On Windows the expert enable-status check compared `fs::read_link` output
against the central path, which silently failed for junctions: the link
state fell back to Broken/LinkedElsewhere, so enabled experts kept
reappearing as disabled and disappeared from the message-input expert
list. Switch the link verification to canonicalize both sides (which
transparently follows junctions and symlinks) and add a case-insensitive
path comparison on Windows. Also prefer `junction::get_target` for the
displayed target path.
Large raw_output snapshots from tool_call_update notifications caused
O(N²) traffic through the event pipeline, multi-GB transient allocations
and WKWebView crashes. The fix turns cumulative snapshots into bounded
incremental deltas and removes redundant payload copies.
- Add ToolCallOutputCache keyed by tool_call_id with a 8KB tail
fingerprint and total length. Detects cumulative extensions by
matching the cached tail at the expected offset in the incoming
snapshot, so it works even when the full output grows into the MB
range. Emits suffix deltas with raw_output_append=true; falls back
to a truncated replacement when content diverges.
- Cap any single emitted raw_output chunk at 64KB (MAX_SINGLE_EMIT_BYTES)
with a UTF-8 char-boundary-safe tail and ANSI-sequence-safe trimming.
Apply the same cap to emit_terminal_output_update.
- Bound the cache at 256 entries with FIFO eviction, and clear entries
when the tool call reaches completed / failed / cancelled / error.
- Seed the cache via a dedicated seed() method on SessionUpdate::ToolCall
so the initial event never emits an accidental append.
- Share emit payloads as Arc<serde_json::Value> across broadcast
receivers and skip the Tauri-side clone: serialize once and hand the
same Arc to both the webview emit and the WebSocket broadcaster.
- Add 14 unit tests covering boundary cases: identity, prefix extension
past the cached tail, divergence, oversized deltas, multibyte UTF-8
truncation, final-status cleanup, FIFO eviction, seed semantics, and
ANSI-safe trimming.
Scan ~/.codex/skills/.system so Codex CLI's bundled skills (imagegen,
skill-creator, etc.) appear in the $ autocomplete and Skills settings.
Mark them read_only on the API; the save/delete handlers refuse writes
to that path, and the UI shows a system badge with a tooltip and
disables edit/delete/save for those entries.
Adds a new "Quick Messages" settings page below Experts for managing reusable title/content snippets, backed by SQLite via SeaORM and exposed through both Tauri commands and the Axum web router. The list supports drag-to-reorder using the same motion/react Reorder pattern as the agent list, with translations provided across all 10 supported locales.
- Add `color` column to folder table with migration backfill and hash-based assignment on folder creation
- Expose `update_folder_color` via Tauri command and `/update_folder_color` HTTP route
- Render a color swatch before each folder name in the sidebar header; offer a 10-color palette (9 hues plus a theme-aware foreground sentinel) through the folder context menu
- Show the folder header "new conversation" button only on hover
- Drop the expanded-state tint on folder name and count badge; use a fixed neutral rail color for conversation items
Remove the parent-branch button shown beside the branch selector along
with its supporting API, command, service, model, and i18n strings.
Add migration m20260423 to drop the now-unused folder.parent_branch
column.
Deep directories (beyond the workspace snapshot's depth limit) relied on
a lazy-loaded override cache that was never invalidated, so agent-created
files, in-app deletes / renames / rollbacks, and external changes inside
expanded deep folders stayed invisible until the folder was reopened.
Propagate watcher `changed_paths` through the delta envelope and fire a
Meta event whenever FS activity doesn't alter the tree/git snapshots, so
the frontend can surgically invalidate affected cache entries and
re-fetch. Manual refresh (Reload from disk) clears the cache and
re-hydrates still-expanded deep dirs through the same path. Replayed
deltas after reconnect are forwarded to the same listeners.
Also split the combined workspace-state effect into tree / git / status
slices so unrelated state transitions (e.g. the 'resyncing' flip during
a refresh) no longer rebuild the entire node tree and cause a flash.
Replace the legacy folder + welcome routes with a unified /workspace route
that hosts all folders, conversations, tabs, and terminals in one window.
- Persist opened tabs to the database (opened_tabs entity + migration)
so tab layout survives restarts and deep-link bootstrap restores state
- Replace FolderContext shim with AppWorkspaceProvider, ActiveFolderProvider,
and TabProvider; expose both opened (folders) and full DB (allFolders)
listings via list_all_folder_details
- Return conversations across all non-deleted folders from list_all when
no folder filter is given, so the sidebar can show every folder's history
- Add ConversationContextBar above the chat input with folder picker
(auto-opens unopened folders on select), branch picker, and commit /
push / merge / stash entries to restore BranchDropdown functionality
- Rework sidebar with stats header, search, flat / folder-grouped view
modes (localStorage-persisted), reveal-in-sidebar event subscriber,
and per-folder context menu (focus, close tabs, remove from workspace);
indent conversations under folder headers in grouped mode
- Gate terminal creation on active folder and show folder context
- Remove deprecated BranchDropdown, FolderNameDropdown, welcome route,
and per-folder window commands
- Localize all new strings across 10 locales
Previously LANG/LC_ALL were only set on Windows, so git stderr was
localized on macOS/Linux and substring checks for English messages
(e.g. 'unknown revision or path not in the working tree') silently
failed — empty-repo/missing-branch cases surfaced as red error
banners in the Git log panel instead of rendering as empty lists.
