@plmbr/notebook-intelligence 5.0.0 → 5.1.0-a.1

package/README.md

@@ -159,7 +159,7 @@ NBI reloads open document tabs when their files change on disk, so edits an AI a
 
 ## Configuration
 
-Configure your provider, model, and API key from NBI Settings — the gear icon in the chat panel, the `/settings` chat command, or the JupyterLab command palette. For background, see the [provider blog post](https://notebook-intelligence.github.io/notebook-intelligence/blog/2025/03/05/support-for-any-llm-provider.html).
+Configure your provider, model, and API key from NBI Settings — the gear icon in the chat panel, the `/settings` chat command, or the JupyterLab command palette. For background, see the [provider blog post](https://plmbr.dev/blog/archive/support-for-any-llm-provider/).
 
 <img src="media/provider-list.png" alt="Settings dialog" width=500 />
 
@@ -383,6 +383,12 @@ jupyter lab --NotebookIntelligence.enable_chat_feedback=true
 
 The feedback fires an in-process `telemetry` event. Nothing leaves the process by default — see the [admin guide](docs/admin-guide.md#chat-feedback-event-hook) for how to wire it into your observability stack.
 
+The thumbs buttons reveal on hover by default. To keep them always visible, enable:
+
+```python
+c.NotebookIntelligence.enable_chat_feedback_always_visible = True
+```
+
 <img src="media/chat-feedback.png" alt="Chat feedback" width=500 />
 
 ## Documentation
@@ -398,10 +404,10 @@ The feedback fires an in-process `telemetry` event. Nothing leaves the process b
 
 ## Further reading
 
-- [Introducing Notebook Intelligence!](https://notebook-intelligence.github.io/notebook-intelligence/blog/2025/01/08/introducing-notebook-intelligence.html)
-- [Building AI Extensions for JupyterLab](https://notebook-intelligence.github.io/notebook-intelligence/blog/2025/02/05/building-ai-extensions-for-jupyterlab.html)
-- [Building AI Agents for JupyterLab](https://notebook-intelligence.github.io/notebook-intelligence/blog/2025/02/09/building-ai-agents-for-jupyterlab.html)
-- [Notebook Intelligence now supports any LLM Provider and AI Model!](https://notebook-intelligence.github.io/notebook-intelligence/blog/2025/03/05/support-for-any-llm-provider.html)
+- [Introducing Notebook Intelligence!](https://plmbr.dev/blog/archive/introducing-notebook-intelligence/)
+- [Building AI Extensions for JupyterLab](https://plmbr.dev/blog/archive/building-ai-extensions-for-jupyterlab/)
+- [Building AI Agents for JupyterLab](https://plmbr.dev/blog/archive/building-ai-agents-for-jupyterlab/)
+- [Notebook Intelligence now supports any LLM Provider and AI Model!](https://plmbr.dev/blog/archive/support-for-any-llm-provider/)
 
 ## Roadmap
 

package/lib/api.d.ts

@@ -174,6 +174,10 @@ export declare class NBIConfig {
     getMCPServerPrompt(serverId: string, promptName: string): any;
     get mcpServerSettings(): any;
     get claudeSettings(): any;
+    get spinnerVerbs(): {
+        mode: string;
+        verbs: string[];
+    } | null;
     get claudeModels(): IClaudeModelInfo[];
     get isInClaudeCodeMode(): boolean;
     get isClaudeCliAvailable(): boolean;
@@ -183,6 +187,7 @@ export declare class NBIConfig {
     get isCodexCliAvailable(): boolean;
     isCodingAgentLauncherDisabledByPolicy(launcherId: string): boolean;
     get chatFeedbackEnabled(): boolean;
+    get chatFeedbackAlwaysVisible(): boolean;
     get tourOverrides(): Record<string, any>;
     get allowGithubSkillImport(): boolean;
     get additionalSkippedWorkspaceDirectories(): string[];

package/lib/api.js

@@ -142,6 +142,10 @@ export class NBIConfig {
     get claudeSettings() {
         return this.capabilities.claude_settings;
     }
+    get spinnerVerbs() {
+        var _b;
+        return (_b = this.capabilities.spinner_verbs) !== null && _b !== void 0 ? _b : null;
+    }
     get claudeModels() {
         var _b;
         return ((_b = this.capabilities.claude_models) !== null && _b !== void 0 ? _b : []).map(claudeModelFromWire);
@@ -181,6 +185,9 @@ export class NBIConfig {
     get chatFeedbackEnabled() {
         return this.capabilities.chat_feedback_enabled === true;
     }
+    get chatFeedbackAlwaysVisible() {
+        return this.capabilities.chat_feedback_always_visible === true;
+    }
     // Admin-supplied tour-copy overrides, served from the capabilities
     // response after server-side validation. Returns the raw dict; the
     // tour module decides how to apply it. Defaults to a shared frozen

package/lib/chat-sidebar.js

@@ -13,12 +13,15 @@ import copySvgstr from '../style/icons/copy.svg';
 import copilotSvgstr from '../style/icons/copilot.svg';
 import copilotWarningSvgstr from '../style/icons/copilot-warning.svg';
 import { VscSend, VscStopCircle, VscEye, VscEyeClosed, VscAdd, VscClose, VscHistory, VscTriangleRight, VscTriangleDown, VscSettingsGear, VscPassFilled, VscTools, VscTrash, VscThumbsup, VscThumbsdown, VscThumbsupFilled, VscThumbsdownFilled, VscCloudUpload, VscFile, VscRefresh } from './icons';
-import { extractLLMGeneratedCode, isDarkTheme, safeAnchorUri, writeTextToClipboard } from './utils';
+import { extractLLMGeneratedCode, isDarkTheme, writeTextToClipboard } from './utils';
 import { CheckBoxItem } from './components/checkbox';
+import { SafeAnchor } from './components/safe-anchor';
 import { mcpServerSettingsToEnabledState } from './components/mcp-util';
 import claudeSvgStr from '../style/icons/claude.svg';
 import { AskUserQuestion } from './components/ask-user-question';
 import { ClaudeSessionPicker } from './components/claude-session-picker';
+import { ToolCallGroup } from './components/tool-call-group';
+import { upsertToolCallContent } from './tool-call-stream';
 import { TourOverlay } from './tour/tour-overlay';
 import { TOUR_ANCHOR } from './tour/tour-anchors';
 import { TOUR_START_EVENT, TOUR_STOP_EVENT } from './tour/tour-events';
@@ -281,8 +284,81 @@ function ChatResponseHTMLFrame(props) {
 }
 // Memoize ChatResponse for performance
 function ChatResponse(props) {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     const [renderCount, setRenderCount] = useState(0);
+    const shuffledOrder = useRef([]);
+    const shufflePos = useRef(0);
+    const _spinnerVerbs = NBIAPI.config.isInClaudeCodeMode
+        ? ((_a = NBIAPI.config.spinnerVerbs) !== null && _a !== void 0 ? _a : null)
+        : null;
+    const hasCustomVerbs = (_spinnerVerbs === null || _spinnerVerbs === void 0 ? void 0 : _spinnerVerbs.mode) === 'replace' &&
+        Array.isArray(_spinnerVerbs.verbs) &&
+        _spinnerVerbs.verbs.length > 0;
+    // Fisher-Yates shuffle. When `avoidFirst` is set, swap it out of
+    // position 0 so the new first verb is never the same as the last shown
+    // (prevents an identical repeat at the wrap point between passes).
+    const shuffleVerbs = (verbs, avoidFirst) => {
+        const order = verbs.map((_, i) => i);
+        for (let i = order.length - 1; i > 0; i--) {
+            const j = Math.floor(Math.random() * (i + 1));
+            [order[i], order[j]] = [order[j], order[i]];
+        }
+        if (avoidFirst !== undefined &&
+            order[0] === avoidFirst &&
+            order.length > 1) {
+            [order[0], order[1]] = [order[1], order[0]];
+        }
+        return order;
+    };
+    // Initialize the shuffle synchronously in useState so the correct verb
+    // is shown on the very first paint. A useEffect-based init fires after
+    // paint and causes a single-frame flash of verbs[0] before correcting.
+    const [verbIndex, setVerbIndex] = useState(() => {
+        var _a;
+        const sv = NBIAPI.config.isInClaudeCodeMode
+            ? ((_a = NBIAPI.config.spinnerVerbs) !== null && _a !== void 0 ? _a : null)
+            : null;
+        if (!sv ||
+            sv.mode !== 'replace' ||
+            !Array.isArray(sv.verbs) ||
+            sv.verbs.length === 0) {
+            return 0;
+        }
+        const order = shuffleVerbs(sv.verbs);
+        shuffledOrder.current = order;
+        shufflePos.current = 0;
+        return order[0];
+    });
+    useEffect(() => {
+        if (!props.showGenerating || !hasCustomVerbs) {
+            return;
+        }
+        const verbs = _spinnerVerbs.verbs;
+        // Shuffle already initialized by useState on mount. Only re-initialize
+        // if hasCustomVerbs just became true after a capabilities refresh
+        // (shuffledOrder would be empty because the lazy init found no verbs).
+        if (shuffledOrder.current.length === 0) {
+            shuffledOrder.current = shuffleVerbs(verbs);
+            shufflePos.current = 0;
+            setVerbIndex(shuffledOrder.current[0]);
+        }
+        let id;
+        const scheduleNext = () => {
+            const delay = 4000 + Math.random() * 3000;
+            id = setTimeout(() => {
+                shufflePos.current++;
+                if (shufflePos.current >= shuffledOrder.current.length) {
+                    const lastShown = shuffledOrder.current[shuffledOrder.current.length - 1];
+                    shuffledOrder.current = shuffleVerbs(verbs, lastShown);
+                    shufflePos.current = 0;
+                }
+                setVerbIndex(shuffledOrder.current[shufflePos.current]);
+                scheduleNext();
+            }, delay);
+        };
+        scheduleNext();
+        return () => clearTimeout(id);
+    }, [props.showGenerating, hasCustomVerbs]);
     const msg = props.message;
     const timestamp = msg.date.toLocaleTimeString('en-US', { hour12: false });
     const openNotebook = (event) => {
@@ -376,6 +452,19 @@ function ChatResponse(props) {
                 lastItem.reasoningFinished = true;
             }
         }
+        else if (item.type === ResponseStreamDataType.ToolCall &&
+            lastItemType === ResponseStreamDataType.ToolCall) {
+            // Bundle a run of consecutive tool calls into one group item so the
+            // renderer can collapse them; ToolCallGroup unwraps content.toolCalls.
+            const lastItem = groupedContents[groupedContents.length - 1];
+            lastItem.content.toolCalls.push(structuredClone(item.content));
+        }
+        else if (item.type === ResponseStreamDataType.ToolCall) {
+            const grouped = structuredClone(item);
+            grouped.content = { toolCalls: [structuredClone(item.content)] };
+            groupedContents.push(grouped);
+            lastItemType = item.type;
+        }
         else {
             groupedContents.push(structuredClone(item));
             lastItemType = item.type;
@@ -417,28 +506,35 @@ function ChatResponse(props) {
             ? 'Thought'
             : `Thinking (${Math.floor(item.reasoningTime)} s)`;
     };
-    const chatParticipantId = ((_a = msg.participant) === null || _a === void 0 ? void 0 : _a.id) || 'default';
+    const chatParticipantId = ((_b = msg.participant) === null || _b === void 0 ? void 0 : _b.id) || 'default';
     return (React.createElement("div", { className: `chat-message chat-message-${msg.from}`, "data-render-count": renderCount },
         React.createElement("div", { className: "chat-message-header" },
             React.createElement("div", { className: "chat-message-from" },
-                ((_b = msg.participant) === null || _b === void 0 ? void 0 : _b.iconPath) && (React.createElement("div", { className: `chat-message-from-icon chat-message-from-icon-${chatParticipantId} ${isDarkTheme() ? 'dark' : ''}` },
+                ((_c = msg.participant) === null || _c === void 0 ? void 0 : _c.iconPath) && (React.createElement("div", { className: `chat-message-from-icon chat-message-from-icon-${chatParticipantId} ${isDarkTheme() ? 'dark' : ''}` },
                     React.createElement("img", { src: msg.participant.iconPath, alt: "" }))),
                 React.createElement("div", { className: "chat-message-from-title" }, msg.from === 'user'
                     ? 'User'
-                    : ((_c = msg.participant) === null || _c === void 0 ? void 0 : _c.name) || 'AI Assistant'),
+                    : ((_d = msg.participant) === null || _d === void 0 ? void 0 : _d.name) || 'AI Assistant'),
                 React.createElement("div", { className: "chat-message-from-progress", style: { display: `${props.showGenerating ? 'visible' : 'none'}` } },
                     React.createElement("span", { 
                         // Key on the heartbeat tick so React re-mounts the dot on
                         // every beat; CSS-animation restart from an attribute-only
                         // change is not reliable across browsers.
                         key: props.heartbeatTick, className: `generating-pulse${props.isStalled ? ' is-stalled' : ''}`, "aria-hidden": "true" }),
-                    React.createElement("div", { className: "generating-label", "aria-live": "polite", "aria-atomic": "true" },
+                    React.createElement("div", { className: "generating-label", "aria-hidden": "true" },
                         props.isStalled
                             ? 'Still working, server may be slow'
-                            : 'Generating',
+                            : hasCustomVerbs
+                                ? _spinnerVerbs.verbs[verbIndex]
+                                : 'Generating',
                         props.showGenerating && props.elapsedSeconds > 0
                             ? ` (${formatElapsedSeconds(props.elapsedSeconds)})`
-                            : ''))),
+                            : ''),
+                    React.createElement("div", { className: "nbi-sr-only", "aria-live": "polite", "aria-atomic": "true" }, props.isStalled
+                        ? 'Still working, server may be slow'
+                        : hasCustomVerbs
+                            ? _spinnerVerbs.verbs[verbIndex]
+                            : 'Generating'))),
             React.createElement("div", { className: "chat-message-timestamp" }, timestamp)),
         React.createElement("div", { className: "chat-message-content" },
             groupedContents.map((item, index) => {
@@ -474,17 +570,8 @@ function ChatResponse(props) {
                             React.createElement("button", { className: "jp-Dialog-button jp-mod-accept jp-mod-styled", onClick: () => runCommand(item.content.commandId, item.content.args) },
                                 React.createElement("div", { className: "jp-Dialog-buttonLabel" }, item.content.title))));
                     case ResponseStreamDataType.Anchor: {
-                        const safeUri = safeAnchorUri(item.content.uri);
-                        if (!safeUri) {
-                            return (React.createElement("div", { className: "chat-response-anchor", key: `key-${index}` },
-                                React.createElement("span", null,
-                                    item.content.title,
-                                    React.createElement("span", { className: "nbi-sr-only" }, " (link blocked)"))));
-                        }
                         return (React.createElement("div", { className: "chat-response-anchor", key: `key-${index}` },
-                            React.createElement("a", { href: safeUri, target: "_blank", rel: "noopener noreferrer" },
-                                item.content.title,
-                                React.createElement("span", { className: "nbi-sr-only" }, " (opens in new tab)"))));
+                            React.createElement(SafeAnchor, { href: item.content.uri }, item.content.title)));
                     }
                     case ResponseStreamDataType.Progress:
                         // Render only the most recent progress entry, and only while
@@ -495,6 +582,12 @@ function ChatResponse(props) {
                         // ✗ for error) rather than forcing a single rendering here.
                         return index === groupedContents.length - 1 &&
                             props.showGenerating ? (React.createElement("div", { className: "chat-response-progress", key: `key-${index}` }, item.content)) : null;
+                    case ResponseStreamDataType.ToolCall:
+                        // Unlike Progress, tool-call cards persist after the turn ends,
+                        // so they render regardless of `showGenerating`. The grouping
+                        // pass bundled this run's calls into content.toolCalls; the
+                        // group renders a single card or a collapsible group.
+                        return (React.createElement(ToolCallGroup, { key: `key-${index}`, toolCalls: item.content.toolCalls }));
                     case ResponseStreamDataType.Confirmation:
                         return answeredForms.get(item.id) ===
                             'confirmed' ? null : answeredForms.get(item.id) ===
@@ -548,8 +641,8 @@ function ChatResponse(props) {
             }),
             msg.notebookLink && (React.createElement("button", { type: "button", className: "copilot-generated-notebook-link", "data-ref": msg.notebookLink, "aria-label": `Open notebook ${msg.notebookLink}`, onClick: openNotebook }, "open notebook"))),
         msg.from === 'copilot' &&
-            !props.showGenerating &&
-            NBIAPI.config.chatFeedbackEnabled && (React.createElement("div", { className: "chat-message-feedback" },
+            (NBIAPI.config.chatFeedbackAlwaysVisible || !props.showGenerating) &&
+            NBIAPI.config.chatFeedbackEnabled && (React.createElement("div", { className: `chat-message-feedback${NBIAPI.config.chatFeedbackAlwaysVisible ? ' always-visible' : ''}` },
             React.createElement("button", { className: `chat-feedback-btn ${msg.feedback === 'positive' ? 'selected' : ''}`, onClick: () => {
                     var _a;
                     props.onFeedback(msg.id, 'positive');
@@ -566,7 +659,7 @@ function ChatResponse(props) {
                             }
                         });
                     }
-                }, "aria-label": "Rate as helpful", "aria-pressed": msg.feedback === 'positive', title: "Helpful" }, msg.feedback === 'positive' ? (React.createElement(VscThumbsupFilled, null)) : (React.createElement(VscThumbsup, null))),
+                }, "aria-label": "Rate response as good", "aria-pressed": msg.feedback === 'positive', title: "Good response" }, msg.feedback === 'positive' ? (React.createElement(VscThumbsupFilled, null)) : (React.createElement(VscThumbsup, null))),
             React.createElement("button", { className: `chat-feedback-btn ${msg.feedback === 'negative' ? 'selected' : ''}`, onClick: () => {
                     var _a;
                     props.onFeedback(msg.id, 'negative');
@@ -583,7 +676,7 @@ function ChatResponse(props) {
                             }
                         });
                     }
-                }, "aria-label": "Rate as unhelpful", "aria-pressed": msg.feedback === 'negative', title: "Not helpful" }, msg.feedback === 'negative' ? (React.createElement(VscThumbsdownFilled, null)) : (React.createElement(VscThumbsdown, null)))))));
+                }, "aria-label": "Rate response as bad", "aria-pressed": msg.feedback === 'negative', title: "Bad response" }, msg.feedback === 'negative' ? (React.createElement(VscThumbsdownFilled, null)) : (React.createElement(VscThumbsdown, null)))))));
 }
 const MemoizedChatResponse = memo(ChatResponse);
 async function submitCompletionRequest(request, responseEmitter) {
@@ -2131,21 +2224,29 @@ function SidebarComponent(props) {
                     }
                     if (delta['nbiContent']) {
                         const nbiContent = delta['nbiContent'];
-                        contents.push({
-                            id: UUID.uuid4(),
-                            type: nbiContent.type,
-                            content: nbiContent.content || '',
-                            reasoningContent: nbiContent.reasoning_content || '',
-                            reasoningTag: nbiContent.reasoning_content
-                                ? '<think>'
-                                : undefined,
-                            reasoningFinished: nbiContent.type === ResponseStreamDataType.Markdown &&
-                                nbiContent.reasoning_content
-                                ? true
-                                : false,
-                            contentDetail: nbiContent.detail,
-                            created: new Date(response.created)
-                        });
+                        if (nbiContent.type === ResponseStreamDataType.ToolCall) {
+                            // A tool call streams twice under one id (start, then finish);
+                            // merge by id so it stays one persistent card. See
+                            // upsertToolCallContent.
+                            upsertToolCallContent(contents, nbiContent.content, new Date(response.created));
+                        }
+                        else {
+                            contents.push({
+                                id: UUID.uuid4(),
+                                type: nbiContent.type,
+                                content: nbiContent.content || '',
+                                reasoningContent: nbiContent.reasoning_content || '',
+                                reasoningTag: nbiContent.reasoning_content
+                                    ? '<think>'
+                                    : undefined,
+                                reasoningFinished: nbiContent.type === ResponseStreamDataType.Markdown &&
+                                    nbiContent.reasoning_content
+                                    ? true
+                                    : false,
+                                contentDetail: nbiContent.detail,
+                                created: new Date(response.created)
+                            });
+                        }
                     }
                     else {
                         responseMessage =
@@ -2505,21 +2606,29 @@ function SidebarComponent(props) {
                     }
                     if (delta['nbiContent']) {
                         const nbiContent = delta['nbiContent'];
-                        contents.push({
-                            id: UUID.uuid4(),
-                            type: nbiContent.type,
-                            content: nbiContent.content || '',
-                            reasoningContent: nbiContent.reasoning_content || '',
-                            reasoningTag: nbiContent.reasoning_content
-                                ? '<think>'
-                                : undefined,
-                            reasoningFinished: nbiContent.type === ResponseStreamDataType.Markdown &&
-                                nbiContent.reasoning_content
-                                ? true
-                                : false,
-                            contentDetail: nbiContent.detail,
-                            created: new Date(response.created)
-                        });
+                        if (nbiContent.type === ResponseStreamDataType.ToolCall) {
+                            // A tool call streams twice under one id (start, then finish);
+                            // merge by id so it stays one persistent card. See
+                            // upsertToolCallContent.
+                            upsertToolCallContent(contents, nbiContent.content, new Date(response.created));
+                        }
+                        else {
+                            contents.push({
+                                id: UUID.uuid4(),
+                                type: nbiContent.type,
+                                content: nbiContent.content || '',
+                                reasoningContent: nbiContent.reasoning_content || '',
+                                reasoningTag: nbiContent.reasoning_content
+                                    ? '<think>'
+                                    : undefined,
+                                reasoningFinished: nbiContent.type === ResponseStreamDataType.Markdown &&
+                                    nbiContent.reasoning_content
+                                    ? true
+                                    : false,
+                                contentDetail: nbiContent.detail,
+                                created: new Date(response.created)
+                            });
+                        }
                     }
                     else {
                         const responseMessage = (_e = (_d = (_c = response.data['choices']) === null || _c === void 0 ? void 0 : _c[0]) === null || _d === void 0 ? void 0 : _d['delta']) === null || _e === void 0 ? void 0 : _e['content'];
@@ -3369,28 +3478,20 @@ function GitHubCopilotLoginDialogBodyComponent(props) {
         ghLoginStatus === GitHubCopilotLoginStatus.NotLoggedIn && (React.createElement(React.Fragment, null,
             React.createElement("div", null, "Your code and data are directly transferred to GitHub Copilot as needed without storing any copies other than keeping in the process memory."),
             React.createElement("div", null,
-                React.createElement("a", { href: "https://github.com/features/copilot", target: "_blank", rel: "noopener noreferrer" },
-                    "GitHub Copilot",
-                    React.createElement("span", { className: "nbi-sr-only" }, " (opens in new tab)")),
+                React.createElement(SafeAnchor, { href: "https://github.com/features/copilot" }, "GitHub Copilot"),
                 ' ',
                 "requires a subscription and it has a free tier. GitHub Copilot is subject to the",
                 ' ',
-                React.createElement("a", { href: "https://docs.github.com/en/site-policy/github-terms/github-terms-for-additional-products-and-features", target: "_blank", rel: "noopener noreferrer" },
-                    "GitHub Terms for Additional Products and Features",
-                    React.createElement("span", { className: "nbi-sr-only" }, " (opens in new tab)")),
+                React.createElement(SafeAnchor, { href: "https://docs.github.com/en/site-policy/github-terms/github-terms-for-additional-products-and-features" }, "GitHub Terms for Additional Products and Features"),
                 "."),
             React.createElement("div", null,
                 React.createElement("h4", null, "Privacy and terms"),
                 "By using Notebook Intelligence with GitHub Copilot subscription you agree to",
                 ' ',
-                React.createElement("a", { href: "https://docs.github.com/en/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide", target: "_blank", rel: "noopener noreferrer" },
-                    "GitHub Copilot chat terms",
-                    React.createElement("span", { className: "nbi-sr-only" }, " (opens in new tab)")),
+                React.createElement(SafeAnchor, { href: "https://docs.github.com/en/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide" }, "GitHub Copilot chat terms"),
                 ". Review the terms to understand about usage, limitations and ways to improve GitHub Copilot. Please review",
                 ' ',
-                React.createElement("a", { href: "https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement", target: "_blank", rel: "noopener noreferrer" },
-                    "Privacy Statement",
-                    React.createElement("span", { className: "nbi-sr-only" }, " (opens in new tab)")),
+                React.createElement(SafeAnchor, { href: "https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" }, "Privacy Statement"),
                 "."),
             React.createElement("div", null,
                 React.createElement("button", { className: "jp-Dialog-button jp-mod-accept jp-mod-reject jp-mod-styled", onClick: handleLoginClick },
@@ -3415,7 +3516,7 @@ function GitHubCopilotLoginDialogBodyComponent(props) {
                 ' ',
                 "and enter at",
                 ' ',
-                React.createElement("a", { href: deviceActivationURL, target: "_blank", rel: "noopener noreferrer" }, deviceActivationURL),
+                React.createElement(SafeAnchor, { href: deviceActivationURL }, deviceActivationURL),
                 ' ',
                 "to allow access to GitHub Copilot from this app. Activation could take up to a minute after you enter the code."))),
         ghLoginStatus === GitHubCopilotLoginStatus.ActivatingDevice && (React.createElement("div", { style: { marginTop: '10px' } },

