Commit Graph

773 Commits

Author SHA1 Message Date
i-trytoohard f22d2d9ccc
fix(web): terminal button deep-links to terminal section (#1218)
Previously both the 'terminal' button and 'View current context →' link
on the kanban card navigated to the same session detail page without
distinction. The terminal button now links to #session-terminal-section
anchor, which already exists in SessionDetail.tsx.

Fixes #1217

Co-authored-by: AO Bot <ao-bot@composio.dev>
2026-04-13 23:40:41 +05:30
Dhruv Sharma 426eb730eb
Merge pull request #1142 from yyovil/fix/1140-terminal-fullscreen-upstream
fix(web): fullscreen terminal does not occupy the full viewport
2026-04-13 21:54:56 +05:30
Dhruv Sharma ab1e4fb069
Merge pull request #1180 from yyovil/add/type-resolution
Add node type resolution for non-web packages
2026-04-13 19:56:36 +05:30
yyovil 9bed49d453 fix: scope node types to node packages 2026-04-13 18:25:21 +05:30
Ashish Huddar 07f01ef6a5
feat(cli): install-aware ao update, startup notifier, doctor version check (#1156)
* feat(cli): install-aware update command, startup notifier, and doctor version check

Make `ao update` detect whether AO was installed via npm or git source and
route accordingly: git installs use the existing shell script, npm installs
prompt to run `npm install -g @aoagents/ao@latest`, and unknown installs
print guidance. Add `--check` flag for JSON version info output.

Add a startup version notifier that reads a cached update check (no network
on startup) and prints a one-liner to stderr when outdated. Background
cache refresh runs after command completion via unref'd timer.

Add a version freshness check to `ao doctor` using cached data only (no
network dependency in diagnostics).

Closes #1136

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* test(cli): high coverage for update service, command routing, and notifier

Add comprehensive tests per maintainer request for full coverage of all
update paths:

update-check.ts (57 tests):
- isVersionOutdated: major/minor/patch comparisons, equal, newer, missing parts
- detectInstallMethod: all 4 scenarios (git, npm-global, partial, unknown)
- readCachedUpdateInfo: fresh, expired, 23h boundary, version mismatch,
  invalid JSON, missing fields, empty file
- fetchLatestVersion: success, 404, 500, network error, timeout, non-JSON,
  missing version, non-string version, AbortSignal presence
- checkForUpdate: cache hit, cache bypass with force, stale cache fetch,
  cache write on success, no cache write on failure, version match,
  unreachable registry, result shape
- maybeShowUpdateNotice: positive print case, not outdated, no cache,
  non-TTY, AO_NO_UPDATE_NOTIFIER, CI, AGENT_ORCHESTRATOR_CI,
  each skipArg (update/doctor/--version/-V/--help/-h)
- scheduleBackgroundRefresh: does not throw

update.ts (17 tests):
- conflicting flags rejection
- --check: valid JSON output, forces fresh fetch, no side effects
- git: default args, --skip-smoke, --smoke-only, cache invalidation
- npm-global: no script-runner, already up-to-date, registry unreachable
  exits non-zero, --skip-smoke warning, forces fresh fetch
- unknown: help message, shows latest version, registry unreachable,
  suggests npm command

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): address all review feedback — coverage gaps, code fixes, Codex findings

Code fixes:
- Extract classifyInstallPath() for testable npm-global detection
- Convert IS_TTY from module-level constant to isTTY() function call
  (testable without import-time mocking)
- Fix non-TTY npm update silently exiting 0 → now exits 1 so scripts
  detect that no upgrade happened (Codex P2)
- Handle pre-release version tags in isVersionOutdated() — strips
  suffixes before comparing, handles NaN safely
- Export getCacheDir() and writeCache() for test coverage

Test coverage (69 + 24 + 9 + 3 = 105 tests):
- classifyInstallPath: npm-global (Unix + Windows paths), git, partial, unknown
- isVersionOutdated: pre-release tags, NaN handling, same-with-prerelease
- getCacheDir: XDG_CACHE_HOME override, fallback to ~/.cache
- writeCache: success, EACCES mkdir failure, ENOSPC write failure
- handleNpmUpdate full flow: confirm → spawn success, spawn failure with
  sudo suggestion, spawn error (ENOENT), non-TTY exit, flag warning,
  user decline, registry unreachable
- --check with unreachable registry still outputs valid JSON
- maybeShowUpdateNotice: happy path print, AGENT_ORCHESTRATOR_CI guard,
  each skipArg individually
- scheduleBackgroundRefresh: no-throw, swallows errors

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): move background refresh earlier, distinguish local vs global node_modules

- Move scheduleBackgroundRefresh() before parseAsync() so the fetch runs
  in parallel with command execution. Short-lived commands now have a
  better chance of seeding the cache before exit. (Codex P2)
- Distinguish global npm installs (lib/node_modules, .pnpm store) from
  local project node_modules (npx, linked installs). Local installs now
  classify as "unknown" instead of "npm-global" to avoid suggesting
  npm install -g to npx users. (Codex P2)
- Add tests: pnpm global store path, nvm global path, npx local path

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(lint): remove forbidden import() type annotations in test mocks

Replace `vi.importActual<typeof import("node:fs")>(...)` with untyped
`vi.importActual(...)` to satisfy @typescript-eslint/consistent-type-imports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): don't misclassify local pnpm installs as npm-global

Local pnpm projects have node_modules/.pnpm/ which matched the /.pnpm/
heuristic. Replace with /pnpm/global/ check which only matches pnpm's
actual global store path (~/.local/share/pnpm/global/...).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): non-TTY exits 0, remove misleading sudo suggestion

- Non-TTY ao update now exits 0 after printing the command. Exit 1
  implied error but the user just needs to run the command manually.
- Remove blanket sudo suggestion on npm failure. npm can exit 1 for
  many reasons (network, version conflict, engine mismatch). Just
  print the exit code and let the user diagnose.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): pnpm global support, defer background refresh after parseAsync

- Detect pnpm global installs separately from npm global. pnpm users
  now see `pnpm add -g @aoagents/ao@latest` instead of the npm command.
  New InstallMethod value: "pnpm-global".
- Move scheduleBackgroundRefresh() to .then() after parseAsync() completes.
  Prevents in-flight fetch from holding the event loop open during
  short-lived commands when the registry is slow/offline. (Codex P2)
- Use info.recommendedCommand instead of hardcoded npm string in
  handleNpmUpdate, so the correct package manager command is always used.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): use actual command name in error message, not hardcoded "npm"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(cli): handle signaled npm update exits

* fix(cli): detect prereleases behind stable releases

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 11:46:26 +05:30
i-trytoohard 6cb9cb24ff
fix(web): hyperlink CI check chips to GitHub workflow runs in session detail (#1196) 2026-04-13 11:20:25 +05:30
i-trytoohard 36a64c98b7
chore: bump all package versions to 0.2.5 (#1190)
* chore: release 0.2.5

Realign main with npm registry after off-branch publish of 0.2.3/0.2.4.
Bump all 21 linked packages to 0.2.5 and cherry-pick the startup-grace-period
fix for #989 (was in 5e4244a8 but never merged to main).

Also sync non-linked plugin versions (notifier-discord, notifier-openclaw,
scm-gitlab, tracker-gitlab) to their current npm versions.

* Revert "chore: release 0.2.5"

This reverts commit eb17f32834.

* chore: bump all package versions to 0.2.5, remove release workflow

- Bump all 25 packages to 0.2.5 to realign with npm registry
- Update package-version test to expect 0.2.5
- Remove stale .changeset/linear-spawn-branch-name.md
- Delete .github/workflows/release.yml (changesets-based NPM publish)

---------

Co-authored-by: Prateek <karnalprateek@gmail.com>
Co-authored-by: AO Bot <ao-bot@composio.dev>
2026-04-13 05:47:08 +05:30
i-trytoohard 4950b431db
fix(web): make PR title clickable on /prs page (#1146)
* fix(web): make PR title clickable on /prs page

* chore: upload screenshot for #1145
2026-04-12 08:43:53 +05:30
yyovil ddd96852ec fix(web): sync fullscreen terminal viewport fix (#1140) 2026-04-12 04:22:27 +05:30
yyovil e5c371cb74 fix(web): fixed fullscreen terminal issue. Earlier it won't cover the full viewport. (#1140) 2026-04-12 04:16:08 +05:30
yyovil d73ec8edfd fix(cli): update stale ao-core imports (#1143) 2026-04-12 03:56:37 +05:30
yyovil c48b078a7b
Merge pull request #982 from yyovil/fix/cli-config-not-found-error-981
fix(cli): catch ConfigNotFoundError for clean error output
2026-04-12 00:42:15 +05:30
Dhruv Sharma 663c61e16d fix: merge main and address review findings for prompt-driven spawn
- Merge main to pick up @composio/ao-core → @aoagents/ao-core rename
  and decomposer removal (#1104)
- Fix @composio/ao-core import in prompt-spawn.test.ts → @aoagents/ao-core
- Remove unreachable dead code in CLI spawn (empty-string guard after || undefined)
- Update format.ts JSDoc to document 8-item fallback chain including userPrompt
- Add clarifying comment on validation/sanitization separation in spawn route
- Integrate userPrompt display into redesigned SessionCard footer

