npm - anentrypoint-design - Versions diffs - 0.0.216 → 0.0.217 - Mend

anentrypoint-design 0.0.216 → 0.0.217

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/app-shell.css +6 -0
package/chat.css +9 -0
package/dist/247420.css +14 -0
package/dist/247420.js +11 -11
package/package.json +1 -1
package/src/components/agent-chat.js +1 -1
package/src/components/shell.js +4 -2
package/src/markdown.js +8 -4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "anentrypoint-design",
-  "version": "0.0.216",
+  "version": "0.0.217",
   "description": "247420 design system SDK — webjsx + modified ripple-ui, single-file ESM bundle for reproducible use of the AnEntrypoint design.",
   "type": "module",
   "main": "./dist/247420.js",

package/src/components/agent-chat.js CHANGED Viewed

@@ -184,7 +184,7 @@ export function AgentChat(props = {}) {
   const msgHasBody = (m) => !!(m.content || (Array.isArray(m.parts) && m.parts.length));
   const lastMsgLastPart = lastMsg && Array.isArray(lastMsg.parts) && lastMsg.parts.length ? lastMsg.parts[lastMsg.parts.length - 1] : null;
   const showWorkingTail = busy && lastMsg && lastMsg.role === 'assistant' && msgHasBody(lastMsg)
-    && lastMsgLastPart && lastMsgLastPart.kind === 'tool' && (lastMsgLastPart.status === 'done' || lastMsgLastPart.status === 'error');
+    && lastMsgLastPart && lastMsgLastPart.kind === 'tool' && lastMsgLastPart.status === 'running';
   const rows = messages.slice(msgStart).map((m, wi) => {
     const i = wi + msgStart; // absolute index — streaming/caret/actions logic keys off the real lastIdx
     const isAssistant = m.role === 'assistant';

package/src/components/shell.js CHANGED Viewed

@@ -467,6 +467,7 @@ export function WorkspaceShell({ rail, sessions, main, pane, crumb, status, narr
     const keepPaneTrack = stableFrame && !hasPane;
     const railIsCollapsed = wsCollapsed('rail', railCollapsed);
     const paneIsCollapsed = hasPane ? wsCollapsed('pane', paneCollapsed) : true;
+    const sessionsIsCollapsed = wsCollapsed('sessions', false);
     const shellCls = 'ws-shell'
         + (railIsCollapsed ? ' ws-rail-collapsed' : '')
         + ((hasPane || keepPaneTrack) ? '' : ' ws-no-pane')
@@ -513,8 +514,9 @@ export function WorkspaceShell({ rail, sessions, main, pane, crumb, status, narr
                     // full-width thread/grid). Hidden on mobile via CSS.
                     hasSessions ? h('button', {
                         class: 'ws-desktop-toggle ws-sessions-toggle', type: 'button',
-                        'aria-label': 'collapse conversations', title: 'collapse conversations',
-                        'aria-expanded': 'true', onclick: () => toggleWs('sessions'),
+                        'aria-label': sessionsIsCollapsed ? 'expand conversations' : 'collapse conversations',
+                        title: sessionsIsCollapsed ? 'expand conversations' : 'collapse conversations',
+                        'aria-expanded': sessionsIsCollapsed ? 'false' : 'true', onclick: () => toggleWs('sessions'),
                     }, Icon('chevron-left')) : null,
                     h('div', { class: 'ws-crumb-main' }, crumb),
                     // Desktop-only context-pane collapse, on the same crumb-level

package/src/markdown.js CHANGED Viewed

@@ -10,8 +10,12 @@ let _purify = null;
 let _failedAt = 0;
 const RETRY_BACKOFF_MS = 30000;
-const MARKED_URL = 'https://cdn.jsdelivr.net/npm/marked@15/+esm';
-const PURIFY_URL = 'https://cdn.jsdelivr.net/npm/dompurify@3/+esm';
+// Pin to exact semver so the CDN cannot silently swap code under us.
+// SRI cannot be applied to dynamic ESM imports in browsers (no importmap
+// integrity support at design time); pinning the version is the best available
+// mitigation for CDN-supply-chain risk on these two dependencies.
+const MARKED_URL = 'https://cdn.jsdelivr.net/npm/marked@15.0.12/+esm';
+const PURIFY_URL = 'https://cdn.jsdelivr.net/npm/dompurify@3.2.6/+esm';
 // True while the markdown stack is unavailable (escaped-fallback rendering).
 // Consumers (markdown-cache) use this to avoid caching degraded output.
@@ -50,7 +54,7 @@ export async function renderMarkdown(src) {
     const ok = await ensureReady();
     if (!ok) return escapeHtml(src).replace(/\n/g, '<br>');
     const raw = _marked.parse(String(src));
-    return _purify.sanitize(raw);
+    return _purify.sanitize(raw, { FORCE_BODY: true });
 }
 // Sanitize already-rendered HTML before it touches innerHTML. For any surface
@@ -60,5 +64,5 @@ export async function renderMarkdown(src) {
 export async function sanitizeHtml(html) {
     const ok = await ensureReady();
     if (!ok) return escapeHtml(html);
-    return _purify.sanitize(String(html));
+    return _purify.sanitize(String(html), { FORCE_BODY: true });
 }