801 Commits

Author	SHA1	Message	Date
claude-ceo-assistant	84634768d9	docs: remove stale runtime comment	2026-05-24 00:29:36 -07:00
claude-ceo-assistant	f7e2976324	chore: retire unmaintained workspace runtimes	2026-05-23 23:45:09 -07:00
hongming	36c63798eb	fix(memory): #1734 delete dead MemoryTab + live-refresh MemoryInspectorPanel (#1749) ... CTO-bypass merge per 2026-05-24 directive — SOP-6 checklist acked, 2 non-author approvals on current HEAD, dispatched-review evidence in PR comments.	2026-05-24 02:41:35 +00:00
claude-ceo-assistant	3c82b39f3d	feat(display): proxy native desktop streams after takeover	2026-05-23 17:41:45 -07:00
claude-ceo-assistant	5551ef40e3	feat(display): add desktop workspace creation flow	2026-05-23 13:46:20 -07:00
fullstack-engineer	af3d98e478	Harden display control tab state handling	2026-05-23 01:46:46 -07:00
fullstack-engineer	321d051c9f	Add display control state to Display tab	2026-05-23 01:40:49 -07:00
fullstack-engineer	2be87e66a9	Add container config tab skeleton	2026-05-22 23:32:47 -07:00
fullstack-engineer	cb22373549	Add display unavailable surface	2026-05-22 22:42:08 -07:00
hongming	a1cfd085a8	Merge pull request 'chore(runtime): delete core workspace copy' (#1620) from chore/delete-core-workspace-runtime into main	2026-05-21 04:23:33 +00:00
core-devops	522e8708a5	fix(core): disambiguate chat e2e text assertions	2026-05-20 21:02:35 -07:00
core-devops	3ceebf3b1f	fix(core): mint chat e2e token after url seed	2026-05-20 20:53:28 -07:00
core-devops	e62db981e8	fix(core): keep docker mode in chat e2e	2026-05-20 20:36:36 -07:00
core-devops	679314aa8f	fix(core): keep chat e2e echo url local	2026-05-20 20:29:04 -07:00
core-devops	73faaf9448	fix(core): refresh chat e2e runtime url cache	2026-05-20 17:28:32 -07:00
core-fe	5455ddefe2	feat(canvas): surface current org name/slug/UUID in Settings panel ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 23:27:58 +00:00
core-fe	80d517b8ab	fix(canvas): external/MCP workspace progress UX — surface poll-mode queued state (task #227) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:59:38 +00:00
core-fe	55fa44571e	fix(canvas): polite tasks/cancel before /workspaces/:id/restart for Stop All (task #377 companion) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:57 +00:00
core-fe	676f9a033b	fix(canvas/chat): A2A hints point at Activity tab (closeout internal#212) ... Reviews APPROVED (core-qa,core-devops). CI/all-required green. Non-required E2E + security-review checks noted in PR body; not gating per BP. Co-authored-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app> Co-committed-by: Molecule AI · core-fe <core-fe@agents.moleculesai.app>	2026-05-20 22:58:51 +00:00
infra-runtime-be	5c989fef2f	feat(uploads): bump cap to 100MB + correct-reason error messages ... CTO 2026-05-19 directive on forensic a99ab0a1 (reno-stars >50MB upload that surfaced "signal timed out" when the real cause was file-size + a fixed 60s client timeout): "if its file size issue, should have error that instead saying timeout which is wrong" Bundles the cap raise + the wrong-reason fix in ONE PR because the two are coupled — bumping the server alone would still leak the fixed-60s timeout for legitimate slow uploads; fixing the client alone would 413 every >50MB attempt. Server (push-mode, EC2 workspace): - workspace-server/internal/handlers/chat_files.go: chatUploadMaxBytes 50→100 MB httpClient.Timeout 120→1200 s (matches the new slow-uplink budget) - workspace/internal_chat_uploads.py: CHAT_UPLOAD_MAX_BYTES 50→100 MB CHAT_UPLOAD_MAX_FILE_BYTES 25→100 MB (aligned with total so a single legitimate large file succeeds end-to-end) Canvas: - canvas/src/components/tabs/chat/uploads.ts: MAX_UPLOAD_BYTES 100 MB constant + FileTooLargeError class pre-flight gate: file-size violation throws BEFORE any fetch, with the actionable "File too large (got X MB) — limit is 100MB" computeUploadTimeoutMs: 60s floor + 100 KB/s scaled deadline (was a fixed 60s — the root cause of the forensic) - canvas/src/components/tabs/chat/hooks/useChatSend.ts: mapUploadErrorToReason: routes each cause to ITS OWN message (FileTooLargeError | TimeoutError | server-Error | fallback) no conflation between file-size and connection-too-slow Tests: - workspace-server chat_files_test.go: pins 100 MB constant, asserts sub-cap forwards + over-cap non-2xx - canvas