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 21:44:57 +05:30
Atul Pandey 31fc9ef274
Merge pull request #1112 from ComposioHQ/fix/activity-state-terminal-status-1081
fix(core): derive activity from runtime probe, not terminal status
2026-04-11 20:39:26 +05:30
Ashish Huddar af2af115bd
style(design): design review fixes + fresh Warm Terminal design system (#927)
* style(design): FINDING-001 — add prefers-reduced-motion support

All animations and transitions are disabled when the user's system
requests reduced motion, per DESIGN.md accessibility requirements.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-003 — remove concurrent breathe animations

Status pills had two animations: a breathe animation on the pill
and a dot-pulse on the child dot. DESIGN.md says "one animation per
element, one purpose" and "keep dot pulse, remove border heartbeat."

Removed all three breathe keyframes, kept dot-pulse only.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-004 — fix dashboard title weight and tracking

DESIGN.md specifies display headings at weight 680 and letter-spacing
-0.035em. The dashboard title was using 600 / -0.05em.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-005 — fix detail-card text to blue-tinted graphite

Detail cards overrode text-secondary and text-tertiary with neutral
grays (#9898a0, #5c5c66). DESIGN.md specifies blue-tinted graphite
palette (#a5afc4, #6f7c94) for dark mode text.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-008 — add text-wrap: balance on headings

Dashboard title and kanban column titles now use text-wrap: balance
for more even line breaks on narrow viewports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-006/009 — fix section label semantics and spacing

Changed "Attention Board" from <h2> to <div role="heading"> since it's
styled as a 12px uppercase label, not a heading. Also fixed letter-spacing
from 0.16em to 0.06em per DESIGN.md UI/Labels spec.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style(design): FINDING-007 — contextual empty state messages

Empty kanban columns now show context-specific messages instead of
generic "No sessions" text. Each column's empty state reflects its
purpose: "No agents need your input" (Respond), "No code waiting
for review" (Review), etc.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs(design): fresh design system — Warm Terminal

Complete redesign from Industrial Precision (blue-tinted) to Warm Terminal
(brown-tinted). Key changes:

- Warm charcoal surfaces (#121110, #1a1918, #222120) replace blue-gray
- Cream text (#f0ece8) replaces blue-white (#eef3ff)
- Warm periwinkle accent (#8b9cf7) replaces cool blue (#5B7EF8)
- Berkeley Mono for display headlines (mono cohesion)
- Added: Accessibility section (44px touch targets, WCAG AA, focus-visible)
- Added: Component anatomy (button states, card structure, input fields)
- Added: Light mode design rationale (warm parchment, not clinical white)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs(design): swap Berkeley Mono for JetBrains Mono (free)

Berkeley Mono is a paid font ($75). JetBrains Mono is free, open source,
already loaded in the project, and the mono-for-headlines concept works
the same way with it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs(design): fix light mode contrast failures

Light mode text-tertiary #a8a29e failed WCAG AA at 2.5:1 on white.
Darkened to #736e6b (5.0:1). Light mode accent #6b73c4 was borderline
at 4.3:1, darkened to #5c64b5 (5.3:1). All pairs now pass AA.

Added verified contrast ratios for both modes to accessibility section.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: gitignore .gstack/ directory

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs(design): add design audit report and screenshots

Design review audit report with before/after screenshots for all
dashboard pages (kanban, session detail, PRs) across desktop, tablet,
and mobile viewports in both light and dark mode.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(design): address PR review comments

- Fix mobile test expecting removed "No sessions" text. The merge zone
  emptyMessage is now "Nothing cleared to land yet." (Bugbot comment #1)
- Remove no-op .dark .detail-card override that duplicated global dark
  values after FINDING-005 fix aligned them (Bugbot comment #2)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: gitignore .gstack-report/ and remove from tracking

The .gstack-report/ directory contains local audit artifacts with
filesystem paths. Should not be tracked in the repository.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(design): align dashboard title CSS to new DESIGN.md spec

