733 Commits

Author	SHA1	Message	Date
fullstack-engineer	2be87e66a9	Add container config tab skeleton	2026-05-22 23:32:47 -07:00
fullstack-engineer	cb22373549	Add display unavailable surface	2026-05-22 22:42:08 -07:00
core-fe	5455ddefe2	feat(canvas): surface current org name/slug/UUID in Settings panel ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 23:27:58 +00:00
core-fe	80d517b8ab	fix(canvas): external/MCP workspace progress UX — surface poll-mode queued state (task #227) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:59:38 +00:00
core-fe	55fa44571e	fix(canvas): polite tasks/cancel before /workspaces/:id/restart for Stop All (task #377 companion) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:57 +00:00
core-fe	676f9a033b	fix(canvas/chat): A2A hints point at Activity tab (closeout internal#212) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:51 +00:00
infra-runtime-be	5c989fef2f	feat(uploads): bump cap to 100MB + correct-reason error messages ... CTO 2026-05-19 directive on forensic a99ab0a1 (reno-stars >50MB upload that surfaced "signal timed out" when the real cause was file-size + a fixed 60s client timeout): "if its file size issue, should have error that instead saying timeout which is wrong" Bundles the cap raise + the wrong-reason fix in ONE PR because the two are coupled — bumping the server alone would still leak the fixed-60s timeout for legitimate slow uploads; fixing the client alone would 413 every >50MB attempt. Server (push-mode, EC2 workspace): - workspace-server/internal/handlers/chat_files.go: chatUploadMaxBytes 50→100 MB httpClient.Timeout 120→1200 s (matches the new slow-uplink budget) - workspace/internal_chat_uploads.py: CHAT_UPLOAD_MAX_BYTES 50→100 MB CHAT_UPLOAD_MAX_FILE_BYTES 25→100 MB (aligned with total so a single legitimate large file succeeds end-to-end) Canvas: - canvas/src/components/tabs/chat/uploads.ts: MAX_UPLOAD_BYTES 100 MB constant + FileTooLargeError class pre-flight gate: file-size violation throws BEFORE any fetch, with the actionable "File too large (got X MB) — limit is 100MB" computeUploadTimeoutMs: 60s floor + 100 KB/s scaled deadline (was a fixed 60s — the root cause of the forensic) - canvas/src/components/tabs/chat/hooks/useChatSend.ts: mapUploadErrorToReason: routes each cause to ITS OWN message (FileTooLargeError | TimeoutError | server-Error | fallback) no conflation between file-size and connection-too-slow Tests: - workspace-server chat_files_test.go: pins 100 MB constant, asserts sub-cap forwards + over-cap non-2xx - canvas uploads.cap.test.ts (10 cases): pre-flight gate, exact-cap edge, scaled-timeout curve, server-413 propagation, AbortSignal shape — explicit negative on "TimeoutError ≠ FileTooLargeError" - canvas useChatSend.errorReason.test.ts (5 cases): per-cause message contract, explicit negatives that guard against the wrong-reason conflation Test harness mirror: - tests/harness/cf-proxy/nginx.conf: client_max_body_size 50m→100m (this is the harness mirror; the production CF / nginx tier is out-of-repo. If prod still caps at 50m, this mirror passes while prod 413s — surface to ops.) Follow-up (SSOT, NOT in this PR): The 100 MB constant now lives in THREE mirror sites (canvas TS + workspace Python + platform Go). Per feedback_no_single_source_of_truth, the proper fix is exposing the cap via GET /uploads/limits so the client fetches the live value. Filing as a separate issue. References: - task #295 (internal tracker; CTO-authorized this work) - forensic a99ab0a1 (reno-stars 2026-05-19) - feedback_surface_actionable_failure_reason_to_user (CTO 2026-05-17) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-19 20:23:04 -07:00
hongming	acc149e18e	Merge pull request 'fix(canvas/chat): surface actionable error reason in chat banner + link to Activity tab (internal#212)' (#1550) from fix/canvas-surface-error-detail into main	2026-05-19 01:56:12 +00:00
