loki-mode 6.44.1 → 6.45.0

package/web-app/dist/index.html

@@ -8,8 +8,8 @@
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
     <link href="https://fonts.googleapis.com/css2?family=DM+Serif+Display&family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
-    <script type="module" crossorigin src="/assets/index-DvhjaUe4.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-BLBd5LBk.css">
+    <script type="module" crossorigin src="/assets/index-HocOQZ9L.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-BZpAV5M8.css">
   </head>
   <body class="bg-background text-ink font-sans antialiased">
     <div id="root"></div>

package/web-app/server.py

@@ -12,10 +12,12 @@ import asyncio
 import inspect
 import json
 import os
+import re
 import signal
 import subprocess
 import sys
 import time
+import uuid
 from pathlib import Path
 from typing import Optional
 
@@ -109,46 +111,85 @@ class SessionState:
         self.log_lines = []
 
 
-def _kill_orphan_loki_processes(project_dir: str = "") -> None:
-    """Kill any orphaned loki-run processes."""
+def _kill_tracked_child_processes() -> None:
+    """Kill only processes that Purple Lab started, not external loki sessions."""
     import subprocess as _sp
-    patterns: list[str] = []
-    if project_dir:
-        patterns.append(f"loki-run.*{project_dir}")
-    patterns.append("loki-run-")
+    tracked = _get_tracked_child_pids()
+    if not tracked:
+        return
 
-    killed_pids: set[int] = set()
-    for pattern in patterns:
+    for pid in tracked:
         try:
-            result = _sp.run(
-                ["pgrep", "-f", pattern],
-                capture_output=True, text=True, timeout=5,
-            )
-            if result.returncode == 0:
-                for pid_str in result.stdout.strip().splitlines():
-                    try:
-                        pid = int(pid_str.strip())
-                        if pid not in killed_pids:
-                            os.kill(pid, signal.SIGTERM)
-                            killed_pids.add(pid)
-                    except (ValueError, ProcessLookupError, PermissionError):
-                        pass
-        except Exception:
+            # Kill the entire process tree (children first, then parent)
+            _sp.run(["pkill", "-TERM", "-P", str(pid)],
+                     capture_output=True, timeout=5)
+            os.kill(pid, signal.SIGTERM)
+        except (ProcessLookupError, PermissionError, OSError):
             pass
 
-    # Wait briefly then SIGKILL any survivors
-    if killed_pids:
-        import time as _time
-        _time.sleep(2)
-        for pid in killed_pids:
-            try:
-                os.kill(pid, signal.SIGKILL)
-            except (ProcessLookupError, PermissionError, OSError):
-                pass
+    # Wait briefly then SIGKILL survivors
+    import time as _time
+    _time.sleep(2)
+    for pid in tracked:
+        try:
+            _sp.run(["pkill", "-9", "-P", str(pid)],
+                     capture_output=True, timeout=5)
+            os.kill(pid, signal.SIGKILL)
+        except (ProcessLookupError, PermissionError, OSError):
+            pass
+
+    _clear_tracked_pids()
 
 
 session = SessionState()
 
+# Track PIDs of sessions started by Purple Lab (not by external loki CLI)
+_PURPLE_LAB_PIDS_FILE = SCRIPT_DIR.parent / ".loki" / "purple-lab" / "child-pids.json"
+
+
+def _track_child_pid(pid: int) -> None:
+    """Record a PID started by Purple Lab so loki web stop can clean it up."""
+    _PURPLE_LAB_PIDS_FILE.parent.mkdir(parents=True, exist_ok=True)
+    pids: list[int] = []
+    if _PURPLE_LAB_PIDS_FILE.exists():
+        try:
+            pids = json.loads(_PURPLE_LAB_PIDS_FILE.read_text())
+        except (json.JSONDecodeError, OSError):
+            pids = []
+    if pid not in pids:
+        pids.append(pid)
+    _PURPLE_LAB_PIDS_FILE.write_text(json.dumps(pids))
+
+
+def _untrack_child_pid(pid: int) -> None:
+    """Remove a PID from tracking after it exits."""
+    if not _PURPLE_LAB_PIDS_FILE.exists():
+        return
+    try:
+        pids = json.loads(_PURPLE_LAB_PIDS_FILE.read_text())
+        pids = [p for p in pids if p != pid]
+        _PURPLE_LAB_PIDS_FILE.write_text(json.dumps(pids))
+    except (json.JSONDecodeError, OSError):
+        pass
+
+
+def _get_tracked_child_pids() -> list[int]:
+    """Get all PIDs started by Purple Lab."""
+    if not _PURPLE_LAB_PIDS_FILE.exists():
+        return []
+    try:
+        return json.loads(_PURPLE_LAB_PIDS_FILE.read_text())
+    except (json.JSONDecodeError, OSError):
+        return []
+
+
+def _clear_tracked_pids() -> None:
+    """Clear all tracked PIDs."""
+    try:
+        _PURPLE_LAB_PIDS_FILE.unlink(missing_ok=True)
+    except OSError:
+        pass
+
 # ---------------------------------------------------------------------------
 # Request / Response models
 # ---------------------------------------------------------------------------
@@ -203,6 +244,11 @@ class ChatRequest(BaseModel):
     message: str
     mode: str = "quick"  # "quick" or "standard"
 
+
+class SecretRequest(BaseModel):
+    key: str
+    value: str
+
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
@@ -328,6 +374,48 @@ def _build_file_tree(root: Path, max_depth: int = 4, _depth: int = 0) -> list[di
         entries.append(node)
     return entries
 
+
+# ---------------------------------------------------------------------------
+# Secrets management (plaintext -- this is a local dev tool, not a vault)
+# ---------------------------------------------------------------------------
+
+_SECRETS_FILE = SCRIPT_DIR.parent / ".loki" / "purple-lab" / "secrets.json"
+
+
+def _load_secrets() -> dict[str, str]:
+    """Load secrets from disk."""
+    if _SECRETS_FILE.exists():
+        try:
+            data = json.loads(_SECRETS_FILE.read_text())
+            if isinstance(data, dict):
+                return data
+        except (json.JSONDecodeError, OSError):
+            pass
+    return {}
+
+
+def _save_secrets(secrets: dict[str, str]) -> None:
+    """Save secrets to disk. WARNING: stored in plaintext."""
+    _SECRETS_FILE.parent.mkdir(parents=True, exist_ok=True)
+    _SECRETS_FILE.write_text(json.dumps(secrets, indent=2))
+
+
+# ---------------------------------------------------------------------------
+# Chat task tracking (non-blocking chat via polling)
+# ---------------------------------------------------------------------------
+
+
+class ChatTask:
+    def __init__(self) -> None:
+        self.id = str(uuid.uuid4())[:8]
+        self.output_lines: list[str] = []
+        self.complete = False
+        self.returncode: int = -1
+        self.files_changed: list[str] = []
+
+
+_chat_tasks: dict[str, ChatTask] = {}
+
 # ---------------------------------------------------------------------------
 # API endpoints
 # ---------------------------------------------------------------------------
@@ -378,6 +466,10 @@ async def start_session(req: StartRequest) -> JSONResponse:
             ]
 
         try:
+            # Load secrets and inject as env vars
+            build_env = {**os.environ, "LOKI_DIR": os.path.join(project_dir, ".loki")}
+            build_env.update(_load_secrets())
+
             proc = subprocess.Popen(
                 cmd,
                 stdout=subprocess.PIPE,
@@ -385,7 +477,7 @@ async def start_session(req: StartRequest) -> JSONResponse:
                 stdin=subprocess.DEVNULL,
                 text=True,
                 cwd=project_dir,
-                env={**os.environ, "LOKI_DIR": os.path.join(project_dir, ".loki")},
+                env=build_env,
                 **({"start_new_session": True} if sys.platform != "win32"
                    else {"creationflags": subprocess.CREATE_NEW_PROCESS_GROUP}),
             )
@@ -409,6 +501,9 @@ async def start_session(req: StartRequest) -> JSONResponse:
         session.project_dir = project_dir
         session.start_time = time.time()
 
+        # Track this PID so loki web stop knows it's ours
+        _track_child_pid(proc.pid)
+
         # Start background output reader
         session._reader_task = asyncio.create_task(_read_process_output())
 
