Safari keeps the heading actions widget at the end of headings to avoid
selection issues, but the widget was still using side metadata suited to
the leading placement.
With Chinese IME composition at the end of a heading, same-position
insertion could interact with the contentEditable=false widget and leave
the editor selection stuck. After that, Backspace stopped working until
the page was refreshed.
Use positive side metadata for the Safari trailing widget so composed
text stays before it, allow relaxed selection around the widget, and add
a narrow Safari-only ArrowLeft fallback for the heading-end boundary.
Chinese IME has been manually verified. Other composition-based IMEs may
follow a similar path, but are not claimed as verified here.
Remove `debug: 4.3.4` resolution which was forcing a downgrade – packages
requesting ^4.4.x now resolve to their correct versions. Remove
`ajv@npm:~8.13.0` resolution as no package in the dependency tree requests
that range anymore.
https://claude.ai/code/session_01JmpWGCUCVdKqN3MgsYc3fi
Co-authored-by: Claude <noreply@anthropic.com>
* perf: Avoid correlated subquery in Slack hooks user lookup
Query UserAuthentication directly by indexed providerId and load the
associated User and Team, instead of driving from User.findOne with a
required hasMany include — which Sequelize translates into a correlated
subquery that scans the users table.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Scope Slack fallback user lookup to matching AuthenticationProvider
The fallback in findUserForRequest matched any UserAuthentication with
the same providerId, which is only unique per (providerId, userId).
A colliding external user id from another workspace or provider could
resolve a user from the wrong team. Constrain via the AuthenticationProvider
join (name = "slack", providerId = serviceTeamId).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* test
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* Initial plan
* Support double-click submit in document explorer
* Remove test
* Fix double-click submit in document explorer
Single click now sets the selection instead of toggling it, so the two
clicks preceding a dblclick no longer flicker the selection on/off.
Submit handlers accept the node directly to avoid the stale-state race
across the click sequence, and button onClick handlers are wrapped so
the synthetic MouseEvent isn't passed in as the path argument.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* PR feedback
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Don't report upstream OAuth provider errors to Sentry
TokenError and AuthorizationError from passport-oauth2 represent
input problems from the upstream provider (expired or already-redeemed
codes, access_denied, etc) rather than server bugs. Log them at warn
level and redirect with the standard auth-error notice instead of
sending to the error reporter.
* Warn-only for OAuth provider errors, keep redirect flow shared
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Apply Postgres statement_timeout on request-handling processes
Sets `statement_timeout` to REQUEST_TIMEOUT on the Sequelize connection
pool when the process handles HTTP requests (web/api/collaboration/
websockets/admin) and does not also run worker/cron. Prevents a single
runaway query from saturating the shared Postgres instance and cascading
into timeouts across all endpoints.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Drop dead `api` service check
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Only apply statement_timeout in forked cluster workers
Skips the timeout in the master process so startup migrations driven
from `checkPendingMigrations` are not cancelled mid-execution.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Client disconnects mid-response surface as "Premature close" errors from
Node's stream end-of-stream helper. These are expected and add noise to
Sentry, similar to the EPIPE/ECONNRESET errors already filtered.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Spanish translations from Crowdin [ci skip]
* fix: New Czech translations from Crowdin [ci skip]
* fix: New Danish translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New Hebrew translations from Crowdin [ci skip]
* fix: New Hungarian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Japanese translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Dutch translations from Crowdin [ci skip]
* fix: New Polish translations from Crowdin [ci skip]
* fix: New Portuguese translations from Crowdin [ci skip]
* fix: New Swedish translations from Crowdin [ci skip]
* fix: New Turkish translations from Crowdin [ci skip]
* fix: New Ukrainian translations from Crowdin [ci skip]
* fix: New Chinese Simplified translations from Crowdin [ci skip]
* fix: New Chinese Traditional translations from Crowdin [ci skip]
* fix: New Vietnamese translations from Crowdin [ci skip]
* fix: New Portuguese, Brazilian translations from Crowdin [ci skip]
* fix: New Indonesian translations from Crowdin [ci skip]
* fix: New Persian translations from Crowdin [ci skip]
* fix: New Thai translations from Crowdin [ci skip]
* fix: New English, United Kingdom translations from Crowdin [ci skip]
* fix: New Norwegian Bokmal translations from Crowdin [ci skip]
* fix: New Romanian translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New Italian translations from Crowdin [ci skip]
* fix: New German translations from Crowdin [ci skip]
* fix: New French translations from Crowdin [ci skip]
* fix: New Korean translations from Crowdin [ci skip]
* fix: New Catalan translations from Crowdin [ci skip]
* fix: Allow deleting failed and canceled imports
The delete policy only permitted imports in the Completed state, so the
overflow menu for Errored or Canceled imports rendered with no items.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* test: Cover Errored and Canceled in imports.delete
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
When a collection is sorted alphabetically the document position is
auto-determined, so the "New document" submenu (Before/After/Nested) is
replaced by a direct "New document" action that creates a nested
document.
