@firstpick/pi-package-webui 0.3.6 → 0.3.8

package/bin/pi-webui.mjs

@@ -10,6 +10,29 @@ import path from "node:path";
 import { StringDecoder } from "node:string_decoder";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import { AuthStorage, SessionManager, SettingsManager } from "@earendil-works/pi-coding-agent";
+import { authProvidersPayload, createAuthContext, logoutStoredProvider } from "../lib/auth-actions.mjs";
+import {
+  collectOpenSessionFiles,
+  deleteSessionFile,
+  isSessionPathAllowed,
+  renameSessionMetadata,
+  validateSessionDelete,
+} from "../lib/session-actions.mjs";
+import { sweepStaleTempEntries } from "../lib/temp-artifacts.mjs";
+import {
+  evaluateDispatchTrustGuards,
+  guardsForNativeCommand,
+  isLocalRequest,
+  remoteShellTrustWarning,
+  requireLocalhostRoute,
+} from "../lib/trust-boundaries.mjs";
+import {
+  nativeCommandBlocked,
+  nativeCommandResponse,
+  nativeCommandUnavailable,
+  nativeSlashCommandEntries,
+  parseSlashCommand as parseNativeSlashCommand,
+} from "../lib/native-command-adapter.mjs";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const require = createRequire(import.meta.url);
@@ -94,6 +117,11 @@ const TREE_SELECTOR_TEXT_LIMIT = 260;
 const NETWORK_REBIND_DELAY_MS = 100;
 const NETWORK_REBIND_FORCE_CLOSE_MS = 750;
 const NATIVE_DOWNLOAD_TOKEN_TTL_MS = 10 * 60 * 1000;
+const UPLOAD_TEMP_ROOT = path.join(tmpdir(), "pi-webui-uploads");
+const NATIVE_EXPORT_TEMP_ROOT = path.join(tmpdir(), "pi-webui-native-exports");
+const UPLOAD_TEMP_TTL_MS = 24 * 60 * 60 * 1000;
+const NATIVE_EXPORT_TEMP_TTL_MS = 60 * 60 * 1000;
+const TEMP_ARTIFACT_SWEEP_INTERVAL_MS = 60 * 60 * 1000;
 const AUTO_TAB_TITLE_MAX_LENGTH = 44;
 const AUTO_TAB_TITLE_WORD_LIMIT = 8;
 const AUTO_TAB_TITLE_STOP_WORDS = new Set([
@@ -178,37 +206,19 @@ function isSourceCheckout(root) {
   return normalized.includes("/npm-packages/") && !normalized.includes("/node_modules/");
 }
 
-function nativeParitySurfaces(matrix = nativeParityMatrix) {
-  return Array.isArray(matrix?.surfaces) ? matrix.surfaces : [];
-}
+const NATIVE_SLASH_COMMANDS = nativeSlashCommandEntries(nativeParityMatrix);
+const NATIVE_SLASH_COMMAND_NAMES = new Set(NATIVE_SLASH_COMMANDS.map((command) => command.name));
+const respondNative = (command, data = {}) => nativeCommandResponse(command, data, nativeParityMatrix);
+const unavailableNative = (command, details = {}) => nativeCommandUnavailable(command, details, nativeParityMatrix);
 
-function nativeSlashCommandEntries(matrix = nativeParityMatrix) {
-  return nativeParitySurfaces(matrix)
-    .filter((surface) => surface?.kind === "slash-command")
-    .map((surface) => {
-      const name = String(surface.command?.name || surface.id || "").replace(/^\//, "").trim();
-      return {
-        name,
-        description: String(surface.command?.description || surface.title || `/${name}`),
-        source: "native",
-        location: "Pi",
-        nativeParity: {
-          status: surface.webStatus || "unsupported",
-          priority: surface.priority || "P2",
-          guards: Array.isArray(surface.guards) ? surface.guards : [],
-          sensitive: surface.sensitive === true,
-        },
-      };
-    })
-    .filter((command) => command.name);
+function parseSlashCommand(message) {
+  return parseNativeSlashCommand(message, NATIVE_SLASH_COMMAND_NAMES);
 }
-
-const NATIVE_SLASH_COMMANDS = nativeSlashCommandEntries();
-const NATIVE_SLASH_COMMAND_NAMES = new Set(NATIVE_SLASH_COMMANDS.map((command) => command.name));
 const OPTIONAL_FEATURE_PACKAGES = new Map([
   ["gitWorkflow", "@firstpick/pi-prompts-git-pr"],
   ["releaseNpm", "@firstpick/pi-extension-release-npm"],
   ["releaseAur", "@firstpick/pi-extension-release-aur"],
+  ["safetyGuard", "@firstpick/pi-extension-safety-guard"],
   ["tuiSkillsCommand", "@firstpick/pi-extension-setup-skills"],
   ["todoProgressWidget", "@firstpick/pi-extension-todo-progress"],
   ["tuiToolsCommand", "@firstpick/pi-extension-tools"],
@@ -358,10 +368,6 @@ function formatUrlHost(host) {
   return host.includes(":") && !host.startsWith("[") ? `[${host}]` : host;
 }
 
-function isLocalAddress(address = "") {
-  return address === "::1" || address.startsWith("127.") || address === "::ffff:127.0.0.1" || address.startsWith("::ffff:127.");
-}
-
 function sanitizeError(error) {
   if (!error) return "Unknown error";
   if (typeof error === "string") return error;
@@ -784,16 +790,6 @@ async function handleActionFeedback(tab, body) {
   return response;
 }
 
-function parseSlashCommand(message) {
-  const text = String(message || "").trim();
-  if (!text.startsWith("/") || text.includes("\n")) return undefined;
-  const match = text.match(/^\/([^\s]+)(?:\s+([\s\S]*))?$/);
-  if (!match) return undefined;
-  const name = match[1].toLowerCase();
-  if (!NATIVE_SLASH_COMMAND_NAMES.has(name)) return undefined;
-  return { name, args: (match[2] || "").trim(), text };
-}
-
 function truncateTabTitle(title, maxLength = AUTO_TAB_TITLE_MAX_LENGTH) {
   const text = String(title || "").replace(/\s+/g, " ").trim();
   if (!maxLength || text.length <= maxLength) return text;
@@ -2754,6 +2750,8 @@ async function getWorkspaceInfo(cwd, startedAt) {
 }
 
 let activeGitWorkflowProcess = null;
+const GIT_CHANGES_COMMAND_TIMEOUT_MS = 5000;
+const GIT_CHANGES_DIFF_MAX_OUTPUT = 500_000;
 
 async function getGitRoot(cwd) {
   const result = await runCommand("git", ["rev-parse", "--show-toplevel"], { cwd, timeoutMs: 2000 });
@@ -2763,6 +2761,120 @@ async function getGitRoot(cwd) {
   return path.resolve(result.stdout.trim());
 }
 
+async function runGitReadCommand(root, args, { timeoutMs = GIT_CHANGES_COMMAND_TIMEOUT_MS, maxOutputLength = GIT_CHANGES_DIFF_MAX_OUTPUT } = {}) {
+  const result = await runCommand("git", args, { cwd: root, timeoutMs, maxOutputLength });
+  if (result.exitCode === 0 && !result.timedOut && !result.error) return result.stdout;
+  const command = formatGitCommand(args);
+  const message = result.timedOut
+    ? `${command} timed out`
+    : (result.stderr || result.stdout || result.error || `${command} failed with exit code ${result.exitCode ?? "unknown"}`);
+  throw new Error(String(message).trim());
+}
+
+function gitBranchFromStatus(statusText) {
+  const branchLine = String(statusText || "").split(/\r?\n/).find((line) => line.startsWith("## ")) || "";
+  return branchLine.slice(3).trim().replace(/\.\.\..*$/, "") || "detached";
+}
+
+function summarizeGitShortStatus(statusText) {
+  const summary = { staged: 0, unstaged: 0, untracked: 0, conflicted: 0 };
+  for (const line of String(statusText || "").split(/\r?\n/)) {
+    if (!line || line.startsWith("## ")) continue;
+    const x = line[0] || " ";
+    const y = line[1] || " ";
+    if (x === "?" && y === "?") {
+      summary.untracked += 1;
+      continue;
+    }
+    if (x === "U" || y === "U" || (x === "A" && y === "A") || (x === "D" && y === "D")) {
+      summary.conflicted += 1;
+      continue;
+    }
+    if (x && x !== " ") summary.staged += 1;
+    if (y && y !== " ") summary.unstaged += 1;
+  }
+  return summary;
+}
+
+function resolveGitRelativePath(root, relativePath) {
+  const normalized = String(relativePath || "").trim();
+  if (!normalized || normalized.includes("\0")) throw new Error("Invalid git path");
+  const resolved = path.resolve(root, normalized);
+  if (resolved !== root && !resolved.startsWith(`${root}${path.sep}`)) throw new Error(`Git path escapes repository: ${normalized}`);
+  return resolved;
+}
+
+function isLikelyBinaryBuffer(buffer) {
+  return Buffer.isBuffer(buffer) && buffer.includes(0);
+}
+
+function normalizeGitRelativePath(root, relativePath) {
+  const resolved = resolveGitRelativePath(root, relativePath);
+  return path.relative(root, resolved).split(path.sep).join("/");
+}
+
+async function readGitUntrackedEntry(root, file) {
+  const normalized = normalizeGitRelativePath(root, file);
+  const filePath = resolveGitRelativePath(root, normalized);
+  const info = await stat(filePath);
+  if (!info.isFile()) return { path: normalized, size: info.size, binary: false, content: "", error: "Not a regular file" };
+  const buffer = await readFile(filePath);
+  const binary = isLikelyBinaryBuffer(buffer);
+  return {
+    path: normalized,
+    size: info.size,
+    binary,
+    content: binary ? "" : buffer.toString("utf8"),
+  };
+}
+
+async function readGitUntrackedEntries(root, files) {
+  const entries = [];
+  for (const file of files) {
+    try {
+      entries.push(await readGitUntrackedEntry(root, file));
+    } catch (error) {
+      entries.push({ path: file, size: 0, binary: false, content: "", error: sanitizeError(error) });
+    }
+  }
+  return entries;
+}
+
+async function readGitUntrackedFile(cwd, requestedPath) {
+  const root = await getGitRoot(cwd);
+  const normalized = normalizeGitRelativePath(root, requestedPath);
+  const listed = await runGitReadCommand(root, ["ls-files", "--others", "--exclude-standard", "--", normalized], { maxOutputLength: 120_000 });
+  const files = listed.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+  if (!files.includes(normalized)) throw new Error(`Not an untracked file: ${normalized}`);
+  return readGitUntrackedEntry(root, normalized);
+}
+
+async function readGitChanges(cwd) {
+  const root = await getGitRoot(cwd);
+  const diffArgs = ["diff", "--no-ext-diff", "--no-color", "--find-renames", "--src-prefix=a/", "--dst-prefix=b/"];
+  const [statusText, unstagedDiff, stagedDiff, untrackedText] = await Promise.all([
+    runGitReadCommand(root, ["status", "--short", "--branch", "--untracked-files=all"], { maxOutputLength: 120_000 }),
+    runGitReadCommand(root, diffArgs),
+    runGitReadCommand(root, ["diff", "--cached", "--no-ext-diff", "--no-color", "--find-renames", "--src-prefix=a/", "--dst-prefix=b/"]),
+    runGitReadCommand(root, ["ls-files", "--others", "--exclude-standard"], { maxOutputLength: 120_000 }),
+  ]);
+  const untrackedFiles = untrackedText.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+  const untracked = await readGitUntrackedEntries(root, untrackedFiles);
+  return {
+    cwd,
+    root,
+    branch: gitBranchFromStatus(statusText),
+    generatedAt: new Date().toISOString(),
+    summary: summarizeGitShortStatus(statusText),
+    status: statusText.trimEnd(),
+    sections: [
+      { key: "staged", label: "Staged", command: "git diff --cached", diff: stagedDiff.trimEnd() },
+      { key: "unstaged", label: "Unstaged", command: "git diff", diff: unstagedDiff.trimEnd() },
+    ],
+    untracked,
+  };
+}
+
 function commitMessagePaths(root) {
   return {
     shortPath: path.join(root, "dev", "COMMIT", "staged-commit-short.txt"),
@@ -2829,6 +2941,68 @@ async function currentGitBranch(root) {
   return branch;
 }
 