core-devops	44affbde24	fix(canvas/chat): surface actionable error reason in chat banner + link to Activity tab (internal#212) ... The chat error banner used to render the hardcoded "Agent error (Exception) — see workspace logs for details." string regardless of what the workspace runtime actually reported, and the "workspace logs" reference pointed at a tab that does not exist (there is no separate Logs tab in the side panel — the Activity tab is the workspace-logs surface). Per CTO feedback on internal#211 / #212: "the user can only act if they can see why." useChatSocket now forwards the new ACTIVITY_LOGGED.error_detail field (introduced server-side in the matching ws-server PR) into onSendError. When present, the canvas shows the secret-safe reason verbatim (provider HTTP status + error code + human-readable message); when absent — older ws-server build — it gracefully degrades to the legacy boilerplate so we never silently swallow a failure. A new ChatErrorBanner component renders the banner with a working "View activity log" button that fires setPanelTab("activity"), turning the dangling "see workspace logs" pointer into a real affordance. The existing offline-Restart button is preserved. Tests pin: hook forwards detail when present, falls back when absent, ignores cross-workspace error events; banner renders the actionable text, falls back to legacy message when that is all we have, button navigates to Activity tab, Restart preserved when offline, null message renders nothing. Refs: internal#212, feedback_surface_actionable_failure_reason_to_user	2026-05-18 17:39:09 -07:00
core-devops	82a6cf42cd	feat(canvas): homepage SEO for marketing launch (mc#1486) ... Adds the standard Next.js App-Router SEO surface to the canvas landing so the marketing push has crawlable metadata + structured data on day one. What landed: - layout.tsx — Metadata API: title.template, description, keywords, canonical, metadataBase, OG/Twitter text fields, robots index:true. JSON-LD @graph (Organization + WebSite + SoftwareApplication) injected with the per-request CSP nonce. - robots.ts — allow public marketing routes (/, /pricing, /blog), disallow /orgs, /api/, /cp/, /checkout/; declares sitemap + canonical host. - sitemap.ts — apex + pricing + live blog post; authed routes excluded by construction. - opengraph-image.tsx — segment-level dynamic OG card via next/og ImageResponse (1200x630); no static binary blob. - __tests__/seo-routes.test.ts — pins the crawler contract (10 cases) so a future refactor can't silently flip the marketing surface to noindex or drop the sitemap. Out of scope (per issue): design copy, hero rewrite, Lighthouse CWV tuning. Those are CTO/marketing inputs and a separate ticket. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 16:47:03 -07:00
devops-engineer	ebf88a469f	Merge pull request 'fix(canvas/socket): wake WebSocket on visibilitychange / pageshow (#223 / #228)' (#1530) from fix/canvas-ws-visibility-reconnect into main	2026-05-18 23:20:48 +00:00
core-fe	c2110c799d	fix(canvas/socket): wake WebSocket on visibilitychange / pageshow ... Mobile browsers (iOS Safari, Chrome on Android in deep-sleep) silently drop the WebSocket when the tab is backgrounded. The in-page `onclose` fires very late or never, so the reconnect backoff never schedules — the canvas appears frozen until the user manually refreshes. Symptoms: - #223 mobile canvas chat has no real-time updates (must refresh) - #228 cross-device: user's own chat input doesn't broadcast to other sessions in real time (must refresh) Root cause: `canvas/src/store/socket.ts` had no visibility-wake. The reconnect loop only re-arms on `onclose`, and mobile OSes don't always fire `onclose` when they kill the WS. Fix: - Add `ReconnectingSocket.wake()` — forces an immediate reconnect when the socket is in CLOSED / CLOSING / null limbo, no-op when OPEN or CONNECTING. Pre-empts any pending backoff timer and resets the attempt counter (this was a user-initiated wake, not an unattended-tab failure cascade). - Wire a module-level `visibilitychange` + `pageshow` listener inside `connectSocket()`; remove it in `disconnectSocket()`. `pageshow` covers Safari's bfcache restore where `visibilitychange` doesn't fire on its own. - Export `wakeSocket()` so the test suite can exercise the path without depending on a jsdom DOM (the existing socket.test.ts runs under the `node` environment). Tests (5 new cases under `wakeSocket → reconnect`): - wake on OPEN: no new WS - wake on CLOSED: new WS created (the #223 fix) - wake on CONNECTING: no extra handshake piled on - wake cancels pending backoff `setTimeout` - wake after `disconnectSocket()` is a no-op (no zombie) Closes #223 Closes #228	2026-05-18 14:37:56 -07:00
