Commit Graph

1622 Commits

Author SHA1 Message Date
whoisasx fa68474e6f fix: clean prompt files and reduce nudge noise 2026-07-04 00:14:43 +05:30
whoisasx b1544c32ea fix: prefer inline system prompts when available 2026-07-03 23:37:04 +05:30
whoisasx 7bd7729f4a feat: hydrate issue context for worker spawns 2026-07-03 23:00:49 +05:30
whoisasx b3f59d6ad9 fix: goimports legacy import mapping 2026-07-03 21:36:58 +05:30
whoisasx 54449ec9ba Merge remote-tracking branch 'origin/main' into ao/reverbcode-2/issue-2272-prompts
# Conflicts:
#	backend/internal/session_manager/manager.go
#	backend/internal/session_manager/manager_test.go
2026-07-03 21:27:47 +05:30
whoisasx 5ae01fb254 fix: address prompt review feedback 2026-07-03 21:11:00 +05:30
Harshit Singh Bhandari a32d507eb8
feat(scm): detect cross-fork PRs by scanning all project remotes (#2368)
The SCM observer only polled a project's push origin for open PRs, so a
PR opened from the fork against an upstream base repo (the standard
fork -> upstream flow) was never discovered: GitHub lists a PR under its
base repo, not its head, so an origin-only scan can't see it. Sessions
that opened such PRs showed no PR on the dashboard.

Scan every GitHub remote in the project checkout (origin + upstreams /
mirrors) for open PRs, and attribute a PR to a session only when its
head branch lives in that session's push origin. This surfaces
cross-fork PRs while preserving the no-misattribution guarantee: a
stranger's fork PR has a head repo no session owns and is dropped.

Tracked cross-fork PRs are keyed for refresh by their own recorded repo
(the upstream base) so the GraphQL refetch targets the right repo.
2026-07-03 20:50:41 +05:30
Harshit Singh Bhandari 3aa8e044b2
test(session_manager): prove agent sessions survive daemon restart/upgrade (#2335) (#2350)
* test(session_manager): prove sessions survive daemon restart and re-adopt (#2335)

Add an end-to-end Reconcile() durability test covering the full mix of
session states a daemon restart/upgrade leaves behind: an alive
orchestrator and worker are adopted in place under their original ids
(no id increment, runtime never torn down), a worker whose runtime died
with the daemon is captured and relaunched under its original id, and a
truly-dead unmarked session is not resurrected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-03 19:59:27 +05:30
Harshit Singh Bhandari 57ba468fea
feat(skills): add using-ao skill, install it under the data dir, and wire it into session prompts (#2365)
* feat(prompt): point sessions at using-ao skill for CLI usage

Append a short standing-prompt pointer to skills/using-ao/SKILL.md so
orchestrator and worker sessions read the skill catalog before using the
ao CLI, instead of inlining the whole command surface.

* docs(skills): add using-ao skill cataloging the ao CLI

Full command catalog sourced verbatim from 'ao --help' recursively:
SKILL.md (top-level catalog), commands/*.md (one per command with every
subcommand, flag, and examples), and references.md (natural-language to
command table).

* feat(skills): install using-ao skill under the data dir on daemon boot

A repo-relative skills/ path only resolves when a worker's project is the
AO repo itself; the ao CLI is used in every session regardless of project.
Move the skill into the Go module, embed it, and clobber-install it into
<dataDir>/skills/using-ao at daemon boot (before any session spawns, so no
locking is needed). The embedded copy is the single source of truth: a new
daemon build always refreshes it, so there is no version marker to drift.

Flip the session-prompt pointer to the absolute installed path so it
resolves from any project's worktree.

* fix(skillassets): tighten install perms to satisfy gosec

golangci-lint gosec flagged G301 (dir perms) and G306 (file perms).
Use 0o750 for dirs and 0o600 for files, matching the repo convention
for daemon-owned single-user state.

* Update preview.md with dev server instructions

Added note about using the correct URL for the dev server.

---------

Co-authored-by: Vaibhaav Tiwari <155460282+Vaibhaav-Tiwari@users.noreply.github.com>
2026-07-03 18:11:15 +05:30
Dushyant Singh Hada 7e409d438b
fix: clear stale preview URL from SQLite and prevent stale white screen on preview clear (#2358)
* fix: remove auto-switch-to-summary effect, keep browser tab on clear

* fix: clear browser preview when session is terminated
2026-07-03 15:38:43 +05:30
VenkataSakethDakuri fadbdd26cd
Fix and enrich the orchestrator coordinator system prompt so it matches the current CLI and teaches harness selection + command discovery (#2361)
* Prompt changed for correct agent spawning

* Fix formatting issue
2026-07-03 01:36:14 +05:30
Harshit Singh Bhandari e56248759e
ci(prettier): make workflow check-only instead of auto-committing (#2356)
Convert the Prettier workflow from auto-formatting and pushing commits
back to the PR branch into a check-only job. It now runs
`prettier@3 --check .`, which annotates and fails on unformatted files
but never writes, commits, or pushes anything. Drops the auto-commit
step and narrows permissions to `contents: read`.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 22:49:29 +05:30
Harshit Singh Bhandari 6186458df7
docs(bug-triage): retarget skill at the Go rewrite and upstream repo (#2339)
* docs(bug-triage): retarget skill at the Go rewrite and upstream repo

Rewrite the bug-triage skill for this repository: file issues/PRs on the
upstream AgentWrapper/agent-orchestrator, swap the Zellij runtime notes for
tmux (ConPTY on Windows), refresh the label list to match upstream, and drop
ReverbCode-specific naming. Port 3001, ~/.ao paths, and the CLI/daemon layout
are unchanged and were re-verified against backend/.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-02 22:03:13 +05:30
Anirudh Sharma e74fb65a85
feat(review): support additional reviewer harnesses (#2306)
* feat(review): support more reviewer harnesses

* fix(review): preserve reviewer daemon context

* fix(review): allow printf-piped review commands in reviewer allowlists

The review prompt now pipes JSON into `gh api` and `ao review submit`
via `printf '%s' ... | cmd` (heredocs break in interactive PTY panes).
Widen the claude-code allowlist with `Bash(printf:*)` and the opencode
permission policy with `printf * | gh api *` / `printf * | ao review
submit *` so those piped commands pass each tool's allowlist. Cover
both with tests that model each tool's matching semantics.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-02 19:25:18 +05:30
VenkataSakethDakuri c267420632
feat(projects): default worker and orchestrator agents to claude-code (#2321)
Pre-fill both role agents with claude-code in the create-project dialog and project settings instead of requiring a selection; the required-agent validation gate is removed. Users can still change either agent at creation or later in settings.
2026-07-01 21:56:00 +05:30
Laxman f74ebf379f
docs: add telemetry.md with accurate description of PostHog integration (#2308)
Replaces the inaccurate opt-in framing. Documents that telemetry is on
by default in the renderer, covers session recording, privacy redaction,
the persistent install ID, and how to override or disable via build-time
env vars.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-01 14:15:45 +05:30
whoisasx b46f12f4d5 fix: preserve spawn issue context field 2026-07-01 05:14:10 +05:30
Adil Shaikh 077042ae56
Merge branch 'main' into ao/reverbcode-2/issue-2272-prompts 2026-07-01 04:31:30 +05:30
whoisasx e5ab16c42e fix: adjust prompt and daemon terminal handling 2026-07-01 04:27:04 +05:30
Khushi Diwan 6a7ba46078
fix: set terminal type for tmux attach (#2312)
- Force TERM for tmux attach processes
- Cover missing and unsupported TERM values
2026-07-01 03:27:29 +05:30
Harshit Singh Bhandari d302414f52
feat(sidebar): inline-edit session display name via hover pencil (#2307)
* feat(sidebar): inline-edit session display name via hover pencil

Reuse the merged PATCH /sessions/{id} rename endpoint (#2302). A pencil
reveals on session-row hover/focus; clicking it swaps the label for an
inline input capped at 20 chars (same as spawn --name). Enter/blur saves
and invalidates the workspace query so the rename survives reload; Escape
cancels.

Refs #2301

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(sidebar): cover inline session rename save/cancel/cap

Refs #2301

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-01 03:19:27 +05:30
Harshit Singh Bhandari 60b651f20e
fix(session): clear shutdown-saved marker so killed sessions stay dead (#2319) (#2320)
After Cmd+Q quit + reopen, sessions the user killed reappeared as alive.
The session_worktrees "shutdown-saved" restore marker was write-only:
RestoreAll auto-relaunches any terminated session that still has a marker,
but Kill never deleted it and RestoreAll never consumed it. A session that
survived one reopen cycle (gaining a marker via reconcileLive) and was then
killed still carried the marker, so the next boot resurrected it.

Two-layer fix:
- Kill now deletes the marker (best-effort) after MarkTerminated: a user
  kill is explicit terminal intent and must not leave a resurrection marker.
- RestoreAll deletes the marker after consuming preserveRef and attempting
  relaunch, making it one-shot so it never outlives a single restart. A
  still-live session re-acquires a fresh marker at the next quit.

Manual Restore stays marker-independent, so killed sessions remain
restorable on demand, just not auto-resurrected on boot.

Adds DeleteSessionWorktrees to the Manager Store interface (the concrete
store already implements it) and tests covering all three behaviors.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 03:00:09 +05:30
neversettle 010c7e4c1a
feat: default reviewer is always claude-code (#2241) - temporary change 2026-06-30 21:25:26 +05:30
Apoorv Singh 78cbe22928
fix(new-task): use project default agent and expose all agents in spawn dialog (#2291) 2026-06-30 16:36:57 +05:30
Harshit Singh Bhandari 7c4a77d7cc
feat(spawn): add required --name flag for sidebar display name (#2302)
* feat(spawn): add required --name flag for sidebar display name

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(spawn): require --name for sidebar label; cap at 20 chars

Add a required --name flag to `ao spawn` that sets the session's
sidebar display name. The CLI rejects a missing or >20-character name
before contacting the daemon.

The daemon's POST /sessions keeps displayName optional (the desktop
new-task dialog omits it and the read model falls back to the session
id) but enforces the same 20-character cap when present, so a direct
API call cannot exceed it. The value flows CLI -> SpawnSessionRequest
-> SpawnConfig -> session record, and the existing read-model fallback
(displayName ?? issueId ?? id) renders it in the sidebar unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 16:26:48 +05:30
NIKHIL ACHALE 194bb28c8c
feat(icon): apply runtime app icon on macOS (#2296) 2026-06-30 15:27:50 +05:30
Dushyant Singh Hada de9e90df45
fix: resolve duplicate migration version 20 collision (#2294)
Two PRs (#2193, #2200) merged ~2h apart each added a migration
file numbered 0020, since each branch only saw one such file at
CI time and neither was rebased against the other before merge.
Renumbers 0020_pr_reviews.sql to 0021_pr_reviews.sql.

TestMigrationVersionsAreUnique already existed and is correct;
it didn't catch this because it only runs against each PR's
branch state, not the merged result of both PRs together.
2026-06-30 11:23:54 +05:30
swyam sharma 2c4bf55e95
fix(spawn): fail fast when tmux is missing (#2259)
Co-authored-by: Swyam Sharma <cruzer@Swyams-MacBook-Pro.local>
2026-06-30 00:14:46 +05:30
whoisasx e1c4e94278 fix: enrich worker feedback prompts 2026-06-29 23:44:41 +05:30
whoisasx ffdd78c931 refactor: keep session prompts with manager 2026-06-29 23:25:35 +05:30
whoisasx ceef121020 refactor: move session prompts into prompt package 2026-06-29 23:11:47 +05:30
whoisasx 5f96ef6e22 fix: renumber pr reviews migration 2026-06-29 22:47:43 +05:30
whoisasx 71411052f3 Merge remote-tracking branch 'origin/main' into ao/reverbcode-2/issue-2272-prompts 2026-06-29 22:42:31 +05:30
whoisasx 7297307af5 feat: add project prompt rules 2026-06-29 22:34:28 +05:30
Adil Shaikh a31cf1b582
fix: deep-link PR attention actions (#2200)
* fix: deep-link PR attention actions