+async function currentGitBranchForPicker(root) {
+  try {
+    return (await runGitReadCommand(root, ["branch", "--show-current"], { timeoutMs: 5000, maxOutputLength: 10_000 })).trim();
+  } catch {
+    return "";
+  }
+}
+
+function normalizeGitBranchList(branchText, current = "") {
+  const seen = new Set();
+  const branches = [];
+  for (const line of String(branchText || "").split(/\r?\n/)) {
+    const name = line.trim();
+    if (!name || seen.has(name)) continue;
+    seen.add(name);
+    branches.push({ name, current: !!current && name === current });
+  }
+  return branches.sort((left, right) => {
+    if (left.current !== right.current) return left.current ? -1 : 1;
+    return left.name.localeCompare(right.name);
+  });
+}
+
+async function readGitBranches(cwd) {
+  const root = await getGitRoot(cwd);
+  const [current, branchText] = await Promise.all([
+    currentGitBranchForPicker(root),
+    runGitReadCommand(root, ["branch", "--format=%(refname:short)"], { timeoutMs: 5000, maxOutputLength: 120_000 }),
+  ]);
+  return {
+    cwd,
+    root,
+    current,
+    generatedAt: new Date().toISOString(),
+    branches: normalizeGitBranchList(branchText, current),
+  };
+}
+
+async function switchGitBranch(cwd, branch, { create = false } = {}) {
+  const root = await getGitRoot(cwd);
+  const targetBranch = cleanGitBranchName(branch);
+  await validateGitBranchName(root, targetBranch);
+  const branches = await readGitBranches(cwd);
+  const branchExists = branches.branches.some((item) => item.name === targetBranch);
+  if (create && branchExists) throw new Error(`Local git branch already exists: ${targetBranch}`);
+  if (!create && !branchExists) throw new Error(`Unknown local git branch: ${targetBranch}`);
+  if (!create && branches.current === targetBranch) {
+    return { ok: true, data: { command: `git switch ${targetBranch}`, stdout: "", stderr: "", exitCode: 0, branch: targetBranch, root, switched: false, created: false } };
+  }
+  const args = create ? ["switch", "-c", targetBranch] : ["switch", targetBranch];
+  const payload = gitWorkflowCommandPayload(await runGitWorkflowCommand(args, { cwd: root, timeoutMs: 10 * 60 * 1000 }));
+  if (payload.ok) {
+    payload.data.branch = targetBranch;
+    payload.data.root = root;
+    payload.data.switched = true;
+    payload.data.created = create;
+  } else {
+    payload.error = (payload.data?.stderr || payload.data?.stdout || payload.error || `Failed to ${create ? "create and switch to" : "switch to"} ${targetBranch}`).trim();
+  }
+  return payload;
+}
+
 async function defaultGitRemote(root) {
   const result = await runGitWorkflowCommand(["remote"], { cwd: root, timeoutMs: 5000 });
   if (result.exitCode !== 0) throw new Error((result.stderr || result.stdout || "Cannot list git remotes").trim());
@@ -3171,7 +3345,7 @@ async function saveUploadedAttachments(body) {
     });
   }
 
-  const uploadDir = path.join(tmpdir(), "pi-webui-uploads", randomUUID());
+  const uploadDir = path.join(UPLOAD_TEMP_ROOT, randomUUID());
   await mkdir(uploadDir, { recursive: true });
   const saved = [];
   for (const [index, file] of decoded.entries()) {
@@ -4056,7 +4230,7 @@ async function checkLatestNpmPackageStatus(packageName, currentVersion) {
 function updateStatusForRequest(status, req) {
   return {
     ...status,
-    canRunUpdate: isLocalAddress(req?.socket?.remoteAddress),
+    canRunUpdate: isLocalRequest(req),
     updateInProgress: piUpdateInProgress,
   };
 }
@@ -4196,9 +4370,16 @@ async function updateTabCwd(id, cwd) {
   const nextCwd = await resolveCwd(cwd, tab.cwd);
   if (nextCwd === tab.cwd) return { tab, changed: false };
 
+  // Capture the live session before stopping the old RPC so the conversation
+  // survives the cwd restart, mirroring restartTabRpc. Best-effort: a dead RPC
+  // falls back to the last remembered session file.
+  if (tab.rpc?.isRunning()) await safeRpcData(tab, { type: "get_state" }, STATUS_RPC_TIMEOUT_MS);
+  const sessionFile = tabRestorableSessionFile(tab);
+
   const piArgs = buildPiArgsForTab(tab.index, tab.title);
+  if (sessionFile && !options.noSession) piArgs.push("--session", sessionFile);
   const piCommand = await resolvePiCommand(piArgs);
-  const restartingEvent = { type: "webui_tab_restarting", tabId: tab.id, tabTitle: tab.title, cwd: nextCwd };
+  const restartingEvent = { type: "webui_tab_restarting", tabId: tab.id, tabTitle: tab.title, cwd: nextCwd, sessionFile };
   recordEvent(restartingEvent);
   for (const client of tab.sseClients) {
     sendSse(client, restartingEvent);
@@ -4212,15 +4393,16 @@ async function updateTabCwd(id, cwd) {
   oldRpc.stop();
 
   tab.cwd = nextCwd;
-  forgetTabState(tab);
   resetTabActivity(tab);
   clearPendingExtensionUiRequests(tab);
   clearExtensionStatuses(tab);
   const rpc = new PiRpcProcess({ ...piCommand, cwd: tab.cwd });
   attachRpcToTab(tab, rpc);
   rpc.start();
+  // Non-fatal: a failed start surfaces through pi_process_error/exit events.
+  await primeTabRpc(tab).catch(() => {});
 
-  const changedEvent = { type: "webui_cwd_changed", tabId: tab.id, tabTitle: tab.title, cwd: tab.cwd, pid: tab.rpc.child?.pid, tabActivity: tabActivitySnapshot(tab) };
+  const changedEvent = { type: "webui_cwd_changed", tabId: tab.id, tabTitle: tab.title, cwd: tab.cwd, pid: tab.rpc.child?.pid, sessionFile, tabActivity: tabActivitySnapshot(tab) };
   recordEvent(changedEvent);
   for (const client of tab.sseClients) {
     sendSse(client, changedEvent);
@@ -4869,6 +5051,18 @@ function configuredSessionDir() {
   return undefined;
 }
 
+/** Roots that session switch/rename/delete paths must stay inside. */
+function allowedSessionDirs() {
+  const configured = configuredSessionDir();
+  return configured ? [configured] : [path.join(agentDir, "sessions")];
+}
+
+function requireAllowedSessionPath(targetPath) {
+  if (!isSessionPathAllowed(targetPath, allowedSessionDirs())) {
+    throw makeHttpError(403, "sessionPath must stay inside the Pi session directory");
+  }
+}
+
 function requirePersistentSessions() {
   if (options.noSession) throw makeHttpError(400, "Session selectors are unavailable when Web UI was started with --no-session.");
 }
@@ -5037,6 +5231,7 @@ async function switchTabSession(tab, sessionPath) {
   const targetPath = resolveTabPath(tab, sessionPath);
   if (!targetPath) throw makeHttpError(400, "sessionPath is required");
   if (!targetPath.endsWith(".jsonl")) throw makeHttpError(400, "sessionPath must point to a .jsonl session file");
+  requireAllowedSessionPath(targetPath);
   const targetStats = await stat(targetPath).catch(() => null);
   if (!targetStats?.isFile()) throw makeHttpError(404, `Session file not found: ${targetPath}`);
   const manager = SessionManager.open(targetPath, configuredSessionDir());
@@ -5054,6 +5249,51 @@ async function switchTabSession(tab, sessionPath) {
   });
 }
 
+let authContextCache;
+
+function authContext() {
+  if (!authContextCache) authContextCache = createAuthContext();
+  return authContextCache;
+}
+
+async function renameSessionData(tab, body) {
+  requirePersistentSessions();
+  const sessionPath = resolveTabPath(tab, body.sessionPath || body.path);
+  const result = await renameSessionMetadata(sessionPath, body.name, configuredSessionDir(), { allowedDirs: allowedSessionDirs() });
+  return {
+    message: `Renamed session metadata to: ${result.name}`,
+    ...result,
+  };
+}
+
+async function deleteSessionData(tab, body) {
+  requirePersistentSessions();
+  const state = await currentSessionState(tab).catch(() => tab.lastState || {});
+  const validation = validateSessionDelete(resolveTabPath(tab, body.sessionPath || body.path), {
+    openSessionFiles: collectOpenSessionFiles([...tabs.values()]),
+    currentSessionFile: state.sessionFile || tabRestorableSessionFile(tab),
+    confirmed: body.confirmed === true,
+    allowedDirs: allowedSessionDirs(),
+  });
+  if (!validation.allowed) {
+    throw makeHttpError(validation.reason === "confirmation_required" ? 409 : validation.reason === "outside_session_dir" ? 403 : 400, validation.message);
+  }
+  const deleted = await deleteSessionFile(validation.sessionPath, { allowedDirs: allowedSessionDirs() });
+  return {
+    message: deleted.method === "trash" ? "Session moved to trash." : "Session deleted.",
+    ...deleted,
+  };
+}
+
+function getAuthProvidersData() {
+  return authProvidersPayload(authContext().modelRegistry);
+}
+
+function logoutAuthProviderData(body) {
+  if (body.confirmed !== true) throw makeHttpError(409, "Logout requires explicit confirmation (confirmed: true).");
+  return logoutStoredProvider(authContext().modelRegistry, body.provider || body.providerId);
+}
+
 async function navigateSessionTree(tab, body) {
   requirePersistentSessions();
   await requireIdleForSessionAction(tab, "navigating the session tree");
@@ -5100,9 +5340,8 @@ function nativeExportBaseName(tab, state = {}) {
 }
 
 async function nativeExportTempPath(tab, state = {}, ext = ".html") {
-  const dir = path.join(tmpdir(), "pi-webui-native-exports");
-  await mkdir(dir, { recursive: true });
-  return path.join(dir, `${nativeExportBaseName(tab, state)}-${randomUUID()}${ext}`);
+  await mkdir(NATIVE_EXPORT_TEMP_ROOT, { recursive: true });
+  return path.join(NATIVE_EXPORT_TEMP_ROOT, `${nativeExportBaseName(tab, state)}-${randomUUID()}${ext}`);
 }
 
 function exportTargetExtension(targetPath) {
@@ -5128,22 +5367,24 @@ async function handleNativeExportCommand(tab, args, req) {
       fileName: `${nativeExportBaseName(tab, state)}.html`,
       contentType: MIME_TYPES.get(".html"),
     });
-    return nativeCommandResponse("export", {
+    return respondNative("export", {
       status: "succeeded",
       level: "info",
       message: `Exported current session to HTML.\nDownload: ${download.fileName}\nLink expires: ${download.expiresAt}`,
       download,
       result: response.data,
+      refresh: ["state"],
     });
   }
 
-  if (!isLocalAddress(req?.socket?.remoteAddress)) {
-    return nativeCommandResponse("export", {
-      status: "unavailable",
-      level: "warn",
+  if (!isLocalRequest(req)) {
+    return respondNative("export", {
+      status: "blocked",
+      level: "error",
       reason: "Server-side export paths are only allowed from localhost.",
       safetyRestriction: "Explicit /export paths write files on the server and are blocked for non-local browser clients.",
       message: "Explicit /export paths are only allowed from localhost. Run /export without a path for a browser download, or retry from the local machine.",
+      refresh: [],
     });
   }
 
@@ -5151,12 +5392,13 @@ async function handleNativeExportCommand(tab, args, req) {
   const ext = exportTargetExtension(targetPath);
   if (![".html", ".jsonl"].includes(ext)) throw makeHttpError(400, "Usage: /export [path.html|path.jsonl]");
   if (await exportTargetExists(targetPath)) {
-    return nativeCommandResponse("export", {
+    return respondNative("export", {
       status: "confirmation_required",
       level: "warn",
       reason: `Export target already exists: ${targetPath}`,
       safetyRestriction: "Overwrites require an explicit confirmation flow, which is not available from plain slash-command text yet.",
       message: `Export target already exists and was not overwritten:\n${targetPath}\n\nUse /export without a path for a browser download, or delete/rename the existing file first.`,
+      refresh: [],
     });
   }
 
@@ -5165,12 +5407,13 @@ async function handleNativeExportCommand(tab, args, req) {
   if (ext === ".html") {
     const response = await tab.rpc.send({ type: "export_html", outputPath: targetPath });
     if (response.success === false) return response;
-    return nativeCommandResponse("export", {
+    return respondNative("export", {
       status: "succeeded",
       level: "info",
       message: `Exported current session HTML to server path:\n${response.data?.path || targetPath}`,
       serverPath: response.data?.path || targetPath,
       result: response.data,
+      refresh: ["state"],
     });
   }
 
@@ -5180,12 +5423,13 @@ async function handleNativeExportCommand(tab, args, req) {
   const sourceStats = await stat(sessionFile).catch(() => null);
   if (!sourceStats?.isFile()) throw makeHttpError(404, `Current session file not found: ${sessionFile}`);
   await copyFile(sessionFile, targetPath);
-  return nativeCommandResponse("export", {
+  return respondNative("export", {
     status: "succeeded",
     level: "info",
     message: `Copied current session JSONL to server path:\n${targetPath}`,
     serverPath: targetPath,
     result: { path: targetPath, sourcePath: sessionFile },
+    refresh: ["state"],
   });
 }
 
@@ -5201,70 +5445,68 @@ function webuiHotkeysOutput() {
   ].join("\n");
 }
 
-function nativeParitySurfaceForCommand(name) {
-  return nativeParitySurfaces().find((surface) => surface.kind === "slash-command" && surface.command?.name === name) || null;
-}
-
-function nativeCommandResponse(command, data = {}) {
-  const surface = nativeParitySurfaceForCommand(command);
-  const status = data.status || (surface?.webStatus === "implemented" ? "succeeded" : surface?.webStatus === "degraded" ? "degraded" : "unavailable");
-  const level = data.level || (status === "succeeded" ? "info" : "warn");
-  return rpcSuccess("native_slash_command", {
-    command,
-    status,
-    level,
-    nativeParity: surface ? {
-      webStatus: surface.webStatus,
-      priority: surface.priority,
-      sensitive: surface.sensitive === true,
-      guards: Array.isArray(surface.guards) ? surface.guards : [],
-    } : undefined,
-    ...data,
-  });
-}
-
-function nativeCommandUnavailable(command, details = {}) {
-  const surface = nativeParitySurfaceForCommand(command);
-  const guards = Array.isArray(surface?.guards) ? surface.guards.filter((guard) => guard !== "none") : [];
-  const reason = details.reason || surface?.currentBehavior || "This native Pi TUI command is not implemented in the Web UI yet.";
-  const nextActions = details.nextActions || [
-    surface?.targetBehavior ? `Planned Web UI behavior: ${surface.targetBehavior}` : "Use the Pi TUI for this command until Web UI parity is implemented.",
-  ];
-  return nativeCommandResponse(command, {
-    status: "unavailable",
-    level: "warn",
-    reason,
-    safetyRestriction: details.safetyRestriction || (guards.length ? `Guarded by: ${guards.join(", ")}.` : undefined),
-    nextActions,
-    message: details.message || [`/${command} is not available in the Web UI yet.`, reason, ...nextActions].filter(Boolean).join("\n"),
-  });
-}
-
 async function handleNativeSlashCommand(tab, body, req) {
   const parsed = parseSlashCommand(body.message);
   if (!parsed) return undefined;
 
+  // Dispatch guards come straight from the parity matrix guards array (not the
+  // sensitive flag), so localhost/trusted-context entries cannot drift out of
+  // enforcement; confirmation guards stay handler/browser-specific by design.
+  const evaluation = evaluateDispatchTrustGuards(guardsForNativeCommand(parsed.name, nativeParityMatrix), {
+    isLocal: isLocalRequest(req),
+    confirmed: body.confirmed === true,
+    networkOpen: networkStatus().open,
+  });
+  if (!evaluation.allowed) {
+    return nativeCommandBlocked(parsed.name, req, nativeParityMatrix, {
+      confirmed: body.confirmed === true,
+      networkOpen: networkStatus().open,
+    });
+  }
+
   switch (parsed.name) {
     case "reload": {
       const reloaded = await restartTabRpc(tab, "slash-command");
-      return rpcSuccess("native_slash_command", { command: "reload", tab: tabMeta(reloaded), message: "Reloaded keybindings, extensions, skills, prompts, and themes." });
+      return respondNative("reload", {
+        status: "succeeded",
+        message: "Reloaded keybindings, extensions, skills, prompts, and themes.",
+        tab: tabMeta(reloaded),
+        refresh: ["tabs", "state", "commands"],
+      });
     }
     case "new": {
       const response = await tab.rpc.send({ type: "new_session" });
       if (response.success === false) return response;
       tab.conversationStarted = false;
-      return rpcSuccess("native_slash_command", { command: "new", tab: tabMeta(tab), message: "Started a new session.", result: response.data });
+      return respondNative("new", {
+        status: "succeeded",
+        message: "Started a new session.",
+        tab: tabMeta(tab),
+        result: response.data,
+        refresh: ["tabs", "state"],
+      });
     }
     case "compact": {
       const response = await tab.rpc.send(parsed.args ? { type: "compact", customInstructions: parsed.args } : { type: "compact" });
-      return response.success === false ? response : rpcSuccess("native_slash_command", { command: "compact", message: "Compaction finished.", result: response.data });
+      if (response.success === false) return response;
+      return respondNative("compact", {
+        status: "succeeded",
+        message: "Compaction finished.",
+        result: response.data,
+        refresh: ["state"],
+      });
     }
     case "name": {
       if (!parsed.args) throw makeHttpError(400, "Usage: /name <session name>");
       const response = await tab.rpc.send({ type: "set_session_name", name: parsed.args });
       if (response.success === false) return response;
       renameTab(tab, parsed.args, { source: "explicit" });
-      return rpcSuccess("native_slash_command", { command: "name", tab: tabMeta(tab), message: `Session and tab name set to: ${tab.title}` });
+      return respondNative("name", {
+        status: "succeeded",
+        message: `Session and tab name set to: ${tab.title}`,
+        tab: tabMeta(tab),
+        refresh: ["tabs"],
+      });
     }
     case "session": {
       const [state, stats] = await Promise.all([
@@ -5272,7 +5514,11 @@ async function handleNativeSlashCommand(tab, body, req) {
         tab.rpc.send({ type: "get_session_stats" }).catch((error) => ({ success: false, error: sanitizeError(error) })),
       ]);
       if (state.success === false) return state;
-      return rpcSuccess("native_slash_command", { command: "session", message: formatSessionOutput(tab, state.data || {}, stats.success === false ? null : stats.data) });
+      return respondNative("session", {
+        status: "succeeded",
+        message: formatSessionOutput(tab, state.data || {}, stats.success === false ? null : stats.data),
+        refresh: ["state"],
+      });
     }
     case "export": {
       return handleNativeExportCommand(tab, parsed.args, req);
@@ -5282,17 +5528,32 @@ async function handleNativeSlashCommand(tab, body, req) {
       if (response.success === false) return response;
       const text = String(response.data?.text || "");
       if (!text.trim()) throw makeHttpError(400, "No assistant message to copy.");
-      return rpcSuccess("native_slash_command", { command: "copy", message: "Copied the last assistant message.", copyText: text });
+      return respondNative("copy", {
+        status: "succeeded",
+        message: "Copied the last assistant message.",
+        copyText: text,
+        refresh: [],
+      });
     }
     case "hotkeys": {
-      return rpcSuccess("native_slash_command", { command: "hotkeys", message: webuiHotkeysOutput() });
+      return respondNative("hotkeys", {
+        status: "degraded",
+        message: webuiHotkeysOutput(),
+        refresh: [],
+      });
     }
     case "clone": {
       const response = await runCloneCommand(tab);
-      return response.success === false ? response : rpcSuccess("native_slash_command", { command: "clone", message: response.data?.message || "Cloned the current session.", result: response.data?.result });
+      if (response.success === false) return response;
+      return respondNative("clone", {
+        status: "succeeded",
+        message: response.data?.message || "Cloned the current session.",
+        result: response.data?.result,
+        refresh: ["tabs", "state"],
+      });
     }
     default:
-      return nativeCommandUnavailable(parsed.name);
+      return unavailableNative(parsed.name);
   }
 }
 
@@ -5782,7 +6043,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/network/open" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Opening to the network is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       const before = networkStatus();
       const shouldOpen = !before.open && !networkRebindInProgress;
       sendJson(res, 202, { ok: true, data: { ...before, opening: shouldOpen || before.opening, closing: before.closing } }, { connection: "close" });
@@ -5793,6 +6054,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/network/close" && req.method === "POST") {
+      requireLocalhostRoute(req, url.pathname);
       const before = networkStatus();
       const shouldClose = before.open && !networkRebindInProgress;
       sendJson(res, 202, { ok: true, data: { ...before, opening: before.opening, closing: shouldClose || before.closing } }, { connection: "close" });
@@ -5803,7 +6065,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/restart" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Restart is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       const restorableTabs = await restorableTabsForRestart();
       const child = spawnRestartServer(restorableTabs);
       sendJson(res, 200, { ok: true, message: "Pi Web UI restarting", webuiPid: process.pid, nextWebuiPid: child.pid, restorableTabCount: restorableTabs.length });
@@ -5812,7 +6074,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/update" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Updating Pi from the Web UI is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       const data = await runPiUpdateAndPrepareRestart();
       sendJson(res, 200, { ok: true, data });
       setTimeout(() => shutdown("api update"), 20).unref();
@@ -5820,7 +6082,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/shutdown" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Shutdown is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       sendJson(res, 200, { ok: true, message: "Pi Web UI shutting down", webuiPid: process.pid });
       setTimeout(() => shutdown("api shutdown"), 20).unref();
       return;
@@ -5989,6 +6251,33 @@ const server = createServer(async (req, res) => {
       return;
     }
 
