@blackbelt-technology/pi-agent-dashboard 0.4.5 → 0.5.0

package/packages/extension/src/markdown-image-inliner.ts

@@ -0,0 +1,268 @@
+/**
+ * Markdown image inliner for the bridge.
+ *
+ * Scans assistant message text for fully-closed `![alt](src)` markdown image
+ * tokens, reads any local-path file references, hashes the bytes, and
+ * rewrites the token to `![alt](pi-asset:<hash>)`. Bytes ride out of band
+ * via `asset_register` events (one per unique hash per session). The text
+ * itself only ever carries the short `pi-asset:<hash>` token, keeping
+ * streaming `message_update` events bandwidth-bounded.
+ *
+ * The core helper `inlineMessageText` is **pure** — all I/O is delegated to
+ * the injected `readFile` callback so tests can drive every branch with
+ * memory fixtures. The bridge wires `readFile = node:fs.readFileSync` plus
+ * a per-session `alreadyEmitted: Set<string>` of hashes already shipped.
+ *
+ * See change: chat-markdown-local-images-and-math.
+ */
+import { createHash } from "node:crypto";
+import path from "node:path";
+
+/** Per-image hard cap (decision D8). */
+export const MAX_PER_IMAGE_BYTES = 5 * 1024 * 1024;
+/** Per-message cumulative cap on **newly-inlined** asset bytes (decision D8). */
+export const MAX_PER_MESSAGE_BYTES = 20 * 1024 * 1024;
+
+/** MIME allowlist keyed by lowercased extension. Decision D8. */
+const MIME_BY_EXT: Record<string, string> = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".avif": "image/avif",
+  ".bmp": "image/bmp",
+};
+
+/** Matches a fully-closed `![alt](src)` markdown image token. */
+const IMAGE_TOKEN_RE = /!\[([^\]\n]*)\]\(([^)\n\s]+)\)/g;
+
+export interface ParsedImageToken {
+  /** The full original `![alt](src)` substring. */
+  token: string;
+  alt: string;
+  src: string;
+  /** Start offset within the input text. */
+  index: number;
+  length: number;
+}
+
+/**
+ * Find every fully-closed `![alt](src)` token in `text`. Partial tokens
+ * (e.g. `![alt](/path/x` without closing `)`) are NOT returned — the
+ * regex requires the closing paren. Tokens spanning newlines are NOT
+ * returned (markdown doesn't allow newlines inside the URL portion).
+ */
+export function parseImageTokens(text: string): ParsedImageToken[] {
+  const out: ParsedImageToken[] = [];
+  let match: RegExpExecArray | null;
+  IMAGE_TOKEN_RE.lastIndex = 0;
+  while ((match = IMAGE_TOKEN_RE.exec(text)) !== null) {
+    out.push({
+      token: match[0],
+      alt: match[1] ?? "",
+      src: match[2] ?? "",
+      index: match.index,
+      length: match[0].length,
+    });
+  }
+  return out;
+}
+
+/**
+ * Returns true iff `src` looks like a local filesystem path (i.e. NOT an
+ * already-resolved web URL, data URL, blob URL, fragment, or pre-rewritten
+ * `pi-asset:<hash>` token). Idempotency hinges on `pi-asset:` returning
+ * `false` here.
+ */
+export function isLocalSrc(src: string): boolean {
+  if (!src) return false;
+  if (src.startsWith("data:")) return false;
+  if (src.startsWith("blob:")) return false;
+  if (src.startsWith("http://")) return false;
+  if (src.startsWith("https://")) return false;
+  if (src.startsWith("pi-asset:")) return false;
+  if (src.startsWith("#")) return false;
+  // `file://` prefix — treat the rest as a local path.
+  return true;
+}
+
+/**
+ * Resolve `src` to an absolute path against `cwd`. `file://` prefix is
+ * stripped. Absolute paths pass through. Relative paths resolve against
+ * `cwd`.
+ */
+export function resolveLocalPath(src: string, cwd: string): string {
+  let raw = src;
+  if (raw.startsWith("file://")) raw = raw.slice("file://".length);
+  if (path.isAbsolute(raw)) return raw;
+  return path.resolve(cwd, raw);
+}
+
+/**
+ * Detect MIME from the file extension (case-insensitive). Returns null
+ * if the extension is not in the image allowlist.
+ */
+export function mimeFromExtension(filePath: string): string | null {
+  const ext = path.extname(filePath).toLowerCase();
+  return MIME_BY_EXT[ext] ?? null;
+}
+
+/**
+ * Hash file bytes to a 16-hex-char identifier (sha256 truncated). Decision D4.
+ */
+export function hashBytes(buf: Buffer): string {
+  return createHash("sha256").update(buf).digest("hex").slice(0, 16);
+}
+
+/** Format a byte count to a one-decimal MB string for placeholder text. */
+function formatMB(bytes: number): string {
+  return (bytes / (1024 * 1024)).toFixed(1);
+}
+
+/** Bridge-side per-file read result; thin enough to mock in tests. */
+export interface ReadFileResult {
+  ok: true;
+  bytes: Buffer;
+}
+export interface ReadFileError {
+  ok: false;
+  /** Use ENOENT/EACCES/EISDIR/EOTHER. EACCES is folded into ENOENT in placeholder text. */
+  kind: "ENOENT" | "EACCES" | "EISDIR" | "EOTHER";
+}
+export type ReadFileOutcome = ReadFileResult | ReadFileError;
+
+export interface InlineOptions {
+  /** Synchronous file-read callback. Bridge wires this to `node:fs.readFileSync` + `fs.statSync`. */
+  readFile: (absolutePath: string) => ReadFileOutcome;
+  /** Working directory used to resolve relative srcs. */
+  cwd: string;
+  /**
+   * Per-session set of hashes for which an `asset_register` has already been
+   * emitted. The inliner checks-then-adds so dedup is automatic across
+   * multiple message events within the same session.
+   */
+  alreadyEmitted: Set<string>;
+  /** Override the per-image cap. Default `MAX_PER_IMAGE_BYTES`. */
+  maxPerImageBytes?: number;
+  /** Override the per-message cap. Default `MAX_PER_MESSAGE_BYTES`. */
+  maxPerMessageBytes?: number;
+}
+
+export interface AssetToEmit {
+  hash: string;
+  mimeType: string;
+  /** Base64-encoded bytes ready for the `asset_register` message. */
+  data: string;
+}
+
+export interface InlineResult {
+  /** The rewritten text with every applicable token replaced. */
+  rewritten: string;
+  /** Newly-discovered assets to emit BEFORE the message_update / message_end. */
+  assetsToEmit: AssetToEmit[];
+}
+
+/**
+ * Pure inliner. Scans `text` for image tokens; rewrites local-path tokens
+ * either to `![alt](pi-asset:<hash>)` (success) or to a visible placeholder
+ * text (file too large / unsupported MIME / read error / message budget
+ * exhausted). Tokens with web/data/blob/pi-asset/# srcs pass through
+ * unchanged. Idempotent — re-running on already-rewritten text yields the
+ * same output (because `pi-asset:` returns `false` from `isLocalSrc`).
+ */
+export function inlineMessageText(text: string, opts: InlineOptions): InlineResult {
+  const tokens = parseImageTokens(text);
+  if (tokens.length === 0) {
+    return { rewritten: text, assetsToEmit: [] };
+  }
+
+  const maxPerImage = opts.maxPerImageBytes ?? MAX_PER_IMAGE_BYTES;
+  const maxPerMessage = opts.maxPerMessageBytes ?? MAX_PER_MESSAGE_BYTES;
+
+  const assetsToEmit: AssetToEmit[] = [];
+  let bytesInThisMessage = 0;
+
+  // Build the rewritten string by stitching segments separated by token
+  // replacements. Walk tokens left-to-right; tokens that pass through
+  // unchanged keep their original substring.
+  const out: string[] = [];
+  let cursor = 0;
+
+  for (const tok of tokens) {
+    // Append the segment before this token verbatim.
+    out.push(text.slice(cursor, tok.index));
+    cursor = tok.index + tok.length;
+
+    if (!isLocalSrc(tok.src)) {
+      // External / data: / pi-asset: / fragment — pass through unchanged.
+      out.push(tok.token);
+      continue;
+    }
+
+    const absPath = resolveLocalPath(tok.src, opts.cwd);
+
+    // Order matters here:
+    //   1. readFile FIRST so EISDIR / ENOENT / EACCES are reported with
+    //      their proper placeholders even when the path has no extension
+    //      (e.g. `/home/me` resolving to a directory).
+    //   2. mimeFromExtension after a successful read so an existing file
+    //      with a non-image extension reports "unsupported image type"
+    //      rather than a generic read failure.
+    //   3. hashBytes so we can consult `alreadyEmitted` BEFORE the
+    //      per-image and per-message caps. Already-registered assets bypass
+    //      caps because their bytes were paid for on the previous emission.
+    //   4. Per-image cap and per-message budget gate ONLY new emissions.
+    const outcome = opts.readFile(absPath);
+    if (!outcome.ok) {
+      // EACCES is folded into ENOENT placeholder to avoid leaking permission
+      // existence. EISDIR / EOTHER use the generic "read failed" wording.
+      if (outcome.kind === "ENOENT" || outcome.kind === "EACCES") {
+        out.push(`[image not found: ${tok.src}]`);
+      } else {
+        out.push(`[image read failed: ${tok.src}]`);
+      }
+      continue;
+    }
+
+    const mime = mimeFromExtension(absPath);
+    if (!mime) {
+      out.push(`[unsupported image type: ${tok.src}]`);
+      continue;
+    }
+
+    const hash = hashBytes(outcome.bytes);
+
+    if (opts.alreadyEmitted.has(hash)) {
+      // Bytes already shipped earlier in the session — only the token rewrites.
+      // Caps are bypassed: dedup means no new bytes go on the wire.
+      out.push(`![${tok.alt}](pi-asset:${hash})`);
+      continue;
+    }
+
+    const size = outcome.bytes.length;
+    if (size > maxPerImage) {
+      out.push(`[image too large: ${tok.src} (${formatMB(size)} MB)]`);
+      continue;
+    }
+
+    // New asset. Check the per-message budget before committing.
+    if (bytesInThisMessage + size > maxPerMessage) {
+      out.push(`[message asset budget exhausted: ${tok.src}]`);
+      continue;
+    }
+
+    bytesInThisMessage += size;
+    opts.alreadyEmitted.add(hash);
+    assetsToEmit.push({
+      hash,
+      mimeType: mime,
+      data: outcome.bytes.toString("base64"),
+    });
+    out.push(`![${tok.alt}](pi-asset:${hash})`);
+  }
+
+  out.push(text.slice(cursor));
+  return { rewritten: out.join(""), assetsToEmit };
+}

