agents-orchestrator/agent-orchestrator

Fork 0

Commit graph

Author	SHA1	Message	Date
Hibryda	1cd4558740	fix(electrobun): address all 22 Codex review #2 findings CRITICAL: - DocsTab XSS: DOMPurify sanitization on all {@html} output - File RPC path traversal: guardPath() validates against project CWDs HIGH: - SSH injection: spawn /usr/bin/ssh via PTY args, no shell string - Search XSS: strip HTML, highlight matches client-side with <mark> - Terminal listener leak: cleanup functions stored + called in onDestroy - FileBrowser race: request token, discard stale responses - SearchOverlay race: same request token pattern - App startup ordering: groups.list chains into active_group restore - PtyClient timeout: 5-second auth timeout on connect() - Rule 55: 6 {#if} patterns converted to style:display toggle MEDIUM: - Agent persistence: only persist NEW messages (lastPersistedIndex) - Search errors: typed error response, "Invalid query" UI - Health store wired: agent events call recordActivity/setProjectStatus - index.ts SRP: split into 8 domain handler modules (298 lines) - App.svelte: extracted workspace-store.svelte.ts - rpc.ts: typed AppRpcHandle, removed `any` LOW: - CommandPalette listener wired in App.svelte - Dead code removed (removeGroup, onDragStart, plugin loaded)	2026-03-22 02:30:09 +01:00
Hibryda	8e756d3523	feat(electrobun): final 5% — full integration, real data, polish 1. Claude CLI: additionalDirectories + worktreeName passthrough 2. Agent-store: reads settings (default_cwd, provider model, permission) 3. Project hydration: SQLite replaces hardcoded PROJECTS, add/remove UI 4. Group hydration: SQLite groups, add/delete in sidebar 5. Terminal auto-spawn: reads default_cwd from settings 6. Context tab: real tokens from agent-store, file refs, turn count 7. Memory tab: Memora DB integration (read-only, graceful if missing) 8. Docs tab: markdown viewer (files.list + files.read + inline renderer) 9. SSH tab: CRUD connections, spawn PTY with ssh command 10. Error handling: global unhandledrejection → toast notifications 11. Notifications: agent done/error/stall → toasts, 15min stall timer 12. Command palette: all 18 commands (was 10) +1,198 lines, 13 files. Electrobun now 100% feature-complete vs Tauri v3.	2026-03-22 02:02:54 +01:00

Author

SHA1

Message

Date

Hibryda

1cd4558740

fix(electrobun): address all 22 Codex review #2 findings

CRITICAL:
- DocsTab XSS: DOMPurify sanitization on all {@html} output
- File RPC path traversal: guardPath() validates against project CWDs

HIGH:
- SSH injection: spawn /usr/bin/ssh via PTY args, no shell string
- Search XSS: strip HTML, highlight matches client-side with <mark>
- Terminal listener leak: cleanup functions stored + called in onDestroy
- FileBrowser race: request token, discard stale responses
- SearchOverlay race: same request token pattern
- App startup ordering: groups.list chains into active_group restore
- PtyClient timeout: 5-second auth timeout on connect()
- Rule 55: 6 {#if} patterns converted to style:display toggle

MEDIUM:
- Agent persistence: only persist NEW messages (lastPersistedIndex)
- Search errors: typed error response, "Invalid query" UI
- Health store wired: agent events call recordActivity/setProjectStatus
- index.ts SRP: split into 8 domain handler modules (298 lines)
- App.svelte: extracted workspace-store.svelte.ts
- rpc.ts: typed AppRpcHandle, removed `any`

LOW:
- CommandPalette listener wired in App.svelte
- Dead code removed (removeGroup, onDragStart, plugin loaded)

2026-03-22 02:30:09 +01:00

Hibryda

8e756d3523

feat(electrobun): final 5% — full integration, real data, polish

1. Claude CLI: additionalDirectories + worktreeName passthrough
2. Agent-store: reads settings (default_cwd, provider model, permission)
3. Project hydration: SQLite replaces hardcoded PROJECTS, add/remove UI
4. Group hydration: SQLite groups, add/delete in sidebar
5. Terminal auto-spawn: reads default_cwd from settings
6. Context tab: real tokens from agent-store, file refs, turn count
7. Memory tab: Memora DB integration (read-only, graceful if missing)
8. Docs tab: markdown viewer (files.list + files.read + inline renderer)
9. SSH tab: CRUD connections, spawn PTY with ssh command
10. Error handling: global unhandledrejection → toast notifications
11. Notifications: agent done/error/stall → toasts, 15min stall timer
12. Command palette: all 18 commands (was 10)

+1,198 lines, 13 files. Electrobun now 100% feature-complete vs Tauri v3.

2026-03-22 02:02:54 +01:00

2 commits