Make diagnostics evidence bounded, share-safe, and resilient to concurrent
writers and corrupt segments. Improve Doctor repair safeguards, Electron
runtime recovery, Settings visibility, accessibility, and issue reporting.
Load the authenticated Codex model catalog with a bundled fallback and carry model-native reasoning effort through the OpenAI OAuth transport. Keep desktop effort choices aligned with each model's advertised capabilities.
Constraint: Ultra remains a composite Codex delegation mode and is not exposed as a wire-level effort.
Confidence: high
Scope-risk: moderate
Tested: bun run check:server; bun run check:desktop; bun run check:persistence-upgrade; focused OAuth, WebSocket, and browser smoke checks
Not-tested: bun run verify
Keep AutoDream visible without marking the foreground session busy, add a task-scoped stop control, and preserve the authoritative stopped bookend emitted by the CLI runtime.
Tested: bun run check:desktop
Tested: bun run check:server
Tested: bun run check:chat-contract
Tested: bun run check:coverage
Tested: real MiniMax-M3 browser smoke for background stop and AutoDream busy-state isolation
Confidence: high
Scope-risk: moderate
Keep the desktop appearance in cc-haha local storage instead of reading or writing the user-owned Claude settings theme.
Tested: bun run test -- src/stores/settingsStore.test.ts
Tested: bun run check:desktop
Tested: bun run check:coverage
Tested: agent-browser theme isolation smoke with temporary CLAUDE_CONFIG_DIR
Confidence: high
Scope-risk: narrow
Exercise controlled changes, repeated trigger closure, tab switches, and both bypass dialog close paths so the changed-line coverage gate proves the full active-turn guard.\n\nTested: desktop PermissionModeSelector 14/14; adapters and H5 auth 51/51\nConfidence: high\nScope-risk: narrow
Run required server and contract suites in credential-free sandboxes, fail closed on incomplete coverage or test output, and preserve the desktop active-turn permission guard across stale tab interactions.\n\nTested: bun run check:policy (115 pass); bun run check:server (1605 pass before final runner evidence check); bun run check:desktop; bun run check:provider-contract; bun run check:chat-contract\nConfidence: high\nScope-risk: broad
Close open permission overlays when a turn starts, reject stale permission-mode writes in the chat store, and add the missing localized tooltip strings and transition regressions.\n\nFollow-up-to: #999\nTested: bun run check:desktop\nConfidence: high\nScope-risk: narrow
Keep the Activity entry available without showing persistent numeric attention markers.
Confidence: high
Scope-risk: narrow
Tested: bun run check:desktop
Not-tested: manual Electron visual smoke
Retry idle provider streams only before tool side effects, and reconcile desktop turn state after WebSocket gaps so completed or still-running work cannot leave a stale spinner.
Tested: 108 runtime/server focused tests, 128 desktop focused tests
Tested: disconnected-turn WebSocket integration test
Tested: bun run check:server (1489 pass)
Tested: desktop typecheck and production build
Not-tested: full desktop gate has one unrelated TraceSession polling assertion failure
Scope-risk: broad
Coalesce concurrent session-list scans and keep desktop pollers from stacking requests while the local server is slow.
Tested: bun run check:server (1489 pass)
Tested: desktop focused tests, typecheck, and production build
Scope-risk: moderate
Refresh the skills market catalog and detail surfaces with denser workbench layouts, clearer action hierarchy, and updated status treatments.
Tested: bun run check:desktop
Tested: real browser smoke for list, detail, filters, install confirmation, and light/dark themes
Confidence: high
Scope-risk: narrow
Track tool and Computer Use approvals by request ID so parallel prompts remain independently actionable.
Reconcile resolution state across clients and reconnects, including stopped and completed turns.
Refs: #975, #980
Tested: bun run check:desktop (1778 tests)
Tested: bun run check:server (1482 tests)
Tested: agent-browser concurrent permission smoke
Not-tested: Windows packaged app manual smoke
Confidence: high
Scope-risk: moderate
Keep auto-quoting slash labels for generated Mermaid paths while preserving slash-delimited flowchart shapes.
Restore truncation on activity summary values so the compact summary layout and tests agree.
Tested: cd desktop && bun run test -- src/pages/ActivitySettings.test.tsx src/components/chat/MermaidRenderer.test.tsx src/components/chat/MermaidRenderer.integration.test.tsx
Tested: bun run check:desktop
Confidence: high
Scope-risk: narrow
Update downloads never used the configured proxy because electron-updater
runs all traffic on its own session partition, while the proxy was applied
to app/defaultSession only. Point proxy config at autoUpdater.netSession,
and make the system fallback an explicit `mode: 'system'` since an empty
setProxy config means fixed_servers with no rules (= direct), which also
silently downgraded the default session away from the OS proxy.
Disable differential download: blockmap-driven ranged requests against the
GitHub CDN are RTT-bound and run far below line speed on both macOS and
Windows; full downloads restore expected bandwidth.
Guard captureWindowState and the resize forwarder against destroyed
windows: quitAndInstall tears the window down while late move/resize/close
events still fire, crashing the main process with "Object has been
destroyed".
Widen the About page container from max-w-lg to max-w-2xl so release notes
markdown is no longer cramped.