mbeditor 0.1.5 → 0.1.6

data/app/controllers/mbeditor/editors_controller.rb

@@ -36,7 +36,8 @@ module Mbeditor
         rubocopAvailable: rubocop_available?,
         hamlLintAvailable: haml_lint_available?,
         gitAvailable: git_available?,
-        blameAvailable: git_blame_available?
+        blameAvailable: git_blame_available?,
+        redmineEnabled: Mbeditor.configuration.redmine_enabled == true
       }
     end
 
@@ -54,8 +55,10 @@ module Mbeditor
       else
         render json: {}
       end
-    rescue StandardError
+    rescue Errno::ENOENT
       render json: {}
+    rescue StandardError => e
+      render json: { error: e.message }, status: :unprocessable_entity
     end
 
     # POST /mbeditor/state — save workspace state
@@ -110,7 +113,10 @@ module Mbeditor
       return render json: { error: "Forbidden" }, status: :forbidden unless path
       return render json: { error: "Cannot write to this path" }, status: :forbidden if path_blocked_for_operations?(path)
 
-      File.write(path, params[:code])
+      content = params[:code].to_s
+      return render_file_too_large(content.bytesize) if content.bytesize > MAX_OPEN_FILE_SIZE_BYTES
+
+      File.write(path, content)
       render json: { ok: true, path: relative_path(path) }
     rescue StandardError => e
       render json: { error: e.message }, status: :unprocessable_entity
@@ -123,8 +129,11 @@ module Mbeditor
       return render json: { error: "Cannot create file in this path" }, status: :forbidden if path_blocked_for_operations?(path)
       return render json: { error: "File already exists" }, status: :unprocessable_entity if File.exist?(path)
 
+      content = params[:code].to_s
+      return render_file_too_large(content.bytesize) if content.bytesize > MAX_OPEN_FILE_SIZE_BYTES
+
       FileUtils.mkdir_p(File.dirname(path))
-      File.write(path, params[:code].to_s)
+      File.write(path, content)
 
       render json: { ok: true, type: "file", path: relative_path(path), name: File.basename(path) }
     rescue StandardError => e
@@ -188,6 +197,7 @@ module Mbeditor
     def search
       query = params[:q].to_s.strip
       return render json: [] if query.blank?
+      return render json: { error: "Query too long" }, status: :bad_request if query.length > 500
 
       results = []
       cmd = if RG_AVAILABLE
@@ -205,6 +215,8 @@ module Mbeditor
       if RG_AVAILABLE
         output, = Open3.capture2(*cmd)
         output.lines.each do |line|
+          break if results.length > 30
+
           data = JSON.parse(line) rescue next
           next unless data["type"] == "match"
 
@@ -217,7 +229,9 @@ module Mbeditor
         end
       else
         output, = Open3.capture2(*cmd)
-        output.lines.first(50).each do |line|
+        output.lines.each do |line|
+          break if results.length > 30
+
           line.chomp!
           next unless line =~ /\A(.+?):(\d+):(.*)\z/
 
@@ -232,7 +246,8 @@ module Mbeditor
         end
       end
 
-      render json: results
+      capped = results.length > 30
+      render json: { results: results.first(30), capped: capped }
     rescue StandardError => e
       render json: { error: e.message }, status: :unprocessable_entity
     end
@@ -266,6 +281,7 @@ module Mbeditor
 
       upstream_output, upstream_status = Open3.capture2("git", "-C", repo, "rev-parse", "--abbrev-ref", "--symbolic-full-name", "@{u}")
       upstream_branch = upstream_status.success? ? upstream_output.strip : nil
+      upstream_branch = nil unless upstream_branch&.match?(%r{\A[\w./-]+\z})
 
       ahead_count = 0
       behind_count = 0
@@ -357,9 +373,11 @@ module Mbeditor
       markers = offenses.map do |offense|
         {
           severity: cop_severity(offense["severity"]),
+          copName: offense["cop_name"],
+          correctable: offense["correctable"] == true,
           message: "[#{offense['cop_name']}] #{offense['message']}",
           startLine: offense.dig("location", "start_line") || offense.dig("location", "line"),
-          startCol: (offense.dig("location", "start_column") || offense.dig("location", "column") || 1) - 1,
+          startCol: offense.dig("location", "start_column") || offense.dig("location", "column") || 1,
           endLine: offense.dig("location", "last_line") || offense.dig("location", "line"),
           endCol: offense.dig("location", "last_column") || offense.dig("location", "column") || 1
         }
@@ -370,6 +388,54 @@ module Mbeditor
       render json: { error: e.message, markers: [] }, status: :unprocessable_entity
     end
 