Dashboard title was using old Geist Sans values (weight 680, -0.035em).
New spec is JetBrains Mono, weight 500, letter-spacing -0.02em.
Added font-family: var(--font-mono) to match.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: use native h2 element for Attention Board section heading

Replace ARIA role="heading" div with semantic h2 per ARIA first rule — native elements are preferred over ARIA roles for actual headings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: pre-landing review fixes — a11y, dead code, test coverage

- Add aria-controls + id to accordion button/body pair in AttentionZone
- Wrap empty-state messages in aria-live="polite" regions for AT announcements
- Remove dead message prop and isDefault from EmptyState (Skeleton.tsx)
- Add parameterized test covering all 6 zone-specific empty messages

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: revert aria-live on empty states — causes false AT announcements

Codex review identified that role="status" aria-live on static empty-state
text causes burst announcements on page load (all empty columns fire) and
announces in collapsed mobile sections that aren't visible. Empty states are
static text, not dynamic transitions. The aria-controls fix is kept.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: bump version and changelog (v0.0.1.0)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: remove .gstack-report/ from .gitignore

* chore: remove VERSION and CHANGELOG (not used in this project)

* style(design): warm terminal color migration + inline style removal

Migrate all CSS tokens from cool blue-tinted graphite to warm
brown-tinted terminal aesthetic per DESIGN.md spec. Replace inline
style color mappings in ActivityDot, AttentionZone, Dashboard,
ProjectSidebar, and SessionCard with data-attribute CSS selectors.
Fix duplicate className bug on SessionCard done-title element.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: pre-landing review fixes — activity dot fallback + review stat color

Add base CSS fallback for activity-dot, activity-pill, and
activity-pill__text so null/unknown activity states render visibly
(gray) instead of invisible. Fix review stat card to use accent-orange
(matching kanban/sidebar/mobile review indicators) instead of cyan.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: checkpoint current design branch state

* design changes

* feat(web): redesign session detail page — compact PR card, identity strip, layout reorder

- Redesign SessionTopStrip with simplified breadcrumbs, action buttons (Message/Kill)
- Replace stacked PR card with compact inline layout: title row + blocker/CI chips + collapsible comments
- Move PR card above terminal for better information hierarchy
- Replace vertical IssuesList with inline buildBlockerChips helper
- Add ~200 lines of new CSS classes for compact PR card design system
- Add changedFiles field to DashboardPR type

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(web): design system tokens, sidebar redesign, and component primitives

- Align all color tokens (status, bg, border, text) across three HTML mockups
- Rewrite ProjectSidebar to match finalized.html: rotation chevron, session status text, border-bottom project separators, 224px width
- Add packages/web/DESIGN.md: agent-readable reference for tokens, typography, component patterns, anti-patterns
- Add Badge.tsx: generic badge/chip/pill primitive with status/outline/default variants
- Add Button.tsx: ghost/primary/danger button primitive
- Update CLAUDE.md to reference DESIGN.md as required pre-read for web UI work

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* style(design): FINDING-001 — card border-radius 0 → 6px to match mockup

* style(design): FINDING-002 — column border-radius 0 → 7px, border subtle to match mockup

* style(design): FINDING-003 — column header mono font, 500 weight, muted color to match mockup

* style(design): FINDING-004/005/006 — fix accent-blue/yellow/purple tokens to match mockup

* style(design): FINDING-007 — add --color-bg-card token (light #fff, dark #1c1b19)

* Refine dashboard design system and remove fixture flow

* Fix respond status colors in dashboard indicators

* Align tests with updated dashboard and metadata behavior

* fix(core): register notifier aliases consistently

* chore(web): drop uncovered showcase routes

* Add desktop PullRequestsPage coverage tests

* Remove generated coverage artifact

* Consolidate web design guidance into the root design system

* Fix working and ready status color tokens

* Fix sidebar collapse and inline kill confirmation

* fix(qa): ISSUE-001 - show all mobile filter chips

* Restore full title contrast in session cards

* Fix review feedback in dashboard state styling

* style: implement mobile responsive designs (feed, terminal-first, dense PRs)

Dashboard: replace accordion with urgency-sorted priority feed, horizontal scroll filter pills.
Session Detail: terminal-first layout with floating header, status pill, PR bottom sheet.
PRs: dense rows with CI dots, grouped sections, muted merged/closed rows.
Update tests to match new mobile layouts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix mobile terminal padding with PR sheet layout

