feat(github): GitHub repo picker with auto-sync instructions and runtime detection#3095
Open
feat(github): GitHub repo picker with auto-sync instructions and runtime detection#3095
Conversation
Contributor
🧪 BenchmarkShould we run the Virtual MCP strategy benchmark for this PR? React with 👍 to run the benchmark.
Benchmark will run on the next push after you react. |
Contributor
Release OptionsSuggested: Minor ( React with an emoji to override the release type:
Current version:
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
10 issues found across 15 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/github/list-repos.ts">
<violation number="1" location="apps/mesh/src/tools/github/list-repos.ts:44">
P2: This only fetches the first 100 repositories. Add pagination so installations with >100 repos return complete results.</violation>
</file>
<file name="apps/mesh/src/tools/github/list-installations.ts">
<violation number="1" location="apps/mesh/src/tools/github/list-installations.ts:42">
P2: This fetch only returns the first page of installations. Add pagination handling so users with >100 installations can see all repos/installations.</violation>
</file>
<file name="apps/mesh/src/tools/github/device-flow-poll.ts">
<violation number="1" location="apps/mesh/src/tools/github/device-flow-poll.ts:76">
P1: `slow_down` is treated the same as `authorization_pending`, so callers cannot apply the required poll backoff and may keep hitting device-flow rate limits.</violation>
</file>
<file name="apps/mesh/src/web/components/github-repo-button.tsx">
<violation number="1" location="apps/mesh/src/web/components/github-repo-button.tsx:85">
P2: The GitHub auth bootstrap flow is duplicated from `repository.tsx`; extract a shared helper to avoid flow drift between entry points.</violation>
</file>
<file name="apps/mesh/src/tools/registry-metadata.ts">
<violation number="1" location="apps/mesh/src/tools/registry-metadata.ts:179">
P1: `GITHUB_GET_FILE_CONTENT` is missing from registry metadata, so tool metadata is out of sync with `ALL_TOOLS`.</violation>
</file>
<file name="apps/mesh/src/web/components/github-repo-dialog.tsx">
<violation number="1" location="apps/mesh/src/web/components/github-repo-dialog.tsx:82">
P1: Poll interval leaks when the dialog closes. `pollTimerRef` is never cleared on close, so background API calls continue indefinitely. Also, `pollingStartedRef` stays `true`, preventing polling from restarting if the dialog is re-opened.
Wrap `onOpenChange` to clear the interval and reset the ref when the dialog closes.</violation>
<violation number="2" location="apps/mesh/src/web/components/github-repo-dialog.tsx:103">
P2: Mutating a global (`delete window.__decoGithubDeviceFlow`) and calling `navigator.clipboard.writeText` during render violates React's purity requirement. Under strict mode double-render in development, the first invocation deletes the global, so the second invocation silently skips it. Wrap this block in `queueMicrotask` to defer the side effect outside the render phase.</violation>
<violation number="3" location="apps/mesh/src/web/components/github-repo-dialog.tsx:170">
P2: `startPolling` creates a `setInterval` timer directly during render. Unlike state updates, interval creation is an irreversible side effect that React cannot discard. Defer with `queueMicrotask` so the interval is only created after the render commits.</violation>
</file>
<file name="apps/mesh/src/web/views/settings/repository.tsx">
<violation number="1" location="apps/mesh/src/web/views/settings/repository.tsx:129">
P2: Spreading a stale `runtime` snapshot when saving one field can overwrite a previously edited sibling field.</violation>
<violation number="2" location="apps/mesh/src/web/views/settings/repository.tsx:173">
P2: This input uses `defaultValue` with async server data, so it can display stale values after metadata updates.
(Based on your team's feedback about syncing draft input state with async server values.) [FEEDBACK_USED]</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| }; | ||
| } | ||
|
|
||
| if (data.error === "authorization_pending" || data.error === "slow_down") { |
Contributor
There was a problem hiding this comment.
