@trops/dash-core 0.1.500 → 0.1.502

package/dist/index.esm.js

@@ -413,7 +413,9 @@ var WidgetApi = {
       append = _ref$append === void 0 ? true : _ref$append,
       _ref$returnEmpty = _ref.returnEmpty,
       returnEmpty = _ref$returnEmpty === void 0 ? {} : _ref$returnEmpty,
-      uuid = _ref.uuid;
+      uuid = _ref.uuid,
+      _ref$widgetId = _ref.widgetId,
+      widgetId = _ref$widgetId === void 0 ? null : _ref$widgetId;
     try {
       // set the filename
       var toFilename = filename !== null ? filename : "".concat(uuid, ".json");
@@ -436,7 +438,7 @@ var WidgetApi = {
             });
           }
           // request.
-          eApi.data.saveData(data, toFilename, append, returnEmpty);
+          eApi.data.saveData(data, toFilename, append, returnEmpty, widgetId);
         }
       }
     } catch (e) {
@@ -464,7 +466,9 @@ var WidgetApi = {
       callbackComplete = _ref2$callbackComplet === void 0 ? null : _ref2$callbackComplet,
       _ref2$callbackError = _ref2.callbackError,
       callbackError = _ref2$callbackError === void 0 ? null : _ref2$callbackError,
-      uuid = _ref2.uuid;
+      uuid = _ref2.uuid,
+      _ref2$widgetId = _ref2.widgetId,
+      widgetId = _ref2$widgetId === void 0 ? null : _ref2$widgetId;
     try {
       var toFilename = filename !== null ? filename : "".concat(uuid, ".json");
       var eApi = this.electronApi();
@@ -491,7 +495,7 @@ var WidgetApi = {
             return callbackError(response);
           });
         }
-        eApi.data.readData(toFilename);
+        eApi.data.readData(toFilename, [], widgetId);
       }
     } catch (e) {
     }
@@ -49169,6 +49173,27 @@ var EnforcementToggles = function EnforcementToggles() {
     _useState10 = _slicedToArray(_useState1, 2),
     pendingDisable = _useState10[0],
     setPendingDisable = _useState10[1];
+
+  // lastTestResult: feedback for the "Test prompt" button. Tells the
+  // user whether their JIT response was actually persisted, so they
+  // don't have to interpret the post-grant "server not connected"
+  // error as failure.
+  var _useState11 = useState(null),
+    _useState12 = _slicedToArray(_useState11, 2),
+    lastTestResult = _useState12[0],
+    setLastTestResult = _useState12[1];
+
+  // Auto-clear the test result after 30 seconds so it doesn't linger
+  // forever after a successful test.
+  useEffect(function () {
+    if (!lastTestResult) return;
+    var timer = setTimeout(function () {
+      return setLastTestResult(null);
+    }, 30000);
+    return function () {
+      return clearTimeout(timer);
+    };
+  }, [lastTestResult]);
   var writeSecurity = function writeSecurity(updates) {
     if (!(appContext !== null && appContext !== void 0 && appContext.changeSettings)) return;
     var next = _objectSpread$g(_objectSpread$g({}, settings), {}, {
@@ -49214,37 +49239,84 @@ var EnforcementToggles = function EnforcementToggles() {
 
   // One-click JIT trigger for testing. Calls the gate via a fake widget
   // identity that has no grant — the gate denies, JIT escalates, the
-  // modal pops. After approval, the call proceeds to the (nonexistent)
-  // "test-server" and errors with "server not connected"; that's the
-  // expected response since the goal is to exercise the consent flow,
-  // not the server's response.
+  // modal pops. We classify the outcome so the user knows whether their
+  // JIT response was actually persisted (vs whether the test ran at all).
