Stamp desktop-owned transcripts with the claude-desktop entrypoint while preserving the SDK runtime entrypoint used for provider authentication.
Tests: focused regression 41/41; chat contract 240/240; server 1622/1622; coverage 5/5 with changed lines 4/4.
Live-path proof: hermetic loopback transcript was visible in Claude Code 2.1.206 /resume; no real user credentials or config were used.
Constraint: check:impact remains policy-blocked until a PR has the allow-cli-core-change label.
Confidence: high
Scope-risk: narrow
Load the authenticated Codex model catalog with a bundled fallback and carry model-native reasoning effort through the OpenAI OAuth transport. Keep desktop effort choices aligned with each model's advertised capabilities.
Constraint: Ultra remains a composite Codex delegation mode and is not exposed as a wire-level effort.
Confidence: high
Scope-risk: moderate
Tested: bun run check:server; bun run check:desktop; bun run check:persistence-upgrade; focused OAuth, WebSocket, and browser smoke checks
Not-tested: bun run verify
Keep AutoDream visible without marking the foreground session busy, add a task-scoped stop control, and preserve the authoritative stopped bookend emitted by the CLI runtime.
Tested: bun run check:desktop
Tested: bun run check:server
Tested: bun run check:chat-contract
Tested: bun run check:coverage
Tested: real MiniMax-M3 browser smoke for background stop and AutoDream busy-state isolation
Confidence: high
Scope-risk: moderate
Model Kimi K2.7 as required-thinking so a global disabled preference cannot generate an unsupported request. Keep K2.6 and other providers free to disable thinking.
Tested: request-shape loopback through the query pipeline
Tested: bun run check:provider-contract
Tested: bun run check:server (1608 tests)
Tested: bun run check:coverage
Not-tested: live Kimi completion blocked by insufficient provider balance
Constraint: CLI core changes require allow-cli-core-change approval for PR
Confidence: high
Scope-risk: moderate
Keep the desktop appearance in cc-haha local storage instead of reading or writing the user-owned Claude settings theme.
Tested: bun run test -- src/stores/settingsStore.test.ts
Tested: bun run check:desktop
Tested: bun run check:coverage
Tested: agent-browser theme isolation smoke with temporary CLAUDE_CONFIG_DIR
Confidence: high
Scope-risk: narrow
Avoid appending the final result when it repeats the assistant text while preserving distinct result summaries.
Tested: bun test src/server/__tests__/cron-scheduler.test.ts
Tested: bun run check:server
Tested: live MiniMax stream-json duplicate comparison
Tested: changed-line coverage 100% (9/9)
Confidence: high
Scope-risk: narrow
Avoid Bun filter-mode repository scans that exhaust macOS file descriptors and corrupt subprocess test evidence. Apply rooted filters across server, contract, coverage, persistence, policy, desktop native, and adapter test entrypoints.
Confidence: high
Scope-risk: narrow
Tested: bun run check:policy; bun run check:server; bun run check:chat-contract
Exercise controlled changes, repeated trigger closure, tab switches, and both bypass dialog close paths so the changed-line coverage gate proves the full active-turn guard.\n\nTested: desktop PermissionModeSelector 14/14; adapters and H5 auth 51/51\nConfidence: high\nScope-risk: narrow
Run required server and contract suites in credential-free sandboxes, fail closed on incomplete coverage or test output, and preserve the desktop active-turn permission guard across stale tab interactions.\n\nTested: bun run check:policy (115 pass); bun run check:server (1605 pass before final runner evidence check); bun run check:desktop; bun run check:provider-contract; bun run check:chat-contract\nConfidence: high\nScope-risk: broad
Fail PR and release quality runs when the impact policy blocks the diff, and accept root-runtime regression coverage across service and utility seams.
Tested: bun run check:policy
Confidence: high
Scope-risk: narrow
Route required checks by changed surface, add offline provider and chat contracts, and keep fork PRs independent of live credentials. Layer agent guidance by subtree and enforce a compact instruction budget.
Tested: bun run check:policy
Confidence: high
Scope-risk: broad
Close open permission overlays when a turn starts, reject stale permission-mode writes in the chat store, and add the missing localized tooltip strings and transition regressions.\n\nFollow-up-to: #999\nTested: bun run check:desktop\nConfidence: high\nScope-risk: narrow
Keep the Activity entry available without showing persistent numeric attention markers.
Confidence: high
Scope-risk: narrow
Tested: bun run check:desktop
Not-tested: manual Electron visual smoke
Retry idle provider streams only before tool side effects, and reconcile desktop turn state after WebSocket gaps so completed or still-running work cannot leave a stale spinner.
Tested: 108 runtime/server focused tests, 128 desktop focused tests
Tested: disconnected-turn WebSocket integration test
Tested: bun run check:server (1489 pass)
Tested: desktop typecheck and production build
Not-tested: full desktop gate has one unrelated TraceSession polling assertion failure
Scope-risk: broad
Coalesce concurrent session-list scans and keep desktop pollers from stacking requests while the local server is slow.
Tested: bun run check:server (1489 pass)
Tested: desktop focused tests, typecheck, and production build
Scope-risk: moderate
Refresh the skills market catalog and detail surfaces with denser workbench layouts, clearer action hierarchy, and updated status treatments.
Tested: bun run check:desktop
Tested: real browser smoke for list, detail, filters, install confirmation, and light/dark themes
Confidence: high
Scope-risk: narrow
Track tool and Computer Use approvals by request ID so parallel prompts remain independently actionable.
Reconcile resolution state across clients and reconnects, including stopped and completed turns.
Refs: #975, #980
Tested: bun run check:desktop (1778 tests)
Tested: bun run check:server (1482 tests)
Tested: agent-browser concurrent permission smoke
Not-tested: Windows packaged app manual smoke
Confidence: high
Scope-risk: moderate
Keep auto-quoting slash labels for generated Mermaid paths while preserving slash-delimited flowchart shapes.
Restore truncation on activity summary values so the compact summary layout and tests agree.
Tested: cd desktop && bun run test -- src/pages/ActivitySettings.test.tsx src/components/chat/MermaidRenderer.test.tsx src/components/chat/MermaidRenderer.integration.test.tsx
Tested: bun run check:desktop
Confidence: high
Scope-risk: narrow
Update downloads never used the configured proxy because electron-updater
runs all traffic on its own session partition, while the proxy was applied
to app/defaultSession only. Point proxy config at autoUpdater.netSession,
and make the system fallback an explicit `mode: 'system'` since an empty
setProxy config means fixed_servers with no rules (= direct), which also
silently downgraded the default session away from the OS proxy.
Disable differential download: blockmap-driven ranged requests against the
GitHub CDN are RTT-bound and run far below line speed on both macOS and
Windows; full downloads restore expected bandwidth.
Guard captureWindowState and the resize forwarder against destroyed
windows: quitAndInstall tears the window down while late move/resize/close
events still fire, crashing the main process with "Object has been
destroyed".
Widen the About page container from max-w-lg to max-w-2xl so release notes
markdown is no longer cramped.
Prepare the v0.4.6 desktop release note, bump the desktop package version, and refresh README/docs guidance for signed releases and updater validation.
Tested: bun run scripts/release.ts 0.4.6 --dry
Tested: bun test scripts/pr/release-workflow.test.ts scripts/release-update-metadata.test.ts scripts/quality-gate/package-smoke/index.test.ts
Tested: bun run check:policy
Tested: bun run check:docs
Not-tested: bun run verify; release prep was validated with docs and release-focused gates only.
Confidence: high
Scope-risk: narrow
Resolves conflicts with the independently developed skill-market/SkillCenter
feature that landed on main after this branch diverged. Keeps the market
rewrite as the sole implementation:
- Removes the parallel skill-market stack (server api/skill-market.ts,
services/skillMarket/, SkillCenter.tsx, skillMarketStore.ts, related tests
and i18n keys) in favor of the market implementation from this branch.
- Restores the Settings > Skills tab (and its redirect-free behavior) that
the removed implementation had folded into a top-level Skill Center tab,
keeping local skill browsing on SkillDetailView alongside the online market.
