The earlier shape installed instance-level Object.defineProperty mocks
on the *remounted* chat-log only after `await switchTab('Chat')`. Inside
that act() the component schedules a rAF that writes scrollTop on the
new element; depending on whether jsdom's rAF polyfill flushed before
the await resolved, the write either landed on the still-default
prototype setter (lost) or the not-yet-installed instance setter (also
lost). The instance mock's closure-captured remountedTop then served
its initial 0 forever and the assertion failed nondeterministically
across CI runs without any product-code change.
Patch the geometry at HTMLElement.prototype level so any chat-log
React mounts later automatically reads/writes through a
test-controlled `geom` object. The component's restore rAF can fire
at any point and still write to the same place the assertion reads
from. Verified 8/8 clean local runs.
* feat: add Urdu Modern design system
* fix: address review comments (font mismatch, contrast, and i18n fallback)
* fix: address all review comments for Urdu design system
* fix: resolve i18n crash, font URL mismatch, and markdown syntax error
* fix: remove font URL space and update Quick Start font token
* docs: fix quick start link syntax and icon source order
* fix(i18n): cover urdu design system in de/ru/fr locale dictionaries
The localized-content coverage test scans design-systems/*/DESIGN.md and
asserts every id appears in each locale's designSystems list, and every
`> Category:` value is a key in designSystemCategories. Adding the new
`urdu` design system without these entries breaks de/ru/fr CI.
Add urdu to the EN-fallback id list and translate the new
'Editorial / Personal / Publication' category for all three locales.
* fix(i18n): cover mission-control design system in de/ru/fr fallback lists
Mission Control was added in #858 but its design-system id was never
added to the locale fallback arrays, so the localized-content coverage
test breaks once main and any open PR share the same merge ref.
---------
Co-authored-by: unknown <muhammadanas0261@gmail.com>
Co-authored-by: lefarcen <935902669@qq.com>
The Clear button on Settings → Connectors removed the daemon-stored
Composio key in a single click with no recovery — a stray click
wiped a credential the user had to fetch back from app.composio.dev.
Wrap the existing onClick in window.confirm() matching the same
pattern the codebase already uses for destructive actions
(conversation delete, design delete, FileWorkspace file delete,
and the Media providers Clear button shipped alongside this in
issue #737). The prompt copy stays in English to match the rest
of the Composio section, which is hardcoded English today.
Updated the existing 'clears a saved Composio key' test to
auto-accept the prompt, plus added a sibling test asserting that
dismissing the prompt leaves the daemon-stored key intact in the
saved payload.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* add trading analysis dashboard template skill for live artifacts
Package the Wall-Street-style dashboard as a template-mode skill with a default example, checklist, and seed template, and register i18n fallback coverage for the new skill id.
* fix(skill): address P1 chart axis labels, units, and legends
lefarcen review:
- checklist required >=3 charts with axis labels, units, and legends, but
template ships with 2 charts and neither had labels/units/legends.
- Adjusted checklist P0 to require >=2 charts (matches actual template) and
kept the axis-label / unit / legend sub-gates.
- Annotated both Option Greeks and Cumulative PnL charts with x-axis tick
labels, y-axis tick labels, axis titles with explicit units (Strike $,
Sensitivity Δ/Γ, Session Time ET, Equity $ USD), and a legend row naming
each plotted series. Charts now satisfy the P0 gate.
* fix(skill): make localStorage access safe inside sandboxed preview iframes
mrcfps Looper review:
Open Design renders HTML artifacts in sandboxed iframes that allow scripts
but not same-origin access. The template's top-level localStorage.getItem /
setItem calls could throw SecurityError before demo, theme, palette, and
chart handlers were registered, leaving the artifact static in the primary
preview path.
Wrap reads/writes in safeGetTheme / safeSetTheme helpers that swallow
SecurityError so the document can still apply the active theme on
documentElement and continue initializing interactive handlers when storage
is unavailable. Persistence becomes best-effort, interactivity becomes
guaranteed.
* fix(skill): align Option Greeks x-axis tick labels with strike circles
lefarcen review (a346e80 regression):
The axis ticks added in a346e80 placed 145/150/155/160/165 at x=40/120/200/300/380,
but the linked .strike-150/-155/-160 circles already sit at cx=200/300/380. With
the previous labels, hovering Option Chain row data-strike=150 would highlight
the chart point at x=200, where the axis read 155. The label-versus-data hover
link was visually inconsistent.
Shift the axis tick labels to 140/145/150/155/160 at x=40/120/200/300/380 so
strike 150/155/160 labels sit directly under their circles, restoring the
table↔chart hover-link semantics.
---------
Co-authored-by: tuolaji <tuola@tuolajideMacBook-Air.local>
Co-authored-by: Tuola Ge <gexingli@refly.ai>
* feat(skills): add 32 zhangzara HTML deck templates
Vendored from upstream MIT-licensed
zarazhangrui/beautiful-html-templates — one Open Design skill per template
(name prefix `html-ppt-zhangzara-`) so each template surfaces as its own
entry in the Examples panel and renders its own preview.
Each skill ships:
- SKILL.md (frontmatter + workflow), description, triggers, and
od.upstream pointing at the source folder
- example.html (the self-contained deck; daemon's preview route looks
for <skillDir>/example.html)
- template.json (upstream metadata snapshot, with `slug` re-prefixed to
`zhangzara-<base>` and a `source` URL)
- assets/deck-stage.js / assets/styles.css for the 8 templates that
ship a runtime; HTML refs rewritten so the daemon's iframe URL
rewriter resolves them through /api/skills/<id>/assets/
scripts/guard.ts allowlist updated with the `html-ppt-zhangzara-` prefix
so the vendored upstream JS runtimes pass the residual-JS check.
* fix(skills, i18n): address PR #704 review feedback
- Add the 32 new html-ppt-zhangzara-* skill ids to the de/ru/fr
SKILL_IDS_WITH_EN_FALLBACK arrays so the localized-content
coverage e2e test passes. The vendored upstream templates are
English-only; falling back to the upstream English description
is the right semantic for this batch.
- Also add the pre-existing social-media-dashboard skill and
totality-festival design system to the same fallback arrays
(introduced in #678 without i18n coverage). Tagged with TODOs
so localized copy can land in a follow-up.
- Ship the upstream MIT LICENSE file in each
skills/html-ppt-zhangzara-*/ folder so the copyright/permission
notice travels with the vendored copy, as MIT requires for
redistributing substantial portions. Update each SKILL.md's
Source section to reference the bundled LICENSE.
- For the 8 runtime-backed templates (creative-mode,
editorial-tri-tone, neo-grid-bold, peoples-platform,
pin-and-paper, pink-script, soft-editorial, stencil-tablet),
expand the workflow's clone step to instruct the agent to copy
the assets/ folder alongside example.html — the skill HTML
references assets/deck-stage.js (and assets/styles.css for
pin-and-paper) as project-local paths, so cloning the HTML
alone produces an artifact whose runtime 404s.
Verified locally:
- pnpm guard passes.
- pnpm --filter @open-design/web typecheck passes.
- pnpm --filter @open-design/web test passes (309/309).
- pnpm --filter @open-design/e2e test passes (6/6 active,
including localized-content coverage for de/ru/fr).
* fix(i18n): drop duplicate totality-festival fallback after merge with main
Main already added 'totality-festival' to the design-system EN-fallback
lists; the TODO entry from this branch became a duplicate after merge.
* fix(skills, guard): address PR #704 follow-up review
- Pin Chart.js CDN to 4.4.7 in coral and cartesian example.html so
vendored decks no longer track the latest jsDelivr major.
- Narrow scripts/guard.ts zhangzara allowlist to a regex that only
permits skills/html-ppt-zhangzara-*/assets/deck-stage.js, restoring
the TypeScript-first guard for any other JS under those skill dirs.
- Reconcile slide_count and 'Slides in demo' with actual <section
class="slide"> counts: broadside 20 -> 16, monochrome 18 -> 16,
neo-grid-bold 13 -> 12.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(daemon): keep resolveDataDir return path stable, canonicalize at compare site
The realpathSync wrapper inside resolveDataDir was rewriting every
/var/... result to /private/var/... on macOS, which broke 11 hermetic
assertions in tests/resolve-data-dir.test.ts (absolute paths, relative
paths, and \$HOME / \${HOME} / ~ expansions whose mkdtempSync roots live
under /var/folders/...). It also changed the public OD_DATA_DIR
resolution contract for any downstream caller that compared against the
expanded user-supplied path.
Restore resolveDataDir to return the expanded resolved path unchanged,
and introduce RUNTIME_DATA_DIR_CANONICAL — a one-shot realpath of
RUNTIME_DATA_DIR — used only at the narrow folder-import comparison
site that needs to match against a user-supplied realpath() result. The
import-path symlink protection from #624 still works (a /var-rooted
data dir now compares against its /private/var canonical form), while
resolveDataDir keeps its stable, user-shaped contract.
