pinokiod 7.3.0 → 7.3.3

package/server/public/nav.js

@@ -25,6 +25,12 @@ document.addEventListener("DOMContentLoaded", () => {
     return;
   }
 
+  const headerMinimizeEnabled = !!minimizeButton;
+  if (!headerMinimizeEnabled) {
+    header.classList.remove("minimized", "transitioning");
+  }
+
+  if (headerMinimizeEnabled) {
   const homeIcon = homeLink ? homeLink.querySelector("img.icon") : null;
   const ensureHomeExpandIcon = () => {
     if (!homeLink || !homeIcon) {
@@ -492,6 +498,7 @@ document.addEventListener("DOMContentLoaded", () => {
     log("resize:clamp", { before, after: { left, top } });
   });
 
+  }
 
   // Inspector handling
   const inspectorButton = document.querySelector('#inspector');

package/server/public/plugin-detail.js

@@ -15,6 +15,14 @@
   let share = bootstrap.share || {};
   const apps = Array.isArray(bootstrap.apps) ? bootstrap.apps : [];
   const stateUrl = typeof bootstrap.stateUrl === "string" ? bootstrap.stateUrl : "";
+  const cwdFromUrl = (() => {
+    try {
+      return new URLSearchParams(window.location.search).get("cwd") || "";
+    } catch (_) {
+      return "";
+    }
+  })();
+  plugin.cwd = typeof plugin.cwd === "string" && plugin.cwd ? plugin.cwd : cwdFromUrl;
 
   const ACTION_LABELS = {
     install: "Install",
@@ -47,9 +55,14 @@
   const overlayRefresh = document.querySelector("[data-plugin-share-overlay-refresh]");
   const actionsSection = document.querySelector("[data-plugin-actions-section]");
   const nextStepBanner = document.querySelector("[data-plugin-next-step-banner]");
+  const aiPermissionCard = document.querySelector("[data-plugin-ai-permissions]");
+  const aiPermissionClear = document.querySelector("[data-plugin-ai-permission-clear]");
+  const aiPermissionPath = document.querySelector("[data-plugin-ai-permission-path]");
+  const aiPermissionStatus = document.querySelector("[data-plugin-ai-permission-status]");
 
   let refreshInFlight = false;
   let createFormOpen = false;
+  const AI_CONSENT_PREFIX = "pinokio:ai-consent:";
 
   function readDownloadState() {
     try {
@@ -116,6 +129,59 @@
     }, 2200);
   }
 
+  function normalizeConsentSource(value) {
+    if (!value || typeof value !== "string") return "";
+    return value.trim().replace(/\\/g, "/").replace(/\/+$/, "");
+  }
+
+  function aiPermissionKey() {
+    const source = normalizeConsentSource(plugin.cwd || "");
+    return source ? `${AI_CONSENT_PREFIX}${encodeURIComponent(source)}` : "";
+  }
+
+  function updateAiPermissionStatus() {
+    const cwd = normalizeConsentSource(plugin.cwd || "");
+    if (aiPermissionCard) {
+      aiPermissionCard.classList.toggle("task-hidden", !cwd);
+    }
+    if (aiPermissionPath) {
+      aiPermissionPath.textContent = cwd;
+    }
+    if (!aiPermissionStatus) {
+      return;
+    }
+    const key = aiPermissionKey();
+    let status = "No project permission context.";
+    try {
+      if (!key || !window.localStorage) {
+        status = "Browser storage is unavailable.";
+      } else if (window.localStorage.getItem(key) !== null) {
+        status = "Saved permission exists for this project.";
+      } else {
+        status = "No saved permission for this project.";
+      }
+    } catch (_) {
+      status = "Browser storage is unavailable.";
+    }
+    aiPermissionStatus.textContent = status;
+  }
+
+  function clearAiPermission() {
+    const key = aiPermissionKey();
+    if (!key) {
+      updateAiPermissionStatus();
+      return;
+    }
+    try {
+      window.localStorage.removeItem(key);
+      updateAiPermissionStatus();
+      showFeedback("AI permission cleared for this project.", "success");
+    } catch (_) {
+      updateAiPermissionStatus();
+      showFeedback("Unable to clear AI permission.", "error");
+    }
+  }
+
   function clearNode(node) {
     while (node && node.firstChild) {
       node.removeChild(node.firstChild);
@@ -225,15 +291,15 @@
       return "";
     }
     const queryPairs = [];
-    const pushPair = (key, value, { rawValue = false } = {}) => {
+    const pushPair = (key, value) => {
       if (value === undefined || value === null) {
         return;
       }
       const encodedKey = encodeURIComponent(key);
-      const encodedValue = rawValue ? String(value) : encodeURIComponent(String(value));
+      const encodedValue = encodeURIComponent(String(value));
       queryPairs.push(`${encodedKey}=${encodedValue}`);
     };
-    pushPair("plugin", plugin.pluginPath, { rawValue: true });
+    pushPair("plugin", plugin.pluginPath);
     if (Array.isArray(plugin.extraParams)) {
       plugin.extraParams.forEach(([key, value]) => {
         pushPair(key, value);
@@ -749,23 +815,32 @@
 
