pi-crew 0.9.10 → 0.9.12

package/src/ui/widget/widget-renderer.ts

@@ -5,7 +5,7 @@
  */
 
 import type { CrewTheme } from "../theme-adapter.ts";
-import { iconForStatus } from "../status-colors.ts";
+import { iconForStatus, colorizeStatusGlyphs } from "../status-colors.ts";
 import { truncate } from "../../utils/visual.ts";
 import { Box, Text } from "../layout-primitives.ts";
 import { listLiveAgents } from "../../runtime/live-agent-manager.ts";
@@ -89,19 +89,21 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 
 		const liveForRun = listLiveAgents().filter((a) => a.runId === run.runId);
 
-		for (const agent of finishedAgents.slice(0, 2)) {
-			const liveHandle = liveForRun.find((h) => h.taskId === agent.taskId);
-			const name = liveHandle?.agent ?? agent.agent;
-			const icon = agent.status === "completed" ? "✓" : agent.status === "failed" ? "✗" : agent.status === "needs_attention" ? "⚠" : "▪";
-			const stats = agentStats(agent, liveHandle);
-			const desc = truncate(liveHandle?.description ?? agent.role ?? "", TASK_DESC_MAX);
-			const _finished = truncate(`│  ├─ ${icon} ${name} · ${desc}${stats ? ` · ${stats}` : ""}`, width);
-			lines.push(_finished);
-		}
-
-		const visibleAgents = activeAgents.slice(0, MAX_AGENTS_DISPLAY);
+		// L-4: prioritize RUNNING > QUEUED > WAITING within the visible window so the
+		// most relevant live workers are always shown. Finished rows fill only the
+		// leftover budget and never steal slots from running agents.
+		const ACTIVE_PRIORITY: Record<string, number> = { running: 0, queued: 1, waiting: 2 };
+		const prioritizedActive = [...activeAgents].sort(
+			(a, b) => (ACTIVE_PRIORITY[a.status] ?? 9) - (ACTIVE_PRIORITY[b.status] ?? 9),
+		);
+		// Finished rows only appear in slots not used by active agents (max 2). When
+		// there are >= MAX_AGENTS_DISPLAY live workers, finished rows are suppressed
+		// entirely so they cannot push a live agent's activity line off-screen.
+		const finishedSlots = Math.max(0, Math.min(2, MAX_AGENTS_DISPLAY - activeAgents.length));
+
+		const visibleAgents = prioritizedActive.slice(0, MAX_AGENTS_DISPLAY);
 		for (const [index, agent] of visibleAgents.entries()) {
-			const last = index === visibleAgents.length - 1 && activeAgents.length <= MAX_AGENTS_DISPLAY;
+			const last = index === visibleAgents.length - 1 && activeAgents.length <= MAX_AGENTS_DISPLAY && finishedSlots === 0;
 			const branch = last ? "└─" : "├─";
 			const agentGlyph = iconForStatus(agent.status, { runningGlyph });
 			const liveHandle = liveForRun.find((h) => h.taskId === agent.taskId);
@@ -118,6 +120,18 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 			lines.push(truncate(`│  └─ … +${activeAgents.length - MAX_AGENTS_DISPLAY} more agents`, width));
 		}
 
+		for (const [index, agent] of finishedAgents.slice(0, finishedSlots).entries()) {
+			const liveHandle = liveForRun.find((h) => h.taskId === agent.taskId);
+			const name = liveHandle?.agent ?? agent.agent;
+			const icon = agent.status === "completed" ? "✓" : agent.status === "failed" ? "✗" : agent.status === "needs_attention" ? "⚠" : "▪";
+			const stats = agentStats(agent, liveHandle);
+			const desc = truncate(liveHandle?.description ?? agent.role ?? "", TASK_DESC_MAX);
+			const isLastFinished = index === Math.min(finishedAgents.length, finishedSlots) - 1;
+			const branch = isLastFinished ? "└─" : "├─";
+			const _finished = truncate(`│  ${branch} ${icon} ${name} · ${desc}${stats ? ` · ${stats}` : ""}`, width);
+			lines.push(_finished);
+		}
+
 		if (lines.length >= maxLines) break;
 	}
 
@@ -126,25 +140,15 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 
 // ── Colorization ──────────────────────────────────────────────────────
 
-function statusGlyphColor(icon: string): Parameters<CrewTheme["fg"]>[0] {
-	const mapping: Record<string, Parameters<CrewTheme["fg"]>[0]> = {
-		"✓": "success",
-		"✗": "error",
-		"■": "warning",
-		"⏸": "warning",
-		"◦": "dim",
-		"·": "dim",
-		"▶": "accent",
-	};
-	return mapping[icon] ?? "accent";
-}
-
 export function colorWidgetLine(line: string, index: number, theme: CrewTheme): string {
 	let result = line;
 	if (index === 0) {
 		result = result.replace("Crew agents", theme.bold(theme.fg("accent", "Crew agents")));
 	}
-	result = result.replace(/[✓✗■⏸◦·▶]/g, (icon) => theme.fg(statusGlyphColor(icon), icon));
+	// Shared glyph colorizer covers ALL status glyphs — including ⏳ (waiting),
+	// ⚠ (needs_attention), and the braille spinner range ⠁-⣿ (running) — which the
+	// previous local statusGlyphColor map + regex omitted (F-1, V-3).
+	result = colorizeStatusGlyphs(result, theme);
 	if (index === 0) {
 		result = theme.fg("accent", result);
 	}

package/src/utils/redaction.ts

@@ -97,34 +97,54 @@ export function isSecretKey(keyName: string): boolean {
 	return false;
 }
 
-// Linear-time Authorization header redaction
+// Boundary chars that may precede an "authorization:" or "Bearer " keyword.
+// Includes '-' so prefixed headers (Proxy-Authorization, X-Authorization) and
+// '\t' so tab-indented headers are recognized. See security review L5.
+const AUTH_HEADER_BOUNDARY_CHARS = new Set([" ", ",", "{", "[", "\"", "\r", "\n", "-", "\t"]);
+function isAuthHeaderBoundary(ch: string | undefined): boolean {
+	return ch !== undefined && AUTH_HEADER_BOUNDARY_CHARS.has(ch);
+}
+
+// Linear-time Authorization header redaction.
+// L3 fix: scan ALL occurrences (previously first-only via indexOf, so a second
+// "authorization:" on a later line leaked). L5 fix: boundary set includes '-'
+// and '\t' so Proxy-Authorization / X-Authorization / tab-indented headers are
+// redacted. Bearer values are left for redactBearerTokens.
 export function redactAuthHeader(line: string): string {
 	const lower = line.toLowerCase();
-	const authIdx = lower.indexOf("authorization:");
-	if (authIdx === -1) return line;
-	
-	// Verify word boundary - must be at start of line or preceded by whitespace/comma/brace
-	if (authIdx > 0) {
-		const before = line[authIdx - 1];
-		if (before !== ' ' && before !== ',' && before !== '{' && before !== '[' && before !== '"' && before !== '\r' && before !== '\n') {
-			return line; // Not a word boundary
+	let result = "";
+	let i = 0;          // emit cursor into the original `line`
+	let searchFrom = 0;  // cursor for the next indexOf scan
+	for (;;) {
+		const authIdx = lower.indexOf("authorization:", searchFrom);
+		if (authIdx === -1) {
+			result += line.substring(i);
+			return result;
 		}
-	}
-	
-	// Check if this is followed by Bearer token (don't redact Bearer tokens separately)
-	// Look for "Bearer" after "authorization:"
-	const afterAuth = lower.substring(authIdx + 14).trimStart();
-	if (!afterAuth.startsWith('bearer ')) {
-		// No Bearer token, this is a regular Authorization header - redact it
-		let end = authIdx + 14;
-		while (end < line.length && line[end] !== "\r" && line[end] !== "\n") {
-			end++;
+		// Emit the unchanged span up to this occurrence.
+		result += line.substring(i, authIdx);
+		const isBoundary = authIdx === 0 || isAuthHeaderBoundary(line[authIdx - 1]);
+		const afterAuth = lower.substring(authIdx + 14).trimStart();
+		if (isBoundary && !afterAuth.startsWith("bearer ")) {
+			// Regular Authorization header — blank the credential value (the rest
+			// of the line is the credential). Appending only a marker would leave
+			// the secret bytes visible; replace them with "***". Bearer values are
+			// left intact here for redactBearerTokens. See security review L3/L5.
+			let end = authIdx + 14;
+			while (end < line.length && line[end] !== "\r" && line[end] !== "\n") {
+				end++;
+			}
+			result += line.substring(authIdx, authIdx + 14) + " ***";
+			i = end;
+			searchFrom = end; // entire line consumed; resume after the line break
+		} else {
+			// Bearer token (handled by redactBearerTokens) OR not a boundary —
+			// keep the "authorization:" literal and continue scanning.
+			result += line.substring(authIdx, authIdx + 14);
+			i = authIdx + 14;
+			searchFrom = authIdx + 14;
 		}
-		return line.substring(0, end) + " ***" + (end < line.length ? line.substring(end) : "");
 	}
-	
-	// It's a Bearer token format - don't redact here, let redactBearerTokens handle it
-	return line;
 }
 
 // Linear-time Bearer token redaction
@@ -135,14 +155,12 @@ export function redactBearerTokens(line: string): string {
 	
 	while (i < line.length) {
 		if (upper.startsWith("BEARER ", i)) {
-			// Check word boundary: preceded by start, space, comma, brace, or newline
-			if (i > 0) {
-				const before = line[i - 1];
-				if (before !== ' ' && before !== ',' && before !== '{' && before !== '[' && before !== '"' && before !== '\r' && before !== '\n') {
-					result.push(line[i]);
-					i++;
-					continue;
-				}
+			// Check word boundary: start-of-string or a boundary char. Includes '-'
+			// and '\t' (L5) so "Proxy-Authorization: Bearer ..." is redacted.
+			if (i > 0 && !isAuthHeaderBoundary(line[i - 1])) {
+				result.push(line[i]);
+				i++;
+				continue;
 			}
 			
 			// Found "Bearer " - now find the token

package/src/utils/visual.ts

@@ -39,8 +39,10 @@ const WIDE_RANGES: Array<[number, number]> = [
 	[0x1FA00, 0x1FAFF], // Symbols Extended-A
 	[0x1F000, 0x1F02F], // Mahjong, Dominos
 	[0xFE00, 0xFE0F],   // Variation Selectors (emoji presentation)
-	[0x200D, 0x200D],   // Zero Width Joiner (creates compound emoji)
 ];
+// NOTE: U+200D (Zero Width Joiner, ZWJ) is intentionally NOT listed as wide.
+// ZWJ has zero advance width by Unicode definition; miscounting it as 2 caused
+// slight over-truncation/over-padding of compound-emoji goals (T-1).
 
 function isWideCodePoint(code: number): boolean {
 	for (const [lo, hi] of WIDE_RANGES) {