+    # POST /mbeditor/quick_fix — autocorrect the buffer with rubocop -A and return the diff as a text edit
+    #
+    # Runs a full `rubocop -A` pass on the in-memory buffer content (not the file
+    # on disk). Using a full pass (rather than --only <cop>) means coupled cops
+    # like Layout/EmptyLineAfterMagicComment are also applied in the same round,
+    # so the result is always a clean, lint-passing state. The minimal line diff
+    # returned to Monaco keeps the edit tight.
+    #
+    # Params:
+    #   path     - workspace-relative file path (used to derive the filename for rubocop)
+    #   code     - current file content as a string
+    #   cop_name - the cop the user clicked on (used only for the action label; not passed to rubocop)
+    #
+    # Returns:
+    #   { fix: { startLine, startCol, endLine, endCol, replacement } }
+    #   or { fix: null } when rubocop produced no change
+    def quick_fix
+      path = resolve_path(params[:path])
+      return render json: { error: "Forbidden" }, status: :forbidden unless path
+
+      cop_name = params[:cop_name].to_s.strip
+      return render json: { error: "cop_name required" }, status: :unprocessable_entity if cop_name.empty?
+      return render json: { error: "Invalid cop name" }, status: :unprocessable_entity unless cop_name.match?(/\A[\w\/]+\z/)
+
+      code = params[:code].to_s
+      ext  = File.extname(File.basename(path))
+
+      Tempfile.create(["mbeditor_fix", ext]) do |tmp|
+        tmp.write(code)
+        tmp.flush
+
+        cmd = rubocop_command + ["--no-server", "--cache", "false", "-A", "--no-color", tmp.path]
+        env = { 'RUBOCOP_CACHE_ROOT' => File.join(Dir.tmpdir, 'rubocop') }
+        _out, _err, status = Open3.capture3(env, *cmd)
+
+        # exit 0 = no offenses, exit 1 = offenses corrected, exit 2 = error
+        unless status.success? || status.exitstatus == 1
+          return render json: { fix: nil }
+        end
+
+        corrected = File.read(tmp.path, encoding: "UTF-8", invalid: :replace, undef: :replace)
+        fix = compute_text_edit(code, corrected)
+        render json: { fix: fix }
+      end
+    rescue StandardError => e
+      render json: { error: e.message }, status: :unprocessable_entity
+    end
+
     # POST /mbeditor/format — rubocop -A then return corrected content
     def format_file
       path = resolve_path(params[:path])
@@ -442,14 +508,14 @@ module Mbeditor
       output = +""
       timed_out = false
 
-      Open3.popen3(env, *cmd) do |stdin, stdout, _stderr, wait_thr|
+      Open3.popen3(env, *cmd, pgroup: true) do |stdin, stdout, _stderr, wait_thr|
         stdin.write(stdin_data)
         stdin.close
 
         timer = Thread.new do
           sleep RUBOCOP_TIMEOUT_SECONDS
           timed_out = true
-          Process.kill('KILL', wait_thr.pid)
+          Process.kill('-KILL', wait_thr.pid)
         rescue Errno::ESRCH
           nil
         end
@@ -472,6 +538,50 @@ module Mbeditor
       end
     end
 
+    # Given the original source string and the autocorrected source string, find
+    # the smallest single edit that transforms original into corrected.  Returns a
+    # hash suitable for Monaco's SingleEditOperation, or nil when there is no diff.
+    #
+    # The strategy is line-level: find the first and last line that differ, then
+    # slice out that region from both versions and return it as one replacement.
+    def compute_text_edit(original, corrected)
+      return nil if original == corrected
+
+      orig_lines = original.split("\n", -1)
+      corr_lines = corrected.split("\n", -1)
+
+      max_len = [orig_lines.length, corr_lines.length].max
+
+      first_diff = (0...max_len).find { |i| orig_lines[i] != corr_lines[i] }
+      return nil if first_diff.nil?
+
+      # Walk from the end to find the last differing line (mirror-image of above)
+      last_diff_orig = orig_lines.length - 1
+      last_diff_corr = corr_lines.length - 1
+      # Use strict > so we never walk past first_diff (which would make last_diff_orig negative
+      # and cause Ruby's negative-index wraparound to silently return the wrong element).
+      while last_diff_orig > first_diff && last_diff_corr > first_diff &&
+            orig_lines[last_diff_orig] == corr_lines[last_diff_corr]
+        last_diff_orig -= 1
+        last_diff_corr -= 1
+      end
+
+      # Monaco ranges are 1-based; endColumn one past the last char covers the full line content.
+      start_line = first_diff + 1
+      end_line   = last_diff_orig + 1
+      end_col    = (orig_lines[last_diff_orig] || "").length + 1  # 1-based: one past last char
+
+      replacement = corr_lines[first_diff..last_diff_corr].join("\n")
+
+      {
+        startLine: start_line,
+        startCol:  1,
+        endLine:   end_line,
+        endCol:    end_col,
+        replacement: replacement
+      }
+    end
+
     def rubocop_command
       command = Mbeditor.configuration.rubocop_command.to_s.strip
       command = "rubocop" if command.empty?
@@ -648,7 +758,7 @@ module Mbeditor
     def render_file_too_large(size)
       render json: {
         error: "File is too large to open (#{human_size(size)}). Limit is #{human_size(MAX_OPEN_FILE_SIZE_BYTES)}."
-      }, status: :payload_too_large
+      }, status: :content_too_large
     end
 
     def human_size(bytes)

data/app/controllers/mbeditor/git_controller.rb

@@ -20,11 +20,18 @@ module Mbeditor
       file = require_file_param
       return unless file
 
+      base = params[:base].presence
+      head = params[:head].presence
+      valid_sha = /\A[0-9a-fA-F]{1,40}\z/
+      if [base, head].any? { |s| s && !s.match?(valid_sha) }
+        return render json: { error: 'Invalid sha' }, status: :bad_request
+      end
+
       result = GitDiffService.new(
         repo_path: workspace_root,
-        file_path:  file,
-        base_sha:   params[:base].presence,
-        head_sha:   params[:head].presence
+        file_path: file,
+        base_sha: base,
+        head_sha: head
       ).call
 
       render json: result
@@ -128,6 +135,7 @@ module Mbeditor
           "rev-parse", "--abbrev-ref", "--symbolic-full-name", "@{u}"
         )
         upstream = upstream_status.success? ? upstream_out.strip : nil
+        upstream = nil unless upstream&.match?(%r{\A[\w./-]+\z})
         if upstream.present?
           out, status = Open3.capture2("git", "-C", workspace_root.to_s, "diff", "#{upstream}..HEAD")
           out = status.success? ? out : ""
@@ -144,9 +152,11 @@ module Mbeditor
     # GET /mbeditor/redmine/issue/:id
     def redmine_issue
       unless Mbeditor.configuration.redmine_enabled
-        return render json: { error: "Redmine integration is disabled." }, status: :service_unavailable
+        return render json: { error: 'Redmine integration is disabled.' }, status: :service_unavailable
       end
 
+      return render json: { error: 'Invalid issue id' }, status: :bad_request unless params[:id].to_s.match?(/\A\d+\z/)
+
       result = RedmineService.new(issue_id: params[:id]).call
       render json: result
     rescue RedmineDisabledError => e

data/app/services/mbeditor/git_service.rb

@@ -9,6 +9,11 @@ module Mbeditor
   module GitService
     module_function
 
+    # Safe pattern for git ref names (branch, remote/branch, tag).
+    # Rejects refs containing whitespace, NUL, shell metacharacters, or
+    # git reflog syntax (e.g. "@{" sequences beyond the trailing "@{u}").
+    SAFE_GIT_REF = %r{\A[\w./-]+\z}
+
     # Run an arbitrary git command inside +repo_path+.
     # Returns [stdout, Process::Status].
     def run_git(repo_path, *args)
@@ -23,14 +28,19 @@ module Mbeditor
     end
 
     # Upstream tracking branch for the current branch, e.g. "origin/main".
+    # Returns nil if the branch name contains characters outside SAFE_GIT_REF.
     def upstream_branch(repo_path)
       out, status = run_git(repo_path, "rev-parse", "--abbrev-ref", "--symbolic-full-name", "@{u}")
-      status.success? ? out.strip : nil
+      return nil unless status.success?
+
+      ref = out.strip
+      ref.match?(SAFE_GIT_REF) ? ref : nil
     end
 
     # Returns [ahead_count, behind_count] relative to upstream, or [0,0].
     def ahead_behind(repo_path, upstream)
       return [0, 0] if upstream.blank?
+      return [0, 0] unless upstream.match?(SAFE_GIT_REF)
 
       out, status = run_git(repo_path, "rev-list", "--left-right", "--count", "HEAD...#{upstream}")
       return [0, 0] unless status.success?

data/app/views/layouts/mbeditor/application.html.erb

@@ -48,7 +48,11 @@
   <script>
     window.MonacoEnvironment = {
       getWorkerUrl: function(workerId, label) {
-        return (window.MBEDITOR_BASE_PATH || '') + '/monaco_worker.js';
+        var base = window.MBEDITOR_BASE_PATH || '';
+        if (label === 'typescript' || label === 'javascript') {
+          return base + '/ts_worker.js';
+        }
+        return base + '/monaco_worker.js';
       }
     };
 

data/config/routes.rb

@@ -22,6 +22,7 @@ Mbeditor::Engine.routes.draw do
   get    'monaco-editor/*asset_path',       to: 'editors#monaco_asset', format: false
   get    'min-maps/*asset_path',            to: 'editors#monaco_asset', format: false
   post   'lint',            to: 'editors#lint'
+  post   'quick_fix',       to: 'editors#quick_fix'
   post   'format',          to: 'editors#format_file'
 
   # ── Git & Code Review ──────────────────────────────────────────────────────

data/lib/mbeditor/rack/silence_ping_request.rb

@@ -1,17 +1,22 @@
 # frozen_string_literal: true
 
 require "active_support/logger_silence"
+require "uri"
 
 module Mbeditor
   module Rack
-    # Silence periodic editor heartbeats so development logs stay readable.
+    # Silence editor traffic so development logs stay readable, while leaving
+    # the initial GET to the engine root visible as a signal that a developer
+    # opened Mbeditor.
     class SilencePingRequest
       def initialize(app)
         @app = app
       end
 
       def call(env)
-        if ping_request?(env)
+        if root_request?(env)
+          @app.call(env)
+        elsif mbeditor_request?(env)
           Rails.logger.silence { @app.call(env) }
         else
           @app.call(env)
@@ -20,10 +25,19 @@ module Mbeditor
 
       private
 
-      def ping_request?(env)
-        env["REQUEST_METHOD"] == "GET" &&
-          env["HTTP_X_MBEDITOR_CLIENT"] == "1" &&
-          env["PATH_INFO"].to_s.end_with?("/ping")
+      def mbeditor_request?(env)
+        normalized_request_path(env).start_with?("/mbeditor/")
+      end
+
+      def root_request?(env)
+        env["REQUEST_METHOD"] == "GET" && normalized_request_path(env) == "/mbeditor"
+      end
+
+      def normalized_request_path(env)
+        path = "#{env["SCRIPT_NAME"]}#{env["PATH_INFO"]}"
+        path = env["PATH_INFO"].to_s if path.empty?
+        path = "/" if path.empty?
+        path.chomp("/")
       end
     end
   end

data/lib/mbeditor/version.rb

@@ -1,3 +1,3 @@
 module Mbeditor
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 end

data/public/ts_worker.js

@@ -0,0 +1,5 @@
+const workerPath = self.location.pathname;
+const basePath = workerPath.replace(/\/ts_worker\.js$/, "");
+
+self.MonacoEnvironment = { baseUrl: `${basePath}/monaco-editor/` };
+importScripts(`${basePath}/monaco-editor/vs/base/worker/workerMain.js`);

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mbeditor
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Oliver Noonan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-24 00:00:00.000000000 Z
+date: 2026-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -132,6 +132,7 @@ files:
 - public/monaco-editor/vs/nls.messages.zh-cn.js
 - public/monaco-editor/vs/nls.messages.zh-tw.js
 - public/monaco_worker.js
+- public/ts_worker.js
 - vendor/assets/javascripts/axios.min.js
 - vendor/assets/javascripts/lodash.min.js
 - vendor/assets/javascripts/marked.min.js