v0.7.1

# v0.7.1 — Stability & Reliability

---

## Improvements

- **Pi agent engine 0.56.2** — updated from 0.55.0 with GPT-5.4 support (openai, openai-codex, azure-openai-responses), gpt-5.3-codex fallback for GitHub Copilot, Mistral native conversations integration, and OpenCode Go provider support
- **Automation session titles** — automation-initiated sessions now use the automation's name as the session title instead of a truncated prompt snippet; AI title generation is skipped for these sessions (861a5974, 79b9ebb4)
- **CLI validate-server** — added `--disable-spinner` / `--no-spinner` flag for CI environments; validate-server auto-bootstraps a temp workspace and LLM connection when none exist (84b3378c, 1ea478d7)

## Bug Fixes

- **Branch creation reliability** — fixed a race condition where `ERR_STREAM_WRITE_AFTER_END` from the SDK's `ProcessTransport` left branch creation in an infinite loading state; added 15s timeout with interrupt-based cancellation for hung preflight queries (8ff37102, 0dc1d2e6)
- **Base64 false positives** — replaced heuristic base64 detection with a strict canonicalization pipeline (charset regex, normalize, auto-pad, roundtrip verify) to eliminate false positives on English text and other non-base64 content. Fixes [#344](#344)
- **Cross-machine session recovery** — persist cleared `sdkSessionId` on session expiry recovery, preventing repeated stale-ID failures when syncing sessions across machines. Fixes [#342](#342)
- **Spawn ENOENT during auto-update** — detect app bundle swap during auto-update using structured error fields + regex fallback, with bounded single retry. Fixes [#268](#268)
- **Duplicate LLM connections on re-auth** — fixed stale React closure in `handleReauthenticateConnection` that generated new slugs (e.g. `chatgpt-plus-2`) instead of reusing existing ones; added `updateOnly` guard on the server side (b735f9df)
- **Codex token expiry** — Pi/Codex auth-expiry errors now route through the typed_error auth-retry pipeline instead of appearing as red error messages; global refresh mutex prevents cross-session token refresh races (1d85bc87)
- **Settings "Check Now" stuck at 0%** — unified `autoDownload` policy between Settings check and native menu so download-progress events arrive correctly (b8ad8c44)

Author: github-actions[bot]

apps/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@craft-agent/cli",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Terminal client for Craft Agent server",
   "type": "module",
   "main": "src/index.ts",

apps/electron/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@craft-agent/electron",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Electron desktop app for Craft Agents",
   "main": "dist/main.cjs",
   "private": true,

apps/electron/resources/release-notes/0.7.1.md

@@ -0,0 +1,19 @@
+# v0.7.1 — Stability & Reliability
+
+---
+
+## Improvements
+
+- **Pi agent engine 0.56.2** — updated from 0.55.0 with GPT-5.4 support (openai, openai-codex, azure-openai-responses), gpt-5.3-codex fallback for GitHub Copilot, Mistral native conversations integration, and OpenCode Go provider support
+- **Automation session titles** — automation-initiated sessions now use the automation's name as the session title instead of a truncated prompt snippet; AI title generation is skipped for these sessions (861a5974, 79b9ebb4)
+- **CLI validate-server** — added `--disable-spinner` / `--no-spinner` flag for CI environments; validate-server auto-bootstraps a temp workspace and LLM connection when none exist (84b3378c, 1ea478d7)
+
+## Bug Fixes
+
+- **Branch creation reliability** — fixed a race condition where `ERR_STREAM_WRITE_AFTER_END` from the SDK's `ProcessTransport` left branch creation in an infinite loading state; added 15s timeout with interrupt-based cancellation for hung preflight queries (8ff37102, 0dc1d2e6)
+- **Base64 false positives** — replaced heuristic base64 detection with a strict canonicalization pipeline (charset regex, normalize, auto-pad, roundtrip verify) to eliminate false positives on English text and other non-base64 content. Fixes [#344](https://github.com/lukilabs/craft-agents-oss/issues/344)
+- **Cross-machine session recovery** — persist cleared `sdkSessionId` on session expiry recovery, preventing repeated stale-ID failures when syncing sessions across machines. Fixes [#342](https://github.com/lukilabs/craft-agents-oss/issues/342)
+- **Spawn ENOENT during auto-update** — detect app bundle swap during auto-update using structured error fields + regex fallback, with bounded single retry. Fixes [#268](https://github.com/lukilabs/craft-agents-oss/issues/268)
+- **Duplicate LLM connections on re-auth** — fixed stale React closure in `handleReauthenticateConnection` that generated new slugs (e.g. `chatgpt-plus-2`) instead of reusing existing ones; added `updateOnly` guard on the server side (b735f9df)
+- **Codex token expiry** — Pi/Codex auth-expiry errors now route through the typed_error auth-retry pipeline instead of appearing as red error messages; global refresh mutex prevents cross-session token refresh races (1d85bc87)
+- **Settings "Check Now" stuck at 0%** — unified `autoDownload` policy between Settings check and native menu so download-progress events arrive correctly (b8ad8c44)