P1: slow_down is treated the same as authorization_pending, so callers cannot apply the required poll backoff and may keep hitting device-flow rate limits.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/tools/github/device-flow-poll.ts, line 76:
<comment>`slow_down` is treated the same as `authorization_pending`, so callers cannot apply the required poll backoff and may keep hitting device-flow rate limits.</comment>
<file context>
@@ -0,0 +1,94 @@
+ };
+ }
+
+ if (data.error === "authorization_pending" || data.error === "slow_down") {
+ return { status: "pending" as const, token: null, error: null };
+ }
</file context>
| onOpenChange, | ||
| }: { | ||
| open: boolean; | ||
| onOpenChange: (open: boolean) => void; |
Contributor
There was a problem hiding this comment.
P1: Poll interval leaks when the dialog closes. pollTimerRef is never cleared on close, so background API calls continue indefinitely. Also, pollingStartedRef stays true, preventing polling from restarting if the dialog is re-opened.
Wrap onOpenChange to clear the interval and reset the ref when the dialog closes.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/components/github-repo-dialog.tsx, line 82:
<comment>Poll interval leaks when the dialog closes. `pollTimerRef` is never cleared on close, so background API calls continue indefinitely. Also, `pollingStartedRef` stays `true`, preventing polling from restarting if the dialog is re-opened.
Wrap `onOpenChange` to clear the interval and reset the ref when the dialog closes.</comment>
<file context>
@@ -0,0 +1,591 @@
+ onOpenChange,
+}: {
+ open: boolean;
+ onOpenChange: (open: boolean) => void;
+}) {
+ const { org } = useProjectContext();
</file context>
| ); | ||
| } | ||
|
|
||
| const handleClick = async () => { |
Contributor
There was a problem hiding this comment.
P2: The GitHub auth bootstrap flow is duplicated from repository.tsx; extract a shared helper to avoid flow drift between entry points.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/components/github-repo-button.tsx, line 85:
<comment>The GitHub auth bootstrap flow is duplicated from `repository.tsx`; extract a shared helper to avoid flow drift between entry points.</comment>
<file context>
@@ -0,0 +1,145 @@
+ );
+ }
+
+ const handleClick = async () => {
+ // If user already has a token, skip device flow and go straight to repo picker
+ if (getStoredToken()) {
</file context>
| const pollingStartedRef = useRef(false); | ||
|
|
||
| // Pick up device flow data pre-started by the button when dialog opens | ||
| if (open && !deviceFlow && !token && window.__decoGithubDeviceFlow) { |
Contributor
There was a problem hiding this comment.
P2: Mutating a global (delete window.__decoGithubDeviceFlow) and calling navigator.clipboard.writeText during render violates React's purity requirement. Under strict mode double-render in development, the first invocation deletes the global, so the second invocation silently skips it. Wrap this block in queueMicrotask to defer the side effect outside the render phase.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/components/github-repo-dialog.tsx, line 103:
<comment>Mutating a global (`delete window.__decoGithubDeviceFlow`) and calling `navigator.clipboard.writeText` during render violates React's purity requirement. Under strict mode double-render in development, the first invocation deletes the global, so the second invocation silently skips it. Wrap this block in `queueMicrotask` to defer the side effect outside the render phase.</comment>
<file context>
@@ -0,0 +1,591 @@
+ const pollingStartedRef = useRef(false);
+
+ // Pick up device flow data pre-started by the button when dialog opens
+ if (open && !deviceFlow && !token && window.__decoGithubDeviceFlow) {
+ const data = window.__decoGithubDeviceFlow;
+ delete window.__decoGithubDeviceFlow;
</file context>
| <Input | ||
| id="install-script" | ||
| placeholder="e.g. npm install" | ||
| defaultValue={runtime?.installScript ?? ""} |
Contributor
There was a problem hiding this comment.
P2: This input uses defaultValue with async server data, so it can display stale values after metadata updates.
(Based on your team's feedback about syncing draft input state with async server values.)
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/views/settings/repository.tsx, line 173:
<comment>This input uses `defaultValue` with async server data, so it can display stale values after metadata updates.
(Based on your team's feedback about syncing draft input state with async server values.) </comment>
<file context>
@@ -0,0 +1,213 @@
+ <Input
+ id="install-script"
+ placeholder="e.g. npm install"
+ defaultValue={runtime?.installScript ?? ""}
+ onBlur={(e) => handleScriptUpdate("installScript", e.target.value)}
+ />
</file context>
| data: { | ||
| metadata: { | ||
| runtime: { | ||
| ...runtime, |
Contributor
There was a problem hiding this comment.
P2: Spreading a stale runtime snapshot when saving one field can overwrite a previously edited sibling field.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/views/settings/repository.tsx, line 129:
<comment>Spreading a stale `runtime` snapshot when saving one field can overwrite a previously edited sibling field.</comment>
<file context>
@@ -0,0 +1,213 @@
+ data: {
+ metadata: {
+ runtime: {
+ ...runtime,
+ [field]: value,
+ },
</file context>
Contributor
There was a problem hiding this comment.
6 issues found across 14 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/web/components/github-repo-dialog.tsx">
<violation number="1" location="apps/mesh/src/web/components/github-repo-dialog.tsx:348">
P2: `deno.jsonc` is parsed with `JSON.parse`, so valid JSONC files can fail runtime/task detection.</violation>
<violation number="2" location="apps/mesh/src/web/components/github-repo-dialog.tsx:356">
P2: Port detection misses `--port 3000` syntax, so the saved runtime port can be incorrect.</violation>
</file>
<file name="apps/mesh/src/tools/registry-metadata.ts">
<violation number="1" location="apps/mesh/src/tools/registry-metadata.ts:36">
P2: VM tools are never returned by `getToolsByCategory` because the new `"VM"` category was added without adding a `VM` bucket to the grouped map.</violation>
</file>
<file name="apps/mesh/src/web/components/vm-preview.tsx">
<violation number="1" location="apps/mesh/src/web/components/vm-preview.tsx:86">
P2: Using `/favicon.ico` as the readiness probe can fail for healthy servers that don't provide that file, so preview readiness may never be detected.</violation>
</file>
<file name="apps/mesh/src/tools/vm/stop.ts">
<violation number="1" location="apps/mesh/src/tools/vm/stop.ts:40">
P1: Do not swallow all VM deletion errors; only treat "already deleted" as success and keep registry removal aligned with successful deletion.</violation>
</file>
<file name="apps/mesh/src/tools/vm/start.ts">
<violation number="1" location="apps/mesh/src/tools/vm/start.ts:119">
P1: Shell injection via unescaped user-controlled `installScript` interpolated into a single-quoted `bash -c` argument. Any script containing a single quote (which is common in shell commands) will break the quoting, causing the systemd service to fail or execute unintended commands. Escape the value or use a different execution strategy (e.g., write the script to a file first, or use double-quoting with proper escaping).</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| devScript = "deno task dev"; | ||
| // Try to extract port from the dev task command | ||
| const portMatch = tasks.dev.match( | ||
| /(?:--port|PORT=|:)(\d{4,5})/, |
Contributor
There was a problem hiding this comment.
P2: Port detection misses --port 3000 syntax, so the saved runtime port can be incorrect.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/components/github-repo-dialog.tsx, line 356:
<comment>Port detection misses `--port 3000` syntax, so the saved runtime port can be incorrect.</comment>
<file context>
@@ -335,24 +335,57 @@ export function GitHubRepoDialog({
+ devScript = "deno task dev";
+ // Try to extract port from the dev task command
+ const portMatch = tasks.dev.match(
+ /(?:--port|PORT=|:)(\d{4,5})/,
+ );
+ if (portMatch?.[1]) devPort = portMatch[1];
</file context>
Suggested change
| /(?:--port|PORT=|:)(\d{4,5})/, | |
| /(?:--port(?:=|\s+)|PORT=|:)(\d{4,5})/, |
| const data = await checkFileExists(denoFile); | ||
| if (data.found && data.content) { | ||
| try { | ||
| const deno = JSON.parse(data.content) as { |
Contributor
There was a problem hiding this comment.
P2: deno.jsonc is parsed with JSON.parse, so valid JSONC files can fail runtime/task detection.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/web/components/github-repo-dialog.tsx, line 348:
<comment>`deno.jsonc` is parsed with `JSON.parse`, so valid JSONC files can fail runtime/task detection.</comment>
<file context>
@@ -335,24 +335,57 @@ export function GitHubRepoDialog({
+ const data = await checkFileExists(denoFile);
+ if (data.found && data.content) {
+ try {
+ const deno = JSON.parse(data.content) as {
+ tasks?: Record<string, string>;
+ };
</file context>
| | "Registry"; | ||
| | "Registry" | ||
| | "GitHub" | ||
| | "VM"; |
Contributor
There was a problem hiding this comment.
P2: VM tools are never returned by getToolsByCategory because the new "VM" category was added without adding a VM bucket to the grouped map.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/mesh/src/tools/registry-metadata.ts, line 36:
<comment>VM tools are never returned by `getToolsByCategory` because the new `"VM"` category was added without adding a `VM` bucket to the grouped map.</comment>
<file context>
@@ -32,7 +32,8 @@ export type ToolCategory =
| "Registry"
- | "GitHub";
+ | "GitHub"
+ | "VM";
/**
</file context>
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/vm/start.ts">
<violation number="1" location="apps/mesh/src/tools/vm/start.ts:145">
P2: Use the domain returned by `freestyle.vms.create` when building `previewUrl`; hardcoding the requested domain can return a non-working URL.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/vm/start.ts">
<violation number="1" location="apps/mesh/src/tools/vm/start.ts:85">
P1: Validate `metadata.runtime.port` before using it as `vmPort`; invalid user-entered values currently become `NaN` and can break VM creation.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/vm/start.ts">
<violation number="1" location="apps/mesh/src/tools/vm/start.ts:113">
P1: Avoid hard-coding the proxy to port 9000 without checking the configured dev-server port; this can cause a port collision and prevent preview proxy startup.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
|
You're iterating quickly on this pull request. To help protect your rate limits, cubic has paused automatic reviews on new pushes for now—when you're ready for another review, comment |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wires GITHUB_LIST_INSTALLATIONS and GITHUB_LIST_REPOS into the centralized tool registry (CORE_TOOLS array and ALL_TOOL_NAMES), adds the GitHub category to ToolCategory, and fixes TypeScript strict-null errors in the GitHub tool handlers. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix state update during render by deriving effectiveInstallation - Add per_page=100 to GitHub API calls to avoid truncated results Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace Better Auth GitHub OAuth with GitHub Device Flow (public client ID). Add GITHUB_DEVICE_FLOW_START and GITHUB_DEVICE_FLOW_POLL tools, update list-installations and list-repos to accept a token input, rewrite the dialog to use device flow with localStorage token caching, and remove the unused BetterAuthAccountTable from storage types. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…diate dialog Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After connecting a GitHub repo, automatically fetch AGENTS.md (or CLAUDE.md fallback) to populate instructions, and detect the package manager from repo files to auto-fill install/dev scripts. Instructions become read-only when a GitHub repo is connected. Adds Repository tab to agent settings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create VM_START and VM_STOP app-only tools that spin up Freestyle VMs with the connected GitHub repo, web terminal (read-only), and systemd services for install + dev scripts. Add Preview panel to the tasks sidebar with terminal/preview iframe toggle and auto-detection of server readiness via polling. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e management The VmWebTerminal integration's ttyd installation was failing inside Freestyle VMs. Simplified to preview-only mode without terminal iframe. Fixed error handling to properly detect MCP tool errors, and used refs to prevent state loss across re-renders. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add in-memory VM registry that tracks active VMs per user and virtual MCP. VM_START returns the existing VM if one is already running instead of creating a duplicate. VM_STOP removes the entry from the registry. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add @freestyle-sh/with-deno integration for Deno projects. Port is now configurable via the Repository tab and auto-detected from package.json or deno.json scripts. Wrap systemd service commands with explicit PATH to find runtime binaries (deno, bun, node). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… domains
Add external link button to preview toolbar for opening the dev server
in a new browser tab. Fall back to {vmId}.freestyle.run when domains
array is empty. Guard against undefined domains with explicit error.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch from ports config (which returned empty domains array) to Freestyle's domains config with *.style.dev subdomains. Domain is derived from the virtualMcpId for deterministic, reusable URLs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dev servers that bind to localhost only (like Deno Fresh) aren't accessible from the Freestyle domain. Add a socat proxy service that forwards from 0.0.0.0:9999 to localhost:PORT, and map the domain to the proxy port instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ased suspension Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ive mode The injected visual editor script had no cleanup path — switching back to interactive mode left highlight outlines, badge, and cursor override in the iframe. Added a `visual-editor::deactivate` postMessage handler that removes DOM elements and detaches event listeners. Also renamed "Preview" tooltip to "Interactive". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace direct GitHub URL cloning with Freestyle Git repos and GitHub Sync so that private repositories can be cloned via the GitHub App. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e GitHub App UX
systemctl is-active returns exit 3 for completed oneshot services ("inactive"),
which broke the && chain and prevented dependency installation. Also adds
auto-polling for GitHub App installations, a manual refresh button, and a
re-authenticate option to the repo picker dialog.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…on-connect Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add empty states with action buttons to install/dev tabs - Default to dev tab, remove auto-dev on start/resume - Show "$ command" prefix in logs, suppress noisy markers - Use "Run Dev" / "Restart Dev" labels based on log state - Update idle screen wording Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(brand): add brand binding and structured brand storage
Define BRAND_BINDING with BRAND_GET/BRAND_LIST tools so external MCPs
can declare a brand dependency and read org brand context on demand.
- Add brand binding definition in packages/bindings
- Restructure brand storage from loose JSON to semantic fields
(colors: {primary,secondary,accent,background,foreground},
fonts: {heading,body,code})
- Add migration 065 to backfill existing data
- Add BRAND_GET and BRAND_LIST tools matching the binding contract
- Update extract tool, prompt builder, and UI for structured data
- Register binding in BUILTIN_BINDING_CHECKERS and @deco/brand mapping
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(brand): preserve unmapped colors in migration and fix metadata output
- Migration 065: stash colors with non-standard role names into
metadata.extraColors instead of silently dropping them
- BRAND_GET: filter tagline/tone before checking emptiness so metadata
doesn't return a truthy empty object
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(brand): remove duplicate BrandGetOutputSchema export flagged by knip
BrandGetOutputSchema was just a re-export of BrandSchema. Use BrandSchema
directly in the binding definition and tool output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(brand): use two-pass font normalization to prevent role stealing
Fonts with unrecognized roles (e.g. "display") were stealing the body
slot from later entries that explicitly mapped to body. Now: first pass
assigns explicitly mapped roles, second pass fills remaining slots with
unmapped entries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Filter out models flagged as deprecated by upstream providers. Google's Gemini API exposes a lifecycleState field used to exclude deprecated models. A factory-level filter also drops any model with deprecated=true as a safety net for all providers. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(ai-providers): add provisionKey method for server-to-server key provisioning - Implemented the provisionKey method in decoAiGatewayAdapter to handle key provisioning via the Deco AI Gateway. - Updated seedOrgDb function to auto-provision keys for organizations upon creation using the new method. - Enhanced error handling for key provisioning failures. This addition supports server-to-server interactions during organization setup, improving integration with the Deco AI Gateway. * feat(settings): add studioProvisionSecretKey to configuration and enhance key provisioning - Introduced studioProvisionSecretKey in the settings to facilitate secure key provisioning for the Deco AI Gateway API. - Updated the provisionKey method in decoAiGatewayAdapter to include the provision key in the request headers and added error handling for missing keys. This change improves security and ensures that the necessary configuration is available for key provisioning operations.
* feat(chat): add voice input with real-time transcription and waveform Made-with: Cursor * fix(chat): add Web Speech API global types and fix noUncheckedIndexedAccess Made-with: Cursor * fix(chat): rework voice input to type directly into textarea Transcript now appears live in the normal text area instead of a separate overlay. The bottom bar switches to waveform + accept/decline during recording. Waveform uses chart-2 color and reads low-mid frequency bins where speech energy lives. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(chat): prevent last words being lost and fix space before voice text Use the final text returned by stopRecording() to guarantee interim words captured in the ref are committed. Add a space before voice text when baseline content is non-empty to avoid word concatenation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(chat): remove unused VoiceInputOverlay export Made-with: Cursor --------- Co-authored-by: rafavalls <valls@deco.cx> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The daemon now owns install/dev process lifecycle — spawns child processes directly via bash with FORCE_COLOR=1, captures stdout in-process, and broadcasts over SSE. Frontend calls daemon POST endpoints directly instead of going through VM_EXEC MCP tool. This eliminates the exec-await deadlock where install couldn't run while dev was active. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… output Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add POST /_daemon/kill/{source} endpoint to the daemon for stopping
install/dev processes via SIGKILL without restarting. Frontend adds a
Stop button on install/dev tabs with conditional visibility based on
process state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Daemon log() now broadcasts via SSE with source="daemon" alongside console.log. Frontend pipes daemon chunks to the setup terminal tab, giving visibility into process lifecycle, proxy requests, and upstream status changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Take newer version (2.262.2) from main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…able layout Detach VmEnvContent from MainViewType so it renders as an independent bottom panel inside the main content area (VS Code-style). Terminal persists across main view changes via a new `?env=0|1` search param. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… controls Move Stop Server into a dropdown on the VM ID button (split-button pattern), add daemon log tab with ⌘D toggle, and refactor process action buttons with split-button restart/stop pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this contribution about?
Adds full GitHub integration to virtual MCPs: users can connect a GitHub repo via the Device Flow OAuth, and the system automatically syncs instructions from
AGENTS.md/CLAUDE.mdand detects the package manager to auto-fill install and dev scripts.Key features:
GITHUB_GET_FILE_CONTENTtool for fetching files from connected reposAGENTS.md>CLAUDE.mdinto virtual MCP instructions (read-only when connected)owner/repolink when connected)Screenshots/Demonstration
After connecting a GitHub repo, the Repository tab auto-fills:
npm installnpm run devInstructions tab is auto-populated from AGENTS.md and becomes read-only.
How to Test
Review Checklist
🤖 Generated with Claude Code
Summary by cubic
Adds a GitHub repo picker using Device Flow and a rebuilt VM Preview with live logs, runtime detection, and a visual editor. Linking a repo auto-syncs AGENTS.md, detects the runtime and port, stores it in
metadata.githubRepo, and enables an optional “VibeCode” visual editor in Preferences.New Features
GITHUB_DEVICE_FLOW_START/GITHUB_DEVICE_FLOW_POLL) with instant start and auto‑copied code; list installations/repos (paginated) and fetch file content; header button + Repository tab; auto-syncAGENTS.md(fallbackCLAUDE.md); detect runtime (deno > bun > pnpm > yarn > npm) and port to pre-fill install/dev; persist linked repo inmetadata.githubRepo; gated byexperimental_vibecode.VM_START/VM_DELETEonfreestyle-sandboxeswith runtime plugins (@freestyle-sh/with-deno,@freestyle-sh/with-bun,@freestyle-sh/with-nodejs); in-VM daemon with SSE logs and an iframe proxy that strips X-Frame-Options/CSP; split view with logs + preview (read-only terminal via@xterm/xterm), open-in-new-tab, per-user deterministic domains, dropdown actions (Reinstall/Restart); Preview and Env as main views; visual editor with click-to-prompt.Bug Fixes
per_page=100and Link-header pagination; fix dialog/query state; use token-based API calls.activeVmson repo change; sticky persistence withrecreate: true; liveness checks to reset stale VMs; reliable resume and delete cleanup; per-user domain generation; systemd/proxy fixes for consistent preview.Written for commit 6adc078. Summary will update on new commits.