Do not pass windowsHide to detached GUI open targets, which forwards SW_HIDE to Explorer and IDE windows on Windows. Preserve detached process lifetime and ignored stdio.
Tests: open-target 33/33; server 1624/1624; coverage 5/5 with changed lines 6/6; real macOS Finder reveal passed for a temporary CJK and ampersand path.
Remaining validation: packaged Windows 11 Explorer and IDE window smoke.
Confidence: high
Scope-risk: narrow
Stamp desktop-owned transcripts with the claude-desktop entrypoint while preserving the SDK runtime entrypoint used for provider authentication.
Tests: focused regression 41/41; chat contract 240/240; server 1622/1622; coverage 5/5 with changed lines 4/4.
Live-path proof: hermetic loopback transcript was visible in Claude Code 2.1.206 /resume; no real user credentials or config were used.
Constraint: check:impact remains policy-blocked until a PR has the allow-cli-core-change label.
Confidence: high
Scope-risk: narrow
Load the authenticated Codex model catalog with a bundled fallback and carry model-native reasoning effort through the OpenAI OAuth transport. Keep desktop effort choices aligned with each model's advertised capabilities.
Constraint: Ultra remains a composite Codex delegation mode and is not exposed as a wire-level effort.
Confidence: high
Scope-risk: moderate
Tested: bun run check:server; bun run check:desktop; bun run check:persistence-upgrade; focused OAuth, WebSocket, and browser smoke checks
Not-tested: bun run verify
Keep AutoDream visible without marking the foreground session busy, add a task-scoped stop control, and preserve the authoritative stopped bookend emitted by the CLI runtime.
Tested: bun run check:desktop
Tested: bun run check:server
Tested: bun run check:chat-contract
Tested: bun run check:coverage
Tested: real MiniMax-M3 browser smoke for background stop and AutoDream busy-state isolation
Confidence: high
Scope-risk: moderate
Model Kimi K2.7 as required-thinking so a global disabled preference cannot generate an unsupported request. Keep K2.6 and other providers free to disable thinking.
Tested: request-shape loopback through the query pipeline
Tested: bun run check:provider-contract
Tested: bun run check:server (1608 tests)
Tested: bun run check:coverage
Not-tested: live Kimi completion blocked by insufficient provider balance
Constraint: CLI core changes require allow-cli-core-change approval for PR
Confidence: high
Scope-risk: moderate
Avoid appending the final result when it repeats the assistant text while preserving distinct result summaries.
Tested: bun test src/server/__tests__/cron-scheduler.test.ts
Tested: bun run check:server
Tested: live MiniMax stream-json duplicate comparison
Tested: changed-line coverage 100% (9/9)
Confidence: high
Scope-risk: narrow
Exercise controlled changes, repeated trigger closure, tab switches, and both bypass dialog close paths so the changed-line coverage gate proves the full active-turn guard.\n\nTested: desktop PermissionModeSelector 14/14; adapters and H5 auth 51/51\nConfidence: high\nScope-risk: narrow
Run required server and contract suites in credential-free sandboxes, fail closed on incomplete coverage or test output, and preserve the desktop active-turn permission guard across stale tab interactions.\n\nTested: bun run check:policy (115 pass); bun run check:server (1605 pass before final runner evidence check); bun run check:desktop; bun run check:provider-contract; bun run check:chat-contract\nConfidence: high\nScope-risk: broad
Route required checks by changed surface, add offline provider and chat contracts, and keep fork PRs independent of live credentials. Layer agent guidance by subtree and enforce a compact instruction budget.
Tested: bun run check:policy
Confidence: high
Scope-risk: broad
Retry idle provider streams only before tool side effects, and reconcile desktop turn state after WebSocket gaps so completed or still-running work cannot leave a stale spinner.
Tested: 108 runtime/server focused tests, 128 desktop focused tests
Tested: disconnected-turn WebSocket integration test
Tested: bun run check:server (1489 pass)
Tested: desktop typecheck and production build
Not-tested: full desktop gate has one unrelated TraceSession polling assertion failure
Scope-risk: broad
Coalesce concurrent session-list scans and keep desktop pollers from stacking requests while the local server is slow.
Tested: bun run check:server (1489 pass)
Tested: desktop focused tests, typecheck, and production build
Scope-risk: moderate
Track tool and Computer Use approvals by request ID so parallel prompts remain independently actionable.
Reconcile resolution state across clients and reconnects, including stopped and completed turns.
