pikiloom 0.4.14 → 0.4.16

package/dist/channels/telegram/render.js

@@ -85,13 +85,59 @@ export function renderCommandSelectionHtml(view) {
         lines.push('', `<i>${escapeHtml(view.helperText)}</i>`);
     return lines.join('\n');
 }
+/**
+ * Telegram caps `callback_data` at 64 bytes. Most encoded actions fit easily,
+ * but BYOK model rows encode as `md:p:<uuid>:<modelId>` (~42 bytes of overhead
+ * before the model id even starts), so a single long provider/model id blows
+ * the limit — and Telegram then rejects the *entire* message with
+ * BUTTON_DATA_INVALID, killing the whole menu. Mirror the PathRegistry idiom
+ * from directory.ts: stash the over-length payload and ship a short `r:<id>`
+ * token instead, resolving it back on the callback round-trip.
+ */
+const TELEGRAM_CALLBACK_LIMIT = 64;
+class CallbackDataRegistry {
+    idToData = new Map();
+    dataToId = new Map();
+    nextId = 1;
+    pack(data) {
+        if (Buffer.byteLength(data, 'utf8') <= TELEGRAM_CALLBACK_LIMIT)
+            return data;
+        let id = this.dataToId.get(data);
+        if (id == null) {
+            id = this.nextId++;
+            this.dataToId.set(data, id);
+            this.idToData.set(id, data);
+            if (this.idToData.size > 500) {
+                for (const oldId of [...this.idToData.keys()].slice(0, 200)) {
+                    const oldData = this.idToData.get(oldId);
+                    this.idToData.delete(oldId);
+                    this.dataToId.delete(oldData);
+                }
+            }
+        }
+        return `r:${id}`;
+    }
+    unpack(data) {
+        if (!data.startsWith('r:'))
+            return data;
+        const id = Number.parseInt(data.slice(2), 10);
+        if (!Number.isFinite(id))
+            return data;
+        return this.idToData.get(id) ?? data;
+    }
+}
+const callbackDataRegistry = new CallbackDataRegistry();
+/** Resolve a `r:<id>` token back to its original encoded action payload. */
+export function unpackCallbackData(data) {
+    return callbackDataRegistry.unpack(data);
+}
 export function renderCommandSelectionKeyboard(view) {
     if (!view.rows.length)
         return undefined;
     return {
         inline_keyboard: view.rows.map(row => row.map(button => ({
             text: formatCommandButtonLabel(button),
-            callback_data: encodeCommandAction(button.action),
+            callback_data: callbackDataRegistry.pack(encodeCommandAction(button.action)),
         }))),
     };
 }

package/dist/core/constants.js

@@ -289,6 +289,14 @@ export const AGENT_UPDATE_TIMEOUTS = {
     npmPrefix: 10_000,
     /** Timeout for `npm view <pkg> version`. */
     npmView: 20_000,
+    /** Max time an agent spawn waits for an in-flight reinstall of that agent's
+     *  own CLI to finish before exec'ing. A concurrent `npm install -g` / `brew
+     *  upgrade` (this process OR the prod self-bootstrap) briefly removes the bin
+     *  symlink, so racing it yields exit 127 "command not found"; the wait
+     *  resolves early the instant the install ends. */
+    spawnWait: 2 * 60_000,
+    /** Poll interval while a spawn waits out an in-flight reinstall. */
+    spawnWaitPoll: 200,
 };
 // ---------------------------------------------------------------------------
 // Code agent (shared layer)

package/dist/dashboard/routes/config.js

@@ -6,8 +6,9 @@ import fs from 'node:fs';
 import path from 'node:path';
 import os from 'node:os';
 import { spawn, spawnSync } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
 import { loadUserConfig, saveUserConfig, applyUserConfig, hasUserConfigFile } from '../../core/config/user-config.js';
-import { expandTilde } from '../../core/platform.js';
+import { expandTilde, whichSync } from '../../core/platform.js';
 import { readGitStatus } from '../../core/git.js';
 import { isSetupReady } from '../../cli/onboarding.js';
 import { validateDingtalkConfig, validateDiscordConfig, validateFeishuConfig, validateSlackConfig, validateTelegramConfig, validateWecomConfig, validateWeixinConfig, } from '../../core/config/validation.js';
@@ -66,7 +67,96 @@ function runOpenCommand(command, args) {
         throw new Error(detail || `Failed to run ${command} ${args.join(' ')}`);
     }
 }
-function openPathWithTarget(filePath, target, isDirectory) {
+function stripOpenPathWrapping(value) {
+    let text = value.trim();
+    const pairs = [['`', '`'], ['"', '"'], ["'", "'"], ['<', '>']];
+    let changed = true;
+    while (changed && text.length >= 2) {
+        changed = false;
+        for (const [left, right] of pairs) {
+            if (text.startsWith(left) && text.endsWith(right)) {
+                text = text.slice(left.length, -right.length).trim();
+                changed = true;
+            }
+        }
+    }
+    return text;
+}
+function decodeOpenPathInput(raw) {
+    const text = stripOpenPathWrapping(raw);
+    if (text.startsWith('file://')) {
+        try {
+            return fileURLToPath(text);
+        }
+        catch {
+            return decodeURI(text.slice('file://'.length));
+        }
+    }
+    if (text.startsWith('vscode://file/')) {
+        return decodeURI(`/${text.slice('vscode://file/'.length)}`);
+    }
+    return text;
+}
+function resolveOpenBasePath(basePath) {
+    const base = typeof basePath === 'string' && basePath.trim()
+        ? basePath.trim()
+        : runtime.getRuntimeWorkdir(loadUserConfig());
+    return path.resolve(expandTilde(base || process.cwd()));
+}
+function splitExistingLineSuffix(candidate) {
+    const normalized = path.normalize(candidate);
+    if (fs.existsSync(normalized))
+        return { filePath: normalized, line: null, column: null };
+    const match = /^(.*?)(?::(\d+)(?::(\d+))?)$/.exec(normalized);
+    if (!match || !match[1])
+        return { filePath: normalized, line: null, column: null };
+    const filePath = path.normalize(match[1]);
+    if (!fs.existsSync(filePath))
+        return { filePath: normalized, line: null, column: null };
+    return {
+        filePath,
+        line: Number(match[2]),
+        column: match[3] ? Number(match[3]) : null,
+    };
+}
+export function resolveOpenPathLocator(rawPath, basePath) {
+    const decoded = decodeOpenPathInput(rawPath);
+    const expanded = expandTilde(decoded);
+    const absolute = path.isAbsolute(expanded)
+        ? path.resolve(expanded)
+        : path.resolve(resolveOpenBasePath(basePath), expanded);
+    return splitExistingLineSuffix(absolute);
+}
+function editorGotoArg(filePath, location) {
+    if (!location?.line)
+        return null;
+    return `${filePath}:${location.line}${location.column ? `:${location.column}` : ''}`;
+}
+function tryOpenCommand(command, args) {
+    if (!whichSync(command))
+        return false;
+    try {
+        runOpenCommand(command, args);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function tryOpenVSCodeUrl(filePath, location) {
+    if (!location?.line)
+        return false;
+    const suffix = `:${location.line}${location.column ? `:${location.column}` : ''}`;
+    try {
+        runOpenCommand('open', [`vscode://file${encodeURI(filePath)}${suffix}`]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function openPathWithTarget(filePath, target, isDirectory, location) {
+    const gotoArg = isDirectory ? null : editorGotoArg(filePath, location);
     if (process.platform === 'darwin') {
         switch (target) {
             case 'finder':
@@ -76,13 +166,21 @@ function openPathWithTarget(filePath, target, isDirectory) {
                 runOpenCommand('open', [filePath]);
                 return;
             case 'cursor':
+                if (gotoArg && tryOpenCommand('cursor', ['-g', gotoArg]))
+                    return;
                 runOpenCommand('open', ['-a', 'Cursor', filePath]);
                 return;
             case 'windsurf':
+                if (gotoArg && tryOpenCommand('windsurf', ['-g', gotoArg]))
+                    return;
                 runOpenCommand('open', ['-a', 'Windsurf', filePath]);
                 return;
             case 'vscode':
             default:
+                if (gotoArg && tryOpenCommand('code', ['-g', gotoArg]))
+                    return;
+                if (gotoArg && tryOpenVSCodeUrl(filePath, location))
+                    return;
                 runOpenCommand('open', ['-a', 'Visual Studio Code', filePath]);
                 return;
         }
@@ -90,10 +188,16 @@ function openPathWithTarget(filePath, target, isDirectory) {
     if (process.platform === 'win32') {
         switch (target) {
             case 'cursor':
-                runOpenCommand('cursor', [filePath]);
+                if (gotoArg)
+                    runOpenCommand('cursor', ['-g', gotoArg]);
+                else
+                    runOpenCommand('cursor', [filePath]);
                 return;
             case 'windsurf':
-                runOpenCommand('windsurf', [filePath]);
+                if (gotoArg)
+                    runOpenCommand('windsurf', ['-g', gotoArg]);
+                else
+                    runOpenCommand('windsurf', [filePath]);
                 return;
             case 'finder':
             case 'default':
@@ -101,16 +205,25 @@ function openPathWithTarget(filePath, target, isDirectory) {
                 return;
             case 'vscode':
             default:
-                runOpenCommand('code', [filePath]);
+                if (gotoArg)
+                    runOpenCommand('code', ['-g', gotoArg]);
+                else
+                    runOpenCommand('code', [filePath]);
                 return;
         }
     }
     switch (target) {
         case 'cursor':
-            runOpenCommand('cursor', [filePath]);
+            if (gotoArg)
+                runOpenCommand('cursor', ['-g', gotoArg]);
+            else
+                runOpenCommand('cursor', [filePath]);
             return;
         case 'windsurf':
-            runOpenCommand('windsurf', [filePath]);
+            if (gotoArg)
+                runOpenCommand('windsurf', ['-g', gotoArg]);
+            else
+                runOpenCommand('windsurf', [filePath]);
             return;
         case 'finder':
         case 'default':
@@ -118,7 +231,10 @@ function openPathWithTarget(filePath, target, isDirectory) {
             return;
         case 'vscode':
         default:
-            runOpenCommand('code', [filePath]);
+            if (gotoArg)
+                runOpenCommand('code', ['-g', gotoArg]);
+            else
+                runOpenCommand('code', [filePath]);
             return;
     }
 }
@@ -453,14 +569,20 @@ app.post('/api/open-in-editor', async (c) => {
     try {
         const body = await c.req.json();
         const filePath = typeof body?.filePath === 'string' ? body.filePath.trim() : '';
+        const basePath = typeof body?.basePath === 'string' && body.basePath.trim()
+            ? body.basePath.trim()
+            : typeof body?.workdir === 'string' && body.workdir.trim()
+                ? body.workdir.trim()
+                : null;
         const target = isOpenTarget(body?.target) ? body.target : 'vscode';
         if (!filePath)
             return c.json({ ok: false, error: 'filePath is required' }, 400);
-        if (!fs.existsSync(filePath))
+        const resolved = resolveOpenPathLocator(filePath, basePath);
+        if (!fs.existsSync(resolved.filePath))
             return c.json({ ok: false, error: 'Path not found' }, 404);
-        const stat = fs.statSync(filePath);
-        openPathWithTarget(filePath, target, stat.isDirectory());
-        return c.json({ ok: true });
+        const stat = fs.statSync(resolved.filePath);
+        openPathWithTarget(resolved.filePath, target, stat.isDirectory(), resolved);
+        return c.json({ ok: true, filePath: resolved.filePath, line: resolved.line, column: resolved.column });
     }
     catch (err) {
         const detail = err instanceof Error ? err.message : String(err);

