@jx-grxf/patchpilot 0.3.1-beta → 1.0.0

package/docs/gemini-wrapper.md

@@ -0,0 +1,87 @@
+# Gemini-Wrapper Setup
+
+PatchPilot can use `gemini_webapi` through the `gemini-wrapper` provider. This is an advanced, unofficial Gemini Web bridge. PatchPilot creates a managed Python venv only when you explicitly run `/doctor fix` or `patchpilot doctor --fix`, installs the pinned wrapper there, and starts the bridge command itself. It does not scan browser profiles or read cookies automatically.
+
+## 1. Let PatchPilot install the wrapper
+
+Do not run `python3 -m pip install -U gemini_webapi` against Homebrew Python. Homebrew blocks that with PEP 668.
+
+PatchPilot uses this managed venv instead:
+
+```sh
+~/.patchpilot/gemini-wrapper-venv
+```
+
+It creates the venv and installs the pinned `gemini_webapi` version when you explicitly approve `patchpilot doctor --fix` or `/doctor fix`. Normal chat startup does not install Python packages.
+
+## 2. Get the cookie values manually
+
+1. Open `https://gemini.google.com`.
+2. Open DevTools.
+3. Go to Application or Storage.
+4. Open Cookies for `https://gemini.google.com`.
+5. Copy `__Secure-1PSID`.
+6. Copy `__Secure-1PSIDTS` if it exists.
+
+Do not paste these values into issues, logs, chats, or commits. `__Secure-1PSID` acts like a Google session token.
+
+## 3. Run PatchPilot onboarding
+
+```sh
+patchpilot --provider gemini-wrapper
+```
+
+Choose `Gemini-Wrapper` in setup. PatchPilot asks for:
+
+```text
+psid > ********
+ts   > ********
+```
+
+`psid` is required. `ts` is optional; press Enter to skip it.
+
+PatchPilot writes:
+
+```text
+~/.patchpilot/gemini-cookies.json
+```
+
+with owner-only file permissions (`0600`) and stores this config:
+
+```sh
+PATCHPILOT_PROVIDER=gemini-wrapper
+PATCHPILOT_MODEL=auto
+PATCHPILOT_GEMINI_WRAPPER_MODE=python
+PATCHPILOT_GEMINI_WRAPPER_COOKIES_JSON=/Users/you/.patchpilot/gemini-cookies.json
+PATCHPILOT_GEMINI_WRAPPER_MIN_INTERVAL_MS=1500
+PATCHPILOT_GEMINI_WRAPPER_TIMEOUT_MS=180000
+```
+
+If a pasted `__Secure-1PSIDTS` expires, PatchPilot retries the bridge request once without that optional timestamp. Transient WebAPI network timeouts are retried inside the bridge. Bridge calls are also serialized with a small default delay so advisor or agent requests do not hit the wrapper at the same instant. Set `PATCHPILOT_GEMINI_WRAPPER_MIN_INTERVAL_MS=0` only for debugging.
+
+The default bridge timeout is 180 seconds. `gemini-3-pro` can take longer through the unofficial WebAPI bridge, so PatchPilot gives Pro models at least 240 seconds. For fast local test loops, use `auto`; PatchPilot omits the model parameter and lets Gemini Web pick its current default.
+
+The Python wrapper stores refreshed Google cookies in a PatchPilot-owned cache:
+
+```text
+~/.patchpilot/gemini-webapi-cache
+```
+
+PatchPilot creates that directory with owner-only permissions (`0700`) and passes it to `gemini_webapi` as `GEMINI_COOKIE_PATH`.
+
+## 4. Verify
+
+```sh
+patchpilot doctor --provider gemini-wrapper --check-model auto
+```
+
+Expected checks:
+
+- Node and Git are available.
+- `gemini_webapi` imports through `~/.patchpilot/gemini-wrapper-venv/bin/python`.
+- explicit cookie auth is configured.
+- the bridge lists Gemini models.
+
+## Security Boundary
+
+PatchPilot never scans Chrome, Safari, Firefox, Arc, Edge, Brave, Keychain, or browser cookie stores. The only supported auth sources are the masked paste onboarding flow, an explicit cookie JSON path, or explicit `GEMINI_SECURE_1PSID` environment variables.

package/docs/releases/v0.1.1-beta.md

@@ -0,0 +1,18 @@
+# PatchPilot v0.1.1-beta
+
+## Highlights
+
+- Beta packaging pass for the early PatchPilot CLI.
+- Kept the project positioned as an experimental local-first coding-agent TUI.
+
+## Fixed
+
+- Tightened the first public install surface after the initial v0.1.0 release.
+
+## Improved
+
+- Clarified the beta release path before the later v0.2 and v0.3 hardening work.
+
+## Pull Requests
+
+- Early beta release maintenance.

package/docs/releases/v0.2.1.md

@@ -23,4 +23,4 @@
 
 ## Pull Requests
 
-- Pending PR from `feat/deep-dive-fixes`.
+- #7 Fix provider loops, onboarding safety, and public docs.

package/docs/releases/v0.3.1-beta.md

@@ -17,3 +17,7 @@
 - Header and sidebar now show `off`, `approval`, or `on` permissions based on the active mode instead of mixing mode and permission state.
 - Slash commands document `/mode bypass` and `/bypass` as explicit advanced controls.
 - Website-facing install flow can point users to the npm package instead of only GitHub assets.
+
+## Pull Requests
+
+- #17 Prepare v0.3.1 beta mode safety.

package/docs/releases/v0.4.0.md

@@ -0,0 +1,27 @@
+# PatchPilot v0.4.0
+
+## Highlights
+
+- Adds a sticky approval box for write, script, test, shell, and trusted-bypass decisions so critical prompts are no longer buried in the transcript.
+- Tightens provider model discovery for Gemini, OpenRouter, and NVIDIA so model pickers prefer agent-compatible chat models instead of every catalog entry.
+- Keeps the release honest as a v0.4 preview instead of claiming v1 readiness before real context resume and richer review workflows are finished.
+
+## Fixed
+
+- Fixed model setup Enter behavior: pressing Enter in the filtered model picker now selects the highlighted model instead of submitting the search text and failing with “Unknown model selection.”
+- Fixed repeated bypass confirmation spam when Tab was pressed in build mode; bypass now stays in one sticky confirmation box and can be cancelled with Tab, `n`, or Escape.
+- Fixed unreadable approval detail text by rendering action prompts in high-contrast bold text and keeping the composer usable for `/approve` and `/deny` while a run waits.
+- Fixed Gemini token accounting fallback so thinking tokens are included when the provider does not report a total.
+- Fixed Windows shell execution flags by using non-interactive PowerShell with profile loading disabled.
+
+## Improved
+
+- OpenRouter now uses model metadata to avoid sending `reasoning` to models that do not advertise support, filters out models that explicitly lack JSON response support, and surfaces auth, credit, and rate-limit errors clearly.
+- NVIDIA model discovery now deduplicates the catalog and filters out embedding, rerank, safety, audio, OCR, and vision-only entries before showing model choices.
+- Gemini model discovery now follows paginated model lists and filters obvious non-agent routes such as embedding, Imagen, Veo, TTS, audio, and live models.
+- Package-script approvals now show the actual script body and mark scripts risky when the underlying command would be blocked by the shell guard.
+- Secret-path blocking now covers `.envrc`, credential files, key/certificate bundles, and common private-key names in addition to the existing `.env`, `.npmrc`, `.netrc`, and SSH-key checks.
+
+## Pull Requests
+
+- #18 Prepare PatchPilot v0.4.0 hardening.

package/docs/releases/v1.0.0.md

@@ -0,0 +1,28 @@
+# PatchPilot v1.0.0
+
+## Highlights
+
+- Promotes PatchPilot to the first stable CLI release for visible, permissioned coding-agent runs across local, remote, and cloud model routes.
+- Finishes the Gemini-Wrapper provider path with explicit cookie onboarding, manual/auto model modes, pinned managed bridge installation, and clearer failure messages.
+- Adds real session resume context injection, model-driven `/init`, `/cleanup`, `/doctor fix`, and opt-in `/experimental` controls for subagents, file analysis, and memory.
+- Improves the TUI with readable transcript text, scrollable command and session panes, bottom-aligned transcript rendering, approval key isolation, and clearer token/cost/cache labels.
+
+## Fixed
+
+- Fixed a permission escalation bug where `--apply`, `/write on`, or `/shell on` could collapse into full build+bypass mode. Partial permissions now stay partial; bypass only applies to explicitly enabled permission groups.
+- Fixed shell confinement by blocking absolute shell path arguments outside the workspace and by detecting dangerous `git`/`npm` subcommands even after global options such as `git -C .` or `npm --prefix .`.
+- Fixed stale `/experimental` toggles by making agent runs observe the latest file-analysis and memory settings.
+- Fixed Gemini-Wrapper bridge timeout conversion so Python receives the configured seconds budget instead of a shortened fraction.
+- Fixed Gemini-Wrapper startup so normal chat runs no longer install unpinned Python packages at runtime.
+
+## Improved
+
+- External file analysis now requires per-path approval and still rejects sensitive paths after resolution.
+- `memory_remember` is treated as a durable write and requires write approval before persisting notes in SQLite.
+- `/init` now asks the selected model to inspect the repository and write project-specific `PATCHPILOT.md` guidance instead of emitting generic boilerplate.
+- Gemini-Wrapper documentation and README copy now label the route as advanced, unofficial, and explicit about session-cookie risk.
+- npm metadata now points to the public PatchPilot project page.
+
+## Pull Requests
+
+- #20 Harden Gemini-Wrapper, TUI sessions, experimental tools, and v1 release posture.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jx-grxf/patchpilot",
-  "version": "0.3.1-beta",
+  "version": "1.0.0",
   "private": false,
   "description": "Local-first coding agent TUI for visible, permissioned repo changes.",
   "type": "module",
@@ -10,7 +10,10 @@
   "files": [
     "dist",
     ".env.example",
+    "docs/gemini-wrapper.md",
     "docs/releases",
+    "docs/showcase/patchpilot-banner.png",
+    "docs/showcase/patchpilot-logo.png",
     "docs/showcase/patchpilot-showcase.svg",
     "README.md",
     "SECURITY.md",
@@ -26,7 +29,7 @@
   "bugs": {
     "url": "https://github.com/jx-grxf/PatchPilot/issues"
   },
-  "homepage": "https://github.com/jx-grxf/PatchPilot#readme",
+  "homepage": "https://johannesgrof.me/projects/patchpilot/",
   "scripts": {
     "clean": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\"",
     "dev": "tsx src/cli.tsx",