@@ -485,7 +580,7 @@ async def stop_session() -> JSONResponse:
         # Kill any orphaned loki-run processes for this project
         if session.project_dir:
             await asyncio.get_running_loop().run_in_executor(
-                None, _kill_orphan_loki_processes, session.project_dir
+                None, _kill_tracked_child_processes
             )
 
         await _broadcast({"type": "session_end", "data": {"message": "Session stopped by user"}})
@@ -1558,44 +1653,61 @@ async def onboard_session(req: OnboardRequest) -> JSONResponse:
 
 @app.post("/api/sessions/{session_id}/chat")
 async def chat_session(session_id: str, req: ChatRequest) -> JSONResponse:
-    """Run iterative chat command on a project."""
-    import re
+    """Start a chat command (non-blocking). Returns task_id for polling."""
     if not re.match(r"^[a-zA-Z0-9._-]+$", session_id):
         return JSONResponse(status_code=400, content={"error": "Invalid session ID"})
-
-    # Find project directory
     target = _find_session_dir(session_id)
-
     if target is None:
         return JSONResponse(status_code=404, content={"error": "Session not found"})
 
-    # Build command based on mode
-    if req.mode == "quick":
-        cmd_args = ["quick", req.message]
-    else:
-        cmd_args = ["start", "--provider", "claude", str(target / "PRD.md")]
-
-    rc, output = await asyncio.get_running_loop().run_in_executor(
-        None, lambda: _run_loki_cmd(cmd_args, cwd=str(target), timeout=300)
-    )
+    task = ChatTask()
+    _chat_tasks[task.id] = task
 
-    # Detect changed files
-    files_changed: list[str] = []
-    try:
-        import subprocess as _sp
-        result = _sp.run(
-            ["git", "diff", "--name-only", "HEAD~1"],
-            cwd=str(target), capture_output=True, text=True, timeout=10
+    async def run_chat() -> None:
+        loop = asyncio.get_running_loop()
+        if req.mode == "quick":
+            cmd_args = ["quick", req.message]
+        else:
+            cmd_args = ["start", "--provider", "claude", str(target / "PRD.md")]
+        rc, output = await loop.run_in_executor(
+            None, lambda: _run_loki_cmd(cmd_args, cwd=str(target), timeout=300)
         )
-        if result.returncode == 0:
-            files_changed = [f for f in result.stdout.strip().splitlines() if f]
-    except Exception:
-        pass
+        task.output_lines = output.splitlines()
+        task.returncode = rc
+        # Detect changed files
+        try:
+            import subprocess as _sp
+            result = _sp.run(
+                ["git", "diff", "--name-only", "HEAD~1"],
+                cwd=str(target), capture_output=True, text=True, timeout=10
+            )
+            if result.returncode == 0:
+                task.files_changed = [f for f in result.stdout.strip().splitlines() if f]
+        except Exception:
+            pass
+        task.complete = True
+
+    asyncio.create_task(run_chat())
 
     return JSONResponse(content={
-        "output": output,
-        "files_changed": files_changed,
-        "returncode": rc,
+        "task_id": task.id,
+        "status": "running",
+    })
+
+
+@app.get("/api/sessions/{session_id}/chat/{task_id}")
+async def get_chat_status(session_id: str, task_id: str) -> JSONResponse:
+    """Poll chat task status and get partial output."""
+    task = _chat_tasks.get(task_id)
+    if task is None:
+        return JSONResponse(status_code=404, content={"error": "Task not found"})
+    return JSONResponse(content={
+        "task_id": task.id,
+        "status": "complete" if task.complete else "running",
+        "output_lines": task.output_lines,
+        "returncode": task.returncode,
+        "files_changed": task.files_changed,
+        "complete": task.complete,
     })
 
 
@@ -1659,6 +1771,160 @@ async def export_session(session_id: str) -> JSONResponse:
     return JSONResponse(content={"output": output, "returncode": rc})
 
 
+# ---------------------------------------------------------------------------
+# Secrets management endpoints
+# ---------------------------------------------------------------------------
+
+
+@app.get("/api/secrets")
+async def get_secrets() -> JSONResponse:
+    """List secret keys (values masked)."""
+    secrets = _load_secrets()
+    masked = {k: "***" for k in secrets}
+    return JSONResponse(content=masked)
+
+
+@app.post("/api/secrets")
+async def set_secret(req: SecretRequest) -> JSONResponse:
+    """Set or update a secret."""
+    if not re.match(r'^[A-Za-z_][A-Za-z0-9_]*$', req.key):
+        return JSONResponse(status_code=400, content={"error": "Invalid key. Use ENV_VAR style names."})
+    secrets = _load_secrets()
+    secrets[req.key] = req.value
+    _save_secrets(secrets)
+    return JSONResponse(content={"set": True, "key": req.key})
+
+
+@app.delete("/api/secrets/{key}")
+async def delete_secret(key: str) -> JSONResponse:
+    """Delete a secret."""
+    secrets = _load_secrets()
+    if key not in secrets:
+        return JSONResponse(status_code=404, content={"error": "Secret not found"})
+    del secrets[key]
+    _save_secrets(secrets)
+    return JSONResponse(content={"deleted": True, "key": key})
+
+
+# ---------------------------------------------------------------------------
+# Preview info (smart project type detection)
+# ---------------------------------------------------------------------------
+
+
+@app.get("/api/sessions/{session_id}/preview-info")
+async def get_preview_info(session_id: str) -> JSONResponse:
+    """Detect project type and determine the best preview strategy."""
+    if not re.match(r"^[a-zA-Z0-9._-]+$", session_id):
+        return JSONResponse(status_code=400, content={"error": "Invalid session ID"})
+    target = _find_session_dir(session_id)
+    if target is None:
+        return JSONResponse(status_code=404, content={"error": "Session not found"})
+
+    info: dict = {
+        "type": "unknown",
+        "preview_url": None,
+        "entry_file": None,
+        "dev_command": None,
+        "port": None,
+        "description": "No preview available",
+    }
+
+    # Detect project type from files
+    files = {f.name for f in target.iterdir() if f.is_file()} if target.is_dir() else set()
+    has_package_json = "package.json" in files
+    has_index_html = (
+        "index.html" in files
+        or (target / "public" / "index.html").exists()
+        or (target / "src" / "index.html").exists()
+    )
+    has_pyproject = "pyproject.toml" in files or "setup.py" in files or "requirements.txt" in files
+    has_go_mod = "go.mod" in files
+    has_cargo = "Cargo.toml" in files
+    has_dockerfile = "Dockerfile" in files or "docker-compose.yml" in files
+
+    # Read package.json for more info
+    pkg_scripts: dict = {}
+    pkg_deps: dict = {}
+    if has_package_json:
+        try:
+            pkg = json.loads((target / "package.json").read_text())
+            pkg_scripts = pkg.get("scripts", {})
+            pkg_deps = {**pkg.get("dependencies", {}), **pkg.get("devDependencies", {})}
+        except (json.JSONDecodeError, OSError):
+            pass
+
+    # Determine project type and preview strategy
+    is_react = "react" in pkg_deps or "next" in pkg_deps or "vite" in pkg_deps
+    is_express = "express" in pkg_deps or "fastify" in pkg_deps or "koa" in pkg_deps or "hono" in pkg_deps
+    is_flask = has_pyproject and any((target / f).exists() for f in ["app.py", "main.py", "server.py"])
+    is_fastapi = has_pyproject and any(
+        "fastapi" in (target / f).read_text(errors="replace")
+        for f in ["app.py", "main.py", "server.py"]
+        if (target / f).exists()
+    )
+
+    if is_react or (has_package_json and has_index_html):
+        info["type"] = "web-app"
+        info["entry_file"] = "index.html"
+        info["preview_url"] = f"/api/sessions/{session_id}/preview/index.html"
+        info["dev_command"] = pkg_scripts.get("dev") or pkg_scripts.get("start")
+        info["description"] = "Web application -- serves HTML/CSS/JS"
+    elif is_express or (has_package_json and ("start" in pkg_scripts or "dev" in pkg_scripts) and not has_index_html):
+        # API/server project
+        port = 3000  # default
+        # Try to detect port from scripts
+        start_script = pkg_scripts.get("start", "") + pkg_scripts.get("dev", "")
+        port_match = re.search(r"(?:PORT|port)[=: ]*(\d+)", start_script)
+        if port_match:
+            port = int(port_match.group(1))
+        info["type"] = "api"
+        info["port"] = port
+        info["dev_command"] = pkg_scripts.get("dev") or pkg_scripts.get("start")
+        info["description"] = f"API server -- runs on port {port}"
+        # Check for swagger/openapi
+        for swagger_path in ["swagger.json", "openapi.json", "docs", "api-docs"]:
+            if (target / swagger_path).exists():
+                info["preview_url"] = f"/api/sessions/{session_id}/preview/{swagger_path}"
+                break
+    elif is_fastapi or is_flask:
+        info["type"] = "python-api"
+        info["port"] = 8000
+        info["dev_command"] = "uvicorn app:app --reload" if is_fastapi else "flask run"
+        info["description"] = "Python API server"
+    elif has_index_html:
+        info["type"] = "static-site"
+        info["entry_file"] = "index.html"
+        info["preview_url"] = f"/api/sessions/{session_id}/preview/index.html"
+        info["description"] = "Static site -- serves HTML directly"
+    elif has_package_json and "test" in pkg_scripts:
+        info["type"] = "library"
+        info["dev_command"] = pkg_scripts.get("test")
+        info["description"] = "Library/package -- run tests to verify"
+    elif has_go_mod:
+        info["type"] = "go-app"
+        info["dev_command"] = "go run ."
+        info["description"] = "Go application"
+    elif has_cargo:
+        info["type"] = "rust-app"
+        info["dev_command"] = "cargo run"
+        info["description"] = "Rust application"
+    elif has_dockerfile:
+        info["type"] = "containerized"
+        info["dev_command"] = "docker compose up"
+        info["description"] = "Containerized application"
+    else:
+        # Check for any README or docs
+        for doc_file in ["README.md", "readme.md", "README.txt"]:
+            if (target / doc_file).exists():
+                info["type"] = "project"
+                info["entry_file"] = doc_file
+                info["preview_url"] = f"/api/sessions/{session_id}/preview/{doc_file}"
+                info["description"] = "Project -- showing README"
+                break
+
+    return JSONResponse(content=info)
+
+
 # ---------------------------------------------------------------------------
 # Health check
 # ---------------------------------------------------------------------------