Verified locally: pnpm --filter @open-design/daemon test (1083/1083),
including all 12 resolve-data-dir.test.ts cases.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(web): differentiate recent and your designs sorting
* fix(web): remove the immediate return statement from sorting logic
* fix(web): add sorting your design tab by creation time
* fix(web): update card timestamps
* fix(web): align sort keys and timestamps across designs tab views
* fix(web): show explicit error/retry state when example preview HTML fails to load
Reporter (#860) saw the example preview modal stuck with the toolbar
buttons greyed out and only restarting the app got back to a usable
state. Lefarcen confirmed the diagnosis: when /api/skills/:id/example
fails, fetchSkillExample returns null, the modal stays at preview.loading
forever, and the share menu's disabled={!activeHtml} guard sits in the
disabled position with no recovery path.
Three changes:
1. fetchSkillExample now returns a discriminated { html } | { error }
instead of collapsing every failure into null, so callers can tell a
real fetch failure from a normal load.
2. PreviewView gains an optional error field. When set, PreviewModal
renders a stacked title/body/Retry affordance instead of the
indefinite "Loading…" placeholder. Retry re-fires onView so the
parent can re-run its fetch.
3. ExamplesTab tracks per-skill errors alongside per-skill html, clears
the in-flight value before each fetch, and wires onView from the
modal into loadPreview so the Retry button actually retries.
i18n: three new keys (preview.errorTitle, preview.errorBody,
preview.retry), translated across all 17 locales. The locales-aligned
test stays green.
CSS: .ds-modal-error stacks the new content vertically inside the
existing .ds-modal-empty positioning, no other modals affected.
* fix(web): stabilize preview onView and guard parallel preview fetches
Codex caught a real bug in the round-1 fix: the inline
onView={() => loadPreview(...)} prop was recreated on every parent
render, and PreviewModal's mount effect re-fires onView whenever its
identity changes. A persistent fetch failure would update state,
recreate the prop, re-fire the effect, re-run loadPreview, and burn
through the error UI in a flash instead of waiting for a Retry click.
Pin a stable onPreviewView via a useRef-backed callback so the modal
sees a single identity for the lifetime of the panel; loadPreview is
reached through the ref, so its closure refresh on state updates no
longer leaks into the modal's effect dependencies.
While in this surface, also add lefarcen's race guard: a synchronous
inFlightRef Set so two parallel loadPreview calls (e.g. card hover
firing while the modal opens) cannot both pass the cache check before
either setState lands. The first caller adds the id pre-await; the
second sees it and exits early. try/finally clears the entry on both
success and failure paths.
Adds tests/components/preview-modal-error-state.test.tsx covering:
- error UI renders when view.error is set,
- Retry click calls onView with the active view id,
- re-rendering with the same onView identity does not re-fire the
modal's mount effect (pins the no-auto-retry contract).
* fix(web): close Retry over the active skill id, not the modal-internal view id
mrcfps caught a real regression in round 2: PreviewModal calls
onView(activeId) where activeId is the modal-local view id ('preview'
in this component). The previous round forwarded that argument
straight into loadPreview, so the mount effect and Retry button hit
/api/skills/preview/example instead of /api/skills/{skill-id}/example.
The new error state could not actually recover.
Mirror the active skill id into a ref alongside loadPreviewRef and
have onPreviewView ignore the modal-forwarded argument, fetching the
selected skill via the ref instead. The callback identity stays
stable, so the no-auto-retry contract from round 2 still holds.
Adds tests/components/examples-tab-retry.test.tsx that mounts the
real ExamplesTab, mocks fetchSkillExample to reject, opens the
preview, clicks Retry, and asserts the second call hits the same
skill id (and explicitly never gets called with 'preview').
---------
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* Support Cloudflare Pages custom domains without hiding pages.dev fallback
Keep the default Pages preview as the first public link while optional owned-zone binding provisions DNS and Pages custom-domain state in parallel.
Constraint: Cloudflare deploys must use the existing direct-upload API path with no Wrangler dependency.
Constraint: pages.dev must stay visible even while custom-domain verification is pending.
Rejected: Vercel custom-domain support | outside requested Cloudflare-only scope.
Rejected: overwriting arbitrary CNAME records | risks taking over user-managed DNS.
Confidence: high
Scope-risk: moderate
Directive: Do not expose providerMetadata through public deploy contracts; keep custom-domain DNS ownership checks conservative.
Tested: pnpm --dir apps/daemon exec vitest run -c vitest.config.ts tests/deploy.test.ts tests/deploy-routes.test.ts
Tested: pnpm --filter @open-design/contracts build && pnpm --filter @open-design/contracts typecheck && pnpm --filter @open-design/contracts test
Tested: pnpm --filter @open-design/web typecheck && pnpm --filter @open-design/web test -- providers/registry.test.ts components/FileViewer.test.tsx i18n/locales.test.ts
Tested: pnpm i18n:check && pnpm guard && pnpm typecheck
Tested: pnpm --filter @open-design/daemon build && pnpm --filter @open-design/web build && git diff --check
Not-tested: real Cloudflare account/token/domain smoke test
* Preserve Cloudflare fallback correctness under large accounts and races
Constraint: Cloudflare Pages keeps pages.dev as the primary usable fallback while custom domains remain optional typed metadata.
Rejected: Treating custom-domain DNS or binding failure as a top-level deployment failure | pages.dev can still be ready and usable.
Confidence: high
Scope-risk: moderate
Directive: Keep custom-domain finality tied to Cloudflare Pages API active status plus URL reachability; do not expose providerMetadata.
Tested: pnpm --dir apps/daemon exec vitest run -c vitest.config.ts tests/deploy.test.ts tests/deploy-routes.test.ts; pnpm --filter @open-design/web test -- components/FileViewer.test.tsx i18n/locales.test.ts providers/registry.test.ts; pnpm --filter @open-design/daemon typecheck; pnpm --filter @open-design/web typecheck; pnpm i18n:check; git diff --check; pnpm guard; pnpm typecheck; pnpm --filter @open-design/daemon build; pnpm --filter @open-design/web build
Not-tested: Real Cloudflare token/account/zone smoke test.
* Keep impeccable design notes local
Constraint: .impeccable.md is local assistant/design context and should not be part of the PR diff.
Rejected: Keeping the file tracked while adding it to .gitignore | tracked files are not ignored by Git.
Confidence: high
Scope-risk: narrow
Directive: Keep .impeccable.md untracked and ignored; do not rely on it for required project documentation.
Tested: git check-ignore -v .impeccable.md; git diff --check
Not-tested: Full workspace tests not rerun for ignore-only metadata change.
* fix(web): preserve Chat scroll position across Chat/Comments tab switches (#790)
The chat-log <div> in ChatPane is conditionally rendered (the inner
`{tab === 'chat' ? <>...</> : null}` branch). When the user switches
to Comments and back, the chat-log is unmounted and remounted; the
remounted element starts at scrollTop=0, and the initial-bottom-scroll
effect skips because didInitialScrollRef.current is already true from
the original mount. Result: the conversation view jumps to the top
instead of preserving the user's reading position.
Replaced the empty-deps scroll listener with a tab-keyed effect that:
1. Captures scrollTop in the existing onScroll handler so the saved
position is always current.
2. On every mount of the chat-log (when tab becomes 'chat'), restores
the saved scrollTop on the next animation frame so layout finishes
before the scroll write lands.
The existing scrolledFromBottom signal that drives the jump-to-bottom
button is folded into the same handler and now correctly re-attaches
on every chat-log remount, fixing a secondary issue where that listener
would silently stop firing after a tab toggle.
* fix(web): preserve bottom-pinned chat across off-tab streaming and snapshot on unmount
Round 1 saved an absolute scrollTop, so a user who left Chat while
pinned to the bottom came back above any new messages that streamed
in while Comments was open. Save a discriminated state instead:
{ pinnedToBottom: true } when the user was within 50px of the bottom,
otherwise { scrollTop }. On remount, pinned state snaps to the new
scrollHeight so bottom-followers stay pinned; non-pinned state
restores the absolute offset.
Also snapshot the final scroll state in the effect cleanup before
removing the listener, so programmatic scrolls or layout shifts
right before unmount don't leave the ref stale.
Adds tests/components/chat-scroll-preservation.test.tsx covering
both branches.
* fix(web): clear saved chat scroll state on conversation switch
The savedChatScrollRef persisted across conversation changes, so
switching to Comments while on conversation A and then switching
to conversation B would, on returning to Chat, restore A's
scrollTop instead of starting fresh at the bottom.
Reset the ref alongside didInitialScrollRef when activeConversationId
changes. Added a third test covering the cross-conversation case.
* fix(web): scroll new conversation to its bottom when conv switch happened off-tab
When activeConversationId changed while the user was on the Comments
tab, the conversation-reset effect cleared didInitialScrollRef and
the saved scroll ref, but the initial-bottom-scroll effect couldn't
do anything because logRef.current was null. Returning to Chat then
left the new conversation at scrollTop: 0 instead of its initial
bottom.
