🐛 fix(creds): replace hardcoded session_context values with template variables#15352
Merged
Conversation
…variables
- Replace hardcoded `Current user`, `Session date`, `Sandbox mode` in
systemRole.ts with {{username}}, {{session_date}}, {{sandbox_enabled}}
- Inject {{session_date}} via Intl.DateTimeFormat in RuntimeExecutors
- Remove isCredsEnabled gate so {{CREDS_LIST}} / {{KLAVIS_SERVICES_LIST}}
are always substituted when userId is available, regardless of execution path
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7d3527bc00
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+5
to
+6
| Session date: {{session_date}} | ||
| Sandbox mode: {{sandbox_enabled}} |
There was a problem hiding this comment.
Add client generators for creds placeholders
In the normal client-side chat path, src/services/chat/mecha/contextEngineering.ts only adds generators for CREDS_LIST/KLAVIS_SERVICES_LIST plus VARIABLE_GENERATORS, which has username/date but no session_date or sandbox_enabled. After changing this shared creds prompt to those new names, browser-rendered lobe-creds prompts leave {{session_date}} and {{sandbox_enabled}} verbatim, so the hardcoded values are only fixed for the server executor path. Please add matching client generators or reuse existing variable names.
Useful? React with 👍 / 👎.
Comment on lines
+659
to
662
| if (ctx.userId) { | ||
| try { | ||
| const { MarketService } = await import('@/server/services/market'); | ||
| const marketService = new MarketService({ userInfo: { userId: ctx.userId } }); |
There was a problem hiding this comment.
Gate credential fetching to creds-enabled runs
When any server-side agent run has a userId, this branch now imports MarketService and calls the remote market.creds.list() on every call_llm step even when lobe-creds is not enabled and no prompt can consume CREDS_LIST; the old manifestMap gate avoided that hot-path network call for ordinary chats. In deployments where the Market API is slow or unavailable, non-creds conversations now incur avoidable latency before reaching the model, so this should be gated on actual creds prompt/manifest presence or evaluated lazily only when the placeholder is present.
Useful? React with 👍 / 👎.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #15352 +/- ##
=========================================
Coverage 71.11% 71.11%
=========================================
Files 3188 3188
Lines 318686 318701 +15
Branches 34769 29017 -5752
=========================================
+ Hits 226638 226660 +22
+ Misses 91876 91869 -7
Partials 172 172
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
klavisEnv uses @t3-oss/env-nextjs which throws in jsdom (vitest treats it as a client context). Previously the isCredsEnabled gate short-circuited before the access; now that the gate is removed, the mock is needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add session_date and sandbox_enabled variable generators to contextEngineering.ts so client-side renders substitute them correctly - Restore isCredsEnabled gate in RuntimeExecutors to avoid fetching creds on every call_llm step; now checks both enabledToolIds (client-activated path) and manifestMap (execAgent path) to cover all execution paths Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the isCredsEnabled OR-condition that caused execAgent test failures. Keep session_date, sandbox_enabled, and always-inject CREDS_LIST/KLAVIS_SERVICES_LIST. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Merged
arvinxx
added a commit
that referenced
this pull request
Jun 4, 2026
# 🚀 LobeHub Release (20260604) **Release Date:** June 4, 2026 **Since v2.2.1:** 88 merged PRs · 11 contributors > This week brings Execution Devices out of the lab — run agents and Claude Code on any configured local or remote machine — alongside Claude Opus 4.8, token-usage analytics, and Page sharing. --- ## ✨ Highlights - **Execution Devices** — Pick where an agent runs. Desktop and CLI devices auto-register with a stable machine ID, route through the gateway by channel, and surface a device switcher in the chat input. Run remote Claude Code on a configured device, with a recent-directory picker you can drag to reorder. (#15300, #15315, #15322, #15343, #15351, #15371) - **Claude Opus 4.8** — Day-one support for Anthropic's latest model. (#15314) - **Token-usage analytics** — A new token-usage mode on the activity heatmap, backed by a denormalized topic usage/cost rollup so totals stay accurate without recomputing from messages. (#15365, #15417, #15425) - **Page sharing** — Share a Page through a dedicated document share flow, plus new Workspace and Agent share tables. (#15309, #15439) - **Self-iteration agents** — Agent Signal's execAgent migration lands a server-runtime bridge, async memory writer, and a registered self-iteration tool package, with a CLI trigger command for testing. (#15360, #15364, #15392) - **Knowledge search** — BM25 search now extends to file-backed documents, and the portal ships an editable CodeMirror viewer for local files with document highlighting. (#15247, #15298) --- ## 🏗️ Core Agent & Architecture ### Agent Signal & Runtime - **execAgent migration** — Server-runtime bridge, completion projection, async memory writer, and removal of the legacy `executeSelfIteration` path. (#15392) - Registered the self-iteration builtin tool package and restored the three mode-specific self-iteration agent slugs. (#15202, #15364) - Added a CLI trigger command with a golden-snapshot fixture for Agent Signal. (#15360) - **Skill priority** — Agent Builder now emits a skill-priority instruction with matching server runtime. (#15409) - Retry empty LLM completions instead of silently finishing the turn. (#15355) - Classify topic/agent/session foreign-key violations as `ConversationParentMissing` for clearer recovery. (#15408) - Persist canonical nested usage/performance on assistant messages, and re-link orphan tool messages at the raw bucket write boundary. (#15359, #15438) - Guard `createAgent` against LLM double-encoded array fields. (#15381) --- ## 🖥️ Execution Devices & Gateway - Auto-register desktop and CLI devices with a stable machine ID, and add the `@lobechat/device-identity` package. (#15300, #15321) - New Devices settings page behind the Execution Device Switcher lab, with a device switcher shown for all agents in the chat input. (#15315, #15371) - `connectionId` + channel routing across the gateway client and device list; preset the local device on the first LLM request for the 本机 target. (#15322, #15435) - Run remote Claude Code on a configured device, with drag-to-reorder recent-directory management and client renders for device tool results. (#15343, #15351, #15437) - Preserve content and state across gateway tool calls, and prevent duplicate streaming from stale reconnects. (#15114, #15354) --- ## 🖥️ CLI & Desktop - Preserve content/state for connect local file and shell tools; render the `runCommand` tool result card. (#15441, #15442) - New `lh topic view` command; CLI now auto-registers its device on login, matching desktop. (#15340, #15377) - Resolve CLI tools from the shell `PATH`, and clarify local command session handling. (#15368, #15389) - Relocate visual-ref helpers to `@lobechat/const` to fix a renderer crash; upload `.blockmap` files to S3 for differential updates. (#15326, #15369) - Fix a market OAuth expiry that triggered the wrong re-login modal, and kill dev child processes on parent shutdown. (#15246, #15290) --- ## 🗂️ Pages, Library & Knowledge - Document share flow with business slot stubs, plus Workspace and Agent share tables. (#15309, #15439) - Export Agent profiles as Markdown, preserving an empty agent prompt on export. (#15312, #15316) - Editable CodeMirror viewer for local files with document highlighting; BM25 search extended to file-backed documents. (#15247, #15298) - Default new Agent-doc files to `.md` and preserve IME composition; refresh folder data on slug switch and dedupe breadcrumb fetches. (#15335, #15427) --- ## 💬 Chat & User Experience - Group-by-status mode for the Topic sidebar; dropped the legacy session→agentId compatibility path from Topic queries. (#15366, #15378) - Restore editor focus after the file picker closes, and close the skill dropdown before navigating to settings. (#15391, #15394) - Strip markdown tokens from fallback Topic titles; keep an open ActionBar popup when hovering another message. (#15303, #15372) - Stabilize home starter loading and stop transliterating model names in the home starter; show artifact source while streaming. (#15310, #15324, #15386) - Group the sidebar spacer with recents and agents. (#15373) --- ## 📊 Analytics, Tasks & Notifications - Token-usage mode on the activity heatmap, backed by a denormalized topic usage/cost rollup. (#15365, #15417, #15425) - Push: new `PushChannel`, receipt cron, and `pushToken` tRPC API. (#15233) - Tasks now support file and image attachments. (#15141) --- ## 🧩 Models & Providers - Support Claude Opus 4.8 and configurable model routing with starters. (#15314, #15384) - MiniMax M3: new model entry and an Anthropic video runtime. (#15380, #15403) - Add `intern-s2-preview` with `thinking_mode`, and `step-3.7-flash` support. (#15308, #15317) - Block disabling the official provider; fix default provider setup in business mode. (#15379, #15382) --- ## 🎨 UI & Modals - Migrate modals to `@lobehub/ui/base-ui` (LOBE-9711 + eval batch), including the create-custom-model and feedback/changelog modals. (#15401, #15416) - Restructure confirmModal title and content across deletion flows; polish the service-model form and migrate its Switch to base-ui. (#15426, #15440) - Wrap the BlueBubbles bridge config into a connection card; update `@lobehub/ui` to v5.15.5. (#15325, #15342) --- ## 🔒 Reliability - Replace hardcoded `session_context` values with template variables in credentials. (#15352) - Point `CHANGELOG_URL` to `/changelog`. (#15428) --- ## 👥 Contributors Huge thanks to **11 contributors** who shipped **88 merged PRs** this cycle. @hezhijie0327 · @qybaihe · @sxjeru · @arvinxx · @Innei · @tjx666 · @lijian · @sudongyuer · @cy948 · @rivertwilight · @AmAzing129 Plus @lobehubbot and renovate[bot] for maintenance. --- **Full Changelog**: v2.2.1...release/weekly-20260604
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
💻 Change Type
🔗 Related Issue
🔀 Description of Change
The
lobe-credssystem role (packages/builtin-tool-creds/src/systemRole.ts) had three hardcoded values in<session_context>that should have been template variables:Current user: Arvin Xu→{{username}}Session date: Wednesday, May 20, 2026→{{session_date}}Sandbox mode: false(two occurrences) →{{sandbox_enabled}}Additionally,
{{CREDS_LIST}}was not being substituted in some execution paths because it was gated onisCredsEnabled = !!resolved.manifestMap[CredsIdentifier], which is false when lobe-creds is activated outside of execAgent mode.Changes:
<session_context>values insystemRole.tswith proper template variables{{session_date}}injection viaIntl.DateTimeFormatusing the user's timezone inRuntimeExecutors.tsisCredsEnabledgate —CREDS_LISTandKLAVIS_SERVICES_LISTare now always fetched and injected whenuserIdis available, ensuring substitution works regardless of execution pathsession_dateadded toadditionalVariables🧪 How to Test
Enable lobe-creds tool and start a conversation —
<session_context>should show the actual username, today's date, and correct sandbox modeVerify
<available_credentials>shows real credentials list instead of{{CREDS_LIST}}Tested locally
No tests needed