core-fe	679d86a9be	fix(mobile): bump focused-input font-size to 16px (kills iOS focus-zoom) ... iOS Safari and PWAs auto-zoom the viewport when a focused input or textarea has a computed font-size below 16px. Two mobile-canvas inputs were below that bound, causing the layout to jump and look broken on focus until the user pinched back: - MobileSpawn.tsx agent-name input (fontSize: 13.5) — #225 - MobileChat.tsx composer textarea (fontSize: 14.5) — #224 Both bumped to 16px (the minimum that suppresses focus-zoom). This is the same class of bug as desktop #1434, scoped here to the mobile breakpoint. Tests: - MobileSpawn.test: assert agent-name input renders at fontSize >= 16 - MobileChat.test: assert composer textarea renders at fontSize >= 16 Both parse the inline style.fontSize (jsdom has no layout engine, so getComputedStyle reports the inline value verbatim). Closes #224 Closes #225	2026-05-18 14:34:58 -07:00
hongming	e27f0747f2	Merge pull request 'fix(canvas): add role=alert aria-live=assertive to AgentAbilitiesSection error (WCAG 4.1.3)' (#1518) from fix/agent-abilities-aria-alert into main	2026-05-18 21:28:04 +00:00
hongming	a1c09f6a76	Merge pull request 'fix(canvas): add focus-visible to OrgTokensTab and TokensTab enabled buttons' (#1416) from design/settings-button-focus-v2 into main	2026-05-18 20:14:48 +00:00
hongming	470bf7b50a	Merge pull request 'fix(canvas): add role=alert aria-live=assertive to ConfigTab error divs (WCAG 4.1.3)' (#1504) from fix/canvas-configtab-wcag-alert-v2 into main	2026-05-18 19:28:06 +00:00
hongming	48f960db38	Merge pull request 'fix(canvas/tabs): add role=alert + aria-live=assertive to tab error states (WCAG 4.1.3)' (#1465) from fix/tabs-error-aria-alert into main	2026-05-18 18:36:29 +00:00
hongming	e68746b521	Merge pull request 'fix(canvas): add role=status + aria-live=polite to loading + empty states (WCAG 4.1.3)' (#1461) from fix/canvas-loading-aria-live into main	2026-05-18 18:35:28 +00:00
hongming	780d86eddc	Merge pull request 'fix(canvas): add role=alert + aria-live=assertive to error states (WCAG 4.1.3)' (#1463) from fix/canvas-errors-aria-alert into main	2026-05-18 18:34:35 +00:00
core-uiux	9c3fcafa1a	fix(canvas): add role=alert aria-live=assertive to AgentAbilitiesSection error ... Follow-up to PR #1504 (role=alert on ConfigTab error divs) — the AgentAbilitiesSection error div was in a separate render branch and was missed. WCAG 4.1.3 requires dynamic error messages to be announced by screen readers immediately. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 15:58:40 +00:00
core-fe	4978bd7e72	fix(canvas): add role=alert aria-live=assertive to ConfigTab error divs ... WCAG 4.1.3: two error divs in ConfigTab.tsx used text-bad styling without declaring themselves as live regions. Screen readers miss the error announcement. Fix: add role="alert" aria-live="assertive" to both error divs, matching the pattern applied in PRs #1463/#1465 by core-uiux for other tab components. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 12:15:53 +00:00
core-uiux	6c03c51a99	fix(canvas): WCAG 2.4.7 focus-visible on page.tsx buttons + add main landmark ... - Add focus-visible ring to three buttons missing it: - Mobile hydration error Retry button - Desktop hydration error Retry button - PlatformDownDiagnostic Reload button - Wrap <Canvas /> in <main aria-label="Agent canvas"> landmark (WCAG 1.3.1 — main content now has a proper landmark) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	cfcb7bf840	fix(canvas/chat): WCAG 2.4.7 focus-visible on AgentCommsPanel + AttachmentViews ... - AgentCommsPanel: add focus-visible ring + aria-label to Retry button (error state). Add focus-visible to CommsTab tab buttons. - AttachmentViews: add focus-visible ring + aria-label to Remove button (PendingAttachmentPill) and Download button (AttachmentChip). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	d9d93bb728	fix(canvas/settings): add focus-visible to secrets-tab refresh button (WCAG 2.4.7) ... The Refresh button inside the SecretsTab error state had no focus ring defined in CSS. Without it, keyboard-only users cannot determine which element has focus on that error screen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	eff258e46e	fix(canvas/ConfigTab): add aria-label to fallback model input (WCAG 1.3.1) ... The free-text model input (shown when /templates returns no models for the runtime) had a visual <label>Model</label> but the input lacked an id and the label lacked htmlFor — the association was purely visual. Added aria-label="Model" to make the name programmatically determinable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	19ec517a1d	fix(canvas/FilesTab): add aria-modal="false" to inline alertdialog confirm prompts (WCAG 4.1.2) ... The two FilesTab confirm dialogs (delete-all, delete-one) use role="alertdialog" but were missing aria-modal. These are inline in-page prompts without focus trapping — aria-modal="false" explicitly documents the non-modal nature so assistive technology knows the rest of the page remains interactive. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	545d7c4fb2	fix(canvas/mobile): WCAG 2.4.7 comprehensive focus-visible audit — all interactive buttons ... MobileChat: Back, More, tab-switch, retry, remove-file, attach, send buttons MobileSpawn: Close, template-select, tier-select, spawn buttons components: tab bar, workspace-card, radio-filter buttons MobileDetail: Back, More, tab-switch, chat-CTA buttons All previously lacked focus-visible rings (WCAG 2.4.7). Added emerald-500 ring with appropriate offset for light/dark mode. Retry button also gained aria-label. Template-select and tier-select gained descriptive aria-labels matching the broadcast-chat-wcag branch pattern. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	2ecd0de127	fix(canvas/mobile): WCAG 2.4.7 focus-visible rings — MobileHome spawn FAB, MobileMe accent swatches + theme toggle ... MobileHome: spawn FAB had no focus indicator — added emerald ring. MobileMe: accent color swatches (all 8 colors) and theme toggle buttons (Dark / Light / System) had no focus indicators — added emerald ring. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	783f293c91	fix(canvas/mobile): WCAG 2.4.7 focus-visible rings — MobileCanvas reset zoom + MobileComms filter buttons ... MobileCanvas: reset zoom button had no focus indicator — added focus-visible:ring-2 with emerald-500 ring (consistent with other mobile interactive elements in the same branch). MobileComms: filter toggle buttons (All / Errors) had no focus indicator — added focus-visible:ring-2 with emerald-500 ring. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	b446c080aa	fix(canvas/mobile): aria-label on MobileChat composer textarea and MobileSpawn name input (WCAG 1.3.1) ... MobileChat: composer textarea had no aria-label — added aria-label="Message". MobileSpawn: name input had no programmatic label — added aria-label="Agent name". Both inputs had visible text labels above them but no accessible-name association, violating WCAG 1.3.1 (info/structure relationships). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	fa8462883e	fix(canvas): aria-label on "Add new" secret form inputs (WCAG 4.1.2) ... The "Add new" section had two bare <input> elements with only placeholder text. Added aria-label="Secret key name" and aria-label="Secret value" — distinct from the per-row Field inputs that PR #1453 already fixed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	c9146884c5	fix(canvas): WCAG 1.3.1 + 4.1.3 follow-up accessibility fixes ... - MissingKeysModal.tsx: Add aria-label to both password inputs (inside map loops where entry.key is the accessible name source). WCAG 1.3.1 / 4.1.2. - AuditTrailPanel.tsx: Add role="status" aria-live="polite" to the loading state div. WCAG 4.1.3. - ConversationTraceModal.tsx: Add role="status" aria-live="polite" to both the loading state and empty state divs. WCAG 4.1.3. Found via systematic accessibility audit sweep of non-tab components. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	eba3a48342	fix(canvas): scope test selectors to panel testids (test regression) ... Tests in ExternalConnectModal.test.tsx used document.querySelector("pre") which returns the first pre in DOM order. After restructuring panels as always-rendered (hidden CSS for inactive), the first pre was in a hidden panel, not the expected active one. Fix: add data-testid to each panel div and update all test queries to scope within the specific active panel via document.querySelector("[data-testid='panel-...']"). All 18 tests pass. Build passes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	7f178778d5	fix(canvas): complete ARIA tab pattern for ExternalConnectModal (WCAG) ... - Add id=, aria-controls=, and tabIndex= to each role=tab button - Add id= and role=tabpanel + aria-labelledby= to each snippet panel - Restructure panels as always-rendered (hidden CSS) so aria-controls targets are stable — active panel has role=tabpanel, hidden panels are hidden with aria-hidden semantics via hidden attribute - Add ArrowRight/ArrowLeft/ArrowDown/ArrowUp + Home/End keyboard navigation for the tablist (ARIA tab pattern requirement) - Compute tabList once after filled* vars to share between tab bar and keyboard handler WCAG 4.1.3 (Name, Role, Value) — tab controls now have correct role, aria-selected, aria-controls, and keyboard navigation. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	d1664b3144	fix(canvas/tabs): add role=alert + aria-live=assertive to tab error states (WCAG 4.1.3) ... Error divs in EventsTab, TracesTab, ChannelsTab, DetailsTab (save/restart/delete), and ExternalConnectionSection now use role=alert so assistive technology announces each error immediately when it appears. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-fe	527b6ca36b	feat(canvas): always-visible Agent Abilities toggles in ConfigTab ... The broadcast_enabled and talk_to_user_enabled workspace abilities have complete, wired backends (commit 29b4bffb: workspace_abilities.go, workspace_broadcast.go, agent_message_writer.go) but no usable canvas control — so the CTO cannot see or toggle them from the canvas. - broadcast_enabled (default FALSE): no canvas control existed at all. - talk_to_user_enabled (default TRUE): only surfaced as the ChatTab recovery banner, which renders solely when the flag is false and is therefore invisible under the TRUE default. Adds an always-visible "Agent Abilities" section to ConfigTab with two on/off toggles bound to the existing PATCH /workspaces/:id/abilities endpoint (same call the ChatTab recovery banner uses), optimistic store updates via updateNodeData with rollback on failure, and server-truth reconciliation through the existing canvas-topology hydration. The ChatTab recovery banner is left unchanged — the disabled-state recovery path is not regressed; the new toggles are the always-visible control. Refs internal#510, internal#511. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 02:29:38 -07:00
hongming	a580926db5	fix(canvas): mobile chat render parity — Agent Comms + attachment previews (#231, #232) (#1443) ... Co-authored-by: hongming <hongmingwang@moleculesai.app> Co-committed-by: hongming <hongmingwang@moleculesai.app>	2026-05-18 03:50:39 +00:00
devops-engineer	5965f73b79	fix(merge): resolve logA2AReceiveQueued toward main (a92beb5d) per review 4483 ... core-devops review 4483 (REQUEST_CHANGES) correctly found the prior blanket keep-staging resolution reverted main-only a92beb5d (synchronous durable activity_logs INSERT before the queued 200 — the poll-mode 'lose my own message on chat exit' data-loss fix; staging never had it). This commit keeps MAIN's synchronous LogActivity(insCtx,...) form for the logA2AReceiveQueued conflict block, and STAGING's tracked-goAsync/asyncWG A2A P0 form for all other blocks (review confirmed those OK; 1c3b4ff3 and A2A P0 e740ffe2 not regressed). Regression test TestProxyA2A_PollMode_PersistsUserMessageSynchronouslyBeforeQueuedResponse is now GREEN. workspace-server handlers build + vet clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 02:28:03 +00:00