* Polish mobile feed and session detail styling

* Align mobile dashboard layouts with gstack designs

* Fix mobile terminal actions and PR review labels

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 16:30:03 +05:30
Dhruv Sharma 2ebe111af0
Merge pull request #1086 from ComposioHQ/fix/node-pty-postinstall-rebuild
fix(ao): rebuild node-pty when prebuilt binary is incompatible
2026-04-11 15:03:40 +05:30
Dhruv Sharma 94b83c41e0 fix(ao): add process.exit(0) after pty.kill() to prevent hang in compatibility probe
node-pty leaves libuv handles alive after kill() (PTY master fd, internal
Socket, timers). Without process.exit(0) the probe process idles until the
10s execSync timeout fires, causing a spurious node-gyp rebuild on every
install even when the prebuilt binary is perfectly compatible.
2026-04-11 14:54:57 +05:30
Dhruv Sharma d908500791
Merge pull request #882 from DNX/feat/linear-spawn-branch-name
Honor Linear branchName as single source of truth for spawn worktree branches
2026-04-11 14:45:57 +05:30
Dhruv Sharma 628ada0891 fix(ao): exercise pty.spawn() in postinstall probe, not just require()
The require('node-pty') check only verifies the module loads, but the
actual posix_spawnp failure only surfaces when the helper binary is
executed via pty.spawn(). This means the probe could pass while the
terminal remains broken — exactly the scenario issue #987 describes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 14:45:50 +05:30
Dhruv Sharma e90cc48d6c fix(ao): rebuild node-pty from source when prebuilt binary is incompatible (#987)
The postinstall script only fixed spawn-helper permissions but didn't handle
ABI mismatches when the prebuilt binary doesn't match the user's Node.js
version (common with nvm/fnm/volta). Now tries to load node-pty after the
chmod fix and falls back to npx node-gyp rebuild if it fails.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 14:45:50 +05:30
adil 0f4e2bcc3c feat(cli): hide orchestrator sessions from `ao session ls` by default (#1088)
Orchestrator sessions are control-plane sessions that clutter the ls
output alongside worker sessions. Filter them out using the existing
`isOrchestratorSessionName()` helper. Add `--all` / `-a` flag to
include them when needed.

Closes #1088

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 12:25:14 +05:30
Dhruv Sharma ba899f9c30
Merge pull request #1104 from ComposioHQ/feat/issue-1045
refactor: remove ao spawn --decompose feature
2026-04-11 10:22:22 +05:30
Dhruv Sharma e18f9bee33 fix(tests): fix prompt-spawn integration test import and type annotations
The test file imported from @composio/ao-core but main renamed packages
to @aoagents/ao-core. Also added Session type annotations to all find()
callbacks to satisfy strict typecheck.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 22:03:04 +05:30
Dhruv Sharma b7464e5657 fix(spawn): persist userPrompt to metadata and prevent injection
writeMetadata() used a hard-coded field whitelist that silently dropped
userPrompt. The in-memory Session.metadata also never included it, so
the spawn response always returned null. Additionally, prompts containing
newlines could inject arbitrary key=value pairs into the flat-file
metadata format.

Fixes:
- Add userPrompt to writeMetadata() whitelist and readMetadata() return
- Populate session.metadata with userPrompt during spawn
- Strip newlines from prompts in both web API and CLI (defense-in-depth)
- Harden serializeMetadata() to replace newlines in all values
- Add prompt length validation (4096 max) in CLI to match web API

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 18:54:48 +05:30
prod-blip b88b664dbb fix(core): derive activity from runtime probe, not terminal status (#1081)
Previously, sessions with terminal statuses (merged, done, killed, etc.)
had their activity unconditionally set to "exited" without checking if
the agent process was actually still running. This caused the dashboard
to show incorrect activity state for sessions where the PR was merged
but the agent was still alive in tmux.

Now the runtime liveness check runs first for all sessions, and activity
is derived from the actual process state via getActivityState(). Terminal
status no longer forces activity to "exited".

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-10 16:20:26 +05:30
Dhruv Sharma ff9bb76e63
Merge pull request #1076 from harshitsinghbhandari/feat/cursor-agent-support
feat: add Cursor agent CLI support (#1060)
2026-04-10 15:29:55 +05:30
Harsh Batheja 1a476a415c test(core): fix stale @composio scope refs in plugin-registry tests
Two notifier alias tests in plugin-registry.test.ts still referenced
@composio/ao-plugin-notifier-slack after the @composio→@aoagents
rename in #983. The mock fallback hit the throw branch, the slack
plugin never got registered, and the assertions failed with
"undefined" / "called 0 times". CI on main has been red on these
two tests since #967 merged.