uploads.cap.test.ts (10 cases): pre-flight gate, exact-cap edge, scaled-timeout curve, server-413 propagation, AbortSignal shape — explicit negative on "TimeoutError ≠ FileTooLargeError" - canvas useChatSend.errorReason.test.ts (5 cases): per-cause message contract, explicit negatives that guard against the wrong-reason conflation Test harness mirror: - tests/harness/cf-proxy/nginx.conf: client_max_body_size 50m→100m (this is the harness mirror; the production CF / nginx tier is out-of-repo. If prod still caps at 50m, this mirror passes while prod 413s — surface to ops.) Follow-up (SSOT, NOT in this PR): The 100 MB constant now lives in THREE mirror sites (canvas TS + workspace Python + platform Go). Per feedback_no_single_source_of_truth, the proper fix is exposing the cap via GET /uploads/limits so the client fetches the live value. Filing as a separate issue. References: - task #295 (internal tracker; CTO-authorized this work) - forensic a99ab0a1 (reno-stars 2026-05-19) - feedback_surface_actionable_failure_reason_to_user (CTO 2026-05-17) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-19 20:23:04 -07:00
hongming	acc149e18e	Merge pull request 'fix(canvas/chat): surface actionable error reason in chat banner + link to Activity tab (internal#212)' (#1550) from fix/canvas-surface-error-detail into main	2026-05-19 01:56:12 +00:00
core-devops	44affbde24	fix(canvas/chat): surface actionable error reason in chat banner + link to Activity tab (internal#212) ... The chat error banner used to render the hardcoded "Agent error (Exception) — see workspace logs for details." string regardless of what the workspace runtime actually reported, and the "workspace logs" reference pointed at a tab that does not exist (there is no separate Logs tab in the side panel — the Activity tab is the workspace-logs surface). Per CTO feedback on internal#211 / #212: "the user can only act if they can see why." useChatSocket now forwards the new ACTIVITY_LOGGED.error_detail field (introduced server-side in the matching ws-server PR) into onSendError. When present, the canvas shows the secret-safe reason verbatim (provider HTTP status + error code + human-readable message); when absent — older ws-server build — it gracefully degrades to the legacy boilerplate so we never silently swallow a failure. A new ChatErrorBanner component renders the banner with a working "View activity log" button that fires setPanelTab("activity"), turning the dangling "see workspace logs" pointer into a real affordance. The existing offline-Restart button is preserved. Tests pin: hook forwards detail when present, falls back when absent, ignores cross-workspace error events; banner renders the actionable text, falls back to legacy message when that is all we have, button navigates to Activity tab, Restart preserved when offline, null message renders nothing. Refs: internal#212, feedback_surface_actionable_failure_reason_to_user	2026-05-18 17:39:09 -07:00
core-devops	82a6cf42cd	feat(canvas): homepage SEO for marketing launch (mc#1486) ... Adds the standard Next.js App-Router SEO surface to the canvas landing so the marketing push has crawlable metadata + structured data on day one. What landed: - layout.tsx — Metadata API: title.template, description, keywords, canonical, metadataBase, OG/Twitter text fields, robots index:true. JSON-LD @graph (Organization + WebSite + SoftwareApplication) injected with the per-request CSP nonce. - robots.ts — allow public marketing routes (/, /pricing, /blog), disallow /orgs, /api/, /cp/, /checkout/; declares sitemap + canonical host. - sitemap.ts — apex + pricing + live blog post; authed routes excluded by construction. - opengraph-image.tsx — segment-level dynamic OG card via next/og ImageResponse (1200x630); no static binary blob. - __tests__/seo-routes.test.ts — pins the crawler contract (10 cases) so a future refactor can't silently flip the marketing surface to noindex or drop the sitemap. Out of scope (per issue): design copy, hero rewrite, Lighthouse CWV tuning. Those are CTO/marketing inputs and a separate ticket. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 16:47:03 -07:00
devops-engineer	ebf88a469f	Merge pull request 'fix(canvas/socket): wake WebSocket on visibilitychange / pageshow (#223 / #228)' (#1530) from fix/canvas-ws-visibility-reconnect into main	2026-05-18 23:20:48 +00:00
