mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-09 07:25:43 +08:00
Fix/resolve different bugs (#964)
* fix: don't overlap thinking banner over conversation * feat: support message queue and add attention indicator * fix(shell): use c to copy for claude * fix: strip timestamp tags from cursor * fix: select project when loading session from direct URL * feat: support attached images for all providers * feat(opencode): support permission options * fix: resolve source control and chat UX bugs - make staging real in the git panel: new /stage and /unstage endpoints, /status now reports the actual index via porcelain -z (handles renames, conflicts, and paths with spaces), and Stage/Unstage All run real git commands instead of toggling client-side state - add branch search to the header dropdown and Branches tab - persist the chosen permission mode per provider so a brand-new chat keeps it once the session id arrives, instead of reverting to default - replace cmdk's fuzzy model search with strict token matching so "chatgpt" no longer surfaces unrelated models - unit tests for the git status parser * feat(git): commit graph in history view and cross-spawn everywhere - render a VSCode-style commit graph in the source control history: lane-assignment algorithm, SVG strip with colored rails, merge and branch curves, commit dots, and branch/tag badges per commit - /commits returns parents and ref decorations across all branches (--branches --remotes --tags --topo-order) using unit-separator fields so pipes in commit subjects can't break parsing - collect stats via a single --shortstat pass instead of one `git show --stat` call per commit; raise the history limit to 50 - replace child_process spawn with cross-spawn in all runtimes, routes, and services: it resolves .cmd shims and PATHEXT on Windows (fixing taskmaster's npx invocations) and delegates to native spawn elsewhere, removing the per-file win32 ternaries - unit tests for the log parser and lane assignment * fix: remove gemini support since google discontinued it * fix: address code review findings - validate chat image attachments server-side: only files inside the ~/.cloudcli/assets upload store may reach provider file reads - harden asset serving with nosniff and attachment disposition for SVGs to prevent stored XSS - show the timestamp on image-only user messages - serialize git stage/unstage calls and defer the status re-sync so rapid toggles can't interleave or flicker - use a literal hex fallback for commit ref badges (alpha suffix on a var() string produced invalid CSS) - stop binding a URL session to a guening project instead - add the missing attentionRequiredIndicator key to all sidebar locales - clean up dangling conjunctions left the de/ru/tr/ja/zh-CN/zh-TW READMEs * fix: address code scanning findings - enforce a second image trust boundary in the provider builders: buildClaudeUserContent/buildCodexInputItems only accept files inside the upload store or the run's working directory (CodeQL path injection) - drop an always-true selectedProject check in handleSubmit - remove the unused resume option from spawnCursor * fix: use CodeQL-recognized containment check for image reads Replace the path.relative guard in isPathInsideDirectory with the resolve + startsWith(root + sep) idiom so the path-injection barrier is visible to code scanning; behavior is unchanged. * fix(security): canonicalize Claude image attachment reads Resolve image attachment paths with realpath before reading so symlinks inside allowed roots cannot escape to arbitrary files. Preserve support for symlinked project/upload roots and add focused coverage for both cases. * fix: show agent subtask * fix(sessions): title app-created sessions from the first user message App-created sessions (started by sending a message from cloudcli) were titled with placeholder names — "Untitled Codex Session" from the disk indexer and, briefly, "New session" from the empty canonical upsert — before a later sync finally settled on the right text, causing the sidebar title to flicker. - Codex/OpenCode synchronizers now title app-created sessions (distinct app id mapped to a provider id) from the first user message, while sessions found purely by indexing keep their existing setup. Claude keeps its AI-generated titles; Cursor already used the first message. - Decode OpenCode's JSON-string-literal prompts so titles no longer surface wrapped in quotes; hoist unwrapJsonStringLiteral into shared/utils since it's now used by both the reader and synchronizer. - Guard the sidebar upsert merge so an empty summary can never blank out a title that is already set. - Add codex/opencode synchronizer tests for the app-created vs indexed naming paths. * fix(chat): make message queuing reliable across sessions and turn boundaries Queued messages had four related defects: - A queued message flashed and then vanished at flush time: concurrent transcript refreshes (the `complete` handler racing the watcher-triggered update) could resolve out of order, letting a stale response overwrite newer server messages after the optimistic row was pruned. Session slots now carry a monotonic fetch ticket and discard stale fetch/refresh/ fetchMore responses. - Switching sessions flushed the previous session's queued draft into the newly viewed one (sending it with the wrong provider's settings, e.g. a Claude model into a Codex session). The composer flush is now scoped to its session, and a draft restored into an idle session sends after a short grace period so a live-run ack can cancel it. - The thinking banner never appeared for a queued turn: the chat handler's session-keyed completeRun safety net could fire after a queued message had already started the session's next run, emitting a spurious `complete` that killed it. The safety net is now scoped to its own run via completeRunIfCurrent (with a regression test). - Queued messages only sent while their session was being viewed. Drafts now persist their send options (model, effort, permissions) at queue time, and a new app-level useQueuedMessageAutoSend hook dispatches a non-viewed session's queued message as soon as its run completes, using the storage key as the claim ticket to prevent double sends.
This commit is contained in:
180
server/modules/providers/tests/provider-image-history.test.ts
Normal file
180
server/modules/providers/tests/provider-image-history.test.ts
Normal file
@@ -0,0 +1,180 @@
|
||||
import assert from 'node:assert/strict';
|
||||
import test from 'node:test';
|
||||
|
||||
import { ClaudeSessionsProvider } from '@/modules/providers/list/claude/claude-sessions.provider.js';
|
||||
import { CodexSessionsProvider, extractCodexUserImages } from '@/modules/providers/list/codex/codex-sessions.provider.js';
|
||||
import { CursorSessionsProvider } from '@/modules/providers/list/cursor/cursor-sessions.provider.js';
|
||||
import { appendImagesInputTag } from '@/shared/image-attachments.js';
|
||||
|
||||
const SESSION_ID = 'session-1';
|
||||
|
||||
// ---------------------------------------------------------------- Claude
|
||||
|
||||
test('claude history: base64 image blocks surface as user message images', () => {
|
||||
const provider = new ClaudeSessionsProvider();
|
||||
const entry = {
|
||||
uuid: 'u1',
|
||||
timestamp: '2026-07-03T10:00:00.000Z',
|
||||
message: {
|
||||
role: 'user',
|
||||
content: [
|
||||
{ type: 'text', text: 'What is in this screenshot?' },
|
||||
{ type: 'image', source: { type: 'base64', media_type: 'image/png', data: 'QUJD' } },
|
||||
{ type: 'image', source: { type: 'base64', media_type: 'image/jpeg', data: 'REVG' } },
|
||||
],
|
||||
},
|
||||
};
|
||||
|
||||
const messages = provider.normalizeMessage(entry, SESSION_ID);
|
||||
|
||||
assert.equal(messages.length, 1);
|
||||
assert.equal(messages[0].kind, 'text');
|
||||
assert.equal(messages[0].role, 'user');
|
||||
assert.equal(messages[0].content, 'What is in this screenshot?');
|
||||
assert.deepEqual(messages[0].images, [
|
||||
{ data: 'data:image/png;base64,QUJD' },
|
||||
{ data: 'data:image/jpeg;base64,REVG' },
|
||||
]);
|
||||
});
|
||||
|
||||
test('claude history: image-only user turns still produce a bubble', () => {
|
||||
const provider = new ClaudeSessionsProvider();
|
||||
const entry = {
|
||||
uuid: 'u2',
|
||||
timestamp: '2026-07-03T10:00:00.000Z',
|
||||
message: {
|
||||
role: 'user',
|
||||
content: [
|
||||
{ type: 'image', source: { type: 'base64', media_type: 'image/png', data: 'QUJD' } },
|
||||
],
|
||||
},
|
||||
};
|
||||
|
||||
const messages = provider.normalizeMessage(entry, SESSION_ID);
|
||||
|
||||
assert.equal(messages.length, 1);
|
||||
assert.equal(messages[0].role, 'user');
|
||||
assert.equal(messages[0].content, '');
|
||||
assert.deepEqual(messages[0].images, [{ data: 'data:image/png;base64,QUJD' }]);
|
||||
});
|
||||
|
||||
test('claude history: plain text user turns carry no images field', () => {
|
||||
const provider = new ClaudeSessionsProvider();
|
||||
const entry = {
|
||||
uuid: 'u3',
|
||||
timestamp: '2026-07-03T10:00:00.000Z',
|
||||
message: { role: 'user', content: [{ type: 'text', text: 'hello' }] },
|
||||
};
|
||||
|
||||
const messages = provider.normalizeMessage(entry, SESSION_ID);
|
||||
assert.equal(messages.length, 1);
|
||||
assert.equal(messages[0].images, undefined);
|
||||
});
|
||||
|
||||
// ---------------------------------------------------------------- Codex
|
||||
|
||||
test('codex history: user_message payload images become path attachments', () => {
|
||||
// Real rollout shape: local_image input items land in `local_images`,
|
||||
// while `images` stays an empty array.
