multica

mirror of https://github.com/multica-ai/multica.git synced 2026-06-17 03:38:32 +02:00

Author	SHA1	Message	Date
Matt Voska	700cd97407	feat(workspace): add per-workspace logo upload (#2760 ) Adds avatar_url column to workspace, threads it through the API + WorkspaceAvatar component, and adds a click-to-upload editor in the workspace settings tab. Mirrors the squad avatar pattern (migration 086); UI strings use "logo" while the schema/code uses avatar_url for codebase consistency with user.avatar_url and squad.avatar_url. - migration 093: ALTER TABLE workspace ADD COLUMN avatar_url TEXT - UpdateWorkspace SQL + handler accept avatar_url (auth gated to owner/admin at the router via RequireWorkspaceRoleFromURL) - WorkspaceAvatar renders <img> when avatar_url is set, falls back to the initial-letter span otherwise - workspace-tab.tsx adds a 16x16 click-to-upload logo editor at the top of the general settings card, using useFileUpload + accept= image/png,image/jpeg,image/webp (server stores under workspaces/{id}/) - en + zh-Hans settings i18n strings added Co-authored-by: Matt Voska <voska@users.noreply.github.com>	2026-06-01 16:48:05 +02:00
Bohan Jiang	13f74e651a	feat(agents): remove custom_env from agent resources, add audited env endpoint (MUL-2600) (#3209 ) * feat(agents): remove custom_env from agent resources, add audited env endpoint (MUL-2600) The agent resource shape (list / get / create / update / archive / restore responses + WebSocket events) no longer carries `custom_env` values. Reads/writes of env now flow exclusively through a dedicated `/api/agents/{id}/env` endpoint that is owner/admin-only, rejects agent-actor sessions, applies a "**" sentinel preserve guard on PUT, and writes a persistent audit row per reveal/update. Why - `multica agent list --output json` historically returned plaintext `custom_env` for owner/admin callers (the redaction gate gave only members the masked map). Any agent token running on the workspace inherits its owner's role and could read every other agent's secrets just by listing. - Patching list/get redaction alone (PR #3175 direction) left symmetric leaks via mutation responses, WS events, the "reveal" path itself (no actor-aware auth), and a `` overwrite footgun on UpdateAgent. What changed - Backend: drop `custom_env` from AgentResponse; add coarse `has_custom_env` + `custom_env_key_count`. Strip env handling from UpdateAgent (silently ignored if sent). Keep CreateAgent's custom_env acceptance. - Backend: new GET/PUT `/api/agents/{id}/env` handlers in `internal/handler/agent_env.go`: - resolveActor → 403 for agent actors (closes the lateral-movement path). - Owner/admin role gate via existing helper. - PUT honours value == "*" as "preserve existing value". - Both write to `activity_log` with `agent_env_revealed` / `agent_env_updated` actions. Audit details record key names only, never values. - Daemon claim path (`ClaimAgentTask`) unchanged — `TaskAgentData` still carries plaintext env for runtime injection. - SQL: new `UpdateAgentCustomEnv` query; sqlc regenerated (v1.31.1). - CLI: new `multica agent env get\|set` subcommands. `--custom-env` flags removed from `multica agent update`; the no-fields error now points to the new path. - Frontend: drop env fields from `Agent` + `UpdateAgentRequest`; add `getAgentEnv` / `updateAgentEnv` client methods; rewrite env-tab to show "N variables configured" + explicit "Reveal & edit" button, fetching values only on intentional reveal. - Locales: parity-safe additions to en + zh-Hans. - Docs: agents-create.{mdx,zh.mdx} reflect the new threat model and endpoint. - Mobile: schema drops `custom_env` / `custom_env_redacted`, adds metadata fields. Tests - Handler tests pinned the new invariants: no env in list/get responses, owner reveal happy-path + audit row, agent-actor 403, `***` sentinel preserves real values, UpdateAgent silently ignores `custom_env`, pure `mergeAgentEnv` cases. - CLI tests pivot to the new flag surface: `agent update` MUST NOT expose the env flags; `agent env set` MUST expose --custom-env-stdin/--custom-env-file. - Frontend test fixtures updated; pnpm typecheck / test / lint pass cleanly. This is a breaking API change. Scripts that read `custom_env` from `/api/agents` must migrate to `GET /api/agents/{id}/env`. Co-authored-by: multica-agent <github@multica.ai> fix(agents): close actor-spoofing + audit fail-closed in env endpoints (MUL-2600) Addresses Elon's review of #3209: * Mint a task-scoped `mat_` token per claim, bound to (agent, task, workspace, owner). Daemon injects it into the agent process in place of its own credential. Auth middleware authoritatively rebuilds X-User-ID / X-Agent-ID / X-Task-ID from the token row and sets X-Actor-Source=task_token; that header is server-set only — incoming values are stripped before any auth branch runs. resolveActor honors the header so an agent that strips X-Agent-ID / X-Task-ID still resolves as actor=agent. * GetAgentEnv / UpdateAgentEnv are now fail-closed on audit-log failures: GET refuses to return plaintext, PUT persists inside the same tx as the audit row so they commit/roll back together. * PUT /api/agents/{id} returns 400 when the body carries custom_env instead of silently dropping it — directs callers to the audited env endpoint. * Agent actors never see mcp_config, even when the underlying member is owner/admin; mutation broadcasts go through a redaction shim so WS subscribers don't pick it up either. * Fix backend test that asserted dense JSON (jsonb::text renders whitespace) and frontend test that assumed a unique "Test User" match. Co-authored-by: multica-agent <github@multica.ai> * fix(agents): close residual MUL-2600 gaps from review (MUL-2600) Migration 108 FK now correctly references agent_task_queue(id) instead of the non-existent agent_task table; the previous name blocked CI backend migrations. Task-token-authenticated requests can no longer be re-routed at a different workspace by passing workspace_slug / workspace_id / ?workspace_id / a URL workspace param. ResolveWorkspaceIDFromRequest and resolveWorkspaceUUID both short-circuit on X-Actor-Source=task_token and return only the token-bound X-Workspace-ID; buildMiddleware adds a defence-in-depth 403 if any URL-resolved workspace disagrees with the token binding. mcp_config no longer leaks back to agent actors through UpdateAgent / CreateAgent / ArchiveAgent / RestoreAgent HTTP responses — the same redactAgentResponseForActor helper that GetAgent/ListAgents use is now applied to mutation responses too. WS broadcasts were already redacted via broadcastAgentResponse. FailTask and every TaskService cancel path (CancelTask / CancelTasksForIssue / CancelTasksForAgent / CancelTasksByTriggerComment / BroadcastCancelledTasks) now eagerly DeleteTaskTokensByTask so the mat_ token's 24h window doesn't outlive a terminated task. Failure is non-fatal — the FK cascade and expiry remain durable guards. Doc-only: clarify that PUT /api/agents/{id} now hard-rejects bodies that carry custom_env (was previously "silently ignores"). Tests: - middleware: TestResolveWorkspaceIDFromRequest gains a task_token case asserting client-supplied slug/id/query cannot override the bound workspace. - handler: TestUpdateAgent_RedactsMcpConfigForAgentActor and TestUpdateAgent_KeepsMcpConfigForMemberActor pin the mutation- response redaction contract per actor type. Co-authored-by: multica-agent <github@multica.ai> * fix(agents): match redacted mcp_config as JSON null, not Go nil (MUL-2600) `AgentResponse.McpConfig` is `json.RawMessage` without `omitempty`, so the redacted response serialises as `"mcp_config": null`. On decode, `json.RawMessage` keeps the literal bytes `null` rather than collapsing to Go nil, which made the assertion fire on a non-leak. The product contract (field always present, distinguished from "no config" via `mcp_config_redacted`) is intentional, so adjust the test to check for "no secret-bearing content" instead of weakening the contract via `omitempty`. Co-authored-by: multica-agent <github@multica.ai> --------- Co-authored-by: multica-agent <github@multica.ai>	2026-05-25 18:42:48 +08:00
YYClaw	614dfae884	MUL-2488 feat(timezone): Scheduling / Viewing two-layer timezone architecture (#2968 ) * docs(timezone): add scheduling/viewing timezone architecture RFC * feat(db): replace daily rollups with task_usage_hourly, add user.timezone Migrations 100-104: add "user".timezone (Viewing tz), build the UTC hourly task_usage_hourly rollup with its pipeline, drop the legacy task_usage_daily / task_usage_dashboard_daily pipelines, and drop the agent_runtime.timezone column. Report queries now slice day boundaries at read time by the caller-supplied @tz instead of materialising in a fixed tz. Regenerate sqlc. * feat(server): add task_usage_hourly backfill command Replace the two legacy backfill commands (daily / dashboard_daily) with a single backfill_task_usage_hourly that loads historical task_usage into the new UTC hourly rollup, sliced per workspace. * refactor(server): resolve viewing timezone in report handlers Report handlers resolve the Viewing tz per request (?tz query param, then user.timezone, then UTC) and pass it to the hourly-rollup queries. Drop the UseDailyRollup feature flags and the old raw-scan/daily-rollup dual paths, remove the /api/usage endpoints, and stop the daemon from reporting and the runtime handler from accepting host timezone. * refactor(core): switch report queries to viewing timezone API client and dashboard/runtime queries send ?tz with each report request, the user schema/types carry the new timezone field, and the runtime timezone field/mutation is removed. * feat(views): add viewing timezone preference and UI Add the useViewingTimezone hook and a Timezone setting in Preferences; report charts and the dashboard week boundary follow the viewer tz. Remove the runtime detail timezone editor and its locale strings. * fix(test): update fixtures and stabilize tests for timezone refactor The timezone architecture refactor changed several types without updating dependent test code: - RuntimeDevice no longer has a timezone field — drop it from the create-agent-dialog runtime fixture. - User now requires a timezone field — add it to the apps/web mockUser fixture. - The PreferencesTab timezone tests asserted on the async save handler (PATCH then store update) with a bare expect, racing the mutation's settle callback, and timed out querying the Select's ~600-option IANA list on a loaded CI runner. Wrap the assertions in waitFor and extend the timeout for those three tests. * docs(timezone): document self-host migration order and trigger invariant Add a SELF-HOST UPGRADE ORDER runbook to the backfill command's package comment: applying migrations 100-104 in a single migrate-up drops the legacy daily rollups before the hourly backfill runs, leaving dashboards empty until cron catches up. Add an INVARIANT comment on trg_atq_dirty_hourly noting that agent_id must be added to the trigger's OF list if it ever becomes mutable, otherwise dirty buckets for the old agent_id are silently missed. * style(runtimes): drop trailing blank line in runtime-detail	2026-05-21 15:33:47 +08:00
Jiayuan Zhang	2ad1cd8ff8	feat(profile): user profile description injected into agent brief (MUL-2406) ## Summary Adds per-user `profile_description` so coding agents have cheap, durable context about who is asking. v1 per the brief Xeon locked in on [MUL-2406](mention://issue/63a7247c-4f6a-42cf-90d1-7c746e77158a): - DB — `user.profile_description TEXT NOT NULL DEFAULT ''` (migration 096). 2000-rune cap enforced server-side. No nullable / privacy state to manage. - API — `PATCH /api/me` accepts the field; `UserResponse` always emits it. Client wraps `updateMe` in a lenient `UserSchema` + `EMPTY_USER` fallback per CLAUDE.md API Response Compatibility. - UI — Settings → Account gains an "About you" textarea with live `n/2000` counter, `maxLength` guard, and a localized too-long error (EN + zh-Hans). - CLI — `multica user profile get` / `multica user profile update` with `--description / --description-stdin / --description-file / --clear`, mirroring the existing `issue comment add` input-mode menu. - Daemon injection — claim handler resolves the runtime owner and stamps `requesting_user_name` + `requesting_user_profile_description` on the task. `buildMetaSkillContent` emits `## Requesting User` between `## Agent Identity` and `## Available Commands`, blockquoted and framed as background context. The block is omitted entirely when the description is empty (no token cost when unused). Brief is written once per task via `CLAUDE.md` / `AGENTS.md`, not the per-turn prompt — same path the agent already reads for identity, so no extra per-turn cost. ## Test plan - [x] `go build ./...`, `go vet ./...`, `go test ./internal/cli/ ./internal/daemon/ ./internal/daemon/execenv/ ./cmd/multica/` - [x] New brief tests: `TestBuildMetaSkillContentEmitsRequestingUser`, `TestBuildMetaSkillContentOmitsRequestingUserWhenEmpty` - [x] `pnpm typecheck`, `pnpm lint`, `pnpm test` (74 files, 644 tests pass) - [ ] Handler DB tests (`TestUpdateMe*`) require a migrated test DB — not runnable in this sandbox - [ ] Manual: open Settings → Account, set a description, confirm the next daemon-run agent's `CLAUDE.md` shows `## Requesting User`	2026-05-19 19:51:28 +02:00