   function applyDownloadedState() {
     const downloadState = readDownloadState();
-    if (!downloadState.downloaded) {
+    if (!downloadState.downloaded && !downloadState.next) {
       return;
     }
 
     const installCard = document.querySelector('[data-plugin-action-card="install"]');
     const openCard = document.querySelector('[data-plugin-action-card="open"]');
-    const nextAction = downloadState.next || (installCard ? "install" : (openCard ? "open" : ""));
+    let nextAction = downloadState.next || (installCard ? "install" : (openCard ? "open" : ""));
+    if (nextAction === "install" && !installCard && openCard && plugin.installed === true) {
+      nextAction = "open";
+    }
     const targetCard = nextAction ? document.querySelector(`[data-plugin-action-card="${nextAction}"]`) : null;
 
     if (nextStepBanner) {
       nextStepBanner.hidden = false;
       nextStepBanner.classList.remove("task-hidden");
-      nextStepBanner.textContent = nextAction === "install"
-        ? "Downloaded successfully. Next step: install this plugin."
-        : nextAction === "open"
-          ? "Downloaded successfully. Next step: open this plugin in a project."
-          : "Downloaded successfully.";
+      if (downloadState.downloaded) {
+        nextStepBanner.textContent = nextAction === "install"
+          ? "Downloaded successfully. Next step: install this plugin."
+          : nextAction === "open"
+            ? (plugin.installed === true ? "Installed. You can open this plugin in a project." : "Downloaded successfully. Next step: open this plugin in a project.")
+            : "Downloaded successfully.";
+      } else {
+        nextStepBanner.textContent = nextAction === "install"
+          ? "This plugin needs to be installed before it can run."
+          : "Next step: open this plugin in a project.";
+      }
     }
 
     if (targetCard) {
@@ -915,6 +990,14 @@
     });
   }
 
+  if (aiPermissionClear) {
+    aiPermissionClear.addEventListener("click", (event) => {
+      event.preventDefault();
+      clearAiPermission();
+    });
+    updateAiPermissionStatus();
+  }
+
   render();
   applyDownloadedState();
 })();

