[pull] main from stablyai:main#30
Merged
Merged
Conversation
Co-authored-by: Orca <help@stably.ai>
* fix(browser): auto-grant pointerLock permission Orca's browser deny-by-defaults Chromium permission requests unless the permission is in AUTO_GRANTED_BROWSER_PERMISSIONS. pointerLock is not in that set, so immersive web apps (3D editors, FPS-style games) that call requestPointerLock() get a confusing toast: "<url> asked for pointer lock, and Orca denied it." with no in-app toggle to allow it. Add 'pointerLock' to the auto-grant set. This mirrors the resolution of the identical persistent-storage denial in #4801 / #4849. Chromium still requires a user gesture before requestPointerLock() can engage, so this only lifts Orca's application-level gate — it does not bypass the spec's user-activation requirement. * test(browser): cover pointer lock permission paths Co-authored-by: Orca <help@stably.ai> --------- Co-authored-by: Jinwoo-H <jinwoo0825@gmail.com> Co-authored-by: Orca <help@stably.ai>
* fix(browser): allow trusted embedded popup windows * fix(browser): harden embedded popup windows Co-authored-by: Orca <help@stably.ai> --------- Co-authored-by: Jinwoo-H <jinwoo0825@gmail.com> Co-authored-by: Orca <help@stably.ai>
…e resets (permanent frozen panes) (#8034) * fix(terminal): reset PTY delivery accounting across renderer lifecycle resets (frozen panes) Panes froze permanently because main's PTY->renderer flow control leaked its unacked in-flight byte counters and pending backlog across renderer reloads/crashes: the lifecycle reset cleared only visibility hints, daemon PTYs outlive the page, and the new page never acks the dead page's bytes, so any pty with >=512KB unacked at reload time was delivery-gated forever (proven by dev repro: counter pinned at exactly 524288; one manual ackData of the leaked bytes instantly unfroze the pane). Fix: (1) zero in-flight counters + pending backlog on every main-frame renderer lifecycle reset (panes rebuild losslessly from main's authoritative snapshot on reattach); (2) hold PTY sends until the new page's pty:data listener signals ready (pty:rendererDispatcherReady), so boot-window output accrues in the capped backlog instead of being counted-but-dropped; (3) 10s self-heal watchdog + reconcile-on-handshake backstop so a missed reset (subframe-overlapped reload emits no did-start-loading) or lost handshake can never itself freeze delivery; (4) derive the active-renderer-pty report reactively so in-place rebinds keep the interactive reserve; (5) expose reset/gate state in the delivery debug snapshot for future diagnosis. Adds an experimental reliability gate (pty-delivery.renderer-lifecycle-accounting-reset) with red/green-proven regression tests for each branch of the fix. * chore(reliability-gates): link PR #8034 as the gate's motivating fix * fix(terminal): sender-guard the dispatcher-ready handshake; fix WSL gate wording CodeRabbit: the reconcile backstop destructively clears delivery accounting, so a straggler pty:rendererDispatcherReady from a dying window's webContents must not reset the new window — reuse the pty:write main-window sender check (+ regression test). Also resolve the contradictory WSL coverage claim in the reliability gate notes (WSL rides the same local/daemon pipeline; mobile/relay and SSH are separate paths).
