- Add common generateEncryptedId() utility in @multica/utils
- All Device IDs now use same encryption algorithm (40 hex chars)
- Web: store encrypted format directly in localStorage
- Desktop: use shared utility, accept encrypted ID from Web
- Hub: use shared utility for hub-id generation
- Telegram: use shared utility for device ID generation
- Gateway hook: use encrypted format for client connections
Algorithm: sha256(sha256(uuid).slice(0,32)).slice(0,8) + sha256(uuid).slice(0,32)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add WebkitAppRegion drag to login page background areas so the window
can be dragged on macOS. Mark the sign-in button as no-drag to keep it
clickable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Keep LocalChat mounted at the Layout level with CSS visibility toggle
instead of unmounting on route change, preserving messages, streaming
state, and IPC subscriptions when switching sidebar tabs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Turborepo was not passing the API_URL environment variable to the build
process, causing Next.js rewrites to fall back to the default test API
instead of the production API configured in Vercel.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move auth callback listener setup before async operations
- Add unique ID to welcome toast to prevent duplicates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Web stores raw UUID, encrypts when transmitting (consistent with copilot-search)
- Desktop receives encrypted Device ID from Web login callback
- Desktop stores encrypted 40-char format in auth.json
- Update IPC types to include deviceId in auth callback
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add fetch wrapper for desktop renderer to call Multica backend REST API.
Attaches sid, device-id, and os-type headers automatically using
useAuthStore and electronAPI.auth.getDeviceIdHeader().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Change from storing raw UUID to storing encrypted format
- Consistent with devv-sdk and Web implementation
- Auto-migrate old UUID format to new encrypted format
- Validate device ID format (40 hex characters)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Server-side redirect to deep link for production builds.
More reliable than client-side window.location.href.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Generate UUID-based Device ID on first launch
- Store deviceId in auth.json (persists across logins/logouts)
- Add double SHA-256 encryption (consistent with Web)
- Expose getDeviceId and getDeviceIdHeader IPC methods
- Fix callback path to only accept /callback (prevent duplicate toasts)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wraps the read tool from pi-coding-agent to automatically downscale
oversized images (>1MB or >2000px) before they enter the session.
Uses macOS sips for resize with no extra dependencies, following the
same pattern as OpenClaw. Falls back gracefully on non-macOS.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Session JSONL files were bloated because base64 image data was stored
inline (a real session had 6.7MB of images in a 9.8MB file). Images
are now extracted to per-session media/ directories as binary files,
with compact $ref references stored in the JSONL. Images are restored
transparently on read. Old sessions with inline base64 remain
backward compatible and auto-migrate on next compaction.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codex OAuth tokens use the ChatGPT backend API (chatgpt.com), not the
standard OpenAI API (api.openai.com). pi-ai already has a dedicated
openai-codex provider with the correct API format (openai-codex-responses)
and base URL. Remove the alias that was incorrectly mapping openai-codex
to openai, which caused 401 errors due to missing scopes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use bordered icon with consistent size on both platforms
- Adjust font size to match icon proportions
- Simplify desktop tagline for cleaner presentation
- Streamline web login header to [icon] Sign In format
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add lib/auth.ts for cookie-based session storage
- Add AuthGuard component for route protection
- Update request.ts to include sid in Authorization header
- Update login-form.tsx to save session and redirect if authenticated
- Wrap ChatPage with AuthGuard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Split login page into Server Component + Client Form to properly
handle useSearchParams with force-dynamic rendering.
Reference: CAP project pattern
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add tagline and animation to login page
- Add toast notification on login success
- Add toast notification on logout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds a status bar and slide-out dashboard panel to the chat view that
shows subagent progress in real-time. Polls at 2s when active, 10s when
idle. Completed runs auto-hide after 5 minutes. Includes dismiss button
and 30s auto-dismiss for the status bar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add rewrites in next.config.ts to proxy /api/* to api-dev.copilothub.ai
- Update docs to reflect new local dev workflow (no devd needed)
- Fix web port number in CLAUDE.md (3001 → 3000)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add email/code login with verification
- Add Google OAuth login
- Add desktop callback API route
- Add request service with device ID handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auth IPC handlers (main process)
- Add auth store with Zustand (renderer)
- Add login page with branded UI
- Add AuthGuard for protected routes
- Add user dropdown menu in sidebar footer
- Support deep link (multica://) for production
- Support local HTTP callback for development
Reference: https://github.com/CapSoftware/Cap
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Codex and Claude Code OAuth tokens with refresh_token can auto-renew,
so they should not be considered expired based on last_refresh time or
file mtime. Previously, credentials were hardcoded to expire after 1
hour, causing valid Codex sessions to show as unconfigured.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