package/packages/extension/src/model-tracker.ts

@@ -4,7 +4,7 @@
  */
 import type { BridgeContext } from "./bridge-context.js";
 import { getCurrentModelString } from "./bridge-context.js";
-import { gatherGitInfo } from "./git-info.js";
+import { gatherGitInfo, gatherJjInfo } from "./vcs-info.js";
 
 /**
  * Send model_update if model or thinking level has changed since last send.
@@ -54,3 +54,37 @@ export function sendGitInfoIfChanged(bc: BridgeContext, cwd: string): void {
     ...info,
   });
 }
+
+/**
+ * Reset the change-detection caches that aren't persisted on the server
+ * side, so a server-restart-driven reconnect re-sends them. `gitBranch`
+ * is already persisted to `.meta.json` so it's tolerable for a tick of
+ * staleness; `jjState` is intentionally NOT persisted (live tool state)
+ * and must be re-emitted on every reconnect.
+ * See change: add-jj-workspace-plugin.
+ */
+export function resetReconnectCaches(bc: BridgeContext): void {
+  bc.lastJjStateJson = undefined;
+  // Defensive: also reset git so a reconnect through a stale state cache
+  // doesn't surface stale branch info if .meta.json wasn't persisted yet.
+  bc.lastGitBranch = undefined;
+  bc.lastGitPrNumber = undefined;
+}
+
+/**
+ * Send jj_state_update if the cwd's jj state has changed since last send.
+ * Sends `null` to clear when the session leaves a jj repo (cwd switch).
+ * No-op when there's nothing to clear and nothing to send.
+ * See change: add-jj-workspace-plugin.
+ */
+export function sendJjStateIfChanged(bc: BridgeContext, cwd: string): void {
+  const state = gatherJjInfo(cwd);
+  const nextJson = state ? JSON.stringify(state) : "";
+  if (nextJson === (bc.lastJjStateJson ?? "")) return;
+  bc.lastJjStateJson = nextJson;
+  bc.connection.send({
+    type: "jj_state_update",
+    sessionId: bc.sessionId,
+    jjState: state ?? null,
+  });
+}