Reintroduce a local not-a-git-repo fallback state in the git log panel so non-repo errors still render the dedicated empty state when workspace state streaming is degraded.
Improve git repository preflight classification by distinguishing missing paths, permission issues, and non-directory targets before checking .git presence.
Add not_a_git_repository to the frontend AppErrorCode union for explicit typed handling.
Consolidate `.git` presence detection into a shared `git_repo` module used by both the workspace state watcher and the command preflight helper, replacing duplicated local definitions.
Introduce `AppErrorCode::NotAGitRepository` (HTTP 422) and preflight eleven frontend-callable git commands (log, status, list-branches, diff, diff-with-branch, show-diff, show-file, push-info, list-remotes, list-all-branches, commit-branches) so non-git folders short-circuit with a structured error instead of leaking locale-dependent git stderr.
Frontend `isNotAGitRepoError` checks the error code first and falls back to a multi-language regex list centralized in `src/i18n/git-error-patterns.ts`, covering the nine languages git actually translates into.
Wire the git log panel to `workspaceState.isGitRepo` rather than a local cached flag, so running `git init` or deleting `.git` externally propagates through the watcher and refreshes the panel automatically.
- Replace hardcoded "Claude Code" in agent_responding with each session's actual AgentType label; store agent_type on ActiveSession and populate it in both task-start and resume paths
- Remove silent ClaudeCode fallback in resolve_agent_type; /task now prompts the user to pick an agent when none is selected and the folder has no default
- Move session command strings out of session_commands.rs into i18n.rs with full 10-language coverage (en/zh-CN/zh-TW/ja/ko/es/de/fr/pt/ar)
- Fix French accent and wrap Latin agent name with Arabic bidi isolates (FSI/PDI) for consistent rendering across Telegram/Lark/WeiXin clients
- Release the bridge lock before the get_lang DB lookup in the content_delta flush path to avoid cross-session contention
- Log unknown agent_type fallback in conversation_service::parse_agent_type for observability
Reconcile the cached is_git_repo flag against the filesystem on every watch flush so `git init` or deletion of .git is reflected immediately: sync the stored flag, drop stale git_snapshot data when the repo goes away, emit a meta delta when presence flips without any data change, and mark the event as requires_resync so the frontend re-fetches the snapshot to pick up the new flag.
Replace the title-bar branch polling interval with a self-adjusting setTimeout chain that backs off to 60s when get_git_branch returns null or throws and drops back to 10s once a branch is detected, so branches created externally recover within one slow tick without hammering the backend on non-git folders.
Gate git refresh on .git presence so file churn in non-git workspaces no longer produces endless resync_hint events, and silently log tree/git refresh errors during watch flushing instead of flagging requires_resync, which turned transient failures into self-reinforcing loops.
Degrade gracefully when the filesystem watcher fails to attach (e.g. permission denied, inotify quota): keep the initial snapshot, surface a degraded flag, and expose a store-level restart that the banner uses to retry attachment after the root cause is fixed.
Propagate is_git_repo through the snapshot so the git log and changes tabs render a dedicated "Not a Git repository" empty state instead of raw git stderr with a useless retry button.
Stop polling get_git_branch from the title bar once it returns null and re-arm on visibility change.
Add translations for the new banner, empty-state, and retry keys across all ten locales.
- Persist user-supplied access token and last-used port in app_metadata, falling back to defaults when unset
- Atomically guard concurrent starts via compare_exchange with RAII rollback of the running flag
- Wrap token and port persistence in a single SeaORM transaction to prevent partial writes
- Classify bind errors (port in use, permission denied, address unavailable, invalid address) into stable i18n keys
- Localize start-failure messages across all 10 supported languages
- Codex: decouple active_agent_count decrement from close_agent target
parsing and reset counter on turn_context to prevent main assistant
messages from being swallowed when close_agent events are malformed
- Codex: use exact filename match with separator-aware fallback and
sorted candidates for deterministic subagent session file resolution
- Codex/OpenCode: truncate subagent tool call previews to 500 chars
- OpenCode: batch-load all subagent tool calls in a single SQL query
instead of per-task N+1 queries to avoid slow detail page loads
- Streaming: restrict positional child grouping fallback to in-progress
agents only, preventing top-level tool calls from being incorrectly
folded into completed Agent cards
- Tests: update Claude context window assertions to match 1M default
Forward the previously-dropped `locations` and `meta` fields from ACP
SDK ToolCall/ToolCallUpdate events through to the frontend. The meta
field carries `claudeCode.parentToolUseId` which enables precise
parent-child matching for concurrent Agent tool calls during streaming.
