electron-builder's NSIS target does not produce a `.blockmap` file
unless `differentialPackage: true` is configured (it is not in this
project). The release-stable lane was unconditionally requiring,
copying, and listing the blockmap, which made the win build job
fail even after the installer was successfully produced.
release-beta.yml already runs without expecting a blockmap, so
align release-stable.yml with it: drop the blockmap variables,
the existence check, the copy, and the summary mention. The win
NSIS installer + sha256 + latest.yml are produced unchanged and
match what release-beta has been shipping.
The win build job was failing with `makensis is required to build the
Windows installer; install NSIS or populate the electron-builder NSIS
cache` because GitHub's windows-latest runner image no longer ships
NSIS by default and `tools-pack`'s `resolveMakensisCommand` throws
when it cannot find `makensis.exe`.
The matching fix already exists in release-beta.yml (added in #768).
Mirror that step into release-stable.yml so the stable release lane
can build the win NSIS installer too.
Workflow-only change. Does not affect the packaged app contents
shipped from this commit (release artifacts are byte-identical to
what release-beta produced from 4761906).
* Optimize Windows packaged web output
* Fix packaged contracts runtime build
* Optimize Windows packaged size pruning
* Prune Windows root Next payload
* Remove Windows bundled Node runtime
* Prune Windows standalone duplicate Next
* Add tools-pack cache foundation
* Cache Windows packaged build layers
* Cache Windows workspace builds
* Cache Electron-ready Windows app
* Split Windows tools-pack module
* Cache Windows dir build outputs
* Split Windows pack build modules
* Document Windows NSIS smoke namespace limits
* Move Windows NSIS smoke note to agents guide
* Optimize Windows beta packaging
* Bump packaged beta base version
* Improve Windows installer namespace UX
* Improve Windows tools-pack cache keys
* Stabilize Windows beta cache version keys
* Cache Windows workspace build outputs
* Optimize windows release beta cache layers
* Cache windows release dependencies
* Trim windows release cache before save
* Refresh windows tools-pack cache key
* Improve windows installer preflight prompts
* Fallback NSIS installer strings to English
* Fix Windows installer cleanup and preflight
* Improve Windows NSIS state logging
* Fix system NSIS Persian language alias
* Use long-path removal for Windows uninstall
* Fix mac tools-pack tests on Windows
* Address Windows packaging review feedback
* Fix Windows installer cache namespace isolation
* Include web output mode in Windows tarball cache key
* Use unique Windows release cache save keys
* ci: notify Discord #resolved on issue close-via-merged-PR
* ci: address review feedback on Discord #resolved workflow
P1:
- Add contents:read permission (required by listPullRequestsAssociatedWithCommit)
- Drop cross-referenced timeline fallback to eliminate false positives from
plain mentions; closed-event+commit_id is now the only resolver path
(also fixes the cross-repo number-collision concern Codex raised)
P2:
- Validate webhook URL prefix before POST (reject misconfigured secrets)
- Retry on Discord 429 up to 3 times honouring Retry-After header,
bounded 1..60s, with sane default if header missing
P3:
- allowed_mentions: { parse: [] } so issue/PR titles can't @everyone or
ping roles/users in #resolved
* chore: enforce test directory conventions
Move package, app, and tool tests out of src and add guard enforcement so source directories stay source-only.
* ci: use guard and package-scoped tests
Run the new repository guard in CI and keep test execution aligned with package-scoped commands after removing root aliases.
* ci: align stable release guard check
Use the new repository guard in stable release verification after replacing the residual-JS-only script.
* chore: tighten test layout enforcement
Enforce sibling tests directories, typecheck moved test suites with dedicated configs, and refresh remaining guidance that pointed at src-based tests.
* chore: clarify no-emit test tsconfigs
Explicitly disable declaration-only emit in test tsconfigs so review tooling sees they are no-emit typecheck configs.
* feat(editorial-collage): introduce Atelier Zero style landing page assets and documentation
- Added new design system for Atelier Zero, including a detailed `DESIGN.md` file.
- Created an `editorial-collage` skill with associated assets for a magazine-grade landing page.
- Included example HTML and image assets for various sections (hero, about, capabilities, etc.).
- Updated README files to guide usage and customization of the new skill and design system.
- Introduced a new image generation prompt pack for consistent visual style across the landing page.