apps/electron/src/main/__tests__/connection-setup-updateOnly.test.ts

@@ -0,0 +1,126 @@
+/**
+ * Tests for the updateOnly guard in SETUP_LLM_CONNECTION.
+ *
+ * The updateOnly flag prevents accidental connection creation during
+ * re-authentication flows. When set, the handler must reject if the
+ * slug doesn't map to an existing connection.
+ *
+ * Since the handler is tightly coupled to the RPC server, we test the
+ * guard logic by mocking the config/credential layer and invoking
+ * the decision path directly.
+ */
+import { describe, it, expect, mock, beforeEach } from 'bun:test'
+import { createBuiltInConnection } from '@craft-agent/server-core/domain'
+import type { LlmConnectionSetup } from '@craft-agent/shared/protocol'
+
+// ============================================================
+// Simulated updateOnly guard logic
+// (mirrors the handler code in llm-connections.ts)
+// ============================================================
+
+interface MockDeps {
+  getLlmConnection: (slug: string) => unknown | null
+  deleteLlmCredentials: (slug: string) => Promise<void>
+  createBuiltInConnection: (slug: string, baseUrl?: string) => unknown
+  addLlmConnection: (conn: unknown) => boolean
+}
+
+/**
+ * Extracted guard logic from SETUP_LLM_CONNECTION handler.
+ * Returns { action, error? } indicating what the handler would do.
+ */
+function evaluateSetupGuard(
+  setup: Pick<LlmConnectionSetup, 'slug' | 'updateOnly'>,
+  deps: MockDeps,
+): { action: 'update' | 'create' | 'reject'; error?: string } {
+  const connection = deps.getLlmConnection(setup.slug)
+  if (connection) {
+    return { action: 'update' }
+  }
+  if (setup.updateOnly) {
+    // Handler would clean up orphaned credentials and reject
+    deps.deleteLlmCredentials(setup.slug).catch(() => {})
+    return { action: 'reject', error: 'Connection not found. Cannot re-authenticate a non-existent connection.' }
+  }
+  return { action: 'create' }
+}
+
+// ============================================================
+// Tests
+// ============================================================
+
+describe('SETUP_LLM_CONNECTION updateOnly guard', () => {
+  let mockDeleteCreds: ReturnType<typeof mock>
+
+  beforeEach(() => {
+    mockDeleteCreds = mock(() => Promise.resolve())
+  })
+
+  it('updateOnly=true + missing slug → rejects', () => {
+    const result = evaluateSetupGuard(
+      { slug: 'nonexistent', updateOnly: true },
+      {
+        getLlmConnection: () => null,
+        deleteLlmCredentials: mockDeleteCreds as any,
+        createBuiltInConnection,
+        addLlmConnection: () => true,
+      },
+    )
+    expect(result.action).toBe('reject')
+    expect(result.error).toContain('Connection not found')
+  })
+
+  it('updateOnly=true + missing slug → cleans up orphaned credentials', () => {
+    evaluateSetupGuard(
+      { slug: 'chatgpt-plus-2', updateOnly: true },
+      {
+        getLlmConnection: () => null,
+        deleteLlmCredentials: mockDeleteCreds as any,
+        createBuiltInConnection,
+        addLlmConnection: () => true,
+      },
+    )
+    expect(mockDeleteCreds).toHaveBeenCalledWith('chatgpt-plus-2')
+  })
+
+  it('updateOnly=true + existing slug → updates normally', () => {
+    const result = evaluateSetupGuard(
+      { slug: 'chatgpt-plus', updateOnly: true },
+      {
+        getLlmConnection: () => ({ slug: 'chatgpt-plus', name: 'ChatGPT Plus' }),
+        deleteLlmCredentials: mockDeleteCreds as any,
+        createBuiltInConnection,
+        addLlmConnection: () => true,
+      },
+    )
+    expect(result.action).toBe('update')
+    expect(mockDeleteCreds).not.toHaveBeenCalled()
+  })
+
+  it('default flow (no updateOnly) + missing slug → creates', () => {
+    const result = evaluateSetupGuard(
+      { slug: 'chatgpt-plus-2' },
+      {
+        getLlmConnection: () => null,
+        deleteLlmCredentials: mockDeleteCreds as any,
+        createBuiltInConnection,
+        addLlmConnection: () => true,
+      },
+    )
+    expect(result.action).toBe('create')
+    expect(mockDeleteCreds).not.toHaveBeenCalled()
+  })
+
+  it('default flow + existing slug → updates', () => {
+    const result = evaluateSetupGuard(
+      { slug: 'chatgpt-plus' },
+      {
+        getLlmConnection: () => ({ slug: 'chatgpt-plus' }),
+        deleteLlmCredentials: mockDeleteCreds as any,
+        createBuiltInConnection,
+        addLlmConnection: () => true,
+      },
+    )
+    expect(result.action).toBe('update')
+  })
+})

apps/electron/src/main/handlers/system.ts

@@ -267,7 +267,7 @@ export function registerSystemGuiHandlers(server: RpcServer, deps: HandlerDeps):
   // Auto-update handlers
   server.handle(RPC_CHANNELS.update.CHECK, async () => {
     const { checkForUpdates } = await import('../auto-update')
-    return checkForUpdates({ autoDownload: false })
+    return checkForUpdates({ autoDownload: true })
   })
 
   server.handle(RPC_CHANNELS.update.GET_INFO, async () => {

apps/electron/src/renderer/hooks/__tests__/useOnboarding.test.ts

@@ -121,3 +121,51 @@ describe('apiSetupMethodToConnectionSetup', () => {
     expect(setup.slug).toBe('claude-max-2')
   })
 })
+
+// ============================================================
+// Reauth slug regression tests
+// ============================================================
+
+describe('reauth slug resolution', () => {
+  it('slug override wins over null editingSlug (stale closure scenario)', () => {
+    // Simulates the reauth bug: editingSlug is null (stale closure),
+    // but connectionSlugOverride provides the correct slug.
+    const existingSlugs = new Set(['chatgpt-plus'])
+
+    // Without override: generates -2 (the bug)
+    const wrongSlug = resolveSlugForMethod('pi_chatgpt_oauth', null, existingSlugs)
+    expect(wrongSlug).toBe('chatgpt-plus-2')
+
+    // With override: reuses existing slug (the fix)
+    const correctSlug = resolveSlugForMethod('pi_chatgpt_oauth', 'chatgpt-plus', existingSlugs)
+    expect(correctSlug).toBe('chatgpt-plus')
+  })
+
+  it('apiSetupMethodToConnectionSetup uses override slug for reauth', () => {
+    const existingSlugs = new Set(['chatgpt-plus'])
+    const setup = apiSetupMethodToConnectionSetup(
+      'pi_chatgpt_oauth',
+      {},
+      'chatgpt-plus',  // override slug (reauth)
+      existingSlugs,
+    )
+    expect(setup.slug).toBe('chatgpt-plus')
+  })
+
+  it('new connection flow still generates unique slugs when base is taken', () => {
+    const existingSlugs = new Set(['chatgpt-plus'])
+    const setup = apiSetupMethodToConnectionSetup(
+      'pi_chatgpt_oauth',
+      {},
+      null,  // no editing slug (new connection)
+      existingSlugs,
+    )
+    expect(setup.slug).toBe('chatgpt-plus-2')
+  })
+
+  it('copilot reauth uses override slug', () => {
+    const existingSlugs = new Set(['github-copilot'])
+    const slug = resolveSlugForMethod('pi_copilot_oauth', 'github-copilot', existingSlugs)
+    expect(slug).toBe('github-copilot')
+  })
+})

apps/electron/src/renderer/hooks/useAutomations.ts

@@ -95,6 +95,7 @@ export function useAutomations(
     window.electronAPI.testAutomation({
       workspaceId: activeWorkspaceId,
       automationId: automation.id,
+      automationName: automation.name,
       actions: automation.actions,
       permissionMode: automation.permissionMode,
       labels: automation.labels,

apps/electron/src/renderer/hooks/useOnboarding.ts

@@ -59,7 +59,7 @@ interface UseOnboardingReturn {
 
   // Local model
   handleSubmitLocalModel: (data: LocalModelSubmitData) => void
-  handleStartOAuth: (methodOverride?: ApiSetupMethod) => void
+  handleStartOAuth: (methodOverride?: ApiSetupMethod, connectionSlugOverride?: string) => void
 
   // Claude OAuth (two-step flow)
   isWaitingForCode: boolean
@@ -224,6 +224,8 @@ export function useOnboarding({
       modelSelectionMode?: 'automaticallySyncedFromProvider' | 'userDefined3Tier'
     },
     methodOverride?: ApiSetupMethod,
+    connectionSlugOverride?: string,
+    updateOnly?: boolean,
   ): Promise<boolean> => {
     const method = methodOverride ?? state.apiSetupMethod
     if (!method) {
@@ -241,9 +243,11 @@ export function useOnboarding({
         models: options?.models,
         piAuthProvider: options?.piAuthProvider,
         modelSelectionMode: options?.modelSelectionMode,
-      }, editingSlug, existingSlugs)
+      }, connectionSlugOverride ?? editingSlug, existingSlugs)
       // Use new unified API
-      const result = await window.electronAPI.setupLlmConnection(setup)
+      const result = await window.electronAPI.setupLlmConnection(
+        updateOnly ? { ...setup, updateOnly: true } : setup
+      )
 
       if (result.success) {
         setState(s => ({ ...s, completionStatus: 'complete' }))
@@ -438,8 +442,8 @@ export function useOnboarding({
   // `method` is passed explicitly to break the stale-closure chain — the OAuth
   // await crosses renders, so handleSaveConfig's closure may have an outdated
   // state.apiSetupMethod.
-  const saveAndValidateConnection = useCallback(async (connectionSlug: string, method: ApiSetupMethod, credential?: string): Promise<boolean> => {
-    const saved = await handleSaveConfig(credential, undefined, method)
+  const saveAndValidateConnection = useCallback(async (connectionSlug: string, method: ApiSetupMethod, credential?: string, updateOnly?: boolean): Promise<boolean> => {
+    const saved = await handleSaveConfig(credential, undefined, method, connectionSlug, updateOnly)
     if (!saved) {
       setState(s => ({ ...s, credentialStatus: 'error' }))
       return false
@@ -461,7 +465,7 @@ export function useOnboarding({
   const [copilotDeviceCode, setCopilotDeviceCode] = useState<{ userCode: string; verificationUri: string } | undefined>()
 
