v0.7.5

# v0.7.5 — Network Proxy, Webhooks & Community Fixes

---

## Features

- **Network proxy support** — configure HTTP/HTTPS proxies with bypass rules directly from App Settings. The proxy engine routes traffic through `undici` ProxyAgent instances, respects `NO_PROXY` rules, and configures both Node and Electron browser sessions. (46049d28, 0ed01c48, 81d1b1c3, 0da3f265)
- **Webhook actions for automations** — automations can now fire HTTP webhooks with configurable auth, form payloads, response capture, replay, and persistent retry with exponential backoff. (993c75ce, 588aab6c)
- **Gemini 3.1 Flash Lite** — added to Google AI Studio preferred defaults. Thanks to [@naishyadav](https://github.com/naishyadav) for the suggestion in [#357](#357). (e36e9a22)
- **Dismiss working directory history items** — hover-visible X button on each recent directory entry to remove it from history. Thanks to [@jjjrmy](https://github.com/jjjrmy) ([#346](#346)) and [@jonzhan](https://github.com/jonzhan) ([#391](#391)) for requesting this. (3bd55d6d)

## Improvements

- **History truncation** — consolidated all history field truncation to a single `HISTORY_FIELD_MAX_LENGTH` constant instead of scattered hardcoded limits (8689a1d4)
- **Craft source docs** — added Collections section to guide with emphasis on the nested title + properties item format (0837afa0)

## Bug Fixes

- **MiniMax CN authentication** — removed incorrect `minimax-cn → minimax` alias, added lightweight direct HTTP test for Pi providers, and stripped MiniMax-prefix for CN API compatibility. Thanks to [@Kathie-yu](https://github.com/Kathie-yu) ([#396](#396)) and [@RimuruW](https://github.com/RimuruW) ([#386](#386)) for reporting. Fixes [#396](#396). (612c0e7e)
- **Inline code in messages** — text between inline badges (sources, skills, files) now renders through the Markdown component, restoring inline code, bold, italic, and links. Thanks to [@linusrogge](https://github.com/linusrogge) for reporting [#378](#378). Fixes [#378](#378). (e7f88a38)
- **Zod/JSON Schema passthrough** — default Zod object schemas to `.passthrough()` to match JSON Schema semantics where `additionalProperties` defaults to `true`. Also preserved `additionalProperties` in MCP proxy tool schema round-trip. Fixes tools with loosely-typed schemas silently losing fields. (cf4b6ac1, 42c173cf)
- **Self-signed TLS certificates** — accept self-signed certificates for the configured remote server origin, fixing `ERR_CERT_AUTHORITY_INVALID` on `wss://` connections (7148ebec)
- **File attachment in thin client mode** — paperclip button now uses browser-native `FileReader` API instead of server-side `fs.readFile()`, fixing silent failures when client and server filesystems differ (680cd197)
- **URL linkification** — strip trailing markdown characters (`**`, etc.) from linkified URLs that were producing broken links (24385e78, 65b8f350)
- **Automation action badges** — sidebar now shows correct "Prompt" / "Webhook" badges based on actual action types instead of hardcoding "Prompt" (dc422573)
- **Packaged server path fallback** — added `dist/resources` fallback for builds where `extraResources` output layout differs (edc5f61f)
- **`$CRAFT_EVENT_DATA` missing labels** — all automation event payloads now include the session's current `labels` array, so webhooks and scripts can access label data. Fixes [#406](#406). (0f98f090)
- **Multi-select non-adjacent sessions** — Cmd-click now always toggles selection (standard OS behavior); opening in a new panel moves to Cmd-Shift-click. Fixes [#404](#404). (d4d7aff1)
- **@ mention autocomplete with spaces** — spaces are now allowed in file mention queries (e.g. `@app availability.md`). The menu auto-closes Slack-style when a space produces no matches. Thanks to [@alexzadeh](https://github.com/alexzadeh) for reporting [#398](#398). Fixes [#398](#398). (1d063177)

---

Author: github-actions[bot]

apps/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@craft-agent/cli",
-  "version": "0.7.4",
+  "version": "0.7.5",
   "description": "Terminal client for Craft Agent server",
   "type": "module",
   "main": "src/index.ts",

apps/cli/src/commands.test.ts

@@ -234,9 +234,11 @@ describe('parseArgs', () => {
 import { getValidateSteps } from './index.ts'
 
 describe('getValidateSteps', () => {
-  it('returns 21 steps', () => {
+  it('returns a non-empty array of steps', () => {
     const steps = getValidateSteps()
-    expect(steps.length).toBe(27)
+    expect(steps.length).toBeGreaterThan(0)
+    // Sanity: at least the known lifecycle groups exist
+    expect(steps.length).toBeGreaterThanOrEqual(20)
   })
 
   it('first step is handshake', () => {
@@ -249,6 +251,11 @@ describe('getValidateSteps', () => {
     expect(steps[steps.length - 1].name).toBe('Disconnect')
   })
 
+  it('has no duplicate step names', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    expect(new Set(names).size).toBe(names.length)
+  })
+
   it('includes session lifecycle steps (create, read, delete)', () => {
     const steps = getValidateSteps()
     const names = steps.map((s) => s.name)
@@ -285,6 +292,29 @@ describe('getValidateSteps', () => {
     expect(names).toContain('skills:delete')
   })
 
+  it('includes automation lifecycle steps', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    expect(names).toContain('automation:create')
+    expect(names).toContain('automation:trigger (status change)')
+    expect(names).toContain('automation:verify session')
+    expect(names).toContain('automation:verify labels')
+    expect(names).toContain('automations:getLastExecuted')
+    expect(names).toContain('automation:cleanup')
+  })
+
+  it('includes session branching steps', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    expect(names).toContain('sessions:branch')
+    expect(names).toContain('sessions:branch verify')
+    expect(names).toContain('sessions:branch send')
+  })
+
+  it('includes webhook validation steps', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    expect(names).toContain('webhook:test (RPC)')
+    expect(names).toContain('webhook:verify failure')
+  })
+
   it('creates session with allow-all permission mode', () => {
     const steps = getValidateSteps()
     const createStep = steps.find((s) => s.name === 'sessions:create')
@@ -302,4 +332,19 @@ describe('getValidateSteps', () => {
     expect(sourceDelete).toBeGreaterThan(skillDelete)
     expect(sessionDelete).toBeGreaterThan(sourceDelete)
   })
+
+  it('branching steps come after send message + tool use', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    const toolUse = names.indexOf('send message + tool use')
+    const branch = names.indexOf('sessions:branch')
+    expect(branch).toBeGreaterThan(toolUse)
+  })
+
+  it('automation cleanup comes before sources:delete', () => {
+    const names = getValidateSteps().map((s) => s.name)
+    const cleanup = names.indexOf('automation:cleanup')
+    const srcDelete = names.indexOf('sources:delete')
+    expect(cleanup).toBeGreaterThan(-1)
+    expect(cleanup).toBeLessThan(srcDelete)
+  })
 })

apps/cli/src/index.ts

@@ -777,6 +777,7 @@ export interface ValidateContext {
   automationsJsonBackup?: string | null
   /** Backup of existing automations-history.jsonl before overwrite (undefined = didn't exist) */
   automationsHistoryBackup?: string | null
+  branchedSessionId?: string
   onEvent?: (ev: { type: string; [key: string]: unknown }) => void
 }
 