* fix(i18n): cover atelier-zero design system and editorial-collage skill in German content
Generated-By: looper 0.4.0 (runner=fixer, agent=claude-code)
* fix(editorial-collage): align manifest with shipped assets and address PR review
- Update image-manifest.json widths/heights/ratios to match the actual PNGs
on disk: hero/about/cap/testimonial/cta = 1024x1024 (1:1), method-1..4 =
816x816 (1:1), lab-1..5 and work-1..2 = 768x1024 (3:4). Mirror the new
dimensions in imagegen-prompts.md headings and in README.md.
- Mark testimonial.png as rekey_on_brand_change so the manifest agrees
with SKILL.md's "regenerate at minimum testimonial.png" guidance, and
add work-1/work-2 to the rekey list in SKILL.md and README.md.
- Add a Hero (I.) sec-rule and renumber every following section II..VIII
in example.html so the eight sections walk sequentially I -> VIII and
the page-of-008 counter starts at 001.
- Delete editorial-artifact-system/ (16 duplicate PNGs + index.html +
skills.md draft) — the canonical version is skills/editorial-collage/
and the duplicate had no consumer references.
- DESIGN.md: spell out which dimensions of each magazine reference
(Monocle/Apartamento/IDEA), document the rationale for single-accent
vs multi-accent, and extend the anti-pattern list with AI-image-gen
artifacts the system explicitly rejects.
- SKILL.md: add italic_words validation guidance (trim, cap at 4,
verb->noun rewrite, punctuation strip) and replace the broken-image
fallback with an inline SVG placeholder sized to the slot's
manifest aspect ratio.
Generated-By: looper 0.4.0 (runner=fixer, agent=claude-code)
* fix(daemon): serve skill example assets via stable API route
Skill example HTML such as `skills/editorial-collage/example.html`
references shipped images via `./assets/*.png`. The web app loads the
example into a sandboxed iframe via `srcdoc`, where relative URLs
resolve against `about:srcdoc` and the PNGs render as broken images in
the Examples preview.
Add a `GET /api/skills/:id/assets/*` route that serves files under the
skill's `assets/` directory with path-traversal guards, and rewrite
`src='./assets/<file>'` / `href='./assets/<file>'` in the example
response to point at that route. The disk preview keeps working
because the on-disk files are unchanged.
Generated-By: looper 0.4.0 (runner=fixer, agent=claude-code)
* feat(landing-page): add new static Next.js 16 site for Open Design marketing
- Introduced a new landing page application using Next.js 16, featuring a static export setup.
- Added essential files including `package.json`, `next.config.ts`, and TypeScript configuration.
- Implemented global styles in `globals.css` to match the Atelier Zero design system.
- Created a detailed `AGENTS.md` for module-level boundaries and purpose.
- Included various image assets for the landing page, ensuring a visually cohesive experience.
- Established a root layout and main page structure to support the marketing content.
* style(landing-page): enhance topbar layout and improve responsiveness
- Added nowrap styling to topbar elements to prevent text overflow.
- Introduced media query to hide mid text in the topbar for screen widths between 1200px and 1280px.
- Updated layout.tsx to suppress hydration warnings for better rendering consistency.
- Removed redundant "Compiled by Open Design" text from the page component.
* feat(landing-page): implement scroll-reveal animations for enhanced user experience
- Added a new `RevealRoot` component to manage scroll-triggered reveal animations.
- Updated `globals.css` with styles for elements using the `data-reveal` attribute, including opacity, translation, and scaling effects.
- Modified `layout.tsx` to include the `RevealRoot` component for managing animations.
- Enhanced `page.tsx` by adding `data-reveal` attributes to various elements for staggered reveal effects.
- Implemented reduced motion support to ensure accessibility for users with motion sensitivity.
* fix(landing-page): update import paths and enhance link styles
- Changed the import path in `next-env.d.ts` to reference the correct routes type definition.
- Enhanced `globals.css` with new styles for topbar links, work cards, and partner elements, improving hover effects and transitions.
- Updated `page.tsx` to include canonical project URLs and made various links point to these URLs for better navigation and accessibility.
* feat(landing-page): implement headroom-style sticky header with live GitHub star count
- Introduced a new `Header` component to manage sticky navigation behavior on scroll, enhancing user experience.
- Updated `globals.css` to style the sticky header, including transitions and visibility toggling based on scroll direction.
- Modified `page.tsx` to replace the static header with the new `Header` component, which fetches and displays the live GitHub star count.
- Ensured accessibility by providing a fallback for users who prefer reduced motion.
* feat(landing-page): enhance editorial landing page with global ticker and new styles
- Updated `next-env.d.ts` to reference the correct routes type definition for development.
- Enhanced `globals.css` with new styles for the global ticker, including responsive design and improved overflow handling.
- Introduced a new `WIRE_CITIES` and `WIRE_CONTRIBS` data structure in `page.tsx` to display a counter-scrolling marquee of cities and contributors.
- Added a ghost button style for the navigation call-to-action in the header.
- Updated various sections in `page.tsx` to integrate the new ticker and improve overall layout and accessibility.
* refactor(landing-page): update paper texture overlay and remove multica-ai link
- Enhanced comments in `globals.css` to clarify the purpose and behavior of the paper texture overlay.
- Adjusted z-index of the overlay to ensure proper layering with other elements.
- Removed the `multica-ai` partner link from `page.tsx` to streamline the partner section.
* feat(landing-page): implement dynamic contributor marquee with GitHub integration
- Added a new `Wire` component to display a counter-scrolling marquee of cities and contributors.
- The contributor list is fetched live from the GitHub API, ensuring up-to-date information.
- Updated `page.tsx` to integrate the `Wire` component, replacing the static contributor list with dynamic content.
- Enhanced comments for clarity regarding the functionality and purpose of the global wire.
* fix(i18n): add German display copy for editorial-collage-deck skill
The Validate workspace test asserts that GERMAN_CONTENT_IDS.skills covers
every curated skill on disk; the new editorial-collage-deck skill was
missing from DE_SKILL_COPY, causing src/i18n/content.test.ts to fail.
Generated-By: looper 0.4.0 (runner=fixer, agent=claude-code)
* feat(landing-page): migrate marketing site to Astro
* perf(landing-page): remove React client runtime
* perf(landing-page): serve images from Cloudflare resizing
* fix(pr): address landing page review feedback
---------
Co-authored-by: mrcfps <mrc@powerformer.com>
* feat(tools-pack): extend config types for linux platform
* feat(tools-pack): add linux resource files (icon, .desktop template)
* feat(tools-pack): export linuxResources paths
* feat(tools-pack): scaffold linux.ts module
* chore(tools-pack): add vitest devdep for linux lane unit tests
* feat(tools-pack): add buildDockerArgs helper for containerized linux builds
* chore: update pnpm lockfile after adding vitest dep
* feat(tools-pack): add renderDesktopTemplate helper
* fix(tools-pack): use @@ICON_PATH@@ token in linux .desktop template
Reviewer flagged the third .replace() in renderDesktopTemplate as dead code
because the template hardcoded Icon=open-design-@@NAMESPACE@@ instead of
using @@ICON_PATH@@. Switch the template to @@ICON_PATH@@ so install logic
controls the icon stem name independent of namespace, and move the
sanitizeNamespace assertion out of the renderDesktopTemplate describe block
into its own describe.
* feat(tools-pack): add matchesAppImageProcess helper
* test(tools-pack): cover matchesAppImageProcess missing APPIMAGE env case
Closes a coverage gap flagged by code review: a process whose executable
matches /tmp/.mount_*/AppRun but has no APPIMAGE env should be rejected.
The implementation already returned false for this case (undefined ===
installPath is false); this test pins the behavior explicitly.
* feat(tools-pack): implement packLinux native build path
* fix(tools-pack): packLinux extra resources, output pre-clear, publish never
Code review flagged three plan-level omissions in packLinux that mac.ts
handles correctly:
1. writeAssembledApp now writes packagedConfigPath (open-design-config.json)
with namespace, nodeCommandRelative, and namespaceBaseRoot. Without it
apps/packaged falls back to defaults at runtime and cannot find the
namespace runtime tree.
2. writeLinuxBuilderConfig now bundles the resource tree and packaged
config into the AppImage via extraResources. Without it the running
app cannot find skills/, design-systems/, craft/, frames/, or the
bundled bin/node.
3. runElectronBuilderLinux now pre-clears appBuilderOutputRoot and passes
--publish never to electron-builder, preventing stale-artifact bleed
between runs and accidental publish attempts in CI when env tokens
are present.
Also aligns appId with mac/win (io.open-design.desktop) and drops a
no-op productNameSafe template-literal.
* feat(tools-pack): implement containerized linux build via Docker
* feat(tools-pack): register linux CLI commands
* fix(tools-pack): align linux electron-builder config with mac.ts
Smoke testing the AppImage revealed the daemon sidecar was missing from
the bundled app.asar:
Cannot find module '@open-design/daemon/dist/sidecar/index.js'
Root cause: writeLinuxBuilderConfig was missing the 'files' field, so
electron-builder used defaults that excluded transitive workspace deps
from the asar. Plus several other mac.ts patterns that I dropped from
the plan: artifactName, executableName, extraMetadata.main/name/
productName/version, npmRebuild=false, nodeGypRebuild=false,
buildDependenciesFromSource=false, compression=maximum, top-level icon.
Switch asar:true → asar:false to match mac.ts (easier to debug missing
files; perf difference negligible for dev installs).
* feat(tools-pack): implement linux install
* feat(tools-pack): implement linux start with extract-and-run
The packaged sidecar's 35-second wait timeout is exceeded when the
AppImage runs from a FUSE-mounted SquashFS (Node module loads + daemon
init are slow through FUSE). Pass --appimage-extract-and-run as the
first arg so AppImage extracts to /tmp first; subsequent file reads
go through a real filesystem and daemon boot completes in time.
Wait for apps/packaged to write desktop-root.json (60s ceiling, generous
to cover AppImage extraction overhead), then fetch desktop status via
sidecar IPC, return the merged LinuxStartResult.
* fix(tools-pack): align linux start helper with mac.ts (log echo + write semantics)
Code review flagged two unjustified divergences from mac.ts in
startPackedLinuxApp:
1. Missing OD_DESKTOP_LOG_ECHO=0 in spawn extraEnv. Without it the
packaged logger echoes to the spawned process's stdout, which goes
nowhere (logFd: null). Added the suppression to match mac.ts.
2. The desktop log truncate writeFile() was wrapped in .catch(() =>
undefined), silently swallowing fs errors that would later surface as
confusing missing-log symptoms. Removed the .catch so errors
propagate per mac.ts.
Also added an inline comment explaining the 60s waitForMarker timeout
(vs mac's tighter ceiling) so the rationale is preserved at the
call site.
* feat(tools-pack): implement linux stop with marker validation
* fix(tools-pack): align linux stop with mac.ts (graceful shutdown + reason strings)
Code review flagged divergences from mac.ts in stopPackedLinuxApp:
1. No graceful IPC SHUTDOWN attempt before SIGTERM/SIGKILL. Mac's
pattern lets Electron renderers + sidecars flush state (SQLite WAL,
logs) first. `gracefulRequested: true` was hardcoded, lying to
callers about what actually happened. Now attempts SHUTDOWN with a
1500ms timeout and reports the actual outcome.
2. The dead-PID-but-marker-exists branch returned reason 'ok' (the
neutral placeholder from readDesktopRootIdentityMarker), which says
nothing useful. Override to 'marker-pid-not-running' to match mac.ts.
3. After a clean stop, remove the desktop-root.json marker so a
subsequent start has a fresh slate (mac.ts does this too).
* fix(tools-pack): clear stale desktop-root.json before linux start
Smoke-testing the install/start/stop loop revealed waitForMarker
returns instantly when a stale marker from a previous run still exists
on disk (e.g., the previous AppImage was killed without going through
'tools-pack linux stop'). The start function then reports success
without actually waiting for the new spawn to write its own marker.
Defensively remove the marker file before spawning. mac.ts removes it
in stop, so a clean stop->start sequence has nothing to remove here.
This only matters for crash-recovery.
* fix(tools-pack): linux stop validates extract-and-run AppImages
Smoke testing exposed a gap from Task 7: matchesAppImageProcess only
recognized FUSE-mode (/tmp/.mount_*/AppRun) but Task 13 launches with
--appimage-extract-and-run, which puts the live executable at
/tmp/appimage_extracted_<hex>/<binary>. Stop's cmdOk validation
returned false, marker validation failed, the running app was
classified as 'unmanaged' and stop refused to kill it.
Fix:
1. matchesAppImageProcess accepts both runner patterns. Extract-and-run
regex matches /^\/tmp\/appimage_extracted_[^/]+\/[^/]+$/.
2. stopPackedLinuxApp now passes paths.installAppImagePath (or the
built fallback) as the canonical install path, not marker.appPath
(which apps/packaged unhelpfully writes as '/' on Linux).
3. linux.test.ts gains 2 new tests covering the extract-and-run mode
(both positive and the wrong-APPIMAGE-env negative case).
* fix(tools-pack): resolve linux paths in stop (typecheck regression from previous commit)
* feat(tools-pack): implement linux logs
* feat(tools-pack): implement linux uninstall
* feat(tools-pack): implement linux cleanup
* docs(tools-pack): document linux lane in READMEs and AGENTS files
* ci(release): add linux x64 AppImage to release-beta and release-stable
Mirrors the existing build_mac/build_win pattern with a build_linux job
in both release workflows. Builds via `tools-pack linux build
--containerized --to appimage` so the AppImage is linked against the
electronuserland/builder glibc 2.27 baseline (portable across distros)
rather than the ubuntu-latest glibc 2.39.
The linux asset is uploaded to the immutable version release tag
alongside mac/win. The beta channel-feed release (latest-mac.yml,
latest.yml) is intentionally not extended with latest-linux.yml because
tools/pack/src/linux.ts has no electron-builder publish block wired,
so the auto-update feed would point users at a feed that never updates.
AppImage auto-update is a separate follow-on.
Linux is unsigned (no signing path in tools-pack yet), so the beta
asset uses the .unsigned suffix matching the windows convention; the
stable asset uses no suffix, matching the stable windows convention.
* fix(tools-pack): propagate --dir/--portable into containerized linux build
The inner `pnpm tools-pack linux build` invocation in `buildDockerArgs`
only forwarded `--to` and `--namespace`. Callers passing `--dir` (e.g.
the new release workflows using `--dir $RUNNER_TEMP/tools-pack`) had
their flag silently dropped: the container defaulted to writing under
/project/.tmp/tools-pack while the host's `findBuiltAppImage` looked at
the caller's chosen `--dir`, producing "expected AppImage not found"
on any non-default tool-pack root. Callers passing `--portable` had
the same drop, baking build-machine runtime roots into shipped artifacts.
Fix:
- Mount `${config.roots.toolPackRoot}:/tools-pack` (new third volume,
alongside the existing /project, /home/builder, and cache mounts).
- Forward `--dir /tools-pack` to the inner build so its output lands
inside the mounted host dir.
- Forward `--portable` when `config.portable` is true.
The mount overlaps harmlessly with /project when toolPackRoot lives
under workspaceRoot (default case): Docker exposes the same host inode
at both paths. The existing .docker-home and .docker-cache/* mounts
continue to shadow the parent at their specific /home/builder paths.
Document the shell-interpolation safety invariant on the inner command:
config.namespace is sanitized at config-time, config.to is enum-validated,
config.portable is boolean -- none can carry shell metacharacters.
Tests: add coverage for the new /tools-pack mount, --dir forwarding,
and --portable propagation (both true and false branches).
Resolves the P1 review feedback from the Codex bot on PR #369.
* docs(tools-pack): polish linux README based on PR review
Addresses non-blocking P2/P3 review feedback on PR #369:
- AppImage launch mode: name the test distros (Ubuntu 24.04, Arch Linux)
and frame the FUSE-vs-extract-and-run gap as an order-of-magnitude
improvement instead of an unspecified slowdown.
- Optional system tools: add a libfuse2 paragraph distinguishing FUSE
launch (needs libfuse2) from extract-and-run (does not), with the
Ubuntu-24-vs-pre-24 package name caveat.
- New section "Format choice: why AppImage first" anchoring the
AppImage-only decision against industry precedent (VS Code, Discord,
Slack, Cursor, Obsidian) so the rationale survives without a reviewer.
- Out of scope: convert the dense one-liner into a bulleted list, mark
AppImage signing as gated on GPG infra + verification flow design
(no ETA), explain the latest-linux.yml gap, and remove the now-stale
"release lane" entry since this PR adds it.
* fix(tools-pack): add --appimage-extract-and-run to installed .desktop launcher
The XDG .desktop file installed by `tools-pack linux install` invoked
the AppImage directly via `Exec=env OD_NAMESPACE=<ns> <exec> %U`. That
bypassed the extract-and-run flag that `tools-pack linux start` applies,
so menu launches and `od://` desktop activations could hit the FUSE
slow path that was already shown to make the daemon sidecar exceed
apps/packaged's 35-second startup timeout. CLI-spawned starts succeeded
while menu-launched starts could fail with the same artifact.
Add `--appimage-extract-and-run` to the template's `Exec=` line and
update the renderDesktopTemplate test expectation. New regression test
locks the flag into place so a future template edit can't silently
drop it.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): treat signal-terminated container builds as failures
`runBuildInContainer` resolved the build promise on `code === null`,
which in Node's child-process `exit` event means the child was
terminated by a signal (SIGTERM, SIGKILL, OOM-killer, parent process
death). A killed Docker build could therefore make `packLinux` report
a containerized build as complete even though the artifact was
partial or missing.
Accept the `signal` argument on the exit handler. Resolve only when
`code === 0 && signal == null`. Otherwise reject with a message
naming either the non-zero code or the terminating signal so the
failure mode is visible in CI logs and `tools-pack linux build --json`
output.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): tear down orphaned process tree on failed linux start
If `startPackedLinuxApp` spawned the AppImage but the post-spawn
readiness path then failed -- either because the 60s waitForMarker
ceiling elapsed without the daemon writing desktop-root.json, or
because fetchDesktopStatus threw -- the detached child was left
running. Because the marker is the only persistent identity source
used by `stopPackedLinuxApp`, future lifecycle commands could not
associate the orphan with the namespace, leaving stale Electron and
sidecar processes plus stale IPC sockets that would interfere with
subsequent starts.
Wrap the readiness wait + status fetch in try/catch. On failure,
collect the spawned child's process tree via listProcessSnapshots +
collectProcessTreePids and stopProcesses() it (the same path
stopPackedLinuxApp uses for its tree teardown), then rethrow the
original error. Cleanup errors are swallowed so the original failure
is preserved in the rejection.
Extract the tree-teardown helper as `teardownOrphanedStart` so the
intent is documented at the call site without inlining 4 imports of
implementation detail.
Resolves a P2 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): use `corepack pnpm` in containerized linux build
The inner command in `buildDockerArgs` started with `corepack enable`,
which writes pnpm/yarn/npm shims into the directory containing the
node binary. In `electronuserland/builder:base`, that directory is
owned by root, but the container runs as the host's non-root uid via
`--user` (so build artifacts come out owned by the caller, not root).
The `corepack enable` step therefore fails with EACCES before
`pnpm install` ever runs, blocking the new release `build_linux` job
from publishing the Linux AppImage.
Switch to `corepack pnpm install --frozen-lockfile && corepack pnpm
tools-pack linux build ...`, which resolves and runs the version of
pnpm pinned in package.json's `packageManager` field directly. No
shims, no global mutation, no root writes — corepack just dispatches
to the pinned binary as the unprivileged user.
Update the existing inner-command test to match the new corepack
invocation, and add a regression test that asserts the inner command
contains `corepack pnpm` and never `corepack enable` so a future edit
can't reintroduce the root-write requirement.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): accept menu-launched processes in linux stop/uninstall
stopPackedLinuxApp validated the live process via matchesStampedProcess
against the process command line, requiring a SIDECAR_SOURCES.TOOLS_PACK
stamp. That worked for `tools-pack linux start` (which spawns with
createProcessStampArgs), but rejected menu launches: the installed
.desktop entry only sets OD_NAMESPACE and does not pass stamp args, so
apps/packaged falls back to a SIDECAR_SOURCES.PACKAGED stamp written
into desktop-root.json -- a perfectly valid identity, just not the one
the validator accepted.
Symptoms with the old behavior:
- `tools-pack linux stop` reported `unmanaged` for menu-launched apps
and refused to stop them.
- `tools-pack linux uninstall` would happily remove the AppImage,
.desktop entry, and icon while the packaged app was still running,
breaking handles to the AppImage's mounted/extracted contents.
Switch the validator to read marker.stamp directly (the file content
written by apps/packaged itself, not the process command) and accept
either TOOLS_PACK or PACKAGED. The expected app/mode/namespace/ipc
fields are still required to match. Mirrors the dual-source acceptance
pattern in mac.ts:709-714.
The matchesAppImageProcess (cmdOk) and namespaceRoot checks are
preserved -- the marker still has to point at our AppImage at a path
in our namespace's runtime root.
Drop the now-unused matchesStampedProcess import.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): per-platform --to help text in CLI
addBuildOptions is shared across mac/win/linux but its --to help text
hard-coded the mac targets (all|app|dmg|zip), so:
- tools-pack linux --help advertised --to all|app|dmg|zip even
though resolveToolPackBuildOutput accepts only all|appimage|dir,
sending users at invalid targets and hiding the AppImage option.
- tools-pack win --help had the same problem (advertised mac
targets while accepting all|dir|nsis with default nsis).
Parameterize addBuildOptions(command, platform) and back it with a
TO_HELP_BY_PLATFORM table that mirrors the resolver's accepted targets
in config.ts. Update the three call sites.
Smoke verified by running --help for each platform:
linux: all|appimage|dir (default: all)
mac: all|app|dmg|zip (default: all)
win: all|dir|nsis (default: nsis)
The misleading "--signed: build a signed/notarized mac artifact" line
on win/linux is left alone -- out of scope for this fix and not part
of the review feedback.
Resolves a P3 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): use OD_PACKAGED_NAMESPACE in installed .desktop launcher
The installed .desktop entry's Exec= line set OD_NAMESPACE=<ns>, but
apps/packaged/src/config.ts:9 reads namespace overrides from
OD_PACKAGED_NAMESPACE, not OD_NAMESPACE. The env assignment was a
silent no-op for menu launches: the packaged app fell back to whatever
namespace was baked into open-design-config.json at install time,
ignoring the namespace advertised in the .desktop file.
Practical effect: a .desktop launcher created for namespace "foo"
could end up running as the namespace baked into the AppImage's
shipped config (typically "default"), so installs created across
multiple namespaces could collide silently from menu launches. CLI
launches via `tools-pack linux start` were unaffected because they
pass the namespace through createSidecarLaunchEnv which targets the
correct env var.
Switch the template to OD_PACKAGED_NAMESPACE. Update the existing
renderDesktopTemplate test fixture/expectation, and add a regression
test that asserts the Exec= line uses OD_PACKAGED_NAMESPACE and never
the wrong OD_NAMESPACE name.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
* fix(tools-pack): gate linux uninstall + cleanup on stop status
uninstallPackedLinuxApp called stopPackedLinuxApp first, then deleted
the AppImage / .desktop entry / icon unconditionally. cleanupPackedLinux
Namespace did the same with the output and runtime namespace roots.
Both ignored stop.status -- so when stop returned "partial" (some
processes survived SIGTERM->SIGKILL) or "unmanaged" (the running PID
failed marker validation), uninstall would yank the install files out
from under a still-running packaged app, breaking handles to the
mounted/extracted AppImage contents and leaving an orphan with stale
SQLite WAL files / log handles / IPC sockets.
Extract a small `isSafeToRemoveInstallFiles(stop)` helper that returns
true only for "stopped" or "not-running". Both uninstall and cleanup
short-circuit when it returns false:
- uninstall reports "skipped-process-running" for each removal slot
and "skipped" for the post-install hooks. Existing "ok" / "already-
removed" / "ok"|"missing"|"failed" paths are unchanged.
- cleanup leaves both removed* booleans false and adds a new
`skipped: boolean` field set to true. Old consumers that only read
the booleans see the same "nothing was removed" signal they would
have seen for an already-clean namespace; new consumers can
distinguish "nothing to remove" from "refused to remove."
LinuxUninstallResult.removed.{appImage,desktop,icon} now also accepts
"skipped-process-running"; LinuxUninstallResult.postUninstall.* now
also accepts "skipped". LinuxCleanupResult gains the `skipped` field.
Workspace typecheck clean -- the only consumer is the CLI's printJson,
which doesn't constrain the wire shape.
Resolves a P1 review finding from mrcfps/Looper on PR #369.
The verify job ran `pnpm typecheck` (root script) which executes
`pnpm -r run typecheck` *before* the daemon build. The e2e workspace's
typecheck imports types from `apps/daemon/dist/*.js`, so on a fresh
clone (every CI run) it fails with TS2307 cannot-find-module.
Drive the order explicitly inside the verify job:
1. install deps
2. build daemon (produces dist/*.js + .d.ts)
3. workspace typecheck
4. check:residual-js
5. workspace tests
This keeps the root `typecheck` script untouched (which other dev /
contributor workflows may depend on) — the workflow simply imposes the
correct order itself. The atomic publish job already prevented orphan
tags/releases when the first dispatch failed at typecheck.
