Skip to content

[pull] main from stablyai:main#30

Merged
pull[bot] merged 16 commits into
CrazyForks:mainfrom
stablyai:main
Jul 10, 2026
Merged

[pull] main from stablyai:main#30
pull[bot] merged 16 commits into
CrazyForks:mainfrom
stablyai:main

Conversation

@pull

@pull pull Bot commented Jul 10, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Jinwoo-H and others added 16 commits July 10, 2026 08:26
Co-authored-by: Orca <help@stably.ai>
* fix(browser): auto-grant pointerLock permission

Orca's browser deny-by-defaults Chromium permission requests unless the
permission is in AUTO_GRANTED_BROWSER_PERMISSIONS. pointerLock is not in
that set, so immersive web apps (3D editors, FPS-style games) that call
requestPointerLock() get a confusing toast:

  "<url> asked for pointer lock, and Orca denied it."

with no in-app toggle to allow it.

Add 'pointerLock' to the auto-grant set. This mirrors the resolution of
the identical persistent-storage denial in #4801 / #4849. Chromium still
requires a user gesture before requestPointerLock() can engage, so this
only lifts Orca's application-level gate — it does not bypass the spec's
user-activation requirement.

* test(browser): cover pointer lock permission paths

Co-authored-by: Orca <help@stably.ai>

---------

Co-authored-by: Jinwoo-H <jinwoo0825@gmail.com>
Co-authored-by: Orca <help@stably.ai>
* fix(browser): allow trusted embedded popup windows

* fix(browser): harden embedded popup windows

Co-authored-by: Orca <help@stably.ai>

---------

Co-authored-by: Jinwoo-H <jinwoo0825@gmail.com>
Co-authored-by: Orca <help@stably.ai>
…e resets (permanent frozen panes) (#8034)

* fix(terminal): reset PTY delivery accounting across renderer lifecycle resets (frozen panes)

Panes froze permanently because main's PTY->renderer flow control leaked
its unacked in-flight byte counters and pending backlog across renderer
reloads/crashes: the lifecycle reset cleared only visibility hints, daemon
PTYs outlive the page, and the new page never acks the dead page's bytes,
so any pty with >=512KB unacked at reload time was delivery-gated forever
(proven by dev repro: counter pinned at exactly 524288; one manual ackData
of the leaked bytes instantly unfroze the pane).

Fix: (1) zero in-flight counters + pending backlog on every main-frame
renderer lifecycle reset (panes rebuild losslessly from main's
authoritative snapshot on reattach); (2) hold PTY sends until the new
page's pty:data listener signals ready (pty:rendererDispatcherReady), so
boot-window output accrues in the capped backlog instead of being
counted-but-dropped; (3) 10s self-heal watchdog + reconcile-on-handshake
backstop so a missed reset (subframe-overlapped reload emits no
did-start-loading) or lost handshake can never itself freeze delivery;
(4) derive the active-renderer-pty report reactively so in-place rebinds
keep the interactive reserve; (5) expose reset/gate state in the delivery
debug snapshot for future diagnosis.

Adds an experimental reliability gate
(pty-delivery.renderer-lifecycle-accounting-reset) with red/green-proven
regression tests for each branch of the fix.

* chore(reliability-gates): link PR #8034 as the gate's motivating fix

* fix(terminal): sender-guard the dispatcher-ready handshake; fix WSL gate wording

CodeRabbit: the reconcile backstop destructively clears delivery
accounting, so a straggler pty:rendererDispatcherReady from a dying
window's webContents must not reset the new window — reuse the pty:write
main-window sender check (+ regression test). Also resolve the
contradictory WSL coverage claim in the reliability gate notes (WSL rides
the same local/daemon pipeline; mobile/relay and SSH are separate paths).
* fix(jira): group Jira issues by status in task page

Generated with [Devin](https://devin.ai)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* feat(jira): order grouped statuses by agile board columns configuration

* test(jira): add comprehensive tests for Jira issue grouping functionality

Add test coverage for the new Jira issue grouping features including:
- Grouping issues by status name
- Sorting sections by agile board column configuration
- Falling back to alphabetical sorting when no board config exists
- Collapsed groups state management
- Filtering issues based on collapsed state
- Backend tests for getProjectStatuses API with various scenarios

Generated with [Devin](https://devin.ai)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* test(jira): add backend tests for getProjectStatuses and RPC routing

Add test coverage for the new getProjectStatuses backend functionality:
- Returns empty array when no clients are available
- Returns statuses from project statuses API when no board configuration exists
- Orders statuses by agile board column configuration when available
- Handles missing status IDs gracefully by falling back to unordered list
- Clears token on auth errors
- Returns empty array on operational errors
- RPC routing for jira.getProjectStatuses method

Generated with [Devin](https://devin.ai)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

* fix(jira): harden status grouping

---------

Co-authored-by: Andres Van Reepingen <andres.vanreepingen@datacamp.com>
Co-authored-by: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Jinjing <6427696+AmethystLiang@users.noreply.github.com>
* fix(status-bar): keep antigravity usage visible

* feat(rate-limits): add Grok usage status

* feat(grok): add managed usage accounts

* test(rate-limits): isolate Codex PTY fallback fetches

* fix(grok): address CodeRabbit review on usage status PR

- Guard auth.json read/parse so missing files return null
- Thread AbortSignal through Grok rate-limit fetch and ACP auth
- Pass isRemote:false for floating-terminal agent launch env

* fix(grok): wire ACP abort after child listeners to avoid TDZ

* fix(status-bar): address CodeRabbit on combined Grok/Antigravity usage

- Pin WSL shell distro when resolving managed GROK_HOME (parity with Codex)
- Refresh only Grok on account change via fetchGrokOnly
- Consolidate usage status-bar toggle catalogs; add Grok locale keys
- Fix Grok aria-label, feature-interaction tracking, and test fixture

* fix(settings): drop duplicate usage status-bar toggle catalog

Remove the leftover re-export path so Appearance search has a single
source of truth for usage provider toggles (including Antigravity + Grok).

* fix(settings): restore AccountsPane and locale UTF-8 after merge

Re-do AccountsPane three-way merge with binary-safe git objects and keep
both Grok accounts + remote provider client imports. Rebuild locale JSON
merges so em dash/ellipsis/middle-dot strings are no longer mojibake.

* fix(i18n): add missing comma after merged status-bar locale keys

* test: add antigravity to GrokUsagePane rate-limit fixture

RateLimitState gained a required antigravity field; the pane fixture must
carry it to typecheck.

* fix(status-bar): gate Antigravity durable visibility on Gemini OAuth opt-in

The Antigravity snapshot mirrors the Gemini fetch, which is permanently
'unavailable' until the user opts into Gemini CLI OAuth. Without this gate
the default-on checked item plus a detected agy CLI pinned a dead 'A --'
bar (Gemini itself hides in that state) and suppressed the usage setup CTA
for users who configured nothing.

---------

Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
* fix(grok): restore clipboard and native-chat parity

Grok CLI already supports argv prompts, OSC 52 copy, and image paste chips.
Orca was blocking those paths: stdin-after-start keystroke injection, OSC 52
writes default-off, image-attachment denylist, and native-chat allowlist.

- Launch Grok with positional argv prompts
- Default OSC 52 TUI clipboard writes on (still user-toggleable)
- Treat Grok as image-attachment capable
- Parse ~/.grok/.../chat_history.jsonl for native chat

OSC 52 clipboard *query* remains ignored by design (host clipboard exfil risk);
xAI docs only require OSC 52 write for remote copy.

* fix(grok): sync OSC 52 docs and locale catalog with default-on

Update terminalAllowOsc52Clipboard type docs for the true default, and
refresh locale strings so settings UI mentions Grok alongside other TUIs.

* fix(grok): tool hook matcher, StopFailure, previews, AskUser waiting

Grok tool-event matchers are real regexes; bare `*` failed as match-all.
Install `.*` for Pre/Post tool hooks, add StopFailure for API-error ends,
recognize Grok-native tool input keys, and map ask_user_question PreToolUse
to waiting with interactivePrompt (Kimi-style live card path).

* fix(grok): resolve chat_history under GROK_HOME and long-cwd layouts

Centralize Grok session path helpers so hooks and native-chat honor
GROK_HOME and find chat_history.jsonl by session id when the cwd group
is slug-encoded (encoded name > 255 bytes) instead of only
encodeURIComponent(cwd).

* fix(terminal): keep Kitty keyboard for Grok on Windows ConPTY

Local Windows ConPTY withholds KKP so CSI-u-blind CLIs (e.g. Antigravity)
keep Enter/nav working (#2434). Grok needs KKP for Ctrl+Enter interject and
modified-Enter newline chords; blanking the advertisement for Orca-launched
Grok left those actions broken.

- Prefer KKP when tuiAgent is grok despite ConPTY withhold
- Wire launchAgent from tab/startup into keyboard protocol options

* fix(grok): restore OSC52 default-off, split decoders, honor GROK_HOME hooks

- Keep terminalAllowOsc52Clipboard default false (clipboard exfil risk)
- Split transcript-line-decoders under max-lines without suppressions
- Install local Grok hooks under resolveGrokHomeDir() / GROK_HOME

* refactor(grok): share CLI home resolution

* fix(grok): harden terminal and native chat integration

* test(grok): align CI coverage with native chat support

---------

Co-authored-by: Jinwoo Hong <73622457+Jinwoo-H@users.noreply.github.com>
…se layouts (#8031)

* fix(terminal): forward Option hotkeys to kitty-keyboard TUIs on compose layouts

On macOS layouts where Option composes characters (ABC and all non-US, the
effective default), pressing Option+P in a TUI that negotiated the kitty
keyboard protocol made xterm's kitty encoder report the composed codepoint
(alt+pi, CSI 960;3u) instead of the physical key (alt+p, CSI 112;3u). No TUI
binds the composed form, so agent hotkeys like OMP's Alt+P / Alt+M neither
fired nor typed anything.

Fix: mirror each pane's application-negotiated kitty flags with a scan-based
tracker fed only from PTY output (immune to Orca's defensive renderer-side
kitty resets on Ctrl+C interrupts and reattach), and have the terminal
shortcut policy encode Option chords as kitty CSI-u from the physical key
when the pane's app opted in. Dead keys stay exempt so Option composition
still works, and panes without kitty negotiation (shells) are unchanged.
Alt+Arrow / Alt+Backspace now defer to xterm's native kitty encoding in
kitty panes instead of the legacy readline translations.

The daemon's headless emulator tracks the same flags and re-arms them via
the snapshot rehydrate preamble (CSI = flags ; 1 u), so the behavior
survives window reloads and reattaches; PTY exit and cold restore reset the
mirror.

Validated byte-for-byte against a real omp 16.3.15 in a pty: the policy's
emitted CSI-u opens the temporary-model selector (Alt+P) and agent hub
(Alt+A), identical to the legacy ESC-prefixed forms it parses.

* fix(terminal): harden kitty Option-chord mirror for soft resets, replay redelivery, and non-QWERTY layouts

Three review findings on the kitty keyboard mirror, each verified against a
live omp 16.3.15 pty session using the real production modules:

- DECSTR: xterm's soft reset (CSI ! p) clears its kitty flags and stacks for
  both screens without switching buffers; the tracker now mirrors that, so a
  soft-resetting TUI stops receiving kitty-encoded Option chords.

- Replay redelivery: relay reconnects can redeliver the retained replay
  window, and each scan of the app's one-time CSI > u push grew the mirrored
  stack while the renderer's post-replay reset drained xterm's copy. The
  TUI's single exit pop (omp emits a bare CSI < u on quit) then landed on a
  stale frame, leaving Option+B/F/D kitty-encoded in a plain shell. Replay
  paths now scan with scanReplay(), which applies pushes as idempotent sets
  so redelivery cannot grow the stack; the live-output funnel and the
  daemon's once-per-byte emulator keep full stack semantics.

- Layout-correct base keys: kitty CSI-u reports must carry the key's
  unshifted codepoint in the active layout, but the encoder resolved it from
  a US-QWERTY physical-code table — on Dvorak/Colemak/AZERTY-class layouts
  (exactly the population whose effective Option-as-Alt default activates
  this path) the wrong key's chord fired, e.g. Colemak Option+P sent alt+r.
  A new keyboard-layout module caches Chromium's KeyboardLayoutMap (fetched
  at terminal setup and on focus-in, like the option-as-alt probe) and the
  policy resolves through it before the US fallback. Verified live: the
  layout-resolved bytes open omp's model selector; the US-table bytes do not.

* fix(terminal): reset kitty mirror on fresh spawn to cover replaced-PTY late exits

The exit handler resets the per-pane kitty keyboard mirror, but a late exit
from a replaced PTY takes the stale-transport early return and skips it —
so a restart-in-place could leak the old TUI's kitty flags into the fresh
shell, kitty-encoding Option chords the shell cannot parse. A fresh spawn
is by definition a new process with kitty state at zero, so startFreshSpawn
now resets the reused tracker itself, alongside the other per-pane mode
state it already clears. Reattach paths are untouched, so a live TUI's
mirrored flags still survive reconnects.

---------

Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
* Show agent session history on mobile

Bring the desktop "Agent Session History" panel to Orca Mobile as a
per-worktree screen: browse past agent transcript sessions across the
host with scope tabs (Workspace/Project/All), search, grouping, session
cards, and tap-to-read message previews.

The transcript scan previously ran only over Electron IPC, so mobile
could not reach it. Expose it over the runtime RPC protocol mobile
already speaks (aiVault.listSessions) so the scan runs on whichever host
owns the transcripts — correct for local and SSH/remote hosts. Both the
desktop IPC handler and the new RPC method share one cache, so opening
the desktop panel and the mobile screen never double-scan.

The pure filter/group/display logic is lifted into /shared (the renderer
re-exports it) so the standalone mobile package can reuse it. Mobile
narrows scoped tabs client-side by cwd path-prefix because the host scan
treats scope paths as a widening union.

Resume-from-mobile is intentionally a follow-up.

* Fix mobile agent history list rendering and RPC authorization

- Authorize aiVault.listSessions in the mobile RPC allowlist so the
  mobile client's call is not rejected before dispatch (without this the
  screen could never load sessions at runtime).
- Name each SectionList section's rows `data` (the field React Native
  reads) instead of `cards`, fixing a type error and silent empty-section
  rendering.

* Address review feedback on agent session history

- Match quoted repo:/path: search operator values so labels and paths
  with spaces match (e.g. path:"/Users/ada/My Project").
- Hold a scoped tab in loading until the worktree list resolves instead
  of firing an unscoped fetch that briefly shows unrelated host history;
  proceed once loaded even if the worktree is absent (no stuck spinner).
- Clear cached host capabilities on disconnect/host-switch and failed
  status.get so a capability-gated action can't linger for a host that
  doesn't support it.
- Cover the real OrcaRuntimeService codex-home forwarding path and the
  quoted-operator parser with tests.

* Hide redundant mobile current worktree badges

Co-authored-by: Orca <help@stably.ai>

* Resume agent sessions from mobile history (#6969)

Co-authored-by: Orca <help@stably.ai>

* Adapt merged seams to main's lint and reply-sender hardening

Co-authored-by: Orca <help@stably.ai>

* Cap mobile project-scope paths to the aiVault RPC bound

Co-authored-by: Orca <help@stably.ai>

* Share the aiVault scopePaths bound between the RPC schema and mobile

Co-authored-by: Orca <help@stably.ai>

* Guard shared AI Vault inflight cleanup against concurrent key replacement

The extracted cache module's .finally() cleared inflight tracking
unconditionally, dropping the if (inflightKey === key) guard its sibling
outer cache kept: an older scan resolving after a different-key scan
replaced the tracking would null the newer scan's dedup slot, so a
re-request started a duplicate transcript rescan. Mirrors the sibling
guard; the regression test flushes a macrotask so a reverted guard fails
fast on the call count instead of hanging.

Co-authored-by: Orca <help@stably.ai>

* Harden aiVault.listSessions contract and gate mobile header entry on capability

- Clamp scopePaths (64) instead of rejecting, cap limit at 2000, and make
  executionHostId optional so mobile can omit it; restamp per caller.
- Retain successful mobile terminal-create mutation ids for 60s so resume
  retries dedupe after transient socket drops.
- Gate the session-header Agent History action on the aiVault.v1 capability
  (mirrors the host-list action) so old hosts never show a dead-end entry.
- Fix stale contract comments (scopePaths clamp semantics; filters move
  includes quoted repo:/path: operator parsing).

* Add subagent field to session test fixtures after #7423 merge

AiVaultSession.subagent became required on main; the five fixtures added on
this branch predate it. Top-level scanned sessions carry null.

---------

Co-authored-by: Orca <help@stably.ai>
Co-authored-by: Brennan Benson <brennanbenson@Brennans-MacBook-Pro.local>
Co-authored-by: Orca <help@stably.ai>
@pull pull Bot locked and limited conversation to collaborators Jul 10, 2026
@pull pull Bot added the ⤵️ pull label Jul 10, 2026
@pull pull Bot merged commit 03a6737 into CrazyForks:main Jul 10, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants