Skip to content

chore: sync upstream dev through 69a80663a2#2

Closed
LogicLyra wants to merge 26 commits into
mainfrom
sync-upstream-prompt
Closed

chore: sync upstream dev through 69a80663a2#2
LogicLyra wants to merge 26 commits into
mainfrom
sync-upstream-prompt

Conversation

@LogicLyra

@LogicLyra LogicLyra commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Sync the 19 audited upstream dev commits through 69a80663a2ed7d671d2b4d5dd6f2d605714675a5.
  • Preserve OpenCode Classic identity, trusted IPC, renderer navigation, sidecar isolation, updater, installer, publisher, release, and fork-only push invariants.
  • Add six corrective commits for PromptInput V2 structure and interactions, provider semantics and localization, serialized desktop focus debugging, and stats radar handling.
  • Keep six upstream commits after the pinned tip out of this PR; upstream now points to 45cd8d76920839e4a7b6b931c4e26b52e1495636 and requires a separate audit.

Review

  • Base: c3e504e5cc023e885b693b315e1525ea0cf0e0b8
  • Candidate: 48dfaf99c502897b86346cde3c1de68ee03e2df0
  • Candidate tree: fe695d3be5a4beb5bf041bc35d9d2623878e59ec
  • Merge commit: ed64643ab6dc9020d0aaadd63dda58f55fcb5f48
  • Merge parents: base c3e504e5cc023e885b693b315e1525ea0cf0e0b8, upstream 69a80663a2ed7d671d2b4d5dd6f2d605714675a5
  • Scope: 126 files changed, 9,320 insertions, 1,609 deletions
  • Merge strategy requested: merge commit, not squash or rebase

Incoming Commits

Corrective Commits

  • c80dde50d6f0ba22a52368c8e51a4136f2de09e7 fix(app): preserve v2 prompt structure and localization
  • 24f21689c46fb7781883a04f77301966d4392a1b fix(desktop): harden focus debug toggle
  • b1fe1eb65ff0bb0d5dbbaf8c53bd0196503c31f4 fix(stats): distinguish missing radar scores
  • f5704ef74396f4ec09f579209dc82ad20413f210 fix(desktop): serialize focus debug state
  • eda8c25e0ff1b2cba46f7cc1336c5f99030260dc fix(session-ui): harden v2 prompt interactions
  • 48dfaf99c502897b86346cde3c1de68ee03e2df0 fix(app): improve provider connection semantics

Conflict Resolutions

  • packages/desktop/src/main/ipc.ts: retained Classic's trusted-renderer wrapper for updater, background, log export, fatal-error, and store handlers, and routed the incoming focus-debug handler through the same trust boundary.
  • packages/desktop/src/main/windows.ts: retained Classic renderer URL validation and scheme/host constants while integrating the incoming safe window-state URL helper.
  • Concurrent changes in bun.lock, app platform context, Console Go limits, desktop startup, and desktop renderer wiring auto-merged and were explicitly audited with frozen installation, identity/security tests, builds, and runtime checks.

Validation

  • Local tests: desktop 112 passed, session UI 86 passed, app unit 644 passed, app browser 48 passed, repeated Chromium regressions 10 passed, and final focused browser regressions 18 passed.
  • Local static/build gates: frozen Bun 1.3.14 install, workspace and E2E typechecks, canonical lint with 4,700 warnings and 0 errors (one below the prior baseline), git diff --check, and app, desktop, and Storybook production builds.
  • Browser matrix: PromptInput V2, provider picker keyboard semantics, and localized provider methods passed at 1440x900 light, 768x1024 light, 390x844 dark, and 320x568 dark. All 12 retained screenshots passed visual review with no console/page errors, clipping, or horizontal overflow.
  • Linux package gate: PASS, including frozen install/audit, static checks, focused and broad tests, generated-client checks, typecheck, canonical lint, production builds, desktop build, DEB/RPM packaging, and metadata checks. Evidence: linux-ci-20260718T002910Z-48dfaf99c5-package.
  • Installed runtime: PASS from the checksum-verified DEB without --no-sandbox; oc://renderer, loopback sidecar, isolated credentials/XDG roots, deep-link forwarding, Settings, Classic identity/version, empty console/page-error arrays, and clean teardown all passed. Evidence: linux-runtime-installed-20260718T010739Z-48dfaf99c5.
  • Runtime visual: independent PASS at 1440x900 with OpenCode Classic v1.18.3, no crash/error/blank state, clipping, overlap, or malformed controls.
  • Archived artifacts: sync-upstream-prompt-48dfaf99c5; its complete relative checksum manifest verifies.

Hosted Checks

Artifact Hashes

  • Candidate bundle SHA-256: f27a0a10beeeaa0aabee559a9daf64a738b312bc48c5d0c726e14e86de7b6ce7
  • bun.lock SHA-256: a70c13b89cfc001ee1dfe11c1c2a1d45b15fba4511929dba8fbf0d43a9935134
  • DEB SHA-256: 5351b0834213cefb8bbe6a3fefa96430c217364eabb73ab5a50f47ad70abc40a
  • RPM SHA-256: 71a3cd72166008bf0359a7d91d6e4b0a55d0497421fccaa71d007e943ffeb59e
  • latest-linux.yml SHA-256: bb14478ddab3bbf6d1aaa2c62a4d441e9c27dd32ec15f8e4f71d0a5fa6ef1582
  • Installed-runtime screenshot SHA-256: 040a711e2af4936a1080af024663e481a95385962836e78d9395f416f558ffed
  • Installed-runtime report SHA-256: 0b447b03cdb1668c252f3e3291daf7d76ac35761c3ad845b7328a6706979c5a5
  • Responsive report SHA-256: da28aba2a3daee639f39b56a83d7b4e6ab3681f2e6a3aa8f1fcf4333a7885568
  • Responsive checksum manifest SHA-256: 37ffd2bf2cfba8c45651861403a8665bafcc180dac0d59bccff1a99081d027b1
  • Archive SHA256SUMS SHA-256: 01022377bba88c5974dee7db8fde5eac2f7b120546ace667f5c15f5d91158d86

Expected Warnings And Deferred Coverage

  • No published versions on GitHub is the expected updater warning before the first stable release; startup, rendering, identity, and all other installed-runtime assertions passed.
  • Headless Xvfb emitted Electron GPU/sandbox informational warnings; renderer console and page-error arrays remained empty.
  • RPM metadata was inspected on Ubuntu, but native RPM installation was not tested on a Fedora-family host.
  • QA artifacts are unsigned. Windows and macOS installed-package runtime checks were not part of this Linux gate.
  • GitHub-hosted CodeQL and standards checks passed. Blacksmith-backed test, typecheck, Storybook, Nix, and duplicate-detection jobs remain queued because the fork has no matching runner assignment.
  • Six newer upstream commits, 38989c57a through 45cd8d769, are intentionally deferred rather than silently added after the audit pin.

No tag, release, publication, direct main push, or write to the official upstream repository occurred. Please review and merge this PR on GitHub using a merge commit, not squash or rebase.

Hona and others added 26 commits July 17, 2026 11:22
This reverts commit 90291fc.

Revert "go: kimi k3 2x usage"

This reverts commit a414e06.
Co-authored-by: Brendan Allan <git@brendonovich.dev>
Preserve OpenCode Classic trusted IPC and renderer navigation safeguards while integrating upstream desktop recovery and focus-debug changes.
@github-actions

Copy link
Copy Markdown

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

  • PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

@github-actions

Copy link
Copy Markdown

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 48dfaf99c5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +244 to +247
if (event.key === "Enter" && !event.shiftKey && !event.isComposing) {
event.preventDefault()
if (event.repeat) return
props.controller.submit()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Prevent Enter from aborting blank active sessions

When the V2 composer is focused while a session is already working and the draft is empty, this unconditional Enter submit reaches the app submit handler's blank-prompt branch, which calls abort. The legacy prompt key handler explicitly returned in this state so only the stop action aborted; with this change, an accidental Enter in an empty composer can cancel the running generation.

Useful? React with 👍 / 👎.

Comment on lines +244 to +247
if (event.key === "Enter" && !event.shiftKey && !event.isComposing) {
event.preventDefault()
if (event.repeat) return
props.controller.submit()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve IME guards before submitting on Enter

For IME users, Enter is also used to confirm a composition candidate, and Chromium can report that key event with isComposing === false while still using the IME key path. The legacy composer guarded this with composition state and keyCode === 229; the V2 handler only checks event.isComposing, so accepting Japanese/Chinese/Korean text can submit the prompt prematurely instead of committing the candidate.

Useful? React with 👍 / 👎.

@LogicLyra

Copy link
Copy Markdown
Owner Author

Closing this PR unmerged after a scope audit found that the local corrective layer was broader than necessary. A replacement PR will keep the same pinned upstream integration while limiting local changes to focused OpenCode Classic compatibility and security corrections. The existing branch and evidence remain preserved for audit; no force-push, tag, release, or publication will occur.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants