mirror of
https://github.com/nesquena/hermes-webui.git
synced 2026-05-23 10:50:14 +00:00
nesquena-hermes
6c343aff84
* feat(models): add gpt-5.5 to openai, openai-codex, copilot catalogs Adds GPT-5.5 and GPT-5.5 Mini entries to the static _PROVIDER_MODELS catalog so they appear in the model picker for the openai, openai-codex, and copilot providers. Signed-off-by: Pix (PiClaw, claude-opus-4-7) via Hermes Agent * fix(models): add gpt-5.5-mini to copilot provider catalog * fix(renderer): suppress Mermaid Google Fonts CSP violation via fontFamily inherit (#1044) Mermaid's built-in 'dark' and 'default' themes inject an @import for fonts.googleapis.com/Manrope into every generated SVG. The CSP style-src only allows cdn.jsdelivr.net, so this request is blocked on every diagram render, filling the console with CSP errors. Fix: pass fontFamily:'inherit' (and fontSize:'14px') in the themeVariables block of mermaid.initialize() in renderMermaidBlocks(). This suppresses Mermaid's external font import and uses the page's existing font stack. Avoids adding fonts.googleapis.com to the CSP — no new external dependency, no font FOUT, consistent with the rest of the UI typography. 3 regression tests added in tests/test_1044_mermaid_csp_font.py. 2215/2215 tests passing. * fix(onboarding): non-standard provider/path cluster (#1029) * fix(bfcache): restore full layout on tab/session restore — rail, topbar, panels (#1045) The pageshow handler added for #822 only cleared the session search filter and re-rendered the session list. This left the rest of the layout chrome (topbar, rail icons, workspace panel, resize handles, gateway SSE) in the stale bfcache DOM state, causing a broken layout (oversized search icon, uninitialized rail) that required a hard refresh to fix. Fix: extend the pageshow handler to re-run the full set of layout sync calls that the boot IIFE runs on a fresh page load: syncTopbar() — restores model chip, title, topbar state syncWorkspacePanelState() — restores workspace panel open/closed _initResizePanels() — reattaches panel resize drag listeners startGatewaySSE() — reconnects the gateway SSE watcher (bfcache-persisted connections are dead) All four calls are typeof-guarded for safe degradation if a helper is not yet defined. The existing #822 fixes (sessionSearch clear + renderSessionListFromCache) are preserved unchanged. loadSession() is intentionally NOT re-called — it would cause message flicker; the sync calls above are sufficient to restore visual state. 7 regression tests added in tests/test_1045_bfcache_layout_restore.py. 2219/2219 tests passing. * fix(bfcache): also close open dropdowns on bfcache restore (#1045) Additional symptom noted in issue #1045: bfcache freezes the DOM including any open dropdown/popover state. The thinking-level selector (and other composer dropdowns) left open when navigating away would appear open without user interaction on tab restore. Extend the pageshow handler to call all four named close functions before the layout sync: closeModelDropdown() — composer model selector closeReasoningDropdown() — thinking/reasoning effort selector closeWsDropdown() — workspace chip dropdown closeProfileDropdown() — profile switcher dropdown All calls are typeof-guarded, matching the style of the layout sync calls already in the handler. 2 new tests (9 total in test_1045_bfcache_layout_restore.py): - pageshow closes all four named dropdowns - dropdown closes appear before layout sync calls (clean state first) 2221/2221 tests passing. * fix(bfcache): remove _initResizePanels() — bfcache preserves listeners * fix(bfcache): remove _initResizePanels from pageshow — bfcache preserves listeners; update test * fix(sessions): use cron job name as session title when available (#1032) * fix(test): add id column to messages table in cron title test fixture * fix(merge): inject cron title lookup into read_importable loop, remove stale sqlite3 block * fix(pwa): redirect to /login client-side on 401 — fixes iOS PWA auth expiry trap (#1038) When an auth session expires, the server returns a 302→/login for page requests. In a normal browser this works fine, but in an iOS PWA running in standalone mode the redirect navigates out of the PWA shell into Safari, leaving the app permanently stuck on 'Authentication required' with no recovery path. Fix: intercept 401 responses client-side before surfacing any error. - workspace.js api(): check res.status===401 first; call window.location.href='/login' and return immediately (no throw) - ui.js: add _redirectIfUnauth() helper; wire into all direct fetch() calls that bypass api() — api/models, api/models/live, api/upload All fetch paths that could receive a 401 now redirect cleanly within the PWA frame rather than opening Safari. 