+  //
+  // Outcome classification:
+  //   message includes "Server not connected" → granted
+  //     (gate passed, post-gate server lookup expectedly failed because
+  //     "test-server" doesn't exist — the goal is the consent flow, not
+  //     the server response)
+  //   message includes "user declined" → denied
+  //   message includes "JIT consent timed out" → timeout
+  //   anything else → unknown error
   var triggerTestJitPrompt = /*#__PURE__*/function () {
     var _ref6 = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee5() {
-      var _window$mainApi3, _window$mainApi3$call;
+      var _window$mainApi3, _window$mainApi3$call, result, msg, _t5;
       return _regeneratorRuntime.wrap(function (_context5) {
         while (1) switch (_context5.prev = _context5.next) {
           case 0:
-            _context5.prev = 0;
-            _context5.next = 1;
+            setLastTestResult({
+              status: "pending",
+              message: "Waiting for response…"
+            });
+            _context5.prev = 1;
+            _context5.next = 2;
             return (_window$mainApi3 = window.mainApi) === null || _window$mainApi3 === void 0 || (_window$mainApi3 = _window$mainApi3.mcp) === null || _window$mainApi3 === void 0 || (_window$mainApi3$call = _window$mainApi3.callTool) === null || _window$mainApi3$call === void 0 ? void 0 : _window$mainApi3$call.call(_window$mainApi3, "test-server", "test_tool", {
               path: "/tmp/jit-probe.txt"
             }, null, "@test/jit-probe");
-          case 1:
-            _context5.next = 3;
-            break;
           case 2:
-            _context5.prev = 2;
-            _context5["catch"](0);
+            result = _context5.sent;
+            // callTool resolves to { error, message } on the main side; classify.
+            msg = (result === null || result === void 0 ? void 0 : result.message) || JSON.stringify(result || {});
+            if (/server not connected/i.test(msg)) {
+              setLastTestResult({
+                status: "granted",
+                message: "Granted — your response was saved as a 'live' grant for @test/jit-probe."
+              });
+            } else if (/user declined/i.test(msg)) {
+              setLastTestResult({
+                status: "denied",
+                message: "Denied — no grant written."
+              });
+            } else if (/timed out/i.test(msg)) {
+              setLastTestResult({
+                status: "timeout",
+                message: "Timed out — no response within 60s."
+              });
+            } else {
+              setLastTestResult({
+                status: "unknown",
+                message: "Unexpected: " + msg
+              });
+            }
+            _context5.next = 4;
+            break;
           case 3:
+            _context5.prev = 3;
+            _t5 = _context5["catch"](1);
+            setLastTestResult({
+              status: "error",
+              message: "Test threw: " + ((_t5 === null || _t5 === void 0 ? void 0 : _t5.message) || String(_t5))
+            });
+          case 4:
           case "end":
             return _context5.stop();
         }
-      }, _callee5, null, [[0, 2]]);
+      }, _callee5, null, [[1, 3]]);
     }));
     return function triggerTestJitPrompt() {
       return _ref6.apply(this, arguments);
     };
   }();
+  var TEST_RESULT_STYLE = {
+    pending: "text-gray-400",
+    granted: "text-green-400",
+    denied: "text-amber-400",
+    timeout: "text-amber-400",
+    unknown: "text-red-400",
+    error: "text-red-400"
+  };
   return /*#__PURE__*/jsxs("div", {
     className: "flex flex-col space-y-4 border border-gray-700 rounded p-4",
     children: [/*#__PURE__*/jsxs("div", {
@@ -49285,23 +49357,29 @@ var EnforcementToggles = function EnforcementToggles() {
       },
       onConfirm: confirmDisable
     }), enforceEnabled && jitEnabled && /*#__PURE__*/jsxs("div", {
-      className: "flex flex-row items-center justify-between gap-4 border-t border-gray-800 pt-4",
+      className: "flex flex-col gap-2 border-t border-gray-800 pt-4",
       children: [/*#__PURE__*/jsxs("div", {
-        className: "flex flex-col",
-        children: [/*#__PURE__*/jsx("span", {
-          className: "text-sm font-medium text-gray-200",
-          children: "Test JIT consent prompt"
-        }), /*#__PURE__*/jsxs("span", {
-          className: "text-xs text-gray-400 mt-1",
-          children: ["Fires a fake tool call from ", /*#__PURE__*/jsx("code", {
-            children: "@test/jit-probe"
-          }), " to", " ", /*#__PURE__*/jsx("code", {
-            children: "test-server"
-          }), ". The gate runs first (no real server needed), so you'll see the JIT modal exactly as it appears in production. Approve and the call proceeds \u2014 the fake server isn't running, so a \"server not connected\" error follows in the console. That's the expected response; the goal is to validate the consent flow."]
