* fix: don't overlap thinking banner over conversation * feat: support message queue and add attention indicator * fix(shell): use c to copy for claude * fix: strip timestamp tags from cursor * fix: select project when loading session from direct URL * feat: support attached images for all providers * feat(opencode): support permission options * fix: resolve source control and chat UX bugs - make staging real in the git panel: new /stage and /unstage endpoints, /status now reports the actual index via porcelain -z (handles renames, conflicts, and paths with spaces), and Stage/Unstage All run real git commands instead of toggling client-side state - add branch search to the header dropdown and Branches tab - persist the chosen permission mode per provider so a brand-new chat keeps it once the session id arrives, instead of reverting to default - replace cmdk's fuzzy model search with strict token matching so "chatgpt" no longer surfaces unrelated models - unit tests for the git status parser * feat(git): commit graph in history view and cross-spawn everywhere - render a VSCode-style commit graph in the source control history: lane-assignment algorithm, SVG strip with colored rails, merge and branch curves, commit dots, and branch/tag badges per commit - /commits returns parents and ref decorations across all branches (--branches --remotes --tags --topo-order) using unit-separator fields so pipes in commit subjects can't break parsing - collect stats via a single --shortstat pass instead of one `git show --stat` call per commit; raise the history limit to 50 - replace child_process spawn with cross-spawn in all runtimes, routes, and services: it resolves .cmd shims and PATHEXT on Windows (fixing taskmaster's npx invocations) and delegates to native spawn elsewhere, removing the per-file win32 ternaries - unit tests for the log parser and lane assignment * fix: remove gemini support since google discontinued it * fix: address code review findings - validate chat image attachments server-side: only files inside the ~/.cloudcli/assets upload store may reach provider file reads - harden asset serving with nosniff and attachment disposition for SVGs to prevent stored XSS - show the timestamp on image-only user messages - serialize git stage/unstage calls and defer the status re-sync so rapid toggles can't interleave or flicker - use a literal hex fallback for commit ref badges (alpha suffix on a var() string produced invalid CSS) - stop binding a URL session to a guening project instead - add the missing attentionRequiredIndicator key to all sidebar locales - clean up dangling conjunctions left the de/ru/tr/ja/zh-CN/zh-TW READMEs * fix: address code scanning findings - enforce a second image trust boundary in the provider builders: buildClaudeUserContent/buildCodexInputItems only accept files inside the upload store or the run's working directory (CodeQL path injection) - drop an always-true selectedProject check in handleSubmit - remove the unused resume option from spawnCursor * fix: use CodeQL-recognized containment check for image reads Replace the path.relative guard in isPathInsideDirectory with the resolve + startsWith(root + sep) idiom so the path-injection barrier is visible to code scanning; behavior is unchanged. * fix(security): canonicalize Claude image attachment reads Resolve image attachment paths with realpath before reading so symlinks inside allowed roots cannot escape to arbitrary files. Preserve support for symlinked project/upload roots and add focused coverage for both cases. * fix: show agent subtask * fix(sessions): title app-created sessions from the first user message App-created sessions (started by sending a message from cloudcli) were titled with placeholder names — "Untitled Codex Session" from the disk indexer and, briefly, "New session" from the empty canonical upsert — before a later sync finally settled on the right text, causing the sidebar title to flicker. - Codex/OpenCode synchronizers now title app-created sessions (distinct app id mapped to a provider id) from the first user message, while sessions found purely by indexing keep their existing setup. Claude keeps its AI-generated titles; Cursor already used the first message. - Decode OpenCode's JSON-string-literal prompts so titles no longer surface wrapped in quotes; hoist unwrapJsonStringLiteral into shared/utils since it's now used by both the reader and synchronizer. - Guard the sidebar upsert merge so an empty summary can never blank out a title that is already set. - Add codex/opencode synchronizer tests for the app-created vs indexed naming paths. * fix(chat): make message queuing reliable across sessions and turn boundaries Queued messages had four related defects: - A queued message flashed and then vanished at flush time: concurrent transcript refreshes (the `complete` handler racing the watcher-triggered update) could resolve out of order, letting a stale response overwrite newer server messages after the optimistic row was pruned. Session slots now carry a monotonic fetch ticket and discard stale fetch/refresh/ fetchMore responses. - Switching sessions flushed the previous session's queued draft into the newly viewed one (sending it with the wrong provider's settings, e.g. a Claude model into a Codex session). The composer flush is now scoped to its session, and a draft restored into an idle session sends after a short grace period so a live-run ack can cancel it. - The thinking banner never appeared for a queued turn: the chat handler's session-keyed completeRun safety net could fire after a queued message had already started the session's next run, emitting a spurious `complete` that killed it. The safety net is now scoped to its own run via completeRunIfCurrent (with a regression test). - Queued messages only sent while their session was being viewed. Drafts now persist their send options (model, effort, permissions) at queue time, and a new app-level useQueuedMessageAutoSend hook dispatches a non-viewed session's queued message as soon as its run completes, using the storage key as the claim ticket to prevent double sends.
WebSocket Module
This module owns the server-side WebSocket gateway used by:
- Chat streaming (
/ws) - Interactive terminal sessions (
/shell) - Plugin WebSocket passthrough (
/plugin-ws/:pluginName)
It is intentionally structured as small services plus a barrel export in index.ts.
Public API
server/modules/websocket/index.ts exports:
createWebSocketServer(server, dependencies)
Creates and wires the sharedwsserver.connectedClientsandWS_OPEN_STATE
Shared chat client registry and open-state constant used by other modules.
Why Dependency Injection Is Used
The module receives runtime-specific functions from server/index.js instead of importing legacy runtime files directly.
Benefits:
- Keeps module boundaries clean (
server/modules/*architecture rule). - Makes each service easier to test in isolation.
- Keeps WebSocket transport concerns separate from provider runtime concerns.
Service Map
| File | Responsibility |
|---|---|
services/websocket-server.service.ts |
Creates WebSocketServer, binds verifyClient, routes connection by pathname |
services/websocket-auth.service.ts |
Authenticates upgrade requests and attaches request.user |
services/chat-websocket.service.ts |
Handles the /ws chat protocol (chat.send / chat.abort / chat.subscribe / chat.permission-response) |
services/chat-run-registry.service.ts |
Tracks live provider runs per app session id: seq numbering, event replay buffer, provider-id mapping, completion state |
services/chat-session-writer.service.ts |
Gateway writer handed to provider runtimes: remaps provider session ids to app ids, swallows session_created, assigns seq |
services/shell-websocket.service.ts |
Handles /shell PTY lifecycle, reconnect buffering, auth URL detection |
services/plugin-websocket-proxy.service.ts |
Bridges client socket to plugin socket |
services/websocket-writer.service.ts |
Adapts raw WebSocket to writer interface (send, setSessionId, getSessionId) for non-chat writer consumers |
services/websocket-state.service.ts |
Holds shared chat client set and open-state constant |
High-Level Architecture
flowchart LR
A[HTTP Server] --> B[createWebSocketServer]
B --> C[verifyWebSocketClient]
B --> D{Pathname}
D -->|/ws| E[handleChatConnection]
D -->|/shell| F[handleShellConnection]
D -->|/plugin-ws/:name| G[handlePluginWsProxy]
D -->|other| H[close()]
E --> I[connectedClients Set]
E --> J[chatRunRegistry + ChatSessionWriter]
F --> K[ptySessionsMap]
G --> L[Upstream Plugin ws://127.0.0.1:port/ws]
I --> M[projects.service loading_progress]
I --> N[sessions-watcher.service session_upserted]
Connection Handshake + Routing
sequenceDiagram
participant Client
participant WSS as WebSocketServer
participant Auth as verifyWebSocketClient
participant Router as connection router
participant Chat as /ws handler
participant Shell as /shell handler
participant Proxy as /plugin-ws handler
Client->>WSS: Upgrade Request
WSS->>Auth: verifyClient(info)
alt Platform mode
Auth->>Auth: authenticateWebSocket(null)
Auth->>Auth: attach request.user
else OSS mode
Auth->>Auth: read token from ?token or Authorization
Auth->>Auth: authenticateWebSocket(token)
Auth->>Auth: attach request.user
end
alt Auth failed
Auth-->>WSS: false (reject handshake)
else Auth ok
Auth-->>WSS: true
WSS->>Router: on("connection", ws, request)
alt pathname == /ws
Router->>Chat: handleChatConnection(ws, request, deps.chat)
else pathname == /shell
Router->>Shell: handleShellConnection(ws, deps.shell)
else pathname startsWith /plugin-ws/
Router->>Proxy: handlePluginWsProxy(ws, pathname, getPluginPort)
else unknown
Router->>Router: ws.close()
end
end
/ws Chat Flow
When a chat socket connects:
- Add socket to
connectedClients. - Parse each incoming message with
parseIncomingJsonObject. - Dispatch by
data.type(four message types, none provider-specific). - On close, remove socket from
connectedClients.
Session identity model
The frontend only ever knows the app session id (allocated by
POST /api/providers/sessions or discovered via the session index). The
provider-native id (JSONL file name, CLI resume id) stays inside the backend:
chat.sendresolves the app id to{ provider, provider_session_id, project_path }from the sessions DB.- The provider runtime receives the provider-native id for resume.
- The
ChatSessionWriterremaps every outbound event back to the app id, and turnssession_createdannouncements into a DB mapping update instead of forwarding them.
Chat Message Dispatch
flowchart TD
A[Incoming WS message] --> B[parseIncomingJsonObject]
B -->|invalid| C[send kind:protocol_error]
B -->|ok| D{data.type}
D -->|chat.send| E[resolve session row -> startRun -> spawnFns provider]
D -->|chat.abort| F[abortFns provider + synthetic complete]
D -->|chat.subscribe| G[chat_subscribed ack + attach socket + replay events seq > lastSeq]
D -->|chat.permission-response| H[resolveToolApproval]
D -->|other| I[send kind:protocol_error]
Chat Notes
- Unified envelope: every server-to-client frame carries a
kind— either a providerNormalizedMessagekind or a gateway kind (chat_subscribed,session_upserted,loading_progress,protocol_error). There is no secondtype-based protocol. - Unified terminal lifecycle: every provider run ends with exactly one
completemessage built bycreateCompleteMessage()(server/shared/utils.ts):{ kind: "complete", sessionId, actualSessionId, exitCode, success, aborted }. The chat handler emits a syntheticcompletefor runs that crash or get aborted, and the run registry drops duplicate completes. - Per-run event log: every live event gets a monotonically increasing
seq.chat.subscribe { sessions: [{ sessionId, lastSeq }] }re-attaches the live stream to the requesting socket (any provider, not just Claude) and replays events withseq > lastSeq. If the buffer no longer coverslastSeq, the client refreshes over REST. chat_subscribedincludesisProcessing(replacescheck-session-status) andpendingPermissions(replacesget-pending-permissions).
/shell Terminal Flow
The shell handler manages persistent PTY sessions keyed by:
<projectPath>_<sessionIdOrDefault>[_cmd_<hash>]
This enables reconnect behavior and isolates command-specific plain-shell sessions.
Shell Lifecycle
stateDiagram-v2
[*] --> WaitingInit
WaitingInit --> ValidateInit: message.type == init
ValidateInit --> ReconnectExisting: session key exists and not login reset
ValidateInit --> SpawnNewPTY: valid path + valid sessionId
ValidateInit --> EmitError: invalid payload/path/sessionId
ReconnectExisting --> Running: attach ws, replay buffer
SpawnNewPTY --> Running: pty.spawn + wire onData/onExit
Running --> Running: input -> pty.write
Running --> Running: resize -> pty.resize
Running --> Running: onData -> buffer + output + auth_url detection
Running --> Exited: onExit
Running --> Detached: ws close
Detached --> Running: reconnect before timeout
Detached --> Killed: timeout reached -> pty.kill
Exited --> [*]
Killed --> [*]
EmitError --> WaitingInit
Shell Behaviors in Detail
init: ReadsprojectPath,sessionId,provider,hasSession,initialCommand,isPlainShell.- Login reset: For login-like commands, existing keyed PTY session is killed and recreated.
- Validation:
Path must exist and be a directory;
sessionIdmust match safe pattern. - Command build: Provider-specific command construction with resume semantics.
- PTY output buffering: Stores up to 5000 chunks for replay on reconnect.
- URL detection:
Strips ANSI, accumulates text buffer, extracts URLs, emits
auth_urlonce per normalized URL, supportsautoOpen. - Close behavior: Socket disconnect does not instantly kill PTY; session is kept alive and terminated on timeout.
/plugin-ws/:pluginName Proxy Flow
sequenceDiagram
participant Client
participant Proxy as handlePluginWsProxy
participant PM as getPluginPort
participant Upstream as Plugin WS
Client->>Proxy: Connect /plugin-ws/:name
Proxy->>Proxy: Validate pluginName regex
alt Invalid name
Proxy-->>Client: close(4400, "Invalid plugin name")
else Valid
Proxy->>PM: getPluginPort(name)
alt Plugin not running
Proxy-->>Client: close(4404, "Plugin not running")
else Port found
Proxy->>Upstream: new WebSocket(ws://127.0.0.1:port/ws)
Client-->>Upstream: relay messages bidirectionally
Upstream-->>Client: relay messages bidirectionally
Upstream-->>Client: close propagation
Client-->>Upstream: close propagation
Upstream-->>Client: close(4502, "Upstream error") on upstream error
end
end
Shared Client Registry and Broadcasts
Only chat sockets (/ws) are tracked in connectedClients.
That shared set is consumed by:
modules/projects/services/projects-with-sessions-fetch.service.tsBroadcastskind: loading_progresswhile project snapshots are being built.modules/providers/services/sessions-watcher.service.tsBroadcasts per-sessionkind: session_upserteddeltas when provider session artifacts change (no full project snapshots).
This design centralizes cross-module realtime fanout without requiring route-local references to WebSocket internals.
Writer Adapter (WebSocketWriter)
WebSocketWriter normalizes chat transport behavior to match existing writer-style interfaces used elsewhere.
Methods:
send(data)
JSON-serializes and sends only if socket is open.setSessionId(sessionId)/getSessionId()
Supports provider session bookkeeping and resume flows.updateWebSocket(newRawWs)
Allows active session stream redirection on reconnect.
Error Handling and Close Codes
Current explicit close codes in this module:
4400: Invalid plugin name4404: Plugin not running4502: Upstream plugin WebSocket error
Other errors:
- Chat handler catches and emits
{ kind: "protocol_error", code, error }. - Shell handler catches and writes terminal-visible error output.
- Unknown websocket paths are closed immediately.
Extending This Module
To add a new websocket route:
- Add a new handler service under
services/. - Extend
WebSocketServerDependenciesinwebsocket-server.service.tsif needed. - Add a new pathname branch in the router.
- Wire dependency injection from
server/index.js. - Keep
index.tsas barrel-only export surface.