core-uiux	500789da69	fix(canvas/tabs): add role=alert + aria-live=assertive to tab error states (WCAG 4.1.3) ... Error divs in EventsTab, TracesTab, ChannelsTab, DetailsTab (save/restart/delete), and ExternalConnectionSection now use role=alert so assistive technology announces each error immediately when it appears. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 01:11:47 +00:00
core-uiux	a8e9b6177f	fix(canvas): add role=alert + aria-live=assertive to error states (WCAG 4.1.3) ... Screen readers were not announcing error messages in several canvas components. Each error div now uses role=alert so assistive technology announces the error immediately and assertively — without the user having to manually navigate to find the error. Fixed: ConfigTab, ScheduleTab, MissingKeysModal (per-entry + global), WorkspaceUsage. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 01:00:57 +00:00
core-uiux	8eafee5b74	fix(canvas): add role=status + aria-live=polite to loading + empty states (WCAG 4.1.3) ... Screen readers were not announcing loading or empty states in several canvas components. Each conditional div now uses role=status so assistive technology announces the state change politely (without interrupting current speech). Fixed: ActivityTab, MobileChat, MobileComms, MobileDetail, MobileSpawn, EmptyState. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 00:43:17 +00:00
devops-engineer	283ebd5b47	Merge pull request 'fix(canvas): make Settings→Secrets reveal honest (value is write-only)' (#1421) from fix/secrets-reveal-anthropic-internal into staging	2026-05-17 17:32:30 +00:00
devops-engineer	0655d5acf0	Merge pull request 'fix(canvas): Secrets "Test" reports honest error instead of fake "Connection timed out"' (#1424) from fix/secret-test-honest-error-internal-492 into staging	2026-05-17 17:00:05 +00:00
core-fe	3fc585b939	fix(canvas): Secrets "Test" reports honest error instead of fake "timed out" ... The Secrets test button calls POST ${PLATFORM_URL}/secrets/validate, a route that has never been implemented on the workspace-server router (router.go registers /secrets, /secrets/values, /settings/secrets, /admin/secrets — no /secrets/validate) nor on the Next.js canvas. Live probe: POST /secrets/validate → HTTP 404 in 0.28s (a fast 404, not a network timeout). request() throws ApiError(404); TestConnectionButton's bare `catch {}` swallowed it and unconditionally rendered the hardcoded string "Connection timed out. Service may be down." — factually wrong and indistinguishable from a real outage or a token rejection. Minimal fix (same "make the dead affordance honest" approach as the reveal control, internal#490 / PR#1421): bind the caught error and surface the real failure — distinguish "validation not available" (404/501), a non-404 server error (with status), and a genuine connectivity failure. No speculative server-side validate endpoint. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 07:38:29 -07:00
core-be	0d6b61bfff	fix(canvas): make Settings→Secrets reveal honest (value is write-only) ... The eye/RevealToggle in SecretRow was a dead affordance: it flipped a local `revealed` boolean but the row always rendered `masked_value` and never consumed it, so nothing was ever revealed. RevealToggle renders an eye-WITH-SLASH when revealed=true, so a clicked row looked "active" while showing nothing — read by users as "this doesnt work" (reported on CLAUDE_CODE_OAUTH_TOKEN / Anthropic group). Root cause is not Anthropic/OAuth/category-specific and not a server 4xx/5xx: secret values are write-only from the browser by design — the server List handler "Never exposes values", there is no per-secret decrypt route, and the only decrypted path (GET /secrets/values) is bulk + token-gated for remote agents and never called by canvas. The client has no plaintext-fetch function. Reveal is architecturally impossible without a deliberate security regression (out of scope). Fix: remove the dead toggle (+ its local state / auto-hide effect) and show a static write-only indicator (lock + explanatory title). Edit (rotate/replace) and Delete are unaffected and independent of reveal. Refs: internal#490; sibling Secrets/Tokens fixes PR #1415 + #1420 (referenced in triage as internal#210 / internal#211). Does not touch the agent-error path (internal#212). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 07:25:23 -07:00