Other tests in the same file (webhook line 231, openclaw line 333)
already use @aoagents — these two were missed.
2026-04-10 13:09:30 +05:30
Harsh Batheja 3fb2ddf06d refactor: remove --decompose feature entirely
The --decompose flag and supporting decomposer module had two
unfixable bugs (#1045): it crashed when ANTHROPIC_API_KEY was unset,
and it created multiple branches/PRs per issue, fragmenting history
and complicating review/merge. Removing the feature instead of
patching either bug.

- Delete packages/core/src/decomposer.ts and all re-exports
- Drop @anthropic-ai/sdk dependency from @composio/ao-core
- Remove --decompose / --max-depth options from ao spawn
- Remove decomposer field from ProjectConfig (zod default-strip
  silently ignores existing decomposer: blocks in user yaml)
- Remove lineage / siblings from SessionSpawnConfig and the
  prompt-builder Layer 4 block (only used by decomposer)
- Gut the matching backlog reactor branch in web/services.ts
  so the polling path no longer hits the same bugs
- Remove decompose parameter from openclaw-plugin ao_spawn tool
- Drop decomposer mocks from web services.test.ts
2026-04-10 13:02:52 +05:30
harshitsinghbhandari 8f43006472 fix(agent-cursor): use printf %s pattern to prevent shell injection
Fix shell injection vulnerability when combining systemPromptFile with
prompt. The prompt could contain shell metacharacters ($(), backticks)
that would be executed inside the double-quoted string.

Now uses the exact same pattern as OpenCode:
  "$(cat 'file'; printf '\n\n'; printf %s 'prompt')"

The shellEscape wraps prompt in single quotes (no shell expansion),
and printf %s outputs it literally without interpretation.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 12:34:07 +05:30
harshitsinghbhandari 843ae2b897 fix(agent-cursor): use shell substitution for systemPromptFile
Use $(cat file) shell substitution instead of inlining file content
to avoid tmux truncation for large system prompt files (2000+ chars).
This matches the pattern used by Claude Code, Aider, and OpenCode.

- Replace readFileSync with $(cat) in getLaunchCommand
- Remove unused readFileSync import
- Update tests to verify shell substitution behavior

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 12:23:47 +05:30
harshitsinghbhandari e47b03807c fix(agent-cursor): address Cursor Bugbot security findings
1. Add symlink check for .cursor directory in extractCursorSummary
   to match getCursorSessionMtime behavior (prevents path traversal)

2. Add vitest alias for @aoagents/ao-plugin-agent-cursor in CLI tests
   (fixes missing module resolution in tests)

3. Add lstatSync check before readFileSync in getLaunchCommand
   to reject symlinked systemPromptFile paths (security hardening)

4. Add test coverage for symlink rejection behavior

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 12:16:37 +05:30
harshitsinghbhandari f154f87add fix: merge upstream main and resolve conflicts for cursor agent
- Resolve @composio → @aoagents package renaming conflicts
- Add cursor agent to BUILTIN_PLUGINS in plugin-registry.ts
- Add cursor agent to AGENT_PLUGINS in detect-agent.ts
- Add cursor agent import and registration in plugins.ts
- Add cursor agent dependency and import in web services.ts
- Update cursor plugin package naming to @aoagents/ao-plugin-agent-cursor
- Add cursor agent to changeset linked group
- Fix test imports to use new @aoagents package naming

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 11:48:27 +05:30
harshitsinghbhandari 63faae784c fix(agent-cursor): address 7 critical PR review findings
Fixes all issues identified in PR review from illegalcall:

1. 🔴 detect() false positives - Now checks for multiple Cursor-specific
   markers: "Cursor Agent" text OR (--approve-mcps AND --sandbox flags).
   Provides redundancy if Cursor changes one indicator.

2. 🔴 systemPromptFile/systemPrompt ignored - Properly reads file content
   synchronously using readFileSync and prepends to prompt. Clean approach
   without shell command substitution. Gracefully handles missing files.

3. 🟡 Process regex too generic - Fixed regex from /\\.?/ to /\.?/ for
   optional dot prefix. Now correctly matches "agent" or ".agent" binaries.

4. 🟡 Idle check before waiting_input - Reordered detectActivity checks so
   waiting_input patterns (permission prompts) are tested BEFORE idle prompt
   detection. Fixes false negatives when prompts end with input cursor.

