fix(install): scan releases for CLI asset instead of blindly using latest tag#19478
Closed
johnnykang101 wants to merge 171 commits intoanomalyco:devfrom
Closed
fix(install): scan releases for CLI asset instead of blindly using latest tag#19478johnnykang101 wants to merge 171 commits intoanomalyco:devfrom
johnnykang101 wants to merge 171 commits intoanomalyco:devfrom
Conversation
- Add 9Router as a named ProviderID in schema.ts (9router) - Add 9Router to popularProviders list in use-providers.ts - New DialogConnect9Router: pre-filled form (baseURL + JWT token) with Claude Sonnet/Opus/Haiku defaults via openai-compatible SDK - Update DialogSelectProvider: 9Router appears as a static "popular" entry with a "Local" tag, routes to the dedicated connect dialog - New DialogOnboarding: welcome wizard shown on first launch when no providers are connected; leads directly to provider selection - OnboardingCheck in RouterRoot: detects zero connected providers on mount and shows the onboarding dialog (localStorage-gated) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove API key field entirely. 9Router is a local container that doesn't require auth — connection is just a baseURL. A dummy apiKey is set in options only to satisfy the openai-compatible SDK constructor. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fetch /v1/models from the running 9Router container, show a checklist of available models (all selected by default), and register only the ones the user picks. Includes select/deselect all toggle and a count summary. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Single button now tests the connection and fetches models in one step. On success: green dot + "Connected — N models available" + checklist. On failure: red dot + inline error message. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add useGlobalSync import to app.tsx (used in OnboardingCheck) - Explicitly type all new Set() calls as Set<string> to satisfy TypeScript inference in dialog-connect-9router.tsx Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Interactive terminal wizard (opencode onboard) for first-run setup. Supports 9Router (URL + model picker) and API key providers (Anthropic, OpenAI, OpenRouter, Google). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
If enabled_providers exists in config, 9router was being filtered out. Now onboard adds it to the list automatically. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CI: typecheck on every PR targeting main - CD: auto-release on merge to main with semver bump and release notes - feat commits → minor bump - fix/chore → patch bump - breaking change → major bump Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Syncs anomalyco/opencode dev → our dev branch every Monday at 6am UTC. - Clean merge: auto-pushes to dev - Conflicts: opens a PR for manual resolution Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…isions Tags now follow cb-vX.Y.Z pattern (e.g. cb-v0.1.0) so they never conflict with upstream anomalyco/opencode tags (v0.0.45, v1.4.0, etc). Release titles display as 'CoBuilder vX.Y.Z' for clarity. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CLI command renamed from opencode → cobuilder - package.json version reset to 0.1.1 (CoBuilder versioning) - build.ts: output binary named cobuilder, uploads to cb-vX.Y.Z tags - cd.yml: builds platform binaries (linux/darwin/windows x64/arm64) and attaches them to each release - install.sh: one-line curl install with platform detection, PATH setup, and automatic onboarding Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces --generate-notes (PR-only) with categorized commit log. Notes are grouped into Features / Bug Fixes / Maintenance sections and link Full Changelog between our own cb-v* tags only. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Strip conventional commit prefixes from user-visible notes - Capitalize entries automatically - Sections: Added / Fixed / Changed / Security / Breaking Changes - Include release date in header - Full Changelog link scoped to cb-v* tags only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Security layers added (TypeScript/Bun adaptations): - SSRF protection: blocks cloud metadata, private IPs, localhost by default - Prompt injection scanner: detects override/jailbreak/exfil patterns - Path traversal prevention: canonicalize + base-escape detection - Token bucket rate limiter: per-key cost-aware limiting - Merkle-chained audit log: tamper-evident append-only event log - HTTP security headers: CSP, HSTS, X-Frame, X-Content-Type CI hardened with: - Lint job - Dependency audit (bun audit) - Secret scanning (TruffleHog --only-verified) - SAST (CodeQL for TypeScript) - Unit tests (bun test) with security module coverage Inspired by OpenFang's 16-layer defense-in-depth architecture. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