6 regression tests added in tests/test_1038_pwa_auth_redirect.py. 2175/2175 tests passing. * fix(pwa): preserve current URL in ?next= param on 401 redirect * fix(test): update 401-redirect assertion to accept ?next= URL format * feat(pwa): add _safeNextPath() to login.js so ?next= param is honored after re-login Addresses reviewer suggestion: the ?next= URL set on 401 redirect was ignored by the login success handler (always redirected to ./). _safeNextPath() validates and returns the ?next= param with open-redirect guards: rejects non-path-absolute inputs, // protocol-relative URLs, backslash variants, and control characters. 4 new regression tests added. * Implement session agent cache for AIAgent reuse Added session agent cache to reuse AIAgent across messages. * Implement agent caching for session management * Implement session agent eviction on session deletion Added session agent eviction to prevent turn count leakage in recycled sessions. * docs: v0.50.210 release notes — 7 PRs, 2239 tests (+27) * docs(changelog): drop stale [Unreleased] entries duplicated by v0.50.210 Three entries in the [Unreleased] section are duplicates of items now listed under v0.50.210: - Mermaid CSP font fix (#1044) → v0.50.210 / Mermaid Google Fonts CSP - bfcache layout restore (#1045) → v0.50.210 / bfcache layout and dropdown restore - iOS PWA auth redirect (#1038) → v0.50.210 / Login redirects back to original URL The original drafts landed in [Unreleased] when individual PRs (#1047, #1048, #1043) were approved; the v0.50.210 release-notes commit then added the same items under the version section without removing the [Unreleased] copies. Drop the duplicates so users reading the CHANGELOG don't see the same fix listed twice. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Signed-off-by: Pix (PiClaw, claude-opus-4-7) via Hermes Agent Co-authored-by: Pix (Hermes) <aliceisjustplaying@users.noreply.github.com> Co-authored-by: nesquena-hermes <nesquena-hermes@users.noreply.github.com> Co-authored-by: qxxaa <mrhanoi@outlook.com> Co-authored-by: Nathan Esquenazi <nesquena@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
321 lines
13 KiB
JavaScript
321 lines
13 KiB
JavaScript
async function api(path,opts={}){
|
|
// Strip leading slash so URL resolves relative to location.href (supports subpath mounts)
|
|
const rel = path.startsWith('/') ? path.slice(1) : path;
|
|
const url=new URL(rel,location.href);
|
|
const res=await fetch(url.href,{credentials:'include',headers:{'Content-Type':'application/json'},...opts});
|
|
if(!res.ok){
|
|
// 401 means the auth session expired. Redirect to /login so the user can
|
|
// re-authenticate. This is especially important for iOS PWA (standalone mode)
|
|
// where a server-side 302 → /login opens in Safari instead of within the PWA.
|
|
if(res.status===401){window.location.href='/login?next='+encodeURIComponent(window.location.pathname+window.location.search);return;}
|
|
const text=await res.text();
|
|
// Parse JSON error body and surface the human-readable message,
|
|
// rather than showing raw JSON like {"error":"Profile 'x' does not exist."}
|
|
try{const j=JSON.parse(text);throw new Error(j.error||j.message||text);}
|
|
catch(e){if(e instanceof SyntaxError)throw new Error(text);throw e;}
|
|
}
|
|
const ct=res.headers.get('content-type')||'';
|
|
return ct.includes('application/json')?res.json():res.text();
|
|
}
|
|
|
|
// Persist/restore expanded directory state per workspace in localStorage
|
|
function _wsExpandKey(){
|
|
const ws=S.session&&S.session.workspace;
|
|
return ws?'hermes-webui-expanded:'+ws:null;
