ROOH/MATTERMOST_OPENCLAW_LIVESTATUS
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

docs: v4.1.0 release notes and production deploy guide #7

New Issue
Closed
opened 2026-03-09 15:42:16 +01:00 by sol · 0 comments
sol commented 2026-03-09 15:42:16 +01:00
Collaborator
Copy Link

Summary

Documents all bug fixes and new features shipped in v4.1.0 (commits 79d5e82, 2d493d5, 3e93e40). This issue tracks what changed and ensures a developer deploying to a new server can reproduce the full setup.

Bugs Fixed

1. RHS Panel blank after page refresh (Medium)

File: plugin/webapp/src/components/rhs_panel.tsx

Root cause: The useAllStatusUpdates() hook only read from window.__livestatus_updates, which is populated by WebSocket events. On page refresh, no WebSocket events had fired yet, so the panel started empty even with active sessions in the KV store.

Fix: Added a GET /api/v1/sessions fetch on component mount to hydrate the panel from the server before WebSocket takes over.

2. Plugin auth blocked browser requests (Medium)

File: plugin/server/api.go

Root cause: All plugin API endpoints required the shared secret (daemon Bearer token). Browser-side fetch() calls from the React webapp cannot include the shared secret (it would be exposed in the bundle). This meant the RHS panel initial fetch returned 401.

Fix: Added dual auth path. GET endpoints (read-only) now accept either the shared secret OR a valid Mattermost session (Mattermost-User-Id header, auto-injected by the MM server). Write endpoints (POST/PUT/DELETE) still require the shared secret.

3. Orphaned active sessions accumulate on daemon crash (Low)

Files: plugin/server/plugin.go, plugin/server/store.go

Root cause: If the daemon crashed mid-session, the KV store entry stayed active forever. OnDeactivate handled plugin restarts but not daemon crashes.

Fix: Added LastUpdateMs field to SessionData and a cleanup goroutine (every 5 min): sessions active >30 min with no update are marked interrupted; non-active sessions >1 hr are deleted.

4. KV store scanned all keys regardless of prefix (Low)

File: plugin/server/store.go

Root cause: ListActiveSessions iterated over all KV keys from all plugins and filtered by prefix after deserialization, making it O(n) across the whole KV store.

Fix: KVList prefix filter applied before deserialization. Only ls_session_* keys are read.

New Features

Floating Widget (registerRootComponent)

File: plugin/webapp/src/components/floating_widget.tsx

A floating PiP-style overlay that solves the core UX problem: the status box gets buried in long threads. The widget is always visible regardless of scroll position.

  • Auto-shows when any session becomes active (WebSocket event)
  • Auto-hides 5 seconds after all sessions complete
  • Draggable to any screen position, position persisted in localStorage
  • Collapsible to a pulsing dot with active session count
  • Compact view: agent name, elapsed time, last 5 status lines
  • Registered via registerRootComponent in index.tsx

Production Deployment

See README.md for full instructions. Quick reference:

cd plugin
MM_URL=https://your-mm.example.com MM_TOKEN=your_token make deploy

For servers with plugin uploads disabled, use the manual path documented in README.md under "Manual Deploy".

Commits

  • 79d5e82: feat: RHS panel initial fetch, floating widget, session cleanup
  • 2d493d5: feat: add Mattermost session auth for browser requests
  • 3e93e40: docs: add v4.1.0 changelog, plugin deploy guide, and plugin Makefile
## Summary Documents all bug fixes and new features shipped in v4.1.0 (commits 79d5e82, 2d493d5, 3e93e40). This issue tracks what changed and ensures a developer deploying to a new server can reproduce the full setup. ## Bugs Fixed ### 1. RHS Panel blank after page refresh (Medium) **File:** plugin/webapp/src/components/rhs_panel.tsx **Root cause:** The useAllStatusUpdates() hook only read from window.__livestatus_updates, which is populated by WebSocket events. On page refresh, no WebSocket events had fired yet, so the panel started empty even with active sessions in the KV store. **Fix:** Added a GET /api/v1/sessions fetch on component mount to hydrate the panel from the server before WebSocket takes over. ### 2. Plugin auth blocked browser requests (Medium) **File:** plugin/server/api.go **Root cause:** All plugin API endpoints required the shared secret (daemon Bearer token). Browser-side fetch() calls from the React webapp cannot include the shared secret (it would be exposed in the bundle). This meant the RHS panel initial fetch returned 401. **Fix:** Added dual auth path. GET endpoints (read-only) now accept either the shared secret OR a valid Mattermost session (Mattermost-User-Id header, auto-injected by the MM server). Write endpoints (POST/PUT/DELETE) still require the shared secret. ### 3. Orphaned active sessions accumulate on daemon crash (Low) **Files:** plugin/server/plugin.go, plugin/server/store.go **Root cause:** If the daemon crashed mid-session, the KV store entry stayed active forever. OnDeactivate handled plugin restarts but not daemon crashes. **Fix:** Added LastUpdateMs field to SessionData and a cleanup goroutine (every 5 min): sessions active >30 min with no update are marked interrupted; non-active sessions >1 hr are deleted. ### 4. KV store scanned all keys regardless of prefix (Low) **File:** plugin/server/store.go **Root cause:** ListActiveSessions iterated over all KV keys from all plugins and filtered by prefix after deserialization, making it O(n) across the whole KV store. **Fix:** KVList prefix filter applied before deserialization. Only ls_session_* keys are read. ## New Features ### Floating Widget (registerRootComponent) **File:** plugin/webapp/src/components/floating_widget.tsx A floating PiP-style overlay that solves the core UX problem: the status box gets buried in long threads. The widget is always visible regardless of scroll position. - Auto-shows when any session becomes active (WebSocket event) - Auto-hides 5 seconds after all sessions complete - Draggable to any screen position, position persisted in localStorage - Collapsible to a pulsing dot with active session count - Compact view: agent name, elapsed time, last 5 status lines - Registered via registerRootComponent in index.tsx ## Production Deployment See README.md for full instructions. Quick reference: ``` cd plugin MM_URL=https://your-mm.example.com MM_TOKEN=your_token make deploy ``` For servers with plugin uploads disabled, use the manual path documented in README.md under "Manual Deploy". ## Commits - 79d5e82: feat: RHS panel initial fetch, floating widget, session cleanup - 2d493d5: feat: add Mattermost session auth for browser requests - 3e93e40: docs: add v4.1.0 changelog, plugin deploy guide, and plugin Makefile <!-- openclaw-agent -->
sol closed this issue 2026-03-09 20:52:26 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
needs-review
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
sol ROOH
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ROOH/MATTERMOST_OPENCLAW_LIVESTATUS#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?