package/web-app/dist/assets/Button-NSmP6YCA.js

@@ -1 +0,0 @@
-import{r as p,j as t}from"./index-DvhjaUe4.js";const m={primary:"bg-[#553DE9] text-white hover:bg-[#4432c4] shadow-button rounded-btn",secondary:"border border-[#553DE9] text-[#553DE9] hover:bg-[#E8E4FD] bg-transparent rounded-btn",ghost:"text-[#36342E] hover:bg-[#F8F4F0] rounded-btn",danger:"bg-[#C45B5B]/10 text-[#C45B5B] border border-[#C45B5B]/20 hover:bg-[#C45B5B]/20 rounded-btn"},b={sm:"px-3 py-1.5 text-xs",md:"px-4 py-2 text-sm",lg:"px-6 py-3 text-base"},u={sm:14,md:16,lg:18};function h({size:e}){return t.jsxs("svg",{className:"animate-spin",width:e,height:e,viewBox:"0 0 24 24",fill:"none",children:[t.jsx("circle",{className:"opacity-25",cx:"12",cy:"12",r:"10",stroke:"currentColor",strokeWidth:"4"}),t.jsx("path",{className:"opacity-75",fill:"currentColor",d:"M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z"})]})}const B=p.forwardRef(({variant:e="primary",size:o="md",icon:n,iconRight:i,loading:r=!1,disabled:a,className:c="",children:l,...x},d)=>{const s=u[o];return t.jsxs("button",{ref:d,disabled:a||r,className:["inline-flex items-center justify-center gap-2 font-medium transition-colors",m[e],b[o],(a||r)&&"opacity-60 cursor-not-allowed",c].filter(Boolean).join(" "),...x,children:[r?t.jsx(h,{size:s}):n?t.jsx(n,{size:s}):null,l,i&&!r&&t.jsx(i,{size:s})]})});B.displayName="Button";export{B};