pi-crew 0.9.9 → 0.9.11

package/src/ui/widget/index.ts

@@ -18,13 +18,30 @@ import { spinnerBucket, spinnerFrame } from "../spinner.ts";
 import { runEventBus } from "../run-event-bus.ts";
 import { DEFAULT_UI } from "../../config/defaults.ts";
 import { activeWidgetRuns, statusSummary } from "./widget-model.ts";
-import { buildWidgetLines, colorWidgetLine, renderLines } from "./widget-renderer.ts";
+import { buildWidgetLines, colorWidgetLine, renderLines, DEFAULT_WIDGET_WIDTH, TASK_DESC_MAX } from "./widget-renderer.ts";
 import type { CrewWidgetModel, CrewWidgetState, WidgetRun } from "./widget-types.ts";
 
 // Re-export types and helpers for backward compatibility
 export type { WidgetRun, CrewWidgetModel, CrewWidgetState } from "./widget-types.ts";
 export { activeWidgetRuns, statusSummary } from "./widget-model.ts";
-export { buildWidgetLines as buildCrewWidgetLines, widgetHeader } from "./widget-renderer.ts";
+export { buildWidgetLines as buildCrewWidgetLines, widgetHeader, DEFAULT_WIDGET_WIDTH, TASK_DESC_MAX } from "./widget-renderer.ts";
+
+/**
+ * Resolve the real render width for widget lines, in priority order:
+ *   1. explicit `width` argument (e.g. from caller that already knows terminal width)
+ *   2. `process.stdout.columns` (works in Node when stdout is a TTY)
+ *   3. `DEFAULT_WIDGET_WIDTH` (100) — last-resort fallback so we never paint
+ *      a line wider than the smallest expected TUI.
+ *
+ * Callers SHOULD pass the width they already hold (e.g. `WidgetRender.render(width)`
+ * in this file already receives one). This helper exists for paths that don't.
+ */
+export function getRenderWidth(width?: number): number {
+	if (Number.isFinite(width) && width! > 0) return Math.floor(width!);
+	const stdoutCols = (globalThis as { process?: { stdout?: { columns?: number } } }).process?.stdout?.columns;
+	if (Number.isFinite(stdoutCols) && stdoutCols! > 0) return Math.floor(stdoutCols!);
+	return DEFAULT_WIDGET_WIDTH;
+}
 export { notificationBadge } from "./widget-formatters.ts";
 
 // ── Constants ─────────────────────────────────────────────────────────
@@ -57,7 +74,12 @@ class CrewWidgetComponent implements WidgetComponent {
 		this.theme = asCrewTheme(themeLike);
 		this.cachedTheme = this.theme;
 		this.unsubscribeTheme = subscribeThemeChange(themeLike, () => this.invalidate());
-		this.unsubscribeEventBus = runEventBus.onAny(() => this.invalidate());
+		this.unsubscribeEventBus = (() => {
+		const unsub1 = runEventBus.onChannel("run:state", () => this.invalidate());
+		const unsub2 = runEventBus.onChannel("worker:lifecycle", () => this.invalidate());
+		const unsub3 = runEventBus.onChannel("ui:invalidate", () => this.invalidate());
+		return () => { unsub1(); unsub2(); unsub3(); };
+	})();
 	}
 
 	private buildSignature(runs: WidgetRun[]): string {
@@ -103,7 +125,7 @@ class CrewWidgetComponent implements WidgetComponent {
 		const runningGlyph = spinnerFrame("widget-header");
 
 		if (this.cacheSignature !== signature || width !== this.cachedWidth || this.cachedTheme !== this.theme) {
-			this.cachedBaseLines = buildWidgetLines(this.model.cwd, 0, this.model.maxLines, runs, this.model.notificationCount ?? 0).map((line, index) => {
+			this.cachedBaseLines = buildWidgetLines(this.model.cwd, 0, this.model.maxLines, runs, this.model.notificationCount ?? 0, width).map((line, index) => {
 				if (index === 0 && line.length > 0) return `${runningGlyph}${line.slice(1)}`;
 				return line;
 			});
@@ -150,7 +172,7 @@ export function updateCrewWidget(
 	}
 
 	const runs = activeWidgetRuns(ctx.cwd, manifestCache, snapshotCache, preloadedManifests, workspaceId);
-	const lines = buildWidgetLines(ctx.cwd, state.frame, maxLines, runs, state.notificationCount ?? 0);
+	const lines = buildWidgetLines(ctx.cwd, state.frame, maxLines, runs, state.notificationCount ?? 0, getRenderWidth());
 	const placement = config?.widgetPlacement ?? DEFAULT_UI.widgetPlacement;
 
 	ctx.ui.setStatus(STATUS_KEY, lines.length ? statusSummary(runs) : undefined);

package/src/ui/widget/widget-renderer.ts

@@ -11,12 +11,21 @@ import { Box, Text } from "../layout-primitives.ts";
 import { listLiveAgents } from "../../runtime/live-agent-manager.ts";
 import { computePhaseProgress, formatPhaseProgressLine } from "../../runtime/phase-progress.ts";
 import { spinnerFrame } from "../spinner.ts";
-import { agentActivity, agentStats, notificationBadge } from "./widget-formatters.ts";
-import { shortRunLabel } from "./widget-model.ts";
+import { computeLiveDurationMs } from "../live-duration.ts";
+import { getTaskUsage } from "../../runtime/usage-tracker.ts";
+import { agentActivity, agentStats, elapsed, formatTokensCompact, notificationBadge } from "./widget-formatters.ts";
+import { activeWidgetRuns, shortRunLabel } from "./widget-model.ts";
 import type { WidgetRun } from "./widget-types.ts";
 
 const MAX_AGENTS_DISPLAY = 3;
 const FINISHED_LINGER_MAX_AGE = 1;
+/** Default terminal width when caller doesn't pass one explicitly. Keep <= 116
+ * (the same default used elsewhere in pi-crew tool renderers) so we never paint
+ * a line wider than the smallest expected TUI. Callers SHOULD pass the real
+ * width when known (via ctx.width || process.stdout.columns). */
+export const DEFAULT_WIDGET_WIDTH = 100;
+/** Cap per-component text so a single field cannot blow past width on its own. */
+export const TASK_DESC_MAX = 60;
 const ERROR_LINGER_MAX_AGE = 2;
 const ERROR_STATUSES = new Set(["failed", "cancelled", "stopped", "needs_attention"]);
 
@@ -37,8 +46,12 @@ export function widgetHeader(runs: WidgetRun[], runningGlyph: string, maxLines =
 
 // ── Line builder ──────────────────────────────────────────────────────
 
-export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedRuns?: WidgetRun[], notificationCount = 0): string[] {
-	const runs = providedRuns ?? [];
+export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedRuns?: WidgetRun[], notificationCount = 0, width = DEFAULT_WIDGET_WIDTH): string[] {
+	// Match the legacy `buildCrewWidgetLines` API: when no runs are supplied,
+	// auto-fetch via activeWidgetRuns(cwd). Otherwise widgets calling with
+	// only `(cwd, frame)` would render an empty line set (regression vs. the
+	// pre-refactor implementation that called activeWidgetRuns here).
+	const runs = providedRuns ?? activeWidgetRuns(cwd);
 	if (!runs.length) return [];
 