Refs: #975, #980
Tested: bun run check:desktop (1778 tests)
Tested: bun run check:server (1482 tests)
Tested: agent-browser concurrent permission smoke
Not-tested: Windows packaged app manual smoke
Confidence: high
Scope-risk: moderate
Resolves conflicts with the independently developed skill-market/SkillCenter
feature that landed on main after this branch diverged. Keeps the market
rewrite as the sole implementation:
- Removes the parallel skill-market stack (server api/skill-market.ts,
services/skillMarket/, SkillCenter.tsx, skillMarketStore.ts, related tests
and i18n keys) in favor of the market implementation from this branch.
- Restores the Settings > Skills tab (and its redirect-free behavior) that
the removed implementation had folded into a top-level Skill Center tab,
keeping local skill browsing on SkillDetailView alongside the online market.
- Adapts tests and callers (TabBar, ContentRouter, PluginDetail,
LocalSlashCommandPanel, persistence migrations) from skill-center/
SKILL_CENTER_TAB_ID naming to market/MARKET_TAB_ID.
Classify stream watchdog timeouts by stream phase and include non-sensitive diagnostics for stalled provider streams.
Map known watchdog failures to stable desktop WebSocket error codes, and only retry watchdog aborts before content or tool activity starts.
Tested: bun test src/services/api/streamWatchdog.test.ts
Tested: bun test src/server/__tests__/ws-memory-events.test.ts --test-name-pattern "maps watchdog API errors to stable desktop error codes"
Tested: cd desktop && bun test src/stores/chatStore.test.ts --test-name-pattern "persists partial assistant text before an error"
Tested: bun run check:server
Tested: cd desktop && bun run check:desktop
Tested: 5x direct CLI replay, 5x desktop-chain replay, 5x desktop-chain no-entrypoint replay with session 446f8776-538d-46e6-96d6-67080b455b07
Add server-side detail caching and in-flight request coalescing for marketplace details, reuse a long-lived service across API requests, and parallelize ClawHub detail preview fetches.
Add desktop detail cache/prefetch behavior and render marketplace Markdown/code previews through the existing MarkdownRenderer and CodeViewer components.
Stabilize the H5 diagnostics test on machines where the first non-internal IPv4 address is not a plain LAN address.
Tested: bun test src/server/__tests__/skill-market.test.ts src/server/__tests__/skill-market-install.test.ts
Tested: cd desktop && bun run test -- SkillCenter.test.tsx skillMarketStore.test.ts --run
Tested: bun test src/server/__tests__/h5-access-service.test.ts -t 'getDiagnostics reports stale'
Tested: git diff --check
Tested: bun run check:desktop
Tested: bun run check:server
Not-tested: bun run verify and coverage gates; this is a local handoff, not PR-ready validation.
Confidence: high
Scope-risk: moderate
Tested: bun test src/server/__tests__/skill-market.test.ts
Tested: cd desktop && bun run test -- SkillCenter.test.tsx skillMarketStore.test.ts generalSettings.test.ts ComputerUseSettings.test.ts --run
Tested: cd desktop && bun run test -- persistenceMigrations.test.ts --run
Tested: bun run check:desktop
Tested: real browser smoke for Skill Vetter across white, light, and dark themes
Not-tested: live install of an uninstalled marketplace skill to disk
Confidence: medium
Scope-risk: moderate
Route marketplace install requests through server-side detail lookup, eligibility checks, trusted package URL validation, bounded zip downloads, and the local user skill installer.
Reject client-supplied targets and arbitrary package URLs so the desktop cannot direct writes outside the computed user skill directory.
Tested: bun test src/server/__tests__/skill-market.test.ts src/server/__tests__/skill-market-install.test.ts
Tested: cd desktop && bun run test -- SkillCenter.test.tsx skillMarketStore.test.ts
Tested: cd desktop && bun run lint
Tested: cd desktop && bun run build
Not-tested: bun run check:server is blocked by missing @whiskeysockets/baileys in adapters/whatsapp/session.ts in this checkout.
Scope-risk: moderate
Confidence: high
Tested: bun test src/server/__tests__/skill-market.test.ts
Tested: bun test src/server/__tests__/skill-market-install.test.ts
Tested: git diff --check
Confidence: high
Scope-risk: narrow
Move session tasks, background tasks, subagents, and team activity into a floating right-side activity panel with capped section scrolling.
Add subagent run detail tabs backed by the existing session run data so member activity can be inspected from the main chat.
