Conversation
…, dedupe update notifications (#778) (#811) Add a per-cycle version-check ping to the hourly auto-update loop. The request (GET /api/v1/version-check?v=...&platform=...) lets the server count a daily-salted aggregate of active installs; nothing is stored per caller. The response's latest_version is logged at DEBUG alongside the existing git-based update check, which remains the authoritative signal. Two opt-out layers: - TAOS_NO_UPDATE_PING=1 env var (operator/system level) - update_ping_enabled pref in the auto-update namespace (Settings UI) All network failures (DNS, timeout, bad status, etc.) degrade silently to debug logging and never surface as user-visible errors or block the git check. The endpoint URL defaults to https://taos.my/api/v1/version-check and is overridable via TAOS_UPDATE_CHECK_URL. Notification dedupe was already in place via last_notified_commit; this commit verifies it works correctly and adds regression tests. Version source: tinyagentos.__version__ (set to "1.0.0-beta" in tinyagentos/__init__.py, matching pyproject.toml). Adds 12 new tests in tests/test_auto_update_ping.py (20 total across the three auto_update test files, all green).
|
Warning Review limit reached
More reviews will be available in 17 minutes and 27 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (28)
📝 WalkthroughWalkthroughThis PR consolidates four related delivery areas: a compiled agent manual system with build automation, anonymous install-count update telemetry with user opt-out, desktop message copy-to-clipboard functionality, and agent runtime self-healing when the LLM proxy recovers after degraded startup. ChangesIntegrated Feature Release
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes The PR spans four distinct subsystems (documentation automation, backend telemetry, desktop UI, and runtime resilience) with moderate-to-high density logic in the auto-update ping implementation (persistent ID generation, opt-out gating, error resilience) and agent server self-healing state machine. Desktop UI changes follow consistent copy-to-clipboard patterns across multiple components. The 60-range scope and heterogeneous file spread across docs, scripts, tests, desktop, and backend require careful cross-layer understanding, though most individual changes follow clear patterns. Possibly related issues
Possibly related PRs
Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
👋 Thanks for the PR! This one targets See CONTRIBUTING.md for the branch model. |
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| logger.debug( | ||
| "version-check ping: status=%s url=%s", resp.status_code, url | ||
| ) | ||
| if resp.status_code == 200: |
There was a problem hiding this comment.
WARNING: Non-200 responses are not read or closed before returning.
send_version_ping reuses the shared http_client when available. If the version-check endpoint returns a non-200 response, the response body is never read and the response is not explicitly closed, which can hold connection-pool resources until garbage collection. Read or close the response for all statuses so failures still release the connection cleanly.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| - **Agent Logs.** Real-time log viewer with auto-refresh | ||
| - **Backup & Restore.** Downloadable config backup, one-click restore, scheduled auto-backup (daily/weekly) | ||
| - **System Updates.** Pull latest from GitHub via Settings page | ||
| - **System Updates.** Pull latest from GitHub via Settings page. taOS periodically checks for updates and reports an anonymous install count (a daily aggregate estimate, no identifiers); disable with `TAOS_NO_UPDATE_PING=1` or in Settings. |
There was a problem hiding this comment.
WARNING: Documentation claims a Settings UI opt-out that this PR does not add.
The backend now checks update_ping_enabled, but the diff does not update desktop/src/apps/SettingsApp/UpdatesPanel.tsx or /api/settings/update-status to expose or persist that setting. Users will not have the documented Settings control unless this PR includes additional UI/API changes.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
Code Review SummaryStatus: 8 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)CRITICAL
WARNING
Other Observations (not in diff)Issues found in unchanged code that cannot receive inline comments:
Files Reviewed (9 files)
Fix these issues in Kilo Cloud Reviewed by nex-n2-pro:free · 931,526 tokens |
* fix(desktop): agent text is selectable and copyable on every chat surface (#801) - AgentsApp: remove select-none from root detail containers; add select-none to back-header/toolbar only; add select-text to content regions so AgentDetailPanel and AgentMessagesPanel output is always selectable - AgentMessagesPanel: add select-text to message text and reasoning blocks; replace raw <pre> blocks for tool calls/results with a PreBlock helper that has a hover-reveal copy button (keyboard accessible, ARIA-labelled) - TaosAssistantPanel/TaosAssistantWindow: add select-text to MessageBubble; add per-message copy button (hover-reveal, ARIA-labelled, 1.5s feedback); render triple-backtick fenced code via shared CodeBlock component - MessagesApp renderContent: split on fenced code blocks first, render each via CodeBlock; inline markdown applied to non-code segments only - MessageOverflowMenu: add onCopyText prop and "Copy text" menu item (copies raw message content; available for all messages unconditionally) - CodeBlock: new shared component (no new deps) - styled mono block with hover-reveal copy button, 1.5s check-mark feedback, keyboard accessible * fix(desktop): segment-prefixed render keys cannot collide; Copy text renders only when a handler is wired
|
|
||
| ## What taOS is (for your answers) | ||
|
|
||
| taOS is a self-hosted operating system for AI agents. It runs on the user's own hardware (a single-board computer, a PC, a Mac) and serves a full desktop in the browser. Agents run in isolated containers, share chat channels with the user, and keep long-term memory. Nothing leaves the user's network unless they connect a cloud provider. The web desktop is at port 6969 on the host. |
There was a problem hiding this comment.
WARNING: Product description contradicts the update ping.
This manual says nothing leaves the user's network unless they connect a cloud provider, but the update-ping flow sends data to taos.my by default. Agents using this manual could give users an incorrect privacy answer.
| taOS is a self-hosted operating system for AI agents. It runs on the user's own hardware (a single-board computer, a PC, a Mac) and serves a full desktop in the browser. Agents run in isolated containers, share chat channels with the user, and keep long-term memory. Nothing leaves the user's network unless they connect a cloud provider. The web desktop is at port 6969 on the host. | |
| taOS is a self-hosted operating system for AI agents. It runs on the user's own hardware (a single-board computer, a PC, a Mac) and serves a full desktop in the browser. Agents run in isolated containers, share chat channels with the user, and keep long-term memory. Only cloud model calls and the optional anonymous update ping leave the user's network. The web desktop is at port 6969 on the host. |
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| ## Updates (and the privacy question) | ||
|
|
||
| - taOS checks for updates about once an hour and shows a notification when one is ready. Install it via Settings then Updates then Install Update. | ||
| - The update check also reports an anonymous install count to taos.my: a random ID, the version, and the platform. No names, no emails, no IP addresses are stored. Turn it off in Settings or with `TAOS_NO_UPDATE_PING=1`. Updates keep working either way. |
There was a problem hiding this comment.
WARNING: Update-ping privacy and Settings opt-out claims are inaccurate or unsupported.
The code sends only v and platform; no random ID is generated or sent, and this PR does not add a Settings UI/API control for update_ping_enabled. The line also claims no IP addresses are stored, which this repository cannot guarantee for the taos.my endpoint unless server-side logging is explicitly disabled. Qualify or remove these claims.
| - The update check also reports an anonymous install count to taos.my: a random ID, the version, and the platform. No names, no emails, no IP addresses are stored. Turn it off in Settings or with `TAOS_NO_UPDATE_PING=1`. Updates keep working either way. | |
| - The update check also reports an anonymous install count to taos.my: the version and platform. No names or emails are sent. Turn it off with `TAOS_NO_UPDATE_PING=1`; add a Settings toggle before documenting a Settings opt-out. Updates keep working either way. |
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
|
|
||
| **Last updated:** 2026-06-12 ~14:30 BST, freshness sweep by @taOS (Orange Pi session). docs/AGENT_HANDOFF.md committed (was local-only). STATUS.md footer tips fixed. 5h window ~8%, resets 13:20 UTC; resume pair armed (14:23/14:42 BST). | ||
| **Last updated:** 2026-06-12 ~16:30 BST, by @taOS (Mac session). PR TRAIN IN FLIGHT (sequencing matters): | ||
| - #817 (persistent install id in the update ping) MUST land on dev BEFORE #813 promotes, else the taos.my counter counts nothing. #813 head=dev so merging #817 folds in automatically; then #813 promotes the install counter to master. |
There was a problem hiding this comment.
WARNING: PR promotion sequencing dependency is not enforced.
This status note says #817 must land on dev before #813 promotes, but this PR is #813 targeting master. If merged before #817, the promoted update ping may ship without the persistent install id the counter depends on. Treat #817 as a hard prerequisite or hold this promotion until the dependency is satisfied.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
…teLLM was ready; surface empty streams as errors (#816)
| "taos_agent_runtime: re-scoping the taOS agent key returned False " | ||
| "(key scope may be stale)" | ||
| ) | ||
| born_degraded = True |
There was a problem hiding this comment.
WARNING: Key-scope re-scope failure is treated as a rebuild trigger
update_agent_key() can return False when the key scope could not be updated. This still starts opencode with the stored key, so later model calls may fail with authorization/model errors instead of degrading early. Treat re-scope failure as a hard runtime degradation or fall back to the master key.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| exc = drive_task.exception() | ||
| if exc is not None: | ||
| logger.error("taos-agent: drive task raised %r", exc) | ||
| if not content_frame_yielded: |
There was a problem hiding this comment.
WARNING: Adapter errors produce a second generic error frame
Error frames are not counted as output, so a specific adapter error is followed by this fallback "backend returned no output" error before done. Track any non-_DONE frame as output, or use a separate error_frame_yielded flag, so clients receive the specific error only.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
…an exact historical record (#817)
…818) The taOS agent manual was a single flat file. This commit introduces a library-plus-compile design: - docs/agent-manual/ holds nine focused source files (identity, rules, product description, facts, apps, chat, updates/privacy, post-update troubleshooting, answer templates) and an index that defines compile order. - scripts/build-agent-manual.py concatenates them into the single flat docs/taos-agent-manual.md that the runtime already loads unchanged. - tests/test_agent_manual_compiled.py fails CI if a contributor edits the source library but forgets to rebuild (builds into a temp file and diffs). - CONTRIBUTING.md gets a one-liner pointing contributors to the source files. No change to taos_agent.py or any runtime path. The compiled file stays the injection target so weak models always have the full prompt in context.
| if path.exists(): | ||
| existing = path.read_text(encoding="utf-8").strip() | ||
| if existing: | ||
| return existing |
There was a problem hiding this comment.
WARNING: Persistent install id is sent without validation
_install_id returns any non-empty contents of <data_dir>/.install_id and immediately includes it in the external update ping. Because the data directory is user-writable, a malformed/truncated id can corrupt the server-side count, and PII or an overly long value could be exfiltrated if written there. Validate the generated UUID format/length before reusing an existing file, and regenerate when invalid.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| ) | ||
| born_degraded = True | ||
| except Exception: | ||
| logger.debug("taos_agent_runtime: re-scoping stored key failed", exc_info=True) |
There was a problem hiding this comment.
WARNING: Re-scope exceptions leave stale key without degraded flag
The update_agent_key() exception path uses the stored key unchanged, but unlike the False return path it leaves born_degraded false. The next call will reuse the cached server instead of rebuilding with a fresh scoped key, so stale model permissions can persist silently. Mark degradation or fall back/remint on exception as well.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
| if path.exists(): | ||
| existing = path.read_text(encoding="utf-8").strip() | ||
| if existing: | ||
| return existing |
There was a problem hiding this comment.
WARNING: Install id is accepted from any existing file contents
_install_id documents a random UUID, but if <data_dir>/.install_id already exists it returns the raw stripped contents without validating format. A corrupted or attacker-written file could be sent as the id query parameter to the update-check endpoint, leaking local data and breaking the install counter. Validate that the persisted value is a UUID/hex string before sending it.
| return existing | |
| if existing and len(existing) == 32 and set(existing) <= set("0123456789abcdef"): |
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
1 participant
Carries #811: the hourly update check now pings the taos.my version endpoint (the anonymous install count from #778) with TAOS_NO_UPDATE_PING and a Settings opt-out, degrading silently when the endpoint is unreachable. The git-based update check remains authoritative, so updates work with the website offline. Also regression-tests the existing notification dedupe.
Summary by CodeRabbit
New Features
TAOS_NO_UPDATE_PING=1)Bug Fixes
Documentation