mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-02 11:45:20 +02:00
Garry Tan
ed1e4be2f6
* build: vendor xterm@5 for the Terminal sidebar tab
Adds xterm@5 + xterm-addon-fit as devDependencies and a `vendor:xterm`
build step that copies the assets into `extension/lib/` at build time.
The vendored files are .gitignored so the npm version stays the source
of truth. xterm@5 is eval-free, so no MV3 CSP changes needed.
No runtime callers yet — this just stages the assets.
* feat(server): add pty-session-cookie module for the Terminal tab
Mirrors `sse-session-cookie.ts` exactly. Mints short-lived 30-min HttpOnly
cookies for authenticating the Terminal-tab WebSocket upgrade against
the terminal-agent. Same TTL, same opportunistic-pruning shape, same
"scoped tokens never valid as root" invariant. Two registries instead of
one because the cookie names are different (`gstack_sse` vs `gstack_pty`)
and the token spaces must not overlap.
No callers yet — wired up in the next commit.
* feat(server): add terminal-agent.ts (PTY for the Terminal sidebar tab)
Translates phoenix gbrowser's Go PTY (cmd/gbd/terminal.go) into a Bun
non-compiled process. Lives separately from `sidebar-agent.ts` so a
WS-framing or PTY-cleanup bug can't take down the chat path (codex
outside-voice review caught the coupling risk).
Architecture:
- Bun.serve on 127.0.0.1:0 (never tunneled).
- POST /internal/grant accepts cookie tokens from the parent server over
loopback, authenticated with a per-boot internal token.
- GET /ws upgrades require BOTH (a) Origin: chrome-extension://<id> and
(b) the gstack_pty cookie minted by /pty-session. Either gate alone is
insufficient (CSWSH defense + auth defense).
- Lazy spawn: claude PTY is not started until the WS receives its first
data frame. Idle sidebar opens cost nothing.
- Bun PTY API: `terminal: { rows, cols, data(t, chunk) }` — verified at
impl time on Bun 1.3.10. proc.terminal.write() for input,
proc.terminal.resize() for resize, proc.kill() + 3s SIGKILL fallback
on close.
- process.on('uncaughtException'|'unhandledRejection') handlers so a
framing bug logs but doesn't kill the listener loop.
Test-only `BROWSE_TERMINAL_BINARY` env override lets the integration
tests spawn /bin/bash instead of requiring claude on every CI runner.
Not yet spawned by anything — wired in the next commit.
* feat(server): wire /pty-session route + spawn terminal-agent
Server-side glue connecting the Terminal sidebar tab to the new
terminal-agent process.
server.ts:
- New POST /pty-session route. Validates AUTH_TOKEN, mints a gstack_pty
HttpOnly cookie via pty-session-cookie.ts, posts the cookie value to
the agent's loopback /internal/grant. Returns the terminalPort + Set-Cookie
to the extension.
- /health response gains `terminalPort` (just the port number — never a
shell token). Tokens flow via the cookie path, never /health, because
/health already surfaces AUTH_TOKEN to localhost callers in headed mode
(that's a separate v1.1+ TODO).
- /pty-session and /terminal/* are deliberately NOT added to TUNNEL_PATHS,
so the dual-listener tunnel surface 404s by default-deny.
- Shutdown path now also pkills terminal-agent and unlinks its state files
(terminal-port + terminal-internal-token) so a reconnect doesn't try to
hit a dead port.
cli.ts:
- After spawning sidebar-agent.ts, also spawn terminal-agent.ts. Same
pattern: pkill old instances, Bun.spawn(['bun', 'run', script]) with
BROWSE_STATE_FILE + BROWSE_SERVER_PORT env. Non-fatal if the spawn
fails — chat still works without the terminal agent.
* feat(extension): Terminal as default sidebar tab
Adds a primary tab bar (Terminal | Chat) above the existing tab-content
panes. Terminal is the default-active tab; clicking Chat returns to the
existing claude -p one-shot flow which is preserved verbatim.
manifest.json: adds ws://127.0.0.1:*/ to host_permissions so MV3 doesn't
block the WebSocket upgrade.
sidepanel.html: new primary-tabs nav, new #tab-terminal pane with a
"Press any key to start Claude Code" bootstrap card, claude-not-found
install card, xterm mount point, and "session ended" restart UI. Loads
xterm.js + xterm-addon-fit + sidepanel-terminal.js. tab-chat is no
longer the .active default.
sidepanel.js: new activePrimaryPaneId() helper that reads which primary
tab is selected. Debug-close paths now route back to whichever primary
pane is active (was hardcoded to tab-chat). Primary-tab click handler
toggles .active classes and aria-selected. window.gstackServerPort and
window.gstackAuthToken exposed so sidepanel-terminal.js can build the
/pty-session POST and the WS URL.
sidepanel-terminal.js (new): xterm.js lifecycle. Lazy-spawn — first
keystroke fires POST /pty-session, then opens
ws://127.0.0.1:<terminalPort>/ws. Origin + cookie are set automatically
by the browser. Resize observer sends {type:"resize"} text frames.
