Skip to content

feat: subagent run limits, history visibility, and WS origin checks#44

Merged
jasonli0226 merged 1 commit into
mainfrom
feat/2026-06-first-update
Jun 1, 2026
Merged

feat: subagent run limits, history visibility, and WS origin checks#44
jasonli0226 merged 1 commit into
mainfrom
feat/2026-06-first-update

Conversation

@jasonli0226

@jasonli0226 jasonli0226 commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

Summary

First update batch for June 2026. Hardens the agent engine and WebSocket layer, adds session-message history filtering, and ships several web UI improvements.

Engine / API

  • Enforce policy maxSubagentRunMs and reap stale runs that exceed it
  • Add history-visibility filtering so session messages flagged hiddenInHistory are excluded from the model context
  • Share a single CORS allowlist between the HTTP layer and the WebSocket gateway via getAllowedOrigins(); validate the WS Origin header on connect

Database

  • Persist hiddenInHistory on session messages
  • Migration for the policy.maxSubagentRunMs field

Web

  • New bound-agents view on the user-agents page
  • Chat input/thread improvements
  • Channels-tab updates

Infra / Docs

  • Clarify Postgres env vars (POSTGRES_USER/PASSWORD/DB) in .env.example
  • Mount nest-cli.json in the dev compose file

Test plan

  • pnpm --filter api test (engine, gateway, db, history-visibility suites)
  • pnpm --filter web test (bound-agents, chat-input, chat-thread, channels-tab, api)
  • Run the new Prisma migrations against a dev DB
  • Verify WS connections are rejected from disallowed origins

@jasonli0226
feat: add subagent run limits, history visibility, and WS origin checks
7b240af 
- engine: enforce policy maxSubagentRunMs and reap stale runs; add
  history-visibility filtering so hidden session messages are excluded
  from model history
- api: share CORS allowlist between HTTP and the WebSocket gateway via
  getAllowedOrigins(); validate WS Origin on connect
- db: persist hiddenInHistory on session messages and add the
  policy/max-subagent-run-ms migration
- web: add bound-agents view, chat input/thread improvements, and
  channels-tab updates
- docs/infra: clarify Postgres env vars in .env.example, mount
  nest-cli.json in dev compose
@jasonli0226 jasonli0226 closed this Jun 1, 2026
@jasonli0226 jasonli0226 deleted the feat/2026-06-first-update branch June 1, 2026 17:44
@jasonli0226 jasonli0226 restored the feat/2026-06-first-update branch June 1, 2026 17:48
@jasonli0226 jasonli0226 reopened this Jun 1, 2026
@jasonli0226 jasonli0226 merged commit b2f81f7 into main Jun 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enkizan enkizan enkizan approved these changes

@cch-gh cch-gh cch-gh approved these changes

+1 more reviewer

@EnkiLeeTS EnkiLeeTS EnkiLeeTS approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jasonli0226 @enkizan @EnkiLeeTS @cch-gh