github lukilabs/craft-agents-oss v0.3.2
on GitHub

9 hours ago

v0.3.2 — Focus Mode & OAuth Improvements

Stay focused with the new Focus Mode. OAuth flows are now more robust and secure.

✨ Focus Mode

A new distraction-free mode that helps you concentrate on your work.

How It Works

Toggle Focus
Hide the sidebar and maximize your workspace to stay focused on the current task.

✨ Basic Auth Password Support

Sources with basic authentication can now optionally require a password field.

What's New

Flexible Authentication
Configure basic auth sources with passwordRequired: true to show both username and password fields in the credential prompt. APIs like Ashby that use API key as username with empty password are now supported.

Improvements

Theme & UI

  • Theme refinement and polish
  • Dark mode improvements — includes icon cache fix where configured icons now take precedence over auto-discovered local files (craft-agents-oss#121)
  • Workspace switching improvements
  • Centralized menu structure

OAuth & Security

  • Progressive OAuth metadata discovery per RFC 8414 — fixes OAuth with Ahrefs MCP and similar servers that have multiple path segments in their URLs (craft-agents-oss#152)
  • Removed baked-in Google OAuth credentials from build — users now provide their own credentials via source config
  • Added credential validation check to source_google_oauth_trigger

Documentation

  • Consolidated Google OAuth setup docs into single page
  • Added passwordRequired parameter documentation for basic auth

Security

  • Path traversal vulnerability fixed in STORE_ATTACHMENT IPC handler — malicious sessionId values could previously escape the workspace directory and write files anywhere on the filesystem (craft-agents-oss#142, reported by @xeloxa)

Bug Fixes

  • Viewer: Fixed rendering issues including Mermaid diagrams in shared sessions (craft-agents-oss#145, craft-agents-oss#108)
  • EditPopover: Constrained drag handle within viewport bounds — prevents popover from being dragged outside the application window
  • EditPopover: Fixed titlebar drag interference with popover drag handle
  • Install script: Use YAML files for checksums — fixes 404 errors on Linux installs due to missing manifest.json
  • Shell: Fixed shell issues in centralized menu

GitHub Issues

Issue Title Status
#108 Mermaid rendering looks weird Fixed
#121 Icon caching - old icon.svg still used after deletion Fixed
#142 Path traversal vulnerability in STORE_ATTACHMENT Fixed (reported by @xeloxa)
#145 Shared session do not support Mermaid rendering Fixed
#152 normalizeMcpUrl appends '/mcp' - breaks non-/mcp endpoints Partially addressed

Stats

  • 83 files changed
  • ~4,400 lines added
  • ~1,200 lines removed

Full Changelog: v0.3.1...v0.3.2

Check out latest releases or
releases around lukilabs/craft-agents-oss v0.3.2

Don't miss a new craft-agents-oss release

NewReleases is sending notifications on new releases.

Get notifications