|
|
}
|
|
function _saveExpandedDirs(){
|
|
const key=_wsExpandKey();if(!key)return;
|
|
try{localStorage.setItem(key,JSON.stringify([...(S._expandedDirs||new Set())]));}catch(e){}
|
|
}
|
|
function _restoreExpandedDirs(){
|
|
const key=_wsExpandKey();
|
|
if(!key){S._expandedDirs=new Set();return;}
|
|
try{
|
|
const raw=localStorage.getItem(key);
|
|
S._expandedDirs=raw?new Set(JSON.parse(raw)):new Set();
|
|
}catch(e){S._expandedDirs=new Set();}
|
|
}
|
|
|
|
async function loadDir(path){
|
|
if(!S.session)return;
|
|
try{
|
|
if(!path||path==='.'){
|
|
S._dirCache={};
|
|
_restoreExpandedDirs(); // restore per-workspace expanded state on root load
|
|
}
|
|
S.currentDir=path||'.';
|
|
const data=await api(`/api/list?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
|
|
S.entries=data.entries||[];renderBreadcrumb();renderFileTree();
|
|
// Pre-fetch contents of restored expanded dirs so they render without a second click
|
|
if(!path||path==='.'){
|
|
for(const dirPath of (S._expandedDirs||[])){
|
|
if(!S._dirCache[dirPath]){
|
|
try{
|
|
const dc=await api(`/api/list?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(dirPath)}`);
|
|
S._dirCache[dirPath]=dc.entries||[];
|
|
}catch(e2){S._dirCache[dirPath]=[];}
|
|
}
|
|
}
|
|
if(S._expandedDirs&&S._expandedDirs.size>0)renderFileTree();
|
|
}
|
|
if(typeof clearPreview==='function'){
|
|
if(typeof _previewDirty!=='undefined'&&_previewDirty){
|
|
showConfirmDialog({title:t('unsaved_confirm'),message:'',confirmLabel:'Discard',danger:true,focusCancel:true}).then(ok=>{if(ok)clearPreview();});
|
|
}else{
|
|
clearPreview();
|
|
}
|
|
}
|
|
// Fetch git info for workspace root (non-blocking)
|
|
if(!path||path==='.') _refreshGitBadge();
|
|
}catch(e){console.warn('loadDir',e);}
|
|
}
|
|
|
|
async function _refreshGitBadge(){
|
|
const badge=$('gitBadge');
|
|
if(!badge||!S.session)return;
|
|
try{
|
|
const data=await api(`/api/git-info?session_id=${encodeURIComponent(S.session.session_id)}`);
|
|
if(data.git&&data.git.is_git){
|
|
const g=data.git;
|
|
let text=g.branch||'git';
|
|
if(g.dirty>0) text+=` \u00b7 ${g.dirty}\u2206`; // middot + delta
|
|
if(g.behind>0) text+=` \u2193${g.behind}`;
|
|
if(g.ahead>0) text+=` \u2191${g.ahead}`;
|
|
badge.textContent=text;
|
|
badge.className='git-badge'+(g.dirty>0?' dirty':'');
|
|
badge.style.display='';
|
|
} else {
|
|
badge.style.display='none';
|
|
badge.textContent='';
|
|
}
|
|
}catch(e){badge.style.display='none';}
|
|
}
|
|
|
|
function navigateUp(){
|
|
if(!S.session||S.currentDir==='.')return;
|
|
const parts=S.currentDir.split('/');
|
|
parts.pop();
|
|
loadDir(parts.length?parts.join('/'):'.');
|
|
}
|
|
|
|
// File extension sets for preview routing (must match server-side sets)
|
|
const IMAGE_EXTS = new Set(['.png','.jpg','.jpeg','.gif','.svg','.webp','.ico','.bmp']);
|
|
const MD_EXTS = new Set(['.md','.markdown','.mdown']);
|
|
const HTML_EXTS = new Set(['.html','.htm']);
|
|
// Binary formats that should download rather than preview
|
|
const DOWNLOAD_EXTS = new Set([
|
|
'.docx','.doc','.xlsx','.xls','.pptx','.ppt','.odt','.ods','.odp',
|
|
'.pdf','.zip','.tar','.gz','.bz2','.7z','.rar',
|
|
'.mp3','.mp4','.wav','.m4a','.ogg','.flac','.mov','.avi','.mkv','.webm',
|
|
'.exe','.dmg','.pkg','.deb','.rpm',
|
|
'.woff','.woff2','.ttf','.otf','.eot',
|
|
'.bin','.dat','.db','.sqlite','.pyc','.class','.so','.dylib','.dll',
|
|
]);
|
|
|
|
function fileExt(p){ const i=p.lastIndexOf('.'); return i>=0?p.slice(i).toLowerCase():''; }
|
|
|
|
let _previewCurrentPath = ''; // relative path of currently previewed file
|
|
let _previewCurrentMode = ''; // 'code' | 'md' | 'image' | 'html'
|
|
let _previewDirty = false; // true when edits are unsaved
|
|
|
|
function showPreview(mode){
|
|
// mode: 'code' | 'image' | 'md' | 'html'
|
|
$('previewCode').style.display = mode==='code' ? '' : 'none';
|
|
$('previewImgWrap').style.display = mode==='image' ? '' : 'none';
|
|
$('previewMd').style.display = mode==='md' ? '' : 'none';
|
|
$('previewHtmlWrap').style.display = mode==='html' ? '' : 'none';
|
|
$('previewEditArea').style.display = 'none'; // start in read-only
|
|
const badge=$('previewBadge');
|
|