* perf: Move Markdown importer to zip stream
* refactor
* refactor: Extract zip walk + tree builder into ZipHelper
Adds `ZipHelper.walk` and `ZipHelper.toFileTree` so other importers can
stream zip contents without extracting to disk. Tree construction uses
an O(1) path → node map; `./`-prefixed entries are normalized, while
dotfiles, `__MACOSX`, and `..` segments are filtered.
* PR feedback
* feat: Toggle comments sidebar in editor lightbox
Adds a new comments toggle button to the lightbox top-right actions. When
toggled the sidebar slides out on the right and shows only the threads
anchored to the active image node. A new comment form at the bottom
creates a thread anchored to the image via a comment mark on the node.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Make lightbox comments sidebar interactable
The sidebar was being rendered as a sibling of Dialog.Content, so Radix's
focus/click-outside trap blocked all interaction with it. Move it inside
Dialog.Content so clicks and focus stay within the dialog.
Also scope the lightbox handleKeyDown to only preventDefault and act on
arrow/escape keys — and bail out entirely when typing into an input,
textarea, or contenteditable so the comment form receives keystrokes.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Align lightbox comments header with action buttons
Nudge the sidebar Comments heading 4px down so its baseline lines up
with the lightbox top-right action bar.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Render lightbox sidebar popovers inside the dialog
Reactions, menus, and tooltips inside the lightbox comments sidebar were
portalling into the editor wrapper via PortalContext — which is hidden
behind the lightbox overlay. Provide a PortalContext that targets the
sidebar element itself so popovers render inside the dialog and remain
visible.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Prevent lightbox handlers from stealing focus from reply input
Pointer events bubbling out of the comments sidebar were reaching the
ancestor Dialog.Content / lightbox handlers and somehow disrupting focus
on the ProseMirror reply input. Stop propagation of pointer, mouse, and
click events at the CommentsSidebar so the sidebar owns its own
interaction handling.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Anchor lightbox close animation to current image position
The close animation's translation was calculated relative to the image
position cached when the image first loaded — before the comments
sidebar could shift the image left. Recapture the natural position at
the start of setupZoomOut so the animation correctly starts where the
image actually is when the sidebar is open.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* fix: Fade the comments sidebar with the rest of the lightbox
The sidebar previously had only a slide-in animation on mount and stayed
fully opaque while the rest of the lightbox faded out on close. Wire the
sidebar to the shared fadeOut animation so it disappears in lockstep
with the overlay and action controls.
https://claude.ai/code/session_01W3duHkZJ6vgNPCQJL8hQK7
* Final fixes
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Weekly insights rollup
* fix: Avoid eager db instance creation in DocumentInsight model
Importing sequelize at the top level triggered createDatabaseInstance
during module load, which caused unrelated test suites that transitively
require the model to fail. Use the instance-bound this.sequelize in the
static method instead.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Skip soft-deleted documents in weekly insights rollup
The weekly task was deleting daily rows for soft-deleted documents
without creating a weekly replacement, since rollupPeriod filters them
out. Join to documents in both the week-discovery query and the DELETE
to keep behavior consistent — historical daily rows for deleted docs are
left for the cleanup task to remove at the retention boundary.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* refactor: Bind cutoff days param and add date predicate in weekly rollup
Moves CUTOFF_DAYS from string interpolation to a bound parameter and
adds a plain `date <` predicate so the planner can use the
(documentId, date, period) index before evaluating date_trunc.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
The `lodash-es@npm:4.17.23` resolution targeted a specific descriptor
that is no longer requested by any package — only `lodash-es: ^4.17.21`
appears in the dependency tree now, which resolves naturally to 4.18.1.
Removing the resolution produces no change in yarn.lock.
All other resolutions still prevent regressions (yarn install would
install a strictly lower version without them) or serve as project-pin
dedupe targets retained for compatibility, matching the rationale from
the prior audit in #12304.
Co-authored-by: Claude <noreply@anthropic.com>
* fix: Unable to link secondary auth provider on custom domain
* doc
* chore: Custom -> Apex transfer token
* Refactor, address security concerns
* Ensure OAuth intent is single-use
* Secure OAuth state actor binding
* Use scrypt for OAuth actor session binding
Wars