fix(preload): add URL protocol filter for openExternal#1314
Merged
Conversation
Contributor
📝 WalkthroughWalkthroughThis PR removes a macOS security entitlement and introduces URL protocol validation in the preload script, restricting which URL schemes can be opened externally through a whitelist mechanism. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
No actionable comments were generated in the recent review. 🎉 🧹 Recent nitpick comments
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
zerob13
added a commit
that referenced
this pull request
Feb 16, 2026
zerob13
added a commit
that referenced
this pull request
Mar 5, 2026
* feat: implement WindowSideBar two-column mock layout Add agent icon sidebar with liquid drop styling and session list with date-grouped mock data. Main content area gets rounded corner and shadow separation. Sidebar/appbar use semi-transparent background. * feat: move action buttons to sidebar and remove history view Move browser and settings buttons from AppBar to WindowSideBar bottom icon column. Remove history button, ThreadView overlay, and all associated toggle/event handling code. * feat: add new thread mock page Add a pure visual mock for the redesigned new thread page using shadcn primitives. Includes centered logo/heading, textarea input with attach/mic/send toolbar, and a status bar with model, effort, and permissions selectors. * feat: add mock chat page, refactor mock components, and add project grouping toggle Refactor NewThreadMock into reusable mock components (MockInputBox, MockInputToolbar, MockStatusBar). Add MockChatPage with sticky top bar and input area, MockMessageList with sample conversation, and shared mock view state composable. Wire sidebar session clicks to switch between new thread and chat views. Add project grouping toggle to sidebar header. * feat: add project selector to new thread page and project title to chat top bar Add a dropdown project/workdir selector to NewThreadMock with recent projects and an open folder option. Thread project directory through mock view state so MockTopBar displays a folder breadcrumb prefix alongside the session title. * feat: add welcome page mock, default DeepChat agent, and sidebar collapse - Add MockWelcomePage with provider grid and ACP agent setup option - Add DeepChat as default first agent in sidebar - Add empty state for session list - Add sidebar collapse/expand with macOS traffic light accommodation - Add debug toggle button for welcome page * fix(preload): add URL protocol filter for openExternal (#1314) * feat: support default model setting (#1315) * docs: add spec for default model setting * feat: #1174 support default models setting * fix(settings): sync model selections with ACP mode and improve error handling - Add ACP mode check when applying default model in NewThread.vue - Add error handling in DefaultModelSettingsSection.vue syncModelSelections - Update imageModel i18n keys to remove 'select' verb for display-only fields * fix(settings): disable auto-fallback in default model selection (#1316) * fix(settings): disable auto-fallback in default model selection Remove automatic model fallback in DefaultModelSettingsSection to prevent unintended model changes when providers load late. Models now only change on explicit user selection. * fix: format * refactor: simplify window/session/presenter architecture and remove SideBar Remove multi-tab/multi-window complexity from presenters, simplify shell UI by removing SideBar component and streamlining AppBar, and clean up unused event handlers and shortcut bindings. * refactor: remove macOS-specific UI handling and improve icon inversion logic * feat: implement new UI store layer, page components, chat components, and sidebar integration Implement Phases 1-4 of the new UI architecture: - Phase 1: Add 4 Pinia stores (pageRouter, session, agent, project) with IPC mapping to presenters, event listeners, and error handling - Phase 2: Create 3 page components (WelcomePage, NewThreadPage, ChatPage) and refactor ChatTabView to route via pageRouter store - Phase 3: Create 5 chat components (ChatTopBar, MessageList, ChatInputBox, ChatInputToolbar, ChatStatusBar) matching mock designs exactly - Phase 4: Refactor WindowSideBar to use store data instead of mock data - Add specs and implementation plan documentation * fix: JSON-encode message content for agentPresenter.sendMessage The agentPresenter.sendMessage expects content as JSON-encoded UserMessageContent ({text, files, links, search, think}), not raw text. Raw text caused JSON.parse failures in MessageManager and TypeError when setting