Conversation
Removes dependency on TanStack Start server runtime. Agent auth now flows through Convex site endpoint using @clerk/backend to create sign-in tokens.
TanStack Router's JSON.parse-based parser converts ?agent=true to boolean, not string — validateSearch now checks for both.
Removes Convex HTTP endpoint (security hole in open-source codebase). Agent auth now handled server-side in Vite dev middleware only — zero attack surface in production. Secrets stay in .env.local, never bundled.
Allow toggling and deleting repo-level audits directly from app settings, instead of forcing users to navigate to the parent repo. Also enabled adding new repo-level audits from app context.
Consolidate EVA_URL configuration across dev/staging/production environments. Remove duplicate SYNC_HOST constant and use env vars (VITE_EVA_URL) for all URL references. Add build:staging script for staging builds.
Change date display from "x days ago" to compact format (3d, 1h, 5m) on QuickTaskCard in both web-v2 and web apps.
When on /{owner}/{repo}/inbox, the route parser treated "inbox" as an
appName because it wasn't in KNOWN_SUB_PAGES, causing repoBasePath to
include "/inbox" and all nav links to generate broken URLs.
…onal teams
Personal teams now display contextual names:
- Your own personal team shows as "My Team"
- Other users' personal teams show as "{firstName}'s Team"
Updated in both web and web-v2 apps, with the display logic computed
in the backend teams.list and teams.get queries.
…hj7h83jpm1 Eva: im on inbox page, then navigating to otherr pages breaks the url structure
…5cb183jaj0 Eva: change date on quick task card
Filters out Designs, Sessions, Documents, Testing Arena, and Analyse features when not in development mode. Production and staging only show Projects, Quick Tasks, Inbox, Automations, Stats, and Settings.
Replace strict session.userId check with hasRepoAccess validation in startExecute, cancelExecution, and sessionComplete mutations. This allows any team member with repo access to execute on sessions created by others, matching the behavior of sessions.list which already shows all repo sessions to all team members.
…ion chat Replaces broken Reasoning component (which uses BrainIcon from lucide) with ActivitySteps fallback step pattern. Fixes chrome extension showing literal "IconBrain" text when AI starts streaming.
URLSearchParams directly checks for agent param presence instead of relying on strict zod validation that rejected string/empty values from query strings. Fixes "not found" error when navigating to /?agent or /?agent=true.
Wildcard pattern *.daytonaproxy01.net allows Next.js dev server to accept cross-origin requests from Daytona proxy URLs that rotate every 30 minutes.
URLs like /:owner/:repo/:extra/sessions/:path* were missing the upgrade-insecure-requests header, causing mixed content errors when iframes requested HTTP sandbox URLs from HTTPS pages.
vite was binding to localhost-only (::1) making it unreachable from Daytona proxy. disabled vite CORS since the proxy already handles it, preventing duplicate Access-Control-Allow-Origin headers. removed credentials flag from dismissDaytonaWarning fetch to simplify CORS handling.
…heck timeout Add "command execution timeout" to retryable session git errors so transient Daytona sandbox exec timeouts trigger retries (3 attempts) instead of failing immediately. Increase remoteBranchExists timeout from 10s to 20s to give snapshot sandboxes more headroom for initial git ls-remote calls.
- decode URL-encoded paths in router history (proxy encodes ? as %3F) - fix buildUrlWithPath to preserve query strings and enforce HTTPS - upgrade Daytona dismiss fetch to HTTPS to prevent mixed content blocks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes dependency on TanStack Start server runtime. Agent auth now flows through
Convex site endpoint using @clerk/backend to create sign-in tokens.