aru-code 0.42.0__tar.gz → 0.44.0__tar.gz

{aru_code-0.42.0/aru_code.egg-info → aru_code-0.44.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aru-code
-Version: 0.42.0
+Version: 0.44.0
 Summary: A Claude Code clone built with Agno agents
 Author-email: Estevao <estevaofon@gmail.com>
 License-Expression: MIT

aru_code-0.44.0/aru/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.44.0"

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/app.py

@@ -256,6 +256,13 @@ class AruApp(App):
         "skills", "agents", "commands", "mcp", "yolo",
     }
 
+    # Layer 10 — interval (seconds) between belt-and-suspenders re-emits of
+    # the mouse-tracking enable sequences. 8s is the worst-case time-to-recover
+    # if a leaked DEC private-mode escape disables the wheel mid-turn; the
+    # cost is ~24 bytes per tick (four idempotent SGR sequences). See
+    # ``on_mount`` and ``_reenable_mouse_tracking`` for context.
+    _MOUSE_REENABLE_INTERVAL: float = 8.0
+
     def __init__(
         self,
         *,
@@ -375,6 +382,21 @@ class AruApp(App):
         if not self.is_headless:
             _push_terminal_title()
             _set_terminal_title(_compose_terminal_title(self.session))
+        # Layer 10 / 11 self-heal — periodic recovery of terminal state and
+        # input focus. Two failure classes share one tick:
+        # * mouse-enable lost (leaked DEC private-mode escape disabled the
+        #   wheel) — re-emit ``_enable_mouse_support`` (Layer 10).
+        # * input focus / visibility lost (a focusable panel mounted by
+        #   ``add_renderable`` grabbed focus, or an ``InlineChoicePrompt``
+        #   left ``#input.-hidden`` stuck because its callback raised) —
+        #   reassert the prompt as focused-and-visible (Layer 11).
+        # Both checks are idempotent on a healthy app and skipped under
+        # headless tests where there's no live driver to talk to.
+        if not self.is_headless:
+            self.set_interval(
+                self._MOUSE_REENABLE_INTERVAL,
+                self._self_heal_terminal_state,
+            )
 
     def _replay_resumed_history(self, chat: ChatPane) -> None:
         """Render a resumed session's user/assistant text back into the chat.
@@ -1069,23 +1091,114 @@ class AruApp(App):
             except Exception:
                 pass
             # Layer 9 self-heal — re-assert Textual's mouse-tracking
-            # sequences at every turn boundary. If any content path
-            # emitted a rogue DEC private-mode escape during the turn
-            # (``\x1b[?1000l`` or similar) the terminal would have
-            # silently disabled wheel reporting for every scroll area
-            # in the app, with no way for us to detect it. Calling the
-            # driver's enable-mouse path writes four short SGR sequences
-            # (``?1000h`` / ``?1003h`` / ``?1015h`` / ``?1006h``) and
-            # restores wheel input no matter what corrupted the state.
-            # Idempotent when mouse tracking was never disabled. See the
-            # Layer 9 post-mortem at the top of
-            # ``aru/tui/widgets/chat.py`` for the full analysis.
-            try:
-                driver = self._driver
-                if driver is not None:
-                    driver._enable_mouse_support()
-            except Exception:
-                pass
+            # sequences at the turn boundary. See ``_reenable_mouse_tracking``
+            # for the rationale; here we eagerly recover the moment the
+            # turn ends so the user's first post-turn scroll always works,
+            # without waiting for the periodic Layer 10 tick.
+            self._reenable_mouse_tracking()
+
+    def _reenable_mouse_tracking(self) -> None:
+        """Re-emit Textual's mouse-tracking enable sequences (idempotent).
+
+        Calls the active driver's ``_enable_mouse_support`` which writes
+        four short SGR sequences (``?1000h`` / ``?1003h`` / ``?1015h`` /
+        ``?1006h``). They re-arm X10 mouse reporting at the terminal level
+        so a leaked ``\\x1b[?1000l`` (or any other DEC private-mode escape
+        that disabled wheel input) is recovered from automatically.
+        Idempotent — sending an enable when tracking is already on is a
+        documented no-op on every emulator.
+        Called from two sites:
+        * ``_run_turn`` finally-clause (Layer 9) — eager recovery at every
+          turn boundary so the first post-turn scroll always works.
+        * ``_self_heal_terminal_state`` periodic tick (Layer 10) — recovers
+          mid-turn corruption (e.g. a leaked escape in panel content)
+          within ``_MOUSE_REENABLE_INTERVAL`` instead of leaving the wheel
+          dead until the (potentially long) turn finishes.
+        Wrapped in ``try/except`` because the driver may be ``None`` in
+        headless / test mode and the private method's exact name could
+        shift in a future Textual; better to no-op silently than crash.
+        """
+        try:
+            driver = self._driver
+            if driver is not None:
+                driver._enable_mouse_support()
+        except Exception:
+            pass
+
+    def _self_heal_terminal_state(self) -> None:
+        """Periodic recovery of mouse tracking and input focus (Layers 10 + 11).
+
+        Two failure classes that the tick recovers from:
+
+        1. **Terminal mouse-tracking lost.** Layer 9 already re-enables at
+           the turn boundary; this catches mid-turn corruption so the
+           wheel comes back within ``_MOUSE_REENABLE_INTERVAL`` instead
+           of waiting for the agent to finish.
+        2. **Input prompt invisible or unfocused** when nothing else
+           legitimately owns it. Three concrete scenarios this fixes:
+           * an ``InlineChoicePrompt`` callback raised before
+             ``on_unmount`` ran, leaving ``#input.-hidden`` stuck;
+           * a focusable panel mounted by ``add_renderable`` (pre-Layer-11
+             behaviour) grabbed focus and never released it;
+           * an exception during ``finalize_assistant_message`` cancelled
+             a focus-restore that ``_run_turn`` would normally do.
+
+        We only intervene when **no modal is on top** (modal owns input,
+        ``len(self.screen_stack) <= 1``) and **no ``InlineChoicePrompt``
+        is currently mounted** (the inline prompt legitimately steals
+        focus and hides the input by design — touching it mid-flight
+        would steal back from the user). When both conditions hold, we
+        treat the input as the canonical focus target.
+        """
+        # Layer 10 — mouse tracking.
+        self._reenable_mouse_tracking()
+
+        # Layer 11 — input watchdog. Skip if a modal is on top: the modal
+        # is the legitimate input owner and the underlying ``Input`` is
+        # not part of the active focus chain.
+        try:
+            if len(self.screen_stack) > 1:
+                return
+        except Exception:
+            return
+
+        # Skip if an ``InlineChoicePrompt`` is currently mounted: it has
+        # explicitly hidden the input and owns the focus while waiting
+        # for the user's choice. ``query`` returns an empty list when the
+        # widget tree has no match, so the truth-test is safe.
+        try:
+            from aru.tui.widgets.inline_choice import InlineChoicePrompt
+            if list(self.query(InlineChoicePrompt)):
+                return
+        except Exception:
+            pass
+
+        # Recover ``#input`` if it's stuck hidden (the ``-hidden`` class
+        # comes off only inside ``InlineChoicePrompt._toggle_input``; if
+        # that didn't run because the callback raised, the user is
+        # stranded with no visible prompt). ``remove_class`` on a class
+        # that isn't applied is a no-op, so the unconditional call is safe.
+        try:
+            inp = self.query_one(Input)
+        except Exception:
+            return
+        try:
+            if inp.has_class("-hidden"):
+                inp.remove_class("-hidden")
+        except Exception:
+            pass
+
+        # Re-focus only when *nothing* currently has focus. We deliberately
+        # do NOT yank focus away from a sidebar / scrollback / search
+        # screen the user navigated to themselves — that would fight
+        # legitimate keyboard navigation. The ``focused is None`` guard
+        # narrows the recovery to the ghost-focus state we actually
+        # observed in the bug.
+        try:
+            if self.screen.focused is None:
+                inp.focus()
+        except Exception:
+            pass
 