package/lib/components/markdown-link.d.ts

@@ -0,0 +1,33 @@
+import React from 'react';
+import { JupyterFrontEnd } from '@jupyterlab/application';
+type MarkdownLinkProps = {
+    app: JupyterFrontEnd;
+    baseDir: string;
+    href: unknown;
+    title?: unknown;
+    children?: React.ReactNode;
+};
+/**
+ * Render an anchor node coming out of `react-markdown` so chat-sidebar
+ * links can never replace the JupyterLab shell or pivot through the
+ * lab origin.
+ *
+ * Three branches:
+ *   - Fragment-only (`#section`): inert plain text. A new-tab open would
+ *     navigate to `about:blank#section`, and a same-tab open would scroll
+ *     the wrong document; neither matches what the LLM meant.
+ *   - Workspace-relative (no scheme, no leading `/`, no `//` prefix):
+ *     resolved against the active document's directory, re-validated,
+ *     and routed through JupyterLab's `docmanager:open` command so a
+ *     `.ipynb` opens with the notebook factory and a `.md` opens in the
+ *     editor. The anchor's `href` stays `"#"` because a populated `href`
+ *     bypasses React's onClick on middle/Cmd-click, letting the browser
+ *     navigate `/lab/<path>` with session cookies attached; the hover
+ *     preview moves to `title` so the user still sees the intended
+ *     target.
+ *   - Everything else: handed to `SafeAnchor`, which enforces the
+ *     `safeAnchorUri` scheme allowlist and emits a `_blank` anchor with
+ *     `rel="noopener noreferrer"`.
+ */
+export declare function MarkdownLink({ app, baseDir, href, title, children }: MarkdownLinkProps): React.ReactElement;
+export {};