build.ts uses 'gh release upload cb-vX.Y.Z' which requires the release to already exist. Previously we created it after the build — reversed order. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Persist active session to checkpoint.json on each user message. On next launch, detect interrupted sessions and offer to resume. Checkpoint clears on clean exit (code 0) so it only exists after crashes. Inspired by Claude Code's auto-dream session continuity pattern. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Script.version fetches from opencode-ai npm registry (unavailable for our fork) and falls back to '0.0.0-main-timestamp'. This caused 'gh release upload cb-v0.0.0-main-...' to target a non-existent release. Now pass COBUILDER_RELEASE_TAG=cb-vX.Y.Z from CD workflow so build.ts uploads to the correct release tag regardless of Script.version. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Inspired by Claude Code's auto-dream memory consolidation:
- SQLite FTS5 memory store: per-session summaries indexed for search
- Deterministic summarization: extracts user requests + tool actions
- Memory injection: top 3-5 relevant past sessions prepended to system prompt
- Lifecycle hook: auto-summarize when session is archived/closed
- Project-scoped: memories are per working directory
Memory hierarchy:
Working memory (context window)
→ Session memory (SQLite messages, persisted)
→ Long-term memory (FTS5-searchable summaries, injected at next start)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ll guide Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…lanations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… avatar style Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace the >_ terminal box with the pixel-art Jindo mascot, clipped to the same rounded square with a gradient border that ties into the CoBuilder wordmark. README updated to use a single unified logo image. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Onboard: single-model select via prompts.select() - Onboard: restore security modules multiselect step - Onboard: restore MCP recommended tools step + recommended.ts - Onboard: fix outro text 'Run cobuilder to start building' - Onboard: fix placeholder 'What do you want to build?' - Config: restore workflow.paths schema key + injection code - Installation: fix update check URL → CobuilderLabs/opencode - Flag: restore COBUILDER_AUTOPILOT dynamic getter - Index: restore --autopilot flag - Permission: restore autopilot auto-approve logic - TUI: restore Autopilot badge in prompt mode line - TUI: block agent cycle (Build/Plan switch) in autopilot mode Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A.1 - Ambient title bar progress: document.title shows ⟳ prefix while generation is active, resets to plain title on cleanup A.2 - Jump-to-active scroll button: scroll button changes from ↓ to ↑ active while generation is running, scrolling to the active turn element instead of scrolling to absolute bottom A.3 - Streaming tok/s indicator: shows ~340 tok/s below the thinking shimmer while output tokens are arriving, hidden at rest
The tok/s streaming effect references turnUsage() but the memo was never declared in this branch. Ported from feat/ux-parity-claude-code. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- .cobuilder/patches/: 3 patches capturing all CoBuilder-specific features - .cobuilder/reapply-patches.sh: script to reapply patches after upstream sync - sync-upstream.yml: reapply patches after merge, open PR on patch conflict Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace all "opencode/OpenCode" identity references with "CoBuilder" in all 7 system prompt files (default, anthropic, beast, codex, gpt, gemini, trinity) — also update feedback URLs to CobuilderLabs/opencode - Fix TUI tool output truncation: show only first primitive value, capped at 60 chars, instead of all key=value pairs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Includes new patch 0127 for system prompt rebranding and TUI tool output truncation fix. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- copilot-gpt-5.txt: "opencode" → "CoBuilder" - installation/index.ts: remove anomalyco/tap brew references, check for cobuilder formula instead; tap path updated to CobuilderLabs/tap Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Zen (opencode provider): 19 models from models.dev, MiniMax M2.5 Free pre-selected as default, free models work without API key - GitHub Copilot: 21 models from models.dev, directs user to `cobuilder providers login` for OAuth auth after model selection Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…entry - Zen/Copilot setup now adds their provider ID to enabled_providers so the selected model isn't filtered out when CoBuilder starts - 9Router setup now writes auth.json entry so /connect shows it as already authenticated instead of prompting for an API key Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The login/connect flow was filtered by enabled_providers, hiding providers the user hadn't enabled yet. Now shows all non-disabled providers so users can connect to any of the 75+ supported providers. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The provider.list API endpoint was filtering by enabled_providers, which caused /connect to only show already-enabled providers. Now shows all non-disabled providers so GitHub Copilot and others appear. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When selecting 9Router in the /connect provider dialog, show a URL input pre-populated with the default baseURL (http://localhost:20123/v1) instead of the generic API key prompt. On confirm, updates both the provider config baseURL and the auth entry. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Change "opencode -s <id>" → "cobuilder -s <id>" in session exit screen - Match 9Router by name as well as id in /connect dialog to ensure URL prompt is shown regardless of how the provider ID is stored at runtime Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replicate the onboarding flow inside the /connect TUI dialog: - Fetch models from the 9Router URL on confirm - Show a DialogSelect with all fetched models - Save URL + models + selected model to config then close Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes TS2353 typecheck errors — the SDK options type uses 'config' not 'body' as the field name for the PATCH /config request body. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
`[data-component="file"]` uses `content-visibility: auto` which causes Windows Chrome to report off-screen elements as hidden, failing Playwright's toBeVisible() checks. Add scrollIntoViewIfNeeded() before visibility assertions to force rendering. Also increase file-tree test timeout to 120s and add explicit wait on the toggle button to handle slower Windows CI runners. Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix(e2e): resolve Windows CI failures caused by content-visibility: auto
…test tag Releases like cb-v0.19.0 may be tagged before all build jobs complete, leaving only Electron assets and no CLI binary. The installer now walks recent releases via the GitHub API and picks the first one that actually has the required platform asset, preventing silent 404 failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
bot
added
needs:issue
needs:compliance
Contributor
|
Thanks for your contribution! This PR doesn't have a linked issue. All PRs must reference an existing issue. Please:
See CONTRIBUTING.md for details. |
Contributor
|
This PR doesn't fully meet our contributing guidelines and PR template. What needs to be fixed:
Please edit this PR description to address the above within 2 hours, or it will be automatically closed. If you believe this was flagged incorrectly, please let a maintainer know. |
…ter all jobs succeed Root cause of cb-v0.19.0 breakage: release was published immediately on tag creation, before build jobs completed. Any build failure left a "hollow" release with missing assets. Three-part permanent fix: 1. Create release as --draft (not published) 2. Restore missing CLI build job (build-cli) — builds all platform binaries via `bun run build` in packages/opencode and uploads to the draft release 3. Add publish job that only runs after ALL jobs succeed (build-cli + desktop-linux + desktop-windows), converting the draft to --latest A failed build job now leaves the release as an unpublished draft instead of a broken published release that breaks the installer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add --disable-print-preview to chromium args to prevent Control+P from triggering browser print dialog instead of palette - Add --no-sandbox and --disable-dev-shm-usage for CI stability - Increase global test timeout to 90s and expect timeout to 20s in CI - Increase waitTerminalReady/waitTerminalFocusIdle defaults to 30s - Add test.setTimeout(180s) to workspace creation and session model restore tests that contain nested 60s polls - Add test.setTimeout(120s) to non-git workspace test Co-Authored-By: Paperclip <noreply@paperclip.ing> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
|
This pull request has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window. Feel free to open a new pull request that follows our guidelines. |
github-actions
bot
removed
the
needs:compliance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
cb-v0.19.0was tagged before CLI build jobs completed, leaving only Electron assets — the installer picked it as "latest" and 404'd on the missing CLI binaryTest plan
curl -fsSL https://raw.githubusercontent.com/CobuilderLabs/opencode/main/install.sh | bashon linux-x64 — should resolve tocb-v0.18.5(or whichever has the asset) and install successfully🤖 Generated with Claude Code