     # ── Bus wiring — ToolsPane + StatusPane subscribe to plugin events ──
 

aru_code-0.44.0/aru/tui/sanitize.py

@@ -0,0 +1,76 @@
+"""Terminal-output hygiene helpers used across the TUI.
+
+Layer 7 / Layer 9 / Layer 10 of the scroll-freeze post-mortem (see
+``aru/tui/widgets/chat.py`` for the full history) all hinge on the same
+invariant: **no string content originating from the agent, a tool, or
+arbitrary file content may reach the terminal with raw C0 control bytes
+intact.** A single stray ``\\x1b[?1000l`` switches X10 mouse reporting off
+on Windows ConPTY (and most modern emulators), at which point the wheel
+stops working in every scroll surface in the app simultaneously.
+
+The chat pane already protects everything that flows through
+``ChatMessageWidget.buffer`` and the ``add_renderable`` path, but modal
+screens (``ChoiceModal`` / ``ConfirmModal`` / ``TextInputModal``)
+historically built their ``Label`` / ``Static`` content from raw
+agent-provided strings — including the diff preview shown when an edit
+needs approval. Files containing escape bytes (colored scripts, captured
+terminal output, accidentally-saved binaries) flowed straight through to
+the terminal. Hence Layer 10: lift these helpers out of ``chat.py`` and
+apply them at every modal composition point too.
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+
+# C0 controls (0x00-0x1F) and DEL (0x7F) are dropped on the way to the
+# terminal, EXCEPT ``\n`` and ``\t`` which carry semantic meaning to
+# markdown-it, Rich, and Textual layout. Implementation note:
+# ``str.translate`` is implemented in C and runs in microseconds for
+# multi-KB inputs — applying it at every boundary is essentially free.
+_CTRL_CHAR_TRANSLATION: dict[int, None] = {
+    c: None for c in range(32) if chr(c) not in ("\n", "\t")
+}
+_CTRL_CHAR_TRANSLATION[0x7F] = None
+
+
+def sanitize_for_terminal(raw: str) -> str:
+    """Remove non-printable C0 controls so rogue ANSI escapes can't reach the tty.
+
+    Keeps ``\\n`` and ``\\t``; drops everything else in the C0 range plus DEL.
+    Apply this at every boundary where externally-sourced text becomes a
+    Rich renderable / Textual widget content.
+    """
+    return raw.translate(_CTRL_CHAR_TRANSLATION)
+
+
+class SanitizedRenderable:
+    """Wraps a Rich renderable so its output segments are stripped of C0 bytes.
+
+    ``sanitize_for_terminal`` covers every plain string we render. Arbitrary
+    Rich renderables (panels, diff previews, plan summaries, the startup
+    logo) skip that path and would mount as ``Static(renderable)`` whose
+    segments hit the compositor unmodified — including any rogue escapes
+    embedded in the inner text.
+
+    This wrapper closes that gap at the segment level: ``console.render``
+    yields segments from the inner renderable, we strip C0 bytes from any
+    segment whose ``.text`` contains them, and re-emit the cleaned stream.
+    Rich's ``Segment`` is a ``NamedTuple`` so ``seg._replace(text=...)`` is
+    a cheap immutable swap. Unchanged segments are re-emitted unmodified —
+    the hot path is a single ``str.translate`` per segment which typically
+    no-ops.
+    """
+
+    def __init__(self, inner: Any) -> None:
+        self._inner = inner
+
+    def __rich_console__(self, console: Any, options: Any) -> Any:
+        for seg in console.render(self._inner, options):
+            if seg.text:
+                clean = sanitize_for_terminal(seg.text)
+                if clean != seg.text:
+                    yield seg._replace(text=clean)
+                    continue
+            yield seg

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/screens/choice.py

@@ -12,6 +12,8 @@ from textual.screen import ModalScreen
 from textual.widgets import Label, OptionList, Static
 from textual.widgets.option_list import Option
 
+from aru.tui.sanitize import SanitizedRenderable, sanitize_for_terminal
+
 
 class ChoiceModal(ModalScreen[int | None]):
     """Numbered option menu. ``dismiss(int)`` returns the chosen index.
@@ -74,12 +76,27 @@ class ChoiceModal(ModalScreen[int | None]):
     def compose(self) -> ComposeResult:
         with Vertical(id="choice-box"):
             if self._title:
-                yield Label(self._title, id="choice-title")
+                # Sanitise: title may include agent-generated text (plan name,
+                # rejection reason, tool label) which can carry C0 escapes
+                # that would disable mouse tracking globally — see Layer 10
+                # in the chat.py post-mortem.
+                yield Label(
+                    sanitize_for_terminal(self._title),
+                    id="choice-title",
+                )
             if self._details is not None:
-                yield Static(self._details, id="choice-details")
+                # ``details`` is the diff preview / plan summary panel.
+                # Diffs over file content readily contain escape bytes when
+                # the file does (colored scripts, captured terminal output),
+                # making this the most likely entry point for the bug
+                # the periodic re-enable timer recovers from.
+                yield Static(
+                    SanitizedRenderable(self._details),
+                    id="choice-details",
+                )
             yield OptionList(
                 *[
-                    Option(label, id=str(i))
+                    Option(sanitize_for_terminal(label), id=str(i))
                     for i, label in enumerate(self._options)
                 ],
                 id="choice-options",

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/screens/confirm.py

@@ -8,6 +8,8 @@ from textual.containers import Horizontal, Vertical
 from textual.screen import ModalScreen
 from textual.widgets import Button, Label
 
+from aru.tui.sanitize import sanitize_for_terminal
+
 
 class ConfirmModal(ModalScreen[bool]):
     """Yes / No dialog. ``dismiss(True)`` on yes, ``dismiss(False)`` on no.
@@ -53,7 +55,8 @@ class ConfirmModal(ModalScreen[bool]):
 
     def compose(self) -> ComposeResult:
         with Vertical(id="confirm-box"):
-            yield Label(self._prompt, id="confirm-prompt")
+            # Strip C0 controls — see Layer 10 in chat.py post-mortem.
+            yield Label(sanitize_for_terminal(self._prompt), id="confirm-prompt")
             with Horizontal(id="confirm-buttons"):
                 yield Button(
                     "Yes",

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/screens/text_input.py

@@ -8,6 +8,8 @@ from textual.containers import Vertical
 from textual.screen import ModalScreen
 from textual.widgets import Input, Label
 
+from aru.tui.sanitize import sanitize_for_terminal
+
 
 class TextInputModal(ModalScreen[str | None]):
     """Single-line text prompt. ``dismiss(str)`` on Enter, ``dismiss(None)``
@@ -49,7 +51,8 @@ class TextInputModal(ModalScreen[str | None]):
 
     def compose(self) -> ComposeResult:
         with Vertical(id="text-box"):
-            yield Label(self._prompt, id="text-prompt")
+            # Strip C0 controls — see Layer 10 in chat.py post-mortem.
+            yield Label(sanitize_for_terminal(self._prompt), id="text-prompt")
             yield Input(
                 value=self._default,
                 placeholder=self._placeholder,

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/widgets/chat.py

@@ -213,6 +213,138 @@ Treat as a ninth layer: defence-in-depth against terminal-state
 corruption. Prong 1 plugs the last known-possible leak inside our
 code; prong 2 recovers even if something outside our reach drops
 the state anyway.
+
+----
+
+Post-mortem — "wheel still dies after edits / option prompts" (2026-04-24,
+``fix/scroll-analysis`` continued)
+---------------------------------------------------------------------
+**Symptom:** users reported that the wheel-dead bug reproduces most
+often **right after a file edit was approved** or **while picking an
+option in a modal**, rather than only at end-of-turn. Layers 7 + 9
+already cover ``ChatMessageWidget.buffer`` and ``add_renderable``,
+but the bug clearly fired through some content path neither of those
+guarded.
+
+**Cause:** the Layer 9 audit had a blind spot — the *modal screens*.
+``ChoiceModal`` (the approval prompt for plan / edit / permission),
+``ConfirmModal``, and ``TextInputModal`` all built their visible
+content from raw caller-supplied strings:
+
+* ``aru/tui/screens/choice.py:77`` — ``Label(self._title)``
+* ``aru/tui/screens/choice.py:79`` — ``Static(self._details)``
+  (the **diff preview** for edit approvals)
+* ``aru/tui/screens/confirm.py:56`` — ``Label(self._prompt)``
+* ``aru/tui/screens/text_input.py:52`` — ``Label(self._prompt)``
+
+The ``details`` panel of ``ChoiceModal`` is the obvious gun — it's
+where the unified diff goes when the user is asked to approve an
+``edit_file``. Diffs over file content faithfully reproduce whatever
+bytes were in the file; a colored shell script, a captured terminal
+recording, or any binary-ish artifact saved as text trivially carries
+``\\x1b[?1000l`` straight into the diff and onto the terminal. That
+matches the user's reported pattern exactly: "wheel dies after I
+approve an edit".
+
+**Two-prong fix:**
+
+1. **Lift the Layer 7/9 helpers into a shared module.**
+   ``aru/tui/sanitize.py`` now exports ``sanitize_for_terminal`` and
+   ``SanitizedRenderable``; ``chat.py`` imports them with the same
+   names it had locally so nothing inside this file changes
+   semantically. The four modal compose sites now apply the same
+   barrier — ``Label(sanitize_for_terminal(self._prompt))`` for
+   plain-text prompts and ``Static(SanitizedRenderable(self._details))``
+   for arbitrary renderables. Any future modal added to the TUI
+   should follow this convention; the helper module is the canonical
+   location.
+
+2. **Periodic mouse-tracking re-emit (``AruApp._reenable_mouse_tracking``).**
+   The Layer 9 turn-boundary recovery only fires after the agent
+   finishes. A diff preview shown mid-turn can disable the wheel for
+   minutes if the agent is doing a long batch of edits. The new
+   ``set_interval(_MOUSE_REENABLE_INTERVAL=8s, ...)`` in
+   ``on_mount`` re-emits the four enable sequences every eight
+   seconds regardless of turn state — ~24 bytes per tick, idempotent
+   on a healthy terminal. Worst-case time-to-recover is bounded at 8s
+   instead of "until the agent stops working".
+
+Treat as a tenth layer. Layer 10 differs from 9 in scope: 9 plugs
+known leaks at known boundaries, 10 assumes leaks will keep being
+found (Textual stack, plugin renderables, a future modal) and recovers
+on a clock independently of any code path noticing. The pair is the
+intended steady state — not a bug-of-the-week, a structural answer to
+a class of bug we cannot fully prevent without rewriting how arbitrary
+renderables reach Rich's console.
+
+----
+
+Post-mortem — "input loses focus mid-stream in YOLO" (2026-04-25,
+``fix/scroll-analysis`` continued)
+---------------------------------------------------------------------
+**Symptom:** during long YOLO-mode runs (no permission prompts, no
+modals), the user reported that the input box stops accepting
+keystrokes mid-implementation. Often coincident with the wheel-dead
+signature, but distinct: typing goes nowhere even before any visible
+panel suggests focus moved.
+
+**What it was not:** the Layer 10 audit was scoped to *terminal-state*
+corruption (mouse tracking turned off by stray escape bytes). The
+focus issue is a separate failure mode — the same content paths that
+leak C0 bytes also mount focusable widgets, and Textual's default
+focus chain happily includes them.
+
+**Two compounding causes:**
+
+1. **``add_renderable(scrollable=True)`` mounted a focus-eligible
+   ``VerticalScroll``.** ``VerticalScroll.can_focus`` defaults to
+   ``True`` so users can Tab into a panel for keyboard scrolling.
+   Inside the chat flow, where every plan/task/diff render adds a
+   wrapper, this turns content panels into focus competitors with the
+   ``Input``. A single Tab during streaming, a focus restoration
+   after a modal closes, or any Textual-internal focus rotation could
+   land on a panel and leave the input dead. Fix: ``wrapper.can_focus
+   = False`` on every scrollable wrapper. Mouse-wheel scrolling inside
+   the panel still works because Textual routes wheel events via the
+   pointer, not the focus chain.
+
+2. **``InlineChoicePrompt`` had no recovery if its callback raised.**
+   The widget hides ``#input`` on mount and restores it on unmount.
+   If the ``on_choice`` callback throws (or the widget is removed by a
+   parent before lifecycle fires), ``-hidden`` stays applied and the
+   input is invisible until the next mount/unmount cycle — possibly
+   never. Layer 11 doesn't fix the underlying lifecycle issue
+   (callbacks should be exception-safe in their own right) but adds a
+   recovery loop: the periodic tick checks for stuck state and clears
+   it.
+
+**Layer 11 — input watchdog, sharing the Layer 10 timer.**
+``AruApp._self_heal_terminal_state`` extends ``_reenable_mouse_tracking``
+to also enforce input invariants when the inline-prompt path is not
+legitimately active:
+
+* If a modal screen is on top → skip (modal owns input).
+* If an ``InlineChoicePrompt`` is mounted → skip (it owns focus by
+  design while waiting for a choice).
+* Otherwise: clear stuck ``-hidden`` from ``#input`` and refocus it
+  iff ``screen.focused is None``. The ``focused is None`` guard is
+  intentional — it does NOT fight legitimate Tab navigation to the
+  sidebar / scrollback / search screen. We only recover from the
+  ghost-focus state where Textual's chain has nobody.
+
+Layer 11 also extends the modal-sanitisation pattern to
+``InlineChoicePrompt``, which had been overlooked by Layer 10 — its
+``Label(self._title)`` / ``Option(label)`` calls now go through
+``sanitize_for_terminal`` before reaching the widget tree.
+
+**Why we keep adding layers and not rewriting the architecture:** each
+layer addresses a distinct *signal* the user reported — and each one
+has narrow, idempotent recovery semantics. Rewriting the chat to use
+a single virtualised text buffer (à la Textual's recent Markdown
+virtualisation experiments) would close some of these by structure,
+but at the cost of every other property the chat currently has
+(selection, copy, mid-stream insertion of arbitrary Rich panels, plan
+mounts). Layered defences are cheap and additive; the rewrite is not.
 """
 