Co-authored-by: Orca <help@stably.ai>
* fix(jira): group Jira issues by status in task page Generated with [Devin](https://devin.ai) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> * feat(jira): order grouped statuses by agile board columns configuration * test(jira): add comprehensive tests for Jira issue grouping functionality Add test coverage for the new Jira issue grouping features including: - Grouping issues by status name - Sorting sections by agile board column configuration - Falling back to alphabetical sorting when no board config exists - Collapsed groups state management - Filtering issues based on collapsed state - Backend tests for getProjectStatuses API with various scenarios Generated with [Devin](https://devin.ai) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> * test(jira): add backend tests for getProjectStatuses and RPC routing Add test coverage for the new getProjectStatuses backend functionality: - Returns empty array when no clients are available - Returns statuses from project statuses API when no board configuration exists - Orders statuses by agile board column configuration when available - Handles missing status IDs gracefully by falling back to unordered list - Clears token on auth errors - Returns empty array on operational errors - RPC routing for jira.getProjectStatuses method Generated with [Devin](https://devin.ai) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> * fix(jira): harden status grouping --------- Co-authored-by: Andres Van Reepingen <andres.vanreepingen@datacamp.com> Co-authored-by: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Jinjing <6427696+AmethystLiang@users.noreply.github.com>
* fix(status-bar): keep antigravity usage visible * feat(rate-limits): add Grok usage status * feat(grok): add managed usage accounts * test(rate-limits): isolate Codex PTY fallback fetches * fix(grok): address CodeRabbit review on usage status PR - Guard auth.json read/parse so missing files return null - Thread AbortSignal through Grok rate-limit fetch and ACP auth - Pass isRemote:false for floating-terminal agent launch env * fix(grok): wire ACP abort after child listeners to avoid TDZ * fix(status-bar): address CodeRabbit on combined Grok/Antigravity usage - Pin WSL shell distro when resolving managed GROK_HOME (parity with Codex) - Refresh only Grok on account change via fetchGrokOnly - Consolidate usage status-bar toggle catalogs; add Grok locale keys - Fix Grok aria-label, feature-interaction tracking, and test fixture * fix(settings): drop duplicate usage status-bar toggle catalog Remove the leftover re-export path so Appearance search has a single source of truth for usage provider toggles (including Antigravity + Grok). * fix(settings): restore AccountsPane and locale UTF-8 after merge Re-do AccountsPane three-way merge with binary-safe git objects and keep both Grok accounts + remote provider client imports. Rebuild locale JSON merges so em dash/ellipsis/middle-dot strings are no longer mojibake. * fix(i18n): add missing comma after merged status-bar locale keys * test: add antigravity to GrokUsagePane rate-limit fixture RateLimitState gained a required antigravity field; the pane fixture must carry it to typecheck. * fix(status-bar): gate Antigravity durable visibility on Gemini OAuth opt-in The Antigravity snapshot mirrors the Gemini fetch, which is permanently 'unavailable' until the user opts into Gemini CLI OAuth. Without this gate the default-on checked item plus a detected agy CLI pinned a dead 'A --' bar (Gemini itself hides in that state) and suppressed the usage setup CTA for users who configured nothing. --------- Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
* fix(grok): restore clipboard and native-chat parity Grok CLI already supports argv prompts, OSC 52 copy, and image paste chips. Orca was blocking those paths: stdin-after-start keystroke injection, OSC 52 writes default-off, image-attachment denylist, and native-chat allowlist. - Launch Grok with positional argv prompts - Default OSC 52 TUI clipboard writes on (still user-toggleable) - Treat Grok as image-attachment capable - Parse ~/.grok/.../chat_history.jsonl for native chat OSC 52 clipboard *query* remains ignored by design (host clipboard exfil risk); xAI docs only require OSC 52 write for remote copy. * fix(grok): sync OSC 52 docs and locale catalog with default-on Update terminalAllowOsc52Clipboard type docs for the true default, and refresh locale strings so settings UI mentions Grok alongside other TUIs. * fix(grok): tool hook matcher, StopFailure, previews, AskUser waiting Grok tool-event matchers are real regexes; bare `*` failed as match-all. Install `.