+    if (url.pathname === "/api/session-rename" && req.method === "POST") {
+      const body = await readJsonBody(req);
+      const tab = getRequestedTab(req, url, body);
+      sendJson(res, 200, { ok: true, data: await renameSessionData(tab, body), tab: tabMeta(tab) });
+      return;
+    }
+
+    if (url.pathname === "/api/session-delete" && req.method === "POST") {
+      requireLocalhostRoute(req, url.pathname);
+      const body = await readJsonBody(req);
+      const tab = getRequestedTab(req, url, body);
+      sendJson(res, 200, { ok: true, data: await deleteSessionData(tab, body), tab: tabMeta(tab) });
+      return;
+    }
+
+    if (url.pathname === "/api/auth-providers" && req.method === "GET") {
+      sendJson(res, 200, { ok: true, data: getAuthProvidersData() });
+      return;
+    }
+
+    if (url.pathname === "/api/auth-logout" && req.method === "POST") {
+      requireLocalhostRoute(req, url.pathname);
+      const body = await readJsonBody(req);
+      sendJson(res, 200, { ok: true, data: logoutAuthProviderData(body) });
+      return;
+    }
+
     if (url.pathname === "/api/tree-navigate" && req.method === "POST") {
       const body = await readJsonBody(req);
       const tab = getRequestedTab(req, url, body);
@@ -5998,7 +6287,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/optional-feature-install" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Installing optional Web UI features is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       const body = await readJsonBody(req);
       const data = await installOptionalFeaturePackage(String(body.featureId || ""));
       sendJson(res, 200, { ok: true, data });
@@ -6038,7 +6327,7 @@ const server = createServer(async (req, res) => {
     }
 
     if (url.pathname === "/api/skill-file" && req.method === "POST") {
-      if (!isLocalAddress(req.socket.remoteAddress)) throw makeHttpError(403, "Saving skill files is only allowed from localhost");
+      requireLocalhostRoute(req, url.pathname);
       const body = await readJsonBody(req, { limitBytes: SKILL_FILE_BODY_LIMIT_BYTES });
       const tab = getRequestedTab(req, url, body);
       sendJson(res, 200, { ok: true, data: await saveSkillFileData(tab, body) });
@@ -6097,6 +6386,47 @@ const server = createServer(async (req, res) => {
       return;
     }
 
+    if (url.pathname === "/api/git-changes" && req.method === "GET") {
+      const tab = getRequestedTab(req, url);
+      try {
+        sendJson(res, 200, { ok: true, data: await readGitChanges(tab.cwd) });
+      } catch (error) {
+        sendJson(res, 200, { ok: false, error: sanitizeError(error) });
+      }
+      return;
+    }
+
+    if (url.pathname === "/api/git-changes/untracked-file" && req.method === "GET") {
+      const tab = getRequestedTab(req, url);
+      try {
+        sendJson(res, 200, { ok: true, data: await readGitUntrackedFile(tab.cwd, url.searchParams.get("path") || "") });
+      } catch (error) {
+        sendJson(res, 200, { ok: false, error: sanitizeError(error) });
+      }
+      return;
+    }
+
+    if (url.pathname === "/api/git-branches" && req.method === "GET") {
+      const tab = getRequestedTab(req, url);
+      try {
+        sendJson(res, 200, { ok: true, data: await readGitBranches(tab.cwd) });
+      } catch (error) {
+        sendJson(res, 200, { ok: false, error: sanitizeError(error) });
+      }
+      return;
+    }
+
+    if (url.pathname === "/api/git-branch" && req.method === "POST") {
+      const body = await readJsonBody(req);
+      const tab = getRequestedTab(req, url, body);
+      try {
+        sendJson(res, 200, await switchGitBranch(tab.cwd, body.branch, { create: body.create === true }));
+      } catch (error) {
+        sendJson(res, 200, { ok: false, error: sanitizeError(error) });
+      }
+      return;
+    }
+
     if (url.pathname.startsWith("/api/git-workflow/")) {
       const body = req.method === "POST" ? await readJsonBody(req) : {};
       const tab = getRequestedTab(req, url, body);
@@ -6148,11 +6478,15 @@ const server = createServer(async (req, res) => {
           maybeNameTabForConversation(tab, command);
           markTabWorking(tab);
         }
-        const response = command.type === "set_thinking_level"
+        let response = command.type === "set_thinking_level"
           ? await setThinkingLevelForTab(tab, command.level)
           : command.type === "bash"
             ? await sendQueuedBashCommand(tab, command)
             : await tab.rpc.send(command);
+        if (command.type === "bash" && response.success !== false) {
+          const trustWarning = remoteShellTrustWarning(req, networkStatus().open);
+          if (trustWarning) response = { ...response, warnings: [trustWarning] };
+        }
         if (response.success === false && startsVisibleWork) markTabIdle(tab);
         if (response.success !== false && command.type === "new_session") {
           tab.conversationStarted = false;
@@ -6187,6 +6521,14 @@ server.on("error", (error) => {
   process.exit(1);
 });
 
+function sweepWebuiTempArtifacts() {
+  sweepStaleTempEntries(UPLOAD_TEMP_ROOT, { ttlMs: UPLOAD_TEMP_TTL_MS }).catch(() => {});
+  sweepStaleTempEntries(NATIVE_EXPORT_TEMP_ROOT, { ttlMs: NATIVE_EXPORT_TEMP_TTL_MS }).catch(() => {});
+}
+
+sweepWebuiTempArtifacts();
+setInterval(sweepWebuiTempArtifacts, TEMP_ARTIFACT_SWEEP_INTERVAL_MS).unref();
+
 server.listen(options.port, currentHost, () => {
   const urlHost = formatUrlHost(currentHost);
   console.log(`Pi Web UI: http://${urlHost}:${options.port}/`);