- Adapts tests and callers (TabBar, ContentRouter, PluginDetail,
LocalSlashCommandPanel, persistence migrations) from skill-center/
SKILL_CENTER_TAB_ID naming to market/MARKET_TAB_ID.
Tested: bun test adapters/telegram/__tests__/commands.test.ts
Tested: cd desktop && bun test electron/services/navigationGuards.test.ts
Tested: bun run check:adapters
Tested: bun run check:desktop
Not-tested: bun run verify (scoped local hardening, not PR-ready validation)
Confidence: high
Scope-risk: narrow
Add generated local Agent mascot PNG assets for SubAgent activity rows and render them through a deterministic AgentMascot component.
Keep tool-call groups collapsed by default and preserve user collapse choices while streaming tool updates arrive.
Tighten the activity panel density while keeping running SubAgents visibly animated without adding runtime image generation.
Tested: cd desktop && bun run test -- src/components/activity/AgentMascot.test.tsx src/components/activity/SessionActivityPanel.test.tsx src/pages/ActiveSession.test.tsx --run
Tested: cd desktop && bun run test -- src/components/activity/AgentMascot.test.tsx src/components/activity/SessionActivityPanel.test.tsx src/components/chat/MessageList.test.tsx src/components/chat/chatBlocks.test.tsx --run
Tested: git diff --check
Tested: bun run check:desktop
Tested: browser smoke at http://127.0.0.1:1420/ with 12 PNG mascot variants loaded at 160x160 and rendered at 30x30.
Confidence: high
Scope-risk: moderate
Move the preview zoom control out of the address toolbar and into a bottom-right floating control area inside the browser preview stage. Keep the native WebContentsView bounds clear of the control strip so the DOM control remains interactive on high-DPI Windows displays.
Tested: cd desktop && bun run test -- src/components/browser/BrowserSurface.test.tsx
Tested: cd desktop && bun run lint
Tested: cd desktop && bun run build
Not-tested: Windows high-DPI real-device smoke.
Confidence: medium
Scope-risk: narrow
Classify stream watchdog timeouts by stream phase and include non-sensitive diagnostics for stalled provider streams.
Map known watchdog failures to stable desktop WebSocket error codes, and only retry watchdog aborts before content or tool activity starts.
Tested: bun test src/services/api/streamWatchdog.test.ts
Tested: bun test src/server/__tests__/ws-memory-events.test.ts --test-name-pattern "maps watchdog API errors to stable desktop error codes"
Tested: cd desktop && bun test src/stores/chatStore.test.ts --test-name-pattern "persists partial assistant text before an error"
Tested: bun run check:server
Tested: cd desktop && bun run check:desktop
Tested: 5x direct CLI replay, 5x desktop-chain replay, 5x desktop-chain no-entrypoint replay with session 446f8776-538d-46e6-96d6-67080b455b07
Tested: cd desktop && bun run test -- src/components/activity/SessionActivityPanel.test.tsx src/pages/ActiveSession.test.tsx src/pages/SubagentRunPage.test.tsx --run
Tested: bun run check:desktop
Tested: browser smoke for activity panel auto-open and SubAgent run rendering
Not-tested: full bun run verify was not run for this scoped desktop handoff
Confidence: high
Scope-risk: narrow
Add server-side detail caching and in-flight request coalescing for marketplace details, reuse a long-lived service across API requests, and parallelize ClawHub detail preview fetches.
Add desktop detail cache/prefetch behavior and render marketplace Markdown/code previews through the existing MarkdownRenderer and CodeViewer components.
Stabilize the H5 diagnostics test on machines where the first non-internal IPv4 address is not a plain LAN address.
Tested: bun test src/server/__tests__/skill-market.test.ts src/server/__tests__/skill-market-install.test.ts
Tested: cd desktop && bun run test -- SkillCenter.test.tsx skillMarketStore.test.ts --run
Tested: bun test src/server/__tests__/h5-access-service.test.ts -t 'getDiagnostics reports stale'
Tested: git diff --check
Tested: bun run check:desktop
Tested: bun run check:server
Not-tested: bun run verify and coverage gates; this is a local handoff, not PR-ready validation.
Confidence: high
Scope-risk: moderate