@f5xc-salesdemos/xcsh 19.47.0 → 19.48.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"type": "module",
|
|
3
3
|
"name": "@f5xc-salesdemos/xcsh",
|
|
4
|
-
"version": "19.
|
|
4
|
+
"version": "19.48.1",
|
|
5
5
|
"description": "Coding agent CLI with read, bash, edit, write tools and session management",
|
|
6
6
|
"homepage": "https://github.com/f5xc-salesdemos/xcsh",
|
|
7
7
|
"author": "Can Boluk",
|
|
@@ -54,13 +54,13 @@
|
|
|
54
54
|
"dependencies": {
|
|
55
55
|
"@agentclientprotocol/sdk": "0.16.1",
|
|
56
56
|
"@mozilla/readability": "^0.6",
|
|
57
|
-
"@f5xc-salesdemos/xcsh-stats": "19.
|
|
58
|
-
"@f5xc-salesdemos/pi-agent-core": "19.
|
|
59
|
-
"@f5xc-salesdemos/pi-ai": "19.
|
|
60
|
-
"@f5xc-salesdemos/pi-natives": "19.
|
|
61
|
-
"@f5xc-salesdemos/pi-resource-management": "19.
|
|
62
|
-
"@f5xc-salesdemos/pi-tui": "19.
|
|
63
|
-
"@f5xc-salesdemos/pi-utils": "19.
|
|
57
|
+
"@f5xc-salesdemos/xcsh-stats": "19.48.1",
|
|
58
|
+
"@f5xc-salesdemos/pi-agent-core": "19.48.1",
|
|
59
|
+
"@f5xc-salesdemos/pi-ai": "19.48.1",
|
|
60
|
+
"@f5xc-salesdemos/pi-natives": "19.48.1",
|
|
61
|
+
"@f5xc-salesdemos/pi-resource-management": "19.48.1",
|
|
62
|
+
"@f5xc-salesdemos/pi-tui": "19.48.1",
|
|
63
|
+
"@f5xc-salesdemos/pi-utils": "19.48.1",
|
|
64
64
|
"@sinclair/typebox": "^0.34",
|
|
65
65
|
"@xterm/headless": "^6.0",
|
|
66
66
|
"ajv": "^8.20",
|
|
@@ -307,6 +307,14 @@ export class ExtensionPageActions implements PageActions {
|
|
|
307
307
|
}
|
|
308
308
|
}
|
|
309
309
|
|
|
310
|
+
async selectLabel(selector: string, value: string, _context?: string): Promise<void> {
|
|
311
|
+
// Atomic CDK-portal typeahead interaction: the extension's label_select tool
|
|
312
|
+
// handles type → poll → click in ONE handler without losing focus (the root
|
|
313
|
+
// cause of all previous label-selector failures). Uses plain Runtime.evaluate
|
|
314
|
+
// (not evaluateWithRecovery which detaches the debugger and closes the portal).
|
|
315
|
+
await this.#ext.labelSelect(selector, value);
|
|
316
|
+
}
|
|
317
|
+
|
|
310
318
|
async scrollIntoView(selector: string, _context?: string): Promise<void> {
|
|
311
319
|
// resolveCoords already does scrollIntoView.
|
|
312
320
|
await resolveCoords(this.#ext, selector);
|
|
@@ -53,6 +53,19 @@ export interface ExtensionPage {
|
|
|
53
53
|
clickXy(x: number, y: number): Promise<void>;
|
|
54
54
|
/** CDP Input.insertText into the focused element (genuine trusted input events). */
|
|
55
55
|
typeText(text: string): Promise<void>;
|
|
56
|
+
/** Atomically type into a CDK-portal typeahead + click the matching option.
|
|
57
|
+
* Keeps the input focused throughout (uses plain Runtime.evaluate, not the
|
|
58
|
+
* evaluateWithRecovery path that defocuses by detaching the debugger). */
|
|
59
|
+
labelSelect(
|
|
60
|
+
selector: string,
|
|
61
|
+
value: string,
|
|
62
|
+
waitMs?: number,
|
|
63
|
+
): Promise<{
|
|
64
|
+
selected: string;
|
|
65
|
+
matchedKind: string;
|
|
66
|
+
value: string;
|
|
67
|
+
optionCount: number;
|
|
68
|
+
}>;
|
|
56
69
|
}
|
|
57
70
|
|
|
58
71
|
/** Unwrap a {@link ToolResult}, throwing on the error flag. */
|
|
@@ -204,6 +217,19 @@ class BridgeExtensionPage implements ExtensionPage {
|
|
|
204
217
|
async typeText(text: string): Promise<void> {
|
|
205
218
|
unwrap(await this.#server.request("type_text", { text }), "type_text");
|
|
206
219
|
}
|
|
220
|
+
|
|
221
|
+
async labelSelect(
|
|
222
|
+
selector: string,
|
|
223
|
+
value: string,
|
|
224
|
+
waitMs?: number,
|
|
225
|
+
): Promise<{ selected: string; matchedKind: string; value: string; optionCount: number }> {
|
|
226
|
+
// Request timeout must exceed the handler's internal poll budget.