core-fe	c2110c799d	fix(canvas/socket): wake WebSocket on visibilitychange / pageshow ... Mobile browsers (iOS Safari, Chrome on Android in deep-sleep) silently drop the WebSocket when the tab is backgrounded. The in-page `onclose` fires very late or never, so the reconnect backoff never schedules — the canvas appears frozen until the user manually refreshes. Symptoms: - #223 mobile canvas chat has no real-time updates (must refresh) - #228 cross-device: user's own chat input doesn't broadcast to other sessions in real time (must refresh) Root cause: `canvas/src/store/socket.ts` had no visibility-wake. The reconnect loop only re-arms on `onclose`, and mobile OSes don't always fire `onclose` when they kill the WS. Fix: - Add `ReconnectingSocket.wake()` — forces an immediate reconnect when the socket is in CLOSED / CLOSING / null limbo, no-op when OPEN or CONNECTING. Pre-empts any pending backoff timer and resets the attempt counter (this was a user-initiated wake, not an unattended-tab failure cascade). - Wire a module-level `visibilitychange` + `pageshow` listener inside `connectSocket()`; remove it in `disconnectSocket()`. `pageshow` covers Safari's bfcache restore where `visibilitychange` doesn't fire on its own. - Export `wakeSocket()` so the test suite can exercise the path without depending on a jsdom DOM (the existing socket.test.ts runs under the `node` environment). Tests (5 new cases under `wakeSocket → reconnect`): - wake on OPEN: no new WS - wake on CLOSED: new WS created (the #223 fix) - wake on CONNECTING: no extra handshake piled on - wake cancels pending backoff `setTimeout` - wake after `disconnectSocket()` is a no-op (no zombie) Closes #223 Closes #228	2026-05-18 14:37:56 -07:00
core-fe	679d86a9be	fix(mobile): bump focused-input font-size to 16px (kills iOS focus-zoom) ... iOS Safari and PWAs auto-zoom the viewport when a focused input or textarea has a computed font-size below 16px. Two mobile-canvas inputs were below that bound, causing the layout to jump and look broken on focus until the user pinched back: - MobileSpawn.tsx agent-name input (fontSize: 13.5) — #225 - MobileChat.tsx composer textarea (fontSize: 14.5) — #224 Both bumped to 16px (the minimum that suppresses focus-zoom). This is the same class of bug as desktop #1434, scoped here to the mobile breakpoint. Tests: - MobileSpawn.test: assert agent-name input renders at fontSize >= 16 - MobileChat.test: assert composer textarea renders at fontSize >= 16 Both parse the inline style.fontSize (jsdom has no layout engine, so getComputedStyle reports the inline value verbatim). Closes #224 Closes #225	2026-05-18 14:34:58 -07:00
hongming	e27f0747f2	Merge pull request 'fix(canvas): add role=alert aria-live=assertive to AgentAbilitiesSection error (WCAG 4.1.3)' (#1518) from fix/agent-abilities-aria-alert into main	2026-05-18 21:28:04 +00:00
hongming	a1c09f6a76	Merge pull request 'fix(canvas): add focus-visible to OrgTokensTab and TokensTab enabled buttons' (#1416) from design/settings-button-focus-v2 into main	2026-05-18 20:14:48 +00:00
hongming	470bf7b50a	Merge pull request 'fix(canvas): add role=alert aria-live=assertive to ConfigTab error divs (WCAG 4.1.3)' (#1504) from fix/canvas-configtab-wcag-alert-v2 into main	2026-05-18 19:28:06 +00:00
hongming	48f960db38	Merge pull request 'fix(canvas/tabs): add role=alert + aria-live=assertive to tab error states (WCAG 4.1.3)' (#1465) from fix/tabs-error-aria-alert into main	2026-05-18 18:36:29 +00:00
hongming	e68746b521	Merge pull request 'fix(canvas): add role=status + aria-live=polite to loading + empty states (WCAG 4.1.3)' (#1461) from fix/canvas-loading-aria-live into main	2026-05-18 18:35:28 +00:00
hongming	780d86eddc	Merge pull request 'fix(canvas): add role=alert + aria-live=assertive to error states (WCAG 4.1.3)' (#1463) from fix/canvas-errors-aria-alert into main	2026-05-18 18:34:35 +00:00
core-uiux	9c3fcafa1a	fix(canvas): add role=alert aria-live=assertive to AgentAbilitiesSection error ... Follow-up to PR #1504 (role=alert on ConfigTab error divs) — the AgentAbilitiesSection error div was in a separate render branch and was missed. WCAG 4.1.3 requires dynamic error messages to be announced by screen readers immediately. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 15:58:40 +00:00