5. 🟡 Symlink/path traversal protection - Added lstat() checks in
   extractCursorSummary and getCursorSessionMtime to reject symlinks and
   verify paths stay under workspacePath.

6. 🟡 hasRecentCommits false actives - Added comment acknowledging the
   limitation (same pattern as Aider plugin). Better than missing activity.

7. 🟡 Missing test coverage - Added 11 new tests:
   - 6 tests for detect() covering text match, flag fallback, edge cases
   - 5 tests for systemPromptFile/systemPrompt handling including errors
   Total: 62/62 tests passing

Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-10 11:02:33 +05:30
ChiragArora31 99da8b3c1c test(core): update notifier stubs for aoagents packages 2026-04-10 06:59:43 +05:30
ChiragArora31 98c5e1518c Merge upstream/main into feat/session-ls-json 2026-04-10 06:43:25 +05:30
Dhruv Sharma c9c41ad6dc
Merge pull request #967 from ChiragArora31/fix/notifier-alias-lifecycle-routing
fix(core): resolve notifier aliases in lifecycle routing
2026-04-10 03:02:36 +05:30
ChiragArora31 ea3da99c51 Merge upstream/main into feat/session-ls-json 2026-04-09 22:24:37 +05:30
harshitsinghbhandari d97177bced fix(cursor): address PR review comments from Copilot AI and Cursor bot
Activity Detection (2 related issues):
- Fix getCursorSessionMtime to stat .cursor/chat.md file instead of directory
- Directory mtime only updates on entry changes, not file modifications
- Now checks chat.md file first (tracks actual writes), falls back to directory
- Prevents directory mtime from blocking JSONL fallback in getActivityState
- Allows tier 4 (getActivityFallbackState) to run when needed

Prompt Safety:
- Add -- separator before positional prompt argument in getLaunchCommand
- Prevents prompts starting with - from being misinterpreted as flags
- Matches pattern used in Codex agent plugin
- Update test expectations to include -- separator

Process Detection:
- Update comment to accurately describe "agent" binary matching
- Removed misleading reference to "cursor and .cursor" process names

Plugin Detection:
- Improve detect() to check --version output for Cursor-specific text
- Reduces false positive risk from generic "agent" command name
- Validates output contains "cursor" or "agent" keywords

All tests passing (51/51).

Fixes issues identified in PR #637 review.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-09 22:17:13 +05:30
ChiragArora31 f9edbee5d2 fix(cli): classify metadata orchestrators in session ls json 2026-04-09 22:16:49 +05:30
ChiragArora31 8ea1c38532 Merge upstream/main into fix/notifier-alias-lifecycle-routing 2026-04-09 21:55:05 +05:30
harshitsinghbhandari e210feb850 fix(agent-cursor): use --sandbox disabled instead of --trust to skip workspace prompts
The --trust flag only works in headless mode (with --print), so it doesn't
prevent the workspace trust prompt in interactive mode. Changed to --sandbox
disabled which skips workspace trust prompts entirely.

This fixes the issue where Cursor agent would block on startup waiting for
user to approve the workspace trust prompt.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-09 21:46:22 +05:30
AO Bot 8cfa5b079b fix: add terminal health metrics to /health endpoint 2026-04-09 16:13:44 +00:00
Prateek 27712442f8 fix: restore GitHub repo URLs to ComposioHQ/agent-orchestrator — only npm scope changed 2026-04-09 16:00:32 +00:00
Prateek 2c862f3f29 fix: restore @composio/core references — third-party SDK, not our scope 2026-04-09 16:00:31 +00:00
Prateek 4f2616674f fix: address bugbot comments — missed renames in preflight, tests, and shell scripts 2026-04-09 16:00:31 +00:00
Prateek 550bdf589c fix: rename @composio refs in tsx files and regenerate lockfile 2026-04-09 15:59:33 +00:00
Prateek 967e864f5a chore: rename @composio scope to @aoagents across all packages
Renames all npm package scopes from @composio/* to @aoagents/* and
updates GitHub repo references from ComposioHQ/agent-orchestrator
to aoagents/ao throughout the codebase.

- All package.json names and dependencies
- README badges, links, and install instructions
- Documentation references
- Changeset config
- Source code imports and test files
2026-04-09 15:59:33 +00:00
harshitsinghbhandari f8e535f605 fix(cursor): correct binary name from 'cursor' to 'agent'
CRITICAL: The Cursor CLI binary is actually called 'agent', not 'cursor'.
This was a fundamental assumption error that made the plugin completely non-functional.

