Commit Graph

457 Commits

Author SHA1 Message Date
suraj-markup f82e4e6ad9 fix(test): replace dynamic delete with Reflect.deleteProperty in withEnv
Fixes @typescript-eslint/no-dynamic-delete lint error in api-routes.test.ts
which was breaking Lint, Typecheck, and the onboarding build check.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-29 03:58:38 +05:30
suraj-markup 717253cf8e fix(web): harden project validation, fetch timeout, and test coverage
- centralize project existence check via validateConfiguredProject
  (Object.hasOwn) and apply to spawn, issues, verify, orchestrators routes
- add AbortController (1.5s) to runtime terminal config fetch in DirectTerminal
- add runtimeFetchDone flag to prevent repeated fetches on reconnect
- restore resolveDashboardProjectFilter fallback to getPrimaryProjectId()
- expand runtime terminal endpoint tests (defaults, invalid ports, proxy path)
- add validation.test.ts covering prototype-chain bypass cases
- add undefined case test for resolveDashboardProjectFilter
- update changeset with full list of changes for npm publish

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-29 03:17:42 +05:30
suraj-markup 5315e4e0ab fix(web): runtime terminal port resolution + project-id hardening 2026-03-28 19:23:15 +05:30
Dhruv Sharma 3f4a08b251
Merge pull request #732 from ComposioHQ/feat/721
Fix Gitleaks errors and checksum issues.
2026-03-27 11:14:31 +05:30
copilot-swe-agent[bot] 91117f9e36
ci: fix gitleaks checksum filename, install dir, fetch-depth, and PR SHA fetch
Agent-Logs-Url: https://github.com/ComposioHQ/agent-orchestrator/sessions/87c2a42f-535a-4051-ab50-1f3fcc5aac1d

Co-authored-by: harshitsinghbhandari <212377671+harshitsinghbhandari@users.noreply.github.com>
2026-03-27 05:26:08 +00:00
Harshit Singh Bhandari c36440df62
Merge pull request #731 from harshitsinghbhandari/feat/721
ci: add gitleaks checksum verification and optimize fetch-depth
2026-03-27 10:45:53 +05:30
harshitsinghbhandari c762fa1453 ci: add gitleaks checksum verification and optimize fetch-depth 2026-03-27 10:08:56 +05:30
Dhruv Sharma 5933991252
Merge pull request #631 from illegalcall/feat/openclaw-integration
feat: OpenClaw plugin, AO skill, Discord notifier, and setup wizard
2026-03-27 09:48:25 +05:30
Dhruv Sharma 8a35384657 fix: resolve lint errors in openclaw-plugin and notifier-openclaw
- Add typed interfaces (PluginApi, PluginEvent, CommandContext, CommandResult)
  to replace `any` types in openclaw-plugin/index.ts
- Replace `== null` with strict equality checks (eqeqeq)
- Attach `{ cause: err }` to rethrown ECONNREFUSED error in notifier-openclaw
  to satisfy preserve-caught-error rule

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-27 02:36:24 +05:30
Dhruv Sharma 88b18722ca commited pnpm lock 2026-03-27 02:27:01 +05:30
Ashish Huddar af6c4c5add
Merge pull request #634 from ComposioHQ/feat/issue-633
chore(web): mobile-responsive layout for dashboard and session views
2026-03-27 01:44:07 +05:30
Dhruv Sharma b619461470 fix: assign 429 error to lastError so exhausted rate-limit throws immediately
Without this, the catch block's `err === lastError` identity check fails and
the error is absorbed into the retry loop instead of propagating.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-27 01:42:59 +05:30
Dhruv Sharma 373654f4e1 fix yaml test 2026-03-27 01:41:08 +05:30
Ashish Huddar c32fb6a03c Fix session polling and BottomSheet freshness 2026-03-27 01:38:54 +05:30
Ashish Huddar 8ce7366b82 Import useRef for session detail page 2026-03-27 01:34:13 +05:30
Ashish Huddar ada469556a Fix session detail project polling and orchestrator response 2026-03-27 01:27:38 +05:30
Ashish Huddar c008c3c4c2 Refresh bottom sheet session data and update tests 2026-03-27 00:32:52 +05:30
Ashish Huddar 24a293d811 Handle send errors and stabilize script tests 2026-03-27 00:25:10 +05:30
Ashish Huddar 5b1f3625a5 Reset mobile view-all state and surface send errors 2026-03-26 23:37:51 +05:30
Dhruv Sharma ecf4848e9b fix: prevent Discord retry counter compounding on persistent 429s
When rateLimitRetries was exhausted, a 429 fell through to the normal
error path where isRetryableHttpStatus(429)=true caused it to also
consume the error retry budget — giving 2×retries total attempts.