package/packages/extension/src/prompt-bus.ts

@@ -112,9 +112,10 @@ export class PromptBus {
 
     return new Promise<PromptResponse>((resolve) => {
       const timeoutMs = this.options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-      const timer = setTimeout(() => {
-        this.cancel(id);
-      }, timeoutMs);
+      // timeoutMs <= 0 means infinite — never fire a cancellation timer.
+      const timer = timeoutMs > 0
+        ? setTimeout(() => { this.cancel(id); }, timeoutMs)
+        : (null as unknown as ReturnType<typeof setTimeout>);
 
       // Distribute to all adapters and collect claims
       const claims: PendingPrompt["claims"] = [];

package/packages/extension/src/prompt-expander.ts

@@ -6,8 +6,9 @@
  * by reading template/skill files directly and expanding them.
  */
 import { readFileSync, existsSync } from "node:fs";
-import { join, resolve } from "node:path";
+import { dirname, join, resolve } from "node:path";
 import { readdirSync, statSync } from "node:fs";
+import { buildSkillBlock } from "@blackbelt-technology/pi-dashboard-shared/skill-block-parser.js";
 
 /** Scan directories for .md prompt template files */
 function findPromptTemplates(cwd: string): Map<string, string> {
@@ -97,7 +98,26 @@ export function expandPromptTemplateFromDisk(text: string, cwd: string, pi?: any
 
   try {
     const content = readTemplate(filePath);
-    // Simple arg substitution: replace $1, $2, etc. or just append args
+
+    // Skill detection: either the local-scan key starts with `skill:` or the
+    // pi.getCommands() fallback resolved a command whose `source === "skill"`
+    // (we re-check below). Skill expansions wrap in pi's `<skill>` envelope so
+    // the dashboard ingress path is byte-identical to pi's own _expandSkillCommand,
+    // which lets the client and server recover the slash-command form.
+    // See change: render-skill-invocations-collapsibly.
+    const isSkill = isSkillResolution(templateName, filePath, pi);
+    if (isSkill) {
+      const bareName = templateName.replace(/^skill:/, "");
+      return buildSkillBlock({
+        name: bareName,
+        filePath,
+        baseDir: dirname(filePath),
+        body: content,
+        userArgs: argsString || undefined,
+      });
+    }
+
+    // Plain prompt templates: append args after a blank line, no wrapper.
     if (argsString) {
       return `${content}\n\n${argsString}`;
     }
@@ -106,3 +126,31 @@ export function expandPromptTemplateFromDisk(text: string, cwd: string, pi?: any
     return text;
   }
 }
+
+/**
+ * Detect whether the resolved `filePath` came from a skill source.
+ *
+ * The local-scan key tells us directly when it starts with `skill:`. For the
+ * pi.getCommands() fallback we re-query and check `source === "skill"` against
+ * the same templateName.
+ */
+function isSkillResolution(
+  templateName: string,
+  filePath: string,
+  pi: any | undefined,
+): boolean {
+  if (templateName.startsWith("skill:")) return true;
+  // The colon-alias path (e.g. /opsx:continue) maps to a hyphen filename and is
+  // a prompt template, not a skill. Skills always use the `skill:` prefix in
+  // both the local scan and pi.getCommands().
+  if (!pi?.getCommands) return false;
+  try {
+    const commands = pi.getCommands();
+    const match = commands.find(
+      (c: any) => c.name === templateName && c.source === "skill" && c.path === filePath,
+    );
+    return !!match;
+  } catch {
+    return false;
+  }
+}

package/packages/extension/src/provider-register.ts

@@ -15,6 +15,7 @@ import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
 import { existsSync, readFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import type { ProviderInfo } from "@blackbelt-technology/pi-dashboard-shared/types.js";
 