*` for Pre/Post tool hooks, add StopFailure for API-error ends, recognize Grok-native tool input keys, and map ask_user_question PreToolUse to waiting with interactivePrompt (Kimi-style live card path). * fix(grok): resolve chat_history under GROK_HOME and long-cwd layouts Centralize Grok session path helpers so hooks and native-chat honor GROK_HOME and find chat_history.jsonl by session id when the cwd group is slug-encoded (encoded name > 255 bytes) instead of only encodeURIComponent(cwd). * fix(terminal): keep Kitty keyboard for Grok on Windows ConPTY Local Windows ConPTY withholds KKP so CSI-u-blind CLIs (e.g. Antigravity) keep Enter/nav working (#2434). Grok needs KKP for Ctrl+Enter interject and modified-Enter newline chords; blanking the advertisement for Orca-launched Grok left those actions broken. - Prefer KKP when tuiAgent is grok despite ConPTY withhold - Wire launchAgent from tab/startup into keyboard protocol options * fix(grok): restore OSC52 default-off, split decoders, honor GROK_HOME hooks - Keep terminalAllowOsc52Clipboard default false (clipboard exfil risk) - Split transcript-line-decoders under max-lines without suppressions - Install local Grok hooks under resolveGrokHomeDir() / GROK_HOME * refactor(grok): share CLI home resolution * fix(grok): harden terminal and native chat integration * test(grok): align CI coverage with native chat support --------- Co-authored-by: Jinwoo Hong <73622457+Jinwoo-H@users.noreply.github.com>
…se layouts (#8031) * fix(terminal): forward Option hotkeys to kitty-keyboard TUIs on compose layouts On macOS layouts where Option composes characters (ABC and all non-US, the effective default), pressing Option+P in a TUI that negotiated the kitty keyboard protocol made xterm's kitty encoder report the composed codepoint (alt+pi, CSI 960;3u) instead of the physical key (alt+p, CSI 112;3u). No TUI binds the composed form, so agent hotkeys like OMP's Alt+P / Alt+M neither fired nor typed anything. Fix: mirror each pane's application-negotiated kitty flags with a scan-based tracker fed only from PTY output (immune to Orca's defensive renderer-side kitty resets on Ctrl+C interrupts and reattach), and have the terminal shortcut policy encode Option chords as kitty CSI-u from the physical key when the pane's app opted in. Dead keys stay exempt so Option composition still works, and panes without kitty negotiation (shells) are unchanged. Alt+Arrow / Alt+Backspace now defer to xterm's native kitty encoding in kitty panes instead of the legacy readline translations. The daemon's headless emulator tracks the same flags and re-arms them via the snapshot rehydrate preamble (CSI = flags ; 1 u), so the behavior survives window reloads and reattaches; PTY exit and cold restore reset the mirror. Validated byte-for-byte against a real omp 16.3.15 in a pty: the policy's emitted CSI-u opens the temporary-model selector (Alt+P) and agent hub (Alt+A), identical to the legacy ESC-prefixed forms it parses. * fix(terminal): harden kitty Option-chord mirror for soft resets, replay redelivery, and non-QWERTY layouts Three review findings on the kitty keyboard mirror, each verified against a live omp 16.3.15 pty session using the real production modules: - DECSTR: xterm's soft reset (CSI ! p) clears its kitty flags and stacks for both screens without switching buffers; the tracker now mirrors that, so a soft-resetting TUI stops receiving kitty-encoded Option chords. - Replay redelivery: relay reconnects can redeliver the retained replay window, and each scan of the app's one-time CSI > u push grew the mirrored stack while the renderer's post-replay reset drained xterm's copy. The TUI's single exit pop (omp emits a bare CSI < u on quit) then landed on a stale frame, leaving Option+B/F/D kitty-encoded in a plain shell. Replay paths now scan with scanReplay(), which applies pushes as idempotent sets so redelivery cannot grow the stack; the live-output funnel and the daemon's once-per-byte emulator keep full stack semantics. - Layout-correct base keys: kitty CSI-u reports must carry the key's unshifted codepoint in the active layout, but the encoder resolved it from a US-QWERTY physical-code table — on Dvorak/Colemak/AZERTY-class layouts (exactly the population whose effective Option-as-Alt default activates this path) the wrong key's chord fired, e.g. Colemak Option+P sent alt+r. A new keyboard-layout module caches Chromium's KeyboardLayoutMap (fetched at terminal setup and on focus-in, like the option-as-alt probe) and the policy resolves through it before the US fallback. Verified live: the layout-resolved bytes open omp's model selector; the US-table bytes do not. * fix(terminal): reset kitty mirror on fresh spawn to cover replaced-PTY late exits The exit handler resets the per-pane kitty keyboard mirror, but a late exit from a replaced PTY takes the stale-transport early return and skips it — so a restart-in-place could leak the old TUI's kitty flags into the fresh shell, kitty-encoding Option chords the shell cannot parse. A fresh spawn is by definition a new process with kitty state at zero, so startFreshSpawn now resets the reused tracker itself, alongside the other per-pane mode state it already clears. Reattach paths are untouched, so a live TUI's mirrored flags still survive reconnects. --------- Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
* Show agent session history on mobile Bring the desktop "Agent Session History" panel to Orca Mobile as a per-worktree screen: browse past agent transcript sessions across the host with scope tabs (Workspace/Project/All), search, grouping, session cards, and tap-to-read message previews. The transcript scan previously ran only over Electron IPC, so mobile could not reach it. Expose it over the runtime RPC protocol mobile already speaks (aiVault.listSessions) so the scan runs on whichever host owns the transcripts — correct for local and SSH/remote hosts. Both the desktop IPC handler and the new RPC method share one cache, so opening the desktop panel and the mobile screen never double-scan. The pure filter/group/display logic is lifted into /shared (the renderer re-exports it) so the standalone mobile package can reuse it. Mobile narrows scoped tabs client-side by cwd path-prefix because the host scan treats scope paths as a widening union. Resume-from-mobile is intentionally a follow-up. * Fix mobile agent history list rendering and RPC authorization - Authorize aiVault.listSessions in the mobile RPC allowlist so the mobile client's call is not rejected before dispatch (without this the screen could never load sessions at runtime). - Name each SectionList section's rows `data` (the field React Native reads) instead of `cards`, fixing a type error and silent empty-section rendering. * Address review feedback on agent session history - Match quoted repo:/path: search operator values so labels and paths with spaces match (e.g. path:"/Users/ada/My Project"). - Hold a scoped tab in loading until the worktree list resolves instead of firing an unscoped fetch that briefly shows unrelated host history; proceed once loaded even if the worktree is absent (no stuck spinner). - Clear cached host capabilities on disconnect/host-switch and failed status.get so a capability-gated action can't linger for a host that doesn't support it. - Cover the real OrcaRuntimeService codex-home forwarding path and the quoted-operator parser with tests. * Hide redundant mobile current worktree badges Co-authored-by: Orca <help@stably.ai> * Resume agent sessions from mobile history (#6969) Co-authored-by: Orca <help@stably.ai> * Adapt merged seams to main's lint and reply-sender hardening Co-authored-by: Orca <help@stably.ai> * Cap mobile project-scope paths to the aiVault RPC bound Co-authored-by: Orca <help@stably.ai> * Share the aiVault scopePaths bound between the RPC schema and mobile Co-authored-by: Orca <help@stably.ai> * Guard shared AI Vault inflight cleanup against concurrent key replacement The extracted cache module's .finally() cleared inflight tracking unconditionally, dropping the if (inflightKey === key) guard its sibling outer cache kept: an older scan resolving after a different-key scan replaced the tracking would null the newer scan's dedup slot, so a re-request started a duplicate transcript rescan. Mirrors the sibling guard; the regression test flushes a macrotask so a reverted guard fails fast on the call count instead of hanging. Co-authored-by: Orca <help@stably.ai> * Harden aiVault.listSessions contract and gate mobile header entry on capability - Clamp scopePaths (64) instead of rejecting, cap limit at 2000, and make executionHostId optional so mobile can omit it; restamp per caller. - Retain successful mobile terminal-create mutation ids for 60s so resume retries dedupe after transient socket drops. - Gate the session-header Agent History action on the aiVault.v1 capability (mirrors the host-list action) so old hosts never show a dead-end entry. - Fix stale contract comments (scopePaths clamp semantics; filters move includes quoted repo:/path: operator parsing). * Add subagent field to session test fixtures after #7423 merge AiVaultSession.subagent became required on main; the five fixtures added on this branch predate it. Top-level scanned sessions carry null. --------- Co-authored-by: Orca <help@stably.ai> Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
Co-authored-by: Orca <help@stably.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )