ai-or-die 0.1.62 → 0.1.63

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-or-die",
-  "version": "0.1.62",
+  "version": "0.1.63",
   "description": "Universal AI coding terminal — Claude, Copilot, Gemini & more in your browser",
   "main": "src/server.js",
   "bin": {
@@ -35,6 +35,8 @@
   "license": "MIT",
   "dependencies": {
     "@lydell/node-pty": "1.2.0-beta.10",
+    "@vscode/ripgrep": "^1.18.0",
+    "chokidar": "^5.0.0",
     "commander": "^12.1.0",
     "cors": "^2.8.5",
     "express": "^4.19.2",
@@ -55,6 +57,7 @@
   "devDependencies": {
     "@playwright/test": "^1.58.2",
     "esbuild": "^0.24.0",
+    "jsdom": "^24.1.3",
     "mocha": "^11.7.1",
     "postject": "^1.0.0-alpha.6"
   }

package/sea-bootstrap.js

@@ -28,18 +28,44 @@ if (isSea) {
   const ptyPkg = `node-pty-${process.platform}-${process.arch}`;
   const sherpaPlatform = process.platform === 'win32' ? 'win' : process.platform;
   const sherpaPkg = `sherpa-onnx-${sherpaPlatform}-${process.arch}`;
+  // Bundled ripgrep (ADR-0018) — see scripts/build-sea.js for the asset
+  // prefix scheme. Mirror it here for the extraction predicate AND the
+  // post-extract path computation that feeds global.__SEA_RG_PATH__.
+  const rgAssetPrefix = `vscode-ripgrep-${process.platform}-${process.arch}`;
+  const rgBinName = process.platform === 'win32' ? 'rg.exe' : 'rg';
   const assetKeys = sea.getAssetKeys();
 
   for (const key of assetKeys) {
     if (key.startsWith(ptyPkg + '/') ||
         key.startsWith(sherpaPkg + '/') ||
-        key.startsWith('sherpa-onnx-node/')) {
+        key.startsWith('sherpa-onnx-node/') ||
+        key.startsWith(rgAssetPrefix + '/')) {
       const targetPath = path.join(tempDir, key);
       fs.mkdirSync(path.dirname(targetPath), { recursive: true });
       fs.writeFileSync(targetPath, new Uint8Array(sea.getRawAsset(key)));
     }
   }
 
+  // chmod +x the extracted ripgrep binary on POSIX. fs.writeFileSync
+  // doesn't preserve the executable bit; without this chmod, the
+  // search backend's fs.accessSync(X_OK) liveness check would reject
+  // the binary on macOS / Linux SEA builds even though the bytes are
+  // intact. Windows ignores file mode bits — the .exe extension
+  // already conveys executability.
+  const rgExtractedPath = path.join(tempDir, rgAssetPrefix, 'bin', rgBinName);
+  if (fs.existsSync(rgExtractedPath)) {
+    if (process.platform !== 'win32') {
+      try { fs.chmodSync(rgExtractedPath, 0o755); }
+      catch (e) {
+        console.warn('[SEA] failed to chmod +x bundled ripgrep:', e.message);
+      }
+    }
+    // Surface the resolved path to the search backend (src/utils/search.js)
+    // via a global, since the bundled module's require('@vscode/ripgrep')
+    // can't resolve at SEA runtime (no node_modules on disk).
+    global.__SEA_RG_PATH__ = rgExtractedPath;
+  }
+
   // Store references for pty-sea-shim.js and server.js to use
   global.__SEA_MODE__ = true;
   global.__SEA_TEMP_DIR__ = tempDir;

package/src/public/app.js

@@ -672,6 +672,7 @@ class ClaudeCodeWebInterface {
 
         this.setupTerminalSearch();
         this.setupTerminalContextMenu();
+        this._setupTerminalLinking(this.terminal);
 
         this.terminal.onData((data) => {
             if (this._ctrlModifierPending) {
@@ -714,11 +715,20 @@ class ClaudeCodeWebInterface {
             }
         });
 
-        // Sync terminal colors when the CSS theme changes (data-theme attribute)
+        // Sync terminal colors AND any live Monaco instances when the CSS
+        // theme changes (data-theme attribute on documentElement).
         const themeObserver = new MutationObserver((mutations) => {
             for (const m of mutations) {
-                if (m.attributeName === 'data-theme' && this.terminal) {
-                    this.syncTerminalTheme();
+                if (m.attributeName === 'data-theme') {
+                    if (this.terminal) this.syncTerminalTheme();
+                    // Editor pane + read-only code preview re-theme live so
+                    // they don't get stuck on whatever theme was active when
+                    // they were created. Loader reads the new data-theme via
+                    // resolveMonacoTheme() internally.
+                    if (window.fileViewerMonaco &&
+                        typeof window.fileViewerMonaco.applyThemeToAll === 'function') {
+                        try { window.fileViewerMonaco.applyThemeToAll(); } catch (_) { /* swallow */ }
+                    }
                 }
             }
         });
@@ -1055,6 +1065,34 @@ class ClaudeCodeWebInterface {
             }
         });
 
+        // Ctrl/Cmd+Shift+F → toggle the file browser's cross-file search panel.
+        // Opens the file browser (if closed) and the search panel together so
+        // the user can hit one shortcut from anywhere in the app and start
+        // typing a query immediately. Mirrors the VS Code/JetBrains binding.
+        document.addEventListener('keydown', (e) => {
+            if ((e.ctrlKey || e.metaKey) && e.shiftKey && (e.key === 'F' || e.key === 'f')) {
+                // Don't steal the shortcut from a focused editor that owns
+                // its own find — Monaco's find-in-files for the editor pane
+                // is handled inside the editor surface; the file-browser
+                // search is for the project-wide case.
+                const tag = (e.target && e.target.tagName) || '';
+                const isEditableField = (tag === 'INPUT' || tag === 'TEXTAREA' ||
+                    (e.target && e.target.isContentEditable));
+                // Allow the shortcut when typing in our OWN search panel
+                // input (it'll just refocus); skip for any other text field.
+                const insideSearchPanel = e.target &&
+                    typeof e.target.closest === 'function' &&
+                    e.target.closest('.fb-search-panel');
+                if (isEditableField && !insideSearchPanel) return;
+
+                e.preventDefault();
+                const panel = this._ensureFileBrowser ? this._ensureFileBrowser() : this._fileBrowserPanel;
+                if (!panel) return;
+                if (!panel.isOpen()) panel.open();
+                if (typeof panel.toggleSearchPanel === 'function') panel.toggleSearchPanel();
+            }
+        });
+
         // Header overflow menu (tablet/mobile three-dot button)
         this._setupOverflowMenu();
 
@@ -2914,6 +2952,81 @@ class ClaudeCodeWebInterface {
         });
     }
 
+    /**
+     * Wire up clickable file paths in a terminal:
+     *   1. xterm registerLinkProvider for hover-underline + click-to-open
+     *      (synchronous regex only — NO network I/O on render).
+     *   2. TerminalPathDetector for the right-click "Open in File Viewer /
+     *      Edit / Download" context menu (selection-driven).
+     *
+     * Safe to call multiple times for the same terminal — each call returns a
+     * disposable that we track on the terminal object so we can clean up if
+     * the terminal is destroyed.
+     */
+    _setupTerminalLinking(terminal) {
+        if (!terminal || !window.fileBrowser) return;
+
+        // 1) Link provider — clickable links for paths/filenames in output.
+        if (typeof window.fileBrowser.attachLinkProvider === 'function' &&
+            typeof terminal.registerLinkProvider === 'function' &&
+            !terminal._fbLinkProvider) {
+            try {
+                terminal._fbLinkProvider = window.fileBrowser.attachLinkProvider({
+                    terminal: terminal,
+                    authFetch: (url, opts) => this.authFetch(url, opts),
+                    openInViewer: (path, line, col) => this.openFileInViewer(path, line, col),
+                    getCwd: () => this.getCurrentWorkingDir(),
+                    feedback: window.feedback,
+                });
+            } catch (err) {
+                console.warn('[file-browser] link provider attach failed:', err);
+            }
+        }
+
+        // 2) Right-click selection-based context menu (lazy panel via getter).
+        if (typeof window.fileBrowser.TerminalPathDetector === 'function' &&
+            !terminal._fbPathDetector) {
+            try {
+                terminal._fbPathDetector = new window.fileBrowser.TerminalPathDetector({
+                    getFileBrowserPanel: () => this._ensureFileBrowser(),
+                    authFetch: (url, opts) => this.authFetch(url, opts),
+                    terminal: terminal,
+                    app: this,
+                });
+                terminal._fbPathDetector.init();
+            } catch (err) {
+                console.warn('[file-browser] path detector init failed:', err);
+            }
+        }
+
+        // 3) Lifecycle: on terminal disposal, release the link provider, the
+        //    path-detector handlers, and the floating menu DOM node. Without
+        //    this, splitting + closing terminals leaks document-level
+        //    listeners and orphaned <div class="fb-terminal-context-menu">
+        //    nodes (peer-review MEDIUM-1 on commit 9a05963).
+        if (typeof terminal.onDispose === 'function' && !terminal._fbLinkingDisposeWired) {
+            terminal._fbLinkingDisposeWired = true;
+            try {
+                terminal.onDispose(() => {
+                    try {
+                        if (terminal._fbLinkProvider && typeof terminal._fbLinkProvider.dispose === 'function') {
+                            terminal._fbLinkProvider.dispose();
+                        }
+                    } catch (_) {}
+                    try {
+                        if (terminal._fbPathDetector && typeof terminal._fbPathDetector.destroy === 'function') {
+                            terminal._fbPathDetector.destroy();
+                        }
+                    } catch (_) {}
+                    terminal._fbLinkProvider = null;
+                    terminal._fbPathDetector = null;
+                });
+            } catch (err) {
+                console.warn('[file-browser] onDispose wiring failed:', err);
+            }
+        }
+    }
+
     setupTerminalContextMenu() {
         const menu = document.getElementById('termContextMenu');
         if (!menu) return;
@@ -3632,17 +3745,24 @@ class ClaudeCodeWebInterface {
     }
 