 from __future__ import annotations
@@ -233,6 +365,11 @@ from textual.containers import VerticalScroll
 from textual.reactive import reactive
 from textual.widgets import Static
 
+from aru.tui.sanitize import (
+    SanitizedRenderable as _SanitizedRenderable,
+    sanitize_for_terminal as _sanitize_for_terminal,
+)
+
 
 # Reference-definition line: ``[label]: href`` (optional leading 0–3 spaces).
 # Presence of *any* reference definition anywhere in the snapshot disables the
@@ -242,64 +379,6 @@ from textual.widgets import Static
 _REF_DEF_RE = re.compile(r"^[ ]{0,3}\[[^\]\n]+\]:\s", re.MULTILINE)
 
 
-# Strip ASCII control characters (0x00–0x1F plus DEL 0x7F) from any content
-# about to be rendered to the terminal, EXCEPT ``\n`` and ``\t`` which are
-# semantically meaningful to markdown-it, Rich, and Textual. Rich's ``Text``
-# passes escape bytes through verbatim, so if a streamed model reply or a
-# tool label contains ``\x1b[?1000l`` (or any other DEC private-mode escape),
-# the terminal receives it directly and globally disables mouse tracking —
-# at which point every scroll area in the TUI stops responding to the
-# mouse wheel (keyboard still works, which is why the bug presents as
-# "only scroll froze"). Models that talk about terminal control sequences
-# or tools that echo subprocess output are the realistic injection paths.
-_CTRL_CHAR_TRANSLATION = {c: None for c in range(32) if chr(c) not in ("\n", "\t")}
-_CTRL_CHAR_TRANSLATION[0x7F] = None
-
-
-def _sanitize_for_terminal(raw: str) -> str:
-    """Remove non-printable control chars so rogue ANSI escapes can't reach the tty.
-
-    Keeps ``\\n`` and ``\\t``; drops everything else in the C0 range plus DEL.
-    Cheap: ``str.translate`` is implemented in C and runs in microseconds for
-    multi-KB inputs. Applied at every boundary where chat content becomes a
-    Rich renderable.
-    """
-    return raw.translate(_CTRL_CHAR_TRANSLATION)
-
-
-class _SanitizedRenderable:
-    """Wraps a Rich renderable so its output segments are stripped of C0 bytes.
-
-    ``_sanitize_for_terminal`` covers every string passing through
-    ``ChatMessageWidget.buffer``. Arbitrary Rich renderables handed to
-    ``ChatPane.add_renderable`` (plan panels, task lists, diff previews, the
-    startup logo) skip that widget and mount as a plain ``Static(renderable)``
-    — so a rogue ``\\x1b[?1000l`` inside a task description, a panel title, or
-    subprocess output echoed into a panel would flow straight through Rich
-    segments to Textual's compositor and onto the terminal, disabling mouse
-    tracking globally (Layer 7 signature).
-
-    This wrapper closes that gap: ``console.render`` yields segments from the
-    inner renderable, we strip C0 bytes from any segment whose ``.text``
-    contains them, and re-emit the cleaned stream. Rich's ``Segment`` is a
-    ``NamedTuple`` so ``seg._replace(text=...)`` is a cheap immutable swap.
-    Unchanged segments are re-emitted unmodified — the hot path is a single
-    ``str.translate`` on segment text which typically no-ops.
-    """
-
-    def __init__(self, inner: Any) -> None:
-        self._inner = inner
-
-    def __rich_console__(self, console: Any, options: Any) -> Any:
-        for seg in console.render(self._inner, options):
-            if seg.text:
-                clean = _sanitize_for_terminal(seg.text)
-                if clean != seg.text:
-                    yield seg._replace(text=clean)
-                    continue
-            yield seg
-
-
 def _scan_fences(text: str) -> tuple[int, int]:
     """One-pass fence scanner. Returns ``(last_stable_split, open_fence_start)``.
 
@@ -1080,6 +1159,17 @@ class ChatPane(VerticalScroll):
             # row bleeding outside the box.
             wrapper.styles.padding = 0
             wrapper.styles.margin = 0
+            # ``VerticalScroll`` is focusable by default so users can Tab
+            # into it for keyboard scrolling. Inside the chat flow that's
+            # the wrong default — the user navigates via the outer
+            # ``ChatPane`` (whole-conversation scroll) and the wheel works
+            # over an inner panel without focus thanks to Textual's
+            # pointer-based wheel routing. Leaving these focusable makes
+            # them race the ``Input`` for focus during plan/task/diff
+            # mounts, with the symptom that typing stops reaching the
+            # prompt mid-stream. ``can_focus = False`` removes them from
+            # the focus chain entirely. (Layer 11 in the chat.py post-mortem.)
+            wrapper.can_focus = False
             self.mount(wrapper)
             wrapper.mount(widget)
         else:

{aru_code-0.42.0 → aru_code-0.44.0}/aru/tui/widgets/inline_choice.py

@@ -27,6 +27,8 @@ from textual.widget import Widget
 from textual.widgets import Label, OptionList
 from textual.widgets.option_list import Option
 
+from aru.tui.sanitize import sanitize_for_terminal
+
 
 class InlineChoicePrompt(Widget):
     """Approval prompt rendered as a bordered widget in the ChatPane flow."""
@@ -82,13 +84,18 @@ class InlineChoicePrompt(Widget):
         self._fired = False
 
     def compose(self) -> ComposeResult:
+        # Sanitise every caller-supplied string — title, hint, and option
+        # labels can carry text from the agent, a tool result, or a plan
+        # summary, all of which may contain raw C0 escapes that would
+        # disable mouse tracking globally if they reached the terminal.
+        # Same boundary as ``ChoiceModal``; see Layer 10 in chat.py.
         if self._title:
-            yield Label(self._title, classes="title")
+            yield Label(sanitize_for_terminal(self._title), classes="title")
         if self._hint:
-            yield Label(self._hint, classes="hint")
+            yield Label(sanitize_for_terminal(self._hint), classes="hint")
         yield OptionList(
             *[
-                Option(label, id=str(i))
+                Option(sanitize_for_terminal(label), id=str(i))
                 for i, label in enumerate(self._options)
             ],
         )

{aru_code-0.42.0 → aru_code-0.44.0/aru_code.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aru-code
-Version: 0.42.0
+Version: 0.44.0
 Summary: A Claude Code clone built with Agno agents
 Author-email: Estevao <estevaofon@gmail.com>
 License-Expression: MIT

{aru_code-0.42.0 → aru_code-0.44.0}/aru_code.egg-info/SOURCES.txt

@@ -69,6 +69,7 @@ aru/tools/web.py
 aru/tools/worktree.py
 aru/tui/__init__.py
 aru/tui/app.py
+aru/tui/sanitize.py
 aru/tui/sinks.py
 aru/tui/slash_bridge.py
 aru/tui/ui.py

{aru_code-0.42.0 → aru_code-0.44.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "aru-code"
-version = "0.42.0"
+version = "0.44.0"
 description = "A Claude Code clone built with Agno agents"
 readme = "README.md"
 license = "MIT"

aru_code-0.42.0/aru/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.42.0"