- Forward locations/meta in Rust AcpEvent types and connection handlers
- Use parentToolUseId for exact agent→child mapping, with position-based
fallback for agents that don't provide it (Codex, OpenCode)
- Replace `any` types with proper ToolCallMeta / unknown types
- Add runtime guards for meta field parsing (defensive against
unexpected shapes from different agents)
- Cache inferLiveToolName results per tool_call_id to avoid redundant
computation across Phase 1 and Phase 2
- Lazy-construct agentStats only when children exist
Transform OpenCode "task" tool calls with subagent_type into unified
Agent card display: rewrite as "Agent" tool with subagent_type, prompt,
description, and model; compute duration from time fields; query
sub-agent session parts from SQLite for nested tool call lists; extract
<task_result> content to strip preamble noise from agent output; guard
Streamdown code plugin against unsupported Shiki language identifiers
(e.g. "##", "function") in fenced code blocks from tool output.
Transform Codex spawn_agent/wait_agent/close_agent into unified Agent
card display: rewrite spawn_agent as "Agent" tool with subagent_type,
prompt, and description; correlate final results from wait_agent and
close_agent outputs; parse sub-agent session JSONL files for nested
tool call lists; suppress intermediate status messages during agent
execution; clean exec_command output to show only the command and its
result.
Render Agent/Explore/Plan tool calls in a visually distinct collapsible
container with colored left border, replacing the generic tool card. Parse
subagent JSONL transcripts from {sessionId}/subagents/ to extract and
display the actual tool calls (Bash, Read, Grep, etc.) the subagent
executed, reusing the existing ToolCallPart for consistent appearance.
- Add AgentToolCallPart component with collapsible body, prompt section,
execution stats, and nested tool call list via render prop injection
- Add AgentExecutionStats and AgentToolCall types (Rust + TypeScript)
- Parse toolUseResult.agentId to locate and read subagent JSONL files
- Validate agentId against path traversal before filesystem access
- Pass agentStats through adapter for both ID-matched and positional
tool result pairing
- Strip agentStats in nested render to prevent recursive Agent expansion
- Add i18n keys for agent UI labels across all 10 languages
Replace lexicographic sort with numeric (major, minor, patch) sort
across all 7 version-directory sort sites in find_node_bin_dir.
Lexicographic sort incorrectly orders v20.9 > v20.11 (because '9' > '1')
which could select an older Node.js version and cause agent preflight
failures for version-gated agents like OpenClaw (requires >=22.12.0).
- Fix thread safety: replace #[tokio::main] in codeg_server with manual
runtime construction so set_var runs before any worker threads exist
- Fix nvm alias branch: sort matched candidates (read_dir order is
undefined) and skip non-numeric aliases like lts/* that cannot be
resolved without full nvm evaluation
- Fix HOME missing: accept Option<&Path> for home so env-var-only
discovery (NVM_HOME, VOLTA_HOME, FNM_DIR, etc.) still works in
Docker / systemd environments without HOME set
- Refactor resolve_dir to accept an env var chain, eliminating all
inline Option chains for fnm, nvm-windows, mise, and scoop
Expand find_node_bin_dir to support 9 version managers / installation
methods across macOS, Linux, and Windows:
- nvm (Unix): fix alias duplicate candidates, skip symbolic aliases
like lts/* that cannot be resolved without full nvm evaluation
- nvm-windows: detect via %NVM_SYMLINK% and %NVM_HOME% with correct
directory layout (node.exe directly in version dir, no bin/)
- fnm: use platform-correct defaults (%APPDATA%/fnm on Windows,
$XDG_DATA_HOME/fnm on Unix) instead of hardcoded Unix path
- volta: validate that a concrete Node image exists before adding
the shim directory, preventing cryptic errors when volta is
installed but no Node version has been set
- asdf (Unix): $ASDF_DATA_DIR or ~/.asdf/installs/nodejs/
- mise/rtx (cross-platform): $MISE_DATA_DIR with XDG fallback
- n (Unix): $N_PREFIX or /usr/local/n/versions/node/
- Homebrew (macOS): /opt/homebrew and /usr/local prefixes
- Scoop (Windows): nodejs-lts and nodejs app detection
Also improve production readiness:
- Document thread-safety requirements for set_var (unsafe in ed. 2024)
- Add warning log when HOME is unset (Docker / minimal containers)
- Clarify FNM_MULTISHELL_PATH scope (server binary only, not GUI)
- Note lexicographic sort limitation for semver edge cases
Add OAuth device code flow for Codex CLI official subscription auth,
allowing users to log in with their ChatGPT account directly from the
agent settings page without using the terminal.
- Backend: two new endpoints (codex_request_device_code, codex_poll_device_code)
that handle the OpenAI OAuth device code flow and return tokens to frontend
- Frontend: login UI with verification URL, copyable user code, polling status,
15-minute timeout, and auto-save via existing persistEnv/persistConfig path
- Auth.json written in Codex CLI compatible format (nested tokens, account_id,
last_refresh) so codex-acp can use OAuth tokens directly
- Show logged-in status and re-login option when tokens are present
- Remove auth.json textarea from Codex settings UI
- i18n: all 10 languages updated with new login-related keys