     // File Browser Methods
-    toggleFileBrowser() {
+    _ensureFileBrowser() {
         if (!this._fileBrowserPanel && window.fileBrowser) {
             this._fileBrowserPanel = new window.fileBrowser.FileBrowserPanel({
                 app: this,
                 authFetch: (url, opts) => this.authFetch(url, opts),
+                // initialPath kept as a back-compat fallback; getCwd is the
+                // source of truth on each open() so a session switch between
+                // opens picks up the new cwd (per ADR-0016 / task #14).
                 initialPath: this.getCurrentWorkingDir(),
+                getCwd: () => this.getCurrentWorkingDir(),
             });
         }
-        if (this._fileBrowserPanel) {
-            this._fileBrowserPanel.toggle();
-        }
+        return this._fileBrowserPanel;
+    }
+
+    toggleFileBrowser() {
+        const panel = this._ensureFileBrowser();
+        if (panel) panel.toggle();
     }
 
     // VS Code Tunnel Methods
@@ -3686,16 +3806,15 @@ class ClaudeCodeWebInterface {
         }
     }
 
-    openFileInViewer(filePath) {
-        if (!this._fileBrowserPanel && window.fileBrowser) {
-            this._fileBrowserPanel = new window.fileBrowser.FileBrowserPanel({
-                app: this,
-                authFetch: (url, opts) => this.authFetch(url, opts),
-                initialPath: this.getCurrentWorkingDir(),
-            });
-        }
-        if (this._fileBrowserPanel) {
-            this._fileBrowserPanel.openToFile(filePath);
+    openFileInViewer(filePath, line, col) {
+        const panel = this._ensureFileBrowser();
+        if (panel) {
+            panel.openToFile(filePath);
+            // Future: pass {line, col} to Monaco viewer for cursor placement
+            // (Stage 1.5 work — for now we just open the file).
+            if (line && this._fileBrowserPanel) {
+                this._fileBrowserPanel._pendingJumpTo = { line: line, col: col || 1 };
+            }
         }
     }
 

package/src/public/auth.js

@@ -195,6 +195,28 @@ class AuthManager {
         };
     }
 
+    /**
+     * Append the auth token as a `?token=` query param.
+     *
+     * Use this for asset URLs that the browser fetches WITHOUT being able
+     * to attach custom headers — `<img src>`, `<iframe src>`, PDF.js
+     * `getDocument({url})`, and any other browser-driven fetch where
+     * `getAuthHeaders()` can't be threaded through. The auth middleware
+     * accepts both `Authorization: Bearer <t>` and `?token=<t>` so this is
+     * the canonical fallback when the header path isn't available.
+     *
+     * Trade-off: query-param tokens can leak into server access logs and
+     * `Referer` headers. The download endpoint mitigates with
+     * `Cache-Control: no-store` + `X-Content-Type-Options: nosniff`. A
+     * future hardening pass should migrate to short-lived HMAC-signed
+     * file-scoped tokens; tracked separately.
+     */
+    appendAuthToUrl(url) {
+        if (!this.token) return url;
+        const separator = url.includes('?') ? '&' : '?';
+        return `${url}${separator}token=${encodeURIComponent(this.token)}`;
+    }
+
     getWebSocketUrl(baseUrl) {
         if (!this.token) return baseUrl;
         const separator = baseUrl.includes('?') ? '&' : '?';