Now throws immediately when rate-limit budget is exhausted so the two
counters remain independent: up to `retries` rate-limit waits, then
up to `retries+1` attempts for genuine errors (5xx), never compounding.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:26:25 +05:30
Dhruv Sharma 62ecad06b1 fix: address final CodeRabbit PR review findings
- openclaw-probe.ts: fix trailing ": " when response body is empty —
  use conditional interpolation instead of .trim() on the full string
- doctor.ts: split connectivity check and test-notify into separate
  try-catch blocks with distinct error messages so failures are
  attributed correctly ("Notifier connectivity check failed" vs
  "Sending test notifications failed")

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:17:42 +05:30
Dhruv Sharma 28bb9aa6b7 fix: apply minimum wait for Discord 429 without Retry-After header
Previously, a 429 with no Retry-After header fell through to response.text()
with no explicit wait, relying on the generic exponential backoff. Now all 429
responses are handled uniformly via rateLimitRetries: use the Retry-After
value when present, otherwise fall back to retryDelayMs as the minimum wait.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:11:58 +05:30
Dhruv Sharma d0c0b9b0d0 fix: don't burn error retry budget on Discord 429 Retry-After waits
Each 429 with a Retry-After header was consuming one slot from the error
retry budget. With retries=3, three sustained rate-limits would exhaust
retries before any real error retry could fire.

Track rate-limit waits with a separate rateLimitRetries counter (capped at
retries to prevent infinite loops) and decrement attempt before continue so
the for-loop increment cancels out and the error retry budget is preserved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:07:17 +05:30
Dhruv Sharma 8896187b76 fix: preserve existing notifiers when creating default notificationRouting
When notificationRouting didn't exist, the setup wizard created a default
that included desktop only for urgent/action and dropped it for warning/info.
Users with defaults.notifiers: [desktop] would silently lose desktop
notifications for lower-priority events since notificationRouting takes
precedence over defaults.notifiers.

Now seeds all four priority levels from the existing defaults.notifiers array
(plus openclaw) so no previously-configured notifier is lost.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 22:50:15 +05:30
Ashish Huddar 4a842d4742 Fix ao launcher linking and mobile toast offset 2026-03-26 22:47:25 +05:30
Dhruv Sharma 21412dc725 fix: address Cursor Bugbot review comments (round 2)
- Fix YAML project key detection for inline comments: trimmed.endsWith(":")
  fails on valid YAML like "my-app: # description" — strip inline comments
  before the check so getConfiguredRepos works with commented project keys
- Fix Discord retry backoff skipping after 429+5xx sequence: the skipNextBackoff
  flag caused exponential backoff to be skipped on the attempt AFTER a 429,
  even when that attempt failed with an unrelated 5xx error. Removed the flag
  entirely — continue already skips backoff naturally for the 429 iteration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 22:39:28 +05:30
Ashish Huddar e1867d0bef Preserve orchestrator ID when session project changes 2026-03-26 22:38:30 +05:30
Ashish Huddar 128c9101c8 Handle dashboard send failures and optimize session polling 2026-03-26 22:28:31 +05:30
Dhruv Sharma 8b491d4441 fix: address Cursor Bugbot review comments
- Add module-level sanitizeCliArg() and apply to all AI tool execute
  handlers (ao_spawn, ao_batch_spawn, ao_send, ao_kill, ao_session_restore,
  ao_review_check, ao_session_cleanup) to prevent CLI flag injection from
  LLM-supplied params
- Clear batchSpawnFollowUpTimeouts in board scanner stop handler too —
  previously leaked when healthPollIntervalMs <= 0 (health service never starts)
- Exclude commented lines from shell profile token regex with (?!\s*#)
  negative lookahead to avoid replacing # OPENCLAW_HOOKS_TOKEN=... lines
- Resolve \${ENV_VAR} placeholders in doctor's OpenClaw token check —
  ao setup openclaw writes the literal string "\${OPENCLAW_HOOKS_TOKEN}"
  which was being sent as the Bearer token instead of the actual value

