mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-09 07:25:43 +08:00
* fix: don't overlap thinking banner over conversation * feat: support message queue and add attention indicator * fix(shell): use c to copy for claude * fix: strip timestamp tags from cursor * fix: select project when loading session from direct URL * feat: support attached images for all providers * feat(opencode): support permission options * fix: resolve source control and chat UX bugs - make staging real in the git panel: new /stage and /unstage endpoints, /status now reports the actual index via porcelain -z (handles renames, conflicts, and paths with spaces), and Stage/Unstage All run real git commands instead of toggling client-side state - add branch search to the header dropdown and Branches tab - persist the chosen permission mode per provider so a brand-new chat keeps it once the session id arrives, instead of reverting to default - replace cmdk's fuzzy model search with strict token matching so "chatgpt" no longer surfaces unrelated models - unit tests for the git status parser * feat(git): commit graph in history view and cross-spawn everywhere - render a VSCode-style commit graph in the source control history: lane-assignment algorithm, SVG strip with colored rails, merge and branch curves, commit dots, and branch/tag badges per commit - /commits returns parents and ref decorations across all branches (--branches --remotes --tags --topo-order) using unit-separator fields so pipes in commit subjects can't break parsing - collect stats via a single --shortstat pass instead of one `git show --stat` call per commit; raise the history limit to 50 - replace child_process spawn with cross-spawn in all runtimes, routes, and services: it resolves .cmd shims and PATHEXT on Windows (fixing taskmaster's npx invocations) and delegates to native spawn elsewhere, removing the per-file win32 ternaries - unit tests for the log parser and lane assignment * fix: remove gemini support since google discontinued it * fix: address code review findings - validate chat image attachments server-side: only files inside the ~/.cloudcli/assets upload store may reach provider file reads - harden asset serving with nosniff and attachment disposition for SVGs to prevent stored XSS - show the timestamp on image-only user messages - serialize git stage/unstage calls and defer the status re-sync so rapid toggles can't interleave or flicker - use a literal hex fallback for commit ref badges (alpha suffix on a var() string produced invalid CSS) - stop binding a URL session to a guening project instead - add the missing attentionRequiredIndicator key to all sidebar locales - clean up dangling conjunctions left the de/ru/tr/ja/zh-CN/zh-TW READMEs * fix: address code scanning findings - enforce a second image trust boundary in the provider builders: buildClaudeUserContent/buildCodexInputItems only accept files inside the upload store or the run's working directory (CodeQL path injection) - drop an always-true selectedProject check in handleSubmit - remove the unused resume option from spawnCursor * fix: use CodeQL-recognized containment check for image reads Replace the path.relative guard in isPathInsideDirectory with the resolve + startsWith(root + sep) idiom so the path-injection barrier is visible to code scanning; behavior is unchanged. * fix(security): canonicalize Claude image attachment reads Resolve image attachment paths with realpath before reading so symlinks inside allowed roots cannot escape to arbitrary files. Preserve support for symlinked project/upload roots and add focused coverage for both cases. * fix: show agent subtask * fix(sessions): title app-created sessions from the first user message App-created sessions (started by sending a message from cloudcli) were titled with placeholder names — "Untitled Codex Session" from the disk indexer and, briefly, "New session" from the empty canonical upsert — before a later sync finally settled on the right text, causing the sidebar title to flicker. - Codex/OpenCode synchronizers now title app-created sessions (distinct app id mapped to a provider id) from the first user message, while sessions found purely by indexing keep their existing setup. Claude keeps its AI-generated titles; Cursor already used the first message. - Decode OpenCode's JSON-string-literal prompts so titles no longer surface wrapped in quotes; hoist unwrapJsonStringLiteral into shared/utils since it's now used by both the reader and synchronizer. - Guard the sidebar upsert merge so an empty summary can never blank out a title that is already set. - Add codex/opencode synchronizer tests for the app-created vs indexed naming paths. * fix(chat): make message queuing reliable across sessions and turn boundaries Queued messages had four related defects: - A queued message flashed and then vanished at flush time: concurrent transcript refreshes (the `complete` handler racing the watcher-triggered update) could resolve out of order, letting a stale response overwrite newer server messages after the optimistic row was pruned. Session slots now carry a monotonic fetch ticket and discard stale fetch/refresh/ fetchMore responses. - Switching sessions flushed the previous session's queued draft into the newly viewed one (sending it with the wrong provider's settings, e.g. a Claude model into a Codex session). The composer flush is now scoped to its session, and a draft restored into an idle session sends after a short grace period so a live-run ack can cancel it. - The thinking banner never appeared for a queued turn: the chat handler's session-keyed completeRun safety net could fire after a queued message had already started the session's next run, emitting a spurious `complete` that killed it. The safety net is now scoped to its own run via completeRunIfCurrent (with a regression test). - Queued messages only sent while their session was being viewed. Drafts now persist their send options (model, effort, permissions) at queue time, and a new app-level useQueuedMessageAutoSend hook dispatches a non-viewed session's queued message as soon as its run completes, using the storage key as the claim ticket to prevent double sends.
