Adds desktop computer-use endpoints (windows, screenshots, mouse/keyboard,
launch/open), enhances neko-based streaming integration, updates inspector
UI with desktop debug tab, and adds common software test infrastructure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Improve desktop streaming architecture, add inspector dev tooling,
React DesktopViewer updates, and computer-use documentation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add desktop runtime management (Xvfb, openbox, dbus), screen capture,
mouse/keyboard input, and video streaming via neko binary extracted
from the m1k1o/neko container. Includes Docker test rig, TypeScript SDK
desktop support, and inspector Desktop tab.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a custom Docker image (foundry-base.Dockerfile) that builds sandbox-agent
from source and layers sudo, git, neovim, gh, node, bun, chromium, and
agent-browser. Includes publish script for timestamped + latest tags to
rivetdev/sandbox-agent on Docker Hub.
Update local sandbox provider default to use foundry-base-latest and wire
HF_LOCAL_SANDBOX_IMAGE env var through compose.dev.yaml.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Some org actors had auth tables created outside the migration system
(by earlier queue-based auth code). Migration m0001 fails with
"table auth_session_index already exists" on those actors, preventing
them from starting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch storeStateStrategy from "database" to "cookie" so OAuth state is
stored encrypted in a temporary cookie instead of a DB verification record.
This makes the callback idempotent — proxy retries can't fail because the
state travels with the request itself rather than being deleted after the
first successful callback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The production proxy chain (Cloudflare -> Fastly -> Railway) retries
OAuth callback requests when they take >10s. The first request succeeds
and deletes the verification record, so the retry fails with
"verification not found" -> ?error=please_restart_the_process.
- Add callback deduplication by OAuth state param in the auth handler.
Duplicate requests wait for the original and return a cloned response.
- Cache appOrganization() and getUser() actor handles to eliminate
redundant getOrCreate RPCs during callbacks (was 10+ per sign-in).
- Add diagnostic logging for auth callback timing and adapter operations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The org actor's workflow queue is shared with GitHub sync, webhooks, task
mutations, and billing (20+ queue names processed sequentially). During
OAuth callback, auth operations would time out waiting behind long-running
queue handlers, causing Better Auth's parseState to redirect to
?error=please_restart_the_process.
Auth operations are simple SQLite reads/writes with no cross-actor side
effects, so they are safe to run as actions that execute immediately
without competing in the queue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Revert actor communication from direct action calls to queue/workflow-based
patterns for better observability (workflow history in RivetKit inspector),
replay/recovery semantics, and idiomatic RivetKit usage.
- Add queue/workflow infrastructure to all actors: organization, task, user,
github-data, sandbox, and audit-log
- Mutations route through named queues processed by workflow command loops
with ctx.step() wrapping for c.state/c.db access and observability
- Remove command action wrappers (~460 lines) — callers use .send() directly
to queue names with expectQueueResponse() for wait:true results
- Keep sendPrompt and runProcess as direct sandbox actions (long-running /
large responses that would block the workflow loop or exceed 128KB limit)
- Fix workspace fire-and-forget calls (enqueueWorkspaceEnsureSession,
enqueueWorkspaceRefresh) to self-send to task queue instead of calling
directly outside workflow step context
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add task owner git auth proposal and sandbox architecture docs
- Add proposal for primary user per task with OAuth token injection
for sandbox git operations (.context/proposal-task-owner-git-auth.md)
- Document sandbox architecture constraints in CLAUDE.md: single sandbox
per task assumption, OAuth token security implications, git auto-auth
requirement, and git error surfacing rules
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add proposals for reverting to queues and rivetkit sandbox resilience
- proposal-revert-actions-to-queues.md: Detailed plan for reverting the
actions-only pattern back to queues/workflows now that the RivetKit
queue.iter() bug is fixed. Lists what to keep (lazy tasks, resolveTaskRepoId,
sync override threading, E2B fixes, frontend fixes) vs what to revert
(communication pattern only).
- proposal-rivetkit-sandbox-resilience.md: Rivetkit sandbox actor changes for
handling destroyed/paused sandboxes, keep-alive, and the UNIQUE constraint
crash fix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(foundry): add manual task owner change via UI dropdown
Add an owner dropdown to the Overview tab that lets users reassign task
ownership to any organization member. The owner's GitHub credentials are
used for git operations in the sandbox.
Full-stack implementation:
- Backend: changeTaskOwnerManually action on task actor, routed through
org actor's changeWorkspaceTaskOwner action, with primaryUser schema
columns on both task and org index tables
- Client: changeOwner method on workspace client (mock + remote)
- Frontend: owner dropdown in right sidebar Overview tab showing org
members, with avatar and role display
- Shared: TaskWorkspaceChangeOwnerInput type and primaryUser fields on
workspace snapshot types
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