@@ -1054,6 +1055,49 @@ export function getValidateSteps(): ValidateStep[] {
           'Use the Bash tool to run: echo TOOL_VALIDATION_OK', 90_000, true, undefined, ctx.onEvent)
       },
     },
+    // ----- Session branching -----
+    {
+      name: 'sessions:branch',
+      fn: async (client, ctx) => {
+        if (!ctx.createdSessionId || !ctx.workspaceId) return 'skipped (no session)'
+        const r = (await client.invoke('sessions:getMessages', ctx.createdSessionId)) as ValidateMessagesResponse
+        const messages = r?.messages ?? r?.conversation ?? []
+        const firstAssistant = messages.find((m) => m.role === 'assistant') as any
+        if (!firstAssistant?.id) throw new Error('No assistant message found to branch from')
+        const branch = (await client.invoke('sessions:create', ctx.workspaceId, {
+          name: `__cli-validate-branch-${Date.now()}`,
+          permissionMode: 'allow-all',
+          branchFromSessionId: ctx.createdSessionId,
+          branchFromMessageId: firstAssistant.id,
+        })) as any
+        ctx.branchedSessionId = branch?.id
+        return `branched at message ${firstAssistant.id} → session ${branch?.id}`
+      },
+    },
+    {
+      name: 'sessions:branch verify',
+      fn: async (client, ctx) => {
+        if (!ctx.branchedSessionId) return 'skipped (no branch)'
+        const r = (await client.invoke('sessions:getMessages', ctx.branchedSessionId)) as ValidateMessagesResponse
+        const messages = r?.messages ?? r?.conversation ?? []
+        const hasAssistant = messages.some((m) => m.role === 'assistant')
+        if (!hasAssistant) throw new Error('Branch missing assistant message')
+        const origR = (await client.invoke('sessions:getMessages', ctx.createdSessionId!)) as ValidateMessagesResponse
+        const origMessages = origR?.messages ?? origR?.conversation ?? []
+        if (messages.length >= origMessages.length) {
+          throw new Error(`Branch has ${messages.length} messages, expected fewer than original (${origMessages.length})`)
+        }
+        return `branch has ${messages.length} messages (original has ${origMessages.length})`
+      },
+    },
+    {
+      name: 'sessions:branch send',
+      fn: async (client, ctx) => {
+        if (!ctx.branchedSessionId) return 'skipped (no branch)'
+        return await waitForSendEvents(client, ctx.branchedSessionId,
+          'Reply with exactly: BRANCH_OK', 60_000, false, undefined, ctx.onEvent)
+      },
+    },
     // ----- Source lifecycle -----
     {
       name: 'sources:create',
@@ -1142,30 +1186,48 @@ SKILLEOF`, 90_000, true, undefined, ctx.onEvent)
       name: 'automation:create',
       fn: async (client, ctx) => {
         if (!ctx.createdSessionId || !ctx.workspaceRootPath) return 'skipped (no session or workspace)'
-        ctx.automationName = `CLI Validate Automation ${Date.now()}`
         const configPath = `${ctx.workspaceRootPath}/automations.json`
         const historyPath = `${ctx.workspaceRootPath}/automations-history.jsonl`
-        // Backup existing files before overwriting (protects real workspace data)
-        const { readFile } = await import('fs/promises')
-        ctx.automationsJsonBackup = await readFile(configPath, 'utf-8').catch(() => null)
+        const { readFile, writeFile } = await import('fs/promises')
+
+        // Check if config already exists (CI case — .github/agents/automations.json committed)
+        const existingConfig = await readFile(configPath, 'utf-8').catch(() => null)
+        if (existingConfig) {
+          try {
+            const parsed = JSON.parse(existingConfig)
+            const entries = parsed?.automations?.SessionStatusChange
+            if (Array.isArray(entries) && entries.length > 0) {
+              ctx.automationName = entries[0].name
+              return `config already loaded (${ctx.automationName})`
+            }
+          } catch { /* parse failed, overwrite below */ }
+        }
+
+        // Non-CI: backup + write directly (no LLM call needed)
+        ctx.automationsJsonBackup = existingConfig
         ctx.automationsHistoryBackup = await readFile(historyPath, 'utf-8').catch(() => null)
+        ctx.automationName = `CLI Validate Automation ${Date.now()}`
         const config = JSON.stringify({
           version: 2,
           automations: {
             SessionStatusChange: [{
               name: ctx.automationName,
               matcher: 'in-progress',
               labels: ['cli-validate-label'],
-              actions: [{ type: 'prompt', prompt: 'Reply with exactly: AUTOMATION_TRIGGERED' }],
+              actions: [