+        className: "flex flex-row items-center justify-between gap-4",
+        children: [/*#__PURE__*/jsxs("div", {
+          className: "flex flex-col",
+          children: [/*#__PURE__*/jsx("span", {
+            className: "text-sm font-medium text-gray-200",
+            children: "Test JIT consent prompt"
+          }), /*#__PURE__*/jsxs("span", {
+            className: "text-xs text-gray-400 mt-1",
+            children: ["Fires a fake tool call from ", /*#__PURE__*/jsx("code", {
+              children: "@test/jit-probe"
+            }), " to", " ", /*#__PURE__*/jsx("code", {
+              children: "test-server"
+            }), ". The gate runs first (no real server needed), so you'll see the JIT modal exactly as it appears in production. The post-gate server lookup expectedly fails \u2014 that's fine; the goal here is to exercise the consent flow."]
+          })]
+        }), /*#__PURE__*/jsx(Button, {
+          title: "Test prompt",
+          onClick: triggerTestJitPrompt
         })]
-      }), /*#__PURE__*/jsx(Button, {
-        title: "Test prompt",
-        onClick: triggerTestJitPrompt
+      }), lastTestResult && /*#__PURE__*/jsxs("div", {
+        className: "text-xs font-medium ".concat(TEST_RESULT_STYLE[lastTestResult.status] || "text-gray-400"),
+        children: ["Last test (", lastTestResult.status, "): ", lastTestResult.message]
       })]
     })]
   });
@@ -49363,6 +49441,7 @@ var ConfirmDisableInline = function ConfirmDisableInline(_ref7) {
   });
 };
 var WidgetGrantRow = function WidgetGrantRow(_ref8) {
+  var _granted$domains;
   var widgetId = _ref8.widgetId,
     declared = _ref8.declared,
     granted = _ref8.granted,
@@ -49439,6 +49518,20 @@ var WidgetGrantRow = function WidgetGrantRow(_ref8) {
           grantedItems: (grant === null || grant === void 0 ? void 0 : grant.writePaths) || []
         })]
       }, serverName);
+    }), (granted === null || granted === void 0 || (_granted$domains = granted.domains) === null || _granted$domains === void 0 ? void 0 : _granted$domains.fs) && ((granted.domains.fs.readPaths || []).length > 0 || (granted.domains.fs.writePaths || []).length > 0) && /*#__PURE__*/jsxs("div", {
+      className: "flex flex-col space-y-2 border-t border-gray-800 pt-2",
+      children: [/*#__PURE__*/jsx("span", {
+        className: "text-xs uppercase tracking-wider opacity-70",
+        children: "filesystem"
+      }), /*#__PURE__*/jsx(PermsList, {
+        label: "Read filenames",
+        declaredItems: [],
+        grantedItems: granted.domains.fs.readPaths || []
+      }), /*#__PURE__*/jsx(PermsList, {
+        label: "Write filenames",
+        declaredItems: [],
+        grantedItems: granted.domains.fs.writePaths || []
+      })]
     })]
   });
 };
@@ -49619,6 +49712,22 @@ var EXAMPLE_FIXTURES = [{
       }
     }
   }
+}, {
+  caption: "Phase 2 fs grant — widget granted access to a specific data file via JIT consent on saveData/readData.",
+  widgetId: "@example/fs-domain-widget",
+  hasManifest: false,
+  grantOrigin: "live",
+  declared: null,
+  granted: {
+    grantOrigin: "live",
+    servers: {},
+    domains: {
+      fs: {
+        readPaths: ["notes-state.json"],
+        writePaths: ["notes-state.json"]
+      }
+    }
+  }
 }, {
   caption: "Stale grant — the widget upgraded and dropped readPaths from its manifest, but the user's grant is still present.",
   widgetId: "@example/upgraded-widget",
@@ -49655,10 +49764,10 @@ var noop = function noop() {};
  * users who don't want the wall of text collapse manually.
  */
 var HowThisWorksPanel = function HowThisWorksPanel() {
-  var _useState11 = useState(true),
-    _useState12 = _slicedToArray(_useState11, 2),
-    open = _useState12[0],
-    setOpen = _useState12[1];
+  var _useState13 = useState(true),
+    _useState14 = _slicedToArray(_useState13, 2),
+    open = _useState14[0],
+    setOpen = _useState14[1];
   return /*#__PURE__*/jsxs("div", {
     className: "border border-gray-700 rounded",
     children: [/*#__PURE__*/jsxs("button", {