package/server/public/privacy_filter_worker.js

@@ -0,0 +1,391 @@
+const TRANSFORMERS_URL = 'https://cdn.jsdelivr.net/npm/@huggingface/transformers@4.2.0/+esm'
+const MODEL_ID = 'openai/privacy-filter'
+const MAX_CHUNK_CHARS = 1800
+const CHUNK_OVERLAP_CHARS = 120
+const URL_COMPONENT_LABELS = new Set([
+  'private_url',
+  'private_person',
+  'private_organization',
+  'private_username',
+  'private_name'
+])
+
+let transformersPromise = null
+let pipelinePromise = null
+let pipelineKey = ''
+let activeDevice = 'webgpu'
+let activeDtype = 'q4f16'
+
+const post = (message) => {
+  self.postMessage(message)
+}
+
+const normalizeLabel = (value) => {
+  const label = String(value || 'private')
+    .replace(/^[bieos]-/i, '')
+    .replace(/[^a-z0-9_-]+/gi, '_')
+    .replace(/^_+|_+$/g, '')
+    .toLowerCase()
+  return label || 'private'
+}
+
+const trimUrlCandidate = (value) => {
+  return String(value || '')
+    .replace(/^[([{<]+/, '')
+    .replace(/[)\]}>.,;:]+$/g, '')
+}
+
+const tokenAround = (text, start, end) => {
+  const value = String(text || '')
+  let left = Math.max(0, start)
+  let right = Math.min(value.length, end)
+  while (left > 0 && !/[\s"'`<>]/.test(value[left - 1])) {
+    left -= 1
+  }
+  while (right < value.length && !/[\s"'`<>]/.test(value[right])) {
+    right += 1
+  }
+  let raw = value.slice(left, right)
+  const trimmed = trimUrlCandidate(raw)
+  const leadingTrim = raw.length - raw.replace(/^[([{<]+/, '').length
+  left += leadingTrim
+  right = left + trimmed.length
+  return {
+    start: left,
+    end: right,
+    value: trimmed
+  }
+}
+
+const parseUrlCandidate = (value) => {
+  let candidate = trimUrlCandidate(value)
+  candidate = candidate.replace(/^git\+/i, '')
+  const sshMatch = candidate.match(/^git@([^:\s]+):(.+)$/i)
+  if (sshMatch) {
+    return {
+      protocol: 'ssh:',
+      username: 'git',
+      password: '',
+      hostname: sshMatch[1],
+      search: '',
+      hash: ''
+    }
+  }
+  if (/^[A-Za-z0-9.-]+\.[A-Za-z]{2,}(?:[/:?#]|$)/.test(candidate)) {
+    candidate = `https://${candidate}`
+  }
+  try {
+    return new URL(candidate)
+  } catch (_) {
+    return null
+  }
+}
+
+const isExposableUrl = (value) => {
+  const url = parseUrlCandidate(value)
+  if (!url) {
+    return false
+  }
+  if (url.protocol === 'ssh:') {
+    return Boolean(url.hostname)
+  }
+  return /^(?:https?|git|ssh):$/i.test(url.protocol) && Boolean(url.hostname)
+}
+
+const shouldKeepEntityUnmasked = (text, entity) => {
+  if (!URL_COMPONENT_LABELS.has(entity.label)) {
+    return false
+  }
+  const candidate = tokenAround(text, entity.start, entity.end)
+  return Boolean(candidate.value && isExposableUrl(candidate.value))
+}
+
+const detectUrlSecretEntities = (text) => {
+  const value = String(text || '')
+  const entities = []
+  const urlPattern = /(?:git\+)?https?:\/\/[^\s"'`<>]+|git@[^\s"'`<>]+:[^\s"'`<>]+/gi
+  let match = urlPattern.exec(value)
+  while (match) {
+    const token = tokenAround(value, match.index, match.index + match[0].length)
+    const candidate = token.value
+    const parsed = parseUrlCandidate(candidate)
+    if (parsed) {
+      if (parsed.protocol !== 'ssh:' && (parsed.username || parsed.password)) {
+        const userInfoMatch = candidate.match(/^[a-z][a-z0-9+.-]*:\/\/([^/@]+)@/i)
+        if (userInfoMatch) {
+          const start = token.start + candidate.indexOf(userInfoMatch[1])
+          entities.push({
+            label: 'url_credential',
+            start,
+            end: start + userInfoMatch[1].length
+          })
+        }
+      }
+      const sensitiveValuePattern = /([?&#;](?:access[_-]?token|refresh[_-]?token|token|secret|password|passwd|api[_-]?key|apikey|auth|authorization|session|cookie|key|signature|sig|jwt)=)([^&#;\s"'`<>]+)/gi
+      let sensitiveMatch = sensitiveValuePattern.exec(candidate)
+      while (sensitiveMatch) {
+        const start = token.start + sensitiveMatch.index + sensitiveMatch[1].length
+        entities.push({