core-fe	4978bd7e72	fix(canvas): add role=alert aria-live=assertive to ConfigTab error divs ... WCAG 4.1.3: two error divs in ConfigTab.tsx used text-bad styling without declaring themselves as live regions. Screen readers miss the error announcement. Fix: add role="alert" aria-live="assertive" to both error divs, matching the pattern applied in PRs #1463/#1465 by core-uiux for other tab components. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 12:15:53 +00:00
core-uiux	6c03c51a99	fix(canvas): WCAG 2.4.7 focus-visible on page.tsx buttons + add main landmark ... - Add focus-visible ring to three buttons missing it: - Mobile hydration error Retry button - Desktop hydration error Retry button - PlatformDownDiagnostic Reload button - Wrap <Canvas /> in <main aria-label="Agent canvas"> landmark (WCAG 1.3.1 — main content now has a proper landmark) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	cfcb7bf840	fix(canvas/chat): WCAG 2.4.7 focus-visible on AgentCommsPanel + AttachmentViews ... - AgentCommsPanel: add focus-visible ring + aria-label to Retry button (error state). Add focus-visible to CommsTab tab buttons. - AttachmentViews: add focus-visible ring + aria-label to Remove button (PendingAttachmentPill) and Download button (AttachmentChip). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	d9d93bb728	fix(canvas/settings): add focus-visible to secrets-tab refresh button (WCAG 2.4.7) ... The Refresh button inside the SecretsTab error state had no focus ring defined in CSS. Without it, keyboard-only users cannot determine which element has focus on that error screen. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	eff258e46e	fix(canvas/ConfigTab): add aria-label to fallback model input (WCAG 1.3.1) ... The free-text model input (shown when /templates returns no models for the runtime) had a visual <label>Model</label> but the input lacked an id and the label lacked htmlFor — the association was purely visual. Added aria-label="Model" to make the name programmatically determinable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	19ec517a1d	fix(canvas/FilesTab): add aria-modal="false" to inline alertdialog confirm prompts (WCAG 4.1.2) ... The two FilesTab confirm dialogs (delete-all, delete-one) use role="alertdialog" but were missing aria-modal. These are inline in-page prompts without focus trapping — aria-modal="false" explicitly documents the non-modal nature so assistive technology knows the rest of the page remains interactive. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	545d7c4fb2	fix(canvas/mobile): WCAG 2.4.7 comprehensive focus-visible audit — all interactive buttons ... MobileChat: Back, More, tab-switch, retry, remove-file, attach, send buttons MobileSpawn: Close, template-select, tier-select, spawn buttons components: tab bar, workspace-card, radio-filter buttons MobileDetail: Back, More, tab-switch, chat-CTA buttons All previously lacked focus-visible rings (WCAG 2.4.7). Added emerald-500 ring with appropriate offset for light/dark mode. Retry button also gained aria-label. Template-select and tier-select gained descriptive aria-labels matching the broadcast-chat-wcag branch pattern. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	2ecd0de127	fix(canvas/mobile): WCAG 2.4.7 focus-visible rings — MobileHome spawn FAB, MobileMe accent swatches + theme toggle ... MobileHome: spawn FAB had no focus indicator — added emerald ring. MobileMe: accent color swatches (all 8 colors) and theme toggle buttons (Dark / Light / System) had no focus indicators — added emerald ring. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	783f293c91	fix(canvas/mobile): WCAG 2.4.7 focus-visible rings — MobileCanvas reset zoom + MobileComms filter buttons ... MobileCanvas: reset zoom button had no focus indicator — added focus-visible:ring-2 with emerald-500 ring (consistent with other mobile interactive elements in the same branch). MobileComms: filter toggle buttons (All / Errors) had no focus indicator — added focus-visible:ring-2 with emerald-500 ring. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	b446c080aa	fix(canvas/mobile): aria-label on MobileChat composer textarea and MobileSpawn name input (WCAG 1.3.1) ... MobileChat: composer textarea had no aria-label — added aria-label="Message". MobileSpawn: name input had no programmatic label — added aria-label="Agent name". Both inputs had visible text labels above them but no accessible-name association, violating WCAG 1.3.1 (info/structure relationships). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	fa8462883e	fix(canvas): aria-label on "Add new" secret form inputs (WCAG 4.1.2) ... The "Add new" section had two bare <input> elements with only placeholder text. Added aria-label="Secret key name" and aria-label="Secret value" — distinct from the per-row Field inputs that PR #1453 already fixed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	c9146884c5	fix(canvas): WCAG 1.3.1 + 4.1.3 follow-up accessibility fixes ... - MissingKeysModal.tsx: Add aria-label to both password inputs (inside map loops where entry.key is the accessible name source). WCAG 1.3.1 / 4.1.2. - AuditTrailPanel.tsx: Add role="status" aria-live="polite" to the loading state div. WCAG 4.1.3. - ConversationTraceModal.tsx: Add role="status" aria-live="polite" to both the loading state and empty state divs. WCAG 4.1.3. Found via systematic accessibility audit sweep of non-tab components. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	eba3a48342	fix(canvas): scope test selectors to panel testids (test regression) ... Tests in ExternalConnectModal.test.tsx used document.querySelector("pre") which returns the first pre in DOM order. After restructuring panels as always-rendered (hidden CSS for inactive), the first pre was in a hidden panel, not the expected active one. Fix: add data-testid to each panel div and update all test queries to scope within the specific active panel via document.querySelector("[data-testid='panel-...']"). All 18 tests pass. Build passes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	7f178778d5	fix(canvas): complete ARIA tab pattern for ExternalConnectModal (WCAG) ... - Add id=, aria-controls=, and tabIndex= to each role=tab button - Add id= and role=tabpanel + aria-labelledby= to each snippet panel - Restructure panels as always-rendered (hidden CSS) so aria-controls targets are stable — active panel has role=tabpanel, hidden panels are hidden with aria-hidden semantics via hidden attribute - Add ArrowRight/ArrowLeft/ArrowDown/ArrowUp + Home/End keyboard navigation for the tablist (ARIA tab pattern requirement) - Compute tabList once after filled* vars to share between tab bar and keyboard handler WCAG 4.1.3 (Name, Role, Value) — tab controls now have correct role, aria-selected, aria-controls, and keyboard navigation. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-uiux	d1664b3144	fix(canvas/tabs): add role=alert + aria-live=assertive to tab error states (WCAG 4.1.3) ... Error divs in EventsTab, TracesTab, ChannelsTab, DetailsTab (save/restart/delete), and ExternalConnectionSection now use role=alert so assistive technology announces each error immediately when it appears. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 11:36:22 +00:00
core-fe	527b6ca36b	feat(canvas): always-visible Agent Abilities toggles in ConfigTab ... The broadcast_enabled and talk_to_user_enabled workspace abilities have complete, wired backends (commit 29b4bffb: workspace_abilities.go, workspace_broadcast.go, agent_message_writer.go) but no usable canvas control — so the CTO cannot see or toggle them from the canvas. - broadcast_enabled (default FALSE): no canvas control existed at all. - talk_to_user_enabled (default TRUE): only surfaced as the ChatTab recovery banner, which renders solely when the flag is false and is therefore invisible under the TRUE default. Adds an always-visible "Agent Abilities" section to ConfigTab with two on/off toggles bound to the existing PATCH /workspaces/:id/abilities endpoint (same call the ChatTab recovery banner uses), optimistic store updates via updateNodeData with rollback on failure, and server-truth reconciliation through the existing canvas-topology hydration. The ChatTab recovery banner is left unchanged — the disabled-state recovery path is not regressed; the new toggles are the always-visible control. Refs internal#510, internal#511. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 02:29:38 -07:00
hongming	a580926db5	fix(canvas): mobile chat render parity — Agent Comms + attachment previews (#231, #232) (#1443) ... Co-authored-by: hongming <hongmingwang@moleculesai.app> Co-committed-by: hongming <hongmingwang@moleculesai.app>	2026-05-18 03:50:39 +00:00