1cd4558740
CRITICAL:
- DocsTab XSS: DOMPurify sanitization on all {@html} output
- File RPC path traversal: guardPath() validates against project CWDs
HIGH:
- SSH injection: spawn /usr/bin/ssh via PTY args, no shell string
- Search XSS: strip HTML, highlight matches client-side with <mark>
- Terminal listener leak: cleanup functions stored + called in onDestroy
- FileBrowser race: request token, discard stale responses
- SearchOverlay race: same request token pattern
- App startup ordering: groups.list chains into active_group restore
- PtyClient timeout: 5-second auth timeout on connect()
- Rule 55: 6 {#if} patterns converted to style:display toggle
MEDIUM:
- Agent persistence: only persist NEW messages (lastPersistedIndex)
- Search errors: typed error response, "Invalid query" UI
- Health store wired: agent events call recordActivity/setProjectStatus
- index.ts SRP: split into 8 domain handler modules (298 lines)
- App.svelte: extracted workspace-store.svelte.ts
- rpc.ts: typed AppRpcHandle, removed `any`
LOW:
- CommandPalette listener wired in App.svelte
- Dead code removed (removeGroup, onDragStart, plugin loaded)
|
||
|---|---|---|
| .. | ||
| build/dev-linux-x64/AgentOrchestrator-dev | ||
| src | ||
| tests/e2e | ||
| bun.lock | ||
| electrobun.config.ts | ||
| llms.txt | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| svelte.config.js | ||
| tsconfig.json | ||
| vite.config.ts | ||
Svelte Electrobun Template
A fast Electrobun desktop app template with Svelte 5 and Vite for hot module replacement (HMR).
Getting Started
# Install dependencies
bun install
# Development without HMR (uses bundled assets)
bun run dev
# Development with HMR (recommended)
bun run dev:hmr
# Build for production
bun run build
# Build for production release
bun run build:prod
How HMR Works
When you run bun run dev:hmr:
- Vite dev server starts on
http://localhost:5173with HMR enabled - Electrobun starts and detects the running Vite server
- The app loads from the Vite dev server instead of bundled assets
- Changes to Svelte components update instantly without full page reload
When you run bun run dev (without HMR):
- Electrobun starts and loads from
views://mainview/index.html - You need to rebuild (
bun run build) to see changes
Project Structure
├── src/
│ ├── bun/
│ │ └── index.ts # Main process (Electrobun/Bun)
│ └── mainview/
│ ├── App.svelte # Svelte app component
│ ├── main.ts # Svelte entry point
│ ├── index.html # HTML template
│ └── app.css # Global styles
├── electrobun.config.ts # Electrobun configuration
├── vite.config.ts # Vite configuration
├── svelte.config.js # Svelte configuration
└── package.json
Svelte 5 Features
This template uses Svelte 5 with the new runes syntax:
$state()- reactive state$derived()- computed values$effect()- side effects
Customizing
- Svelte components: Edit files in
src/mainview/ - Global styles: Edit
src/mainview/app.css - Vite settings: Edit
vite.config.ts - Window settings: Edit
src/bun/index.ts - App metadata: Edit
electrobun.config.ts