344 lines
11 KiB
TypeScript
344 lines
11 KiB
TypeScript
import path from 'node:path';
|
|
|
|
import { projectsDb, sessionsDb } from '@/modules/database/index.js';
|
|
import { generateDisplayName } from '@/modules/projects/index.js';
|
|
import { ChatSessionWriter } from '@/modules/websocket/services/chat-session-writer.service.js';
|
|
import { connectedClients, WS_OPEN_STATE } from '@/modules/websocket/services/websocket-state.service.js';
|
|
import type {
|
|
LLMProvider,
|
|
NormalizedMessage,
|
|
RealtimeClientConnection,
|
|
} from '@/shared/types.js';
|
|
|
|
type ChatRunStatus = 'running' | 'completed';
|
|
|
|
/**
|
|
* One live (or recently finished) provider run for a single app session.
|
|
*
|
|
* State notes — why each mutable field is essential:
|
|
* - `providerSessionId`: the provider-native id captured mid-run. The abort
|
|
* handler needs it to address the provider runtime, and the DB mapping is
|
|
* written from it so history/resume work after the run.
|
|
* - `status`: drives `chat_subscribed.isProcessing`, prevents double sends
|
|
* into the same session, and guards the synthetic-complete fallback in the
|
|
* chat handler (only emitted when a runtime died without completing).
|
|
* - `lastSeq` / `events`: the per-run event log. Every live event gets a
|
|
* monotonically increasing `seq` and is buffered so a reconnecting client
|
|
* can replay exactly the events it missed via `chat.subscribe`.
|
|
*/
|
|
type ChatRun = {
|
|
appSessionId: string;
|
|
provider: LLMProvider;
|
|
providerSessionId: string | null;
|
|
status: ChatRunStatus;
|
|
lastSeq: number;
|
|
events: NormalizedMessage[];
|
|
writer: ChatSessionWriter;
|
|
startedAt: number;
|
|
completedAt: number | null;
|
|
};
|
|
|
|
/**
|
|
* How long a completed run stays available for replay. Covers the window
|
|
* between a run finishing and the client refreshing history over REST (for
|
|
* example when the browser tab was asleep while the run completed).
|
|
*/
|
|
const COMPLETED_RUN_RETENTION_MS = 5 * 60 * 1000;
|
|
|
|
/**
|
|
* Upper bound on buffered events per run so a very long tool-heavy run cannot
|
|
* grow memory unbounded. When exceeded, the oldest events are dropped —
|
|
* a reconnecting client whose `lastSeq` predates the buffer falls back to a
|
|
* REST history refresh, which is always the authoritative source.
|
|
*/
|
|
const MAX_BUFFERED_EVENTS_PER_RUN = 5000;
|
|
|
|
/**
|
|
* Active and recently-completed runs keyed by app session id.
|
|
*
|
|
* This map is the single in-memory source of truth for "is something running
|
|
* for this session" — the chat websocket handler, abort path, and subscribe
|
|
* path all consult it instead of asking each provider runtime individually.
|
|
*/
|
|
const runs = new Map<string, ChatRun>();
|
|
|
|
async function broadcastCanonicalSessionUpsert(appSessionId: string): Promise<void> {
|
|
const row = sessionsDb.getSessionById(appSessionId);
|
|
if (!row || row.isArchived) {
|
|
return;
|
|
}
|
|
|
|
const projectPath = row.project_path;
|
|
const project = projectPath ? projectsDb.getProjectPath(projectPath) : null;
|
|
const displayName = project?.custom_project_name?.trim()
|
|
? project.custom_project_name
|
|
: await generateDisplayName(path.basename(projectPath ?? '') || (projectPath ?? ''), projectPath);
|
|
|
|
const payload = JSON.stringify({
|
|
kind: 'session_upserted',
|
|
sessionId: row.session_id,
|
|
providerSessionId: row.provider_session_id,
|
|
provider: row.provider,
|
|
session: {
|
|
id: row.session_id,
|
|
summary: row.custom_name || '',
|
|
messageCount: 0,
|
|
lastActivity: row.updated_at ?? row.created_at ?? new Date().toISOString(),
|
|
},
|
|
project: project
|
|
? {
|
|
projectId: project.project_id,
|
|
path: project.project_path,
|
|
fullPath: project.project_path,
|
|
displayName,
|
|
isStarred: Boolean(project.isStarred),
|
|
}
|
|
: null,
|
|
timestamp: new Date().toISOString(),
|
|
});
|
|
|
|
connectedClients.forEach((client) => {
|
|
if (client.readyState === WS_OPEN_STATE) {
|
|
client.send(payload);
|
|
}
|
|
});
|
|
}
|
|
|
|
function evictRunLater(appSessionId: string): void {
|
|
const timer = setTimeout(() => {
|
|
const run = runs.get(appSessionId);
|
|
if (run && run.status === 'completed') {
|
|
runs.delete(appSessionId);
|
|
}
|
|
}, COMPLETED_RUN_RETENTION_MS);
|
|
|
|
// Never keep the process alive just to evict a buffered run.
|
|
timer.unref?.();
|
|
}
|
|
|
|
/**
|
|
* Decorates one outbound live event for a run and records it in the event log.
|
|
*
|
|
* Responsibilities:
|
|
* 1. Remap `sessionId` (and `actualSessionId` on `complete`) to the stable
|
|
* app session id — provider-native ids never leave the backend.
|
|
* 2. Assign the next `seq` so clients can detect/replay gaps.
|
|
* 3. Buffer the event for `chat.subscribe` replay.
|
|
* 4. Flip the run to `completed` when the terminal `complete` event passes by.
|
|
*/
|
|
function decorateAndRecordEvent(run: ChatRun, message: NormalizedMessage): NormalizedMessage | null {
|
|
// Exactly-one-complete contract: when a run is aborted the chat handler
|
|
// emits the terminal `complete` immediately, but the killed runtime may
|
|
// still emit its own `complete` from its exit handler moments later.
|
|
// Whichever arrives first wins; the duplicate is dropped here.
|
|
if (message.kind === 'complete' && run.status === 'completed') {
|
|
return null;
|
|
}
|
|
|
|
run.lastSeq += 1;
|
|
|
|
const outbound: NormalizedMessage = {
|
|
...message,
|
|
sessionId: run.appSessionId,
|
|
seq: run.lastSeq,
|
|
};
|
|
|
|
if (message.kind === 'complete') {
|
|
// The provider may report its own id here; the frontend only ever knows
|
|
// the app id, so the "actual" id is by definition the app id as well.
|
|
outbound.actualSessionId = run.appSessionId;
|
|
run.status = 'completed';
|
|
run.completedAt = Date.now();
|
|
evictRunLater(run.appSessionId);
|
|
}
|
|
|
|
run.events.push(outbound);
|
|
if (run.events.length > MAX_BUFFERED_EVENTS_PER_RUN) {
|
|
run.events.splice(0, run.events.length - MAX_BUFFERED_EVENTS_PER_RUN);
|
|
}
|
|
|
|
return outbound;
|
|
}
|
|
|
|
/**
|
|
* Records the provider-native session id for a run and persists the
|
|
* app-id-to-provider-id mapping so history fetches and future resumes can
|
|
* address the provider transcript.
|
|
*
|
|
* Called from the gateway writer when the runtime either calls
|
|
* `setSessionId(...)` or emits its `session_created` event — whichever
|
|
* happens first wins; later calls with the same id are no-ops.
|
|
*/
|
|
function recordProviderSessionId(run: ChatRun, providerSessionId: string): void {
|
|
if (!providerSessionId || run.providerSessionId === providerSessionId) {
|
|
return;
|
|
}
|
|
|
|
run.providerSessionId = providerSessionId;
|
|
|
|
try {
|
|
sessionsDb.assignProviderSessionId(run.appSessionId, providerSessionId);
|
|
void broadcastCanonicalSessionUpsert(run.appSessionId).catch((error) => {
|
|
const message = error instanceof Error ? error.message : String(error);
|
|
console.error('[ChatRunRegistry] Failed to broadcast canonical session mapping', {
|
|
appSessionId: run.appSessionId,
|
|
providerSessionId,
|
|
error: message,
|
|
});
|
|
});
|
|
} catch (error) {
|
|
const message = error instanceof Error ? error.message : String(error);
|
|
console.error('[ChatRunRegistry] Failed to persist provider session id mapping', {
|
|
appSessionId: run.appSessionId,
|
|
providerSessionId,
|
|
error: message,
|
|
});
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Registry of live provider runs keyed by the stable app session id.
|
|
*
|
|
* The registry is what makes the websocket protocol provider-independent:
|
|
* every run gets a `ChatSessionWriter` that remaps provider-native session
|
|
* ids to the app id, assigns `seq` numbers, and buffers events for replay —
|
|
* regardless of which provider runtime produced them.
|
|
*/
|
|
export const chatRunRegistry = {
|
|
/**
|
|
* Starts tracking a run and returns it, or `null` when a run is already in
|
|
* progress for the session (callers must reject the duplicate send).
|
|
*/
|
|
startRun(input: {
|
|
appSessionId: string;
|
|
provider: LLMProvider;
|
|
providerSessionId: string | null;
|
|
connection: RealtimeClientConnection;
|
|
userId: string | number | null;
|
|
}): ChatRun | null {
|
|
const existing = runs.get(input.appSessionId);
|
|
if (existing && existing.status === 'running') {
|
|
return null;
|
|
}
|
|
|
|
const run: ChatRun = {
|
|
appSessionId: input.appSessionId,
|
|
provider: input.provider,
|
|
providerSessionId: input.providerSessionId,
|
|
status: 'running',
|
|
lastSeq: 0,
|
|
events: [],
|
|
writer: null as unknown as ChatSessionWriter,
|
|
startedAt: Date.now(),
|
|
completedAt: null,
|
|
};
|
|
|
|
run.writer = new ChatSessionWriter({
|
|
connection: input.connection,
|
|
userId: input.userId,
|
|
provider: input.provider,
|
|
providerSessionId: input.providerSessionId,
|
|
onProviderSessionId: (providerSessionId) => {
|
|
recordProviderSessionId(run, providerSessionId);
|
|
},
|
|
decorateOutboundEvent: (message) => decorateAndRecordEvent(run, message),
|
|
});
|
|
|
|
runs.set(input.appSessionId, run);
|
|
return run;
|
|
},
|
|
|
|
getRun(appSessionId: string): ChatRun | undefined {
|
|
return runs.get(appSessionId);
|
|
},
|
|
|
|
isProcessing(appSessionId: string): boolean {
|
|
return runs.get(appSessionId)?.status === 'running';
|
|
},
|
|
|
|
listRunningRuns(): Array<{
|
|
sessionId: string;
|
|
provider: LLMProvider;
|
|
startedAt: number;
|
|
lastSeq: number;
|
|
}> {
|
|
return Array.from(runs.values())
|
|
.filter((run) => run.status === 'running')
|
|
.map((run) => ({
|
|
sessionId: run.appSessionId,
|
|
provider: run.provider,
|
|
startedAt: run.startedAt,
|
|
lastSeq: run.lastSeq,
|
|
}));
|
|
},
|
|
|
|
/**
|
|
* Re-attaches a run's outbound stream to a (new) websocket connection.
|
|
*
|
|
* This is the generic replacement for the Claude-only writer reconnect:
|
|
* after a page refresh the new socket subscribes and immediately starts
|
|
* receiving the still-running stream, for every provider.
|
|
*/
|
|
attachConnection(appSessionId: string, connection: RealtimeClientConnection): boolean {
|
|
const run = runs.get(appSessionId);
|
|
if (!run) {
|
|
return false;
|
|
}
|
|
|
|
run.writer.updateWebSocket(connection);
|
|
return true;
|
|
},
|
|
|
|
/**
|
|
* Returns buffered events with `seq` greater than `afterSeq` for replay.
|
|
*
|
|
* An empty array with `run.lastSeq > afterSeq` not covered by the buffer
|
|
* means the buffer was truncated; the client should refresh over REST.
|
|
*/
|
|
replayEvents(appSessionId: string, afterSeq: number): NormalizedMessage[] {
|
|
const run = runs.get(appSessionId);
|
|
if (!run) {
|
|
return [];
|
|
}
|
|
|
|
return run.events.filter((event) => typeof event.seq === 'number' && event.seq > afterSeq);
|
|
},
|
|
|
|
/**
|
|
* Emits a synthetic terminal `complete` if (and only if) the run is still
|
|
* marked running. Used when a provider runtime throws or resolves without
|
|
* having produced its own terminal event, and by the abort path.
|
|
*/
|
|
completeRun(appSessionId: string, opts: { exitCode: number; aborted?: boolean }): void {
|
|
const run = runs.get(appSessionId);
|
|
if (!run || run.status !== 'running') {
|
|
return;
|
|
}
|
|
|
|
run.writer.sendComplete(opts);
|
|
},
|
|
|
|
/**
|
|
* Safety-net variant of `completeRun` scoped to one specific run: a no-op
|
|
* unless `run` is still the session's current, running run. A runtime
|
|
* promise can resolve after its own `complete` already streamed AND a new
|
|
* run has replaced it in the registry (a queued message sends within
|
|
* milliseconds of the previous turn ending) — the session-keyed
|
|
* `completeRun` would terminate that newer run.
|
|
*/
|
|
completeRunIfCurrent(run: ChatRun, opts: { exitCode: number; aborted?: boolean }): void {
|
|
if (runs.get(run.appSessionId) !== run || run.status !== 'running') {
|
|
return;
|
|
}
|
|
|
|
run.writer.sendComplete(opts);
|
|
},
|
|
|
|
/**
|
|
* Test-only escape hatch: clears every tracked run.
|
|
*/
|
|
clearAll(): void {
|
|
runs.clear();
|
|
},
|
|
};
|