Skip to content

chore: sync upstream dev through 69a80663a2#3

Merged
LogicLyra merged 26 commits into
mainfrom
sync-upstream-prompt-minimal
Jul 18, 2026
Merged

chore: sync upstream dev through 69a80663a2#3
LogicLyra merged 26 commits into
mainfrom
sync-upstream-prompt-minimal

Conversation

@LogicLyra

@LogicLyra LogicLyra commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Sync the 19 audited upstream dev commits through 69a80663a2ed7d671d2b4d5dd6f2d605714675a5.
  • Preserve OpenCode Classic identity, trusted IPC, renderer navigation, sidecar isolation, updater, installer, publisher, release, and fork-only push invariants.
  • Add six narrowly scoped corrective commits for PromptInput V2 structure and interactions, provider-row keyboard activation, localization, and trusted focus-debug IPC.
  • Supersede closed, unmerged PR chore: sync upstream dev through 69a80663a2 #2 after reducing its corrective layer from 52 files and 4,463 additions to 38 files and 974 additions.
  • Keep the nine commits after the audited pin out of this PR; upstream dev now points to 901c9e732921891e1fd71eb735ef5e78013f582f and requires a separate audit.

Review

  • Base: c3e504e5cc023e885b693b315e1525ea0cf0e0b8
  • Candidate: 8167c1bec73248daec9ef522bbd7221b424b2631
  • Candidate tree: 75ad0d67684f4d3a2e6c807582d4bf25b38567fe
  • Merge commit: ed64643ab6dc9020d0aaadd63dda58f55fcb5f48
  • Merge parents: base c3e504e5cc023e885b693b315e1525ea0cf0e0b8, upstream 69a80663a2ed7d671d2b4d5dd6f2d605714675a5
  • Total scope: 116 files changed, 6,005 insertions, 1,617 deletions
  • Corrective layer: 38 files changed, 974 insertions, 210 deletions
  • Divergence from main: 0 behind, 26 ahead
  • Merge strategy requested: merge commit, not squash or rebase

Incoming Commits

Corrective Commits

  • c80dde50d6f0ba22a52368c8e51a4136f2de09e7 fix(app): preserve v2 prompt structure and localization
  • 24f21689c46fb7781883a04f77301966d4392a1b fix(desktop): harden focus debug toggle
  • 169366aae9a0f59a4102af21c92fe313756e2ebd fix(session-ui): preserve structured prompt editing
  • 82d3a2f1150fa1c43cf7ecf71c32a5280e74d87c fix(app): defer provider row activation
  • 8f6a0e6d4b19ac21c2c40c1c0b81f8a77b90e660 fix(session-ui): preserve command focus targets
  • 8167c1bec73248daec9ef522bbd7221b424b2631 fix(session-ui): isolate prompt cursor module

Conflict Resolutions

  • packages/desktop/src/main/ipc.ts: retained Classic's trusted-renderer wrapper for updater, background, log export, fatal-error, and store handlers, and routed the incoming focus-debug handler through the same trust boundary.
  • packages/desktop/src/main/windows.ts: retained Classic renderer URL validation and scheme/host constants while integrating the incoming safe window-state URL helper.
  • Concurrent changes in bun.lock, app platform context, Console Go limits, desktop startup, and desktop renderer wiring auto-merged and were explicitly audited with frozen installation, identity/security tests, builds, packaging, and installed-runtime checks.

Validation

  • Local focused tests: session UI 81 passed; app unit 620 passed and 4 skipped; app browser 30 passed; desktop 75 passed.
  • Local static/build gates: frozen Bun 1.3.14 install, workspace and E2E typechecks, canonical lint with 4,699 warnings and 0 errors, git diff --check, and app, desktop, and Storybook production builds.
  • Browser interaction matrix: 15 tests passed across 1440x900 light, 768x1024 light, 390x844 dark, and 320x568 dark. Persisted-caret insertion, structured custom commands, built-in command focus, stale-provider Enter, Arrow navigation, and German labels passed. All 27 retained screenshots have empty console/page-error arrays and no document overflow.
  • Linux package gate: PASS, including frozen install/audit, static checks, focused and broad tests, generated-client checks, typecheck, canonical lint, production builds, desktop build, DEB/RPM packaging, metadata checks, and clean-tree verification. Evidence: linux-ci-20260718T051303Z-8167c1bec7-package.
  • Installed runtime: PASS from the checksum-verified DEB without --no-sandbox; oc://renderer, loopback sidecar, isolated credentials/XDG roots, deep-link forwarding, Settings, Classic identity/version, empty console/page-error arrays, package integrity, and clean teardown all passed.
  • Independent architecture, scope, correctness, security, final code, and frontend reviews found no actionable candidate-introduced issue after the minimal corrections.
  • Private archive: sync-upstream-prompt-minimal-8167c1bec7-final-evidence; its complete 419-file relative checksum manifest verifies.

Hosted Checks

Artifact Hashes

  • Candidate bundle SHA-256: 2b1a96d06146fe6daa59697e683d2addfafbb179c10c26c03ace008b391f1279
  • bun.lock SHA-256: a70c13b89cfc001ee1dfe11c1c2a1d45b15fba4511929dba8fbf0d43a9935134
  • DEB SHA-256: cd3074c6e6712afb32b9111a64c3b7e619b64d8fed652495ab1e97403872e629
  • RPM SHA-256: 4716771f64316be11d833a99f040f3c39685764946d0432ec043561721b15183
  • latest-linux.yml SHA-256: f63371f8319bdb550d443f46249b90c2ee6b66fd18c91f6f3948ff82fbb5c141
  • Installed-runtime screenshot SHA-256: 040a711e2af4936a1080af024663e481a95385962836e78d9395f416f558ffed
  • Installed-runtime report SHA-256: f8ce8f62a805a75fd866cc06774caaaedcf02a30aac9be31e66a274c170b7bba
  • Responsive report SHA-256: f36fa671ab3808b8c1ecfe9d19c1c5e6bc0df96b9afa9f383d7b0a60cddc67e3
  • Responsive checksum manifest SHA-256: 2a6eb1ccafb5fdc10f634f08900146547416e4144e27903b92040410d8b64bd7
  • Archive SHA256SUMS SHA-256: 40c4fb4342a3fca74ae10042fc72a8d83cb58ba41fcb8ed1da8afec9e1be8361

Expected Warnings And Deferred Coverage

  • No published versions on GitHub is expected before the first stable release; startup, rendering, identity, and every other installed-runtime assertion passed.
  • The runtime harness must use its short CI_RUNTIME_DIR option because deeply nested evidence paths exceed Linux's Unix-domain socket limit in Electron ProcessSingleton; the final installed-package run used a fresh short path and passed.
  • Compact provider rows can truncate the inherited upstream product label at narrow widths; this PR intentionally does not expand into unrelated responsive styling.
  • The minimal focus-debug correction validates trusted boolean input and removes the listener on normal window cleanup; broader serialized debug-state machinery from PR chore: sync upstream dev through 69a80663a2 #2 was intentionally omitted.
  • RPM metadata was inspected on Ubuntu, but native RPM installation was not tested on a Fedora-family host.
  • QA artifacts are unsigned. Windows and macOS installed-package runtime checks were not part of this Linux gate.
  • Nine newer upstream commits, 38989c57a through 901c9e732, are intentionally deferred rather than silently added after the audit pin.

No tag, release, publication, direct main push, or write to the official upstream repository occurred. Please review and merge this PR on GitHub using a merge commit, not squash or rebase.

Hona and others added 26 commits July 17, 2026 11:22
This reverts commit 90291fc.

Revert "go: kimi k3 2x usage"

This reverts commit a414e06.
Co-authored-by: Brendan Allan <git@brendonovich.dev>
Preserve OpenCode Classic trusted IPC and renderer navigation safeguards while integrating upstream desktop recovery and focus-debug changes.
@github-actions

Copy link
Copy Markdown

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

  • PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

@github-actions

Copy link
Copy Markdown

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8167c1bec7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

<PromptInputV2SubmitButton
mode={state.mode}
stopping={view.submit.stopping()}
disabled={!props.controller.canSubmit()}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Respect disabled state for the submit control

When a parent renders PromptInputV2 as disabled or readOnly while it already has text, attachments, or comments, this line still enables the send button solely from canSubmit(), and the button's click handler calls controller.submit() directly. The editor itself becomes non-editable, but the composer can still send the existing draft; include the outer disabled/read-only state in the submit/add controls or guard their handlers.

Useful? React with 👍 / 👎.

@LogicLyra
LogicLyra merged commit 867e53a into main Jul 18, 2026
9 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants