🐛 fix: drop manifests missing api before feeding ToolsEngine#13856
Merged
Conversation
…oolsEngine `ToolsEngine.convertManifestsToTools` calls `manifest.api.map(...)` without a null check, so any manifest that is truthy but lacks a valid `api` array crashes the entire tools build with "Cannot read properties of undefined (reading 'map')". This takes down anything that touches the tools pipeline on that agent — including TokenTag in ChatInput, which is why users see the crash on the chat page load path. Manifests are merged from 5 sources (installed plugins, builtin tools, Klavis, LobeHub skills, caller-supplied extras), only some of which filter falsy entries, and none validate `api`. Guard defensively at the merge point and log the offending source + identifier so the underlying bad data can be traced. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #13856 +/- ##
==========================================
- Coverage 66.77% 66.76% -0.01%
==========================================
Files 2046 2046
Lines 174449 174474 +25
Branches 20490 17166 -3324
==========================================
+ Hits 116482 116493 +11
- Misses 57843 57857 +14
Partials 124 124
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Merged
canisminor1990
added a commit
that referenced
this pull request
Apr 16, 2026
# 🚀 LobeHub v2.1.50 (20260416) **Release Date:** April 16, 2026\ **Since v2.1.49:** 107 commits · 101 merged PRs · 13 contributors > This weekly release focuses on improving runtime stability and gateway execution consistency, while making Home/Recents workflows faster to navigate and easier to manage in daily use. --- ## ✨ Highlights - **Server-side Human Approval Flow** — Agent runtime now supports more reliable approve/reject/reject-continue handling in gateway mode, reducing stalled execution paths in long-running tasks. (#13829, #13863, #13873) - **Message Gateway End-to-End Hardening** — Gateway message flow, queue handling, tool callback routing, and stop interruption behavior were strengthened for better execution continuity. (#13761, #13816, #13820, #13815) - **Client Tool Execution in Gateway Mode** — Client-executor tools now run more predictably across gateway and desktop callers, with improved executor dispatch behavior. (#13792, #13790) - **Home / Recents / Sidebar Upgrade** — Sidebar layout, custom sort, recents operations, and profile actions were improved to reduce navigation friction in active sessions. (#13719, #13812, #13723, #13739, #13878, #13734) - **Agent Workspace and Documents Expansion** — Working panel and agent document workflows were expanded and polished for better day-to-day agent operations. (#13766, #13857) - **Provider and Model Compatibility Improvements** — Added GLM-5.1 support and refined model/provider edge-case handling, including schema and error-path fixes. (#13757, #13806, #13736, #13740) --- ## 🏗️ Core Agent & Architecture ### Agent runtime and intervention lifecycle - Added server-side human approval and improved runtime coordination across approve/reject decision paths. (#13829, #13863) - Improved interrupted-task handling and operation lifecycle consistency to reduce half-finished runtime states. (#13714) - Refined error classification and payload propagation so downstream surfaces receive clearer actionable errors. (#13736, #13740) ### Execution model and dispatch behavior - Introduced executor-aware runtime behavior to better separate client/server tool execution semantics. (#13758) - Improved tool/plugin resolution and manifest handling to avoid runtime failures on malformed inputs. (#13856, #13840, #13807) --- ## 📱 Gateway & Platform Integrations - Added message gateway support and strengthened queue/error behavior for more stable cross-channel execution. (#13761, #13816, #13820) - Improved gateway callback pipeline with protocol and API additions for `tool_execute` / `tool_result`. (#13762, #13764, #13765) - Improved bot/channel reliability and DM/slash handling in Discord-related paths. (#13805, #13724) --- ## 🖥️ CLI & User Experience - Improved CLI reliability across message/topic operations and build/minify-related paths. (#13731, #13888) - Added image-to-video options and improved command behavior for generation workflows. (#13788) - Improved desktop runtime behavior for remote fetch and Linux notification urgency handling. (#13789, #13782) --- ## 🔧 Tooling - Extracted gateway stream client into `@lobechat/agent-gateway-client` to centralize protocol usage and reduce duplication. (#13866) - Improved built-in tool coverage and runtime support, including GTD server runtime and missing lobe-kb tools. (#13854, #13876) - Updated skill and frontmatter consistency in workflow tooling. (#13730) --- ## 🔒 Security & Reliability - **Security:** Strengthened API key WS auth behavior and safer serverUrl forwarding in gateway-related auth paths. (#13824) - **Reliability:** Reduced runtime stalls by improving gateway stop/interrupt and approval-state routing behavior. (#13815, #13863, #13873) - **Reliability:** Added defensive guards for malformed tool manifests and non-string content edge cases. (#13856, #13753) --- ## 👥 Contributors **101 merged PRs** from **13 contributors** across **107 commits**. ### Community Contributors - @arvinxx - Runtime, gateway, and execution reliability improvements - @Innei - Navigation, workflow UX, and desktop/CLI refinements - @rdmclin2 - Sidebar, recents, and channel behavior updates - @ONLY-yours - Tooling/runtime fixes and model execution compatibility - @tjx666 - Model support and release/tooling maintenance - @nekomeowww - Memory and search-path stability fixes - @cy948 - CLI indexing and command flow fixes - @octo-patch - Local system runtime edge-case fixes - @djthread - Desktop runtime request reliability improvements - @rivertwilight - Documentation and changelog updates - @sudongyuer - Subscription/mobile support improvements - @Zhouguanyang - Provider/model configuration correctness fixes - @lobehubbot - Translation and maintenance automation support --- **Full Changelog**: v2.1.49...v2.1.50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
💻 Change Type
🔗 Related Issue
N/A (crash report from desktop renderer)
🔀 Description of Change
Users see this crash on the chat page:
```
TypeError: Cannot read properties of undefined (reading 'map')
at ToolsEngine.convertManifestsToTools (index-...js)
at ToolsEngine.generateToolsDetailed
at TokenTag-...js
```
Root cause
`ToolsEngine.convertManifestsToTools` (`packages/context-engine/src/engine/tools/ToolsEngine.ts:265-266`) does:
```ts
const tools = manifests.flatMap((manifest) => manifest.api.map((api) => ({ ... })));
```
`manifest` itself is defined (otherwise it would fail on `.api` rather than `.map`), but `manifest.api` is `undefined` for at least one entry — so `undefined.map(...)` throws. One bad manifest takes down the whole tools build, and everything that calls `generateTools*` (TokenTag, streaming executor, agent runtime) breaks with it.
Why it gets through
`createToolsEngine` merges manifests from five sources. Only some filter falsy entries, and none validate `api`:
A truthy-but-malformed manifest (missing `api`, or `api` not an array) slips through any of them.
Fix
Guard defensively at the merge point with `isValidToolManifest` / `dropInvalidManifests`. Each source is filtered separately and a `console.warn` logs the source + identifier of every dropped entry, so we can trace the bad data back to where it was populated.
🧪 How to Test
📝 Additional Information
This is a stop the bleed fix. Once the warning surfaces the bad source in real user sessions / CI, the proper follow-up is to fix whichever populator is writing a manifest without `api` (probable suspects: marketplace / custom plugin manifest fetcher returning partial JSON; Klavis or LobeHub-Skill tool sync on schema drift). The warning payload includes `identifier` when available to make that tractable.