github lukilabs/craft-agents-oss v0.8.2
on GitHub

15 hours ago

v0.8.2 — WebUI OAuth, Browser Control & Search Reliability

Features

  • Built-in browser toggle — Added a Settings option to disable the built-in browser_tool when you prefer an external browser MCP or a real logged-in browser session instead. (Fixes #497)
  • Unified WebUI source OAuth — Browser-based source authentication now routes through a stable relay callback with server-side completion, making WebUI OAuth flows work more reliably for Google, Microsoft, Slack, and MCP-backed sources.
  • WebUI installable app assets — Added favicon, manifest, and Apple touch icon support for the browser UI.
  • Faster filesystem-heavy tasks — Added per-session caching for expensive filesystem operations, reducing repeated overhead during agent turns.

Improvements

  • WebUI auth hardening — Replaced the hand-rolled JWT path with jose, hashed passwords with argon2id, and added a global rate limiter for headless/WebUI auth endpoints.
  • Headless deployment docs — Expanded the self-hosted server documentation with Cloudflare Tunnel guidance and clearer Docker/Home-directory troubleshooting.
  • Visual polish — Improved dark-mode contrast in the app and aligned styling with the default theme values.
  • Release notes metadata cleanup — Fixed missing version headers in the in-app “What’s New” release notes.

Bug Fixes

  • WebUI Google OAuth redirect mismatch — Fixed redirect_uri_mismatch in WebUI by using a stable provider-facing callback (https://agents.craft.do/auth/callback) and relaying the real target through state.
  • Search reliability and count consistency — Fixed several search regressions: older sessions are matched more reliably, cross-node matches inside syntax-highlighted code blocks are found correctly, badge counts now align with actual highlighted matches, and WebUI/remote search degrades more gracefully when ripgrep is unavailable. (Partially addresses #394)
  • Search highlighting stability — Reworked highlight rendering around the CSS Custom Highlight API to avoid stale refs, cancelled RAFs, and stylesheet warnings.
  • OAuth callback plumbing — Wired oauthCallbackDeps through server bootstrap so WebUI callback completion consistently reaches the correct server-side flow.
  • Attachment filtering — Broadened the base64 filter to catch attachment thumbnails and avoid false-positive search hits.
  • Routing and link fixes — Fixed the marketing route and updated download links to match the current artifact naming.

Breaking Changes

  • None.
Check out latest releases or
releases around lukilabs/craft-agents-oss v0.8.2

Don't miss a new craft-agents-oss release

NewReleases is sending notifications on new releases.

Get notifications