 	const runningGlyph = spinnerFrame("widget-header");
@@ -56,9 +69,23 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 		});
 		const completed = agents.filter((a) => a.status === "completed").length;
 		const runGlyph = iconForStatus(run.status, { runningGlyph });
-		const phaseLine = snapshot ? formatPhaseProgressLine(computePhaseProgress(snapshot.tasks)) : "";
-		const progressPart = phaseLine || `${completed}/${agents.length} done`;
-		lines.push(`├─ ${runGlyph} ${shortRunLabel(run)} · ${progressPart} · ${run.runId.slice(-8)}`);
+		// Run progress line. v1–v3 flickered on snapshot.tasks state, v4 was
+		// too minimal (`0/1 agents` only), v5 duplicated the worker activity
+		// line (tools/tokens/duration already shown one row below). v6 (this)
+		// shows only data that is RUN-level (not already in the per-agent
+		// activity line) and is GUARANTEED stable across ticks:
+		//   - agents count — from `agents` array, always populated, never empty.
+		//   - run elapsed   — from `run.createdAt`, always set on manifest.
+		// Both come from sources with no race window — `agents` is read from
+		// snapshot.agents OR agentsFor(run) (both always return same length
+		// for a healthy run), and `run.createdAt` is immutable. The format
+		// shape `"X/Y agents · Ns"` is therefore truly invariant: same number
+		// of `·`-separated fields, same field meanings, every render tick.
+		const agentCountText = `${completed}/${agents.length} agents`;
+		const runElapsedMs = Math.max(0, Date.now() - new Date(run.createdAt).getTime());
+		const runElapsedText = `${Math.floor(runElapsedMs / 1000)}s`;
+		const progressPart = `${agentCountText} · ${runElapsedText}`;
+		lines.push(truncate(`├─ ${runGlyph} ${shortRunLabel(run)} · ${progressPart} · ${run.runId.slice(-8)}`, width));
 
 		const liveForRun = listLiveAgents().filter((a) => a.runId === run.runId);
 
@@ -67,8 +94,9 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 			const name = liveHandle?.agent ?? agent.agent;
 			const icon = agent.status === "completed" ? "✓" : agent.status === "failed" ? "✗" : agent.status === "needs_attention" ? "⚠" : "▪";
 			const stats = agentStats(agent, liveHandle);
-			const desc = liveHandle?.description ?? agent.role;
-			lines.push(`│  ├─ ${icon} ${name} · ${desc}${stats ? ` · ${stats}` : ""}`);
+			const desc = truncate(liveHandle?.description ?? agent.role ?? "", TASK_DESC_MAX);
+			const _finished = truncate(`│  ├─ ${icon} ${name} · ${desc}${stats ? ` · ${stats}` : ""}`, width);
+			lines.push(_finished);
 		}
 
 		const visibleAgents = activeAgents.slice(0, MAX_AGENTS_DISPLAY);
@@ -79,13 +107,15 @@ export function buildWidgetLines(cwd: string, frame = 0, maxLines = 8, providedR
 			const liveHandle = liveForRun.find((h) => h.taskId === agent.taskId);
 			const stats = agentStats(agent, liveHandle);
 			const name = liveHandle?.agent ?? agent.agent;
-			const desc = liveHandle?.description ?? agent.role;
-			lines.push(`│  ${branch} ${agentGlyph} ${name}${desc ? ` · ${desc}` : ` · ${agent.role}`}`);
-			lines.push(`│     ⊶ ${agentActivity(agent, liveHandle)}${stats ? ` · ${stats}` : ""}`);
+			const desc = truncate(liveHandle?.description ?? agent.role ?? "", TASK_DESC_MAX);
+			const _activeMain = truncate(`│  ${branch} ${agentGlyph} ${name}${desc ? ` · ${desc}` : ` · ${agent.role}`}`, width);
+			lines.push(_activeMain);
+			const _activity = truncate(`│     ⊶ ${agentActivity(agent, liveHandle)}${stats ? ` · ${stats}` : ""}`, width);
+			lines.push(_activity);
 		}
 
 		if (activeAgents.length > MAX_AGENTS_DISPLAY) {
-			lines.push(`│  └─ … +${activeAgents.length - MAX_AGENTS_DISPLAY} more agents`);
+			lines.push(truncate(`│  └─ … +${activeAgents.length - MAX_AGENTS_DISPLAY} more agents`, width));
 		}
 
 		if (lines.length >= maxLines) break;

package/src/utils/redaction.ts

@@ -97,34 +97,54 @@ export function isSecretKey(keyName: string): boolean {
 	return false;
 }
 
-// Linear-time Authorization header redaction
+// Boundary chars that may precede an "authorization:" or "Bearer " keyword.
+// Includes '-' so prefixed headers (Proxy-Authorization, X-Authorization) and
+// '\t' so tab-indented headers are recognized. See security review L5.
+const AUTH_HEADER_BOUNDARY_CHARS = new Set([" ", ",", "{", "[", "\"", "\r", "\n", "-", "\t"]);
+function isAuthHeaderBoundary(ch: string | undefined): boolean {
+	return ch !== undefined && AUTH_HEADER_BOUNDARY_CHARS.has(ch);
+}
+
+// Linear-time Authorization header redaction.
+// L3 fix: scan ALL occurrences (previously first-only via indexOf, so a second
+// "authorization:" on a later line leaked). L5 fix: boundary set includes '-'
+// and '\t' so Proxy-Authorization / X-Authorization / tab-indented headers are
+// redacted. Bearer values are left for redactBearerTokens.
 export function redactAuthHeader(line: string): string {
 	const lower = line.toLowerCase();
-	const authIdx = lower.indexOf("authorization:");
-	if (authIdx === -1) return line;
-	
-	// Verify word boundary - must be at start of line or preceded by whitespace/comma/brace
-	if (authIdx > 0) {
-		const before = line[authIdx - 1];
-		if (before !== ' ' && before !== ',' && before !== '{' && before !== '[' && before !== '"' && before !== '\r' && before !== '\n') {
-			return line; // Not a word boundary
+	let result = "";
+	let i = 0;          // emit cursor into the original `line`
+	let searchFrom = 0;  // cursor for the next indexOf scan
+	for (;;) {
+		const authIdx = lower.indexOf("authorization:", searchFrom);
+		if (authIdx === -1) {
+			result += line.substring(i);
+			return result;
 		}
-	}
-	
-	// Check if this is followed by Bearer token (don't redact Bearer tokens separately)
-	// Look for "Bearer" after "authorization:"
-	const afterAuth = lower.substring(authIdx + 14).trimStart();
-	if (!afterAuth.startsWith('bearer ')) {
-		// No Bearer token, this is a regular Authorization header - redact it
-		let end = authIdx + 14;
-		while (end < line.length && line[end] !== "\r" && line[end] !== "\n") {
-			end++;
+		// Emit the unchanged span up to this occurrence.
+		result += line.substring(i, authIdx);
+		const isBoundary = authIdx === 0 || isAuthHeaderBoundary(line[authIdx - 1]);
+		const afterAuth = lower.substring(authIdx + 14).trimStart();
+		if (isBoundary && !afterAuth.startsWith("bearer ")) {
+			// Regular Authorization header — blank the credential value (the rest
+			// of the line is the credential). Appending only a marker would leave
+			// the secret bytes visible; replace them with "***". Bearer values are
+			// left intact here for redactBearerTokens. See security review L3/L5.
+			let end = authIdx + 14;
+			while (end < line.length && line[end] !== "\r" && line[end] !== "\n") {
+				end++;
+			}
+			result += line.substring(authIdx, authIdx + 14) + " ***";
+			i = end;
+			searchFrom = end; // entire line consumed; resume after the line break
+		} else {
+			// Bearer token (handled by redactBearerTokens) OR not a boundary —
+			// keep the "authorization:" literal and continue scanning.
+			result += line.substring(authIdx, authIdx + 14);
+			i = authIdx + 14;
+			searchFrom = authIdx + 14;
 		}
-		return line.substring(0, end) + " ***" + (end < line.length ? line.substring(end) : "");
 	}
-	
-	// It's a Bearer token format - don't redact here, let redactBearerTokens handle it
-	return line;
 }
 