package/lib/components/markdown-link.js

@@ -0,0 +1,114 @@
+// Copyright (c) Mehmet Bektas <mbektasgh@outlook.com>
+import React from 'react';
+import { PathExt } from '@jupyterlab/coreutils';
+import { SafeAnchor } from './safe-anchor';
+import { hasDangerousTextCodepoints } from '../utils';
+// Match an absolute URI by its scheme prefix so a workspace-relative path
+// (`README.md`) is distinguished from a protocol-rooted URL (`http://...`).
+// Mirrors the SCHEME_RE in utils.ts; kept local because this discriminant
+// answers a different question (presence vs. allowlist).
+const SCHEME_PREFIX_RE = /^[A-Za-z][A-Za-z0-9+.-]*:/;
+/**
+ * True when a freshly-joined workspace path is *not* safe to hand to
+ * `docmanager:open` or expose on a rendered anchor. Rejects:
+ *
+ * - leading `..` segments or absolute paths: the join didn't anchor and
+ *   the path escapes the Jupyter root (ContentsManager rejects too, but
+ *   we want to fail closed visually as well so the status bar/title
+ *   never previews a traversal target),
+ * - any embedded scheme: `PathExt.join('', 'java\tscript:alert(1)')`
+ *   returns the input verbatim, so a path that looks workspace-relative
+ *   pre-join can unmask into a `javascript:` href when `baseDir` is
+ *   empty (any active doc at server root),
+ * - dangerous codepoints (bidi-override, zero-width, C0/C1/DEL, etc.):
+ *   the WHATWG URL parser strips these from the scheme during
+ *   recognition, and they also visually impersonate the link target on
+ *   hover / in dev-tools logs.
+ */
+function isUnsafeWorkspacePath(path) {
+    // Empty / cwd-only paths reach here when react-markdown's built-in
+    // `urlTransform` strips an unsafe scheme (`javascript:`, `data:`, ...)
+    // to an empty string before our override runs: the result joins to
+    // either `""` or `"."`, both of which would render as a dead
+    // `<a href="#">` that 404s on click. Surface them as blocked-link
+    // spans so the user sees why nothing happened.
+    if (path === '' || path === '.' || path === './') {
+        return true;
+    }
+    if (path.startsWith('/') || path === '..' || path.startsWith('../')) {
+        return true;
+    }
+    if (SCHEME_PREFIX_RE.test(path)) {
+        return true;
+    }
+    if (hasDangerousTextCodepoints(path)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Render an anchor node coming out of `react-markdown` so chat-sidebar
+ * links can never replace the JupyterLab shell or pivot through the
+ * lab origin.
+ *
+ * Three branches:
+ *   - Fragment-only (`#section`): inert plain text. A new-tab open would
+ *     navigate to `about:blank#section`, and a same-tab open would scroll
+ *     the wrong document; neither matches what the LLM meant.
+ *   - Workspace-relative (no scheme, no leading `/`, no `//` prefix):
+ *     resolved against the active document's directory, re-validated,
+ *     and routed through JupyterLab's `docmanager:open` command so a
+ *     `.ipynb` opens with the notebook factory and a `.md` opens in the
+ *     editor. The anchor's `href` stays `"#"` because a populated `href`
+ *     bypasses React's onClick on middle/Cmd-click, letting the browser
+ *     navigate `/lab/<path>` with session cookies attached; the hover
+ *     preview moves to `title` so the user still sees the intended
+ *     target.
+ *   - Everything else: handed to `SafeAnchor`, which enforces the
+ *     `safeAnchorUri` scheme allowlist and emits a `_blank` anchor with
+ *     `rel="noopener noreferrer"`.
+ */
+export function MarkdownLink({ app, baseDir, href, title, children }) {
+    if (typeof href === 'string') {
+        if (href.startsWith('#')) {
+            return React.createElement("span", null, children);
+        }
+        if (!SCHEME_PREFIX_RE.test(href) &&
+            !href.startsWith('/') &&
+            !href.startsWith('//')) {
+            // PathExt.join: plain concatenation + normalization. Resolve()
+            // would fall back to the browser process cwd when `baseDir` is
+            // relative, which gives nonsense like `/Users/.../notebooks/...`.
+            const resolvedPath = PathExt.join(baseDir, href);
+            // Re-validate post-join. Two attack/confusion shapes the pre-check
+            // alone misses: `[x](java\tscript:alert(1))` survives the scheme
+            // sniff because `\t` isn't a scheme char, then unmasks once the
+            // WHATWG parser sees the joined href; `[x](../../../etc/passwd)`
+            // looks workspace-relative but escapes the workspace root.
+            if (isUnsafeWorkspacePath(resolvedPath)) {
+                return (React.createElement(SafeAnchor, { href: null, title: undefined }, children));
+            }
+            // href="#" rather than href={resolvedPath}: a modifier-click on a
+            // populated href bypasses the React onClick, lets the browser
+            // navigate the chat sidebar to /lab/<path> in a new tab, and would
+            // ride along the user's Jupyter session cookies. The hover preview
+            // moves to `title` so the user still sees the intended target.
+            const safeTitleFromMd = typeof title === 'string' && !hasDangerousTextCodepoints(title)
+                ? title
+                : undefined;
+            const hoverTitle = safeTitleFromMd !== null && safeTitleFromMd !== void 0 ? safeTitleFromMd : resolvedPath;
+            const onClick = (e) => {
+                e.preventDefault();
+                // ContentsManager rejects paths outside the Jupyter root with a
+                // promise rejection. Catch so the failure surfaces in logs instead
+                // of an unhandled rejection, and the user can see the rendered
+                // anchor was attempted even when the target doesn't exist.
+                Promise.resolve(app.commands.execute('docmanager:open', { path: resolvedPath })).catch(err => {
+                    console.warn(`NBI: failed to open workspace path "${resolvedPath}":`, err);
+                });
+            };
+            return (React.createElement("a", { href: "#", title: hoverTitle, onClick: onClick }, children));
+        }
+    }
+    return (React.createElement(SafeAnchor, { href: typeof href === 'string' ? href : null, title: typeof title === 'string' ? title : undefined }, children));
+}

package/lib/components/safe-anchor.d.ts

@@ -0,0 +1,25 @@
+import React from 'react';
+type SafeAnchorProps = {
+    href: string | undefined | null;
+    children: React.ReactNode;
+    title?: string;
+    className?: string;
+};
+/**
+ * The single render path for anchor elements driven by LLM / tool output.
+ *
+ * Runs `href` through `safeAnchorUri`, which mirrors the server-side
+ * `safe_anchor_uri` allowlist (`http` / `https` / `mailto`) and rejects
+ * dangerous codepoints. On accept it renders a `_blank` anchor with
+ * `rel="noopener noreferrer"` and an SR-only "(opens in new tab)" suffix;
+ * on reject it falls through to plain text plus an SR-only "(link
+ * blocked)" note so screen readers can tell why the link disappeared.
+ *
+ * The `title` attribute is scrubbed for the same dangerous codepoints
+ * the URI check rejects, since react-markdown forwards CommonMark
+ * `[text](url "title")` titles to the rendered anchor and an LLM can
+ * smuggle bidi-override or zero-width characters there to visually
+ * impersonate the link target on hover.
+ */
+export declare function SafeAnchor({ href, children, title, className }: SafeAnchorProps): React.ReactElement;
+export {};