properties on non-object content. * fix: wire ChatPage to existing chat store for message display ChatPage now uses useChatStore().variantAwareMessages for the message list and chatStore.sendMessage() for sending. MessageList component updated to handle real Message types (UserMessageContent for user messages, AssistantMessageBlock[] for assistant messages) instead of plain text placeholders. * feat: agent-aware sessions, working status bar, markdown rendering (Phase 6) - NewThreadPage passes agentStore.selectedAgentId to session creation, with providerId/modelId set for ACP agents - Session creation uses forceNewAndActivate to prevent backend from reusing empty conversations with different agent settings - ChatStatusBar wired to chatStore.chatConfig and modelStore for real model/effort selection; shows selected agent context on NewThreadPage - Effort selector hidden for ACP agents (not applicable) - MessageList rewritten to use existing MessageItemAssistant and MessageItemUser components for full markdown/code/tool rendering - modelStore.initialize() added to ChatTabView onMounted - Phase 6 specs and todo tracking added * feat: implement new agent architecture v0 with full processing pipeline Implement agent-centric architecture replacing old sessionPresenter pattern: - Shared types: IAgentImplementation, Agent, Session, ChatMessageRecord, etc. - DB tables: new_sessions, new_projects, deepchat_sessions, deepchat_messages - DeepChatAgentPresenter: message persistence, LLM coreStream consumption, batched stream flushing (120ms renderer, 600ms DB), crash recovery - NewAgentPresenter: agent registry, session manager, message routing - ProjectPresenter: project CRUD with directory picker - Renderer stores: session, message, agent, project, draft (all new arch) - ChatPage wired to new message store with streaming block display - NewThreadPage resolves model via defaultModel/preferredModel/first enabled - 94 unit + integration tests across 9 test files - Debug logging throughout processing pipeline * feat: add multi-turn context assembly and auto-scroll for new agent (v1) - Add contextBuilder with system prompt injection, conversation history assembly, and token-based truncation using approximateTokenSize - Wire buildContext into processMessage, building context before DB persist to avoid duplicate user messages in LLM calls - Add optimistic user message in renderer message store so user messages appear immediately without waiting for stream completion - Add auto-scroll to ChatPage: scroll to bottom on load, on new messages, and during streaming; respect user scroll-up to stop auto-following - Update v0 tests and add new tests for context builder and multi-turn integration (110 tests passing across 10 files) * feat: add MCP tool calling with agent loop for new agent (v2) Add tool calling support to the DeepChat agent via an agent loop that passes tool definitions to coreStream, accumulates tool calls from the stream, executes them via ToolPresenter.callTool(), and re-calls the LLM until it stops requesting tools. Includes block accumulation across loop iterations, server info enrichment, grouped truncation of tool messages in context builder, and proper abort/error path delegation between streamHandler and agentLoop. * fix: include reasoning_content in agent loop for DeepSeek Reasoner DeepSeek Reasoner (and similar models like kimi-k2-thinking, glm-4.7) requires a reasoning_content field on assistant messages that contain tool_calls. Without it, the API returns a 400 error. Extract reasoning blocks separately in both the agent loop and context builder, and include them on the assistant message when the model requires it. * fix: scope reasoning_content to current agent loop exchange For interleaved thinking models (DeepSeek Reasoner, kimi-k2-thinking), reasoning_content is only required on assistant messages in the current agent loop exchange (after the last user message), not on historical messages from the DB. Also fix content field to always be a string (not undefined) on assistant messages with tool_calls, matching the existing agentLoopHandler behavior. * refactor: split stream processing into 5 focused modules (v3) Replace tangled streamHandler.ts and agentLoop.ts with a clean 5-module architecture: types.ts (shared state), accumulator.ts (pure event→block mutations), echo.ts (batched renderer/DB flushing), dispatch.ts (tool execution and finalization), and process.ts (unified loop). Eliminates tools-vs-no-tools branching in index.ts — single processStream() call handles both simple completions and multi-turn tool calling. Extracts reusable