github lukilabs/craft-agents-oss v0.4.4
on GitHub

latest release: v0.4.5
8 hours ago

v0.4.4 — Codex Auth Overhaul and Stability Fixes

Comprehensive fixes for Codex source authentication, OAuth token refresh, and session stability. This release resolves persistent auth failures, OOM crashes, and reconnect races.

🔐 MCP & OAuth Token Refresh

  • Fixed OAuth token refresh deadlock where expired sources got permanently stuck in needs_auth until manual re-authentication (dc019c66)
  • Fixed isOAuthSource() conflating type-checking with auth-state-checking, preventing the token refresh manager from ever refreshing expired tokens (dc019c66)
  • Fixed ensureFreshToken/needsRefresh mismatch where missing expiresAt caused infinite refresh-but-skip loop every turn (7a0f09e1)
  • Proactively refresh tokens when expiresAt is undefined, handling pre-existing credentials stored without expiry (874edf28)
  • Default expires_in to 3600s when missing from OAuth token responses, preventing tokens from never being refreshed (874edf28)
  • Restore auth state (disk + in-memory) after successful token refresh (dc019c66)

🔌 Codex

  • Fixed MCP auth headers: config generator now writes http_headers instead of headers, which was silently dropping auth tokens for all MCP sources (874edf28)
  • Sources authenticated mid-session are now auto-enabled and immediately available to Codex (b8d358eb)
  • Fixed race between deferred reconnect and next Codex turn after OAuth mid-session (d190b9b1)
  • Hardened reconnect races and output accumulation to prevent deadlocks and orphaned promises (7a0f09e1)
  • Improved Codex tool discovery and auth failure guidance (a5158d66)
  • Prevented OOM from unbounded tool output — command and MCP output truncated at 100K chars in event adapter, 200K char safety net at persistence layer (f66241d6)

🤖 Copilot

  • Fixed Copilot CLI not found in packaged builds — native binary now vendored per-platform, resolving import_meta.resolve is not a function errors on login (eb02eeb9)
  • Added 30-second timeout to Copilot auth model fetching to prevent infinite hang (Fixes #228) (c8f46f59)
  • Fixed Copilot interceptor missing from Windows build pipeline (fc619f63)

🐛 Bug Fixes

  • Fixed label badge removal broken by non-unique React keys (dbeaeafe)
  • Restored auto-update UI from v0.3.5 — download progress shown inline, correct "Restart to Update" wording (4172405d)
  • Resolved all TypeScript errors in shared package (0e911fe8)
  • Added missing croner dependency to shared package (df753215)
  • Added session-mcp-server and bridge-mcp-server to OSS allow list (Fixes #226) (101ebf99)

📖 Documentation

  • Added hooks usage examples, prompts, and TodoStateChange event guidance
  • Published hooks documentation to online docs
  • Added example for disabling hooks without removing them
Check out latest releases or
releases around lukilabs/craft-agents-oss v0.4.4

Don't miss a new craft-agents-oss release

NewReleases is sending notifications on new releases.

Get notifications