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 22:25:46 +05:30
Dhruv Sharma c8ba03bb8d fix: fail hard when --test-notify is set but config load fails
When `ao doctor --test-notify` is requested and config loading throws,
use fail() instead of warn() so the process exits non-zero. Consistent
with the existing behavior when no config file exists at all.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 22:02:52 +05:30
Dhruv Sharma 570f3b588f fix: address CodeRabbit review comments
- Use consistent regex for OPENCLAW_HOOKS_TOKEN detection and replacement
  in shell profile (prevents silent no-ops for non-exported lines)
- Broaden token detection regex to match lines with/without export prefix
  and leading whitespace
- Fix misleading --non-interactive help text (token is auto-generated)
- Fix doctor.ts catch block to say "Notifier checks failed" not "load config"
- Fix 204 mock in Discord notifier test (ok: true, not ok: false)
- Fix weak no-duplicate assertion in setup.test.ts (actually count list items)
- Add discord to notifier options comment in config-instruction.ts
- URL-encode threadId in Discord webhook URL construction
- Add aoCwd to required[] in openclaw.plugin.json configSchema
- Add HTTPS recommendation comment to agent-orchestrator.yaml.example
- Add rimraf for cross-platform clean script in notifier-discord
- Rename "Recommended Settings" to "Required: Disable Conflicting Built-in Skills"
  with explicit warning in docs
- Add /ao setup post-setup reminder to manually disable coding-agent skill
- Fix misleading README non-interactive example wording

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 21:58:19 +05:30
AO Bot 70fe5369c3 fix: use correct gitleaks --log-opts syntax with commit range (#721)
The previous approach incorrectly used --since-commit (not a valid
gitleaks flag) and --log-opts= (equals syntax not supported). Fix by
using --log-opts with a space separator and a proper git commit range
(base..head) for PR scans.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 14:25:52 +00:00
AO Bot f0bcb7b758 fix: replace gitleaks-action v2 with free CLI to fix org license error (#721)
The gitleaks/gitleaks-action@v2 requires a paid license for organization
repos, causing the Security workflow to fail on every PR. Replace it with
a direct `gitleaks detect` CLI invocation which is free and doesn't
require a license key.

On PRs, the scan is scoped to only the commits in the PR (via
--since-commit) for faster feedback. On push/schedule, it scans the
full repo history.

Closes #721

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 14:23:06 +00:00
suraj_markup 2b2fb9cca6
Merge pull request #714 from ComposioHQ/changeset-release/main
chore: version packages
2026-03-26 18:54:01 +05:30
suraj-markup 98996c1fb7 chore: trigger CI for release PR 2026-03-26 17:59:21 +05:30
github-actions[bot] 09dbf806d3 chore: version packages 2026-03-26 12:18:20 +00:00
suraj_markup b057456f5f
Merge pull request #638 from suraj-markup/fix/two-step-setup-blockers
fix: repair npm global install — walk-up dep resolution, spawn-helper chmod, platform-aware messages
2026-03-26 17:47:13 +05:30
suraj-markup ac625c3476 chore: add changeset for onboarding/install fixes 2026-03-26 16:10:22 +05:30
suraj-markup cbdf2d2da0 docs: sync install-flow design doc with current start/preflight behavior 2026-03-26 16:05:59 +05:30
suraj-markup aa7e360898 refactor(cli): centralize agent runtime selection logic 2026-03-26 15:48:22 +05:30
suraj-markup 07028ba6df perf(cli): avoid redundant agent detection scan in start 2026-03-26 15:38:49 +05:30
suraj-markup d4ff10b5b8 fix(cli): restore interactive installs for ao start prerequisites 2026-03-26 15:13:54 +05:30
suraj-markup b976c36c5d fix(cli): remove required git/tmux auto-install attempts 2026-03-26 14:55:43 +05:30
suraj-markup c19aaf6967 fix(cli): disable non-interactive auto-install for required tools 2026-03-26 14:35:44 +05:30
suraj-markup c5cc0620e2 fix(cli): disable tmux auto-install in spawn preflight 2026-03-26 13:59:29 +05:30
Ashish Huddar b69cb9aac2 Guard alert action sends and reset on failure 2026-03-26 11:34:13 +05:30
Ashish Huddar 16c2bf23d1 Fix quick reply success state on send failures 2026-03-26 11:22:50 +05:30
Ashish Huddar 82a93a0a2b Fix metadata loading and refresh orchestrator session links 2026-03-26 11:12:55 +05:30
Ashish Huddar 5de48bb3f0 Restore desktop confirm flow and rename session PR card 2026-03-26 10:57:51 +05:30
Ashish Huddar 618448e620 Fix mobile session row grid for 44px open button 2026-03-26 09:07:08 +05:30