Co-authored-by: Elian <elian@EliandeMacBook-Pro.local>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Refactor project name from "Open Claude Design" to "Open Design"
- Updated project name in package.json, package-lock.json, and README files.
- Changed CLI commands and references from "ocd" to "od".
- Adjusted file structure references in documentation and code to reflect new naming conventions.
- Enhanced .gitignore to include new runtime data files.
- Updated metadata in LICENSE file to match new project name.
* chore: update next-env.d.ts route types path
Made-with: Cursor
* docs(readme): refresh stats, agents, skills and add metrics workflow
Make all three READMEs (en / zh-CN / ko) tell the truth about what the
project actually ships, and add lightweight community signals at the top
and bottom.
- Hero block: live for-the-badge GitHub stats (stars, forks, issues,
PRs, contributors, commit activity, last commit) sit directly under
the banner, with the smaller flat-square project-meta row (License,
Agents, Design systems, Skills, Quickstart) below them and the
language switcher below that.
- Counts updated to reality: 31 skills (was 19), 72 design systems
(was 71), 10 coding-agent CLIs + OpenAI-compatible BYOK (was 7).
- "At a glance", architecture, and prompt-stack tables updated to
cover /api/templates, /api/import/claude-design, /api/proxy/stream,
/api/artifacts/lint, sidecar IPC, and per-namespace runtime data.
- New "Beyond chat — what else ships" section covering Claude Design
ZIP import, BYOK proxy with SSRF block, saved templates, tab
persistence, artifact lint, sidecar protocol + headless desktop, and
Windows-friendly spawning.
- Skills tables rebuilt by mode (prototype, deck) and scenario; the
"template" mode claim is removed.
- Supported coding agents table expanded to all 10 CLIs (Claude Code,
Codex, Gemini, OpenCode, Cursor Agent, Qwen, Copilot, Hermes, Kimi,
Pi) plus a BYOK row, with accurate stream formats and argv shapes.
- Roadmap re-flowed to mark shipped vs pending items.
- Contributors wall (contrib.rocks), Repository activity (lowlighter
metrics SVG), and Star History added to all three READMEs, with
cache_bust=2026-04-30 on the contrib.rocks and star-history image
URLs to bypass GitHub camo caching.
- Korean README harmonised end-to-end with the English/Chinese ones.
- New .github/workflows/metrics.yml regenerates
docs/assets/github-metrics.svg daily; ship a placeholder SVG so the
image works before the first scheduled run.
Made-with: Cursor
* docs(readme): address PR #173 review feedback
- Replace invalid 0x14 control character in github-metrics.svg with an
em-dash so the placeholder is well-formed XML and renders as an
image (P1: was breaking SVG parse before the first metrics run).
- Clarify the placeholder SVG subtitle to spell out the token model:
GITHUB_TOKEN gives core stats; METRICS_TOKEN unlocks richer plugins
(traffic, follow-up). Reduces "do I need a secret?" confusion.
- Rewrite the metrics.yml inline auth comment to match: METRICS_TOKEN
is optional and only enables richer plugins; GITHUB_TOKEN is enough
for core metrics. Previous comment read as if METRICS_TOKEN was
mandatory.
- Soften the BYOK fallback row in all three READMEs (EN / zh-CN / ko)
with a catch-all phrase ("or any other OpenAI-compatible provider")
so the listed vendors don't read as exhaustive.
* Allow Claude Code to read skill seeds and design-system specs (#6)
The skill body's preamble points the agent at absolute paths like
`<repo>/skills/guizang-ppt/assets/template.html`, but the agent's cwd
is `.od/projects/<id>/`. Without an explicit allowlist Claude Code
blocks Read on those paths and the user sees a permission error
mid-conversation.
Pass `SKILLS_DIR` and `DESIGN_SYSTEMS_DIR` through `buildArgs` and emit
them as `--add-dir` for Claude so the seed template, references, and
design-system DESIGN.md are all readable. Other agents ignore the
extra dirs (no equivalent flag).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs: add verification screenshot for issue #6 fix
Captures the agent successfully Read-ing skills/guizang-ppt/ side files
through the new --add-dir allowlist, confirming the permission error
from issue #6 is gone.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