 // -- Types ----------------------------------------------------------------
 
@@ -288,6 +289,122 @@ export function getSessionInfo(): { provider: string; modelId: string } {
   return { provider: currentSessionProvider, modelId: currentSessionModelId };
 }
 
+// -- Provider catalogue (for dashboard /api/provider-auth/status) -------
+//
+// Pure derivation: given a captured `ModelRegistry` and the pi-ai
+// helpers (`findEnvKeys`, `getEnvApiKey`), build a flat ProviderInfo[]
+// covering every OAuth provider plus every distinct provider id from
+// `getAll()`. The bridge pushes this to the server alongside
+// `models_list`. See change: replace-hardcoded-provider-lists.
+
+type PiAiHelpers = {
+  findEnvKeys?: (id: string) => string[] | undefined;
+  getEnvApiKey?: (id: string) => string | undefined;
+};
+
+export function _buildProviderCatalogue(
+  modelRegistry: any,
+  piAi: PiAiHelpers,
+  customIds: ReadonlySet<string> = new Set(),
+): ProviderInfo[] {
+  if (!modelRegistry) return [];
+  const oauthIds = new Set<string>(
+    (modelRegistry.authStorage?.getOAuthProviders?.() ?? []).map((p: any) => p.id),
+  );
+  // The catalogue is the complete picture of what pi knows about —
+  // built-in providers, OAuth providers, AND custom providers registered
+  // by the dashboard via pi.registerProvider() from ~/.pi/agent/providers.json.
+  // Custom providers carry `custom: true` so consumers can decide what
+  // to surface where (e.g. the auth UI suppresses their API-key rows
+  // because they're managed by the LLM Providers settings section).
+  // Filtering decisions belong to consumers, not to this function.
+  // See change: replace-hardcoded-provider-lists.
+  const allIds = new Set<string>(oauthIds);
+  for (const m of (modelRegistry.getAll?.() ?? []) as Array<{ provider?: string }>) {
+    if (m.provider) allIds.add(m.provider);
+  }
+  return [...allIds].map((id) => {
+    let displayName = id;
+    try {
+      displayName = modelRegistry.getProviderDisplayName?.(id) ?? id;
+    } catch { /* fallback to id */ }
+    let configured = false;
+    let source: ProviderInfo["source"];
+    try {
+      const status = modelRegistry.authStorage?.getAuthStatus?.(id);
+      if (status) {
+        configured = !!status.configured;
+        source = status.source;
+      }
+    } catch { /* ignore */ }
+    let expires: number | undefined;
+    try {
+      const cred = modelRegistry.authStorage?.get?.(id);
+      if (cred?.type === "oauth" && typeof cred.expires === "number") {
+        expires = cred.expires;
+      }
+    } catch { /* ignore */ }
+    let envVar: string | undefined;
+    let ambient: boolean | undefined;
+    try {
+      const keys = piAi.findEnvKeys?.(id);
+      if (keys && keys.length > 0) envVar = keys[0];
+      if (piAi.getEnvApiKey?.(id) === "<authenticated>") ambient = true;
+    } catch { /* ignore */ }
+    return {
+      id,
+      displayName,
+      hasOAuth: oauthIds.has(id),
+      configured,
+      source,
+      envVar,
+      ambient,
+      expires,
+      custom: customIds.has(id) || undefined,
+    };
+  });
+}
+
+// Lazy-cached pi-ai module (in scope inside pi's process).
+let _piAiModule: PiAiHelpers | null = null;
+let _piAiLoadAttempted = false;
+async function loadPiAi(): Promise<PiAiHelpers> {
+  if (_piAiModule) return _piAiModule;
+  if (_piAiLoadAttempted) return {};
+  _piAiLoadAttempted = true;
+  try {
+    const mod: any = await import("@mariozechner/pi-ai");
+    _piAiModule = { findEnvKeys: mod.findEnvKeys, getEnvApiKey: mod.getEnvApiKey };
+    return _piAiModule;
+  } catch {
+    return {};
+  }
+}
+
+// Eagerly kick off pi-ai load at module import time so env-var hints
+// are populated by the time the first session_register fires. Failure
+// is silent; `buildProviderCatalogue` falls back to {} which still
+// produces a valid catalogue minus envVar/ambient hints.
+void loadPiAi();
+
+/**
+ * Public wrapper: returns the current provider catalogue, or [] when
+ * the model registry has not been captured yet. Marks providers the
+ * bridge itself registered (from `~/.pi/agent/providers.json` via
+ * `pi.registerProvider()`) with `custom: true` so consumers can
+ * suppress their API-key auth rows (those are managed by the LLM
+ * Providers settings section). The catalogue itself is complete —
+ * including custom providers — so other consumers (e.g. diagnostics)
+ * see the full picture.
+ */
+export function buildProviderCatalogue(): ProviderInfo[] {
+  const mr = getModelRegistry();
+  if (!mr) return [];
+  const piAi = _piAiModule ?? {};
+  const customIds = new Set<string>(lastRegistered.keys());
+  return _buildProviderCatalogue(mr, piAi, customIds);
+}
+
 export function getModelDisplayName(modelId: string): string {
   if (piRef) {
     const data: any = {};