 // Linear-time Bearer token redaction
@@ -135,14 +155,12 @@ export function redactBearerTokens(line: string): string {
 	
 	while (i < line.length) {
 		if (upper.startsWith("BEARER ", i)) {
-			// Check word boundary: preceded by start, space, comma, brace, or newline
-			if (i > 0) {
-				const before = line[i - 1];
-				if (before !== ' ' && before !== ',' && before !== '{' && before !== '[' && before !== '"' && before !== '\r' && before !== '\n') {
-					result.push(line[i]);
-					i++;
-					continue;
-				}
+			// Check word boundary: start-of-string or a boundary char. Includes '-'
+			// and '\t' (L5) so "Proxy-Authorization: Bearer ..." is redacted.
+			if (i > 0 && !isAuthHeaderBoundary(line[i - 1])) {
+				result.push(line[i]);
+				i++;
+				continue;
 			}
 			
 			// Found "Bearer " - now find the token
@@ -208,6 +226,22 @@ export function redactSecretString(value: string): string {
 // i++ (advance 1 char) and re-scanned from i+1, so a long run was rescanned O(n)
 // times = O(n^2). The P1f ReDoS test (300KB no-dot input) surfaced this pre-existing
 // bug. Now advances past the whole run when it isn't a redactable secret -> O(n).
+// FIX (BG2 follow-up): the inner-loop regex test /[a-zA-Z0-9_-]/.test(value[j])
+// is O(1) per call but with measurable regex-engine overhead — for a 100KB
+// underscore run that's 100K regex calls, well over the 200ms budget the
+// P1f regression test allows. Replaced with a charCodeAt check (~5x faster
+// in practice, O(1) per call with no regex allocation/eval cost).
+function isKeyChar(c: string): boolean {
+	const code = c.charCodeAt(0);
+	return (
+		(code >= 48 && code <= 57) ||  // 0-9
+		(code >= 65 && code <= 90) ||  // A-Z
+		(code >= 97 && code <= 122) || // a-z
+		code === 95 || // _
+		code === 45 // -
+	);
+}
+
 function redactInlineSecrets(value: string): string {
 	const result: string[] = [];
 	let i = 0;
@@ -215,7 +249,7 @@ function redactInlineSecrets(value: string): string {
 	while (i < value.length) {
 		// Collect a run of key characters (alphanumeric, underscore, hyphen).
 		let j = i;
-		while (j < value.length && /[a-zA-Z0-9_-]/.test(value[j])) {
+		while (j < value.length && isKeyChar(value[j])) {
 			j++;
 		}
 		const keyLen = j - i;

package/src/utils/visual.ts

@@ -29,6 +29,12 @@ const WIDE_RANGES: Array<[number, number]> = [
 	[0x274C, 0x274C], [0x274E, 0x274E], [0x2753, 0x2755], [0x2757, 0x2757],
 	[0x2763, 0x2764], [0x2795, 0x2797], [0x27A1, 0x27A1], [0x27B0, 0x27B0],
 	[0x27BF, 0x27BF],
+	// Geometric Shapes / Misc Symbols-Arrows emoji that pi-tui upstream counts as
+	// width=2 (RGI emoji). Mismatch here caused the "Rendered line N exceeds
+	// terminal width (160 > 159)" TUI crash: pi-crew truncated to width 159 by
+	// its own (mismatched) measure, then Box padded to 159 chars, but pi-tui
+	// re-measured the padded line at 160 because ⬜ counts as 2 upstream.
+	[0x2B1B, 0x2B1C], // ⬛ BLACK LARGE SQUARE, ⬜ WHITE LARGE SQUARE
 	[0x1F300, 0x1F9FF], // Misc Symbols, Emoticons, Transport, Map, Supplement
 	[0x1FA00, 0x1FAFF], // Symbols Extended-A
 	[0x1F000, 0x1F02F], // Mahjong, Dominos