|
||||
assert.deepEqual(
|
||||
extractCodexUserImages({
|
||||
type: 'user_message',
|
||||
message: 'can u see attached image?',
|
||||
images: [],
|
||||
local_images: ['C:\\proj\\.cloudcli\\assets\\a.png'],
|
||||
}),
|
||||
[{ path: 'C:/proj/.cloudcli/assets/a.png' }],
|
||||
);
|
||||
assert.deepEqual(
|
||||
extractCodexUserImages({ type: 'user_message', message: 'hi', images: ['/proj/b.jpg'] }),
|
||||
[{ path: '/proj/b.jpg' }],
|
||||
);
|
||||
assert.equal(extractCodexUserImages({ type: 'user_message', message: 'hi' }), undefined);
|
||||
assert.equal(extractCodexUserImages({ type: 'user_message', message: 'hi', images: [], local_images: [] }), undefined);
|
||||
});
|
||||
|
||||
test('codex history: base64 data URLs pass through as inline data attachments', () => {
|
||||
const dataUrl = 'data:image/png;base64,QUJD';
|
||||
assert.deepEqual(
|
||||
extractCodexUserImages({
|
||||
type: 'user_message',
|
||||
message: 'look',
|
||||
images: [dataUrl],
|
||||
local_images: ['C:\\proj\\a.png'],
|
||||
}),
|
||||
[{ path: 'C:/proj/a.png' }, { data: dataUrl }],
|
||||
);
|
||||
});
|
||||
|
||||
test('codex history: normalized user entries keep their images', () => {
|
||||
const provider = new CodexSessionsProvider();
|
||||
const messages = provider.normalizeMessage(
|
||||
{
|
||||
timestamp: '2026-07-03T10:00:00.000Z',
|
||||
message: { role: 'user', content: 'Look at this' },
|
||||
images: [{ path: '.cloudcli/assets/a.png' }],
|
||||
},
|
||||
SESSION_ID,
|
||||
);
|
||||
|
||||
assert.equal(messages.length, 1);
|
||||
assert.equal(messages[0].role, 'user');
|
||||
assert.equal(messages[0].content, 'Look at this');
|
||||
assert.deepEqual(messages[0].images, [{ path: '.cloudcli/assets/a.png' }]);
|
||||
});
|
||||
|
||||
// ---------------------------------------------------------------- Cursor
|
||||
|
||||
test('cursor history: <images_input> inside user_query is stripped and attached', () => {
|
||||
const provider = new CursorSessionsProvider();
|
||||
const taggedPrompt = appendImagesInputTag('Fix the layout bug', [{ path: '.cloudcli/assets/shot.png' }]);
|
||||
const blobs = [
|
||||
{
|
||||
id: 'blob1',
|
||||
sequence: 1,
|
||||
rowid: 1,
|
||||
content: {
|
||||
role: 'user',
|
||||
content: `<timestamp>2026-07-03</timestamp>\n<user_query>${taggedPrompt}</user_query>`,
|
||||
},
|
||||
},
|
||||
{
|
||||
id: 'blob2',
|
||||
sequence: 2,
|
||||
rowid: 2,
|
||||
content: {
|
||||
role: 'assistant',
|
||||
content: [{ type: 'text', text: 'Done — the flex container was wrong.' }],
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
const messages = provider.normalizeCursorBlobs(blobs, SESSION_ID);
|
||||
|
||||
assert.equal(messages.length, 2);
|
||||
assert.equal(messages[0].role, 'user');
|
||||
assert.equal(messages[0].content, 'Fix the layout bug');
|
||||
assert.deepEqual(messages[0].images, [{ path: '.cloudcli/assets/shot.png' }]);
|
||||
assert.equal(messages[1].role, 'assistant');
|
||||
assert.equal(messages[1].images, undefined);
|
||||
});
|
||||
|
||||
test('cursor history: user text without a tag keeps existing behavior', () => {
|
||||
const provider = new CursorSessionsProvider();
|
||||
const blobs = [
|
||||
{
|
||||
id: 'blob1',
|
||||
sequence: 1,
|
||||
rowid: 1,
|
||||
content: {
|
||||
role: 'user',
|
||||
content: '<timestamp>2026-07-03</timestamp>\n<user_query>plain question</user_query>',
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
const messages = provider.normalizeCursorBlobs(blobs, SESSION_ID);
|
||||
assert.equal(messages.length, 1);
|
||||
assert.equal(messages[0].content, 'plain question');
|
||||
assert.equal(messages[0].images, undefined);
|
||||
});
|
||||
Reference in New Issue
Block a user