package/packages/extension/src/server-launcher.ts

@@ -45,6 +45,23 @@ export function resolveServerCliPath(): string {
   }
 }
 
+/**
+ * Build the environment object passed to the spawned server process.
+ * Always stamps DASHBOARD_STARTER=Bridge so the server knows it was
+ * launched by the pi bridge extension.
+ */
+export function buildSpawnEnv(
+  baseEnv: NodeJS.ProcessEnv = process.env,
+): Record<string, string> {
+  // Spread process.env (may contain undefined values); filter them out.
+  const out: Record<string, string> = {};
+  for (const [k, v] of Object.entries(baseEnv)) {
+    if (v !== undefined) out[k] = v;
+  }
+  out["DASHBOARD_STARTER"] = "Bridge";
+  return out;
+}
+
 /**
  * Build the spawn arguments from config.
  */
@@ -94,7 +111,7 @@ export async function launchServer(config: DashboardConfig): Promise<LaunchResul
     const r = await spawnDetached({
       cmd: process.execPath,
       args: ["--import", loader, entry, ...args], // ban:raw-node-import-ok: entry gated by shouldUrlWrapEntry
-      env: { ...process.env },
+      env: { ...process.env, DASHBOARD_STARTER: "Bridge" },
       logFd,
     });
 

package/packages/extension/src/session-sync.ts

@@ -6,8 +6,9 @@ import type { BridgeContext } from "./bridge-context.js";
 import { getCurrentModelString, extractFirstMessage, filterHiddenCommands } from "./bridge-context.js";
 import { detectSessionSource } from "./source-detector.js";
 import { replayEntriesAsEvents } from "@blackbelt-technology/pi-dashboard-shared/state-replay.js";
-import { gatherGitInfo } from "./git-info.js";
+import { gatherGitInfo, gatherJjInfo } from "./vcs-info.js";
 import type { FlowInfo } from "@blackbelt-technology/pi-dashboard-shared/types.js";
+import { buildProviderCatalogue } from "./provider-register.js";
 
 /**
  * Send full state sync to the server (session_register, commands, flows, models).
@@ -72,6 +73,8 @@ export function sendStateSync(
         id: m.id,
       }));
       bc.connection.send({ type: "models_list", sessionId: bc.sessionId, models });
+      // See change: replace-hardcoded-provider-lists.
+      bc.connection.send({ type: "providers_list", sessionId: bc.sessionId, providers: buildProviderCatalogue() });
     } catch { /* ignore */ }
   }
 }
@@ -164,6 +167,8 @@ export function handleSessionChange(
         id: m.id,
       }));
       bc.connection.send({ type: "models_list", sessionId: bc.sessionId, models });
+      // See change: replace-hardcoded-provider-lists.
+      bc.connection.send({ type: "providers_list", sessionId: bc.sessionId, providers: buildProviderCatalogue() });
     } catch { /* ignore */ }
   }
 }