chore: sync upstream dev through 69a80663a2#2
Conversation
Co-authored-by: Frank <frank@anoma.ly>
Co-authored-by: Brendan Allan <git@brendonovich.dev>
Preserve OpenCode Classic trusted IPC and renderer navigation safeguards while integrating upstream desktop recovery and focus-debug changes.
|
This PR doesn't fully meet our contributing guidelines and PR template. What needs to be fixed:
Please edit this PR description to address the above within 2 hours, or it will be automatically closed. If you believe this was flagged incorrectly, please let a maintainer know. |
|
Thanks for your contribution! This PR doesn't have a linked issue. All PRs must reference an existing issue. Please:
See CONTRIBUTING.md for details. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 48dfaf99c5
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (event.key === "Enter" && !event.shiftKey && !event.isComposing) { | ||
| event.preventDefault() | ||
| if (event.repeat) return | ||
| props.controller.submit() |
There was a problem hiding this comment.
Prevent Enter from aborting blank active sessions
When the V2 composer is focused while a session is already working and the draft is empty, this unconditional Enter submit reaches the app submit handler's blank-prompt branch, which calls abort. The legacy prompt key handler explicitly returned in this state so only the stop action aborted; with this change, an accidental Enter in an empty composer can cancel the running generation.
Useful? React with 👍 / 👎.
| if (event.key === "Enter" && !event.shiftKey && !event.isComposing) { | ||
| event.preventDefault() | ||
| if (event.repeat) return | ||
| props.controller.submit() |
There was a problem hiding this comment.
Preserve IME guards before submitting on Enter
For IME users, Enter is also used to confirm a composition candidate, and Chromium can report that key event with isComposing === false while still using the IME key path. The legacy composer guarded this with composition state and keyCode === 229; the V2 handler only checks event.isComposing, so accepting Japanese/Chinese/Korean text can submit the prompt prematurely instead of committing the candidate.
Useful? React with 👍 / 👎.
|
Closing this PR unmerged after a scope audit found that the local corrective layer was broader than necessary. A replacement PR will keep the same pinned upstream integration while limiting local changes to focused OpenCode Classic compatibility and security corrections. The existing branch and evidence remain preserved for audit; no force-push, tag, release, or publication will occur. |
Summary
devcommits through69a80663a2ed7d671d2b4d5dd6f2d605714675a5.45cd8d76920839e4a7b6b931c4e26b52e1495636and requires a separate audit.Review
c3e504e5cc023e885b693b315e1525ea0cf0e0b848dfaf99c502897b86346cde3c1de68ee03e2df0fe695d3be5a4beb5bf041bc35d9d2623878e59eced64643ab6dc9020d0aaadd63dda58f55fcb5f48c3e504e5cc023e885b693b315e1525ea0cf0e0b8, upstream69a80663a2ed7d671d2b4d5dd6f2d605714675a5Incoming Commits
4436678f7d7632a47e403f2139153e3f8a2ff8bafix(desktop): guard destroyed recovery windows (fix(desktop): guard destroyed recovery windows anomalyco/opencode#37406)3a1c6df9e24672f0761a6ced18e1315d89334baffix(app): deduplicate diff summaries linearly (fix(app): deduplicate diff summaries linearly anomalyco/opencode#37414)52f65f3a0b6f5880390090a9a559f8e7c4df84e8feat(console): promote Kimi K3 usage limits (feat(console): promote Kimi K3 usage limits anomalyco/opencode#37442)a414e06d0c63bff2abc572999dbf7c5f99200dd3go: kimi k3 2x usage90291fc6dfa9c49f0731b19f17703d3d550baf95chore: generate3238daa851409746e15c00824eaa95550544061cRevert "chore: generate"f7d5a1cbc725665586dc69b312c11be1d3787f0bfeat(desktop): align provider onboarding dialogs (feat(desktop): align provider onboarding dialogs anomalyco/opencode#36733)aca52ba1987167e41066db5194c3c26dc1e1e7bfchore: generateb527f605d9136a0b651cbc034e24ce02de15c631feat(app): update review panel tooltip to v2 (feat(app): update review panel tooltip to v2 anomalyco/opencode#37095)ed926be253848402f9fb007b712a3777994070e3feat(app): review panel reactivity improvements (feat(app): review panel reactivity improvements anomalyco/opencode#37089)c0a258b22ac39e781ff8ff79a6f3b1ab41960feafeat(session-ui): rewrite v2 prompt input (feat(session-ui): rewrite v2 prompt input anomalyco/opencode#37102)82a3270cf2abb47bd55dcaabd39b256b26665161chore: generate86978e7a8c67021e54005fe25d4241d2ade53c6afeat(ui): updates to design system (feat(ui): updates to design system anomalyco/opencode#37471)ba6cf386077c32c0ed6196e5e1bce87a6adc26e0feat(desktop): add focus debug toggle (feat(desktop): add focus debug toggle anomalyco/opencode#37465)4bffbb655f5e2886df502b2305db03acd4138fffchore: update nix node_modules hashesefb6cc2d4bf6332eb156709795d2b3a649198b65fix(session-ui): preserve prompt editing behavior (fix(session-ui): preserve prompt editing behavior anomalyco/opencode#37483)be08207a88f3ae208b782832dc071863375cf734docs(go): update DeepSeek and MiMo pricing (docs(go): update DeepSeek and MiMo pricing anomalyco/opencode#37509)518b0bf9e38e763e394c7ed6be948d4feed2ea09chore: generate69a80663a2ed7d671d2b4d5dd6f2d605714675a5fix(stats): polish comparison chartCorrective Commits
c80dde50d6f0ba22a52368c8e51a4136f2de09e7fix(app): preserve v2 prompt structure and localization24f21689c46fb7781883a04f77301966d4392a1bfix(desktop): harden focus debug toggleb1fe1eb65ff0bb0d5dbbaf8c53bd0196503c31f4fix(stats): distinguish missing radar scoresf5704ef74396f4ec09f579209dc82ad20413f210fix(desktop): serialize focus debug stateeda8c25e0ff1b2cba46f7cc1336c5f99030260dcfix(session-ui): harden v2 prompt interactions48dfaf99c502897b86346cde3c1de68ee03e2df0fix(app): improve provider connection semanticsConflict Resolutions
packages/desktop/src/main/ipc.ts: retained Classic's trusted-renderer wrapper for updater, background, log export, fatal-error, and store handlers, and routed the incoming focus-debug handler through the same trust boundary.packages/desktop/src/main/windows.ts: retained Classic renderer URL validation and scheme/host constants while integrating the incoming safe window-state URL helper.bun.lock, app platform context, Console Go limits, desktop startup, and desktop renderer wiring auto-merged and were explicitly audited with frozen installation, identity/security tests, builds, and runtime checks.Validation
git diff --check, and app, desktop, and Storybook production builds.linux-ci-20260718T002910Z-48dfaf99c5-package.--no-sandbox;oc://renderer, loopback sidecar, isolated credentials/XDG roots, deep-link forwarding, Settings, Classic identity/version, empty console/page-error arrays, and clean teardown all passed. Evidence:linux-runtime-installed-20260718T010739Z-48dfaf99c5.OpenCode Classic v1.18.3, no crash/error/blank state, clipping, overlap, or malformed controls.sync-upstream-prompt-48dfaf99c5; its complete relative checksum manifest verifies.Hosted Checks
blacksmith-4vcpu-*and currently hasrunner_id: 0. No hosted rerun was attempted because it would return to the same unavailable runner pool, and no GitHub artifact can be produced until a matching runner is assigned.Artifact Hashes
f27a0a10beeeaa0aabee559a9daf64a738b312bc48c5d0c726e14e86de7b6ce7bun.lockSHA-256:a70c13b89cfc001ee1dfe11c1c2a1d45b15fba4511929dba8fbf0d43a99351345351b0834213cefb8bbe6a3fefa96430c217364eabb73ab5a50f47ad70abc40a71a3cd72166008bf0359a7d91d6e4b0a55d0497421fccaa71d007e943ffeb59elatest-linux.ymlSHA-256:bb14478ddab3bbf6d1aaa2c62a4d441e9c27dd32ec15f8e4f71d0a5fa6ef1582040a711e2af4936a1080af024663e481a95385962836e78d9395f416f558ffed0b447b03cdb1668c252f3e3291daf7d76ac35761c3ad845b7328a6706979c5a5da28aba2a3daee639f39b56a83d7b4e6ab3681f2e6a3aa8f1fcf4333a788556837ffd2bf2cfba8c45651861403a8665bafcc180dac0d59bccff1a99081d027b1SHA256SUMSSHA-256:01022377bba88c5974dee7db8fde5eac2f7b120546ace667f5c15f5d91158d86Expected Warnings And Deferred Coverage
No published versions on GitHubis the expected updater warning before the first stable release; startup, rendering, identity, and all other installed-runtime assertions passed.38989c57athrough45cd8d769, are intentionally deferred rather than silently added after the audit pin.No tag, release, publication, direct
mainpush, or write to the official upstream repository occurred. Please review and merge this PR on GitHub using a merge commit, not squash or rebase.