Previously all agent errors (including 400 invalid_request_error) were
emitted as agent_error events, triggering the UI error banner and
interrupting the chat flow. Now only auth-related errors (401, no API key)
emit agent_error so the "Configure" banner appears. Runtime errors like
400 are still shown as chat messages but don't block the agent.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
setProvider() was saving the alias-resolved provider (e.g. "anthropic"
instead of "claude-code") to session metadata. On restart, this caused
the wrong provider to be selected. Now saves the original providerId
so the exact user selection is preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move session metadata loading before provider resolution so that
the stored provider from a previous setProvider() call is used
in the fallback chain (options > session meta > credentials > default)
instead of always falling back to "kimi-coding".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge main's run mutex + soft error return with branch's refreshAuthState(),
keeping getApiKey defensive throw as defense-in-depth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
getApiKey errors thrown inside PiAgentCore's internal async context
result in UnhandledPromiseRejection instead of propagating to the
caller. Return a graceful error early so AsyncAgent can emit it
through the subscriber mechanism to the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add setChannelAccountConfig/removeChannelAccountConfig to CredentialManager
for persisting channel tokens. Make ChannelManager.startAccount public and
add stopAccount for individual account lifecycle control via IPC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical:
- describe-video: add mkdir for MEDIA_CACHE_DIR before ffmpeg write
- telegram: check bot ID (not is_bot) for reply-to detection in groups
Important:
- telegram: check @mention in caption for media messages in groups
- hub: add .catch() to channelManager.startAll()
- describe-image: add 20MB file size check to prevent OOM
- async-agent: remove dead writeWithImages, refactor with enqueue()
- manager: lazy agent subscription via ensureSubscribed() to handle
late agent availability and agent replacement
Suggestions:
- telegram-format: escape quotes in link URLs to prevent HTML breakout
- transcribe: catch API errors and return null (match local fallback)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add writeWithImages() to AsyncAgent for passing images directly to
the LLM via ImageContent. Extend Agent.run() to accept optional
images parameter. Update ChannelManager.routeIncoming() to download
media files and forward them: images as ImageContent to the LLM,
audio/video/document as file paths for agent-driven processing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PiAgentCore was created with an empty object when no API key was
initially configured. This broke dynamic provider switching because
setProvider() updated currentApiKey but PiAgentCore had no getApiKey
callback to read it. Always provide the callback so it dynamically
reads the current key.
Also adds AgentErrorEvent to MulticaEvent and emits it from
AsyncAgent.write() catch handlers so errors flow through the
subscriber mechanism to IPC listeners.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each tool call added an abort listener to the shared agent signal
without cleanup, exceeding the default 10-listener limit after 11+
exec calls. Fix by using { once: true } and removing the listener
on child process close (exec) to prevent accumulation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of keeping announced runs in the registry for 60 minutes
(archive sweeper), delete them right after findings are delivered
to the parent. This prevents stale completed tasks from appearing
in sessions_list on subsequent parent turns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After child subagents complete, the coalesced announcement runs as an
internal turn which rolls back all messages from the parent's in-memory
context. This causes the parent LLM to lose findings in subsequent turns.
Add persistResponse option to writeInternal that re-injects the LLM's
summary as a non-internal assistant message after the internal run
completes. The internal prompt stays hidden while the summary persists
in both memory and session JSONL for future turns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add agent_error event type to MulticaEvent union so errors from
agent runs reach subscribe() consumers (Desktop IPC + Channel).
Make emitMulticaEvent public on Runner so AsyncAgent can emit errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Announcement messages from subagent completion flows were persisted as
regular user messages, polluting conversation history and leaking
orchestration instructions to frontend/CLI.
- Add `internal?: boolean` to SessionEntry message variant
- SessionManager.saveMessage accepts { internal: true } option
- SessionManager.loadMessages filters internal by default
- Agent.runInternal() tags messages as internal, rolls back from memory
- Agent.withRunMutex() prevents concurrent run/runInternal mis-tagging
- AsyncAgent.writeInternal() suppresses event forwarding during internal runs
- Announce flows use writeInternal() instead of write()
- Desktop IPC getHistory reads from session storage (filtered)
- CLI session show parses SessionEntry, supports --show-internal flag
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Change default security from "allowlist" to "full" (allow all commands)
- Change default ask from "on-miss" to "off" (never prompt)
- Change DEFAULT_APPROVAL_TIMEOUT_MS from 60s to -1 (no timeout)
- Support timeoutMs=-1 to wait indefinitely for user decision
- Update CLI and Hub approval flows to skip setTimeout when timeout<0
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a new `sessions_list` tool to the Subagent tool group, allowing
agents to query the status of their spawned sub-tasks. Supports both
list mode (all runs) and detail mode (specific runId).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cover formatCoalescedAnnouncementMessage (single/multi record,
mixed outcomes, missing findings), registry coalescing state
transitions, shutdown capture, and new field serialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When multiple children complete, buffer findings per-child and only
send one combined announcement to the parent after all unannounced
runs for the same requester have finished. This avoids N separate
LLM calls and gives the parent a complete picture of all results.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move channel configuration into the existing credentials.json5 under a
`channels` section, matching OpenClaw's single-config-file approach.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The model was confused about payload capabilities. Explicitly state
that agent-turn spawns an isolated agent with ALL tools (exec, write,
web_fetch, etc.) and add usage guidance for choosing between
system-event and agent-turn.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace Type.Union(Type.Literal(...)) with flat stringEnum helper
to avoid anyOf in JSON schema (better LLM provider compatibility)
- Rewrite description to structured ACTIONS/SCHEDULE/PAYLOAD/CONSTRAINTS
format without markdown headers or code blocks
- Add CRITICAL CONSTRAINTS section for sessionTarget+payload rules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add explicit list of valid actions in parameter description
- Add IMPORTANT note at start of tool description
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'group:cron' to TOOL_GROUPS in IPC handler and agent tools
- Add cron tool description and group name to use-tools hook
- Add Time04Icon for cron group in tool-list component
- Add subagent group icon (UserMultipleIcon) for completeness
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add createCronTool to the agent's default tools list so agents
can use the cron tool to manage scheduled tasks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds CLI support for managing scheduled tasks:
- multica cron status: Show service status
- multica cron list: List all scheduled jobs
- multica cron add: Create new jobs with --at/--every/--cron
- multica cron run: Execute jobs immediately
- multica cron enable/disable: Toggle job status
- multica cron remove: Delete jobs
- multica cron logs: View run history
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds a cron tool that allows agents to create, manage,
and execute scheduled tasks. Supports:
- status: Get service status
- list: List all jobs with optional filters
- add: Create one-shot, interval, or cron jobs
- update: Modify existing jobs
- remove: Delete jobs
- run: Execute jobs immediately
- logs: View run history
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign each search request with HMAC-SHA256 using Hub ID, a per-request
nonce (UUIDv7), and unix timestamp. The signed reqId is sent in the
request body to prevent unauthorized API usage.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add localApprovalHandlers map so exec approval requests can be routed
to the Electron renderer via IPC instead of requiring a Gateway
connection. Expose setLocalApprovalHandler/removeLocalApprovalHandler
and resolveExecApproval on Hub for the IPC layer to use.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rename CopilotHub references to Devv Search (constants, types, function
names, error message). Remove unused resolveTimeoutSeconds/resolveCacheTtlMs
imports and use constants directly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove "requires API key" wording and rebrand to Devv Search across
tool definition, desktop UI, system prompt, and README.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove Brave and Perplexity providers in favor of a single CopilotHub
search endpoint (api-dev.copilothub.ai/web-search). Simplifies schema
to query-only, removes credential dependencies, retains caching.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
