Skip to content

Add configurable UI extension slots#3622

Open
Alex-Tideman wants to merge 20 commits into
mainfrom
extensions-exploration
Open

Add configurable UI extension slots#3622
Alex-Tideman wants to merge 20 commits into
mainfrom
extensions-exploration

Conversation

@Alex-Tideman

@Alex-Tideman Alex-Tideman commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Description & motivation 💭

Adds configurable iframe-based UI extensions so operators can mount customer-owned UI into stable Temporal UI slots without forking the main UI bundle.

This PR:

  • Adds customUi server configuration for enabling iframe extensions, including extension IDs, slot names, source URLs, allowed origins, route filters, sandbox options, sizing bounds, and permissions.
  • Exposes the configured extensions through the settings API and maps them into client-side settings.customUi.
  • Adds reusable ExtensionSlot and IframeExtension components that render configured extensions only when the slot, route pattern, iframe URL, and allowed origin all match.
  • Adds extension host utilities for route matching, origin validation, sandbox token generation, bounded iframe sizing, scoped context permissions, and same-origin navigation requests.
  • Adds a small versioned postMessage protocol:
    • Host sends temporal-ui/context and temporal-ui/theme.
    • Extensions can send temporal-extension/ready, temporal-extension/resize, and permitted temporal-extension/navigate.
  • Mounts extension slots in the top navigation, a full-width row below the top navigation, and the workflow header after workflow details.
  • Documents the extension configuration, available slots, route matching, URL/origin rules, sandboxing, permissions, messaging, and local development workflow in src/lib/extensions/README.md.

Screenshots (if applicable) 📸

Examples

Screenshot 2026-07-01 at 10 15 13 AM Screenshot 2026-07-01 at 10 14 58 AM

Design Considerations 🎨

  • Extension slots are intentionally narrow and stable so external UI can appear near existing Temporal context without changing the default UI when customUi.enabled is false.
  • Iframes are sandboxed by default with only allow-scripts; additional capabilities are opt-in per extension.
  • Workflow and user context are permission-gated so extensions only receive sensitive context when explicitly configured.
  • Extension navigation requests are limited to same-origin paths and require navigation:write.

Testing 🧪

How was this tested 👻

  • Manual testing
  • E2E tests added
  • Unit tests added

Local test commands run:

pnpm exec vitest run src/lib/extensions/iframe-extensions.test.ts src/lib/extensions/messages.test.ts src/lib/services/settings-service.test.ts
go test ./server/api/...

Results:

  • Vitest: 3 files passed, 30 tests passed.
  • Go: github.com/temporalio/ui-server/v2/server/api passed.

Steps for others to test: 🚶🏽‍♂️🚶🏽‍♀️

  1. Configure customUi.enabled: true with one or more iframeExtensions in the UI server config.
  2. Point an extension at a relative src with allowedOrigin: self, or at an HTTPS origin with a matching explicit allowedOrigin.
  3. Use one of the mounted slots:
    • app.top-nav.actions.before
    • app.top-nav.actions.after
    • app.top-nav.sub-nav
    • workflow.header.after-details
  4. Load a matching route and verify the extension iframe renders only when its slot and routePatterns match.
  5. From the extension iframe, send ready and resize messages and verify the host responds with context/theme messages and clamps dimensions to configured bounds.
  6. For a workflow header extension with permissions: [context:workflow], verify workflow context is delivered.
  7. With permissions: [navigation:write], send a same-origin navigate message and verify the host navigates; verify off-origin URLs are ignored.

Checklists

Draft Checklist

N/A

Merge Checklist

N/A

Issue(s) closed

N/A

Docs

Any docs updates needed?

Docs for the new extension framework are included in src/lib/extensions/README.md.

@Alex-Tideman Alex-Tideman requested a review from a team as a code owner July 1, 2026 18:28
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
holocene Ready Ready Preview, Comment Jul 11, 2026 2:14am

Request Review

taskQueue: workflow?.taskQueue,
workflowType: workflow?.name,
},
}}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • ⚠️ Type 'WorkflowStatus | undefined' is not assignable to type 'string | undefined'.

@temporal-cicd

temporal-cicd Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor
Warnings
⚠️

📊 Strict Mode: 4 errors in 3 files (0.4% of 921 total)

src/lib/services/settings-service.ts (1)
  • L119:2: Type '{ auth: { enabled: boolean; options: string[] | null; redirectToProvider: boolean; }; baseUrl: string | null; codec: { endpoint: string; passAccessToken: boolean | undefined; includeCredentials: boolean | undefined; customErrorMessage: { ...; }; }; ... 19 more ...; version: string; }' is not assignable to type 'Settings'.
src/lib/layouts/workflow-header.svelte (1)
  • L199:8: Type 'WorkflowStatus | undefined' is not assignable to type 'string | undefined'.
src/routes/(app)/+layout.svelte (2)
  • L83:21: 'namespace.namespaceInfo' is possibly 'null' or 'undefined'.
  • L86:6: Argument of type 'ICapabilities | null | undefined' is not assignable to parameter of type 'NamespaceCapabilities | undefined'.

Generated by 🚫 dangerJS against 69598c6

buildIframeSandbox({
...extension().sandbox,
allowForms: true,
allowPopupsToEscapeSandbox: true,

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

allowPopupsToEscapeSandbox This seems sus I feel like we shouldn't allow sandbox escaping?

).toBeNull();
expect(safeNavigationPath('javascript:alert(1)', currentOrigin)).toBeNull();
});
});

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have some tests around iframe allow headers on origin and remote and maybe an iFrame script to reach to the parent frame and a script from the parent frame trying to reach into the child frame?

const minWidth = positiveOrUndefined(sizing.minWidth) ?? MIN_WIDTH;
const maxWidth = positiveOrUndefined(sizing.maxWidth) ?? MAX_WIDTH;
return clamp(defaultWidth, minWidth, maxWidth);
};

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be cool to have an @Attach on the parent html container with a ResizeObserver debounced by RAF that sends the height/width of the container to the iframe so you could have the iframe reactive to the size of the parent html contianer


CustomUI struct {
Enabled bool `yaml:"enabled"`
IframeExtensions []IframeExtension `yaml:"iframeExtensions"`

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think static YAML is fine for now, but wondering if it might it be worth it to support getting extensions via a manifest URL?

Something that wouldn't require a redeploy every time something needed to be changed e.g.

  extensionManifests:
    - url: https://example.com/manifest.json  
      allowedOrigin: https://example.com       
      permissions: [context:workflow]

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think that's a great idea. Then that would also support Nexus endpoints - you could point the url to a Nexus endpoint and have it return a custom UI

tegan-temporal and others added 11 commits July 10, 2026 21:13
* Add existing versions to create version form

* Show 5 versions max

* Add show more button

* Add check for aborted in .then
* fix(cloud-nav): keep collapsed nav header height stable

The Cloud nav header reflowed from a single row (expanded) into a stacked
column (collapsed: flex-col + gap-2, dropping min-h-7), changing its height.
Because the nav icon list sits directly below the header, the icons shifted
vertically on every expand/collapse.

Keep the header a constant-height single row in both states: pin min-h-7,
hide the logo/subtitle block when collapsed, and center the toggle. The icon
list's top edge no longer moves. OSS nav bar is unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(cloud-nav): animate width on expand/collapse

The nav declared transition-width but it never fired: the expanded Cloud nav
has an explicit width (w-[13.125rem]) while the collapsed state fell back to
content width (auto), which CSS can't interpolate, so the toggle snapped. Pin
the collapsed Cloud width to its natural rail size so the existing
transition-width has two definite endpoints, and add a motion-reduce guard.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Laura Whitaker <laura.whitaker@temporal.io>
* Update SAA list view

* Update SAA details view

* Update to use shared no workers polling alert

* Fix strict ts errors

* Update saa table cell values
* feat(nexus-operations): DT-4005 standalone nexus operations API integrations (#3444)

* feat(nexus-operations): add types and API routes for standalone nexus operations

Adds NexusOperationExecution types, extends APIRouteParameters with operationId,
and registers 6 new API routes (list, describe/start, poll, cancel, terminate, count).
Adds route-for helpers mirroring the standalone activities pattern.

DT-4005

* feat(nexus-operations): add services for standalone nexus operations

Adds fetchPaginatedNexusOperations, startStandaloneNexusOperation,
getNexusOperationExecution, pollNexusOperationExecution, cancel, and terminate.
Adds count and count-by-status service functions.

DT-4005

* feat(nexus-operations): add stores, poller, and filters for standalone nexus operations

Adds nexus operation writable stores (refresh, loading, updating, count, error, query).
Adds StandaloneNexusOperationPoller with long-poll loop mirroring the activity poller.
Adds nexusOperationFilters store to filters.ts.

DT-4005

* test(nexus-operations): add route-for-base-path test cases for standalone nexus operations

* feat(nexus-operations): add capability flag, guard component, and configurable table columns (#3466)

Adds Phase 2 (DT-4006) infrastructure for standalone nexus operations:

- NamespaceCapabilities type with standaloneNexusOperations field in src/lib/types/index.ts
- Guard component that checks both capability flag and minimum server version (1.31.0)
- Disabled state component with Dynamic Config instructions
- i18n namespace for standalone-nexus-operations
- TABLE_TYPE.NEXUS_OPERATIONS, NexusOperationHeaderLabels, default/available column arrays,
  persistedNexusOperationsTableColumns store, configurableTableColumns derived store update,
  availableNexusOperationColumns export, and exhaustive switch cases in configurable-table-columns.ts

* feat(nexus-operations): standalone nexus operations list page [DT-4003] (#3470)

* feat(nexus-operations): add standalone nexus operations list page

- Add list page route at namespaces/[namespace]/nexus-operations
- Add page component with status count filters and configurable table
- Add filter bar with search attribute support
- Add configurable table with header/body cells and empty state
- Add get-nexus-operation-status-and-count utility and tests
- Add nexus operation search attributes to search-attributes store
- Wire nav layout item for standalone nexus operations
- Add i18n strings for nexus operations page

* feat(nexus-operations): add saved views panel, CTA button, and rich empty state

Match Figma design for standalone nexus operations list page:
- Add saved views panel with system/user views, expand/collapse, save/edit/delete/share
- Add 'Start a Standalone Nexus Operation' CTA button via headerActions snippet
- Add rich empty state with value proposition, docs links, and GitHub code samples
- Add i18n strings for all new UI copy
- Add savedNexusQueryNavOpen persist store and savedNexusQueries/systemNexusViews stores

* Update api version to v1.62.12 for SANO APIs and capability

* fix capability name

* feat(nexus-operations): standalone nexus operation details page [DT-4002] (#3495)

* [DT-4039] Workflow query builder doesn't work with numeric search attributes (#3435)

* fix(DT-4039): Workflow query builder for numeric search attributes

The query builder wrapped Int/Double search attribute values in
double quotes (e.g. `Foo="1"`), which the Visibility backend rejects
for numeric types. Stop quoting numeric values in the serializer.

The tokenizer also merged unquoted values with their conditional
operator (e.g. `Foo=1` tokenized as `Foo`, `=1`), which previously
only mattered for booleans and was patched in the parser by stripping
`=`. With numerics this breaks down for 2-char operators (`>=`, `<=`,
`!=`). Fix the tokenizer to emit the conditional as its own token and
to accept operator-style 2-char conditionals without a trailing space.
Update the boolean parser to read the value from `tokenTwoAhead` to
match the new shape.

* fix(DT-4039): Update integration tests for unquoted numeric search attributes

The desktop and mobile workflow-filter specs asserted the previous
buggy serialization (`HistoryLength`="10"). Update them to match the
new correct shape (`HistoryLength`=10).

* Make Common Errors dismissable (#3471)

* Make common errors dismissable

* Remove common errors

* Capitalize Common Errors

* Add description

* Update description

* [DT-4048] Add accessibility PR triage and notification helpers (#3465)

* Implement helpers for accessibility PRs

* fix formatting

* fix linting

* fix title gating regex

* improve deduplication detection on notify

* Move CLAUDE.md a11y conventions to DT-4049

* feat(DT-4017): Schedules List UI Update (#3467)

* fix(markdown): allow nested lists to render as block (DT-4047) (#3463)

* Add a prop to hide select/deselect controls (#3474)

* DT-4051: pre-populate input when starting standalone activity like this one (#3469)

* fix(a11y): reveal Copyable's CopyButton on focus-within (WCAG 2.1.1) (#3452)

The Copyable primitive hides its CopyButton behind
'invisible group-hover:visible'. Tailwind's 'invisible' compiles
to visibility: hidden, which removes the element from the focus
order -- Tab skips it entirely. Mouse users can hover to reveal
and click; keyboard users in default mode have no way to invoke
copy at all.

Add 'group-focus-within:visible' alongside the existing
'group-hover:visible' so the button becomes visible (and
therefore focus-eligible) whenever focus moves anywhere inside
the wrapping group -- typically when the user Tabs onto the
slot's content (workflow IDs, run IDs, etc.). The next Tab now
lands on the CopyButton, where Enter or Space triggers copy.

Applied to both branches (clickAllToCopy and default mode).

Affects detail-list value cells, event-summary rows, and every
other Copyable consumer in default mode.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: accept autocomplete prop on NumberInput, ChipInput, and Combobox (#3425)

Allows consumers to pass WCAG-defined autocomplete tokens (e.g.
"cc-number", "email") to these input primitives. All three previously
hardcoded autocomplete="off", preventing purpose identification per
WCAG 2.2 SC 1.3.5. Default remains "off" so existing behavior is
unchanged.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: cap ZoomSvg container height to viewport (#3428)

Uses CSS min() to limit the container to the lesser of containerHeight
(default 600px) or viewport height minus 8rem. On narrow landscape
viewports (e.g. 320x500) the container now fits within the screen
instead of overflowing. Desktop behavior is unchanged.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): accommodate text-spacing overrides on Badge and Chip (WCAG 1.4.12) (#3433)

* fix(a11y): accommodate text-spacing overrides (WCAG 1.4.12)

Three same-family fixes for SC 1.4.12 Text Spacing. WCAG requires
that text-spacing user overrides (line-height 1.5, letter-spacing
0.12em, etc.) not cause content loss.

- Badge: leading-4 (16px) -> leading-[1.5]. text-sm at 1.5 line-
  height is 21px which previously clipped.
- Chip: h-7 -> min-h-7, add leading-[1.5]. Preserves the 28px
  visual minimum but allows growth.
- Table row: h-8 -> min-h-8. The densest text-bearing surface in
  the product. Preserves the 32px default but allows growth under
  user override.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* revert(a11y): undo h-8 -> min-h-8 on table row

Per reviewer feedback: <tr> uses table layout rules, where the
height property already acts as a minimum (the row grows to fit
cell content). min-height on <tr> is either ignored or behaves
differently per browser. The change broke the skeleton table
without providing the intended SC 1.4.12 benefit -- under
text-spacing override, the row would have grown naturally.

Badge and chip portions of the PR remain in place (those are flex
elements where min-h-* works as expected).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): non-color signal for Label required indicator (WCAG 1.4.1) (#3439)

* fix(a11y): non-color signals for required state and timeline graph nodes (WCAG 1.4.1)

Two SC 1.4.1 Use of Color fixes:

- Label required-field indicator: replace the 6x6 red dot with a
  red asterisk (aria-hidden) so users with color-perception
  differences see a shape signal, not just a color signal. The
  programmatic required state continues to come from native HTML
  `required` on the input (which the 1.3.1 forwarders ensure).
- Timeline graph nodes (workflow-row, history-graph-row-visual):
  add aria-label to the <g role="button"> wrapper so AT users hear
  the workflow id + status (or event type + classification)
  instead of bare "button". Removes the previous dependency on
  reaching the legend tooltip to decode color.

New i18n keys: workflows.row-accessible-name,
events.row-accessible-name.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* revert: remove timeline graph aria-label changes from this PR

Per the PR scope decision, keep this PR focused on the Label
required-indicator fix only. The timeline graph status accessible-
name fix (workflow-row.svelte, history-graph-row-visual.svelte,
and the supporting i18n keys) will ship as its own separate PR
so the two SC 1.4.1 defects can be reviewed independently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): use text-danger so the asterisk actually renders red

The previous text-interactive-error class was a no-op for text
color (interactive-error is only registered under backgroundColor
in the theme plugin, not textColor), so the asterisk inherited
the default text color and rendered black/off-white instead of
red. text-danger maps to --color-text-danger (red.700 light /
red.400 dark) which is the proper red text token.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: simplify required-asterisk span

The parent <label> already provides text-sm and font-medium, so
the span inherits both. Only text-danger is doing actual work;
the size/weight/leading classes were redundant.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(label): refine required-asterisk visual alignment

- font-mono: mono asterisks are larger and more geometrically
  centered than proportional ones, making them feel like a proper
  visual indicator rather than a tiny text-style superscript.
- leading-none: tightens the span's line-box to the character.
- translate-y-0.5: small downward nudge so the asterisk aligns
  with the label baseline rather than sitting above it.
- -ml-1: reduces the gap to the preceding label text (8px -> 4px).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): tabindex on <main> so the skip link moves focus reliably (WCAG 2.4.1) (#3451)

The SkipNavigation primitive renders <a href="#content">, which
targets <main id="content"> in main-content-container.svelte. By
HTML spec, <main> without tabindex is not programmatically
focusable -- so activating the skip link only reliably moves
focus on Chromium-based browsers (Chrome, Edge). Safari and
older Firefox scroll the target into view but leave focus on the
skip link itself, defeating the bypass for keyboard and screen-
reader users.

Adding tabindex="-1" makes <main> programmatically focusable
(so the hash-link navigation lands focus there) while keeping it
out of the natural Tab order. Closes WCAG 2.4.1 sufficient-
technique G1's "programmatically moves focus" requirement across
all browsers.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): info-and-relationships compliance (WCAG 1.3.1) (#3432)

Four related fixes under SC 1.3.1, grouped per the audit's
correction of the matrix pathway:

- NumberInput / Textarea: forward `required` to the underlying
  native element. Previously the visual red-dot appeared via
  <Label> but the field was not programmatically required, so AT
  users heard an optional-field announcement despite the visible
  indicator.
- RadioGroup: add role="radiogroup" and link the optional
  description via aria-labelledby so AT users hear the group as a
  whole rather than each radio in isolation.
- Tables: add scope="col" to every <th> in product data tables
  (workflows, schedules, workers, batch-operations, child/parent
  workflow relationships). Fixes WCAG technique H63.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>

* fix(query): quote ExecutionDuration Go duration strings in visibility SQL (#3482)

ExecutionDuration is typed as INT in the search attributes store, so
formatValue returns its values unquoted. PR #3435 (DT-4039) added an
explicit unquoted INT path which broke ExecutionDuration because it uses
Go duration strings (30s, 1m30s) that vitess rejects as unquoted tokens.

Add an ExecutionDuration guard before the INT/duration paths: quote
non-integer values as strings, pass plain integers (nanoseconds) through
unquoted.

* Passthrough goto params to link component (#3483)

* feat: add centerButton, menuButton, and linksContent snippets to BottomNavigation (#3485)

* feat: add centerButton snippet to BottomNavigation for custom center content

* feat: add centerButton, menuButton, and linksContent snippets to BottomNavigation

* feat: add bars icon to holocene icon set

* fix: add "for" to validate connection modal title (#3488)

The worker deployment version validate connection modal title now reads
"Validate Connection for <version>" instead of "Validate Connection <version>".

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(DT-4069): Update modal backdrop to 50% opaque (#3486)

* refactor: Input & DatePicker - Svelte 5 & afterLabel snippet (#3479)

* Fix decoded object payload summaries (#3491)

* Fix decoded object payload summaries

* Convert event details row to Svelte 5

* fix(DT-4044): only use browser codec endpoint when override option is selected (#3490)

When the user selects "Use Namespace-level setting, where available" and
no namespace codec is configured, the browser endpoint was incorrectly
used as a fallback. Now returns empty string so no codec is invoked.

* fix(a11y): improve 1.1.1 non-text content compliance (#3431)

- nexus-empty-state.svelte: mark Andromeda illustration decorative
  with alt="" + aria-hidden on wrapper. Previously screen readers
  announced "Andromeda, image" (the filename), conveying nothing.
- toast.svelte: add runtime fallback to translate('common.close')
  when closeButtonLabel is missing or empty. TypeScript-required
  prop still flags missing-at-compile-time, but an empty string or
  undefined at runtime now produces a labeled icon button rather
  than aria-label="".

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>

* fix(a11y): make Tooltip keyboard-accessible, dismissible, and hoverable (#3429)

* fix: make Tooltip keyboard-accessible, dismissible, and hoverable

The Tooltip primitive was mouse-only: no focus handlers, no Escape
dismiss, and portal tooltips disappeared when moving the pointer to
the popover content. This failed all three WCAG 2.2 SC 1.4.13
criteria (Content on Hover or Focus).

Changes:
- Show tooltip on keyboard focus via focusin/focusout on wrapper
- Dismiss on Escape (resets when interaction ends)
- Track pointer hover on the popover itself (diagonal hover bridge)
- Unify both portal and inline variants on a single isOpen derived
- Add role="tooltip" and aria-describedby linkage for screen readers

No API changes — all existing consumers work identically, with the
added benefit that tooltips now appear on keyboard focus.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(tooltip): unify hover-zone handling and match repo patterns

- Use <svelte:window on:keydown> instead of reactive document
  listener (mirrors maximizable.svelte)
- Fix hover state lingering when mouse leaves popover to empty
  space by unifying wrapper + popover into a single hover zone
- Extract HOVER_HIDE_DELAY_MS constant
- Drop redundant isPopoverHovered state

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(tooltip): use crypto.randomUUID() for tooltip id

Align tooltip id generation with the codebase convention used across
Holocene (accordion.svelte, accordion-light.svelte) and the rest of the
app, replacing the ad-hoc Math.random().toString(36) approach.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* refactor(tooltip): drop unused group/tooltip class

The group/tooltip marker only existed to drive the group-hover/tooltip:
utilities that previously controlled visibility. Tooltip open/close is
now fully JS-driven via isOpen, leaving this class with no consumers.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>

* fix(a11y): name-role-value compliance, partial (WCAG 4.1.2) (#3434)

* fix(a11y): name-role-value compliance (WCAG 4.1.2)

Five fixes under SC 4.1.2 Name, Role, Value:

- Accordion content panel: remove role="textbox". The disclosure
  panel is static content, not an editable text input; AT
  announced "edit text" on every Accordion consumer.
- Accordion + AccordionLight: move slot="action" out of the
  disclosure <button> into a sibling element. Previously
  consumers placing focusable content in the action slot
  produced <button><button>... nested-interactive HTML.
- CopyButton: ship translated default labels via i18n. Empty
  string defaults in CodeBlock previously propagated to an Icon
  that hid itself, producing unlabeled icon-only buttons across
  ~11 CodeBlock instances.
- nav-section: filter out hidden nav items. The NavLinkItem.hidden
  flag was declared on the type and set at source but never
  consulted at render time, so Standalone Activities / Nexus
  links rendered as focusable for AT users on servers that
  cannot serve them.
- Workflow family tree: add aria-label to the two SVG
  <g role="button"> widgets so screen readers announce node
  identity instead of "button".

Deferred to follow-up PRs (audit blockers):
- 4.1.2-button-anchor-empty: audit recommends a two-PR sequenced
  rollout (primitive change + consumer migration).
- 4.1.2-codemirror-no-name: ~5 CodeBlock consumer surfaces need
  design input on label content.
- relationships nested-interactive restructure: site B (button
  wraps Link) and site A's nested <a> extraction are substantial
  SVG/HTML restructures separate from the labeling fix above.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(a11y): localize workflow family-tree node aria-labels

The family-tree node aria-labels hardcoded the English word "Workflow",
inconsistent with the codebase convention of localizing aria-labels via
translate(). Add a parameterized workflows.family-node-label i18n key and
use it for both the root and child node widgets.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>

* feat(nexus-operations): standalone nexus operation details page [DT-4002]

Add tab-based detail view for individual nexus operations with live long-polling.
Mirrors standalone activity detail page pattern with nexus-specific fields:
identity, operation, status, timing, attempt, timeout config, cancellation info,
nexus header, and input/outcome payload display.

* feat(nexus-operations): redesign details page to match Figma layout

Restructure the details page around "Operation Event History" with three
subsections: Run Details, Operation Details, Timeout Configuration.

- Add filterable links for endpoint, service, and operation fields
- Add handler namespace and handler operation link from nexus operation links
- Show nexus header code block inline in Operation Details section
- Move last attempt failure into the Attempt section (conditional)
- Add handler namespace note when handler workflow link is present

* fix(nexus-operations): pass namespace to filter links on details page

* fix nexus operation id

---------

Co-authored-by: Andrew Zamojc <andrew.zamojc@temporal.io>
Co-authored-by: Alex Tideman <alex.tideman@temporal.io>
Co-authored-by: Ardie Wen <39966887+ardiewen@users.noreply.github.com>
Co-authored-by: Tegan Churchill <tegan.churchill@temporal.io>
Co-authored-by: Ross Nelson <ross.nelson@temporal.io>
Co-authored-by: Alex Thomsen <alex.scott.thomsen@gmail.com>
Co-authored-by: Bilal Karim <4129613+bilal-karim@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>

* fix(nexus-operations): align fetchNexusOperationCountByStatus return type with StatusCounts prop

Return Promise<Required<CountWorkflowExecutionsResponse>> and default groups to [] to match the
pattern used by fetchWorkflowCountByExecutionStatus.

* feat(nexus-operations): standalone nexus operation commands (start/cancel/terminate) [DT-4008] (#3504)

* feat(nexus-operations): add cancel/terminate modals and actions to nexus operation header [DT-4008]

Add cancel confirmation modal, terminate confirmation modal, and nexus
operation actions component. Wire actions into the header with
Request Cancellation button and More Actions menu (Terminate + Start Like
This One). Add route-for helper and i18n strings for the start form.

* feat(nexus-operations): add start standalone nexus operation form and route [DT-4008]

Adds the start nexus operation form with fields for operation ID (with random UUID generation), endpoint, service, operation name, payload input, timeouts, and advanced options (nexus header, search attributes, user metadata, ID policies).

* feat(nexus-operations): pre-fill input payload when starting nexus operation like this one [DT-4008]

Adds fetchInitialValuesForStartNexusOperation to decode the source operation's input payload, encoding, message type, user metadata, and search attributes. The start form pre-populates these fields on mount when operationId and runId are present in the URL, and auto-expands advanced options when there is pre-filled data.

* fix nav width for cloud

* add cloud escape hatch to SANO guard

* add a guard for SANO actions

* fix SANO system saved views

* add runId to routes, links, etc. and fix table columns

* fix import

* fix case of runId

* fix details

* Fix links to use Links property, fix Result/Failure type and rendering, don't make timeouts required

* remove version check from guard

* fix tests

* add integration tests

* update start SANO form to match current designs

* fix breadcrumb text

* add close time to default columns

* fix(sano): show field-level error and toast on duplicate operation ID (409)

When the API returns 409 for a rejected duplicate operation ID, display an
error toast, a field-level hint on the operationId input, and focus the field.

* fix(sano): show completed operation error state for allow-duplicate-failed-only policy

When idReusePolicy is ALLOW_DUPLICATE_FAILED_ONLY and a 409 is returned, show
a distinct toast and field-level error indicating the ID is in use by a completed operation.

* fix(sano): show conflict error state for use-existing ID conflict policy

* refactor(sano): extract 409 error handlers from onUpdate catch block

---------

Co-authored-by: Andrew Zamojc <andrew.zamojc@temporal.io>
Co-authored-by: Alex Tideman <alex.tideman@temporal.io>
Co-authored-by: Ardie Wen <39966887+ardiewen@users.noreply.github.com>
Co-authored-by: Tegan Churchill <tegan.churchill@temporal.io>
Co-authored-by: Ross Nelson <ross.nelson@temporal.io>
Co-authored-by: Alex Thomsen <alex.scott.thomsen@gmail.com>
Co-authored-by: Bilal Karim <4129613+bilal-karim@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ardie Wen <ardie.wen@temporal.io>
Co-authored-by: Your Name <alex.tideman@gmail.com>
laurakwhit and others added 3 commits July 10, 2026 21:13
Validate extension trust, permissions, routes, and slot sizing on the server and client. Add the authenticated registry, CSP integration, runnable separate-origin example, and browser security coverage.
Use a classic deferred entry script and a whitelist-only static server so the unprivileged sandbox can run without broad CORS access. Add browser coverage for the null-origin handshake, host state, and resize behavior.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants