` for full pattern
- Use `Flexbox` and `Center` from `@lobehub/ui` for layouts (see `references/layout-kit.md`)
**How to check**: After editing any `.ts` / `.tsx` file, run `Glob` for `<filename>.desktop.{ts,tsx}` in the same directory. If a match exists, update it with the equivalent sync-import change.
description: Guide for using Recent Data (topics, resources, pages). Use when working with recently accessed items, implementing recent lists, or accessing session store recent data. Triggers on recent data usage or implementation tasks.
user-invocable: false
---
# Recent Data Usage Guide
Recent data (recentTopics, recentResources, recentPages) is stored in session store.
@@ -5,6 +5,14 @@ description: "Version release workflow. Use when the user mentions 'release', 'h
# Version Release Workflow
## Mandatory Companion Skill
For every `/version-release` execution, you MUST load and apply:
-`../microcopy/SKILL.md`
Changelog style guidance is now fully embedded in this skill. Keep release facts unchanged, and only improve structure, readability, and tone.
## Overview
The primary development branch is **canary**. All day-to-day development happens on canary. When releasing, canary is merged into main. After merge, `auto-tag-release.yml` automatically handles tagging, version bumping, creating a GitHub Release, and syncing back to the canary branch.
@@ -150,6 +158,166 @@ All release PR bodies (both Minor and Patch) must include a user-facing changelo
- Weekly Release: See `reference/changelog-example/weekly-release.md`
- DB Migration: See `reference/changelog-example/db-migration.md`
@@ -4,16 +4,27 @@ A changelog reference for database migration release PR bodies.
---
This release includes a **database schema migration**involving **5 new tables** for the Agent Evaluation Benchmark system.
This release includes a **database schema migration**for Agent Evaluation Benchmark. We are adding **5 new tables** so benchmark setup, runs, and run-topic records can be stored in a complete and queryable structure.
- Added 5 new tables: `agent_eval_benchmarks`, `agent_eval_datasets`, `agent_eval_records`, `agent_eval_runs`, `agent_eval_run_topics`
Previously, benchmark-related data lacked a full lifecycle model, whichmade it harder to track evaluation flow from dataset to run results. This migration introduces the missing relational layer so benchmark configuration, execution, and analysis records stay connected.
### Notes for Self-hosted Users
In practical terms, this reduces ambiguity for downstream features and gives operators a cleaner foundation for troubleshooting and reporting.
- The migration runs automatically on application startup
- No manual intervention required
Added tables:
-`agent_eval_benchmarks`
-`agent_eval_datasets`
-`agent_eval_records`
-`agent_eval_runs`
-`agent_eval_run_topics`
## Notes for self-hosted users
- Migration runs automatically during app startup.
- No manual SQL action is required in standard deployments.
- As with any schema release, we still recommend database backup and rollout during a low-traffic window.
The migration owner: @{pr-author} — responsible for this database schema change, reach out for any migration-related issues.
@@ -4,42 +4,47 @@ A real-world changelog reference for weekly patch release PR bodies.
---
This release includes **82 commits** , Key updates are below.
This weekly release includes **82 commits**. The throughline is simple: less friction when moving from idea to execution. Across agent workflows, model coverage, and desktop polish, this release removes several small blockers that used to interrupt momentum.
### New Features and Enhancements
The result is not one headline feature, but a noticeably smoother week-to-week experience. Teams can evaluate agents with clearer structure, ship richer media flows, and spend less time debugging provider and platform edge cases.
- Added **Agent Benchmark** support for more systematic agent performance evaluation.
- Introduced the **video generation** feature end-to-end, including entry points, sidebar "new" badge support, and skeleton loading for topic switching.
- Expanded memory capabilities: support for memory effort/tool permission configuration and improved timeout calculation for memory analysis tasks.
- Added desktop editor support for image upload via file picker.
## Agent workflows and media generation
### Models and Provider Expansion
Previously, some agent evaluation and media generation flows still felt fragmented: setup was manual, discoverability was uneven, and switching between topics could interrupt context. This release adds **Agent Benchmark** support and lands the **video generation** path end-to-end, from entry point to generation feedback.
- Added a new provider: **Straico**.
- Added/updated support for:
- Claude Sonnet 4.6
- Gemini 3.1 Pro Preview
- Qwen3.5 series
- Grok Imagine (`grok-imagine-image`)
- MiniMax 2.5
- Added related i18n copy and model parameter adaptations.
In practice, this means users can discover and run these workflows with fewer detours. Sidebar "new" indicators improve visibility, skeleton loading makes topic switches feel less abrupt, and memory-related controls now behave more predictably under real workload pressure.
### Desktop Improvements
We also expanded memory controls with effort and tool-permission configuration, and improved timeout calculation for memory analysis tasks so longer runs fail less often in production-like usage.
- Improved DMG background assets and desktop release workflow.
## Models and provider coverage
### Stability, Security, and UX Fixes
Provider diversity matters most when teams can adopt new models without rewriting glue code every sprint. This release adds **Straico** and updates support for Claude Sonnet 4.6, Gemini 3.1 Pro Preview, Qwen3.5, Grok Imagine (`grok-imagine-image`), and MiniMax 2.5.
- Fixed multiple video generation pipeline issues: precharge refund handling, webhook token verification, pricing parameter usage, asset cleanup, and type safety.
- Fixed `sanitizeFileName` path traversal risks and added unit tests.
-Fixed MCP media URL generation with duplicated `APP_URL` prefix.
Use these updates to:
-route requests to newly available providers
- test newer model families without custom patching
- keep model parameters and related i18n copy aligned across providers
This keeps model exploration practical: faster evaluation loops, fewer adaptation surprises, and cleaner cross-provider behavior.
## Desktop and platform polish
Desktop receives a set of quality-of-life upgrades that reduce "death by a thousand cuts" moments. We integrated `electron-liquid-glass` for macOS Tahoe and improved DMG background assets and packaging flow for more consistent release output.
The desktop editor now supports image upload from the file picker, which shortens everyday authoring steps and removes one more reason to switch tools mid-task.
## Improvements and fixes
- Fixed multiple video pipeline issues across precharge refund handling, webhook token verification, pricing parameter usage, asset cleanup, and type safety.
- Fixed path traversal risk in `sanitizeFileName` and added corresponding unit tests.
- Fixed MCP media URL generation when `APP_URL` was duplicated in output paths.
- Fixed Qwen3 embedding failures caused by batch-size limits.
- Fixed multiple UI/interaction issues, including mobile header agent selector/topic count, ChatInput scrolling behavior, and tooltip stacking context.
- Fixed several UIinteraction issues, including mobile header agent selector/topic count, ChatInput scrolling behavior, and tooltip stacking context.
- Fixed missing `@napi-rs/canvas` native bindings in Docker standalone builds.
- Improved GitHub Copilot authentication retry behavior and response error handling in edge cases.
if grep -iq "^${ISSUE_AUTHOR}$" .github/maintainers.txt; then
echo "is_team=true" >> "$GITHUB_OUTPUT"
else
echo "is_team=false" >> "$GITHUB_OUTPUT"
fi
- name:Copy triage prompts
run:|
mkdir -p /tmp/claude-prompts
@@ -62,7 +72,7 @@ jobs:
**IMPORTANT**:
- Follow ALL steps in the issue-triage.md guide
- Apply labels according to the guide's rules
- Post a mention comment to the appropriate team member(s) based on team-assignment.md
- ${{ steps.check-team.outputs.is_team == 'true' && 'The issue author is a team member. Do NOT post any @mention comment.' || 'Post a mention comment to the appropriate team member(s) based on team-assignment.md' }}
'You need to maintain the component format of the mdx file; the output text does not need to be wrapped in any code block syntax on the outermost layer.\n'+
- Use `.github/PULL_REQUEST_TEMPLATE.md` for PR descriptions
- **Protection of local changes**: Never use `git restore`, `git checkout --`, `git reset --hard`, or any other command or workflow that can forcibly overwrite, discard, or silently replace user-owned uncommitted changes. Before any revert or restoration affecting existing files, inspect the working tree carefully and obtain explicit user confirmation.
### Package Management
@@ -89,7 +90,8 @@ cd packages/[package-name] && bunx vitest run --silent='passed-only' '[file-path
- **`src/routes/`** holds only page segments (`_layout/index.tsx`, `index.tsx`, `[id]/index.tsx`). Keep route files **thin** — import from `@/features/*` and compose, no business logic.
- **`src/features/`** holds business components by **domain** (e.g. `Pages`, `PageEditor`, `Home`). Layout pieces, hooks, and domain UI go here.
-See the **spa-routes** skill for the full convention and file-division rules.
-**Desktop router parity:** When changing the main SPA route tree, update **both**`src/spa/router/desktopRouter.config.tsx` (dynamic imports) and `src/spa/router/desktopRouter.config.desktop.tsx` (sync imports) so paths and nesting match. Changing only one can leave routes unregistered and cause **blank screens**.
- See the **spa-routes** skill (`.agents/skills/spa-routes/SKILL.md`) for the full convention and file-division rules.
@@ -6,7 +6,7 @@ Guidelines for using Claude Code in this LobeHub repository.
- Next.js 16 + React 19 + TypeScript
- SPA inside Next.js with `react-router-dom`
-`@lobehub/ui`, antd for components; antd-style for CSS-in-JS
-`@lobehub/ui`, antd for components; antd-style for CSS-in-JS — **prefer `createStaticStyles` with `cssVar.*`** (zero-runtime); only fall back to `createStyles` + `token` when styles genuinely need runtime computation. See `.cursor/docs/createStaticStyles_migration_guide.md`.
- react-i18next for i18n; zustand for state management
- SWR for data fetching; TRPC for type-safe backend
- Drizzle ORM with PostgreSQL; Vitest for testing
@@ -60,6 +60,7 @@ When adding or changing SPA routes:
1. In `src/routes/`, add only the route segment files (layout + page) that delegate to features.
2. Implement layout and page content under `src/features/<Domain>/` and export from there.
3. In route files, use `import { X } from '@/features/<Domain>'` (or `import Y from '@/features/<Domain>/...'`). Do not add new `features/` folders inside `src/routes/`.