+          label: 'url_secret',
+          start,
+          end: start + sensitiveMatch[2].length
+        })
+        sensitiveMatch = sensitiveValuePattern.exec(candidate)
+      }
+    }
+    match = urlPattern.exec(value)
+  }
+  return entities
+}
+
+const prepareMaskEntities = (text, entities) => {
+  return [
+    ...detectUrlSecretEntities(text),
+    ...(entities || []).filter((entity) => !shouldKeepEntityUnmasked(text, entity))
+  ]
+}
+
+const attachOffsets = (text, raw, absoluteStart) => {
+  const entities = []
+  let cursor = 0
+  for (const entry of raw || []) {
+    const label = normalizeLabel(entry.entity_group || entry.entity || entry.label)
+    const score = Number(entry.score)
+    if (typeof entry.start === 'number' && typeof entry.end === 'number' && entry.end > entry.start) {
+      entities.push({
+        label,
+        score: Number.isFinite(score) ? score : 0,
+        start: absoluteStart + entry.start,
+        end: absoluteStart + entry.end
+      })
+      cursor = Math.max(cursor, entry.end)
+      continue
+    }
+    const word = String(entry.word || '').replace(/^\s+/, '')
+    const found = word ? text.indexOf(word, cursor) : -1
+    if (found >= 0) {
+      entities.push({
+        label,
+        score: Number.isFinite(score) ? score : 0,
+        start: absoluteStart + found,
+        end: absoluteStart + found + word.length
+      })
+      cursor = found + word.length
+    }
+  }
+  return entities
+}
+
+const chooseChunkEnd = (text, start, hardEnd) => {
+  if (hardEnd >= text.length) {
+    return text.length
+  }
+  const slice = text.slice(start, hardEnd)
+  const candidates = [
+    slice.lastIndexOf('\n\n'),
+    slice.lastIndexOf('\n'),
+    slice.lastIndexOf(' ')
+  ].filter((index) => index > Math.floor(MAX_CHUNK_CHARS * 0.55))
+  if (candidates.length > 0) {
+    return start + Math.max(...candidates) + 1
+  }
+  return hardEnd
+}
+
+const buildChunks = (text) => {
+  const chunks = []
+  let start = 0
+  while (start < text.length) {
+    const hardEnd = Math.min(start + MAX_CHUNK_CHARS, text.length)
+    const end = chooseChunkEnd(text, start, hardEnd)
+    chunks.push({
+      start,
+      text: text.slice(start, end)
+    })
+    if (end >= text.length) {
+      break
+    }
+    start = Math.max(end - CHUNK_OVERLAP_CHARS, start + 1)
+  }
+  return chunks
+}
+
+const mergeEntities = (entities) => {
+  const sorted = entities
+    .filter((entity) => Number.isFinite(entity.start) && Number.isFinite(entity.end) && entity.end > entity.start)
+    .sort((a, b) => a.start - b.start || b.end - a.end || b.score - a.score)
+  const merged = []
+  for (const entity of sorted) {
+    const last = merged[merged.length - 1]
+    if (!last || entity.start >= last.end) {
+      merged.push(entity)
+      continue
+    }
+    const entityLength = entity.end - entity.start
+    const lastLength = last.end - last.start
+    if (entityLength > lastLength || (entityLength === lastLength && entity.score > last.score)) {
+      merged[merged.length - 1] = entity
+    }
+  }
+  return merged.sort((a, b) => a.start - b.start || a.end - b.end)
+}
+
+const maskText = (text, entities) => {
+  let cursor = 0
+  let masked = ''
+  const counts = {}
+  const items = []
+  for (const entity of entities) {
+    if (entity.start < cursor) {
+      continue
+    }
+    masked += text.slice(cursor, entity.start)
+    const replacement = `[${entity.label}]`
+    const maskedStart = masked.length
+    masked += replacement
+    const maskedEnd = masked.length
+    counts[entity.label] = (counts[entity.label] || 0) + 1
+    items.push({
+      id: items.length,
+      label: entity.label,
+      score: entity.score,
+      sourceStart: entity.start,
+      sourceEnd: entity.end,
+      maskedStart,
+      maskedEnd,
+      replacement
+    })
+    cursor = entity.end
+  }
+  masked += text.slice(cursor)
+  for (const item of items) {
+    const lineStart = masked.lastIndexOf('\n', item.maskedStart - 1) + 1
