β¨ feat: land new signups directly on onboarding#15629
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 673ea53782
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Codecov Reportβ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #15629 +/- ##
=========================================
Coverage 67.63% 67.63%
=========================================
Files 3353 3354 +1
Lines 338269 338348 +79
Branches 35248 29480 -5768
=========================================
+ Hits 228786 228846 +60
- Misses 109292 109311 +19
Partials 191 191
Flags with carried forward coverage won't be shown. Click here to find out more.
π New features to boost your workflow:
|
Member
Author
|
@codex review latest code |
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5ea07c4075
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Member
Author
|
@codex review latest code |
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c2226a6a93
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
New users previously bounced through the home page before the async user state check hard-redirected them to /onboarding. Now every signup entry (email signup with/without email verification, first-time social OAuth and magic link via better-auth newUserCallbackURL) lands on /onboarding first. An explicit signup target is threaded through the callbackUrl query param, stashed in sessionStorage at onboarding entry, and restored at every onboarding finish point (classic agent picker, lite mode selection, agent flow completion panel).
The legacy needs-onboarding redirect now threads the page the user was on through the same callbackUrl mechanism, so finishing onboarding returns them there instead of always landing on home.
β¦Url threading Needs-onboarding users landing on agent pages with a message param now go through onboarding like everyone else; the threaded callbackUrl preserves the original target so the message is still delivered once onboarding completes.
- Reject backslash paths: browsers normalize \ to / in navigations, so /\evil.com would escape as a protocol-relative URL - Normalize same-origin absolute callback URLs (e.g. from the protected-route proxy) to relative paths instead of dropping them
A callback stashed by an abandoned onboarding attempt could be consumed by a later attempt in the same tab that landed on plain /onboarding, redirecting its completion to the previous target. Clear the stash on fresh top-level entries without a valid callbackUrl; internal step re-entries (?step=...) and branch paths keep it intact.
c2226a6 to
4bad732
Compare
Member
Author
|
@codex review latest code |
|
Codex Review: Didn't find any major issues. Swish! βΉοΈ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with π. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This was referenced Jun 10, 2026
arvinxx
added a commit
that referenced
this pull request
Jun 10, 2026
# π LobeHub Release (20260610) **Release Date:** June 10, 2026 **Since v2.2.2:** 131 merged PRs Β· 13 contributors > This weekly release strengthens agent collaboration across cloud, desktop, CLI, and workspace flows, with steadier runtime behavior and a broader foundation for workspace-scoped data. --- ## β¨ Highlights - **Agent execution across devices** β Unifies per-device working directories, project skill discovery, and sub-agent suspend/resume behavior across server, QStash, and device RPC flows. (#15543, #15566, #15481, #15620, #15591) - **Connector and sandbox platform** β Expands connector permissions, custom OAuth MCP connector onboarding, sandbox provider support, and user-uploaded file sync into cloud sandbox runs. (#15463, #15546, #15184, #15550) - **Desktop and CLI reliability** β Fixes desktop cold-start, auto-update, Windows build, CLI skill discovery, and `lh connect` agent dispatch paths. (#15547, #15525, #15527, #15562, #15632, #15634) - **Pages and sharing** β Refreshes topic sharing, improves Page Editor layout behavior, and routes Page Agent tool execution through the server-side editor path. (#15581, #15556, #15588, #15023, #15610) - **Model availability and provider updates** β Adds user-scoped LobeHub model availability, Claude Fable 5, Qwen thinking preservation, and MiniMax M3 updates. (#15590, #15639, #13494, #15376) --- ## ποΈ Core Product & Architecture ### Agent Runtime & Heterogeneous Agents - Improves sub-agent lifecycle handling, including async suspend/resume, queue-mode QStash resume delivery, and blocking nested sub-agent calls. (#15481, #15620, #15575) - Stabilizes heterogeneous agent ingestion and streaming with raw stream dumps, per-turn usage, image forwarding