   // Start OAuth flow (Claude or ChatGPT depending on selected method)
-  const handleStartOAuth = useCallback(async (methodOverride?: ApiSetupMethod) => {
+  const handleStartOAuth = useCallback(async (methodOverride?: ApiSetupMethod, connectionSlugOverride?: string) => {
     const effectiveMethod = methodOverride ?? state.apiSetupMethod
 
     if (methodOverride && methodOverride !== state.apiSetupMethod) {
@@ -488,11 +492,13 @@ export function useOnboarding({
     try {
       // ChatGPT OAuth (single-step flow - opens browser, captures tokens automatically)
       if (effectiveMethod === 'pi_chatgpt_oauth') {
-        const connectionSlug = apiSetupMethodToConnectionSetup(effectiveMethod, {}, editingSlug, existingSlugs).slug
+        const effectiveEditingSlug = connectionSlugOverride ?? editingSlug
+        const isReauth = !!effectiveEditingSlug
+        const connectionSlug = apiSetupMethodToConnectionSetup(effectiveMethod, {}, effectiveEditingSlug, existingSlugs).slug
         const result = await window.electronAPI.startChatGptOAuth(connectionSlug)
 
         if (result.success) {
-          await saveAndValidateConnection(connectionSlug, effectiveMethod)
+          await saveAndValidateConnection(connectionSlug, effectiveMethod, undefined, isReauth)
         } else {
           setState(s => ({
             ...s,
@@ -505,7 +511,9 @@ export function useOnboarding({
 
       // Copilot OAuth (device flow — polls for token after user enters code on GitHub)
       if (effectiveMethod === 'pi_copilot_oauth') {
-        const connectionSlug = apiSetupMethodToConnectionSetup(effectiveMethod, {}, editingSlug, existingSlugs).slug
+        const effectiveEditingSlug = connectionSlugOverride ?? editingSlug
+        const isReauth = !!effectiveEditingSlug
+        const connectionSlug = apiSetupMethodToConnectionSetup(effectiveMethod, {}, effectiveEditingSlug, existingSlugs).slug
 
         // Subscribe to device code event before starting the flow
         const cleanup = window.electronAPI.onCopilotDeviceCode((data) => {
@@ -516,7 +524,7 @@ export function useOnboarding({
           const result = await window.electronAPI.startCopilotOAuth(connectionSlug)
 
           if (result.success) {
-            await saveAndValidateConnection(connectionSlug, effectiveMethod)
+            await saveAndValidateConnection(connectionSlug, effectiveMethod, undefined, isReauth)
           } else {
             setState(s => ({
               ...s,
@@ -614,7 +622,7 @@ export function useOnboarding({
 
       if (result.success && result.token) {
         setIsWaitingForCode(false)
-        await saveAndValidateConnection(connectionSlug, 'claude_oauth', result.token)
+        await saveAndValidateConnection(connectionSlug, 'claude_oauth', result.token, !!editingSlug)
       } else {
         setState(s => ({
           ...s,

apps/electron/src/renderer/pages/settings/AiSettingsPage.tsx

@@ -686,7 +686,7 @@ export default function AiSettingsPage() {
       const method = connection.providerType === 'pi'
                    ? (connection.piAuthProvider === 'github-copilot' ? 'pi_copilot_oauth' : 'pi_chatgpt_oauth')
                    : 'claude_oauth'
-      apiSetupOnboarding.handleStartOAuth(method)
+      apiSetupOnboarding.handleStartOAuth(method, connection.slug)
     }
   }, [apiSetupOnboarding, openApiSetup])
 

apps/viewer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@craft-agent/viewer",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Web viewer for Craft Agents sessions - upload and share session transcripts",
   "private": true,
   "type": "module",