+    const nextLine = masked.indexOf('\n', item.maskedEnd)
+    const lineEnd = nextLine >= 0 ? nextLine : masked.length
+    item.line = masked.slice(0, item.maskedStart).split('\n').length
+    item.context = masked.slice(lineStart, lineEnd).trim()
+  }
+  return { masked, counts, items }
+}
+
+const loadTransformers = async () => {
+  if (!transformersPromise) {
+    transformersPromise = import(TRANSFORMERS_URL).then((mod) => {
+      if (mod.env) {
+        mod.env.allowLocalModels = false
+        mod.env.allowRemoteModels = true
+        mod.env.useBrowserCache = true
+        mod.env.useWasmCache = true
+        mod.env.cacheKey = 'pinokio-privacy-filter-cache'
+      }
+      return mod
+    })
+  }
+  return transformersPromise
+}
+
+const getPipeline = async (device, dtype) => {
+  const nextDevice = device || activeDevice
+  const nextDtype = dtype || activeDtype
+  const nextKey = `${nextDevice}:${nextDtype}`
+  if (pipelinePromise && pipelineKey === nextKey) {
+    return pipelinePromise
+  }
+  activeDevice = nextDevice
+  activeDtype = nextDtype
+  pipelineKey = nextKey
+  pipelinePromise = loadTransformers().then(({ pipeline }) => {
+    return pipeline('token-classification', MODEL_ID, {
+      device: activeDevice,
+      dtype: activeDtype,
+      progress_callback: (progress) => {
+        if (progress && progress.status === 'progress') {
+          post({
+            type: 'download',
+            file: progress.file || '',
+            loaded: progress.loaded || 0,
+            total: progress.total || 0,
+            progress: progress.progress || 0
+          })
+        }
+      }
+    })
+  })
+  pipelinePromise.catch(() => {
+    if (pipelineKey === nextKey) {
+      pipelinePromise = null
+      pipelineKey = ''
+    }
+  })
+  return pipelinePromise
+}
+
+const classifyChunks = async ({ classifier, chunks, id }) => {
+  const entities = []
+  for (let index = 0; index < chunks.length; index += 1) {
+    const chunk = chunks[index]
+    post({ type: 'chunk', id, done: index, total: chunks.length })
+    const output = await classifier(chunk.text, { aggregation_strategy: 'simple' })
+    entities.push(...attachOffsets(chunk.text, output, chunk.start))
+  }
+  return entities
+}
+
+const filterText = async ({ id, text, device, dtype }) => {
+  const reportText = String(text || '')
+  const chunks = buildChunks(reportText)
+  const startedAt = performance.now()
+  let requestedDevice = device || activeDevice
+  let requestedDtype = dtype || activeDtype
+  let classifier = null
+  let entities = []
+  try {
+    classifier = await getPipeline(requestedDevice, requestedDtype)
+    entities = await classifyChunks({ classifier, chunks, id })
+  } catch (error) {
+    if (requestedDevice === 'wasm') {
+      throw error
+    }
+    pipelinePromise = null
+    pipelineKey = ''
+    requestedDevice = 'wasm'
+    requestedDtype = 'q8'
+    post({
+      type: 'fallback',
+      id,
+      device: requestedDevice,
+      dtype: requestedDtype,
+      message: 'WebGPU privacy filtering failed. Retrying locally with WASM.'
+    })
+    classifier = await getPipeline(requestedDevice, requestedDtype)
+    entities = await classifyChunks({ classifier, chunks, id })
+  }
+  const merged = mergeEntities(prepareMaskEntities(reportText, entities))
+  const result = maskText(reportText, merged)
+  post({
+    type: 'result',
+    id,
+    text: result.masked,
+    entities: merged,
+    items: result.items,
+    counts: result.counts,
+    latencyMs: performance.now() - startedAt,
+    device: activeDevice,
+    dtype: activeDtype,
+    chunks: chunks.length
+  })
+}
+
+self.addEventListener('message', (event) => {
+  const message = event.data || {}
+  if (message.type !== 'filter') {
+    return
+  }
+  filterText(message).catch((error) => {
+    post({
+      type: 'error',
+      id: message.id,
+      message: error && error.message ? error.message : String(error || 'Privacy filter failed')
+    })
+  })
+})