## Changes

### Binary and Process Names
- **manifest.description**: "Cursor CLI" → "Cursor Agent CLI"
- **processName**: "cursor" → "agent" (line 119)
- **detect()**: Check for "agent" binary instead of "cursor" (line 335)
- **isProcessRunning**: Look for "agent" process, not "cursor" (line 263)
  - Updated regex to `/(?:^|\/)\bagent\b(?:\s|$)/` with word boundaries
  - Prevents false matches on "agent-orchestrator" etc.

### Command Generation
- **Base command**: "cursor" → "agent" (line 122)
- **Permission flags**: Changed from assumed --auto-approve to actual Cursor flags:
  - --force (Run Everything / YOLO mode)
  - --trust (trust workspace without prompting)
  - --approve-mcps (auto-approve MCP servers)
- **Prompt handling**: Prompt is passed as positional argument, not --prompt flag
- **Removed**: --system flag support (Cursor agent doesn't have this)

### Activity Detection
- Updated prompt patterns: "cursor>" → "agent>", "[cursor]" → "[agent]"
- All terminal output detection patterns updated

### Test Updates (51/51 passing)
- processName expectation: "cursor" → "agent"
- Command assertions: "cursor" → "agent", --auto-approve → --force
- Combined options test: updated to reflect actual flag names
- Process detection tests: "cursor" → "agent", ".cursor" → "/path/to/agent"
- Activity detection tests: all "cursor" references → "agent"
- Manifest description test: updated to match new description

## Verification

**Before (broken):**
```bash
$ detectAvailableAgents()
Available agents: claude-code, aider, codex, opencode  #  cursor missing
```

**After (working):**
```bash
$ detectAvailableAgents()
Available agents: claude-code, aider, codex, cursor, opencode  #  cursor detected

$ agent.getLaunchCommand({permissions: 'permissionless', model: 'claude-sonnet-4', prompt: 'Fix bug'})
"agent --force --trust --approve-mcps --model 'claude-sonnet-4' 'Fix bug'"  #  correct

$ agent.processName
"agent"  #  correct
```

## Impact

This fix makes the plugin actually functional. The previous implementation would:
-  Never detect Cursor CLI (detect() checked wrong binary)
-  Never find running processes (isProcessRunning looked for wrong name)
-  Generate invalid commands (wrong binary name and flags)

Now it:
-  Detects Cursor CLI when `agent` binary is installed
-  Correctly identifies running agent processes
-  Generates valid commands with correct flags

## Testing
-  51/51 tests passing
-  TypeScript typecheck clean
-  Agent detection working (verified with actual agent binary)
-  Command generation produces valid agent commands

Addresses: ComposioHQ/agent-orchestrator#1076

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-09 21:11:07 +05:30
ChiragArora31 49df74172b fix(core): preserve alias-specific notifier instances 2026-04-09 19:47:26 +05:30
harshitsinghbhandari f3224e9193 fix(cursor): correct getRestoreCommand signature and update documentation
Address critical PR review findings from #1076.

## Changes

### Critical Fix
- **cursor/index.ts:308**: Add required parameters to getRestoreCommand signature
  - Was: `async getRestoreCommand(): Promise<string | null>`
  - Now: `async getRestoreCommand(_session: Session, _project: ProjectConfig): Promise<string | null>`
  - Fixes interface contract violation that would cause silent runtime failures
  - Parameters prefixed with _ since method always returns null (Cursor doesn't support resume)

### Documentation Improvements
- **cursor/index.ts:125-127**: Add comment explaining --auto-approve flag
  - Clarifies that --auto-approve is equivalent to Aider's --yes flag
  - Maps to same permission semantics across agents
- **cli/config-instruction.ts:24,144**: Add cursor to available agents list
  - Update defaults example to include cursor
  - Update "Available plugins" reference to include cursor

### Type Imports
- **cursor/index.ts:19**: Import ProjectConfig type for getRestoreCommand signature

## Testing
-  cursor plugin tests: 51/51 passing
-  cursor plugin typecheck: clean
-  No regressions introduced

## Why These Changes Are Needed

**Before:**
- getRestoreCommand signature mismatch would cause silent failures when core system calls it with parameters
- Config documentation didn't mention cursor as available agent option
- No explanation why --auto-approve differs from Aider's --yes naming

**After:**
- Interface contract properly satisfied
- Documentation complete and helpful
- Clear code comments explaining design decisions

Addresses: ComposioHQ/agent-orchestrator#1076

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-09 19:29:26 +05:30