npm - agentgui - Versions diffs - 1.0.984 → 1.0.986 - Mend

agentgui 1.0.984 → 1.0.986

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/AGENTS.md +5 -9
package/lib/asset-server.js +1 -1
package/lib/claude-runner-run.js +0 -1
package/lib/http-handler.js +112 -27
package/lib/plugins/acp-plugin.js +27 -6
package/lib/plugins/files-plugin.js +43 -12
package/lib/plugins/workflow-plugin.js +20 -2
package/lib/ws-handlers-util.js +7 -0
package/package.json +1 -1
package/site/app/index.html +0 -1
package/site/app/js/app.js +191 -142
package/site/app/js/backend.js +52 -6
package/site/app/vendor/anentrypoint-design/247420.css +19 -0
package/site/app/vendor/anentrypoint-design/247420.js +14 -14

package/site/app/js/backend.js CHANGED Viewed

@@ -13,7 +13,17 @@ function authToken() {
   try { return (typeof window !== 'undefined' && window.__WS_TOKEN) || ''; } catch { return ''; }
 }
-function authedFetch(url, opts = {}) {
+// Set when a 401 is received mid-session so the app can show a reconnect banner.
+let _sessionExpired = false;
+const _sessionExpiredListeners = new Set();
+export function onSessionExpired(fn) { _sessionExpiredListeners.add(fn); return () => _sessionExpiredListeners.delete(fn); }
+function emitSessionExpired() {
+  if (_sessionExpired) return; // emit only once per session
+  _sessionExpired = true;
+  for (const fn of _sessionExpiredListeners) { try { fn(); } catch {} }
+}
+async function authedFetch(url, opts = {}) {
   // Thread the agentgui token via the ?token= query param (exactly like the WS,
   // EventSource, and image/download URLs) rather than an `Authorization: Bearer`
   // header. A Bearer header OVERWRITES the browser's cached HTTP Basic Auth
@@ -23,7 +33,9 @@ function authedFetch(url, opts = {}) {
   // /health, /v1/history/*, and /api/* all 401. The query param coexists with
   // Basic auth; agentgui accepts ?token= on every HTTP route. credentials are
   // kept same-origin so the agentgui_token cookie also flows.
-  return fetch(withToken(url), { credentials: 'same-origin', ...opts });
+  const r = await fetch(withToken(url), { credentials: 'same-origin', ...opts });
+  if (r.status === 401) emitSessionExpired();
+  return r;
 }
 function withToken(url) {
@@ -38,7 +50,20 @@ function lsSet(k, v) { try { localStorage.setItem(k, v); } catch {} }
 export function getBackend() {
   const u = new URL(location.href);
   const fromQs = u.searchParams.get('backend');
-  if (fromQs) { lsSet(KEY, fromQs); return fromQs; }
+  if (fromQs) {
+    // Only accept same-origin backends from the query string. A cross-origin
+    // ?backend= would receive the ?token= auth credential on every request,
+    // which is a credential-theft vector. Reject silently and fall through to
+    // the stored/default value.
+    let accepted = false;
+    try {
+      const parsed = new URL(fromQs, location.href);
+      const sameOrigin = parsed.origin === location.origin;
+      const isLocalDev = parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1';
+      accepted = sameOrigin || isLocalDev;
+    } catch {}
+    if (accepted) { lsSet(KEY, fromQs); return fromQs; }
+  }
   // Same-origin default: honour the server-injected router prefix so HTTP
   // calls (/health, /v1/history/*, /api/*) stay under the proxied path
   // (e.g. /gm) instead of hitting the site root, where a path-routing proxy
@@ -245,6 +270,8 @@ function ensureWs(base) {
       for (const sid of _sessionListeners.keys()) {
         try { _ws.send(encode({ m: 'conversation.subscribe', r: _nextReqId++, p: { sessionId: sid } })); } catch {}
       }
+      // Reload the agent list after reconnect so the picker reflects reality.
+      emitStatus('reloadAgents');
       resolve(_ws);
     });
     // The error Event has no .message; reject with a real Error so callers log
@@ -252,7 +279,7 @@ function ensureWs(base) {
     _ws.addEventListener('error', () => { emitStatus('error'); reject(new Error('WebSocket connection failed')); });
     _ws.addEventListener('close', () => {
       emitStatus('closed');
-      for (const [, p] of _pending) p.reject(new Error('ws closed'));
+      for (const [, p] of _pending) p.reject(new Error('Connection lost - please reconnect'));
       _pending.clear();
       _ws = null;
       _wsReady = null;
@@ -319,7 +346,20 @@ export async function listActiveChats(base) {
 }
 export async function cancelChat(base, sessionId) {
-  return wsCall(base, 'chat.cancel', { sessionId });
+  try {
+    return await wsCall(base, 'chat.cancel', { sessionId });
+  } catch (e) {
+    // Surface a distinct error type so the app can show a toast instead of
+    // silently swallowing the failure (user clicked stop but nothing happened).
+    const err = new Error(e.message || 'stop request not delivered');
+    err.cancelFailed = true;
+    throw err;
+  }
+}
+export async function restartAcpAgent(base, agentId) {
+  try { return await wsCall(base, 'acp.restart', { id: agentId }); }
+  catch { return { ok: false }; }
 }
 export async function listAgentModels(base, agentId) {
@@ -452,7 +492,13 @@ export async function* streamChat(base, { model, messages, signal, agentId, resu
       }
       yield queue.shift();
     }
-    if (errored) yield { type: 'error', error: errored };
+    if (errored) {
+      // Sanitize raw server strings: strip internal stack traces / JSON blobs
+      // and map common cases to plain human copy.
+      let displayError = (typeof errored === 'string' ? errored : 'streaming error').trim();
+      if (/^\{/.test(displayError) || displayError.length > 300) displayError = 'An error occurred while streaming the response.';
+      yield { type: 'error', error: displayError };
+    }
   } finally {
     unsub();
     if (graceTimer) { clearTimeout(graceTimer); graceTimer = null; }