* chore: format with prettier [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-29 21:16:35 +05:30
neversettle 8241868398
feat(review): enforce reviewer read-only via tool allowlist (#2194)
The reviewer's read-only guarantee was enforced only by the prompt. Add
AllowedTools/DisallowedTools to ports.LaunchConfig and plumb them through
the claude-code agent adapter to --allowedTools/--disallowedTools (each list
comma-joined into one value so a rule containing spaces like "Bash(git
diff:*)" is not split into separate tool names). Empty lists emit nothing, so
worker sessions are unaffected.

Launch the reviewer off bypassPermissions (which skips the permission system
and ignores allow/deny rules) in the default auto mode, with an allowlist
scoped to Read/Grep/Glob and the few Bash commands a reviewer needs (gh, git
diff/log/show/status, ao review submit) and an explicit deny list for
Edit/Write/NotebookEdit/git push/git commit as defense in depth.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 20:27:19 +05:30
neversettle cb456bb288
feat: show multi-PR review status (#2193)
* feat: support multi-pr review runs

* fix: avoid review state status stutter

* feat: batch review delivery by trigger

* test: update review inspector mocks

* chore: fold review batch migration into 0020

* fix: submit multi-pr reviews as one batch

* fix: make queued reviews autonomous

* fix: clarify multi-pr review submit prompt

* feat: show multi-pr review status

* chore: format with prettier [skip ci]

* feat: simplify multi-pr review summary

* chore: format with prettier [skip ci]

* fix: match multi-pr review card design

* chore: format with prettier [skip ci]

* fix: remove review session label

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Vaibhaav <user@example.com>
2026-06-29 18:20:28 +05:30
whoisasx 09b517aea1 fix: satisfy lint on prompt file permissions 2026-06-29 17:00:28 +05:30
whoisasx a058c9378e fix: deliver generated system prompt files 2026-06-29 16:50:45 +05:30
Vaibhaav Tiwari 3535d12f2c
docs: align readme (#2239)
* docs: align readme

* chore: format with prettier [skip ci]

---------

Co-authored-by: Vaibhaav <user@example.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-29 16:38:33 +05:30
PRADEEP SAHU d87b763e34
UI : use React.Memo position for SelectContent to prevent scroll reset (#2261)
* fix(ui): use popper position for SelectContent to prevent scroll reset

* fix(ui): use React.memo to prevent scroll resets without breaking popper position
2026-06-29 16:16:58 +05:30
Harshit Singh Bhandari 2cd3b88cfa
fix(ci): Windows publish shell + fresh-install smoke check (#2267) (#2269)
* fix(ci): pin publish step to bash so the retry loop runs on Windows

The 3x retry wrapper added in #2266 is bash syntax, but the release
matrix Publish step inherited the runner default shell, which is
PowerShell on windows-latest. That made every Windows publish fail with
a ParserError. Pin shell: bash on all four publish steps.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(ci): point fresh-install smoke check at an empty release repo (#2267)

The container check asserts `ao start` fails cleanly on a fresh box with
no published asset. Now that AgentWrapper publishes a linux-x64 AppImage,
an unpinned smoke binary downloads it and exits 0, tripping the
assertion. Build the smoke binary against a release repo with no assets
so the fetch path deterministically 404s and start exits non-zero with a
clear error, preserving the test's intent without depending on what the
real repo publishes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 15:44:30 +05:30
Harshit Singh Bhandari 92a52f0992
ci: retry transient macOS sign/notary flakes in the publish step (#2266)
Releases fail intermittently on transient macOS issues that hit EITHER
macOS leg, not just Intel: Apple notary -1009 connection-offline (seen on
macos-latest/arm64) and osx-sign keychain races, code object is not signed
at all (seen on macos-15-intel). Both pass on a manual re-run.