on regenerate, and duplicate-text fixes. (#15602, #15577, #15592, #15585) - Adds execution-device and working-directory controls across device RPC, legacy defaults, and remote-spawned Claude Code sessions. (#15543, #15566, #15591, #15572) - Improves runtime diagnostics and compatibility, including Gemini multimodal output capture, abort stream semantics, and trace quality analysis. (#15535, #13677, #15508) --- ## π± Platforms, Integrations & UX ### Connectors, Sandbox & Tools - Ships API-level connector tool permissions, custom OAuth MCP connector onboarding, and connector-first runtime execution. (#15463, #15546) - Adds sandbox provider support, cloud sandbox file sync, and safer external URL file input handling with SSRF validation. (#15184, #15550, #12657) - Improves tool visibility and execution with pinned app-fixed tools, ANSI output rendering, gateway-tunneled MCP calls, and automatic headless tool runs. (#15509, #15516, #15469, #15492) ### Desktop, CLI & Web UX - Restores desktop startup and reload behavior, preserves IPC error causes, and keeps the tab bar new-tab action visible across routes. (#15547, #15597, #15638) - Fixes desktop update and build stability for browser quit guards, macOS update signing, and Windows Visual Studio detection. (#15525, #15527, #15562) - Shows the plan-limit upgrade UI on desktop builds. (#15628) - Adds the Agent Run delivery checker and fixes CLI device dispatch plus skill list/search output. (#15489, #15634, #15632) - Refreshes onboarding, auth source preservation, topic UI states, referral/Fable campaign copy, and chat-input control bar behavior. (#15629, #15544, #15573, #15614, #15616, #15617, #15622, #15643) --- ## π Security, Reliability & Rollout Notes - External URL file input now includes SSRF validation for safer Google file handling. (#12657) - Database workspace-scope migrations are part of this release; self-hosted operators should run the normal migration path before serving the updated app. (#15446, #15465, #15468, #15472) - The release branch was re-cut from `canary` and includes the latest `main` release-version commit so `v2.2.2` is the verified compare base. --- ## π₯ Contributors @ONLY-yours, @sxjeru, @hardy-one, @xujingli, @hezhijie0327, @Coooolfan, @arvinxx, @tjx666, @Innei, @rivertwilight, @rdmclin2, @cy948, @AmAzing129 **Full Changelog**: v2.2.2...release/weekly-20260610-recut-3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
π» Change Type
π Related Issue
None
π Description of Change
New users previously bounced through the home page after signup: the page rendered, the async user-state fetch resolved, and only then did the client hard-redirect to
/onboarding, causing a visible flash.Now every signup entry lands on
/onboardingdirectly:useSignUp):signUp.emailcallbackURL, the verify-email param, and the successrouter.pushall go through the newbuildOnboardingRedirectUrlhelper β covers both email-verification on/off paths.useSignIn): pass better-auth's nativenewUserCallbackURL, so only newly created accounts land on onboarding; existing users are unaffected.useUserStateRedirect): now threads the page the user was on, so finishing onboarding returns them there instead of always landing on home. The previous skip for agent pages with amessageparam (β¨ feat(onboarding): skip redirect when landing on agent/inbox with message paramΒ #15256) is removed β these users now go through onboarding like everyone else, and the threaded callbackUrl keeps themessageintact so it is delivered right after onboarding completes.An explicit signup target (e.g. marketplace "Try in LobeHub" links) is threaded through the
callbackUrlquery param, stashed in sessionStorage at onboarding entry (survives internal route hops and mid-flow refreshes), and consumed at every onboarding finish point:AgentPickerStep)ModeSelectionStep)CompletionPanel, original target wins over the onboarding topic)Only same-site relative paths are accepted as redirect targets (open-redirect guard).
trackOnboardingCompletednow reports the real target URL.π§ͺ How to Test
/onboardingdirectly, no home flash./onboarding./onboarding; existing account login behavior unchanged./signup?callbackUrl=%2Fagent%2Fxxx%3Fmessage%3Dhi, sign up and finish onboarding (any branch) β returns to/agent/xxx?message=hi./settingsβ redirected to onboarding, finishing returns to/settings./agent/inbox?message=hiβ redirected to onboarding, finishing returns to/agent/inbox?message=hiand the message auto-sends.π Additional Information
No new routes, no schema changes. Desktop builds are unaffected (no stashed target β all finish points behave as before).