package/site/app/vendor/anentrypoint-design/247420.css CHANGED Viewed

@@ -3890,6 +3890,22 @@
 .ds-247420 .ds-file-act:disabled { opacity: .45; cursor: default; }
 .ds-247420 .ds-file-act:disabled:hover { background: transparent; color: var(--fg-3); }
+/* ============================================================
+   Print — linearize WorkspaceShell so main content prints in full.
+   The multi-column CSS grid with overflow:auto regions clips at
+   the on-screen height in print/PDF; drop all chrome and let
+   .ws-main expand to its natural document height.
+   ============================================================ */
+@media print {
+  .ds-247420 .ws-shell { display: block; }
+  .ds-247420 .ws-rail,
+  .ds-247420 .ws-sessions,
+  .ds-247420 .ws-pane,
+  .ds-247420 .ws-crumb,
+  .ds-247420 .app-status { display: none; }
+  .ds-247420 .ws-main { overflow: visible; height: auto; }
+}
 /* community.css */
 /* ============================================================
    247420 design system — community surface (Discord-style chat)
@@ -5982,6 +5998,7 @@
   width: auto; border-radius: var(--r-1);
 }
 .ds-247420 .ds-dash-stream { font-size: var(--fs-tiny); color: var(--fg-3); }
+.ds-247420 .ds-dash-stream.is-connected { color: var(--accent); }
 .ds-247420 .ds-dash-stream.is-lost { color: var(--flame); }
 .ds-247420 .ds-dash-stream.is-connecting { color: var(--amber); }
 .ds-247420 .ds-dash-header .spread { flex: 1; }
@@ -6010,6 +6027,8 @@
    agent is flagged in a dense grid, not merely faded near-invisibly. The word
    'idle' co-carries state, so this stays colour-blind safe. */
 .ds-247420 .ds-dash-card.is-stale { box-shadow: inset 2px 0 0 var(--stale); }
+/* Active identity always wins over stale amber when both classes are present. */
+.ds-247420 .ds-dash-card.is-active.is-stale { box-shadow: inset 2px 0 0 var(--accent); }
 /* --- H3: dashboard live disc pulses; stale/error do not (handled by H1). --- */