package/dist/dashboard/routes/models.js

@@ -18,7 +18,7 @@
  *   POST   /api/models/agents/:agent/active             → bind/unbind a Profile
  */
 import { Hono } from 'hono';
-import { getModelsDevCatalog, searchCatalogProviders, listProviders, getProvider, addProvider, updateProvider, removeProvider, setProviderValidation, listProfiles, getProfile, addProfile, updateProfile, removeProfile, getActiveProfileId, setActiveProfile, validateProvider, getProviderModelList, invalidateProviderModels, } from '../../model/index.js';
+import { getModelsDevCatalog, searchCatalogProviders, listProviders, getProvider, addProvider, updateProvider, removeProvider, setProviderValidation, listProfiles, getProfile, addProfile, updateProfile, removeProfile, getActiveProfileId, setActiveProfile, prewarmLocalModel, validateProvider, getProviderModelList, invalidateProviderModels, } from '../../model/index.js';
 import { isCredentialRef, describeCredentialRef } from '../../core/secrets/index.js';
 import { allDriverIds } from '../../agent/index.js';
 const router = new Hono();
@@ -315,6 +315,14 @@ router.post('/api/models/agents/:agent/active', async (c) => {
         return c.json({ ok: false, error: 'profileId (string|null) is required' }, 400);
     try {
         setActiveProfile(agent, profileId);
+        // Warm a local backend the instant it's selected, so the user's first turn
+        // skips the model cold-load. Fire-and-forget; never blocks the bind.
+        if (profileId) {
+            const profile = getProfile(profileId);
+            const provider = profile ? getProvider(profile.providerId) : null;
+            if (profile && provider)
+                prewarmLocalModel(provider, profile.modelId);
+        }
         return c.json({ ok: true, agent, activeProfileId: profileId });
     }
     catch (e) {

package/dist/dashboard/routes/sessions.js

@@ -64,6 +64,29 @@ function enrichWithRuntimeStatus(sessions, bot) {
         };
     });
 }
+// Session list cards render only the *head* of these text fields (previews via
+// firstMeaningfulLine / slice / sanitize) and use them for client-side substring
+// search. A session whose last turn dumped a huge tool output or long answer would
+// otherwise ship tens of KB per card that the list never displays — on a busy
+// workspace the swim-lane ballooned to ~600KB, dominated by these fields. Cap each
+// to a preview length: previews are unchanged and search still matches the head.
+// Full text remains available from the session-detail / messages endpoints.
+const LIST_PREVIEW_FIELD_CAP = 2048;
+function capPreviewField(value) {
+    return typeof value === 'string' && value.length > LIST_PREVIEW_FIELD_CAP
+        ? value.slice(0, LIST_PREVIEW_FIELD_CAP)
+        : value;
+}
+/** Thin a session for list/swim-lane responses by capping its heavy preview text. */
+export function projectSessionForList(session) {
+    return {
+        ...session,
+        lastQuestion: capPreviewField(session.lastQuestion),
+        lastAnswer: capPreviewField(session.lastAnswer),
+        lastMessageText: capPreviewField(session.lastMessageText),
+        runDetail: capPreviewField(session.runDetail),
+    };
+}
 function readStringField(value) {
     return typeof value === 'string' ? value.trim() : '';
 }
@@ -172,6 +195,7 @@ app.get('/api/sessions/:agent', async (c) => {
     const result = await querySessions({ workdir, agent });
     const enriched = enrichWithRuntimeStatus(result.sessions, botRef);
     const paged = paginateSessionResult(enriched, page, limit);
+    paged.sessions = paged.sessions.map(projectSessionForList);
     runtime.debug(`[sessions] endpoint=single agent=${agent} ok=${result.ok} total=${result.total} ` +
         `returned=${paged.sessions.length} error=${result.errors.join('; ') || '(none)'}`);
     return c.json({
@@ -195,6 +219,7 @@ app.get('/api/sessions', async (c) => {
         const result = await querySessions({ workdir, agent: a.agent });
         const enriched = enrichWithRuntimeStatus(result.sessions, botRef);
         const paged = paginateSessionResult(enriched, page, limit);
+        paged.sessions = paged.sessions.map(projectSessionForList);
         swimLane[a.agent] = {
             ok: result.ok,
             error: result.errors[0] || null,

package/dist/dashboard/server.js

@@ -3,6 +3,7 @@
  */
 import http from 'node:http';
 import { Hono } from 'hono';
+import { compress } from 'hono/compress';
 import { getRequestListener } from '@hono/node-server';
 import { serveStatic } from '@hono/node-server/serve-static';
 import path from 'node:path';
@@ -87,6 +88,13 @@ export async function startDashboard(opts = {}) {
     if (opts.bot)
         runtime.attachBot(opts.bot);
     const app = new Hono();
+    // -- Compression --
+    // gzip/deflate every compressible response (JSON API payloads, JS/CSS bundles,
+    // the HTML shell). Session message/list endpoints ship hundreds of KB of JSON;
+    // Vite chunks are another few hundred KB raw. The middleware skips already-
+    // compressed binary types (png/ico) by content-type, so the immutable image
+    // assets pay no CPU cost. Registered first so it wraps both routes and static.
+    app.use('*', compress());
     // -- API routes --
     app.route('/', configRoutes);
     app.route('/', agentRoutes);