Add `tab` to the initial-scroll deps so the effect re-runs when the
chat-log remounts, picks up the cleared didInitialScrollRef state,
and scrolls the fresh conversation to its scrollHeight.
Updated the cross-conversation test to assert the new conversation
lands at its bottom (1000), not at scrollTop: 0.
* fix(web): resync jump-to-latest button when restoring saved chat scroll position
The rAF restore branch wrote scrollTop but never refreshed
scrolledFromBottom, so a user who left Chat ~60px from the bottom
and returned to find new messages stacked underneath would land
hundreds of pixels above the latest turn while the jump-to-latest
button stayed hidden until they manually scrolled.
Recompute the distance and update scrolledFromBottom inside the
restore rAF, mirroring what onScroll already does. Adds a test that
asserts the jump-to-latest button is visible immediately after a
non-pinned restore over a grown scrollHeight.
---------
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* fix(web): reserve clearance for the MCP Copy button so it stops overlapping the snippet
The Copy button is absolutely positioned at top: 8 right: 8 over the
snippet <pre>, but the <pre> only had padding: 12px 14px so the first
line of the command sat directly under the button. Wrapped bash one-
liners also reached the right edge and continued behind it.
Reserve the clearance in the <pre>'s own padding instead of moving
the button: padding: '40px 80px 12px 14px' keeps the button anchored
where it is, lets the first line render below it, and stops a wrapped
one-liner short of the button column.
Closes#632
* fix(web): bump MCP snippet right padding to clear the wider Copied state
Reviewer pointed out 80px right clearance can be tight at elevated
font sizes / zoom: the post-click Copied state (icon + text + button
padding + 8px right offset) reaches close to that limit. Bump to
104px so there's a comfortable buffer in either button state.
---------
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* fix(web): give MCP server Copy button a solid surface so it reads against the code block (#742)
The Copy button in the MCP server section is positioned absolute over a
syntax-highlighted <pre> code block. button.ghost's default
background: transparent let the dark code surface bleed through, so on
some themes the button rendered nearly invisible against the snippet
backdrop. Users could miss the primary copy affordance entirely.
Pinned background: var(--bg-panel), an explicit border, and a small
shadow to the inline style so the button floats as a visible chip
above the code block in both light and dark themes. Hover/disabled
behavior remains delegated to the existing .ghost class rules so the
visual contract elsewhere in the app stays unchanged.
* fix(web): move MCP Copy button surface to a CSS class so hover still works
Previous round set background and border inline on the button, which
overrode button.ghost:hover:not(:disabled) from index.css and silently
killed the hover state change. Move the solid panel background, border,
and shadow into a scoped .mcp-copy-btn class with its own
:hover:not(:disabled) rule, and keep only positioning inline.
---------
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* fix(web): truncate long inspect-panel labels so they cannot spill past the panel edge (#780)
The picker's inspect panel renders the selected component's label as a
<strong> inside .inspect-panel-title. The grid container had min-width: 0
so it could shrink, but the inner <strong> rule only set font-size with
no overflow constraints. A deeply-nested component with a long generated
selector path produced a label longer than the 296px panel width, and
the text spilled out past the panel's right edge instead of clipping
inside the title's background frame.
Added white-space: nowrap + overflow: hidden + text-overflow: ellipsis
on .inspect-panel-title strong so the label truncates within the panel
boundary. The full string remains accessible to users via the title
attribute already present on the sibling <code> element that renders
the same selector context.
* fix(web): expose full inspect-panel label via title attribute on truncated <strong>
Reviewer flagged the comment claiming the full label was accessible
via the sibling <code>'s title — but that <code> carries
target.selector, not target.label. Add title={target.label || target.elementId}
to the <strong> itself so the truncated label is recoverable on hover,
and align the CSS comment.
---------
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
When many tabs open, the tab strip scrolls horizontally and the
Design Files entry slides off the left edge, leaving no obvious
way back to it.
Pin the Design Files button with position: sticky and a small
shadow so it stays anchored at the left while the rest of the
strip scrolls behind it.
Closes#775
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
The .inspect-panel-head row laid out a flexible title block next to the
Close button with display: flex and gap: 10px, but no shrink ceiling on
the button. When the selected component had a long generated selector,
the title block consumed almost all available width and the button
shrank below its natural glyph width. On some font/zoom combinations the
single-character label rendered stacked vertically rather than as a
normal horizontal control.
Pinned flex-shrink: 0 on .inspect-panel-head > button so the close
control reserves its natural size regardless of how much the title
expands. The button stays on a single horizontal line for any selector
length the panel can render.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
The footer Save button's enabled state was computed purely from execution-mode
completeness (BYOK requires apiKey + model + valid baseUrl; Local CLI requires
a selected available agent). That check ran regardless of which sidebar section
the user was on, so a draft mode toggle on the execution section that left
required fields empty would lock the Save button across every other section.
After clicking BYOK without filling fields and navigating to Language or
Appearance, the user could not save unrelated changes in those sections even
though they had nothing to do with execution mode.
Two paired helpers in apps/web/src/components/SettingsDialog.tsx address this:
shouldEnableSettingsSave(cfg, activeSection, agents, isBaseUrlValid) returns
true on any section other than 'execution' so unrelated sections do not get
blocked by an incomplete execution draft. On 'execution' it keeps the
original mode-completeness check unchanged (within-section invariant).
sanitizeSettingsSavePayload(cfg, initial, activeSection, agents,
isBaseUrlValid) is the counterpart used at the onSave call site. When Save
is enabled on a non-execution section but the user's draft execution config
is incomplete, it reverts the execution-mode fields (mode, apiKey,
apiProtocol, apiVersion, apiProtocolConfigs, apiProviderBaseUrl, baseUrl,
model, agentId, agentCliEnv, maxTokens) to their `initial` values so the
unrelated section change is committed without leaving the app in a broken
execution state. Within the execution section, or when execution is already
valid, the cfg passes through unchanged.
Both lefarcen and chatgpt-codex flagged this persistence gap on the first
revision of this PR; mrcfps marked it blocking. The sanitize helper is the
fix lefarcen suggested (revert-to-initial when the active section is not
execution and the execution draft is incomplete).
Tests in apps/web/tests/components/SettingsDialog.test.ts:
- shouldEnableSettingsSave: 4 cases (the cross-section fix, daemon mode
validity, api mode validity, regression guard for within-execution).
- sanitizeSettingsSavePayload: 5 cases (revert path, no-op when execution
is valid, no-op on the execution section itself, every non-execution
section covered, edge case where the agent registry says unavailable but
initial cfg was already valid daemon).
Local: web tests 33/33, web typecheck and pnpm guard all clean.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* fix(web): increase project meta line-height to prevent descender clipping
The project type label (e.g. 'blog-post · Neutral Modern') had its
descender characters (g, p, y) clipped by the header bottom border.
Increasing line-height from 12px to 15px gives 11.5px font enough
vertical space for lowercase descenders to render without being cut off.
* fix web: bump project meta line-height and parent max-height to fit descenders
.app-project-title .meta had line-height: 12px on font-size: 11.5px,
leaving only 0.5px of vertical breathing room. Descender glyphs (g, p,
q, y, j) extend below the baseline and were clipped by overflow: hidden.
Bump .meta line-height from 12px to 15px and .app-project-title
max-height from 31px to 32px so the full 16px + 1px gap + 15px = 32px
budget fits without clipping.
Refs: https://github.com/nexu-io/open-design/pull/834
* feat: pre-generation research (Tavily) for grounded generation
Adds an optional pre-generation research step so the agent can produce
slides / prototypes / decks grounded in real sources instead of guessing.
User flow:
1. Settings -> Tavily Search -> paste API key (or set TAVILY_API_KEY).
2. Click the new Research button in the chat composer.
3. On send, the daemon runs a Tavily search, prepends the findings
as a <research_context> block ahead of the system prompt, and
spawns the agent. Research progress shows up as status pills in
the chat stream; the agent cites sources inline as [1]/[2]/...
Phase 1 surface:
- Single provider (Tavily), single depth ('shallow'), no LLM
synthesis pass (Tavily's `answer` is the summary).
- Composer toggle only; no popover / depth picker yet.
- Reuses the existing `status` SSE agent payload + StatusPill UI
so no new event variants or renderer code are needed.
Layers touched:
- contracts: ResearchOptions / Source / Findings DTOs;
ChatRequest.research; export from index.
- daemon: apps/daemon/src/research/{index,tavily}.ts orchestrator
+ provider; tavily added to MEDIA_PROVIDERS and ENV_KEYS; hook
in startChatRun before prompt assembly.
- web: ChatComposer toggle + ChatSendMeta; threaded through
ChatPane / ProjectView / streamViaDaemon into ChatRequest.
Side fix (required to land the feature, but useful on its own):
contracts internal relative imports lacked the `.js` suffix that
NodeNext module resolution requires. This was already breaking
`pnpm --filter @open-design/daemon typecheck` on main; without the
fix, none of the new research types were visible to the daemon.
All internal contracts imports now carry `.js`.
Spec: specs/current/research-feature.md (phases 2-4 outlined for
follow-up: composer popover, multi-provider, deep recursion, example
skills with research_recommends).
Verified:
- pnpm --filter @open-design/contracts typecheck/test
- pnpm --filter @open-design/daemon typecheck (the chokidar
project-watchers test is a pre-existing flake, unrelated)
- pnpm --filter @open-design/web typecheck
- node scripts/verify-media-models.mjs
* fix(daemon): clamp Tavily max_results to 20
Tavily's /search endpoint requires `max_results` in [0, 20]; sending a
larger value (e.g. when `research.depth: "deep"` resolves to 30) returns
400 and `runResearch` silently falls back to no-research. Clamp at the
provider boundary so Phase 2 depth tiers above 20 still produce results
instead of failing the request.
Generated-By: looper 0.6.1 (runner=fixer, agent=claude-code)
* Remove stale research merge leftovers
* Add agent-callable research search
* Fix Indonesian locale typecheck
* Fix research command invocation edge cases
* Harden slash search prompt expansion
* Honor research source caps in command contract
* Require search reports in design files
* Add research data provider settings
* Wire web research provider fallback order
* Update research provider fallback wording
* Revert "Update research provider fallback wording"
This reverts commit 86fb6001e3.
* Revert "Wire web research provider fallback order"
This reverts commit 4c9e16036b.
* Revert "Add research data provider settings"
This reverts commit 23630d1746.
* Add Dexter and Last30Days research skills
* Add DCF and Last30Days OD skills
* Add Last30Days and Dexter skills
* Resolve research review threads
---------
Co-authored-by: a1chzt <chizblank@gmail.com>
- Add min-width: 0 and overflow: hidden to comment-popover-head div
- Add text-overflow: ellipsis and white-space: nowrap to strong and span
- Add flex: 0 0 auto to close button to keep it fixed width
- Add title attribute to header div and close button for hover tooltip
The .board-note-item flex container holds a span (note text) and a
Remove button. The span had no width hints, so an unbroken long string
(URL, hash, base64, etc.) tried to fit on one line and pushed the row
wider than the 320px popover, distorting the overlay's right edge and
the surrounding picker UI.
Added flex: 1 + min-width: 0 + overflow-wrap: anywhere to the note
span. flex: 1 lets the span take remaining width next to the Remove
button; min-width: 0 lifts the default flex-item min-content floor so
shrinking actually works; overflow-wrap: anywhere allows the long
string to break at any character when natural word boundaries aren't
enough. No layout change for normal-length notes.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
The .comment-popover-actions row laid out four buttons (Remove, Add note,
Save comment, Send to chat / Sending...) with display: flex,
justify-content: space-between, no flex-wrap, and no per-child shrink
ceiling. The popover itself is width: min(320px, calc(100% - 28px)) with
10px padding, leaving roughly 300px of inner room. Real button labels
(especially 'Save comment' + 'Send to chat' + 'Add note' together) exceed
that, so the rightmost button visibly spilled past the popover's right
edge. The 'Sending...' state in the screenshot is just where the user
happened to notice it; the underlying overflow is independent of the
button text.
Added flex-wrap: wrap so the row breaks onto a second line when the
labels do not fit, and a max-width: 100% on direct children so a single
oversized button collapses to the row width instead of pushing the row
out. No layout change at widths where the buttons already fit.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
* add social-media-matrix-tracker template skill
Package a new template-mode live-artifacts skill for a cinematic social media matrix dashboard, including a default example and reusable template seed.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(skill): unblock CI for social-media-matrix-tracker-template
- Add skill id to DE/FR/RU EN-fallback skill lists in content.{ts,fr.ts,ru.ts}
to satisfy localized-content.test.ts coverage assertion (Validate workspace CI).
- Expand SKILL.md triggers with social analytics / content performance / TikTok /
Instagram / YouTube + 中文 关键词 (新媒体 / 数据看板 / 抖音 / 小红书) per
reviewer feedback (lefarcen P2#7).
Addresses merge-blocking CI failure flagged by @mrcfps and the discoverability
gap flagged by @lefarcen. Other code-level findings (chart precision, drag
overlay, tooltip clipping, touch input) will be addressed in follow-up commits.
* fix(i18n): add Indonesian translations for Cloudflare Pages deploy keys
Adds 18 fileViewer.* keys for Cloudflare Pages deploy support that were
introduced on main but never localized to id.ts, blocking typecheck for
any branch synced with main.
Translations cover: deploy provider selection (Vercel/Cloudflare Pages),
Cloudflare API token + Account ID inputs, generic provider deploy/error
messaging.
* fix(skill): address all P2 reviewer findings on social-media-matrix-tracker-template
Code fixes (template.html):
- ROI chart redraw now respects per-chart decimals from chartState (was hard-coded 0, lost roiChart precision after first interaction)
- Drag overlay state now cleared BEFORE redraw on mouseup, and on mouseleave during drag (was leaving stale overlay until next interaction)
- mixChart hover now updates insights focus panel with stack breakdown (was tooltip-only)
- sentimentChart hover now updates insights focus panel with sentiment label + share (was tooltip-only)
- Tooltip now measures itself + clamps inside viewport with edge-flip (was clipping at right/bottom edges)
- Added touchstart/move/end/cancel handlers + keyboard arrow-key navigation + Escape (was mouse-only, unusable on touch devices and keyboards)
- drawLineChart guards 0/1-element datasets (renders 'No data' or single labelled dot instead of NaN axis labels / Infinity min-max)
Docs (SKILL.md):
- Workflow now explicitly mentions tooltip clamping, panel update on every chart type, and touch/keyboard a11y
- Added 'Adapting the sample data safely' section with array shape, unit, decimals, and KPI lock-step contract
- Output contract now spells out artifact wrapper requirements, identifier convention, no external CDN/fonts, and single-document rule (no parallel index.html)
Addresses lefarcen P2 #1-5, P2 #7-10, and P3 #6.
* fix(skill): mrcfps round-2 review — fix touch dispatch + sync example.html
mrcfps Looper bot 0.6.2 caught two regressions in the round-1 fix push:
1. Touch dispatch threw TypeError: the previous adapter built a real
Event then Object.assign-ed clientX/clientY/target onto it. Event.target
is a read-only getter, so the assignment threw before the synthetic
mousedown ever reached the line chart. Touch support was effectively
broken on real devices.
Replaced with plain pointer objects passed directly into dedicated
handleTouchStart / handleTouchMove / handleTouchEnd handlers (which
reuse nearestByMouse, redraw, updateInsights, etc). No more synthetic
event dispatch, no read-only field assignment.
2. example.html was untouched in round 1, so the showcase that users
open directly still had x+14/y+14 tooltip clipping, no touch support,
no decimals state, no overlay-clearing fix, no insights update on
mix/sentiment hover, no short-series guard — all the things the
reusable template was just fixed for.
example.html is identical to template.html except for the JS block
(verified via diff of body + data calls), so we copy template.html
over example.html so the two stay in lock-step. Future template fixes
should mirror by 'cp assets/template.html example.html' until we
adopt build-time generation.
---------
Co-authored-by: tuolaji <tuola@tuolajideMacBook-Air.local>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Tuola-waj <tuola@nexu.io>
The saved-key badge was wired to `isSavedState = apiKeyConfigured && !hasPendingEdit`,
which made it disappear on the first keystroke as soon as the user
started typing a draft replacement. Users reading the settings panel
saw the saved key indicator vanish before they had clicked Save and
reasonably assumed the stored credential had already been overwritten
or removed. Credential editing is a high-trust workflow; a UI that
fakes a state change before the durable write is the wrong default.
Replaced the boolean derivation with a single helper
`deriveComposioCredentialState` returning one of `empty | pending-new |
saved | saved-pending`. The component now shows the saved-key badge
for both `saved` and `saved-pending`, so the indicator stays anchored
while the user types. The hint text differentiates all four states so
the unsaved-replacement case is still clearly called out.
Helper is exported and unit-tested in
`apps/web/tests/components/SettingsDialog.test.ts` against the
empty, pending-new, saved, and saved-pending states plus the
whitespace-only-draft edge case that should still resolve to
`saved`.
Co-authored-by: Nagendhra <nagendhra405@gmail.com>
The Indonesian locale was added in fcc37c6 (#fcc37c6) right around
the same time the Cloudflare Pages artifact deployment feature
landed (09eb88f). The Cloudflare PR added 18 new keys to `Dict`
and translated them in every existing locale, but `id.ts` was
populated against the previous shape — so once both PRs sat on
main, every workspace `tsc -b --noEmit` failed with:
src/i18n/locales/id.ts(3,14): error TS2740: Type ... is missing
the following properties from type 'Dict':
'fileViewer.deployProviderLabel', 'fileViewer.vercelProvider',
'fileViewer.cloudflarePagesProvider',
'fileViewer.deployToProvider', and 14 more.
That turns CI red on every open PR until someone adds the missing
keys. The same race will happen the next time a feature lands new
strings unless the locale defaults to English fallbacks the way
de / es-ES / fr / hu / ja / ko / pl / tr already do.
Apply the `import { en } from './en'; ...en, ...overrides` pattern
to id.ts. Existing Indonesian translations stay as overrides — no
regression on what the user already sees in Indonesian — and any
new key landed by a future feature inherits an English fallback
automatically. Translators can replace fallbacks one key at a
time without breaking the build in between.
Verified locally:
- web `tsc -b --noEmit` clean (was failing on `id.ts(3,14)`)
- `tsx scripts/i18n-check.ts` passes
* feat(contracts): types for folder-import endpoint
Add ImportFolderRequest, ImportFolderResponse to the public contract
surface. Extend ProjectMetadata with a baseDir field — when set, the
project's files live at this absolute path instead of .od/projects/<id>/.
Stored as the realpath() result so symlinks cannot redirect later writes.
Refs nexu-io/open-design#597
* feat(daemon): support metadata.baseDir for folder-rooted projects
Add resolveProjectDir() and metadata-aware variants of listFiles,
readProjectFile, writeProjectFile, ensureProject so a project's files
can live under metadata.baseDir (the user's chosen folder) instead of
.od/projects/<id>/. metadata.baseDir is opt-in — projects without it
keep the existing .od/projects/<id>/ behavior unchanged.
When listFiles walks a baseDir-rooted project, it skips conventional
build / install dirs (node_modules, .git, dist, build, .next, .nuxt,
.turbo, .cache, .output, out, coverage, __pycache__, .venv, vendor,
target, .od, .tmp) so the file panel stays focused on design content
instead of being dominated by lockfiles and node_modules.
Add detectEntryFile() — best-effort lookup for index.html or any
.html at the folder root, used by the import endpoint to seed the
initial active tab.
Refs nexu-io/open-design#597
* feat(daemon): add POST /api/import/folder endpoint
Creates a project rooted at the submitted local folder. metadata.baseDir
points at that folder and OD reads / writes there directly — no copy,
no shadow tree, mirroring how Cursor / Claude Code / Aider behave. The
user owns the workspace and is responsible for their own version
control.
Safety:
- baseDir is canonicalized via fs.promises.realpath() at import time so
user-controlled symlinks can't redirect later writes. resolveSafe
enforces the bounds check against the literal stored path; without
realpath, a symlink (e.g. ~/sneaky → /etc) would let writeProjectFile
escape the project tree at every later call because the OS follows
the symlink at open() time.
- Post-realpath lstat ensures the canonical target is itself a real
directory (defense-in-depth).
- The data directory (RUNTIME_DATA_DIR) and its descendants are
refused after symlink resolution so a redirect into the daemon's
own state can't masquerade as a project import.
The web client wires this through state/projects.ts → App.tsx,
landing the user on the auto-detected entry file when present.
Refs nexu-io/open-design#597
* feat(desktop): expose native folder picker to renderer
Adds an Electron preload script that exposes window.electronAPI.pickFolder
via contextBridge. Wires dialog.showOpenDialog through ipcMain so the
web UI can open a native folder selector for project import. Browser-only
users fall back to a text input for the absolute path (handled in the
web layer); the picker stays an optional convenience on the desktop
binary.
ipcMain.handle() registers handlers in an internal map that is not
exposed via eventNames(), so the natural-looking guard
if (!ipcMain.eventNames().includes('dialog:pick-folder')) ipcMain.handle(...)
is always true. On a second createDesktopRuntime() call (dev hot-reload,
packaged-vs-electron mode swap) the body re-runs and ipcMain.handle()
throws 'Attempted to register a second handler'. Use removeHandler()
+ handle() unconditionally — removeHandler() is a documented no-op
when nothing is registered, making the pair idempotent.
Includes *.cts in the apps/desktop tsconfig so the preload script is
typechecked.
Refs nexu-io/open-design#597
* feat(web): add 'From existing folder' option to New Project
UI surface for the import flow:
- A new 'Open folder' affordance in NewProjectPanel that uses the
native picker on Electron (window.electronAPI.pickFolder) and falls
back to an absolute-path text input in the browser.
- importFolderProject() in state/projects.ts: typed wrapper around
POST /api/import/folder using @open-design/contracts types.
- App.tsx wires the response: prepend the new project to the list,
navigate to it, and select the auto-detected entry file as the
active tab.
Skill / design-system pickers from the existing prototype tab are
reused — folder import is a project-creation flow, not a separate
project type.
Refs nexu-io/open-design#597
* docs(architecture): document folder-import endpoint
Adds POST /api/import/folder to the daemon API table and a 'Folder
import' section explaining the single-mode design (direct read/write
in metadata.baseDir, mirroring Cursor / Claude Code / Aider), the
realpath() canonicalization, the RUNTIME_DATA_DIR refusal, and the
SKIP_DIRS list applied to listFiles for baseDir-rooted projects.
Refs nexu-io/open-design#597
* test(daemon): unit + integration tests for folder import
Two new files:
apps/daemon/tests/folder-import-projects.test.ts (13 unit tests):
- resolveProjectDir behavior under all metadata combinations,
including the fallback when baseDir is relative and the
isSafeId-bypass when baseDir is set
- detectEntryFile: index.html priority, .html fallback, null when
no html, no descent into subdirs
- listFiles with metadata.baseDir: walk, SKIP_DIRS hides node_modules
/ .git / dist, back-compat for projects without baseDir
apps/daemon/tests/folder-import-route.test.ts (10 integration tests):
- Happy path: baseDir stored in metadata, importedFrom='folder',
conversation created, entry file detected
- Error paths: missing baseDir, empty, relative, non-existent,
pointing at a file
- Security: realpath canonicalization (the symlink test was the one
that surfaced the original /var vs /private/var mismatch in
RUNTIME_DATA_DIR comparison on macOS)
- Security: a symlink that resolves into RUNTIME_DATA_DIR is rejected
after realpath, not before
Refs nexu-io/open-design#597
* fix(daemon): wire baseDir metadata into chat + deploy reads
Two bugs caught in Codex automated review of #624:
1. chat-route was passing the metadata object directly as the listFiles
opts argument: `listFiles(PROJECTS_DIR, projectId, chatMeta)`. The
listFiles contract reads opts.metadata, not opts itself, so this
silently fell back to .od/projects/<id>/ instead of the imported
folder. existingProjectFiles was empty for baseDir-rooted projects.
Wrap as `{ metadata: chatMeta }`.
2. deploy.ts read project files via readProjectFile without the
metadata third argument, so for baseDir-rooted projects the deploy
and preflight endpoints would look in .od/projects/<id>/ and fail
with file-not-found instead of reading the imported folder. Thread
options.metadata through buildDeployFilePlan → readProjectFile and
pass project?.metadata at the two server.ts callsites
(`POST /api/projects/:id/deploy` and the preflight endpoint).
Add a regression test that locks the listFiles contract: passing a
bare metadata object as opts must NOT scan baseDir — it must fall back
to the standard project dir, otherwise callers can leak the wrong
folder by mistake.
Refs nexu-io/open-design#597, #624 (Codex review)
* fix(daemon): ensure correct metadata handling in folder import
Addressed issues with metadata handling in folder import functionality. Updated the listFiles and readProjectFile methods to correctly utilize the metadata.baseDir, ensuring that project files are read from the intended directory. Added regression tests to verify that passing a bare metadata object does not inadvertently scan the baseDir, maintaining the integrity of project file access.
Refs nexu-io/open-design#597
* fix(daemon): security hardening from Codex review of #624
P1 findings from automated review:
1. POST /api/projects + PATCH /api/projects/:id rejected
client-supplied metadata.baseDir. baseDir is privileged: it lets a
project root inside the user's filesystem, and the realpath() +
RUNTIME_DATA_DIR reentry checks live only on /api/import/folder.
Allowing it on the generic create/patch path lets an attacker
smuggle e.g. /etc through and bypass every import-time guard.
Both endpoints now refuse a baseDir field with 400.
2. resolveSafeReal() helper: realpath()s each candidate path (or its
longest existing prefix for write paths) and re-validates against
realpath(projectRoot). The original resolveSafe() only did a
string-prefix check, which was fooled by symlinks *inside* a
baseDir-rooted project. A repo containing 'assets -> /Users/me/.ssh'
passed the literal prefix check but readFile() followed the link
at open() time. resolveSafeReal() is now used by readProjectFile,
writeProjectFile, and deleteProjectFile.
3. Multer chat-upload destination now resolves to metadata.baseDir for
imported folder projects via a module-level lookup wired to db at
startServer() boot. Previously attachments landed in
.od/projects/<id>/ even for baseDir projects, so the agent (which
runs with cwd=baseDir) couldn't open them.
P2 findings:
4. searchProjectFiles threads metadata through listFiles +
resolveProjectDir so /api/projects/:id/search hits the right tree.
5. buildProjectArchive + buildBatchArchive now accept metadata so
'Download .zip' works for imported folder projects.
6. Watcher subscribe() resolves to baseDir for imported projects so
live-reload SSE actually fires when the user edits files in their
own folder. Registry stays keyed by the canonical directory.
7. Template snapshotting reads source-project files with metadata
so a template can be saved from a baseDir-rooted source.
Tests:
- Regression: POST /api/projects with metadata.baseDir → 400.
- Regression: descendant symlink (assets/leak.txt -> /etc/hosts) is
refused on the raw read endpoint.
Refs nexu-io/open-design#597, #624 (Codex P1+P2 review)
* fix(daemon): close two regressions found in #624 review round 2
@mrcfps caught two more correctness gaps:
1. Archive root symlink escape — buildProjectArchive accepts an optional
?root=<subdir> param to scope the zip to a subdirectory. The path was
resolved with the string-only resolveSafe(), so a directory symlink
inside an imported folder (docs -> /Users/me/.ssh) passed the prefix
check and collectArchiveEntries() then walked outside the project
tree. Switch to the symlink-aware resolveSafeReal() — the same one
that already protects raw read/write/delete paths. The walker itself
already skips dirent symlinks via !isDirectory && !isFile, so
canonicalizing the root is the only missing piece.
2. PATCH metadata wiped baseDir — updateProject() replaces metadata
wholesale. The previous guard only blocked an explicit baseDir
change, but a normal patch that *omits* baseDir (a UI editing
linkedDirs only sends { metadata: { kind, linkedDirs } }) silently
detached imported projects from their folder root. Subsequent
reads/writes/watch/deploy fell back to .od/projects/<id>.
Re-stamp the immutable folder-import fields (baseDir, importedFrom='folder')
from the existing project record onto the incoming patch when the
project is imported. A patch that supplies a *different* baseDir
still gets rejected as before; a patch that supplies the *same*
baseDir is accepted as a no-op. A patch on a non-imported project
that tries to set baseDir is also still rejected (preserves the
POST /api/projects guard from the previous round).
Tests:
- archive endpoint: ?root=<symlink-to-/etc> → 400.
- patch endpoint: PATCH that omits baseDir on an imported project keeps
baseDir intact (project still resolves to the user's folder after).
Refs nexu-io/open-design#597, #624 (Codex P1 round 2)
* fix(web): add Indonesian deploy provider copy
---------
Co-authored-by: INFINITY <valentyn.sotov@trendarena.app>
Co-authored-by: Siri-Ray <2667192167@qq.com>
* feat(prompt-templates): add Notion-style team dashboard (Live Artifact)
Adds a single image prompt template under the Live Artifact category — a
Notion-native team dashboard mockup with KPI grid, 7-day sparkline,
activity feed, and linked-database task table.
This is the first prompt template to use the curated Live Artifact
category, whose de/fr/ru localization slots were already reserved in
apps/web/src/i18n/content{,.fr,.ru}.ts. Only the new tag 'live-artifact'
is added to each locale's PROMPT_TEMPLATE_TAGS map (+1 line each) so the
arrayContaining check in e2e/tests/localized-content.test.ts continues
to pass.
Template-level only: no new surface, no loader changes, no schema or
TypeScript type changes.
* fix(prompt-templates,i18n): register 'Live Artifact' category and template ID fallback for de/fr/ru
CI's e2e/localized-content.test.ts enumerates LOCALIZED_CONTENT_IDS from
apps/web/src/i18n/content.ts and asserts:
- ids.promptTemplates === sorted(all template ids in prompt-templates/)
- ids.promptTemplateCategories ⊇ all categories actually used by templates
- ids.promptTemplateTags ⊇ all tags actually used by templates
The new notion-team-dashboard-live-artifact template introduced both
the first 'Live Artifact' category and the first prompt-template id
without a copy translation, so each locale needs:
- 'Live Artifact' added to *_PROMPT_TEMPLATE_CATEGORIES (currently
consumed via arrayContaining; order doesn't matter)
- 'notion-team-dashboard-live-artifact' listed in
*_PROMPT_TEMPLATE_IDS_WITH_EN_FALLBACK so it joins ids.prommplates
via the EN-fallback path (no per-locale title/summary copy needed)
The 'live-artifact' tag was already added to *_PROMPT_TEMPLATE_TAGS in
the previous commit on this branch.
3 files changed, +6 / -3.
* fix(i18n): register Live Artifact category + template id fallback (CI repair on #799)
* fix(i18n): register Live Artifact category + template id fallback (CI repair on #799)
* fix(i18n): register Live Artifact category + template id fallback (CI repair on #799)
* fix(prompt-templates): scrub live/connector affordances from notion-team-dashboard prompt (#799 review)
Reviewers (mrcfps, lefarcen) flagged that even with the amber "Sample
data — design preview" banner and the "(sample data)" footer, the inner
prompt blob still asked the model to render UI affordances claiming a
real Notion / Composio connector binding ("Live · synced" pill, "Last
refreshed just now", "Refresh from Notion" blue button, callout saying
numbers are "pulled from your {workspace} Notion workspace via the
Composio connector"). That contradicts the prompt-only contract and
reintroduces the #778 mock-honesty concern.
Rewrite the prompt blob so every UI element is consistently presented
as seeded sample data:
- topbar.preview_pill (was live_pill):ample · design preview' pill
with explicit negative instruction no to render any live/sync pill
- page_header.meta_row: drop 'Last refreshed', 'Auto' toggle, and the
'Refresh from Notion' blue button; explicit DO NOT instructions
- callout: 'prompt-only design preview ... seeded sample data ... not
pulled from a real Notion workspace and not refreshed via the
Composio connector. For real refreshable / connector-backed Live
Artifacts, use the live-artifact skill.' Also removes the bare
'{workspace}' placeholder that was not using {argument ...} syntax
(P2 nit from lefarcen).
- activity_feed_card.subtitle: 'Notion-style seeded activity for
design preview' (was 'From Notion')
- linked_database.title/subtitle: marked '(sample)' / 'seeded sample
rows · no live connector binding'
- linked_database.row_styles: explicit negative instruction not to
render an 'Updated ↻' refresh badge
- footer: 'Notion-style sample data · seeded design preview, not bound
to any Notion workspace or Composio connector'
- honesty_rule: enumerates all live/sync/refresh affordanche
generator must NOT render
Top-level metadata (id, title, summary, category, tags, model, aspect,
previewImageUrl, source) is unchanged. Preview PNG already shows the
amber banner and a layout without a Refresh button, so it matches the
new in-prompt language.
* fix(prompt-templates): scrub live/connector affordances from notion-team-dashboard prompt (#799 review)
Reviewers (mrcfps, lefarcen) flagged that even with the amber "Sample data — design preview" banner and the "(sample data)" footer, the inner prompt blob still asked the model to render UI affordances claiming a real Notion / Composio connector binding ("Live · synced" pill, "Last refreshed just now", "Refresh from Notion" blue button, callout saying numbers are "pulled from your {workspace} Notion workspace via the Composio connector"). That contradicts the prompt-only contract and reintroduces the #778 mock-honesty concern.
Rewrite the prompt blob so every UI element is consistently presented as seeded sample data:
- topbar.preview_pill (was live_pill): 'Sample · design preview' pill with explicit negative instruction not to render any live/sync pill.
- page_header.meta_row: drop 'Last refreshed', 'Auto' toggle, and the 'Refresh from Notion' blue button; explicit DO NOT instructions for all three.
- callout: 'prompt-only design preview ... seeded sample data ... not pulled from a real Notion workspace and not refreshed via the Composio connector. For real refreshable / connector-backed Live Artifacts, use the live-artifact skill.' Also removes the bare '{workspace}' placeholder that was not using {argument ...} syntax (P2 nit from lefarcen).
- activity_feed_card.subtitle: 'Notion-style seeded activity for design preview' (was 'From Notion').
- linked_database.title/subtitle: marked '(sample)' / 'seeded sample rows · no live connector binding'.
- linked_database.row_styles: explicit negative instruction not to render an 'Updated ↻' refresh badge.
- footer: 'Notion-style sample data · seeded design preview, not bound to any Notion workspace or Composio connector'.
- honesty_rule: enumerates all live/sync/refresh affordances the generator must NOT render.
Top-level metadata (id, title, summary, category, tags, model, aspect, previewImageUrl, source) is unchanged. Preview PNG already shows the amber banner and a layout without a Refresh button, so it matches the new in-prompt language.
* fix(prompt-templates): scrub live/connector affordances from notion-team-dashboard prompt (#799 review)
Reviewers (mrcfps, lefarcen) flagged that even with the amber "Sample data — design preview" banner and the "(sample data)" footer, the inner prompt blob still asked the model to render UI affordances claiming a real Notion / Composio connector binding ("Live · synced" pill, "Last refreshed just now", "Refresh from Notion" blue button, callout saying numbers are "pulled from your {workspace} Notion workspace via the Composio connector"). That contradicts the prompt-only contract and reintroduces the #778 mock-honesty concern.
Rewrite the prompt blob so every UI element is consistently presented as seeded sample data:
- topbar.preview_pill (was live_pill): 'Sample · design preview' pill with explicit negative instruction not to render any live/sync pill.
- page_header.meta_row: drop 'Last refreshed', 'Auto' toggle, and the 'Refresh from Notion' blue button; explicit DO NOT instructions for all three.
- callout: 'prompt-only design preview ... seeded sample data ... not pulled from a real Notion workspace and not refreshed via the Composio connector. For real refreshable / connector-backed Live Artifacts, use the live-artifact skill.' Also removes the bare '{workspace}' placeholder that was not using {argument ...} syntax (P2 nit from lefarcen).
- activity_feed_card.subtitle: 'Notion-style seeded activity for design preview' (was 'From Notion').
- linked_database.title/subtitle: marked '(sample)' / 'seeded sample rows · no live connector binding'.
- linked_database.row_styles: explicit negative instruction not to render an 'Updated ↻' refresh badge.
- footer: 'Notion-style sample data · seeded design preview, not bound to any Notion workspace or Composio connector'.
- honesty_rule: enumerates all live/sync/refresh affordances the generator must NOT render.
Top-level metadata (id, title, summary, category, tags, model, aspect, previewImageUrl, source) is unchanged. Preview PNG already shows the amber banner and a layout without a Refresh button, so it matches the new in-prompt language.
---------
Co-authored-by: joeylee12629-star <joeylee12629-star@users.noreply.github.com>
* add flowai live dashboard template skill
Introduce a new template-mode skill under the live-artifacts scenario with a default interactive example and seed template so users can generate polished, refresh-ready team dashboards quickly.
Co-authored-by: Cursor <cursoragent@cursor.com>
* add preview screenshot for flowai live dashboard template
Attach the provided dashboard screenshot under docs/screenshots/skills so the template contribution includes a visual preview artifact.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(flowai-template): reposition as static prototype dashboard skill
Address review feedback on PR #801:
- SKILL.md: drop `scenario: live-artifacts` and live-related triggers;
align with peer single-page dashboard skills using
`mode: prototype` + `scenario: operations` so the four-file
live-artifact contract no longer applies.
- references/checklist.md: rewrite quality gates around the static
prototype scope (export-from-DOM, responsive breakpoints, theme-aware
charts).
- assets/template.html:
- CSV export now reads every visible row from the table DOM,
including the Workflow column, instead of a hardcoded fixture.
- Add 1300px and 720px breakpoints; the main grid stacks to one
column, stat cards fall back to two then one, tabs wrap, table
scrolls horizontally on phones.
- Move chart colors into CSS variables (--chart-stroke,
--chart-fill, --chart-axis, --chart-bar-label, --chart-bar-value)
so dark-mode toggling re-derives them; chart canvases are
re-rendered after theme switch.
- Hash-sync tabs (#members | #details | #activity), animate the
role bar chart only on first reveal of the details tab,
fall back when CanvasRenderingContext2D.roundRect is unavailable,
add Esc to exit zoom and prevent tooltip clipping.
- example.html: title cleanup to match new skill identity.
Localized content:
- Add `flowai-live-dashboard-template` to DE/FR/RU
SKILL_IDS_WITH_EN_FALLBACK lists in apps/web/src/i18n so the
e2e localized-content test passes.
---------
Co-authored-by: tuolaji <tuola@tuolajideMacBook-Air.local>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Tuola Ge <gexingli@refly.ai>
* add live-dashboard skill
Notion-style team dashboard rendered as a Live Artifact.
Wires the OD 0.4.0 connector catalog (#381) end-to-end:
refresh-on-open, manual Refresh tween, auto-refresh, stale state.
Falls back to seeded mock data when no connector is bound.
* address PR #778 review comments
P1 — security and correctness:
- skills/live-dashboard/assets/template.html · skills/live-dashboard/example.html: escape every connector-derived string before innerHTML interpolation. Adds a tiny e() helper and routes feed.who/action/target/suffix/icon, row.title/icon/due/prio, person.name/color/id, KPI label/delta through it. Closes lefarcen #3200122795 + #3200122820.
- skills/live-dashboard/SKILL.md (live behavior section): align connector poll URL with references/connectors.md — POST /api/od/connectors/poll with { project, read } body, not /api/od/connectors/<id>/poll. Closes codex bot #3200100897.
- apps/web/src/i18n/content{,.ru,.fr}.ts: register live-dashboard in DE_/RU_/FR_SKILL_IDS_WITH_EN_FALLBACK so the localized-content e2e check passes. Closes mrcfps #3200122059.
- skills/live-dashboard/references/connectors.md: prepend a Status callout that names skills/live-artifact/ as the canonical file/CLI live-artifact contract and frames the HTTP shape as a forward-looking proposal sitting alongside it (out-of-the-box the artifact runs on seeded data; only seedNextChange() needs swapping when POST /api/od/connectors/poll lands). Closes lefarcen #3200122811.
P2 — quality and honesty:
- skills/live-dashboard/references/connectors.md: rewrite the auth_ref resolution step to match apps/daemon/src/media-config.ts (OD_MEDIA_CONFIG_DIR → OD_DATA_DIR → <projectRoot>/.od/media-config.json, $HOME/~/relative paths handled via expandHomePrefix). Closes codex bot #3200100906.
- skills/live-dashboard/example.html: switch the live-pill to a sticky Sample data state with a grey static dot, rewrite the callout to admit the figures are seeded fixtures, retitle the toast and the refresh tooltip, and refuse to flip to Live · synced inside updateTimes(). Adds a .pill-live.sample CSS variant. Closes lefarcen #3200122823.
- skills/live-dashboard/assets/template.html: hoist <meta name=od:project> from <body> into <head>. Closes lefarcen #3200122832.
- skills/live-dashboard/assets/template.html · example.html: add role=button + tabindex=0 + aria-current to every clickable .ws / .side-search / .nav-item, and wire a single document-level keydown handler that maps Enter/Space to a synthetic click for any role=button div (skipping real buttons / anchors / form controls). Closes lefarcen #3200122837.
- skills/live-dashboard/assets/template.html: implement the KPI tween + flash + snapshotKpi() the SKILL.md prose already promised — first render builds escaped cards, subsequent renderKpi(prev) calls tween numeric values and flash() the cells that actually changed; refresh() now calls snapshotKpi() before mutating state and forwards prev. SKILL.md spells out the wire-up. Closes lefarcen #3200122839.
* gate KPI tween + flash + row/feed highlight on prefers-reduced-motion
Addresses mrcfps's non-blocking review item on PR #778 (comment #3200614137,
template.html:453). The CSS @media (prefers-reduced-motion: reduce) block
already neutralizes CSS animations and transitions, but the new JS-driven
helpers kept moving for opted-out users:
- tweenText() scheduled requestAnimationFrame updates for 600ms
- flash() toggled the .flash highlight class for 700ms
- renderFeed()/renderRows() applied .feed-row.new / .db-row.changed
classes which carry transient backgrounds even when their CSS
animations are off
Both runtimes (assets/template.html and example.html) now share a
reduceMotion() helper (window.matchMedia('(prefers-reduced-motion:
reduce)').matches). When it returns true:
- tweenText()/tween() set the final value immediately and return
- flash() returns without touching the class
- renderFeed()/renderRows() pass null as the highlight id so the .new /
.changed classes are never applied
Normal-motion users see the existing tween + flash + highlight pulse
unchanged. Keeps the P0 prefers-reduced-motion row in
references/checklist.md honest for agents that copy this template
verbatim.
