Avibe v3.0.2
Highlights
- You can now enable, disable, and update IM platform credentials from Settings without restarting Avibe. The Platforms page is a single inline flow, validates credentials before enabling, shows apply state, and asks before disabling a platform. (#564, #566, #567, #558)
- Remote access login now works from installed standalone PWAs, including iOS. Failed OAuth callbacks now show a friendly re-login page instead of raw JSON, and the unauthenticated auth path is hardened. (#568)
vibe agent runis better for delegated work: async runs can call back into the caller session with only the final result, and new run sessions now use the invocation directory by default or an explicit--cwd. (#550, #551, #562)- Upgrades and runtime installs are more reliable: Avibe schedules a managed restart after upgrading a running install, agent backends are installed under the service user so self-update works, and Show Runtime assets stay consistent with the PyPI manifest. (#553, #545, #557)
Changes
Added
- Added async Agent Run callback sessions for returning delegated run results to the caller session. (#550)
- Added
vibe agent run --cwdand made sessionless / newly created run sessions follow the CLI invocation cwd. (#562) - Added Telegram structured Markdown delivery via Bot API
sendRichMessage, with fallback to the legacysendMessagepath. (#569)
Changed
- Redesigned Platforms settings into a single always-open inline configuration flow and removed the user-facing “primary platform” control. (#564)
- Applied platform enable / disable / credential changes through hot runtime reconciliation instead of a service restart. (#567)
- Kept the Web UI up during Web-triggered service restarts and added confirmation before disabling a platform. (#566)
- Moved the remote-access card to the top of Service settings and refreshed the pairing copy. (#565)
- Made project default Agents pre-select the Workbench backend instead of hard-binding new sessions before a native conversation exists. (#556)
- Disabled Claude Code sandboxing for Avibe-created remote sessions while keeping Avibe’s remote permission behavior. (#559)
- Updated audited UI dependencies and the managed
askilldependency.
Fixed
- Fixed Workbench Stop recovery for stale running turns whose backend runtime handle is already gone. (#549)
- Fixed Workbench backend switching locks so a backend is locked only while a turn is running or after native conversation binding. (#556)
- Fixed a session composer draft leak when switching directly between chats. (#560)
- Fixed platform setup/config edge cases, including credential draft preservation, WeChat config requirements, Slack runtime credential checks, and invalid enable transitions. (#558)
- Fixed Codex stale-cwd transport cache behavior when the cached app-server cwd inode changes. (#562)
- Fixed Telegram rich Markdown fallback so reply targets are preserved. (#569)
- Fixed fresh installs where Claude Code, Codex, and OpenCode were installed root-global and could not self-update from the non-root Avibe service. (#545)
- Fixed CLI and Web/API upgrades so a running Avibe install schedules a managed restart, while a stopped install stays stopped. (#553)
- Fixed Show Runtime GitHub release assets becoming inconsistent with the PyPI wheel’s baked-in manifest. (#557)
- Fixed PyPI release publishing for split
avibe-osand legacyvibe-remoteprojects, including isolated trusted publisher environments. (#547, #548)
Security
- Redacted platform and gateway secrets from
/api/configwheninclude_secrets=false, returning presence/length metadata instead. (#555) - Restricted direct file imports in
/api/agents/importto resolved Markdown files only. (#555) - Hardened remote-access OAuth handling with rate limiting, bounded in-memory handshake storage, atomic single-use claims, and same-origin cookie checks for fallback state recovery. (#568)
Full Changelog: v3.0.1...v3.0.2
Avibe v3.0.2
Highlights
- 现在可以直接在 Settings 里启用、停用和更新各 IM 平台凭据,不再需要重启 Avibe。Platforms 页面改成单线配置流程:启用前会校验凭据,应用过程有状态提示,停用平台前会二次确认。 (#564, #566, #567, #558)
- 远程访问登录现在支持已安装的独立 PWA,包括 iOS。OAuth 回调失败时会显示可重新登录的友好页面,不再直接返回 JSON,同时未登录的认证链路也做了加固。 (#568)
vibe agent run更适合做委派任务:异步运行可以把最终结果回传到调用方 Session,新建运行 Session 默认使用命令执行目录,也可以通过--cwd指定。 (#550, #551, #562)- 升级和运行时安装更稳了:正在运行的 Avibe 升级后会安排受管重启,Agent 后端安装到服务用户目录以支持自更新,Show Runtime 资产也会和 PyPI wheel 内的 manifest 保持一致。 (#553, #545, #557)
Changes
Added
- 新增异步 Agent Run callback session,可把委派运行的结果返回到调用方 Session。 (#550)
- 新增
vibe agent run --cwd,并让无 Session / 新建 Session 的运行跟随 CLI 调用目录。 (#562) - 新增 Telegram 结构化 Markdown 发送,优先使用 Bot API
sendRichMessage,失败时回退到旧的sendMessage路径。 (#569)
Changed
- 重做 Platforms 设置页,改为始终展开的内联配置流程,并移除了面向用户的“primary platform”设置。 (#564)
- 将平台启用、停用和凭据变更改为运行时热协调,不再触发服务重启。 (#567)
- Web 端触发服务重启时保留 Web UI 在线,并在停用平台前增加确认。 (#566)
- 将远程访问卡片移到 Service 设置页顶部,并更新配对文案。 (#565)
- 将项目默认 Agent 改为只预选 Workbench 后端;只有出现原生会话绑定后才锁定后端。 (#556)
- 为 Avibe 创建的 Claude Code 远程 Session 关闭 Claude sandbox,同时保留远程权限处理逻辑。 (#559)
- 更新已审计的 UI 依赖和受管
askill依赖。
Fixed
- 修复 Workbench Stop 遇到后端运行时句柄已消失的陈旧 running turn 时无法恢复的问题。 (#549)
- 修复 Workbench 后端切换锁定逻辑:只在 turn 运行中或已有原生会话绑定后锁定。 (#556)
- 修复直接切换聊天时,一个 Session 的输入草稿泄漏到下一个 Session 的问题。 (#560)
- 修复平台配置和向导的多个边界问题,包括凭据草稿保留、WeChat 配置段要求、Slack 运行时凭据校验,以及无效启用状态切换。 (#558)
- 修复 Codex 缓存 transport 在 cwd inode 变化后仍复用旧 app-server 的问题。 (#562)
- 修复 Telegram rich Markdown 回退路径丢失回复目标的问题。 (#569)
- 修复新环境中 Claude Code、Codex、OpenCode 以 root 全局方式安装,导致非 root Avibe 服务无法自更新的问题。 (#545)
- 修复 CLI 和 Web/API 升级流程:运行中的 Avibe 升级后会安排受管重启,未运行时保持停止。 (#553)
- 修复 Show Runtime 的 GitHub Release 资产与 PyPI wheel 内置 manifest 不一致的问题。 (#557)
- 修复
avibe-os与 legacyvibe-remote的 PyPI 发布流程,包括拆分发布任务和隔离 trusted publisher 环境。 (#547, #548)
Security
- 在
/api/config的include_secrets=false场景下隐藏平台和网关密钥,只返回是否存在和长度等元数据。 (#555) - 限制
/api/agents/import的直接文件导入,只允许解析后的 Markdown 文件。 (#555) - 加固远程访问 OAuth 流程:增加限流、有界内存握手存储、一次性原子领取,以及 fallback 状态恢复的同源 cookie 校验。 (#568)
Full Changelog: v3.0.1...v3.0.2