trailing-edge throttle utility to shared/utils/throttle.ts. Pure refactor with no behavior changes. * fix: stop passing sessionId as conversationId to tool definitions New agent sessions live in deepchat_sessions, not the legacy conversations table. Passing the session ID as conversationId caused SkillPresenter.getActiveSkills to throw "Conversation not found". Drop the conversationId param since the new agent doesn't use skills. * docs: update specs and tasks for completed v2/v3 milestones Mark v2 spec as complete and superseded by v3 module structure. Update v3 spec to match final implementation. Clean up tasks to remove references to deleted files and add v2/v3 task sections with all items checked off. * docs: mark all verification tasks as complete * docs: add mvp for agentpresenter doc * docs: add implementation plan and spec (#1322) * docs: complete architecture gap analysis and implementation plan - Add comprehensive gap-analysis.md documenting all functional differences - Update spec.md with implementation notes for each acceptance criterion - Update plan.md with current status and critical path identification - Update tasks.md with detailed implementation tasks and priorities Key findings: - Streaming and message persistence: COMPLETE ✅ - Permission flow: NOT STARTED 🔴 CRITICAL - Message operations (edit/retry/fork): NOT STARTED 🟡 - Session configuration: PARTIAL (missing advanced options) 🟢 Critical gaps identified: 1. executeTools() in dispatch.ts has NO permission checks 2. ChatStatusBar shows read-only 'Default permissions' button 3. No PermissionChecker class or whitelist storage 4. No IPC methods for handlePermissionResponse() 5. new_sessions table missing permission_mode column See gap-analysis.md for complete details and implementation plan. * docs: add executive summary for gap analysis * docs: complete P0 implementation spec-driven documentation - Add comprehensive specs for all 7 P0 features - Include implementation plans with phased approach - Define granular tasks with code examples - Update P0_DESIGN_DECISIONS.md with finalized decisions - Add P0_IMPLEMENTATION_SUMMARY.md with roadmap Features documented: 1. Generating Session IDs Tracking 2. Input Box Disable + Stop Button 3. CancelGenerating Implementation 4. Permission Approval Flow 5. Session List Auto-Refresh 6. Optimistic User Messages 7. Message Cache Version Bumping Total: 25 new documentation files (~3,500+ lines) Ready for implementation phase. * docs(specs): refine p0 implementation plan * fix(chat): use selected model for new session * fix(chat): align stream updates by message id * fix(chat): pass session workdir to tools * feat(chat): async generate session title * fix(agent): handle new session id lookups * feat: request permisson and question on edit area * feat: question request block display only * fix(chat): apply new-thread permission mode * fix(input): guard enter during IME composition * feat(chat): add stop button during message generation Co-Authored-By: DimCode <noreply@dimcode.dev> * feat(chat): add @ and / tiptap mentions * feat: add support for acp agents * feat(acp): bootstrap draft session init * fix(acp): stabilize switch lifecycle * feat(agent): restore input advanced settings * fix(renderer): polish status bar and ACP draft * fix(chat): refine model switching and modal behavior * fix(i18n): add advanced settings translations * docs: add toolbar spec and plan * feat: add support for message tool bar * fix: copy image with user * feat(trace): persist message request traces * feat(chat): add topbar share/more menus * fix(new-agent): complete migration and stream sync * feat(chat): add assistant right-click menus * chore(i18n): add missing chat topbar translations * feat(db): add agent db legacy import * feat: add safeCall support for usePresenter (#1328) * docs(spec): sync p0 implementation status * fix(agent-db): migrate legacy call paths * fix(session): guard legacy thread broadcast * fix(renderer): ignore legacy-import stream events * test: add sqlite test * refactor(chat): migrate main flow stores * fix(import): release chat.db handle early * fix(import): cleanup empty legacy db sidecars * refactor(core): migrate chat store + backup import * feat(chat): migrate attachments and read routing * fix(skills): persist pending skills on first send * fix(deepchat): cache stable system prompt --------- Co-authored-by: deepinsect <deepinsect@github.com> Co-authored-by: duskzhen <zerob13@gmail.com> Co-authored-by: DimCode <noreply@dimcode.dev> Co-authored-by: FangQiJun 房启俊 <zfangqj@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
Bug Fixes
Chores