|
|
227
|
+
const timeout = Math.max(30_000, (waitMs ?? 8_000) + 5_000);
|
|
228
|
+
return unwrap(
|
|
229
|
+
await this.#server.request("label_select", { selector, value, wait_ms: waitMs }, timeout),
|
|
230
|
+
"label_select",
|
|
231
|
+
) as { selected: string; matchedKind: string; value: string; optionCount: number };
|
|
232
|
+
}
|
|
207
233
|
}
|
|
208
234
|
|
|
209
235
|
const CONNECT_TIMEOUT_MS = 30_000;
|
|
@@ -17,17 +17,17 @@ export interface BuildInfo {
|
|
|
17
17
|
}
|
|
18
18
|
|
|
19
19
|
export const BUILD_INFO: BuildInfo = {
|
|
20
|
-
"version": "19.
|
|
21
|
-
"commit": "
|
|
22
|
-
"shortCommit": "
|
|
20
|
+
"version": "19.48.1",
|
|
21
|
+
"commit": "631f2894864056abcc7f4d985ad5d4bc4b12806e",
|
|
22
|
+
"shortCommit": "631f289",
|
|
23
23
|
"branch": "main",
|
|
24
|
-
"tag": "v19.
|
|
25
|
-
"commitDate": "2026-06-
|
|
26
|
-
"buildDate": "2026-06-
|
|
24
|
+
"tag": "v19.48.1",
|
|
25
|
+
"commitDate": "2026-06-25T20:15:07Z",
|
|
26
|
+
"buildDate": "2026-06-25T20:36:30.697Z",
|
|
27
27
|
"dirty": true,
|
|
28
28
|
"prNumber": "",
|
|
29
29
|
"repoUrl": "https://github.com/f5xc-salesdemos/xcsh",
|
|
30
30
|
"repoSlug": "f5xc-salesdemos/xcsh",
|
|
31
|
-
"commitUrl": "https://github.com/f5xc-salesdemos/xcsh/commit/
|
|
32
|
-
"releaseUrl": "https://github.com/f5xc-salesdemos/xcsh/releases/tag/v19.
|
|
31
|
+
"commitUrl": "https://github.com/f5xc-salesdemos/xcsh/commit/631f2894864056abcc7f4d985ad5d4bc4b12806e",
|
|
32
|
+
"releaseUrl": "https://github.com/f5xc-salesdemos/xcsh/releases/tag/v19.48.1"
|
|
33
33
|
};
|
|
@@ -13,6 +13,7 @@ import { XCSHApiClient } from "./xcsh-api-client";
|
|
|
13
13
|
import {
|
|
14
14
|
deriveTenantFromUrl,
|
|
15
15
|
hasEnvOverride,
|
|
16
|
+
isInjectableContextEnvKey,
|
|
16
17
|
normalizeApiUrl,
|
|
17
18
|
RESERVED_ENV_KEYS,
|
|
18
19
|
RESERVED_ENV_MESSAGES,
|
|
@@ -1388,10 +1389,13 @@ export class ContextService {
|
|
|
1388
1389
|
// Inject context profile name for API tool identity surfacing
|
|
1389
1390
|
merged[XCSH_CONTEXT_NAME] = context.name;
|
|
1390
1391
|
|
|
1391
|
-
// Inject
|
|
1392
|
+
// Inject additional env vars from context.env. Allowlist: only XCSH_-namespaced
|
|
1393
|
+
// non-reserved keys may reach the subprocess — a project-local context file is
|
|
1394
|
+
// untrusted input, so anything outside the XCSH_ namespace (LD_PRELOAD,
|
|
1395
|
+
// NODE_OPTIONS, PATH, …) is refused and can never run code.
|
|
1392
1396
|
if (context.env) {
|
|
1393
1397
|
for (const [key, value] of Object.entries(context.env)) {
|
|
1394
|
-
if (!process.env[key]
|
|
1398
|
+
if (isInjectableContextEnvKey(key) && !process.env[key]) merged[key] = value;
|
|
1395
1399
|
}
|
|
1396
1400
|
}
|
|
1397
1401
|
|
package/src/services/xcsh-env.ts
CHANGED
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
*/
|
|
7
7
|
import {
|
|
8
8
|
AUTH_ENV_KEYS,
|
|
9
|
+
isInjectableContextEnvKey,
|
|
9
10
|
isSensitiveEnvKey,
|
|
10
11
|
RESERVED_ENV_KEYS,
|
|
11
12
|
SECRET_ENV_PATTERNS,
|
|
@@ -20,6 +21,7 @@ import {
|
|
|
20
21
|
|
|
21
22
|
export {
|
|
22
23
|
AUTH_ENV_KEYS,
|
|
24
|
+
isInjectableContextEnvKey,
|
|
23
25
|
isSensitiveEnvKey,
|
|
24
26
|
RESERVED_ENV_KEYS,
|
|
25
27
|
SECRET_ENV_PATTERNS,
|