+                { type: 'prompt', prompt: 'Reply with exactly: AUTOMATION_TRIGGERED' },
+                { type: 'webhook', url: 'http://127.0.0.1:19999/validate-webhook',
+                  method: 'POST', bodyFormat: 'json',
+                  body: { event: '$CRAFT_EVENT', session: '$CRAFT_SESSION_ID' } },
+              ],
             }],
           },
         }, null, 2)
-        return await waitForSendEvents(client, ctx.createdSessionId,
-          `Use the Bash tool to run this exact command:
-cat > "${configPath}" << 'AUTOMATIONEOF'
-${config}
-AUTOMATIONEOF`, 90_000, true, undefined, ctx.onEvent)
-          .then((r) => { ctx.createdAutomation = true; return r })
+        await writeFile(configPath, config)
+        ctx.createdAutomation = true
+        // ConfigWatcher auto-detects automations.json changes (debounced)
+        await new Promise((r) => setTimeout(r, 2000))
+        return `wrote config (${ctx.automationName})`
       },
     },
     {
@@ -1263,13 +1325,62 @@ AUTOMATIONEOF`, 90_000, true, undefined, ctx.onEvent)
         return `${entries.length} automation(s), latest ran ${Math.round((Date.now() - recent[1]) / 1000)}s ago`
       },
     },
+    // ----- Webhook validation -----
+    {
+      name: 'webhook:test (RPC)',
+      fn: async (client, ctx) => {
+        if (!ctx.workspaceId) return 'skipped (no workspace)'
+        const r = (await client.invoke('automations:test', {
+          workspaceId: ctx.workspaceId,
+          actions: [{
+            type: 'webhook',
+            url: 'http://127.0.0.1:19999/validate-test',
+            method: 'GET',
+          }],
+        })) as any
+        const result = r?.actions?.[0]
+        if (result?.success) throw new Error('Expected webhook to fail (nothing listening)')
+        if (!result?.error && result?.statusCode !== 0) throw new Error('Expected error or statusCode 0 in result')
+        return `correctly failed: ${(result.error ?? `statusCode=${result.statusCode}`).slice(0, 80)}`
+      },
+    },
+    {
+      name: 'webhook:verify failure',
+      fn: async (client, ctx) => {
+        if (!ctx.workspaceRootPath) return 'skipped (no workspace root)'
+        const { readFile } = await import('fs/promises')
+        const historyPath = `${ctx.workspaceRootPath}/automations-history.jsonl`
+        const content = await readFile(historyPath, 'utf-8').catch(() => '')
+        const lines = content.trim().split('\n').filter(Boolean)
+        const entries = lines.map((l) => { try { return JSON.parse(l) } catch { return null } }).filter(Boolean)
+        const webhookEntries = entries.filter((e: any) => e.webhook)
+        if (webhookEntries.length === 0) throw new Error('No webhook history entries found')
+        // Find a recent failed webhook entry (within last 2 minutes)
+        const recentThreshold = Date.now() - 120_000
+        const recentFailed = webhookEntries.find((e: any) =>
+          !e.ok && e.ts > recentThreshold && e.webhook?.method === 'POST'
+        )
+        if (!recentFailed) throw new Error('No recent failed webhook entry found in history')
+        return `webhook failure recorded: method=${recentFailed.webhook.method}, url=${recentFailed.webhook.url?.slice(0, 50)}`
+      },
+    },
     {
       name: 'automation:cleanup',
       fn: async (client, ctx) => {
         const cleaned = await cleanupAutomationArtifacts(client, ctx)
         return cleaned.length > 0 ? `cleaned: ${cleaned.join(', ')}` : 'nothing to clean'
       },
     },
+    {
+      name: 'sessions:branch delete',
+      fn: async (client, ctx) => {
+        if (!ctx.branchedSessionId) return 'skipped (no branch)'
+        await client.invoke('sessions:delete', ctx.branchedSessionId)
+        const id = ctx.branchedSessionId
+        ctx.branchedSessionId = undefined
+        return `deleted branch session: ${id}`
+      },
+    },
     {
       name: 'sources:delete',
       fn: async (client, ctx) => {
@@ -1413,6 +1524,15 @@ export async function runValidation(client: CliRpcClient, jsonMode: boolean, noS
     }
   }
 
+  // Cleanup: branched session
+  if (ctx.branchedSessionId && client.isConnected) {
+    try {
+      await client.invoke('sessions:delete', ctx.branchedSessionId)
+    } catch {
+      // best effort
+    }
+  }
+
   // Cleanup: if a session was created but delete step hasn't run or failed
   if (ctx.createdSessionId && client.isConnected) {
     try {

apps/electron/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@craft-agent/electron",
-  "version": "0.7.4",
+  "version": "0.7.5",
   "description": "Electron desktop app for Craft Agents",
   "main": "dist/main.cjs",
   "private": true,