Conversation
- Update minimatch from 10.2.0 to 10.2.2 (fixes CVE-2026-26996 ReDoS vulnerability) - Update hono from 4.11.9 to 4.12.0 (fixes timing comparison hardening in auth) - Add esbuild ^0.25.0 override to resolve GHSA-67mh-4wv8-2f99 (CORS issue in dev server) All npm audit vulnerabilities now resolved.
Previously, content was only persisted to DB via a 5-second debounce timer. If the user navigated away before the timer fired, they would see stale content on return (loaded from DB via API) — especially if they stayed in preview mode and never triggered the Yjs sync. The workaround of adding a tag worked because it kept the user on the page long enough for the 5s debounce to fire. Fix: when the last peer disconnects, cancel the pending debounce and call persistDoc() immediately. The 10-second doc destruction timer is unchanged — quick mode switches still reuse the in-memory doc.
- minimatch >=10.2.2 (GHSA-3ppc-4f35-3m26 ReDoS via repeated wildcards) - hono >=4.12.0 (GHSA-gq3j-xvxp-8hrf timing comparison hardening) Both were transitive deps pulled in by shadcn CLI. bun audit clean.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 34f29e8fcc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
- Add conversational intro explaining the problem Hive solves - Expand 'When Should You Use Hive?' with concrete use cases - Clarify target audience (teams with multiple agents) - Use second-person tone throughout - Add clear next-step navigation
- Add conversational tone with 'you' references - Add 'When to Call Wake' section with guidance - Add code examples with curl commands - Add 'Polling vs Push' trade-off explanation - Add 'Common Patterns' section with real workflows - Add Troubleshooting section for common issues - Add API reference with query params
- Add conversational tone with 'you' references - Expand 'Recommended discipline' with clear steps - Add 'Why Acks Matter' section explaining reliability - Add 'Silent Backlog Problem' explanation - Add code examples for all common operations - Add Troubleshooting section - Add complete API reference
- Add conversational tone with 'you' references - Add 'When to Create a Task' section - Add detailed status flow explanation with examples - Add assignment best practices - Add dependencies explanation - Add operational expectations - Add code examples for all common operations - Add Troubleshooting section - Add complete API reference
- Add conversational tone with 'you' references - Add 'When to Use Buzz' section - Add step-by-step webhook setup guide - Clarify wake vs notify modes with examples - Add common integrations section (GitHub, CI, monitoring) - Add code examples throughout - Add Troubleshooting section - Add complete API reference
- Add conversational tone with 'you' references - Add Quick Start section for minimal setup - Expand database config with examples and guidance - Explain HIVE_BASE_URL importance for production - Clarify static vs dynamic token use cases - Add webhook configuration explanation - Add complete .env example for production - Add Troubleshooting section
- Add conversational tone with 'you' references - Add three deployment options (Docker, Compose, Source) - Include reverse proxy examples (Caddy, Nginx) - Add PM2 and systemd process management examples - Add production checklist - Add scaling guidance - Add health check documentation - Add detailed Troubleshooting section
- Add Wake flow diagram showing aggregation from sources - Add Message lifecycle diagram showing state transitions - Add Task status flow diagram with branching paths
- Enhanced Quickstart with troubleshooting and friendlier tone - Enhanced Notebook with use cases and examples - Enhanced Directory with When to Use section and examples - Add emoji, conversational headings, and practical guidance
GoZumie
left a comment
GoZumie
left a comment
There was a problem hiding this comment.
Reviewed: notebook data-loss fix is clean (flush on last peer disconnect, cancel debounce), security overrides target real CVEs, docs overhaul is a big improvement. No blockers. 🐝
…overwrites Codex P1 finding: fire-and-forget persistDoc calls on disconnect could race — if two saves were in-flight and the older one finished last, it would overwrite newer content written by a subsequent peer session. Fix: add saveChain: Promise<void> to DocEntry. All saves (debounced, on-disconnect, and on-destroy) enqueue through this chain via enqueueSave(), guaranteeing saves complete in arrival order. Since persistDoc() reads the live Yjs doc at execution time, the final save in the chain always captures the most recent content.
|
Addressed in |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8f448789aa
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
P1 — Re-check peers before destroying after queued saves: destroyDocIfEmpty now re-validates peers.size inside the final .then() callback, after all pending saves have drained. If a peer reconnected while the chain was running, the destroy is aborted safely. P2 — Skip disconnect save when document is unchanged: Added dirty: boolean to DocEntry, set true on any Yjs update, reset to false after each successful persistDoc. enqueueSave on disconnect and destroyDocIfEmpty both gate on entry.dirty, so read-only sessions no longer advance updatedAt or generate unnecessary DB writes.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d8231279cc
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…edits Codex P1: persistDoc was resetting dirty=false after the DB await, wiping any dirty signal set by edits that arrived during that await. On disconnect, the peer-empty check would see dirty=false and skip enqueueSave, dropping those in-flight edits. Fix: snapshot content and clear dirty BEFORE the await. Any edit arriving during the write sets dirty=true again. On save failure, restore dirty=true so the next opportunity retries.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cbce75b159
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| export MAILBOX_ADMIN_TOKEN=your-admin-token | ||
|
|
||
| # Start Hive | ||
| npm start |
There was a problem hiding this comment.
The updated docs tell users to run npm start when launching Hive from source (docs/src/content/docs/getting-started/configuration.md and docs/src/content/docs/getting-started/deployment.md), but package.json defines no start script (only dev, build, and preview). In a fresh setup this command fails immediately with “Missing script: start,” so users following these instructions cannot actually bring the service up.
Useful? React with 👍 / 👎.
4 participants
Changes
Bug Fixes
Documentation (Clio)
Security
bun auditclean)Commits since last release
fa0b5d9docs: conversational tone updates50fad33docs: add conceptual diagrams to feature pagesd0e5faadocs: enhance Deployment page with common setupsbdf12cbdocs: enhance Configuration page with purpose explanationsfc3c1e0docs: enhance Buzz documentation with webhook setup guidedb3106fdocs: enhance Swarm documentation with workflow guidec1e529adocs: enhance Messaging documentation with discipline examples814870ddocs: enhance Wake documentation with workflow examplesf2afda3docs: rewrite 'About Hive' with human-friendly Why Hive? focus34f29e8fix: override minimatch and hono to resolve remaining vuln alertsbd91600fix: update bun.lock after security dependency updatesbb5429efix: save notebook content immediately when last peer disconnects5ff9debfix: resolve security vulnerabilities