---------
Co-authored-by: joey <joey@joeydeMacBook-Air.local>
Co-authored-by: joeylee12629-star <joeylee12629-star@users.noreply.github.com>
* add waitlist-page skill
* fix(waitlist-page): address PR review feedback
- Remove novalidate from example.html form
- Ensure checkValidity() guard present in both template and example
- Remove required from firstname input in template
- Add token escaping rules to SKILL.md workflow (step 9)
- Add token mapping/fallback rules for BORDER/SUCCESS/STRIPE/DECO (step 7)
- Fix mobile quality gate to be measurable (375x667, 390x844)
- Promote hardcoded #fff, rgba(0,0,0,0.9), rgba(255,255,255,0.9) to
CSS variables (--btn-label, --ticker-bg, --ticker-fg) in template
- Create references/checklist.md with P0/P1/P2 tiers; countdown timer
is now a hard P0 prohibition; a11y gate split into six specific checks"
* fix: resolve P0 color and accessibility issues
- Add role=status to success messages for screen reader announcement
- Replace all hardcoded hex/rgba colors with template tokens
- Update SKILL.md with comprehensive color token mapping rules
- SVG decorations now use CSS variables instead of hardcoded strokes
* fix: address PR review feedback on scope, scrolling, and font tokens
Fixes:
- Restore pricing-page files accidentally deleted in previous commit
(skills/pricing-page/SKILL.md and example.html now back on branch)
- Remove temp-original.html scratch file from commit
- Fix mobile viewport scrolling: change 'height: 100vh; overflow: hidden'
to 'min-height: 100svh; overflow-x: hidden; overflow-y: auto'
so content doesn't clip on 375×667 and 390×844 screens
- Split font tokens into URL-safe and CSS-safe variants:
* {{DISPLAY_FONT_URL}} and {{DISPLAY_FONT_CSS}} for display fonts
* {{BODY_FONT_URL}} and {{BODY_FONT_CSS}} for body fonts
This fixes encoding: spaces as '+' in Google Fonts URL, literal in CSS
- Update SKILL.md frontmatter with new font input fields
- Update token escaping rules to document the split
* fix: resolve token contract mismatch and remove hardcoded colors from example.html
P0 Fixes:
- Remove all hardcoded colors from example.html (except #2D6A4F for --success)
- Use CSS variables for all color values: --btn-label, --ticker-bg, --ticker-fg, --deco-stroke
- Fix gradient to use var(--deco) instead of hardcoded #D1632B
- Apply consistent color expressions across decorations and text
Token Contract Fixes:
- template.html now uses full CSS expressions for opacity-based colors:
* {{BORDER_EXPRESSION}} instead of {{BORDER_HEX}} (no # prefix)
* {{BTN_LABEL_EXPRESSION}} instead of {{BTN_LABEL_HEX}}
* {{TICKER_BG_EXPRESSION}}, {{TICKER_FG_EXPRESSION}}, {{DECO_STROKE_EXPRESSION}}
- Remove extra quotes from font tokens in template:
* --font-body: {{BODY_FONT_CSS}} instead of '{{BODY_FONT_CSS}}'
* Font tokens are already quoted if needed, no wrapping
- Update SKILL.md frontmatter with all color expression inputs and descriptions
- Update token mapping rules to clarify the new contract:
* Hex tokens: simple six-digit colors
* Expression tokens: full CSS values (rgba/color-mix), no # prefix
* Font tokens: CSS font-family values, no extra wrapping
- Update token escaping rules to reflect new contract
This ensures agents can follow SKILL.md instructions without producing invalid CSS.
* fix: remove final hardcoded colors from example.html - P0 complete
- Button text: #fff → var(--btn-label)
- Ticker background: rgba(0,0,0,0.9) → var(--ticker-bg)
- Ticker text: rgba(255,255,255,0.9) → var(--ticker-fg)
- Logo text: fill=white → fill=var(--btn-label)
All colors now derive from design system tokens. Only #2D6A4F (--success) allowed hardcoded exception.
* fix: correct --btn-label contrast for CTA readability
Change --btn-label from #1A1410 (same as button background) to #FDE8DF
(light background color) so button text has proper contrast against
the dark --accent button background.
This resolves the black-text-on-black issue that broke the main
email capture action and satisfies the checklist button contrast gate.
* fix: add visible focus indicator for input accessibility
P1 Accessibility Polish:
- Update .form-row input:focus to include outline and outline-offset
- Before: border-color only, removing default outline (no visible focus)
- After: border-color + 2px outline + 2px offset (clear focus indicator)
This satisfies the checklist P1 focus-style gate and ensures keyboard
users can see which form field has focus. Both example.html and
template.html updated so agents copy complete focus patterns.
* fix: remove hardcoded logo shadow color - P0 compliance
- Add --logo-shadow CSS variable derived from foreground
- example.html: box-shadow 0 2px 8px rgba(0,0,0,0.08) → var(--logo-shadow)
- template.html: add {{LOGO_SHADOW_EXPRESSION}} placeholder
- Update SKILL.md with logo_shadow_expression input and mapping rules
All colors in example.html now derive from design system tokens.
Ensures agents copy compliant reference without hardcoded shadow colors.
* fix: register waitlist-page skill in i18n localized content registry
Add waitlist-page to locale-specific skill fallback lists so the web
content coverage test passes when the new skill is discovered:
- apps/web/src/i18n/content.ts: Add to DE_SKILL_IDS_WITH_EN_FALLBACK
- apps/web/src/i18n/content.fr.ts: Add to FR_SKILL_IDS_WITH_EN_FALLBACK
- apps/web/src/i18n/content.ru.ts: Add to RU_SKILL_IDS_WITH_EN_FALLBACK
The skill falls back to English localization for now; localized
descriptions can be added to each locale file later.
Fixes: web content coverage test now passes (6/6 tests).
* fix: wire template and checklist into skill workflow as mandatory gates
Restructure waitlist-page SKILL.md workflow to enforce the hardened
template-based execution path:
- Add Preflight section: agents MUST read assets/template.html first
- Add explicit token mapping and escaping rules (steps 2-4)
- Add mandatory Validation section: run references/checklist.md P0/P1
gates BEFORE emitting artifact; fail fast if any P0 gate fails
- Update Quality gates section to emphasize template-based execution
and reinforce P0/P1 gate hierarchy
- Update Output section: only emit after P0 passes; re-validate on
iterations
This prevents agents from writing HTML from scratch or skipping the
hardened seed (template) and validation (checklist) that this PR adds.
* refactor(waitlist-page): replace literal logo placeholder with token
- Replaced `[LOGO]` with `{{LOGO_MARK}}` in template.html
- Added `logo_mark` to inputs in SKILL.md
- Updated mapping rules in SKILL.md to handle raw SVG or text for logo
- Updated P0 validation gates in SKILL.md and checklist.md to ensure logo replacement
* fix(waitlist-page): enforce strict escaping and sanitization for logo token
- Mandate HTML-escaping for text initials.
- Enforce strict allowlist-based sanitization for inline SVG (stripping `<script>`, `on*`, `<foreignObject>`, `href`, `xlink:href`, `url()`).
- Add fallback to escaped text initials for invalid/unsafe SVG.
* docs(waitlist-page): sync logo_mark frontmatter description with rules
- Updated the `logo_mark` input description in the SKILL.md frontmatter to explicitly outline the new requirements for HTML-escaped text or strict allowlist-sanitized SVG.
* fix(waitlist-page): add logo_fg_expression to guarantee contrast in logo mark text fallback
- Added `--logo-fg` CSS variable mapped to `{{LOGO_FG_EXPRESSION}}`.
- Updated `.logo-container` in `template.html` to inherit typography styles and apply `--logo-fg` for safe fallback when rendering escaped initials.
- Enforced WCAG AA contrast for logo initials against container background in `checklist.md`.
* refactor(waitlist-page): migrate hex color tokens to full css expressions
* refactor(waitlist-page): strict validation for color expression tokens to prevent CSS injection
* docs(waitlist-page): update validation summary to reflect strict color grammar
---------
Co-authored-by: Siri-Ray <2667192167@qq.com>
* Optimize Windows packaged web output
* Fix packaged contracts runtime build
* Optimize Windows packaged size pruning
* Prune Windows root Next payload
* Remove Windows bundled Node runtime
* Prune Windows standalone duplicate Next
* Add tools-pack cache foundation
* Cache Windows packaged build layers
* Cache Windows workspace builds
* Cache Electron-ready Windows app
* Split Windows tools-pack module
* Cache Windows dir build outputs
* Split Windows pack build modules
* Document Windows NSIS smoke namespace limits
* Move Windows NSIS smoke note to agents guide
* Optimize Windows beta packaging
* Bump packaged beta base version
* Improve Windows installer namespace UX
* Improve Windows tools-pack cache keys
* Stabilize Windows beta cache version keys
* Cache Windows workspace build outputs
* Optimize windows release beta cache layers
* Cache windows release dependencies
* Trim windows release cache before save
* Refresh windows tools-pack cache key
* Improve windows installer preflight prompts
* Fallback NSIS installer strings to English
* Fix Windows installer cleanup and preflight
* Improve Windows NSIS state logging
* Fix system NSIS Persian language alias
* Use long-path removal for Windows uninstall
* Fix mac tools-pack tests on Windows
* Address Windows packaging review feedback
* Fix Windows installer cache namespace isolation
* Include web output mode in Windows tarball cache key
* Use unique Windows release cache save keys
* Support overriding the Codex executable path
* Replace save-as-template prompts with an in-app dialog
* Seed local packaged app config from workspace
* Fix packaged config and connection test overrides
* Keep tools-pack mac config seeding self-contained
* Require absolute CODEX_BIN overrides
* docs(readme): add @nexudotio X link + Stay in the loop section
- Add X/Twitter follow badge in the header next to Discord, so visitors
can subscribe to release notes and milestone threads in one click.
- Add a short "Stay in the loop" section above "Star us" pointing to
@nexudotio on X. Discord is for chat, X is for the public milestones
(releases, new skills, new design systems).
No other changes.
* feat(web): add Follow @nexudotio pill to entry sidebar foot
- Surface the official X account next to the Settings/Pet/Language pills
so users can subscribe to release notes from inside the app, not only
the README.
- Uses the existing .foot-pill style (already supports <a>, has
text-decoration: none) and the existing 'external-link' Icon — no new
CSS, no new icons, no i18n key required (single short English label).
- Opens in a new tab with rel="noreferrer noopener".
Pairs with the README badge added in this same PR.
---------
Co-authored-by: Tuola-waj <ge@nexu.io>
