fix: recognize claude auth token env

2026-06-16 12:02:02 +08:00 · 2026-06-02 14:18:32 +03:00
10 changed files with 632 additions and 253 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -67,7 +67,7 @@
  "author": "CloudCLI UI Contributors",
  "license": "AGPL-3.0-or-later",
  "dependencies": {
-    "@anthropic-ai/claude-agent-sdk": "^0.3.165",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.116",
    "@codemirror/lang-css": "^6.3.1",
    "@codemirror/lang-html": "^6.4.9",
    "@codemirror/lang-javascript": "^6.2.4",
@@ -96,7 +96,6 @@
    "cmdk": "^1.1.1",
    "cors": "^2.8.5",
    "cross-spawn": "^7.0.3",
-    "dompurify": "^3.4.7",
    "express": "^4.18.2",
    "fuse.js": "^7.0.0",
    "gray-matter": "^4.0.3",
--- a/public/modelConstants.js
+++ b/public/modelConstants.js
@@ -11,7 +11,7 @@ export const CLAUDE_MODELS = {
    {
      value: "default",
      label: "Default (recommended)",
-      description: "Use the default model (currently Opus 4.8 (1M context)) · $5/$25 per Mtok",
+      description: "Use the default model (currently Opus 4.7 (1M context)) · $5/$25 per Mtok",
    },
    {
      value: "sonnet",
--- a/server/modules/websocket/services/websocket-server.service.ts
+++ b/server/modules/websocket/services/websocket-server.service.ts
@@ -31,24 +31,6 @@ export function createWebSocketServer(
  });

  wss.on('connection', (ws, request) => {
-    // Keep WebSocket alive across reverse-proxy idle timeouts (Cloudflare ~100s,
-    // AWS ALB 60s, nginx 60s, etc.). Without app-level pings these connections
-    // are silently torn down even when the UI is active, causing repeated
-    // reconnect cycles. ws library heartbeat is opt-in.
-    const HEARTBEAT_INTERVAL_MS = 30_000;
-    const heartbeat = setInterval(() => {
-      if (ws.readyState === ws.OPEN) {
-        try {
-          ws.ping();
-        } catch {
-          // socket may have been closed concurrently — interval will be cleared below
-        }
-      }
-    }, HEARTBEAT_INTERVAL_MS);
-    const stopHeartbeat = () => clearInterval(heartbeat);
-    ws.on('close', stopHeartbeat);
-    ws.on('error', stopHeartbeat);
-
    const incomingRequest = request as AuthenticatedWebSocketRequest;
    const url = incomingRequest.url ?? '/';
    const pathname = new URL(url, 'http://localhost').pathname;
--- a/src/components/chat/view/subcomponents/ChatComposer.tsx
+++ b/src/components/chat/view/subcomponents/ChatComposer.tsx
@@ -295,7 +295,6 @@ export default function ChatComposer({

            <PromptInputTextarea
              ref={textareaRef}
-              dir="auto"
              value={input}
              onChange={onInputChange}
              onClick={onTextareaClick}
--- a/src/components/chat/view/subcomponents/MessageComponent.tsx
+++ b/src/components/chat/view/subcomponents/MessageComponent.tsx
@@ -120,7 +120,7 @@ const MessageComponent = memo(({ message, prevMessage, createDiff, onFileOpen, o
        /* User message bubble on the right */
        <div className="flex w-full items-end space-x-0 sm:w-auto sm:max-w-[85%] sm:space-x-3 md:max-w-md lg:max-w-lg xl:max-w-xl">
          <div className="group flex-1 rounded-2xl rounded-br-md bg-blue-600 px-3 py-2 text-white shadow-sm sm:flex-initial sm:px-4">
-            <div dir="auto" className="whitespace-pre-wrap break-words text-sm">
+            <div className="whitespace-pre-wrap break-words text-sm">
              {message.content}
            </div>
            {message.images && message.images.length > 0 && (
@@ -405,7 +405,7 @@ const MessageComponent = memo(({ message, prevMessage, createDiff, onFileOpen, o
                </ReasoningContent>
              </Reasoning>
            ) : (
-              <div dir="auto" className="text-sm text-gray-700 dark:text-gray-300">
+              <div className="text-sm text-gray-700 dark:text-gray-300">
                {/* Reasoning accordion */}
                {showThinking && message.reasoning && (
                  <Reasoning className="mb-3" defaultOpen={false}>
--- a/src/components/chat/view/subcomponents/ProviderSelectionEmptyState.tsx
+++ b/src/components/chat/view/subcomponents/ProviderSelectionEmptyState.tsx
@@ -321,7 +321,6 @@ export default function ProviderSelectionEmptyState({

          <p className="mt-3 flex items-center justify-center gap-1.5 text-center text-xs text-muted-foreground/60">
            <Trans
-              ns="chat"
              i18nKey="providerSelection.pressToSearch"
              values={{ shortcut: MOD_KEY === "⌘" ? "⌘K" : "Ctrl+K" }}
              components={{
--- a/src/components/plugins/view/PluginIcon.tsx
+++ b/src/components/plugins/view/PluginIcon.tsx
@@ -1,6 +1,4 @@
 import { useState, useEffect } from 'react';
-import DOMPurify from 'dompurify';
-
 import { authenticatedFetch } from '../../../utils/api';

 type Props = {
@@ -12,48 +10,6 @@ type Props = {
 // Module-level cache so repeated renders don't re-fetch
 const svgCache = new Map<string, string>();

-const FORBIDDEN_SVG_TAGS = [
-  'script',
-  'foreignObject',
-  'iframe',
-  'object',
-  'embed',
-  'link',
-  'meta',
-  'style',
-  'animate',
-  'set',
-  'animateTransform',
-  'animateMotion',
-];
-
-const FORBIDDEN_SVG_ATTRS = [
-  'href',
-  'xlink:href',
-  'src',
-  'style',
-];
-
-function sanitizeSvg(svgText: string): string | null {
-  const sanitized = DOMPurify.sanitize(svgText, {
-    USE_PROFILES: { svg: true, svgFilters: true },
-    FORBID_TAGS: FORBIDDEN_SVG_TAGS,
-    FORBID_ATTR: FORBIDDEN_SVG_ATTRS,
-  });
-
-  if (!sanitized) return null;
-
-  try {
-    const doc = new DOMParser().parseFromString(sanitized, 'image/svg+xml');
-    const root = doc.documentElement;
-    if (!root || root.nodeName.toLowerCase() !== 'svg') return null;
-    if (doc.querySelector('parsererror')) return null;
-    return sanitized;
-  } catch {
-    return null;
-  }
-}
-
 export default function PluginIcon({ pluginName, iconFile, className }: Props) {
  const url = iconFile
    ? `/api/plugins/${encodeURIComponent(pluginName)}/assets/${encodeURIComponent(iconFile)}`
@@ -68,11 +24,9 @@ export default function PluginIcon({ pluginName, iconFile, className }: Props) {
        return r.text();
      })
      .then((text) => {
-        if (!text) return;
-        const sanitized = sanitizeSvg(text);
-        if (sanitized) {
-          svgCache.set(url, sanitized);
-          setSvg(sanitized);
+        if (text && text.trimStart().startsWith('<svg')) {
+          svgCache.set(url, text);
+          setSvg(text);
        }
      })
      .catch(() => {});
@@ -81,6 +35,10 @@ export default function PluginIcon({ pluginName, iconFile, className }: Props) {
  if (!svg) return <span className={className} />;

  return (
-    <span className={className} dangerouslySetInnerHTML={{ __html: svg }} />
+    <span
+      className={className}
+      // SVG is fetched from the user's own installed plugin — same trust level as the plugin code itself
+      dangerouslySetInnerHTML={{ __html: svg }}
+    />
  );
 }
--- a/src/contexts/WebSocketContext.tsx
+++ b/src/contexts/WebSocketContext.tsx
@@ -36,12 +36,8 @@ const useWebSocketProviderState = (): WebSocketContextType => {
  const { token } = useAuth();

  useEffect(() => {
-    // The cleanup below sets unmountedRef = true. Without this reset, every
-    // re-run of the effect (e.g. on token refresh) would short-circuit connect()
-    // at its unmounted guard and leave the socket permanently disconnected.
-    unmountedRef.current = false;
    connect();
-
+    
    return () => {
      unmountedRef.current = true;
      if (reconnectTimeoutRef.current) {
--- a/vite.config.js
+++ b/vite.config.js
@@ -37,10 +37,6 @@ export default defineConfig(({ mode }) => {
        '/shell': {
          target: `ws://${proxyHost}:${serverPort}`,
          ws: true
-        },
-        '/plugin-ws': {
-          target: `ws://${proxyHost}:${serverPort}`,
-          ws: true
        }
      }
    },