package/dist/model/index.js

@@ -16,5 +16,5 @@
 export { getModelsDevCatalog, getCatalogProvider, getCatalogModel, searchCatalogProviders, } from './catalog.js';
 export { listProviders, getProvider, addProvider, updateProvider, removeProvider, setProviderValidation, listProfiles, getProfile, addProfile, updateProfile, removeProfile, getActiveProfileId, getActiveProfile, setActiveProfile, } from './store.js';
 export { validateProvider } from './validation.js';
-export { resolveAgentInjection, isAgentBoundToProfile, } from './injector.js';
+export { resolveAgentInjection, isAgentBoundToProfile, prewarmLocalModel, } from './injector.js';
 export { getProviderModelList, invalidateProviderModels, peekProviderModelList, peekProviderModelInfo, prefetchProviderModels, } from './provider-models.js';

package/dist/model/injector.js

@@ -7,6 +7,7 @@
  * = adding one entry to AGENT_INJECT_TABLE.
  */
 import { resolveCredential } from '../core/secrets/index.js';
+import { writeScopedLog } from '../core/logging.js';
 import { getActiveProfile, getProvider } from './store.js';
 import { peekProviderModelInfo, prefetchProviderModels } from './provider-models.js';
 import { ensureResponsesBridge, upstreamToken } from './responses-bridge.js';
@@ -249,6 +250,46 @@ function codexLocalProvider(provider) {
         return 'lmstudio';
     return 'ollama';
 }
+/** Ollama keeps a prewarmed model resident for this long (its `keep_alive`). */
+const PREWARM_KEEP_ALIVE = '30m';
+/**
+ * Warm a localhost model backend so the user's first real turn doesn't pay the
+ * model cold-load (weights → memory). Fire-and-forget: never blocks the caller,
+ * never throws.
+ *
+ *  - Ollama has a native load endpoint — `POST /api/generate {model, keep_alive}`
+ *    with no prompt loads the weights and returns immediately; `keep_alive`
+ *    keeps them resident across the seed + real turns of a session.
+ *  - LM Studio JIT-loads on first request, so we nudge it with a 1-token
+ *    completion against its OpenAI-compatible endpoint.
+ *
+ * Called when a local Profile is bound (warm while the user reads / types) and
+ * again at spawn (re-assert keep_alive). Measured: a cold gemma3:4b spent ~12s
+ * before its first token; prewarmed, generation starts in ~2s.
+ */
+export function prewarmLocalModel(provider, modelId) {
+    if (!modelId || !isLocalProvider(provider))
+        return;
+    let origin;
+    try {
+        origin = new URL(provider.baseURL).origin;
+    }
+    catch {
+        return;
+    }
+    const swallow = () => { };
+    if (codexLocalProvider(provider) === 'lmstudio') {
+        void fetch(`${origin}/v1/chat/completions`, {
+            method: 'POST', headers: { 'content-type': 'application/json' },
+            body: JSON.stringify({ model: modelId, max_tokens: 1, messages: [{ role: 'user', content: 'hi' }] }),
+        }).then(swallow, swallow);
+        return;
+    }
+    void fetch(`${origin}/api/generate`, {
+        method: 'POST', headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ model: modelId, keep_alive: PREWARM_KEEP_ALIVE }),
+    }).then(r => { writeScopedLog('model-prewarm', `ollama load ${modelId} → ${r.status}`); }, e => { writeScopedLog('model-prewarm', `ollama load ${modelId} failed: ${e?.message || e}`, { level: 'warn', stream: 'stderr' }); });
+}
 /**
  * Decide how codex should reach a provider. Codex 0.140+ speaks ONLY the
  * Responses API, so the route depends on what the provider implements:
@@ -295,6 +336,7 @@ const codexInjector = async (provider, profile, apiKey) => {
     // providers cannot be overridden.")
     if (route === 'local-oss') {
         const local = codexLocalProvider(provider);
+        prewarmLocalModel(provider, model);
         return {
             env: {}, argvAppend: [],
             codexConfigOverrides: [`model_provider="${local}"`],