core-uiux	1586d47d75	fix(canvas): add aria-hidden to TestConnectionButton spinner SVG ... The spinner SVG inside the test-connection button is decorative — it visualizes loading state alongside the text label. Add aria-hidden="true" so screen readers ignore it and use only the visible text as the accessible button name. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 13:37:37 +00:00
core-uiux	1439a46437	fix(canvas): add focus-visible to DeleteConfirmDialog cancel/confirm buttons ... WCAG 2.4.7: DeleteConfirmDialog Cancel and Delete buttons were missing :focus-visible rules in settings-panel.css. Keyboard users tabbing to these dialog buttons would see no visible focus indicator. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 13:36:39 +00:00
core-uiux	48f9386c19	fix(canvas): add focus-visible to OrgTokensTab and TokensTab enabled buttons ... WCAG 2.4.7: keyboard-only users need a visible focus indicator on all interactive buttons. The Copy, Dismiss, and Revoke buttons in OrgTokensTab and TokensTab had :hover but no :focus-visible, making focus state invisible when tabbing to these buttons. Add focus-visible:ring-2 (accent for copy/dismiss, red-400 for revoke) to all non-disabled action buttons in both tabs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 13:34:50 +00:00
hongming	4fd6612272	fix(tokens): make Workspace Tokens tab sentinel-aware + reject non-UUID workspace id ... Settings → Workspace Tokens 500'd whenever opened with no canvas node selected. SettingsPanel passes the literal sentinel "global" as the workspace id; the backend queries the uuid `workspace_id` column with it → Postgres `invalid input syntax for type uuid: "global"` → opaque 500 ("failed to list tokens"). Token create in that view broke the same way. SecretsTab already handles the sentinel (api/secrets.ts reroutes "global" → /settings/secrets); TokensTab did not — that asymmetry was the bug. Pre-existing since 2026-04-13, NOT a regression. Frontend (user-visible fix): TokensTab is now sentinel-aware like SecretsTab. When workspaceId === "global" (no node selected) it no longer calls /workspaces/global/tokens — it renders a clean state pointing the user to the Org API Keys tab (the existing org-wide surface). No 500, no scary error banner. The red account "Error" in this view was just this 500 surfacing through TokensTab's local error banner; it resolves with this guard (verified in code — no separate widget). Backend (defense-in-depth, same PR): List/Create/Revoke validate c.Param("id") as a UUID up front and return 400 {"error":"invalid workspace id"} instead of leaking a DB type error as a 500. Added the missing log.Printf on the List query-error branch — it was the only token handler silently swallowing the DB error, which is why this incident had zero log trail. Mirrors the uuid.Parse guard already in handlers/activity.go. Workaround (pre-merge): select a workspace node before opening the tab, or use the Org API Keys tab. Product note for CTO: there is no /workspaces/global/tokens endpoint (workspace tokens are inherently per-workspace; the org-wide equivalent is the separate Org API Keys tab), so — unlike SecretsTab which reroutes to a real global-secrets endpoint — the lowest-risk safe behavior was a disabled state + pointer to Org API Keys rather than a reroute. Flag if a different UX is wanted. Tests: added TokensTab sentinel tests (no API call + Org-pointer) and a backend table test asserting List/Create/Revoke 400 on non-UUID id without hitting the DB. Updated existing token handler tests to use valid UUIDs (they used "ws-1" etc.). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 06:22:00 -07:00
fullstack-engineer	aef45b83a6	Merge main into promote/staging-to-main to resolve outdated branch	2026-05-16 01:17:18 -07:00