badge.className='preview-badge '+mode;
|
|
badge.textContent = mode==='image'?'image':mode==='md'?'md':mode==='html'?'html':fileExt($('previewPathText').textContent)||'text';
|
|
_previewCurrentMode = mode;
|
|
_previewDirty = false;
|
|
updateEditBtn();
|
|
// Show "Open in browser" button only for HTML mode
|
|
const openBtn=$('btnOpenInBrowser');
|
|
if(openBtn) openBtn.style.display = mode==='html'?'inline-flex':'none';
|
|
}
|
|
|
|
function updateEditBtn(){
|
|
const btn=$('btnEditFile');
|
|
if(!btn)return;
|
|
const editable = _previewCurrentMode==='code'||_previewCurrentMode==='md';
|
|
btn.style.display = editable?'':'none';
|
|
const editing = $('previewEditArea').style.display!=='none';
|
|
btn.innerHTML = editing ? `💾 ${t('save')}` : `✎ ${t('edit')}`;
|
|
btn.title = editing ? t('save_title') : t('edit_title');
|
|
btn.style.color = editing ? 'var(--blue)' : '';
|
|
if(_previewDirty) btn.innerHTML = '💾 Save*';
|
|
}
|
|
|
|
async function toggleEditMode(){
|
|
const editing = $('previewEditArea').style.display!=='none';
|
|
if(editing){
|
|
// Save
|
|
if(!S.session||!_previewCurrentPath)return;
|
|
const content=$('previewEditArea').value;
|
|
try{
|
|
await api('/api/file/save',{method:'POST',body:JSON.stringify({
|
|
session_id:S.session.session_id, path:_previewCurrentPath, content
|
|
})});
|
|
_previewDirty=false;
|
|
// Update read-only views
|
|
if(_previewCurrentMode==='code') $('previewCode').textContent=content;
|
|
else { $('previewMd').innerHTML=renderMd(content); requestAnimationFrame(()=>{if(typeof renderKatexBlocks==='function')renderKatexBlocks();}); }
|
|
$('previewEditArea').style.display='none';
|
|
if(_previewCurrentMode==='code') $('previewCode').style.display='';
|
|
else $('previewMd').style.display='';
|
|
showToast(t('saved'));
|
|
}catch(e){setStatus(t('save_failed')+e.message);}
|
|
}else{
|
|
// Enter edit mode: populate textarea with current content
|
|
const currentText = _previewCurrentMode==='code'
|
|
? $('previewCode').textContent
|
|
: _previewRawContent||'';
|
|
$('previewEditArea').value=currentText;
|
|
$('previewEditArea').style.display='';
|
|
if(_previewCurrentMode==='code') $('previewCode').style.display='none';
|
|
else $('previewMd').style.display='none';
|
|
// Escape cancels the edit without saving
|
|
$('previewEditArea').onkeydown=e=>{
|
|
if(e.key==='Escape'){e.preventDefault();cancelEditMode();}
|
|
};
|
|
}
|
|
updateEditBtn();
|
|
}
|
|
|
|
let _previewRawContent = ''; // raw text for md files (to populate editor)
|
|
|
|
function cancelEditMode(){
|
|
// Discard changes and return to read-only view
|
|
$('previewEditArea').style.display='none';
|
|
$('previewEditArea').onkeydown=null;
|
|
if(_previewCurrentMode==='code') $('previewCode').style.display='';
|
|
else $('previewMd').style.display='';
|
|
_previewDirty=false;
|
|
updateEditBtn();
|
|
}
|
|
|
|
async function openFile(path){
|
|
if(!S.session)return;
|
|
const ext=fileExt(path);
|
|
|
|
// Binary/download-only formats: trigger browser download, don't preview
|
|
if(DOWNLOAD_EXTS.has(ext)){
|
|
downloadFile(path);
|
|
return;
|
|
}
|
|
|
|
$('previewPathText').textContent=path;
|
|
$('previewArea').classList.add('visible');
|
|
$('fileTree').style.display='none';
|
|
|
|
_previewCurrentPath = path;
|
|
renderFileBreadcrumb(path);
|
|
if(IMAGE_EXTS.has(ext)){
|
|
// Image: load via raw endpoint, show as <img>
|
|
showPreview('image');
|
|
const url=`api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`;
|
|
$('previewImg').alt=path;
|
|
$('previewImg').src=url;
|
|
$('previewImg').onerror=()=>setStatus(t('image_load_failed'));
|
|
} else if(MD_EXTS.has(ext)){
|
|
// Markdown: fetch text, render with renderMd, display as formatted HTML
|
|
try{
|
|
const data=await api(`/api/file?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
|
|
showPreview('md');
|
|
_previewRawContent = data.content;
|
|
$('previewMd').innerHTML=renderMd(data.content);
|
|
requestAnimationFrame(()=>{if(typeof renderKatexBlocks==='function')renderKatexBlocks();});
|
|
}catch(e){setStatus(t('file_open_failed'));}
|
|
} else if(HTML_EXTS.has(ext)){
|
|
// HTML: render in sandboxed iframe via raw endpoint.
|
|
// SECURITY TRADEOFF: We use sandbox="allow-scripts" which lets inline JS run
|
|
// but prevents access to the parent frame (origin isolation). This is a
|
|
// deliberate choice — the user is previewing their own workspace files, so
|
|
// blocking scripts entirely would break most HTML documents. The sandbox
|
|
// still prevents the preview from navigating the parent, accessing cookies,
|
|
// or reading other origin data. If a stricter mode is needed, remove
|
|
// allow-scripts (or add sandbox="") to disable all JS execution.
|
|
showPreview('html');
|
|
const url=`api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}&inline=1`;
|
|
const iframe=$('previewHtmlIframe');
|
|
if(iframe){
|
|
iframe.src=''; // clear first to avoid stale content
|
|
iframe.src=url;
|
|
}
|
|
} else {
|
|
// Plain code / text -- but fall back to download if server signals binary
|
|
try{
|
|
const data=await api(`/api/file?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
|
|
if(data.binary){
|
|
// Server flagged this as binary content
|
|
downloadFile(path);
|
|
return;
|
|
}
|
|
showPreview('code');
|
|
$('previewCode').textContent=data.content;
|
|
}catch(e){
|
|
// If it's a 400/too-large error, offer download instead
|
|
downloadFile(path);
|
|
}
|
|
}
|
|
}
|
|
|
|
function downloadFile(path){
|
|
if(!S.session)return;
|
|
// Trigger browser download via the raw file endpoint with content-disposition attachment
|
|
const url=`api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}&download=1`;
|
|
const filename=path.split('/').pop();
|
|
const a=document.createElement('a');
|
|
a.href=url;a.download=filename;
|
|
document.body.appendChild(a);a.click();
|
|
setTimeout(()=>document.body.removeChild(a),100);
|
|
showToast(t('downloading',filename),2000);
|
|
}
|
|
|
|
|
|
// ── Render breadcrumb for file preview mode ──────────────────────────────────
|
|
function renderFileBreadcrumb(filePath) {
|
|
const bar = $('breadcrumbBar');
|
|
if (!bar) return;
|
|
bar.style.display = 'flex';
|
|
const upBtn = $('btnUpDir');
|
|
if (upBtn) upBtn.style.display = '';
|
|
|
|
bar.innerHTML = '';
|
|
// Root
|
|
const root = document.createElement('span');
|
|
root.className = 'breadcrumb-seg breadcrumb-link';
|
|
root.textContent = '~';
|
|
root.onclick = () => { clearPreview(); loadDir('.'); };
|
|
bar.appendChild(root);
|
|
|
|
const parts = filePath.split('/');
|
|
let accumulated = '';
|
|
for (let i = 0; i < parts.length; i++) {
|
|
const sep = document.createElement('span');
|
|
sep.className = 'breadcrumb-sep';
|
|
sep.textContent = '/';
|
|
bar.appendChild(sep);
|
|
|
|
accumulated += (accumulated ? '/' : '') + parts[i];
|
|
const seg = document.createElement('span');
|
|
seg.textContent = parts[i];
|
|
if (i < parts.length - 1) {
|
|
seg.className = 'breadcrumb-seg breadcrumb-link';
|
|
const target = accumulated;
|
|
seg.onclick = () => { clearPreview(); loadDir(target); };
|
|
} else {
|
|
seg.className = 'breadcrumb-seg breadcrumb-current';
|
|
}
|
|
bar.appendChild(seg);
|
|
}
|
|
}
|
|
|
|
function openInBrowser(){
|
|
if(!_previewCurrentPath||!S.session) return;
|
|
const url=`api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(_previewCurrentPath)}`;
|
|
window.open(url,'_blank');
|
|
}
|