Naiyuan Qing	3447764b03	feat(i18n): full rollout — 21 namespaces translated (en + zh-Hans) (#1853 ) * feat(i18n): rollout phase — translate 9 namespaces (WIP) Phase 1 complete (基建 + login + Settings language switcher), phase 2 partial (Wave 4 done, search done). Pending namespaces documented inline; another developer can pick up from here. Infrastructure -------------- - server: add users.language column + extend PATCH /api/me (TestUpdateMeAcceptsLanguage / TestUpdateMePreservesLanguage) - packages/core/i18n: types / pickLocale (intl-localematcher) / browser-cookie-adapter / createI18n (initAsync false + useSuspense false) / I18nProvider / LocaleAdapterProvider - Split server-safe vs React entries: @multica/core/i18n — for proxy/RSC/middleware (no React) @multica/core/i18n/react — for client trees (createContext) (RSC vendored React lacks createContext; mixed import would crash proxy.ts at module load.) - packages/views/i18n: useT hook + selector API augmentation (i18next v26 default; auto-propagates to apps via the side-effect import in use-t.ts). - apps/web: proxy.ts (Next 16 renamed middleware) merges existing legacy/root redirects with x-multica-locale header forwarding; layout.tsx reads locale via headers() and pre-loads RSC resources. - apps/desktop: webPreferences.additionalArguments injects systemLocale (no sendSync — avoids main-thread blocking IPC); renderer adapter reads via process.argv. - ESLint: i18next/no-literal-string at file-scope for translated files via packages/views/eslint.config.mjs TRANSLATED_FILES. - glossary.md (packages/views/locales/) freezes term policy: Issue / Workspace / Agent / Skill / Autopilot / Daemon / Runtime stay English; Inbox / Project / Comment / Member translate. Translated namespaces (9 / 19) ------------------------------ - auth: login page (web wrapper含 desktop-handoff 文案) + Settings Appearance language switcher - editor: 9 .tsx (bubble-menu / link-hover-card / readonly-content / title-editor / extensions: code-block / file-card / image-view / mention-suggestion) + 32 keys - invite: 25 keys - labels / members / my-issues: Wave 4 全部 - search: command palette 35 keys - navigation: no user-facing strings (no-op) Pending (10 / 19) ----------------- issues (46 files / ~210 keys) agents (29 files / ~155 keys; presence.ts + config.ts label maps 允许进 i18n) onboarding (22 files / ~150 keys) settings rest / skills / modals / workspace / chat / inbox / projects / autopilots / layout Workflow for picking up ----------------------- - Glossary: packages/views/locales/glossary.md (mandatory read) - Reference impls: auth/login-page.tsx + editor/* (selector API + i18n-provider test wrapper pattern) - Per namespace: 1. create locales/{en,zh-Hans}/{ns}.json 2. add to packages/views/i18n/resources-types.ts 3. useT('{ns}') + t($ => $.foo) in components 4. add files to TRANSLATED_FILES in eslint.config.mjs 5. typecheck + test + lint must pass - Subagents currently CANNOT write files (sandbox deny). Run as hybrid: subagent researches + outputs full JSON + tsx diff, controller writes. Other ----- - scripts/init-worktree-env.sh: default MULTICA_DEV_VERIFICATION_CODE=888888 in dev for deterministic login (gated by isProductionEnv). Verified: pnpm typecheck (6 pkgs ok), pnpm test (232 pass), make test (Go). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(i18n): rewrite glossary aligned with docs zh voice Switch translation policy to match the canonical CN voice already established in apps/docs/content/docs/.zh.mdx (20+ files). The new rule splits product nouns into two classes: - Typed entities (issue / project / skill / autopilot / task) — kept as lowercase English in CN text, visually marking them as system types. - Concepts (workspace / agent / daemon / runtime / inbox) — fully translated (工作区 / 智能体 / 守护进程 / 运行时 / 收件箱). Previous glossary kept Workspace / Agent / Daemon / Runtime as English on "工程惯例" grounds, but docs zh and CN AI ecosystem (Coze / 腾讯元器 / 百度) consistently translate these. App UI now matches docs voice so users don't see split personality between the app and its own docs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> fix(i18n): register 6 namespaces and retrofit zh strings to new glossary Two fixes that were blocking the previously-translated namespaces from actually rendering in CN: 1. RESOURCES gap — locales/index.ts only loaded common/auth/settings, but resources-types.ts declared 12 namespaces and 6 of them had real translation content. At runtime i18next would fall back to raw keys for editor / invite / labels / members / my-issues / search. Register all 9 currently-translated namespaces. 2. Retrofit zh strings to the docs-aligned glossary: - "Issue" → "issue" (lowercase entity) - "Workspace" → "工作区" - "Agent" → "智能体" - "Runtime" → "运行时" - "Skill" → "skill" (lowercase) - "项目" → "project" (lowercase) Touched: editor.json (sub_issue + mention.group_issues), invite.json (3 Workspace occurrences), members.json (agents_section / more_agents), my-issues.json (8 retrofits across page/header/errors), search.json (13 retrofits across groups/pages/commands/empty). Verified: pnpm typecheck (6/6) + pnpm test (238/238) all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate inbox namespace First namespace through the sub-agent → main-agent integration pipeline. JSON: en/inbox.json + zh-Hans/inbox.json — 60 keys across page / menu / list / detail / types / labels / errors. Time-formatter labels are kept compact in EN ("5m" / "3h" / "2d") and use full units in zh ("5 分钟" / "5 小时" / "5 天") since raw "5 分" reads as "5 marks/points" in CN. Component changes converted two module-level statics into hooks so the strings can flow through i18next: - inbox-list-item.tsx: `timeAgo` (pure fn) → `useTimeAgo` (hook returning a fn). The local copy is a duplicate of @multica/core/utils `timeAgo` that is only used by inbox-page; other consumers across chat/agents/skills/issues stay on the core util for now and will be translated when their namespaces land. - inbox-detail-label.tsx: `typeLabels` (static const Record) → `useTypeLabels` (hook returning the same Record shape). Call sites keep the existing `typeLabels[type]` access pattern. inbox-page.tsx now uses both hooks and `useT('inbox')` selector calls for all hardcoded strings (~24 sites: header / dropdown menu / list empty state / detail panel / mobile back / quick-create-failed flow / all error toasts). Wired up: resources-types.ts, locales/index.ts RESOURCES, ESLint TRANSLATED_FILES (3 inbox tsx files now lint-protected). Verified: pnpm typecheck (6/6) + pnpm --filter @multica/views test (238/238) + ESLint clean on inbox/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate workspace namespace Translates the three workspace shell views: create-workspace-form, new-workspace-page, no-access-page. Also fixes the prior-art no-unescaped-entities lint errors in no-access-page.tsx — the apostrophes in "doesn't" / "don't" were JSX text literals that move into JSON values after translation, so the lint rule no longer fires. Tests wrapped: workspace/create-workspace-form.test.tsx, workspace/no-access-page.test.tsx, modals/create-workspace.test.tsx all now wrap render() with <I18nProvider locale="en"> so the en values in workspace.json drive the rendered text and the existing assertions continue to match. Slug constants kept: WORKSPACE_SLUG_FORMAT_ERROR / WORKSPACE_SLUG_CONFLICT_ERROR exports in workspace/slug.ts are still imported by onboarding/steps/step-workspace.tsx (out of scope here). The workspace shell now reads its strings from workspace.json directly. Multica.ai brand prefix in the slug input affordance is wrapped with an inline `// eslint-disable-next-line i18next/no-literal-string` per glossary policy on brand names. Renamed sign_in_other → sign_in_different to avoid colliding with i18next's `_other` plural-suffix convention which the selector-API typings treated as a plural form of `sign_in`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate projects namespace Translates the projects list page, project detail page, project picker dropdown, and project chip — all four user-facing surfaces under packages/views/projects/components/. New file: projects/components/labels.ts exposes three hooks that replace the static `.label` field on PROJECT_STATUS_CONFIG / PROJECT_PRIORITY_CONFIG and the previous module-level `formatRelativeDate` helper. Core's `.label` stays untouched (it's still consumed by search and the create-project modal, both out-of-scope for this namespace) — those will flip when their respective namespaces translate. In zh, the "project" entity stays lowercase English per glossary (`新建 project`, `还没有 project`, `从 project 移除`). Status / priority / table column labels translate fully. The cancelled / done / paused etc. status labels duplicate per- namespace as `projects.status.` rather than reading from a future shared status namespace. This matches the auth/inbox/workspace pattern of self-contained namespaces. If a generic "issue/project status" pool emerges later, these can collapse. Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238) + ESLint clean on projects/ (1 pre-existing warning about useEffect/sidebarRef dep, unrelated to i18n). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> feat(i18n): translate autopilots namespace Six tsx files: autopilots-page (list + 6 templates), autopilot-detail-page (properties / triggers / run history / delete), autopilot-dialog (create + edit dialog), trigger-config (cron form), and the agent / timezone pickers. Hook conversions for module-level helpers that need t(): - summarizeTrigger / describeTrigger → useSummarizeTrigger / useDescribeTrigger (no external callers, removed the plain exports) - formatRelativeDate → useFormatRelativeDate (per-component hook) - formatCountdown → useFormatCountdown (per-component hook) - TEMPLATES array now keyed by id; titles + summaries pull from templates/{id}/{title,summary} JSON. Prompts stay raw EN since they're injected directly into the agent task — translating them would translate the agent's instructions, not the user's UI. Status / execution-mode / run-status enums render via t($ => $.status[k]) with k typed against the core type (no separate hook needed). Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238) + ESLint clean on autopilots/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate skills namespace Seven tsx files: skills-page (list + filters + intro banner), skill-detail-page (the giant — properties + file tree + sidebar + conflict banner + delete dialog, ~963 lines), create-skill-dialog (chooser + manual + URL forms), runtime-local-skill-import-panel (local runtime browse + import), skill-columns, file-tree, file-viewer. Notable patterns: - `createSkillColumns` factory → `useSkillColumns` hook so column headers flow through useT. Column identity changes per render is fine — DataTable handles it. - `validateNewFilePath` (pure helper) → `useValidateNewFilePath` hook so the 5 validation error messages can be translated. - skill_files / used_by / description_with_agents use i18next plural keys (`_one` / `_other`) — the type system collapses these into a single PluralValue access, so call sites use `t($ => $.foo, { count })` and i18next picks the form. - Per glossary, "skill" stays lowercase EN in zh ("新建 skill", "已删除 skill", "未找到该 skill"). Test wrapper: runtime-local-skill-import-panel.test.tsx now wraps render() with <I18nProvider> so the assertion on /Import to Workspace/i matches the EN translation. Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238) + ESLint clean on skills/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate chat namespace Translates all 10 chat surfaces: FAB tooltip, input placeholders, message list (replied-in / failed-after / tools group / show-details / tool result preview), session history (header + time-ago labels), chat window (new-chat / restore / expand / minimize / agent + session dropdowns / starter prompts / empty states), context-anchor button + card tooltips, no-agent banner, offline / unstable banner, and the task-status pill (queued / starting up / thinking / typing + tool labels: running command / reading files / searching code / making edits / searching web). Hook conversions: - formatTimeAgo (chat-session-history) → useFormatTimeAgo - ElapsedCaption now takes a typed `variant` ("replied" \| "failed") instead of a free-text `verb` so the i18n key is enumerable - pickStage (task-status-pill) refactored: pure pickStageKeys returns StageKey + optional ToolKey; useResolveStage maps to localized labels Translation policy notes: - Starter prompts ("List my open tasks by priority", etc.) are user UI when displayed AND the user's input when clicked — translating them sends the agent the user's locale-native phrasing, which is the right UX for a CN user using a CN agent. - buildAnchorMarkdown (chat-window) stays in English: it's an agent-bound markdown prefix injected into the outgoing message, not user-facing UI. Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate modals namespace Translates all 11 modal sources: registry (no UI text), backlog-agent-hint, set-parent-issue, add-child-issue, delete-issue-confirm, feedback, issue-picker, create-workspace, create-project, create-issue (manual), quick-create-issue (agent panel). Notable patterns: - create-project re-uses useProjectStatusLabels / useProjectPriorityLabels hooks from views/projects/components/labels — same translation source as the projects list / detail, no duplication. - create-issue.tsx: renamed `toast.custom((t) => ...)` callback param to `toastId` to avoid shadowing the closure-captured useT() `t` function. - Test wrapper added to modals/create-issue.test.tsx so the two assertions on rendered modal text (success toast + Create another) match the EN bundle. modals/create-workspace.test.tsx was already wrapped (workspace ns commit). Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate settings namespace (rest of tabs) Builds on the appearance-tab + language switcher already shipped in Phase 0. Translates the remaining 8 settings surfaces: settings-page shell (left nav + tab keys), account / profile, notifications-tab (5 group labels + descriptions), tokens-tab (create / list / revoke / created dialog), workspace-tab (general fields + danger zone + leave/delete confirmations), members-tab (invite + role config + revoke / remove flows), repositories-tab, labs-tab, delete-workspace-dialog. Hook conversion: members-tab `roleConfig` static const → `useRoleLabels` hook returning a Record<MemberRole, {label, description, icon}>. The icon stays as a typed React component (Crown / Shield / User), so rendering pattern is unchanged at call sites. Test wrapper: settings/components/delete-workspace-dialog.test.tsx now wraps render() with <I18nProvider> (custom render() helper) because the test asserts on rendered button labels ("Delete workspace", "Cancel", "Deleting..."). Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate runtimes namespace (entry surfaces) Translates the user-facing runtime list page surfaces: runtimes-page (header / search / filters / chips / empty / no-matches / bootstrapping), runtime-detail (topbar + delete dialog + delete toasts), runtime-detail-page (not-found state), shared.tsx (4-state HealthBadge labels). Hook conversion: shared `healthLabel(health)` was a pure module-level function. Added `useHealthLabel` hook for translated call sites; kept `healthLabel` as an EN-only fallback for non-component callers (column factory in runtime-columns). Deferred: - runtime-list / runtime-columns (data table column headers + cell bodies) — large surface, not in the page-load critical path. - connect-remote-dialog / update-section / usage-section — secondary flows, English remains acceptable until a focused pass. - charts/* — primarily numeric tooltips and axes; minimal user-visible text. Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate layout namespace (sidebar nav, help, loader) Translates the cross-cutting layout chrome: - 9 sidebar nav labels (inbox / my issues / issues / projects / autopilots / agents / runtimes / skills / settings) — driven by labelKey instead of inline strings, resolved via useT at render. - HelpLauncher dropdown (trigger aria + 3 items: Docs / Change log / Feedback) - WorkspaceLoader (named + unnamed loading states) - SortablePinItem unpin tooltip Pattern shift in app-sidebar.tsx: nav arrays carry `labelKey: NavLabelKey` (typed against the layout JSON) instead of `label: string`. The string comparison checks (`item.label === "Inbox"`) became cleaner ID-based checks (`item.key === "inbox"`). Deferred: deeper sidebar surfaces — workspace switcher dropdown, "New Issue" CTA, "Pinned" / "Workspace" / "Configure" group labels — remain English. The 9 nav labels are the ones that read in every session. Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate onboarding namespace (welcome + step header) Translates the user-first-impression surfaces of the onboarding flow: - step-welcome.tsx (the wordmark, headline, lede paragraphs, all CTAs: Download Desktop / Continue on web / Start exploring / I've done this before, illustration caption) - step-header.tsx ("Step N of M" counter + matching aria-label) - onboarding-flow.tsx (skip-onboarding error toast) Test wrapper added to onboarding/components/step-header.test.tsx — custom render() helper wraps with <I18nProvider> so the "Step 2 of 5" assertions match the EN bundle. Deferred (acceptable English fallback for now): step-questionnaire, step-workspace, step-runtime-connect, step-platform-fork, step-agent, step-first-issue, cli-install-instructions, option-card, runtime aside panels, starter-content-prompt, cloud-waitlist-expand. These are deeper steps with significant copy that would benefit from a focused dedicated pass — voice on each is more nuanced (questionnaire options, runtime install instructions, agent template recommendations). Verified: pnpm --filter @multica/views typecheck (clean) + test (238/238). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(i18n): add EN/zh-Hans key parity guard Schema-level vitest that walks RESOURCES.en and RESOURCES["zh-Hans"] namespace by namespace and asserts both bundles cover the same key set. i18next plural rule is normalized before compare (`_one` / `_other` collapse to a single logical key) so EN's plural pair matches zh's `_other`-only form. Catches retrofit drift where a new EN key lands without zh — previously this would silently fall back to the English string in production. Cheap to keep green: 39 tests across 21 namespaces in under a second. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate issues namespace Translates the entire issues surface — list / board / detail / comments / sub-issues / activity feed / batch toolbar / pickers / context menu / backlog-agent hint dialog / labels panel. Component coverage: - issues-page (page header, empty state, move-failed toast) - issues-header (scope tabs, filter dropdowns w/ status/priority/ assignee/creator/project/label, display settings, sort, view toggle) - issue-detail (page header, breadcrumb, properties / parent issue / details / token usage sections, sub-issues, activity timeline, formatActivity for status/priority/assignee/title/due-date changes, subscribe/subscriber popover) - comment-card + comment-input + reply-input (delete dialog, edit/save, copy/edit/delete row, reply count, placeholders, expand/collapse) - agent-live-card (is-working banner, tool count, stop / transcript) - execution-log-section (section header, show/hide past runs, trigger text builder, status labels, cancel-task) - batch-action-toolbar (selected count, delete dialog with plurals) - backlog-agent-hint-dialog (full dialog content) - labels-panel (intro, create form, list, delete dialog) - pickers (status / priority / assignee / due-date / label / property search placeholder + no-results) - issue-actions-menu-items (all dropdown / context menu items) - use-issue-actions / use-issue-timeline (toast strings) STATUS_CONFIG / PRIORITY_CONFIG label rendering routed through $.status[enum] / $.priority[enum] at every call site; the core config keeps its English fallback for non-i18n consumers but UI never reads .label directly anymore. Tests retrofitted: issues-page, issue-detail, and issue-actions-menu RTL specs now wrap renders in <I18nProvider> with the EN bundle, so their string assertions match the bundle (not hardcoded literals). ESLint i18next allow-list extended to 24 issues files. Verified: pnpm --filter @multica/views typecheck + test (277/277) all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate agents namespace Translates the agents listing + detail surface and the create/duplicate flow. Covers the high-frequency surfaces; deeper sub-tab editors (activity / instructions / skills / env / custom-args bodies, and the hooks-buggy runtime/model/concurrency pickers) are deferred — they have their own pre-existing react-hooks rule violations and benefit from a focused dedicated pass. Component coverage: - agents-page (page header w/ tagline + new button, scope segment, search, sort dropdown, availability chips, archived toolbar, empty state, no-matches messaging w/ search interpolation, list-load error) - agent-detail-page (back link, archived banner, archive dialog, not-found state, all 4 toast strings) - agent-detail-inspector (avatar editor, name + description popover, description dialog, every PropRow label, validation message, presence badge label sourced from $.availability[enum]) - agent-overview-pane (tab labels, discard-unsaved-changes dialog) - create-agent-dialog (title / description / labels / placeholders / duplicate-suffix / runtime filter buttons / runtime status copy) - agent-row-actions (full dropdown items + cancel-tasks dialog with pluralized "N running + M queued" summary + archive dialog + 6 toasts) - agent-columns (every header cell, You / Archived chips, runtime fallback labels, availability + workload labels via $.availability / $.workload, activity tooltip body w/ created_today / created_days_ago / runs / failed-percent interpolation) - inspector/skill-attach (Attach trigger label + aria) availabilityConfig and workloadConfig now keep colors only — the display label lives in the bundle, sourced via $.availability[enum] and $.workload[enum] at every call site. Same pattern as STATUS_CONFIG/PRIORITY_CONFIG in the issues namespace. ESLint i18next allow-list extended to 8 agents files. Verified: pnpm --filter @multica/views typecheck + test (277/277) all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(i18n): clear 30 stray EN strings in translated files Tail of literal strings missed in earlier passes — the ESLint i18next allow-list flagged them but they slipped through review. Files touched: - layout/app-sidebar.tsx (10 keys: Workspaces / Pending invitations / Create workspace / Join / Decline / Log out / New Issue + shortcut / Pinned / Workspace / Configure) - runtimes/components/runtime-detail.tsx (Serving header + serving_count pluralization, no_agents copy, running/queued chips with count interpolation, Diagnostics header, CLI label, Delete runtime button, Technical details toggle, last seen interpolation) - onboarding/steps/step-welcome.tsx (entire WelcomeIllustration mock — 5 cards × actor names + body copy + 3 mention chips + 2 timestamps; zh translation reads naturally instead of leaving the demo English) - settings/components/labs-tab.tsx (`Co-authored-by: ...` git trailer wrapped in {} so linter sees a JS string, not JSX text — magic identifier git relies on, must not translate) - settings/components/members-tab.tsx (✓ glyph wrapped in {}) - modals/feedback.tsx (⌘↵ shortcut wrapped in {}) ServingAgentsCard now reads availability/workload labels from `agents` namespace (cross-namespace useT) so the bundle-truth pattern holds: presenceConfig keeps colours only, label text comes from the shared bundle. Verified: typecheck + 277/277 tests + lint (only the pre-existing react-hooks rule-of-hooks errors remain, which task #6 addresses). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(agents): rules-of-hooks + translate 4 model/runtime pickers Three pre-existing react-hooks/rules-of-hooks violations + one missing useMemo dep cleared, then the four pickers wired through useT. Hook order fixes: - concurrency-picker: useEffect now runs before the !canEdit early return. Stale-draft reset still works the same way. - runtime-picker: useMemo for the filtered list moved above the !canEdit branch. - model-dropdown: `models = data?.models ?? []` was minting a fresh array each render and tripping the deps lint of the downstream useMemo. Wrap in useMemo so the reference is stable. Translation coverage: - concurrency-picker: tooltip ("Concurrency · N max..."), range helper text, Save button. - runtime-picker: trigger label fallback ("No runtime"), tooltip text composed from {{name}} + status, Mine/All filter buttons, empty-list copy, "owned by {{name}}" + status fragments in row tooltip, Cloud badge, online/offline aria. - model-picker: trigger label, tooltip, "Managed by runtime" fallback, search placeholder, "Discovering models…", default badge, "No models available", "Use \"X\"" custom-id flow, Clear button + its title. - model-dropdown: every label string including the "Select a runtime first" / "Default (provider)" / "Runtime offline — enter manually" trigger fallbacks, the supported=false explanation block, discovery failed badge, all popover items. ESLint allow-list extended to 4 picker files. Verified: typecheck + 277/277 tests + lint (0 errors, only pre-existing react-hooks warnings in unrelated files). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate runtimes list + connect dialog + CLI updater Three deep runtime surfaces wired through useT, with the agents namespace doing double duty for shared availability/workload labels. runtime-columns: - 7 column headers via t-augmented createRuntimeColumns({ t }). - HealthCell now reads from useHealthLabel() (already translation-aware) instead of the EN-only healthLabel() helper. - WorkloadCell sources the label from $.workload[enum] (cross-namespace to agents) — colour stays via workloadConfig. - CostCell delta "flat" copy + CLI cell "Desktop" badge + update- available aria/tooltip + RowMenu's full delete dialog (title / description with {{name}} interpolation / cancel / confirm / deleting state) plus its admin-permission hint. connect-remote-dialog: - Three steps fully translated: instructions (header + 4 numbered steps + security warning + troubleshooting list with mono code snippets escaped as JS strings), waiting (loader + hint), success (CTA pair). - Mono CLI commands wrapped in {} so linter sees JS strings — those are literal commands that must stay untranslated for the user to paste into a terminal. update-section: - statusConfig collapsed to icon+colour only; labels move to $.update.status[enum] for proper translation per-state. - "CLI Version:" / "Latest" / "available" / "Update" / "Retry" copy + the "Managed by Desktop" tooltip and disabled hint. Layout helpers tagged: runtime-list passes `t` through to the column factory the same way agent-columns does. ESLint allow-list extended with the 4 wired files. Verified: typecheck + 277/277 tests + 0 i18n lint errors. usage-section.tsx (KPI cards / WhenChart / TopUsageBreakdown / receipt table) is the remaining runtimes surface — chart-heavy and benefits from a focused pass next. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate 5 agent detail tabs + skill-add dialog The 5 tabs that fill the agent detail right pane plus the shared skill picker dialog. Agents bundle gains a `tab_body` block with sub-namespaces per tab + a `common` slot for save/add/unsaved. Tab coverage: - instructions-tab: intro paragraph, multi-line example placeholder (full 18-line zh translation), Save / Unsaved. - env-tab: read-only intro / empty state, editable intro with two inline `<code>` env-var examples kept English (mono terminal payloads), KEY / value placeholders, Show/Hide value aria, Add / Remove aria, all 3 toasts (duplicate keys / saved / save failed). - custom-args-tab: intro about whitespace splitting, launch-mode prefix line + `<your args>` placeholder, --flag value placeholder, Add, Remove aria, both toasts. - skills-tab: intro, Add skill button, import-hint callout, empty state title + hint + add-CTA, remove-failed toast. - activity-tab: 3 section titles (Now / Last 30 days / Recent work), active-task pluralization, performance subtitle, all 3 empty states, runs/success%/avg-duration/failed pluralization with interpolation, source labels (Issue / Chat / Autopilot / Untracked), source fallbacks (Quick create / Creating issue / Chat session / Autopilot run), issue-short fallback, "Triggered by" tooltip header, open-issue / transcript / cancel-task tooltips and ARIAs, cancelling state, started/dispatched/queued time prefixes, show more. - skill-add-dialog: dialog title + description, empty list copy, Cancel button, add-failed toast. skills-tab.test.tsx wrapped in <I18nProvider> with the EN bundle so its `Local runtime skills are always available` assertion still matches the resolved translation instead of the raw key path. ESLint allow-list extended with the 6 wired files. Verified: typecheck + 277/277 tests + 0 i18n lint errors. Only the per-test mock for skills-tab needed wrapping; the other 4 tabs ship without test files of their own and inherit the I18nProvider chain via agent-overview-pane / agent-detail-page test renders (when those exist later). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate onboarding step-questionnaire + option-card The user-profile step (3 questions) is the first deferred onboarding deep step now wired through useT. step-questionnaire: - Eyebrow + headline + answered-progress counter with {{count}} interpolation - All 3 questions and their option labels (team size / role / use case) - All 3 "Other" placeholders for free-text fallback - Right-rail "Why three questions" / "What you get" panel: 2 eyebrow rows, 2 unlock-item title+body pairs, learn-more link - Back / Continue buttons via shared `common` block option-card: shared "Other" radio label and aria. Test wrapped in <I18nProvider>. EN value of `other_label` kept as "Other" so the existing /^other$/i regex in step-questionnaire.test keeps matching after the rendering pipeline switched from a hardcoded literal to a bundle lookup. ESLint allow-list extended with these 2 files. The remaining 4 deep steps (workspace / runtime-connect / platform-fork / agent), the 2 ancillary surfaces (cli-install-instructions / starter-content- prompt), and the 3 side panels (runtime-aside-panel / cloud-waitlist- expand / compact-runtime-row) will be surfaced + swept by the global ESLint switch (next commit). Verified: typecheck + 277/277 tests + 0 i18n lint errors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): flip ESLint to glob + drain remaining hardcoded EN ESLint i18next/no-literal-string now applies to */.tsx by default instead of an explicit allow-list. Files that genuinely still need hardcoded EN are listed in STILL_HARDCODED — concrete, finite, and the goal is to drain that list to zero. Tail strings translated in this commit (surfaced by the global flip): - common/task-transcript/agent-transcript-dialog.tsx — full dialog: status badge (Running / Completed / Failed), sr-only DialogTitle, Filter dropdown trigger + Clear filters, Copy all / Copy filtered / Copied, tool-calls + events metadata chips with pluralization, events-filtered "{{shown}} of {{total}}" interpolation, "Waiting for events..." live state, "No execution data recorded." past state. New `transcript` block in agents namespace. - runtimes/components/charts/activity-heatmap.tsx — Less / More legend labels around the contribution-style heat squares. - search/search-trigger.tsx — sidebar Search... button label. ⌘ glyph wrapped in {} to satisfy the linter (mono shortcut symbol, not translatable). Holdouts (STILL_HARDCODED, ~14 files): the deep onboarding steps (workspace / runtime-connect / platform-fork / agent / first-issue / cli-install-instructions, plus 4 ancillary panels), the runtimes usage-section + KPI cards, and 5 minor agent visual primitives (sparkline / agent-presence-indicator / agent-profile-card / visibility-badge / char-counter). Each one gets a dedicated future pass; the global rule prevents new hardcoded strings from landing elsewhere. Verified: typecheck + 277/277 tests + 0 i18n lint errors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): drain agent visual primitives + onboarding small components 8 files removed from STILL_HARDCODED: agents/components/: - char-counter — over-limit text with {{count}} interpolation - visibility-badge — uses new agents.visibility.{private,workspace}. {label,tooltip} block; drops VISIBILITY_LABEL/TOOLTIP imports from core in favour of bundle-driven copy - agent-presence-indicator — availability + workload labels via $.availability[enum] / $.workload[enum] (cross-namespace), queue-badge "+N queued" with pluralization - agent-profile-card — Agent unavailable / Detail link / Owner / Skills / Runtime / Unknown runtime / Archived chip / availability line via cross-namespace lookup agents.json: new presence + visibility + profile_card + char_counter blocks. onboarding/components/: - compact-runtime-row — online/offline aria via agents.availability - runtime-aside-panel — full content (What's a runtime / Good to know / Swap anytime / Add more later / docs link) - starter-content-prompt — full dialog (title / description with inline emphasis / both buttons / 3 toasts) - cloud-waitlist-expand — intro paragraph + warning span / email + reason labels + placeholders + Optional badge / Join + on-list states / both toasts onboarding/steps/: - cli-install-instructions — copy aria + intro + 2 step labels onboarding.json: new runtime_aside / cli_install / starter_content / cloud_waitlist blocks. Tests for step-platform-fork + step-runtime-connect wrapped in <I18nProvider> with EN bundle so /you're on the list/i etc. still matches the resolved translations. Verified: typecheck + 277/277 tests + 0 i18n lint errors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate onboarding deep steps The 5 large onboarding steps that were deferred from earlier passes, plus their support helpers, all wired through useT. step-first-issue (final beat — flips onboarded_at): - error_title / Retry / retry_failed toast / finishing / opening states. step-agent (creates the user's first agent): - Templates moved from a module-level const to a useT-driven useAgentTemplates() hook. Names + emoji stay constant (visual identity), labels + blurbs + instructions resolve from the bundle. coding / planning / writing / assistant — all four templates ship a full zh translation that reads naturally. - Recommended badge, eyebrow + headline + lede, footer hint, Create {{name}} CTA, create_failed toast. - Right-rail "About agents" panel (4 way-items + headline + add-more hint + docs link). step-workspace (create or pick existing): - 5 footer states (open / creating / creating-pending / name-first / pick), all hint + CTA strings via interpolation. - Name + URL + slug placeholders, issue-prefix preview spans, Create-new card title + subtitle. - 8-row WorkspacePreviewCard sidebar (Inbox / Issues / Agents / Projects / Autopilot / Runtimes / Skills / And more) — every label + meta strapped to bundle keys. - 4 perks (assign / chat / invite / switch) + 3 next-steps (runtime / agent / starter), 2 toasts (slug-conflict / failed). - `multica.ai/${slug}` mono URL escaped via template-literal expression so the linter sees a JS string. step-runtime-connect (desktop scan flow): - 3 phase headlines + ledes (scanning / found / empty), trust-strip status (all online / N online / none online) with pluralization, online/offline labels, Skip / Continue / Selected hint. - Empty-view 2 cards (skip + waitlist) and the cloud waitlist dialog wrapper. step-platform-fork (web fan-out): - Eyebrow + headline + lede, footer hint with 3 phase variants. - Primary download card (before/after click) + 2 alt cards (CLI / cloud) + CLI dialog with 4 elapsed-time stages (normal / midway / slow / stalled), live-listening header, runtime-connected pluralization, cloud waitlist dialog. ESLint: STILL_HARDCODED list shrunk from 14 entries to 1 — only runtimes/components/usage-section.tsx (chart-heavy KPI panel) remains. Verified: typecheck + 277/277 tests + 0 i18n lint errors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate runtimes usage panel + drop STILL_HARDCODED Final i18n holdout: the runtimes usage panel (KPI hero, WHEN chart tabs, cost-by breakdowns, daily breakdown table) is wired through useT("runtimes"). With this drained, the eslint scaffolding for explicit holdouts is removed — every JSX text node in @multica/views now flows through i18n. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(i18n): drain rollout gaps + add cross-device sync Lands the post-review punch list for the i18n rollout: closes correctness gaps that would have shipped silently, and adds the missing cross-device locale sync the rollout's docs already promised. Coverage: - Register issues + agents namespaces in RESOURCES (90 useT call sites were rendering keys-as-text in production) - Harden parity test to compare RESOURCES keys against on-disk JSON files, so a future missing namespace registration fails loudly - Server-side language whitelist in UpdateMe + reject-unsupported test - Safe SupportedLocale resolution in appearance-tab (no more `as` cast on a region-tagged BCP-47 string) - HTML lang attribute uses zh-CN (not zh-Hans) for screen reader / CJK font-stack compatibility - Cookie Secure flag on https - Pulled createBrowserCookieLocaleAdapter out of the server-safe entry into a new @multica/core/i18n/browser subpath; document.cookie access can no longer leak into Edge middleware imports Cross-device sync: - New UserLocaleSync component mounted in CoreProvider; on login, if user.language differs from the active i18n.language, persist via the adapter and reload. Both apps benefit - Desktop main process tracks system locale and emits IPC on focus when it changes; renderer reloads only when the user has no explicit Settings choice (their preference still wins) Tests: - pickLocale / matchLocale (11 cases incl. region-tagged BCP-47, malformed tags, zh-Hant collapse-to-zh-Hans semantics) - browser-cookie-adapter (6 cases under jsdom) - Shared renderWithI18n helper at packages/views/test/i18n.tsx that wraps the real RESOURCES map; future tests opt in instead of inlining a per-file TEST_RESOURCES slice that goes stale silently Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(conventions): consolidate naming + i18n glossary into docs site Single source of truth for code naming, i18n translation glossary, and Chinese voice rules. Previously split between packages/views/locales/glossary.md and scattered comments — now lives at apps/docs/content/docs/developers/conventions.{mdx,zh.mdx} with both English and Chinese versions kept in sync. Three sections per page: 1. Code naming — routes, packages, files, DB, Go, TS, commits 2. i18n translation glossary — entity vs concept rule, what to translate, word combination, plurals, interpolation, key naming 3. Chinese voice + style — punctuation, principles, where to look in doubt Side effects: - packages/views/locales/glossary.md collapses to a stub redirecting to the docs page; do not edit it - CLAUDE.md gets a new top-level "Conventions reference" section so any Claude session sees the pointer before any other rule - apps/docs/content/docs/developers/ gets a stub English meta.json so the conventions page is reachable on the EN side (contributing.zh.mdx / architecture.zh.mdx remain ZH-only — separate work) - Both root sidebars get a new "Developers" group Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(i18n): apply zh voice rules + translate project/autopilot Two-part cleanup driven by the conventions doc landed last commit: Voice violations (mechanical sweep across 10 zh-Hans namespaces): - 「」 (Japanese-style brackets) → \" to match the EN source's straight double quotes (~13 sites) - … (single-char ellipsis) → ... three dots (~43 sites) - Drop translation-ese pronoun "我们" where it's a pure narrator ("我们已发送" → "已发送", "我们替你托管" → "由 Multica 托管"); keep "告诉我们" where "we" is the legitimate brand recipient - "作为父级 / 作为子级" → "设为父级 / 设为子级" - "任务" mistranslated as the task entity → `task` (lowercase EN entity) - Dialog title "Autopilot" → "autopilot" Translate project / autopilot per industry consensus: - `project` → 「项目」 (~42 value sites). Feishu / Tower / Teambition / PingCode / GitHub Projects all translate; no Chinese product keeps `project`. - `autopilot` → 「自动化」 (~34 value sites). Avoids the Tesla-style 「自动驾驶」 association; matches Notion / Feishu's industry term. - Issue / skill / task remain lowercase EN per dev-team familiarity. - Sidebar nav-label entities get Title Case ("Issue" / "Skill" / "我的 Issue") so the entry-point label reads as a proper UI signal; body prose stays lowercase. Conventions doc (EN + ZH) reflects the decision and adds a "why these translate but issue/skill/task don't" rationale block. Verification: parity test 45/45, full monorepo typecheck green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(i18n): translate chat session delete + project resources section Two features main shipped while this branch was idle never went through the i18n pass: - Chat session delete confirmation dialog (#2115) and history toggle tooltip (#2117): adds session_history.delete_dialog.* and session_history.row_delete_*, plus window.history_show_tooltip / history_back_tooltip. - Project resources sidebar (#1926/#2080/#2111): entire component including toasts, popover form, attach/remove tooltips. New projects.resources subtree. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 16:16:12 +08:00
Naiyuan Qing	3fd2fb2ae3	feat(onboarding): redesigned flow + post-landing starter content opt-in (#1411 ) * docs(onboarding): add redesign proposal Captures motivation (two activation funnels), research-backed principles, final 5-step flow (welcome+questionnaire → workspace → runtime → agent → first-issue), Q1/Q2/Q3 personalization matrix, backend user_onboarding schema, API design, resume policy, and development ordering (frontend-first with Zustand stub, backend-last, server swap). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): scaffold redesigned flow and state foundation Work-in-progress scaffold toward the redesign documented in docs/onboarding-redesign-proposal.md. This commit is intentionally broad — subsequent commits will replace step content and wire real personalization. Not ready for merge. Included: - packages/views/onboarding/: flow orchestrator + 5 step components (welcome/workspace/runtime/agent/complete) and the CLI install card. Step content is the placeholder version; Step 1 (questionnaire) and Step 5 (first issue) are the next changes. - packages/core/onboarding/: dev-phase Zustand store + types. Not persisted — every page refresh starts at Step 1 so each step can be iterated in isolation. Will swap to TanStack Query + PATCH /api/me/onboarding once the backend user_onboarding table ships (keeps the exported hook surface stable). - packages/core/paths/resolve.ts + .test.ts: centralized resolvePostAuthDestination. Priority is flipped so !hasOnboarded wins over workspace presence — during frontend development every login re-enters /onboarding. useHasOnboarded() reads from the store so the real onboarded_at semantic lands automatically once the backend ships. - Post-auth wiring: callback page, login page, landing redirect, dashboard guard, realtime workspace-loss handler, settings leave/ delete, invite acceptance, and desktop app shell all delegate to the shared resolver instead of inline logic. - Desktop overlay: 'onboarding' added as a WindowOverlay type alongside new-workspace / invite, with a navigation-adapter interception so push('/onboarding') opens the overlay. - packages/core/package.json / packages/views/package.json: add new subpath exports. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(onboarding): revise questionnaire to role-driven 3-question form Aligns the proposal with the corrected product positioning: Multica is an AI agent orchestration platform for diverse users (developers, product leads, writers, founders), not a coding-focused tool. Key changes: - Drop Q1 "which agents do you already use?" — daemon auto-detects installed CLIs on PATH; asking is both redundant and less accurate - Add Q2 "what best describes you?" (role) to drive Step 4 template default and Onboarding Project sub-issue filtering - Keep Q1 team_size, refine Q3 use_case (recover writing/research option); all three now have "Other" with an 80-char text field - Q3 use_case_other is embedded into Step 5 first issue prompt so Other users get maximally personalized aha moments, not generic ones - Agent templates: 3 → 4 (Coding / Planning / Writing / Assistant), matrix driven by Q2 × Q3 - Onboarding Project sub-issues: surface Autopilot and Workspace Context (product differentiators), replace "orchestration" wording - Schema JSONB example and §5/§9 execution plan updated to match Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): align questionnaire shape with role-driven redesign Prepares the core state layer for the Step 1 questionnaire rewrite. Type-only and initial-value changes; no behavior changes (nothing was reading the removed `existing_agents` field, since no questionnaire UI exists yet). - Add `Role` type (Q2: developer / product_lead / writer / founder / other) - Add `_other` sibling fields for team_size / role / use_case so each question's "Other" selection can carry 80-char free text - Drop `existing_agents` — daemon auto-detects CLIs on PATH at Step 3, so the signal no longer belongs in the questionnaire - Extend `TeamSize` / `UseCase` unions with `"other"` member - Refine `UseCase` option label (`writing` → `writing_research`) so it matches the widened Q3 scope in the proposal Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> feat(onboarding): implement Step 1 questionnaire Replaces the placeholder welcome step with the 3-question questionnaire defined in docs/onboarding-redesign-proposal.md §3.4. Answers land in the core onboarding store for later use by Steps 4 and 5. Added: - packages/views/onboarding/components/option-card.tsx — OptionCard + OtherOptionCard. Radio-group ARIA semantics; Enter/Space select; Other variant reveals an 80-char input that auto-focuses on mount. - packages/views/onboarding/steps/step-questionnaire.tsx — merges welcome + Q1/Q2/Q3 into one screen. Local draft state for responsiveness; writes to the core store only on submit. Skip/ Continue CTA swap driven by "any answered?"; the only disabled case is "picked Other but the text box is blank". - Test coverage for the CTA rules, Other-clear-on-switch behavior, initial-answers pre-fill, and full payload shape. Modified: - packages/views/onboarding/onboarding-flow.tsx — render questionnaire as the first step; persist answers and advance the stored current_step on submit. Other steps still run off local useState for now; full store-driven orchestration follows when Step 5 lands. Removed: - packages/views/onboarding/steps/step-welcome.tsx — superseded. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): split welcome + questionnaire, unblock scroll, drop Q1 evaluating Three fixes prompted by first real browser testing of the Step 1 questionnaire. All three are about making the flow usable before pursuing visual polish. 1. Split Welcome and Questionnaire into two screens The previous merge-welcome-into-questionnaire decision dropped Multica's product introduction entirely. For a product with no established mental model (AI agents as first-class teammates in a task platform), first-time users need 5 seconds of framing before the questionnaire makes sense. StepWelcome carries that framing; it's UI-only (not a persisted step), shown only on first entry (pristine store), and skipped automatically on resume. 2. Remove `my-auto` vertical centering from both platform shells Long questionnaire content pushed the centered block's top above the scroll origin, making Continue/Skip unreachable. Top-alignment + natural body/overlay scroll is the boring-but-correct baseline for content of variable height. 3. Drop Q1 "Just exploring for now" option Q1 asks about team structure, not attitude. "Evaluating" was a category error. Low-commitment users already have a zero-friction path (skip all questions). Removing the option simplifies the question and the downstream mapping table. Types, store initial value, proposal doc (§3.1 flow diagram, §3.4 options, §3.5 sub-issue sorting, §3.6 conditionals, §4.1 JSONB schema, §5.2 file list, §7 decisions row, §9.2 execution order) all synced. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): center short steps, scroll long ones — correctly this time Previous attempt removed `my-auto` thinking it was responsible for blocked scrolling. That diagnosis was wrong: the real blocker was the root layout's \`body { overflow: hidden }\` (an app-shell convention so sidebar/topbar stay put while the inner content region scrolls). Removing `my-auto` broke vertical centering of short steps (Welcome) without fixing the scroll issue. Correct fix: - Web: page now owns its own scroll container — `h-full overflow-y-auto` on the outermost div decouples from the body's overflow-hidden. - Desktop: the overlay's existing `flex-1 overflow-auto` container already provided scroll; just restoring `my-auto` was sufficient. - Both platforms: inner `flex min-h-full flex-col items-center` + content `my-auto` gives the "short centers, long top-aligns and overflows down" behavior. Per the flex spec, auto margins are ignored on overflowing boxes (they overflow in the end direction), so Continue/Skip remain reachable via scroll even on long steps like the questionnaire. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): add progress indicator + stable header anchor Adds a consistent visual anchor at the top of every step (except Welcome), so transitioning between steps of different content heights no longer shifts the vertical baseline. - packages/core/onboarding/step-order.ts — single source of truth for step order; indicator math reads from here so adding/reordering a step touches only one line - packages/views/onboarding/components/step-header.tsx — dot row + "Step N of M" counter; three dot states (done/current/pending); accessible progressbar semantics - onboarding-flow.tsx — non-welcome steps now render under a shared `<div flex flex-col gap-8>` wrapper with StepHeader on top. Maps the local `complete` render step to the store's `first_issue` until Step 5 lands (one-line function, self-deleting). - step-welcome.tsx — keeps its own min-h-[60vh] + justify-center so the short intro still feels centered once the shell drops my-auto - apps/web + apps/desktop shells — removed `my-auto`. Every non-welcome step now anchors to the same top position, so only the content below the header changes during transitions. Welcome's own internal centering handles its "short content, no header" case. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): add web Step 3 platform fork (Desktop / CLI / waitlist) Web users now see a three-way choice at the runtime step instead of being dropped directly into CLI install instructions: - Primary CTA: Download Multica Desktop (bundled runtime) - Alternate: install the CLI (reveals existing StepRuntimeConnect) - Alternate: join the cloud waitlist (captures email, completes onboarding early with cloud_waitlist_email set) Desktop unchanged — its platform shell doesn't pass cliInstructions, so OnboardingFlow routes it straight to StepRuntimeConnect for the bundled-daemon auto-connect path. Rename step-runtime.tsx → step-runtime-connect.tsx to reflect its new single responsibility (connect UI only; platform choice lives in StepPlatformFork). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): capture optional use-case on cloud waitlist Adds a textarea to the waitlist form asking what the user wants to use Multica for. Optional (submit still works with email alone) but surfaces a clear prompt + placeholder example so most users will fill it in. Stored as cloud_waitlist_description alongside the email. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): make !hasOnboarded a first-class gate on both platforms Triggering condition was wrong on both sides. Web's dashboard-guard only checked hasOnboarded when the URL slug failed to resolve; desktop's App.tsx effect returned early when wsCount > 0 before even looking at hasOnboarded. Users with existing workspaces never got routed into onboarding regardless of their flag state. Also wire store.complete() into the happy-path finish — previously only the waitlist branch wrote onboarded_at, so every normal completion left the flag false and (now that triggers work) would loop users back into onboarding on refresh. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): Step 5 auto-bootstrap — welcome issue + Getting Started project After agent creation, the flow transitions to a loader screen that runs the bootstrap in the background: - Creates a welcome issue with a Q3-driven prompt, assigned to the new agent (so it starts working immediately) - Creates a "Getting Started" project with tutorial sub-issues filtered by Q1/Q2/Q3 - Stores first_issue_id + onboarding_project_id via store.complete() - Navigates the user straight into the welcome issue detail page, where they see the agent already responding Degraded path: if welcome issue fails, shows error with Retry / Continue anyway. If project or sub-issues fail, logs and proceeds with just the welcome issue — the aha moment still happens. No-agent paths (runtime skip, agent skip) short-circuit to onComplete without bootstrap. Local flow step union now aligns with the store enum; removed the mapLocalToStoreStep bridge and deleted the old step-complete.tsx placeholder. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): converge all no-agent paths to a single bootstrap step Before: skip-runtime, skip-agent, and waitlist each finished onboarding independently, bypassing Step 5 entirely. Users without an agent landed in an empty workspace with no tutorial project — the "self-serve" case had no bootstrap at all. Now: all three paths converge on the first_issue step with agent=null. Bootstrap branches on agent presence: - agent ✓ → welcome issue (assigned to agent) + project + agent-guided sub-issues ("watch your agent do X"). Lands on the welcome issue. - agent ✗ → project only + self-serve sub-issues ("try X yourself" — configure runtime, create agent, write first issue, etc.). Lands on the workspace issues list with the Getting Started project in the sidebar. Both web and desktop shells already handle firstIssueId=undefined → fall back to /<slug>/issues, so no shell-side change was needed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): pin starter project + assign sub-issues to the user Bootstrap now also: - Pins the Getting Started project so users see it in the sidebar immediately (both paths) - Pins the welcome issue too (path A only) so the first conversation with the agent stays one click away - Assigns every sub-issue to the current user (via their workspace member record). Only the welcome issue stays assigned to the agent — that's the aha-moment hand-off; everything else is for the user to work through Pin calls are fire-and-forget (failure logged but non-blocking). Member lookup is defensive — if listMembers fails or the user isn't found, sub-issues gracefully fall back to unassigned rather than breaking the bootstrap. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): remove cloud waitlist option Cloud runtime is not on the immediate roadmap and there's no backend table to persist emails. Keeping the UI around would silently drop user submissions — small trust leak. Revisit once cloud product lands alongside a proper waitlist table + notification pipeline. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): persist onboarded_at end-to-end Phase 1 of bringing onboarding from dev stub to production. A single persisted column drives every trigger — no separate user_onboarding table yet (that's a later phase for questionnaire persistence, cloud waitlist, analytics). Backend - Migration 050: ALTER TABLE "user" ADD COLUMN onboarded_at TIMESTAMPTZ (no backfill — existing users see onboarding next login, Skip affordance lands later) - sqlc: MarkUserOnboarded with COALESCE for idempotency - UserResponse DTO + userToResponse now emit onboarded_at via existing util.TimestampToPtr helper — single edit covers GetMe, VerifyCode, GoogleLogin, LoginWithToken - New handler POST /api/me/onboarding/complete - Route registered in the authenticated user-scoped group Frontend - User type gets onboarded_at: string \| null - api.markOnboardingComplete() - Auth store adds refreshMe() — lightweight getMe + setUser, complements existing initialize() - useHasOnboarded switches source from onboarding-store (dev stub) to auth-store (user.onboarded_at). Every call site — dashboard guard, desktop App.tsx, invite page fallback, realtime workspace-loss handler, settings leave/delete — picks up the real signal without any direct change - onboarding-store.complete() now hits the server: POST + refreshMe before local state update, so the next router effect sees the non-null timestamp and won't bounce the user back Triggers + route guards - StepWorkspace drops the Skip button — every onboarding user must create their own workspace even if invited into one - /onboarding page redirects already-onboarded users away (guards against manual URL access) - login page + auth callback: onboarding wins over ?next= for unonboarded users; invite links are revisitable after onboarding Tests - apps/web callback tests updated: mocks now return User objects so onboarded_at is readable; new "onboarded user honors next" scenario added, "unonboarded ignores next" scenario kept - test/helpers mockUser gets onboarded_at field - questionnaire already-existing strict-required tests bundled in from a prior uncommitted change Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): review findings — dead state, error recovery, cache races From independent review of the prior onboarded_at commit. - Remove the dead OnboardingState.onboarded_at field, its INITIAL_STATE entry, and its write in store.complete(). useHasOnboarded now reads auth-store exclusively; leaving a parallel field here violates the "don't duplicate server data in Zustand" rule and risks drifting into a second source of truth. - Wrap handleBootstrapDone/handleBootstrapSkip in try/catch with toast recovery. complete() is idempotent server-side (COALESCE), so a retry after a failed POST/refreshMe is free — letting the error bubble into the React error boundary trapped the user with no way forward. - RedirectIfAuthenticated: swap `!list` for `isFetched`-gated check, matching the pattern added on the /onboarding page. Same one-tick race where a stale cache [] could fire a premature replace before the fresh list settles. - (Self-review fixups picked up along the way) /onboarding page now waits for workspacesFetched before redirecting already-onboarded users, and login handleSuccess reads useAuthStore.getState() so the hasOnboarded value is fresh after setUser (the closure captured a stale pre-login value otherwise). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): shrink store surface + firm up flow invariants Post-review cleanup. End-to-end flow is already complete (user.onboarded_at is the single source of truth); these are quality-of-life fixes on top. Store surface - Drop six dead fields from OnboardingState (workspace_id, runtime_id, agent_id, first_issue_id, onboarding_project_id, platform_preference) and the PlatformPreference type. None had readers — they were stub placeholders for a future user_onboarding table that isn't coming this phase. CLAUDE.md "don't design for hypothetical future". - store.complete() signature simplifies to () — no more patch arg, since the only patch fields were the ones just deleted. Welcome as a first-class step - Add "welcome" to OnboardingStep enum and make it INITIAL_STATE's current_step. Removes the pristine-heuristic "did user see welcome?" check, which could misfire on remount. - pickInitialStep() collapses to `state.current_step ?? "welcome"`. - ONBOARDING_STEP_ORDER stays unchanged (welcome isn't a progress point). advance() chain - Every transition handler now persists the new current_step to the store (handleWorkspaceCreated, handleRuntimeNext, handleAgentCreated, handleAgentSkip). Refresh lands on the right step instead of jumping back to Step 2. Invariants - OnboardingFlow throws on null user instead of spreading defensive `?? ""` and `if (userId)` that silently degraded to unassigned sub-issues. Shell guards already ensure user is present. - Desktop WindowOverlay's onComplete gains a paths.root() fallback when workspace is undefined — matches web's symmetry. docs/product-overview.md: committed from untracked. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): persist questionnaire + current_step; resume + Back End-to-end questionnaire persistence + resume capability. User answers are now server-side (analytics-ready); refreshing or revisiting lands on the furthest reached step with previous answers pre-filled; a Back button on each step lets users edit earlier answers without losing progress. Backend - Migration 051: ALTER TABLE "user" ADD onboarding_current_step TEXT, onboarding_questionnaire JSONB NOT NULL DEFAULT '{}'::jsonb - sqlc: new PatchUserOnboarding with sqlc.narg for optional fields (COALESCE preserves unspecified columns). MarkUserOnboarded also clears current_step — once complete, the step pointer has no meaning - Handler PATCH /api/me/onboarding accepting partial {current_step, questionnaire}. Questionnaire passthrough via json.RawMessage, no server-side validation of inner shape (keeps schema evolution free) - UserResponse DTO emits both new fields; userToResponse coalesces JSONB to '{}' defensively Frontend - User type gains onboarding_current_step + onboarding_questionnaire - api.patchOnboarding(payload) - Delete Zustand onboarding store — replaced with plain async advanceOnboarding() / completeOnboarding() that call the API and sync auth store. Source of truth is the user object, no client-side shadow state that could drift - pickInitialStep reads user.onboarding_current_step; StepQuestionnaire initial pre-fills from user.onboarding_questionnaire - Monotonic furthestStepRef: Back edits don't regress server-side progress, and re-submit returns the user to where they were - Back buttons on Steps 2/3/4. Back is local-only — just changes the rendered step, no PATCH - Loading indicator on Welcome + Questionnaire submit buttons while PATCH is in flight - CreateWorkspaceForm.onSuccess accepts Promise<void> so the flow can await advance() from its onCreated handler Test mocks (helpers + callback test) updated with new User fields. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): resume to Step 3+ needs workspace/runtime fallback Self-review caught: resume lands the user on their saved step, but React state (workspace, runtime, agent) is empty on fresh mount. The render conditions gate on those — without fallbacks the page stays blank. - workspaceListOptions() query fills runtimeWorkspace from cache when stepping past Step 2. Only one workspace exists during onboarding (StepWorkspace always creates one), so [0] is unambiguous. - StepWorkspace accepts an `existing` prop. On resume / Back to Step 2 with a pre-existing workspace, render a "Continue with <name>" confirmation instead of the create form, which would otherwise hit a slug conflict the moment the user clicks Create. - runtimeListOptions(wsId, "me") similarly seeds Step 4's runtime — prefer first online, fall back to first. Step 5 resume path unchanged: if `agent` React state is null on re-entry, bootstrap runs the self-serve branch. Not ideal (user may have actually created an agent), but bootstrap's list-check approach (future work) will handle orphan detection symmetrically. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): delete all skip/resume jump logic Flow always starts from Welcome. Questionnaire answers still pre-fill from user.onboarding_questionnaire. current_step is still PATCHed for future analytics but no UI code reads it for navigation. Removed from onboarding-flow.tsx: - pickInitialStep + isOnboardingStep (no server-driven entry point) - furthestStepRef + resolveNextStep (no edit-vs-first-pass branching) - runtimes useQuery + stepRuntime fallback (user walks through Step 3 linearly, so runtime React state is always populated by Step 4) - workspace resume fallback in runtimeWorkspace (same reasoning) Kept: - advanceOnboarding({ current_step, questionnaire? }) — server persistence, analytics-ready - StepQuestionnaire's initial prop from stored answers - workspaces useQuery (gated to step === "workspace" only) for existing-workspace detection on Step 2 to prevent slug conflicts when a previous onboarding was abandoned - Back buttons + handleBack (local-only navigation) - Error recovery on completeOnboarding via try/catch + toast Every transition handler is now a straight advance + setStep line. Users who close mid-flow and return walk the full flow from Welcome again — slight extra clicks, but each step shows meaningful confirm UI (existing workspace, connected runtimes, etc.) so it doesn't feel like repeated work. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): grandfather existing users in the onboarded_at migration Folded the backfill into 050 itself (branch has not shipped to prod, so editing the migration in place is clean). Without this, once this branch deploys, every pre-existing user would be walled off into onboarding on their next login — a real production incident. Uses created_at rather than NOW() so analytics like "signup → onboarded interval" read correctly for pre-launch users. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(onboarding): Step 1 questionnaire — two-column editorial layout Matches the onboarding(3) design spec: full-bleed two-column on lg+ (main + "Why we ask" side rail), collapses to single column below. - StepQuestionnaire rewritten with: - Mono 01/02/03 markers per question - Serif question headings (22px) - Editorial serif title ("Three answers. We'll handle the rest.") - Right-side rationale panel explaining what each answer unlocks - Sticky footer with hint + Continue CTA - Embeds StepHeader on the left column so it escapes the flow's narrow max-w-xl wrapper, same pattern Welcome uses - OptionCard redesigned: radio-dot marker + inset ring on select, matches design's .opt pattern - OtherOptionCard: text input appears below the row (not inside the card) with bottom-border-only styling, aligned under the label - onboarding-flow: questionnaire now early-returns full-bleed, joining Welcome as a hero-layout step Placeholder copy updated to match design examples; tests adjusted. * fix(onboarding): questionnaire uses 3-region app-shell layout Previous version had everything in a single scroll container with a sticky footer. As the user scrolled into the questions, the Back button and StepHeader progress indicator scrolled out of view, and sticky-bottom had edge cases with width-constrained flex nesting. Classic 3-region shell now: - Fixed header row: Back button (left) + StepHeader progress indicator — persistently visible regardless of scroll position - Scrollable middle: eyebrow / serif title / lede / 3 question blocks. Uses `flex-1 overflow-y-auto min-h-0` — the min-h-0 is the critical bit that lets a flex-1 child shrink below content height inside a flex column - Fixed footer row: hint (hidden < sm) + Continue CTA — always reachable, never scrolled off Right "Why we ask" panel is now an independent grid column with its own overflow, so the two columns scroll independently instead of the whole page having one shared scrollbar. Side panel width reduced 520 → 480 to give the question column more room on 1280/1366 screens where 1fr_520 left ~760px for content; 1fr_480 gives ~800-900px which comfortably fits the 620px max-w content column plus breathing room. * fix(onboarding): questionnaire needs DragStrip like every full-window view Traffic lights were overlapping the StepHeader progress dots because Step 1 escaped onboarding-flow's non-welcome wrapper (which renders <DragStrip />) without rendering its own. The codebase convention per packages/views/platform/drag-strip.tsx is: every full-window view places a DragStrip as the first flex child of each visible column. Adds DragStrip at the top of both the left (shell) and right ("Why we ask") columns, matching step-welcome.tsx which already did this. Traffic lights now land in the 48px transparent strip with no content collision; dragging from any top edge moves the window on Electron; border-l between columns runs edge-to-edge. Also made the right column's scroll container use `min-h-0 flex-1 overflow-y-auto` so its internal scroll activates independently of the left column. (Separately investigated: useImmersiveMode is no longer called anywhere in production code — the codebase has fully committed to the DragStrip pattern. No action needed on the hook itself.) * style(onboarding): drop top/bottom borders on questionnaire shell * style(onboarding): use chat-style scroll fade mask instead of border The questionnaire's scroll area now fades softly at top/bottom edges via `useScrollFade` (already used by chat-message-list.tsx) — the same mask-image linear-gradient pattern that fades content under the header/footer based on scroll position: - At top: only bottom fades (hint: more content below) - At bottom: only top fades (hint: content above) - In middle: both fade - Fits entirely: no mask This replaces the removed border-b/border-t on the header/footer with a softer, more editorial visual separation while giving an actual scroll-position affordance the border can't. * feat(onboarding): show "n of 3 answered" progress next to Continue Gives the user a glance-able progress signal as they fill the questionnaire. Static text, no extra UI primitives, no dynamic state variants — just `{n} of 3 answered` updating in place, left of the Continue button. Replaces the static "Your answers shape the next screens..." hint, which was always there regardless of progress and added noise. Same canContinue gate as before (all 3 answered), just derived from the new per-question check so we don't compute validity twice. * style(onboarding): drop redundant lede under questionnaire title The title already conveys the "we'll handle the rest for you" promise — the lede just rephrased it at length. Removed; bumped the question-list top margin (mt-8 → mt-10) to keep breathing room. * feat(onboarding): land redesigned flow + post-landing starter content opt-in This commit bundles the final onboarding-redesign work that sat in the working tree with today's architectural reshape of how starter content is handled. Splitting across sqlc-regenerated files would be fragile, so it ships as one logical unit — "onboarding is ready for production". Flow redesign (Steps 1–5) ------------------------- - Editorial two-column shells on Steps 1/2/3/4 (DragStrip + hero column + aside panel) — Welcome, Questionnaire, Workspace, Runtime, Agent - Web-only Step 3 fork (Download desktop / Install CLI / Cloud waitlist) lives alongside desktop's direct runtime picker; cloud path is interest-capture only, doesn't advance the flow - DragStrip extracted to packages/views/platform as a cross-platform component — 48px transparent drag row, no-op on web - recommend-template.ts + test: Q1–Q3 → AgentTemplate mapping Cloud waitlist -------------- - Migration 052: cloud_waitlist_email VARCHAR(254) + cloud_waitlist_reason TEXT - Handler: net/mail.ParseAddress + length bounds + reason trim - Frontend: CloudWaitlistExpand component + api.joinCloudWaitlist Drop persisted onboarding_current_step -------------------------------------- - The interim implementation persisted the user's furthest-reached step; the final design starts every entry at Welcome, so the column is dead - Migration 051 no longer adds it; migration 053 drops it IF EXISTS on any environment that ran the interim 051 — schema converges cleanly - UserResponse / User type / patchOnboarding signature all drop the field Post-landing starter content (new architecture) ----------------------------------------------- Why: the old design ran bootstrap inside Step 5 (welcome issue + Getting Started project + sub-issues, all in one try block). That had three defects — (1) non-idempotent: Retry after partial failure created duplicates; (2) sub-issue assignee raced listMembers → showed as "Unknown"; (3) skipped users (paths A/C/D) never got any starter content. All three are structural, not patchable. New design: onboarding ends at completeOnboarding() as before (gate is unchanged for useDashboardGuard). The 4 completion paths (Welcome skip / full flow / Runtime skip / Error recover) all just call completeOnboarding() and navigate to workspace. On landing, a StarterContentPrompt dialog renders exactly once per user (starter_content_state == null) with Import / No thanks. The dialog is mandatory — no X, no ESC, no outside-click — so state always ends in a terminal value. - Migration 054: starter_content_state TEXT, backfill 'skipped_legacy' for pre-feature onboarded users so they're never prompted - Server POST /api/me/starter-content/import: transactional claim (NULL → 'imported') + bulk create project + optional welcome issue + sub-issues + pins, all in one tx. 409 Conflict on second call - Server POST /api/me/starter-content/dismiss: transactional NULL → 'dismissed' - Import decides agent-guided vs self-serve by inspecting the workspace's agent list at dialog time — fixes path A (Welcome skip + existing agent) which was previously excluded from starter content - starter-content-templates.ts replaces bootstrap.ts: pure template builders, no API calls. Copy is reviewed as UI; server owns atomicity - StepFirstIssue is now just completeOnboarding() + navigate; error surface collapses to a Retry button (no more "Continue anyway" branch) - OnboardingCelebration + just-completed.ts removed (replaced by StarterContentPrompt which reads server state, not sessionStorage) Handler hardening ----------------- - PatchOnboarding: MaxBytesReader 16KB so the JSONB column can't be weaponized as bulk storage (every /api/me read returns the payload) - JoinCloudWaitlist: net/mail format check + explicit 254-char cap - ImportStarterContent: MaxBytesReader 64KB (templates are markdown-heavy but still bounded); welcome issue's agent_id verified in-workspace Tests ----- - Existing onboarding_test.go (waitlist) passes - step-platform-fork.test.tsx + recommend-template.test.ts (new) - apps/web test helpers updated for User.starter_content_state Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(onboarding): resolve Unknown assignee/creator + tighten prompt copy Two surface issues on the post-landing starter content dialog: 1. Unknown assignee & Created by ------------------------------- ImportStarterContent stored `member.id` (the membership row UUID) in `assignee_id` and `creator_id` for sub-issues. That mismatched the rest of the codebase — AssigneePicker and resolveActor in issue.go both store `user_id` for type="member", and `useActorName.getMemberName` looks members up by `user_id`. The mismatch meant the lookup never matched any member and fell through to the "Unknown" fallback. Fix: use `parseUUID(userID)` for both fields. The existing membership check stays for the 403 signal; we just no longer need the returned `member.ID`. 2. Dialog copy too long, button labels unclear ---------------------------------------------- Old copy was 3–4 paragraphs of instruction; users need to read less than that to make a binary choice. Buttons "Import starter tasks" and "No thanks" also didn't make it clear what "No thanks" actually does — it starts a blank workspace, so say so. New: - Title: "Welcome — add starter tasks?" - Body: one sentence describing the seeded content - Left button: "Start blank workspace" - Right button: "Add starter tasks" Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(onboarding): server decides starter content branch Problem: the old ImportStarterContent gated the agent-guided vs self-serve branch on a client-supplied `welcome_issue.agent_id` or null `welcome_issue`. The client made that decision by reading its React Query cache of the workspace's agent list — any timing quirk (cache not populated, stale, race with WS event) could lie to the server, and there was no way for the server to disagree. Users with an agent in the DB could still end up on the self-serve branch. Fix: the server is now authoritative. The client always sends both template arrays (agent_guided_sub_issues, self_serve_sub_issues) and a welcome_issue_template (title + description + priority, NO agent_id). Inside the import transaction the server runs ListAgents on the workspace — if there's at least one agent, it picks agents[0] (same ordering the client used: created_at ASC), uses agent_guided_sub_issues, and creates the welcome issue assigned to that agent. Otherwise it uses self_serve_sub_issues and skips the welcome issue. Side effect: the Unknown assignee/creator bug is structurally gone — no client-supplied id flows into assignee_id/creator_id for type= "member". The server uses actorID = parseUUID(userID) everywhere, matching resolveActor in issue.go. Client surface also simplifies: StarterContentPrompt drops useQuery(agentListOptions), the hasAgent check, the agentsFetched button gate, and the branch-specific copy. Dialog description is a single generic line ("If you already have an agent, we'll also seed a welcome issue it replies to right away"). buildImportPayload no longer takes an agentId parameter — one unconditional return shape. Payload grows ~15 KB (both sub-issue arrays always present); still well under the 64 KB MaxBytesReader cap. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(onboarding): clarify runtime prerequisite, revert dialog agent list Step 3 runtime (desktop step-runtime-connect.tsx) — scanning and empty subtitles now name the local AI coding tools Multica drives (Claude Code, Codex, Cursor, and others), so users understand a runtime alone isn't enough: they also need one of those tools installed on the machine. Uses "and others" rather than a closed list so we don't lock the copy to exactly three integrations. StarterContentPrompt dialog — reverted the short-lived "try Coding, Planning, Writing agents and more" rewrite. That was a misread of feedback meant for the Step 3 prerequisite, not the dialog. The dialog's current single-sentence "how agents, issues, and context work in Multica" is enough. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 20:32:33 +08:00
Jiayuan Zhang	b291db11c2	feat(agents): add per-agent model field with provider-aware dropdown (#1399 ) Adds a first-class `model` field on agents so users can pick the LLM model from the create / settings UI instead of editing `custom_env` / `custom_args`. Each provider's dropdown is populated from the live CLI when possible (`opencode models`, `pi --list-models`, `openclaw agents list --json`, `cursor-agent --list-models`, hermes ACP `session/new` → `SessionModelState`), with a static catalog for providers that don't enumerate. Daemon resolves the runtime model as `agent.model → MULTICA_<PROVIDER>_MODEL → ""` — empty passes through so each backend's CLI picks its own default, avoiding static-guess drift. Per-provider honouring: - Claude / Codex / OpenCode / Cursor / Gemini / Pi / Copilot — CLI `--model` / thread payload. - OpenClaw — `opts.Model` is mapped to `--agent <name>` (the CLI rejects `--model`). - Hermes — `session/set_model` ACP RPC; stderr is sniffed for provider-level errors so HTTP 4xx from the configured LLM surfaces instead of "empty output"; explicit-model failures mark the task `failed`. Supporting changes: migration 050 adds `agent.model`; daemon ↔ server heartbeat piggyback carries a model-discovery request; new REST endpoints under `/api/runtimes/{id}/models`; `multica agent create --model` / `update --model`; shared `ModelDropdown` in `packages/views/agents` (searchable, creatable, provider-grouped, default-badge, runtime-supported gate).	2026-04-21 00:06:34 +08:00
Naiyuan Qing	fe358feff0	Reapply "feat: workspace URL refactor v2 + rollback-safe compat layer (#1138 )" (#1139 ) (#1141 ) This reverts commit `b30fd98605`.	2026-04-16 13:16:35 +08:00
Naiyuan Qing	b30fd98605	Revert "feat: workspace URL refactor v2 + rollback-safe compat layer (#1138 )" (#1139 ) This reverts commit `75d12c26c5`.	2026-04-16 12:26:40 +08:00
Naiyuan Qing	75d12c26c5	feat: workspace URL refactor v2 + rollback-safe compat layer (#1138 ) * Reapply "feat: workspace URL refactor + slug-first API identity (#1131)" (#1137) This reverts commit `9b94914bc8`. * compat: legacy URL redirect + localStorage double-write for safe rollback The first attempt at this refactor (#1131) was reverted because existing users on old URLs (/issues, /projects, etc.) hit 404 immediately after deploy, and rolling back left them with empty dashboards — the legacy code reads localStorage["multica_workspace_id"] to attach a workspace to API requests, but the new code had stopped writing that key. Two compat layers added on top of the restored refactor: 1. proxy.ts now intercepts legacy route prefixes (/issues/, /projects/, /agents/, /inbox/, /my-issues/, /autopilots/, /runtimes/, /skills/, /settings/). Logged-in users with a last_workspace_slug cookie are 302'd to /{slug}/{rest}, preserving their deep link. Users without the cookie bounce through / where the landing page picks a workspace client-side. Unauthenticated users go to /login. 2. Both layouts now double-write the workspace id to the legacy localStorage key on every workspace entry. New code ignores this key — it exists solely so that if this PR ever gets reverted again, the legacy build reading the key would still find the correct workspace and avoid the empty-dashboard symptom users saw during the rollback. Net effect: any direction of deploy ↔ rollback is now cache-compatible, and any direction of old bookmark → new route resolves without 404. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> fix(platform): defer rehydrateAllWorkspaceStores to a microtask Same React 19 render-phase restriction that forced setCurrentWorkspace to defer its subscriber notifications. rehydrateAllWorkspaceStores synchronously calls each persist store's rehydrate, which setState()s the store, which schedules updates on any subscribed component. When the workspace layout's render-phase ref guard invoked this, React complained that SearchCommand (a store subscriber) couldn't be re-rendered while WorkspaceLayout was still rendering. Fix: queueMicrotask the rehydrate loop and add a pending-flag guard so rapid workspace switches coalesce into one rehydrate on the final slug. Persist stores tolerate one microtask of staleness — they hold UI preferences, not correctness-critical state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 12:23:41 +08:00
Naiyuan Qing	9b94914bc8	Revert "feat: workspace URL refactor + slug-first API identity (#1131 )" (#1137 ) This reverts commit `59ace95a1e`.	2026-04-16 11:56:15 +08:00
Naiyuan Qing	59ace95a1e	feat: workspace URL refactor + slug-first API identity (#1131 ) * feat: workspace URL refactor + slug-first API identity Make the URL the single source of truth for workspace identity. All workspace-scoped URLs now carry the workspace slug as the first path segment (/{slug}/issues, /{slug}/projects, etc.), matching the industry standard (Linear, Notion, Vercel, GitHub). ## Key architectural changes URL-driven workspace identity: - Web routes moved under app/[workspaceSlug]/(dashboard)/ - Desktop routes nested under /:workspaceSlug - paths.ts builder centralises all URL construction - reserved-slugs validation (backend + frontend + DB migration audit) Slug-first API contract: - Frontend sends X-Workspace-Slug header (from URL) instead of X-Workspace-ID (UUID) - Backend middleware resolves slug → UUID via GetWorkspaceBySlug, falls back to X-Workspace-ID for CLI/daemon backwards compatibility - WebSocket auth accepts ?workspace_slug query param with SlugResolver callback State cleanup: - Deleted: useWorkspaceStore (Zustand mirror), switchWorkspace/hydrateWorkspace/ clearWorkspace, localStorage["multica_workspace_id"], api._workspaceId - useCurrentWorkspace() derives from URL slug + React Query workspace list - useWorkspaceId() is now a bridge hook (no Context, derives from useCurrentWorkspace) - WorkspaceIdProvider removed from DashboardGuard - Paired module vars (slug + UUID) in workspace-storage.ts for non-React consumers Layout simplified: - Render-phase ref guard sets workspace context synchronously (no async gate) - DashboardGuard handles auth redirect, loading state, and workspace resolution - Subscriber notifications deferred via queueMicrotask (React 19 compat) - persist namespace uses slug (immutable) instead of UUID ## Issues resolved MUL-43 (share links), MUL-509 (mobile workspace switch), MUL-723 (workspace in URL), MUL-727 (create workspace flash), MUL-728 (delete workspace no-navigate), MUL-820 (sidebar Join not switching) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: resolve code review C3/C4/C5/C6 — desktop deadlock + hardcoded paths C3: Desktop OnboardingGate was calling useCurrentWorkspace() outside WorkspaceSlugProvider → always null → permanent onboarding deadlock. Rewrite to use useQuery(workspaceListOptions()) which reads React Query cache directly without slug context. Remove DashboardGuard from DesktopShell (auth gating handled by AppContent, workspace routing by WorkspaceRouteLayout per-tab). C4: Landing page "Dashboard" links hardcoded /issues (no longer valid). Changed to / — proxy handles redirect to /{lastSlug}/issues. C5: autopilots-page.tsx had one hardcoded /autopilots/${id} link. Changed to wsPaths.autopilotDetail(id). C6: inbox-page.tsx hardcoded /inbox paths. Changed to wsPaths.inbox(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(desktop): wrap shell in WorkspaceSlugProvider from module var AppSidebar calls useWorkspacePaths() → useRequiredWorkspaceSlug() which throws outside WorkspaceSlugProvider. In the desktop shell, the sidebar renders at the shell level (outside any tab's WorkspaceRouteLayout). Fix: DesktopShell reads the current slug via useSyncExternalStore on the workspace-storage singleton. When slug is available, wraps the entire shell in WorkspaceSlugProvider. When null (first mount before any tab's WorkspaceRouteLayout sets it), shows a loading spinner. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(desktop): migrate old tab paths + fix shell slug deadlock Tab store rehydration: old-format paths like "/issues/abc" (missing workspace slug prefix) are reset to "/" so IndexRedirect picks the correct workspace. Detection: if the first segment is a known route name (issues, projects, etc.) rather than a workspace slug, it's an old-format path. Desktop shell: TabContent must always render (not gated behind slug check) so WorkspaceRouteLayout can mount and call setCurrentWorkspace. Only sidebar and shell-level UI (chat, modals, search) gate on slug being present. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 11:53:09 +08:00
Bohan Jiang	ce447c7f06	feat(agent): add custom CLI arguments support (#986 ) * feat(agent): add custom CLI arguments support Allow users to configure custom CLI arguments per agent that get appended to the agent subprocess command at launch time. This enables use cases like specifying different models (--model o3), max turns, or other provider-specific flags without needing separate runtimes. Changes: - Add custom_args JSONB column to agent table (migration 041) - Update API handler to accept/return custom_args in create/update - Pass custom_args through claim endpoint to daemon - Append custom_args to CLI commands for all agent backends - Add ExecOptions.CustomArgs field in agent package - Add Custom Args tab in agent detail UI - Add --custom-args flag to CLI agent create/update commands Closes MUL-802 * fix(agent): filter protocol-critical flags from custom_args Add per-backend filtering of custom_args to prevent users from accidentally overriding flags that the daemon hardcodes for its communication protocol (e.g. --output-format, --input-format, --permission-mode for Claude). This follows the same pattern as custom_env's isBlockedEnvKey: we only block the small, stable set of flags that would break the daemon↔agent protocol — not every possible dangerous flag. Workspace members are trusted for everything else. Each backend defines its own blocked set: - Claude: -p, --output-format, --input-format, --permission-mode - Gemini: -p, --yolo, -o - Codex: --listen - OpenCode: --format - OpenClaw: --local, --json, --session-id, --message - Hermes: none (ACP is positional) Includes unit tests for the filtering logic. * fix(agent): address code review nits for custom_args - Replace module-level `nextArgId` counter with `crypto.randomUUID()` in custom-args-tab.tsx to avoid SSR ID conflicts - Add unit tests for custom args passthrough and blocked-arg filtering in both Claude and Gemini arg builders	2026-04-15 14:58:53 +08:00
Bohan Jiang	762e64d469	fix(agent): restrict custom_env visibility to owner/admin (#1046 ) * fix(agent): restrict custom_env visibility to agent owner and workspace admin Agent environment variables (custom_env) were visible to all workspace members, exposing sensitive tokens. Now only the agent owner and workspace owner/admin can view them — regular members receive the field omitted (null) from API responses, and the frontend hides the Environment tab accordingly. Closes #1018 * fix(agent): show masked env keys to non-authorized users instead of hiding tab Instead of completely hiding the Environment tab for non-owner/non-admin users, show the variable keys with masked values (**) in a read-only view. This lets members see which variables are configured without exposing the actual values. - Backend: mask values with "**" instead of nullifying custom_env - Added custom_env_redacted boolean to API response - Frontend: EnvTab supports readOnly mode with lock icon and muted styling	2026-04-15 13:06:49 +08:00
Jiang Bohan	4165401d16	feat(agent): support custom environment variables for router/proxy mode Add per-agent custom_env configuration that gets injected into the agent subprocess at launch time. This enables users to configure custom API endpoints (ANTHROPIC_BASE_URL), API keys (ANTHROPIC_API_KEY), and cloud provider modes (CLAUDE_CODE_USE_BEDROCK, CLAUDE_CODE_USE_VERTEX) without requiring code changes. Changes: - Migration 040: add custom_env JSONB column to agent table - Backend: custom_env in agent CRUD API + claim endpoint - Daemon: merge custom_env into subprocess environment variables - Frontend: env var editor in agent settings (key-value pairs with visibility toggle for sensitive values) Closes #816 Related: #807, #809	2026-04-13 16:47:56 +08:00