Tested: cd desktop && bun run test -- src/components/activity/SessionActivityPanel.test.tsx
Tested: bun run check:desktop
Fix cross-issue regressions found during post-0.4.4 merge review:\n\n- preserve permission mode across clear and empty-session replacement flows\n- keep provider effort passthrough and context-window estimates aligned with runtime metadata\n- invalidate recent project caches and trace message signatures when sessions change\n- recognize Windows ARM64 unpacked package-smoke output\n\nTested: bun test scripts/quality-gate/package-smoke/index.test.ts scripts/quality-gate/runner.test.ts\nTested: bun run check:desktop\nTested: bun run check:server\nConfidence: high\nScope-risk: moderate
Refs: #896, #953
Make provider network proxy mode explicit so desktop sidecar system proxy env does not affect provider connectivity tests or OpenAI-compatible proxy requests unless System proxy is selected.
Tested: bun test src/server/__tests__/network-settings.test.ts src/server/__tests__/providers.test.ts src/server/__tests__/proxy-network-settings.test.ts
Tested: cd desktop && bun run test -- src/stores/settingsStore.test.ts src/__tests__/generalSettings.test.tsx --run
Tested: bun run check:server
Tested: cd desktop && bun run lint
Tested: cd desktop && bun run build
Confidence: high
Scope-risk: moderate
Make bypassPermissions skip permission-approval ask decisions while preserving explicit denies and tools that require user interaction. Keep desktop permission mode state authoritative by waiting for server/CLI confirmation and persisting CLI-originated mode broadcasts.
Tested:
- bun test src/utils/permissions/permissions.test.ts
- bun test src/server/__tests__/conversations.test.ts -t "permission switch|permission restart|permission-mode broadcasts|permission changes made before|bypass permissions back to default|runtime-only model switch"
- bun test src/server/__tests__/ws-memory-events.test.ts
- cd desktop && bun run test -- src/stores/chatStore.test.ts --run
- bun run check:server
Scope-risk: moderate
Materialize the active provider runtime for empty-session first prompts before the WebSocket prewarm and user message are sent. This keeps a clean install that adds a MiniMax provider from starting the first turn without the selected provider runtime.
Tested: bun test src/server/__tests__/conversations.test.ts -t "MiniMax provider turn"
Tested: bun test src/server/__tests__/websocket-handler.test.ts src/server/__tests__/conversations.test.ts -t "prewarm|active provider id|MiniMax provider turn|first-turn runtime synchronization"
Tested: cd desktop && bun run test -- --run src/pages/EmptySession.test.tsx -t "draft runtime|active provider runtime|creates a new session"
Tested: cd desktop && bun run test -- --run src/components/controls/ModelSelector.test.tsx -t "defaults blank provider-scoped runtime selections|selects provider-scoped runtime models"
Tested: cd desktop && bun run lint
Tested: cd desktop && bun run build
Not-tested: bun run check:desktop, unrelated full-suite failures in MessageList timestamp formatting and TabBar AbortSignal cleanup blocked the gate.
Confidence: medium
Scope-risk: narrow
Tested:
- bun test src/services/api/claudeEffort.test.ts src/server/__tests__/proxy-transform.test.ts src/utils/__tests__/thinking.test.ts
- bun run check:server
- git diff --check
Not-tested:
- bun run verify / coverage
Confidence: high
Scope-risk: narrow
Use transcript activity timestamps for session list ordering instead of JSONL mtime, and skip duplicate runtime metadata appends.
Tested: bun test src/server/__tests__/sessions.test.ts --test-name-pattern "metadata-only writes|duplicate runtime metadata"
Tested: bun test src/server/__tests__/sessions.test.ts
Tested: bun run check:server
Confidence: high
Scope-risk: moderate
Add a provider-level disableExperimentalBetas setting that writes CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 into managed provider runtime env, keeps stale parent env isolated, and exposes the toggle in desktop provider settings.
Tested: bun test src/server/__tests__/provider-runtime-env.test.ts --test-name-pattern "experimental betas|stale proxy"
Tested: bun test src/server/__tests__/providers.test.ts --test-name-pattern "experimental betas|POST /api/providers should create a provider|PUT /api/providers/:id should update a provider"
Tested: bun test src/server/__tests__/conversation-service.test.ts --test-name-pattern "experimental beta kill switch"
Tested: cd desktop && bun run test -- --run src/__tests__/generalSettings.test.tsx -t "experimental beta headers|Tool Search"
Tested: cd desktop && bun run test -- --run src/lib/__tests__/providerSettingsJson.test.ts
Tested: bun run check:server
Tested: cd desktop && bun run build
Not-tested: bun run verify
Confidence: high
Scope-risk: moderate