Wrap ActivityIndicator in the same mx-auto max-w-3xl container as the
text input so the "Analyzing…" label and Stop button stay within the
input's boundaries instead of spanning the full window width.
- Replace the purple provider-button colors, heading icon, and form
submit button with the primary token (no purple in the MCP UI)
- Portal the add/edit MCP server modal to document.body so its fixed
overlay covers the full viewport, fixing the white band at the top
caused by the Settings dialog's transformed tab content becoming the
containing block
- MainContentTitle: truncate the session title with an ellipsis instead
of horizontal-scrolling it
- MessageComponent: use text-foreground for the provider logo chip so the
currentColor Codex/OpenAI mark is visible on the light theme
- MessageCopyControl: render the copy-format dropdown in a portal so it
escapes the chat message's `contain: paint` clip box; anchor it to the
trigger, flip above near the viewport bottom, close on scroll/resize
- Composer: give the permission-mode and token-usage buttons a fixed
h-8 so every bottom-toolbar control shares one height
- CommandResultModal: replace the blue gradient header (gradient fill,
glow blobs, blue eyebrow + icon chip) with a clean neutral header on
popover/muted tokens
Rework the color system around warm neutrals and route hardcoded
surfaces through theme tokens for consistency.
- Theme tokens (index.css, ThemeContext): warm cream light mode and
neutral charcoal dark mode, replacing the pure-white/blue-tinted
palette; update PWA theme-color meta
- Code blocks: soft grey background in light mode via
oneLight/oneDark, and drop the Tailwind Typography <pre> shell that
framed the highlighter in a dark box
- Dropdowns/panels: convert CommandMenu, Quick Settings, and the JSON
response block from hardcoded gray/slate to popover/muted/border
tokens
- Git panel: Publish button purple -> primary blue
- Composer: drop top padding so the input sits flush with the thread
Constrain both ChatMessagesPane content and ChatComposer to the same
max-w-3xl centered column. Previously only
the composer had a max-width, causing messages to fill the full width
while the input stayed narrow, making them visually misaligned with
large empty gutters on either side.
Consecutive tool calls (Edit, Read, Grep, etc.) grouped inconsistently:
- The group threshold was 3, so a run of only 2 calls stayed ungrouped
while a run of 3 collapsed — making two back-to-back edits look
different from three.
- A run was broken by any interleaved message, including ones that render
nothing (reasoning hidden when showThinking is off). Providers like
Codex interleave hidden reasoning between tool calls, so visually
continuous edits intermittently failed to group.
Lower TOOL_GROUP_THRESHOLD to 2 and skip non-rendered messages when
extending a run, so any 2+ consecutive same-tool calls collapse reliably.
ChatMessagesPane now passes showThinking into groupConsecutiveTools.
* fix(chat): prevent chat interface crash when AskUserQuestion payload is malformed
Loading a session that contains an AskUserQuestion tool call could crash the
entire chat interface with "TypeError: e.map is not a function".
The AskUserQuestion tool is configured with `defaultOpen: true`, so
QuestionAnswerContent renders as soon as the session loads. Its array guard
(`!questions || questions.length === 0`) only checked for truthiness, and
`q.options` was mapped/iterated with no guard at all. When `questions` or
`options` arrive from the session transcript as a non-array value, the
`.map()` / `.some()` calls throw and take down the whole chat view via the
error boundary.
Guard both with `Array.isArray()` so a single malformed message can no longer
crash the interface.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* test(chat): cover QuestionAnswerContent against malformed AskUserQuestion payloads
Adds the first frontend regression test, guarding the crash fixed in the
previous commit: a non-array `questions` value or a question missing its
`options` array must render gracefully instead of throwing
"e.map is not a function" and taking down the whole chat interface.
Follows the repo's existing test convention (node:test + tsx); uses
react-dom/server renderToStaticMarkup so no DOM/jsdom is required.
Run with: npx tsx --test src/**/QuestionAnswerContent.test.tsx
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(chat): harden QuestionAnswerContent against malformed question entries
Addresses review feedback: even with the array guards, a malformed transcript
could still crash before the options fallback ran —
- a `questions` entry that is null/non-object threw on `q.question` access
- a non-string `answers[q.question]` threw on `answer.split(', ')`
Skip entries that aren't a proper question object with a string prompt, and
only call string methods on the answer when it is actually a string. Extends
the regression test to cover both vectors.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(chat): guard malformed question options
---------
Co-authored-by: hustuhao <hustuhao@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Simos Mikelatos <simosmik@gmail.com>
* feat(voice): add optional speech-to-text input and read-aloud TTS
Adds a push-to-talk mic button in the composer and a read-aloud button on
assistant messages. Both are opt-in and hidden unless a voice backend is
configured via VOICE_SIDECAR_URL.
The auth-gated /api/voice proxy forwards to a configurable backend exposing
/transcribe and /tts (provider-agnostic); the frontend probes /api/voice/health
and hides the controls when disabled. Adds i18n keys and docs/voice.md.
Includes a local, no-API-key reference backend in voice-sidecar/ (faster-whisper
for STT, Kokoro-82M for TTS, both CPU-capable).
* refactor(voice): provider-agnostic backend and in-app config
Switches the voice proxy to the OpenAI audio API (/v1/audio/transcriptions and
/v1/audio/speech) so it works with OpenAI, Groq, or a local server. Adds a
Settings -> Voice tab (base URL, API key, models, voice) plus a Quick Settings
toggle, and removes the bundled Python sidecar.
Review fixes: stop mic tracks on unmount, clear the global TTS stop handler and
revoke leaked blob URLs, add fetch timeouts in the proxy, surface mic errors in
the button, trim before appending transcripts, and drop the repo-wide wav ignore.
* fix(voice): relax backend timeout and surface timeout errors
Bumps the proxy timeout to 5 minutes (VOICE_TIMEOUT_MS) since local TTS can
synthesize long messages at roughly real-time, and returns a clear timed-out
message (504) instead of failing silently. The read-aloud button now shows
backend errors.
* fix(voice): play read-aloud through an app-level player to stop cutoffs
Read-aloud now runs in a single module-level player outside the React tree instead
of per-message component state. Switching chats or re-rendering a message no longer
revokes the blob URL mid-play (the 'Invalid URI' cutoff). Adds content-keyed caching so
re-listening doesn't regenerate, and reuses one audio element (also unlocks iOS once).
* fix(voice): address review (SSRF guard, auth mapping, client timeout)
Validates the user-supplied backend URL (http/https only, blocks the link-local
metadata range) to prevent SSRF; remaps upstream 401/403 so a bad voice API key
isn't read as the app's own auth failing; adds a client-side AbortController timeout
on the read-aloud request so the button can't sit in loading if a request stalls.
* docs(voice): provider-agnostic wording and jsdoc on proxy functions
drop leftover sidecar/faster-whisper references now that the backend is any
openai-compatible voice api, and add jsdoc to the voice-proxy functions so the
docstring coverage check passes.
* fix(voice): harden timeout parsing, tts input check, and player abort
- fall back to the default when VOICE_TIMEOUT_MS is non-numeric or <= 0, so a
bad override can't make the abort fire immediately
- type-check the tts `text` before calling .trim() so a non-string body returns
400 instead of throwing
- abort the in-flight TTS fetch on stop() and on a superseding play, so tapping
read-aloud repeatedly doesn't leave orphaned requests generating audio
* feat(voice): send transcript with the main send button while recording
while dictating, the main send button stops recording, transcribes, and sends
in one tap, matching the codex-style flow. the mic button still stops and drops
the transcript into the input box to edit before sending. voice recording state
is lifted into the composer so both buttons share it, and the send button is
enabled (not grayed) while recording. also fix a pre-existing type error: the
quick-settings preferences map was missing voiceEnabled.
* fix(voice): make stop() idempotent so a double tap can't throw
guard on the recorder's own state instead of react state, so a double tap or
the mic and send buttons both firing won't call stop() on an already-inactive
MediaRecorder.
* fix(voice): expose TTS format in user settings
* fix(voice): harden recording and backend behavior
Redirects could bypass the backend URL guard, and TTS playback waited for full buffering.
Recording could overlap or finish after teardown. Controls also ignored backend readiness.
Explicit formats and config-aware cache keys prevent stale audio after settings change.
* fix(voice): validate config and request boundaries
Malformed stored settings could break voice requests instead of using safe defaults.
Health results could outlive auth changes. URL checks also did not guard the fetch sink.
Remove constant recorder branches so lifecycle cancellation stays clear.
* fix(voice): separate client and server backends
User-selected backend URLs must remain usable without letting clients control server requests.
Call custom providers from the browser while keeping the server proxy bound to its configured host.
This restores voice controls for frontend settings without reopening the SSRF path.
* fix: hide voice options until enabled
---------
Co-authored-by: newsbubbles <nathaniel.gibson@gmail.com>
Co-authored-by: Simos Mikelatos <simosmik@gmail.com>
Interactive shells could resolve bundled or system CLIs before user-installed npm binaries.
Move existing user npm global directories to the front of PATH while preserving all other entries.
Co-authored-by: Simos Mikelatos <simosmik@gmail.com>
When the package is updated on disk but the long-lived server process is
not restarted, the new frontend bundle (served from disk) talks to the
old running backend. New DB-backed features then fail silently — e.g.
deleting/archiving a session appears to do nothing — because the new
schema/routes only take effect on restart.
Nothing currently detects this skew: useVersionCheck only compares the
frontend's build-time version against the latest GitHub release.
This exposes the running server's version (captured once at startup) via
/health, compares it to the frontend's build-time version in
useVersionCheck, and shows a "restart required" banner in the sidebar
(and a small indicator in the collapsed sidebar) when they differ.
- server: add `version` (RUNNING_VERSION, read once at startup) to /health
- useVersionCheck: return `restartRequired` / `runningVersion`
- SidebarFooter / SidebarCollapsed: surface a restart-required banner
- i18n: add `version.restartRequired` to all 10 sidebar locales
Verified with `tsc --noEmit` (client + server) and eslint.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Simos Mikelatos <simosmik@gmail.com>
* feat(skills): add provider skill management
Users need one settings surface to discover and install skills without manually navigating provider-specific directories.
Add provider-backed global skill installation for Claude, Codex, Gemini, and Cursor, while keeping OpenCode read-only because it reuses other providers' skill locations.
Add a responsive Skills settings tab with scoped discovery, search, refresh controls, markdown and folder uploads, upload feedback, and overflow-safe layouts.
Validate bundled skill files and paths before writing them, preserve scripts and assets, and cover provider discovery and installation behavior with tests.
* fix(skills): preserve uploaded skill folders
Folder drops discarded supporting scripts and assets.
Keep relative paths and upload every file from the selected skill folder.
Use the selected folder name for installation and cover it in provider tests.
* fix(skills): restrict standalone skill uploads
Only show Markdown files when selecting standalone skills.
Normalize browser file paths so SKILL.md is not mistaken for a folder named dot.
* fix(skills): validate installs before writing
Preserve bundled files and normalize fallback names across skill installation paths.
Validate complete batches before writing and reject existing targets to avoid partial installs.
Keep project metadata and make folder selection tolerant of casing and cancelled dialogs.
* fix(skills): overwrite existing installations
Replace an existing skill directory instead of rejecting a duplicate installation.
Remove stale supporting files so the installed directory exactly matches the new upload.
The sidebar `messages` namespace was missing six keys that are referenced
in `useSidebarController.ts`:
- messages.updateProjectError (rename / star-toggle failure)
- messages.refreshError (project list refresh failure)
- messages.restoreProjectFailed / restoreProjectError
- messages.restoreSessionFailed / restoreSessionError
`updateProjectError` and `refreshError` are called via `t()` without an
inline default, so on failure users see the raw key string
"messages.updateProjectError" / "messages.refreshError" instead of a
message. The four restore.* keys have inline English defaults in the code,
so they previously fell back to English even in non-English UIs.
Adds all six keys to every locale (de, en, fr, it, ja, ko, ru, tr,
zh-CN, zh-TW), matching the existing wording/style of the neighbouring
delete/create messages in each file.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The session indexer scans ~/.claude/projects recursively via
findFilesRecursivelyCreatedAfter, which descends into per-session
subagents/ directories. Claude writes subagent transcripts at:
~/.claude/projects/<encoded-cwd>/<session-id>/subagents/agent-<id>.jsonl
These files repeat the parent session's sessionId. When indexed as
standalone sessions they upsert over the parent row and overwrite its
jsonl_path with the subagent path, corrupting the main session record
(the sidebar then points at, and renders, the subagent transcript).
Add a single isSubagentTranscript() guard (path segment named
"subagents") and apply it in both the recursive scan and the
single-file watcher path.
Co-authored-by: Haile <118998054+blackmammoth@users.noreply.github.com>
Complete French translation for all 7 locale files:
auth, chat, codeEditor, common, settings, sidebar, tasks.
Also fixes a bug in languages.js where the Turkish and Italian
entries shared the same object (missing closing brace), causing
Italian to be silently dropped from the supported languages list.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Session history and token usage reads already have a stable app session id.
Passing provider and project hints from the frontend kept those reads coupled
with provider-specific state that the backend can resolve from the session row.
Resolve token usage provider server-side and narrow the session store read API
to session id plus pagination. This keeps provider-specific storage decisions
behind the backend boundary and makes reconnect, pagination, and load-all use
the same session-owned contract.
The sidebar had to understand cursorSessions, codexSessions,
and other provider buckets because /api/projects exposed
provider-shaped arrays.
That leaked backend adapter storage into project state and made
frontend behavior drift each time a provider needed another bucket
or exception.
Return one sessions list with provider metadata instead. Project
state, search, and running-session filtering now share one contract,
while provider-specific storage remains behind the backend boundary.
The remote environment could start OpenCode runs under /opt/claudecodeui.
That happened even when the selected project path was correct.
The integration relied on child-process cwd alone.
OpenCode run resolves its workspace through the explicit --dir contract.
Pass --dir with the resolved working directory.
Assert in the CLI test that launch args include the workspace dir.