Wrap npm run publish in a 3x retry with backoff in all four release/nightly
publish steps so these self-heal in-place instead of failing the run (and,
for nightly, skipping the whole feed). Keeps the Intel leg coupled so the
x64 feed entry stays guaranteed.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 03:58:19 +05:30
Harshit Singh Bhandari 6b56b1c245
fix(update): enable allowPrerelease on the nightly channel (#2265)
Nightly builds publish as GitHub prereleases. configureFeed set channel
and allowDowngrade but never allowPrerelease, which defaults to false, so
electron-updater only inspected the latest NON-prerelease release
(e.g. v0.10.0) and 404d looking for nightly-mac.yml there. The nightly
channel therefore never resolved, regardless of whether a nightly was
published.

Set allowPrerelease = (channel === nightly): nightly scans prereleases
and finds the nightly feed; stable stays on non-prereleases only.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 03:37:49 +05:30
Harshit Singh Bhandari 965e388792
fix(update): bundle app-update.yml so electron-updater can install (forge omits it) (#2244)
* fix(update): generate app-update.yml at build time; drop runtime setFeedURL

electron-forge does not emit app-update.yml; electron-updater requires it at
process.resourcesPath to resolve the GitHub release feed. Without it every
packaged app threw ENOENT on the first download attempt, making updates
detected but never installed.

Two-part fix:
- forge.config.ts: add postPackage hook that writes app-update.yml into
  each platform's Resources dir (baked from AO_RELEASE_REPO so fork builds
  point at the fork, prod at AgentWrapper/agent-orchestrator).
- auto-updater.ts: remove setFeedURL + repo() + DEFAULT_RELEASE_REPO;
  configureFeed now only sets channel + allowDowngrade. electron-updater
  auto-loads the bundled yml on the first checkForUpdates call.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

* fix(update): generate app-update.yml before signing, not after

The postPackage hook wrote app-update.yml into Contents/Resources AFTER osxSign
sealed the bundle, so the added file was unsealed and macOS reported the app as
"damaged" (codesign: "a sealed resource is missing or invalid"). Generate it in
a prePackage hook and ship it via packagerConfig.extraResource, so it is copied
into the bundle and signed as part of the seal. The generated app-update.yml is
gitignored.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

* ci(release): move Intel leg to macos-15-intel and gate the feed on it

macos-13 is deprecated and has no runner capacity (multi-hour queues),
so the detached release-intel leg never completed. Switch it to the
supported macos-15-intel image in both the release and nightly workflows.

Now that the Intel leg gets a runner and builds + signs the x64 installer
reliably (verified on fork v0.10.10), re-couple it into publish-feed
(needs: [release, release-intel]) so latest-mac.yml / nightly-mac.yml
always carry the x64 entry and Intel macOS users receive auto-updates.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-28 23:36:06 +05:30
Harshit Singh Bhandari ff23e66055
chore(release): stamp desktop app version 0.10.0 (#2248)
Stable release builds read the version from frontend/package.json (the
release workflow does not stamp from the git tag, unlike nightly), so the
0.10.0 prod cut needs this committed at the tagged commit. Otherwise the
app ships as 0.0.0 and the stable update channel never advances.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 23:24:57 +05:30
Harshit Singh Bhandari 2c377dcb7e
ci(release): gate signed release on the release environment (#2249)
The Desktop release fires on any desktop-v* tag push and consumes the
repo-level signing secrets, so any write-access collaborator can cut a
signed prod build. Reference the `release` environment from the build
jobs so a designated reviewer must approve before the secrets are used.
Takes effect once required reviewers are configured on that environment.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 23:24:43 +05:30
Harshit Singh Bhandari 01406eddca
fix(ci): decouple Intel runner from publish-feed (#2237) (#2240)
Remove macos-13 from the release matrix in both frontend-release.yml and
frontend-nightly.yml, replacing it with a standalone release-intel job
that runs on macos-13 independently. publish-feed keeps needs: release
(the three fast legs), so it no longer waits hours for the scarce Intel
runner. The darwin-x64 installer and stable alias are still built and
uploaded; feed.mjs includes the x64 entry on a best-effort basis.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 23:10:23 +05:30
Harshit Singh Bhandari cfe505eb4d
feat: Global Settings (migration + update channel) + ao start download progress (#2235)
* feat(settings): IPC bridge for global update settings (get/set)

Expose readUpdateSettings/writeUpdateSettings to the renderer via
updateSettings:get/set so the Global Settings page can read and persist
the auto-update channel choice. Refs #2207.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(cli): show ao start download + install progress

The fetch path streamed a hundreds-of-MB asset and ran a silent install
with zero output, so a slow download looked like a hang. Print a start
line (asset, ~size, repo), stream a TTY-aware progress reader (live \r
percentage on a terminal, start+done lines off a TTY), and announce the
otherwise-silent unpack/install step. stderr only, so --json stdout stays
clean; no new dependency. Closes #2234.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(settings): Updates (channel) + Migration sections in Global Settings

- UpdatesSection: pick Stable vs Nightly auto-update channel, persisted to
  ~/.ao/update-settings.json via the new IPC bridge. Closes #2207.
- MigrationSection: drop-in card showing migration status + last report/error
  and a Run/Re-run button hitting the idempotent POST /api/v1/import; works
  even after Don't Migrate. Closes #2205.
- Wire both into the (previously blank) GlobalSettingsForm; cover both with tests.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

* fix(browser): re-measure preview bounds after layout transitions

The native WebContentsView preview is positioned from a renderer-measured
rect, re-measured on ResizeObserver + window resize/scroll. But a
ResizeObserver fires on size changes only, so a position-only layout shift
(entering/leaving pop-out moves the slot to another panel; opening the
inspector, which ao preview does, reflows its x) left the overlay at stale
bounds, visibly spilling over the sidebar/terminal until an unrelated resize
fixed it. Drive a settle re-measure on mount and on active/pop-out
transitions (immediate frame + once the ~240ms panel transition settles) so
the final geometry always wins.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(backend): gofmt + goimports pre-existing files (fix red CI)

config.go, project_test.go, importer_test.go and spawn_windows.go were
committed unformatted earlier and fail go.yml's gofmt check and golangci's
goimports formatter on main. Apply `golangci-lint fmt`; formatting only, no
logic change. Unblocks this PR's lint/build-test jobs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(settings): manual Check for updates + Update button

Auto-update only checked at launch, so users with auto-updates off (or who
just want it now) had no way to update from the app. Add an on-demand flow:
checkForUpdatesNow/downloadUpdateNow/quitAndInstallUpdate in auto-updater
(works regardless of the opt-in; not-packaged dev surfaces 'unsupported'),
forwarded to the renderer as a live UpdateStatus over updates:status. The
Updates section gains a Check for updates button and an Update button that
downloads then installs (Restart & install), with checking/available/
downloading%/downloaded/error status. Refs #2207.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

* fix(sidebar): always offer Global settings in the footer menu

The footer Settings menu showed either Project settings (with a project
selected) or Global settings (with none), so global settings was
unreachable while inside a project. Always list Global settings; add
Project settings above it when a project is active. Refs #2205.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(settings): show current app version in Updates section

Surface app.getVersion() as a 'Current version vX.Y.Z' line above the
update controls so users can see what they're running. Refs #2207.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: format with prettier [skip ci]

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-27 23:08:55 +05:30
Harshit Singh Bhandari 982cd62886
ci(gitleaks): allowlist historical false-positive commits from rewrite graft (#2169)
The gitleaks job scans full git history on push to main (gitleaks-action
v1.6.0 runs `gitleaks --path` with no commit filter on push events). The
ReverbCode rewrite graft (#2166) carried 279 commits of prior history, 10 of
which trip 42 findings: example secret-patterns in security docs and
secret-redaction test fixtures. All offending files are already deleted from
the tree, so PRs pass (they scan only their own diff) but every push to main
re-scans history and fails indefinitely.

Add `.github/.gitleaks.toml` (the action's default config-path) carrying the
full gitleaks v7.4.0 default ruleset plus a commit allowlist for the 10
historical commits. Detection on new code is unchanged; only these specific
historical commits are skipped.

Verified with gitleaks v7.4.0: full-history scan goes 42 leaks -> 0.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-27 23:07:35 +05:30