fix: pin CLI versions in all Dockerfiles using ARG for reproducible builds#1
Open
chaodu-agent wants to merge 46 commits intomainfrom
Open
fix: pin CLI versions in all Dockerfiles using ARG for reproducible builds#1chaodu-agent wants to merge 46 commits intomainfrom
chaodu-agent wants to merge 46 commits intomainfrom
Conversation
The helm install examples used a stale commit SHA (78f8d2c) from PR openabdev#145. Now that tag-driven releases produce :latest on stable promote, use that instead. Co-authored-by: thepagent <thepagent@users.noreply.github.com>
* feat: resize and compress images before base64 encoding Follow OpenClaw's approach to prevent large image payloads from exceeding JSON-RPC transport limits (Internal Error -32603). Changes: - Add image crate dependency (jpeg, png, gif, webp) - Resize images so longest side <= 1200px (Lanczos3) - Re-encode as JPEG at quality 75 (~200-400KB after base64) - GIFs pass through unchanged to preserve animation - Fallback to original bytes if resize fails Fixes openabdev#209 * test: add unit tests for image resize and compression Tests cover: - Large image resized to max 1200px - Small image keeps original dimensions - Landscape/portrait aspect ratio preserved - Compressed output smaller than original - GIF passes through unchanged - Invalid data returns error * fix: preserve aspect ratio on resize + add fallback size check Address review feedback from @the3mi: - 🔴 Fix resize() to calculate proportional dimensions instead of forcing 1200x1200 (was distorting images) - 🟡 Add 1MB size check on fallback path when resize fails - Fix portrait/landscape test assertions to match correct aspect ratios * fix: restore post-download size check + use structured logging Address minor review feedback: - Restore defense-in-depth bytes.len() check after download - Use tracing structured fields (url = %url, error = %e) for consistency with codebase style --------- Co-authored-by: chaodu-agent <chaodu-agent@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
…abdev#138) fix: dedupe tool call display by toolCallId and sanitize titles
…enabdev#81) (openabdev#135) fix: prevent Discord message fragmentation during streaming (fixes openabdev#81)
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
…ev#225) * feat: support voice message STT (Speech-to-Text) for Discord Add optional STT support that transcribes Discord voice message attachments (audio/ogg) via any OpenAI-compatible /audio/transcriptions endpoint and injects the transcript into the ACP prompt as text. - New src/stt.rs: ~50-line module calling POST /audio/transcriptions - New SttConfig in config.rs: enabled, api_key, model, base_url - discord.rs: detect audio/* attachments, download, transcribe, inject - Defaults to Groq free tier (whisper-large-v3-turbo) - Supports any OpenAI-compatible endpoint via base_url (Groq, OpenAI, local whisper server, etc.) - Feature is opt-in: disabled by default, zero impact when unconfigured Closes openabdev#224 * fix: add json feature to reqwest for resp.json() in stt module * docs: add STT configuration and deployment guide * fix: address PR review feedback - Reuse shared HTTP_CLIENT in stt.rs instead of creating per-call client - Pass actual MIME type from attachment (not hardcoded audio/ogg) - Fix attachment routing: check audio first, avoid wasted image download - Add api_key validation at startup (fail fast on empty key) - Add response_format=json to multipart form (fixes local servers) - Update docs: clarify api_key requirement, add Technical Notes section * feat: auto-detect GROQ_API_KEY from env when stt.enabled=true If stt.enabled = true and api_key is not set in config, openab automatically checks for GROQ_API_KEY in the environment. This allows minimal config: [stt] enabled = true No api_key line needed if the env var exists. * fix: only auto-detect GROQ_API_KEY when base_url points to Groq Prevents leaking Groq API key to unrelated endpoints when user sets a custom base_url without explicitly setting api_key. * docs: clarify GROQ_API_KEY auto-detect scope in stt.md * fix: move STT auto-detect before handler construction The handler clones stt_config at construction time. Auto-detect was running after the clone, so the handler never received the detected api_key. Now auto-detect runs first. --------- Co-authored-by: openab-bot <openab-bot@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
* helm: add first-class STT config to chart
Add stt as a first-class config block in the Helm chart so users
can enable STT with a single helm upgrade command:
helm upgrade openab openab/openab \
--set agents.kiro.stt.enabled=true \
--set agents.kiro.stt.apiKey=gsk_xxx
- values.yaml: add stt defaults (enabled, apiKey, model, baseUrl)
- configmap.yaml: render [stt] section when enabled, using ${STT_API_KEY}
- secret.yaml: store apiKey in K8s Secret (same pattern as botToken)
- deployment.yaml: inject STT_API_KEY env var from Secret
API key stays out of the configmap — follows the existing
DISCORD_BOT_TOKEN pattern.
Closes openabdev#227
* docs: add Helm chart deployment section to stt.md
* docs: mention STT support in README with link to docs/stt.md
* fix(helm): fail fast when stt.enabled=true but apiKey is empty
---------
Co-authored-by: openab-bot <openab-bot@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Set image.tag to empty string so the Helm template falls back to .Chart.AppVersion. Closes openabdev#235
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
…o docs/ (openabdev#268) - README now shows only Kiro CLI (default) quick start - Each agent (Claude Code, Codex, Gemini) gets its own docs/<agent>.md - Multi-agent Helm setup moved to docs/multi-agent.md - Simplified Pod Architecture diagram - Collapsed reactions config into <details> tag - Added agent table with links to individual guides Co-authored-by: 超渡法師 <chaodu-agent@openab.dev>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
* feat: add GitHub Copilot CLI support - Add Dockerfile.copilot with Copilot CLI + gh CLI install - Add Copilot CLI config block to config.toml.example - Update README.md with Copilot CLI in agent table, Helm example, and manual config example Closes openabdev#19 * fix: address PR review feedback - Replace curl|bash with npm install for Copilot CLI (security) - Add note that only one [agent] block can be active at a time - Add experimental warning for Copilot auth * docs: add Copilot CLI agent backend guide * docs: add env config with unvalidated warning to copilot guide * fix: address thepagent review feedback on PR openabdev#265 - Remove misleading GITHUB_TOKEN env var from config.toml.example, replace with device flow comment - Update docs/copilot.md prerequisites: Free tier does not include CLI/ACP access, require Pro/Pro+/Business/Enterprise - Add persistence.enabled=true to Helm example (token lost on restart) - Add note that GHCR image is not published yet, build locally - Clean up Configuration section to remove unvalidated GITHUB_TOKEN --------- Co-authored-by: chaodu-agent <chaodu-agent@users.noreply.github.com>
openabdev#273) When Chart.yaml already has a beta version (e.g. 0.7.2-beta.1), increment the beta number (→ 0.7.2-beta.2) instead of stripping the suffix and bumping patch (→ 0.7.3-beta.1). Fixes openabdev#272 Co-authored-by: chaodu-agent <chaodu-agent@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Add copilot variant to build-image, merge-manifests, and promote-stable matrix blocks so CI publishes ghcr.io/openabdev/openab-copilot. Fixes openabdev#275 Co-authored-by: chaodu-agent <chaodu-agent@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
…nabdev#202) * feat: update issue templates and add completeness check workflow - Update bug.yml: add optional Environment and Screenshots/Logs fields - Update feature.yml: add optional Proposed Solution field - Update guidance.yml: broaden description to cover misc questions - Add documentation.yml: new template for documentation issues - Add issue-check.yml: GitHub Action to validate required fields, adds 'incomplete' label and comment when fields are missing, auto-removes when completed * feat: add check for issues created without template Issues created via API/CLI bypassing templates will now be flagged with 'incomplete' label and a comment asking the user to use an available template. * feat: add needs-triage label alongside incomplete Ensures all incomplete issues also get needs-triage label, so they are always visible during triage filtering. * fix: improve issue-check workflow reliability - Update no-template message to mention label requirement - Add concurrency to prevent duplicate runs on rapid edits - Skip repeated comments when issue already flagged as incomplete * fix: make field regex more tolerant of extra whitespace/newlines * fix: add note about preserving section headings in incomplete warning * fix: handle 404 on removeLabel to prevent script crash --------- Co-authored-by: ChunHao-dev <ChunHao-dev@users.noreply.github.com>
…nabdev#180) * feat: add markdown table conversion pipeline with pulldown-cmark - Introduce pulldown-cmark as markdown parser for accurate table detection - Add TableMode config (code/bullets/off) via [markdown] section in config.toml - Convert detected tables before sending final content to Discord - Design as reusable pipeline for future multi-channel support Closes openabdev#178 * fix: address PR review — unicode width, inline markup, trailing newline - Use unicode-width crate for column width calculation (fixes CJK/emoji alignment) - Use saturating_sub for padding to prevent underflow - Handle inline markup inside table cells (bold, italic, strikethrough, link) - Convert SoftBreak/HardBreak to space inside cells - Fix trailing blank line after last row in bullets mode * fix: strip backticks in code mode; split_message is code-fence-aware - parse_segments now takes a mode parameter: in Code mode, Event::Code cells omit the backtick wrapping since the table is already inside a fenced code block and backticks would render as literal characters. Bullets mode keeps backticks as they are valid inline markdown. - split_message now tracks whether the cursor is inside a fenced code block (``` ... ```). When a chunk boundary falls mid-block, the current chunk is closed with ``` and the next chunk is reopened with ```, so each Discord message renders the code block correctly. - Tests added for both fixes. --------- Co-authored-by: JARVIS-coding-Agent <jarvis@openab.dev> Co-authored-by: OpenAB Agent <agent@openab.dev>
image: 920ae7e Co-authored-by: openab-app[bot] <274185012+openab-app[bot]@users.noreply.github.com>
…ark (openabdev#180)" This reverts commit 920ae7e.
Revert "feat: Add markdown table conversion pipeline with pulldown-cmark (openabdev#180)"
This reverts commit b41b71c.
…b41b71c Revert "chore: bump chart to 0.7.3-beta.56 (openabdev#279)"
release: v0.7.3-beta.1
Fixes openabdev#309 — session pool leaks memory due to orphaned grandchild processes and no session resume capability. Changes: - Replace kill_on_drop with process groups (setpgid + kill(-pgid)) so the entire process tree is killed on session cleanup - 3-stage graceful shutdown: stdin close → SIGTERM → SIGKILL - Store agentCapabilities.loadSession from initialize response - Add session/load method for resuming suspended sessions - Suspend sessions on eviction (save sessionId) instead of discarding - Resume via session/load on reconnect, fallback to session/new - LRU eviction when pool is full (evict oldest idle session) - Lower default session_ttl_hours from 24 to 4 Memory impact on 3.6 GB host: Before: 10 x 300 MB = 3 GB (idle sessions kept alive + orphaned grandchildren) After: 1-2 x 300 MB = 300-600 MB (idle sessions suspended, reloaded on demand)
The drop(self.stdin.clone()) only drops a cloned Arc, not the actual ChildStdin. SIGTERM on the next line handles shutdown. Removed the misleading comment and simplified to 2-stage: SIGTERM → SIGKILL.
…iability Addresses triage review on openabdev#310: 🔴 SUGGESTED CHANGES: - Merge connections + suspended into single PoolState struct under one RwLock to eliminate nested lock acquisition and deadlock risk - suspend_entry() is now a plain fn operating on &mut PoolState (no async, no separate lock) - cleanup_idle() collects stale keys and suspends under one lock hold - child_pid changed to child_pgid: Option<i32> using i32::try_from() to prevent kill(0, SIGTERM) on PID 0 and overflow on PID > i32::MAX 🟡 NITS: - setpgid return value now checked — returns Err on failure so spawn fails instead of silently creating a process without its own group - SIGKILL escalation uses std::thread::spawn instead of tokio::spawn so it fires even during runtime shutdown or panic unwinding
…rocess-groups-and-resume fix: process group kill + session suspend/resume via session/load
release: v0.7.3-beta.2
release: v0.7.3
Adds a 3-value enum config option to control bot-to-bot message handling, inspired by Hermes Agent's DISCORD_ALLOW_BOTS and OpenClaw's allowBots: - "off" (default): ignore all bot messages — no behavior change - "mentions": only process bot messages that @mention this bot - "all": process all bot messages, capped at MAX_CONSECUTIVE_BOT_TURNS (10) Safety: self-ignore always applies, "mentions" is a natural loop breaker, "all" uses cache-first history check with fail-closed on API errors. Case-insensitive deserialization, accepts "none"/"false" → off, "true" → all. AllowBots::Off naming avoids confusion with Option::None. Closes openabdev#319
…uilds - Dockerfile: pin kiro-cli to 2.0.0 (use prod.download.cli.kiro.dev) - Dockerfile.codex: pin @openai/codex to 0.120.0 - Dockerfile.claude: pin @anthropic-ai/claude-code to 2.1.107 - Dockerfile.gemini: pin @google/gemini-cli to 0.37.2 - Dockerfile.copilot: pin @github/copilot to 1.0.25 Kiro CLI version can be checked via: curl -fsSL https://prod.download.cli.kiro.dev/stable/latest/manifest.json | jq -r '.version' Closes openabdev#325
chaodu-agent
force-pushed
the
fix/pin-cli-versions
branch
from
4d01f11 to
7e88199
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pin all CLI dependency versions in Dockerfiles using
ARGdirectives for reproducible builds. Changing theARGvalue automatically busts the Docker layer cache, and version bumps are visible in git diff.Changes
DockerfileKIRO_CLI_VERSIONDockerfile.codexCODEX_VERSIONDockerfile.claudeCLAUDE_CODE_VERSIONDockerfile.geminiGEMINI_CLI_VERSIONDockerfile.copilotCOPILOT_VERSIONPreviously pinned dependencies (
codex-acp@0.9.5,claude-agent-acp@0.25.0) are left unchanged.How it works
Each Dockerfile now declares an
ARGwith a default version before theRUNthat installs the CLI:For kiro-cli, the
latestpath segment is replaced with the version number:Closes openabdev#325