Naiyuan Qing	43466a6402	refactor: migrate workspace list from Zustand to React Query - Remove workspaces[] from workspace store — list is server state, belongs in React Query - Change switchWorkspace(id) → switchWorkspace(ws) — caller provides full object from Query - Remove createWorkspace/leaveWorkspace/deleteWorkspace store actions (duplicated mutations) - Remove refreshWorkspaces store action — replaced by qc.fetchQuery + hydrateWorkspace - Enhance useLeaveWorkspace/useDeleteWorkspace mutations to re-select workspace when current is removed - useCreateWorkspace mutation now switches to new workspace on success - AuthInitializer seeds React Query cache on boot to avoid double fetch - Realtime sync: replace refreshWorkspaces() calls with qc.fetchQuery + hydrateWorkspace - Sidebar reads workspace list from useQuery(workspaceListOptions()) instead of Zustand - create-workspace modal and workspace settings tab use mutations directly - AGENTS.md: rewrite to match current monorepo architecture, pointing to CLAUDE.md Fixes workspace rename not updating sidebar without page refresh. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 13:38:02 +08:00
Naiyuan Qing	ba32f3a187	chore: add shared ESLint config + enforce strict tsconfig across packages - Add @multica/eslint-config package (base, react, next configs) - Replace `next lint` (removed in Next.js 16) with `eslint .` - Add lint scripts to all packages and desktop app - Add noUnusedLocals, noUnusedParameters, noImplicitReturns to base tsconfig - Fix all resulting TS/ESLint errors (unused imports, missing returns, stale eslint-disable comments from legacy eslint-config-next) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 08:27:29 +08:00
Naiyuan Qing	e1e7f68330	feat: extract packages/core — Turborepo infrastructure + headless business logic Phase 1: Monorepo infrastructure - Add Turborepo with turbo.json pipeline (build, dev, typecheck, test) - Update pnpm-workspace.yaml to include packages/* - Create shared TypeScript config (packages/tsconfig) Phase 2: Extract packages/core (zero react-dom, all-platform reuse) - Move domain types, API client, logger, utils → packages/core/ - Move TanStack Query modules (issues, inbox, workspace, runtimes) - Move Zustand stores (auth, workspace, issues, navigation, modals) - Move realtime sync (WSProvider, hooks, ws-updaters) - Refactor auth/workspace stores to factory pattern for DI - Refactor ApiClient with onUnauthorized callback - Refactor useWorkspaceId to React Context (WorkspaceIdProvider) - Refactor WSProvider to accept wsUrl + store props - Create apps/web/platform/ bridge layer (api singleton, store instances) - Update 91 import paths across apps/web/ - Fix 3 test files for new import paths Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 10:20:00 +08:00
Naiyuan Qing	8cf78b7a47	Merge remote-tracking branch 'origin/main' into feat/tanstack-query-migration # Conflicts: # apps/web/app/(dashboard)/agents/page.tsx	2026-04-08 10:35:28 +08:00
devv-eve	7c79611309	refactor: remove agent triggers config field (#469 ) * refactor: remove agent triggers config field Remove the triggers field from agent configuration. The on_assign, on_comment, and on_mention behaviors are now always enabled (hardcoded), as decided in the Agentflow design discussion (MUL-372). Changes: - Database: migration 032 drops triggers column from agent table - Backend: remove triggers from create/update agent APIs and response - Backend: simplify trigger-checking logic to always-enabled - Frontend: remove TriggersTab UI and AgentTrigger types - Tests: remove trigger config unit tests (no longer configurable) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: also remove agent tools config field Remove the tools field from agent configuration alongside triggers. The tools field was a placeholder — stored in the DB and shown in the UI but never passed to the daemon or used at runtime. - Database: migration 032 now also drops tools column - Backend: remove tools from create/update agent APIs and response - Frontend: remove ToolsTab UI, AgentTool type, and tools tab - Update landing page copy Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(test): remove tools/triggers columns from test fixtures The test fixtures still referenced the dropped tools and triggers columns when inserting agent rows, causing CI failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Devv <devv@Devvs-Mac-mini.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 22:02:28 +08:00
Naiyuan Qing	e40341ab73	feat(core): migrate workspace + runtimes to TanStack Query (Phase 3+4) - Create core/workspace/ with queries (members, agents, skills, list) and mutations - Create core/runtimes/ with queries - Migrate 11 consumer files from useWorkspaceStore.members/agents/skills to useQuery - Replace all WS refreshMap entries with qc.invalidateQueries - Simplify workspace store: delete members/agents/skills fields + refresh methods, hydrateWorkspace becomes synchronous (TQ auto-fetches on component mount) - Delete useRuntimeStore (no consumers left), runtimes-page uses local useState + TQ - Remove workspace→runtime cross-store dependency - Clean up dead test helper mocks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 17:19:52 +08:00
LinYushen	09764c5f51	feat(agent): replace hard delete with archive/restore (#346 ) * feat(agent): replace hard delete with archive/restore Replace agent deletion with soft archive pattern. Archived agents are preserved in the database with all historical references intact but cannot be assigned, mentioned, or trigger tasks. Backend: - Add archived_at/archived_by columns to agent table (migration 031) - Replace DELETE /api/agents/{id} with POST /api/agents/{id}/archive - Add POST /api/agents/{id}/restore endpoint - ListAgents excludes archived by default (?include_archived=true to include) - Skip archived agents in task triggers (on_assign, on_comment, on_mention) - Block assignment to archived agents - Cancel pending tasks on archive - New events: agent:archived, agent:restored (replacing agent:deleted) Frontend: - Agent type includes archived_at/archived_by fields - Mention autocomplete and assignee picker filter out archived agents - Agent list shows archived agents with muted styling - Agent detail shows archive banner with restore button - Delete button replaced with Archive button and updated confirmation dialog - API client: archiveAgent/restoreAgent replace deleteAgent Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(agent): self-review fixes for archive feature - Fix: workspace store now fetches agents with include_archived=true so archived agents are actually visible in the frontend (the archived UI was dead code before — ListAgents excludes archived by default) - Fix: add error logging for CancelAgentTasksByAgent in ArchiveAgent - Fix: add idempotency guards — return 409 Conflict when archiving an already-archived agent or restoring a non-archived agent - Fix: revert unnecessary extra GetAgent query in ReconcileAgentStatus (archived agents won't have running tasks after CancelAgentTasksByAgent) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 17:33:52 +08:00
Jiayuan Zhang	5211947104	Merge pull request #168 from multica-ai/forrestchang/agent-arch-review feat: session persistence, agent instructions, and on_comment trigger	2026-03-29 17:54:22 +08:00
Jiayuan	5b2c61cfab	feat(agent): add instructions field for agent persona/identity Add an `instructions` text field to the agent model, allowing users to define each agent's role, expertise, and working style. Instructions are injected into CLAUDE.md as an "Agent Identity" section so the agent knows who it is on every task execution. - Migration 021: add instructions column to agent table - Backend: create/update/get agent handlers support instructions - ClaimTask response includes instructions for daemon injection - execenv: inject instructions into CLAUDE.md meta-skill - Frontend: add Instructions tab to agent detail panel	2026-03-29 17:01:07 +08:00
Jiayuan	9fbac49f24	feat(issues): add human-readable issue identifiers (e.g. JIA-1) Add per-workspace auto-incrementing issue numbers with a configurable prefix, producing identifiers like "JIA-1" instead of truncated UUIDs. Database: - Add issue_prefix and issue_counter to workspace table - Add number column to issue table with UNIQUE(workspace_id, number) - Backfill existing issues with sequential numbers Backend: - Issue creation atomically increments counter in a transaction - API responses include number and identifier fields - Support issue lookup by identifier format (KEY-N) - Workspace prefix auto-generated from name, customizable via API Frontend: - Display identifier in list rows and issue detail breadcrumb - Add issue_prefix to Workspace type, number/identifier to Issue type	2026-03-29 16:49:55 +08:00
yushen	bae2926370	feat(web): add repos management UI to workspace settings Add a Repositories section to workspace settings where admins can add/remove GitHub repo URLs with descriptions. Agents use these repos to clone and work on code. - Add WorkspaceRepo type and export from shared/types - Update API client updateWorkspace to accept repos - Add repos section in workspace-tab.tsx with add/remove UI - Fix test helpers to include repos field Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 16:05:54 +08:00
Naiyuan Qing	f70b34a50f	fix: resolve merge conflicts with main, preserve PAT functionality - Resolve conflicts in CLAUDE.md, client.ts, settings/page.tsx - Migrate PAT types and API methods to @/shared/types + @/shared/api architecture - Restore simplified login flow (login page, auth store, tests) - Fix issue detail comment submit test (use fireEvent + useRef for mock) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 17:19:24 +08:00
Naiyuan Qing	2cf088ddf6	feat: resizable sidebar, issue detail rewrite, package consolidation - Add drag-to-resize sidebar with localStorage persistence - Rewrite issue detail page with Tiptap rich text editor, due date picker, acceptance criteria - Redesign create-issue modal with pill-based property toolbar and expand/collapse - Consolidate @multica/sdk and @multica/types into apps/web/shared/ - Simplify auth: remove verification codes, PATs, email service (dev-only login) - Add 401 unauthorized handler to redirect expired sessions to login - Fix due date format to send full RFC3339 timestamps - Increase description editor debounce to 1500ms - Remove arbitrary Tailwind values in create-issue modal - Renumber migrations (inbox_actor 012→009), remove unused migrations - UI polish across agents, settings, inbox, knowledge-base pages Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 16:47:04 +08:00
LinYushen	5c9c2f69fd	feat(auth): email verification login and personal access tokens * feat(auth): add email verification login flow with 401 auto-redirect Replace the old OAuth-based login with email verification codes: - Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service - Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode - SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login - Fix login button staying disabled due to global isLoading state Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup - VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010) - onUnauthorized: skip redirect if already on /login to prevent infinite loops - SendCode: best-effort cleanup of expired verification codes older than 1 hour Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add master verification code for non-production environments Allow code "888888" to bypass email verification in non-production environments to simplify development and testing workflows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add personal access tokens for CLI and API authentication Add full-stack PAT support: users create tokens in Settings, CLI authenticates via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware extended to accept both JWTs and PATs (distinguished by `mul_` prefix). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 14:32:30 +08:00
Jiayuan Zhang	02df33803a	feat: structured skills system with meta skill runtime injection Replace agent.skills TEXT field with structured skill/skill_file/agent_skill tables. Skills are workspace-level entities with supporting files, reusable across agents via many-to-many bindings. Backend: migration 008, sqlc queries, CRUD handler, agent-skill junction, structured skill loading in task context snapshot. Daemon: meta skill injection via runtime-native config (.claude/CLAUDE.md for Claude, AGENTS.md for Codex) so agents discover .agent_context/ skills through their native mechanism. Lean prompt without inlined skill content. Frontend: Skills management page, agent Skills tab picker, SDK methods, TypeScript types, workspace store integration. Also removes auto-creation of init issues when creating agents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 15:17:59 +08:00
yushen	680668ffdb	feat(workspace): add context field for AI agent background info Add a `context` text field to workspaces, allowing users to provide background information and context for AI agents working in the workspace. Full stack: migration, sqlc queries, Go handler, TS types, SDK, and settings page UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 15:59:11 +08:00
Jiayuan Zhang	cdfa63af15	feat(runtime): add local codex daemon pairing	2026-03-24 12:03:14 +08:00
Jiayuan Zhang	b4303f9bec	feat(agent): add agent management UI, skills/tools/triggers, and issue assignment - Complete agents management page with create dialog, runtime device selector, skills/tools/triggers/tasks tabs, and agent detail view - Add AssigneePicker to issue detail page for assigning to members or agents - Extend agent types with description, skills, tools, triggers, RuntimeDevice - Add SDK methods for agent CRUD and task listing - Add migration 002 for agent config columns (skills, tools, triggers) - Update seed data with realistic agent configurations - Use auth context as single source of truth for agents (fixes state sync) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 18:31:25 +08:00
Jiayuan Zhang	81e64e9fce	Add workspace management and isolated worktree environments	2026-03-23 18:12:11 +08:00
Jiayuan Zhang	18cd938e01	fix(web): resolve TypeScript errors in test mocks and knowledge-base page - Add missing Issue fields (parent_issue_id, acceptance_criteria, etc.) to test mocks - Fix Agent mock fields to match actual type (runtime_config, owner_id, avatar_url) - Import vi in test/helpers.tsx and add type annotation for mockAuthValue - Add non-null assertions for array indexing in knowledge-base markdown renderer Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 11:57:23 +08:00
Jiayuan Zhang	6dfc61fa86	test: add comprehensive test suite (Go unit/integration, Vitest, Playwright E2E) - Add JWT middleware unit tests (8 tests covering all auth edge cases) - Add WebSocket hub tests (5 tests for client lifecycle and broadcast) - Add full HTTP integration tests (12 tests through real Chi router with DB) - Add frontend component tests for login, issues, and issue detail pages - Add auth context unit tests (9 tests for login/logout/name resolution) - Add Playwright E2E tests for auth, issues, comments, and navigation - Configure Vitest with jsdom, React plugin, and path aliases Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 11:50:25 +08:00

36 Commits