4.**Register the desktop route tree in both configs:**`src/spa/router/desktopRouter.config.tsx` and `src/spa/router/desktopRouter.config.desktop.tsx` must stay in sync (same paths and nesting). Updating only one can cause **blank screens** if the other build path expects the route.
See the **spa-routes** skill (`.agents/skills/spa-routes/SKILL.md`) for the full convention and file-division rules.
We're thrilled that you want to contribute to Lobe Chat, the future of communication! 😄
We're thrilled that you want to contribute to LobeHub, the future of communication! 😄
Lobe Chat is an open-source project, and we welcome your collaboration. Before you jump in, let's make sure you're all set to contribute effectively and have loads of fun along the way!
LobeHub is an open-source project, and we welcome your collaboration. Before you jump in, let's make sure you're all set to contribute effectively and have loads of fun along the way!
## Table of Contents
@@ -69,11 +69,11 @@ git fetch upstream
git merge upstream/main
```
This ensures you're working on the most current version of Lobe Chat. Stay fresh! 💨
This ensures you're working on the most current version of LobeHub. Stay fresh! 💨
## Open a Pull Request
🚀 Time to share your contribution! Head over to the original Lobe Chat repository and open a Pull Request (PR). Our maintainers will review your work.
🚀 Time to share your contribution! Head over to the original LobeHub repository and open a Pull Request (PR). Our maintainers will review your work.
## Review and Collaboration
@@ -81,8 +81,8 @@ This ensures you're working on the most current version of Lobe Chat. Stay fresh
## Celebrate 🎉
🎈 Congratulations! Your contribution is now part of Lobe Chat. 🥳
🎈 Congratulations! Your contribution is now part of LobeHub. 🥳
Thank you for making Lobe Chat even more magical. We can't wait to see what you create! 🌠
Thank you for making LobeHub even more magical. We can't wait to see what you create! 🌠
We only provide security fixes for the **latest 2.x release**. Older versions (including all 1.x releases) are end-of-life and will not receive patches.
| Version | Supported |
| ------------ | --------- |
| 2.x (latest) | ✅ |
| 1.x | ❌ |
| 0.x | ❌ |
If you are running a 1.x deployment, we strongly recommend upgrading to the latest 2.x release.
## Reporting a Vulnerability
Please report security vulnerabilities through the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/lobehub/lobehub/security/advisories/new) tab.
**Please do not report security vulnerabilities through public GitHub issues.**
### Response Timeline
- **Acknowledgement**: We aim to respond to all reports within **7 days**.
- **Fix**: Confirmed vulnerabilities will be addressed within **30 days**.
- **Urgent issues**: If you believe the vulnerability is critical and actively exploitable, you can reach out directly on Discord (`arvinxu`) for faster coordination.
### What to Include
A good vulnerability report should include:
- A clear description of the issue and its potential impact
- The affected version (must be the latest 2.x release)
- Step-by-step reproduction instructions or a working PoC
- Any relevant logs, screenshots, or code references
## Scope
### In Scope
- Security issues affecting the **latest 2.x release** of LobeHub
- Vulnerabilities in the **server-side deployment** (LobeHub Cloud or self-hosted server mode)
- Issues that can be exploited **without requiring admin/owner access** to the deployment
### Out of Scope (Not a Vulnerability)
The following are considered **by design** or **out of scope** and will not be accepted as vulnerability reports:
#### 1. End-of-Life Versions
Any issue that only affects 1.x or earlier versions. This includes but is not limited to the `X-lobe-chat-auth` header mechanism, `webapi` route authentication, and other 1.x-specific architectures that have been completely removed in 2.x.
#### 2. File Proxy Public Access (`/f/:id`)
The file proxy endpoint `/f/:id` uses randomly generated, non-enumerable IDs as [capability URLs](https://www.w3.org/TR/capability-urls/). This is a deliberate design choice, similar to how S3 presigned URLs or Google Docs sharing links work. Knowing the URL grants access — this is by design, not an authorization bypass.
#### 3. User Enumeration on Login Flows
Endpoints such as `check-user` that indicate whether an account exists are part of the standard login UX. This is a common and intentional pattern used by most modern authentication flows.
#### 4. Self-Hosted Client-Side API Key Storage
In self-hosted client-side mode, users configure their own API keys which are stored in the browser's local storage. This is the expected behavior for client-side deployments where the user is both the operator and the consumer.
#### 5. Issues Requiring Admin or Owner Privileges
Actions that require administrative access to the deployment (e.g., environment variable configuration, server-side settings) are not considered security vulnerabilities, as the admin is already a trusted party.
#### 6. Theoretical Attacks Without Practical Impact
Reports based on theoretical attack scenarios without a working proof of concept against a realistic deployment, or issues that require unlikely preconditions (e.g., physical access to the server, pre-existing compromise of the host system).
## Disclosure Policy
- We follow [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure).
- We will credit reporters in the security advisory unless they prefer to remain anonymous.
- Please allow us reasonable time to address the issue before any public disclosure.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
lobehubbot