ResizeObserver, tab-switch hooks, restart button, install-card retry.
On WS close shows "Session ended, click to restart" — no auto-reconnect
(codex outside-voice flagged that as session-burning).
sidepanel.css: primary-tabs bar + Terminal pane styling (full-height
xterm container, install card, ended state).
* test: terminal-agent + cookie module + sidebar default-tab regression
Three new test files:
terminal-agent.test.ts (16 tests): pty-session-cookie mint/validate/
revoke, Set-Cookie shape (HttpOnly + SameSite=Strict + Path=/, NO Secure
since 127.0.0.1 over HTTP), source-level guards that /pty-session and
/terminal/* are NOT in TUNNEL_PATHS, /health does NOT surface ptyToken
or gstack_pty, terminal-agent binds 127.0.0.1, /ws upgrade enforces
chrome-extension:// Origin AND gstack_pty cookie, lazy-spawn invariant
(spawnClaude is called from message handler, not upgrade), uncaughtException/
unhandledRejection handlers exist, SIGINT-then-SIGKILL cleanup.
terminal-agent-integration.test.ts (7 tests): spawns the agent as a real
subprocess in a tmp state dir. Verifies /internal/grant accepts/rejects
the loopback token, /ws gates (no Origin → 403, bad Origin → 403, no
cookie → 401), real WebSocket round-trip with /bin/bash via the
BROWSE_TERMINAL_BINARY override (write 'echo hello-pty-world\n', read it
back), and resize message acceptance.
sidebar-tabs.test.ts (13 tests): structural regression suite locking the
load-bearing invariants of the default-tab change — Terminal is .active,
Chat is not, xterm assets are loaded, debug-close path no longer hardcodes
tab-chat (uses activePrimaryPaneId), primary-tab click handler exists,
chat surface is not accidentally deleted, terminal JS does NOT auto-
reconnect on close, manifest declares ws:// + http:// localhost host
permissions, no unsafe-eval.
Plan called for Playwright + extension regression; the codebase doesn't
ship Playwright extension launcher infra, so we follow the existing
extension-test pattern (source-level structural assertions). Same
load-bearing intent — locks the invariants before they regress.
* docs: Terminal flow + threat model + v1.1 follow-ups
SIDEBAR_MESSAGE_FLOW.md: new "Terminal flow" section. Documents the WS
upgrade path (/pty-session cookie mint → /ws Origin + cookie gate →
lazy claude spawn), the dual-token model (AUTH_TOKEN for /pty-session,
gstack_pty cookie for /ws, INTERNAL_TOKEN for server↔agent loopback),
and the threat-model boundary — the Terminal tab bypasses the entire
prompt-injection security stack on purpose; user keystrokes are the
trust source. That trust assumption is load-bearing on three transport
guarantees: local-only listener, Origin gate, cookie auth. Drop any
one of those three and the tab becomes unsafe.
CLAUDE.md: extends the "Sidebar architecture" note to include
terminal-agent.ts in the read-this-first list. Adds a "Terminal tab is
its own process" note so a future contributor doesn't bolt PTY logic
onto sidebar-agent.ts.
TODOS.md: three new follow-ups under a new "Sidebar Terminal" section:
- v1.1: PTY session survives sidebar reload (Issue 1C deferred).
- v1.1+: audit /health AUTH_TOKEN distribution (codex finding #2 —
a pre-existing soft leak that cc-pty-import sidesteps but doesn't
fix).
- v1.1+: apply terminal-agent's process.on exception handlers to
sidebar-agent.ts (codex finding #4 — chat path has no fatal
handlers).
* feat(extension): Terminal-only sidebar — auth fix, UX polish, chat rip
The chat queue path is gone. The Chrome side panel is now just an
interactive claude PTY in xterm.js. Activity / Refs / Inspector still
exist behind the `debug` toggle in the footer.
Three threads of change, all from dogfood iteration on top of
cc-pty-import:
1. fix(server): cross-port WS auth via Sec-WebSocket-Protocol
- Browsers can't set Authorization on a WebSocket upgrade. We had
been minting an HttpOnly gstack_pty cookie via /pty-session, but
SameSite=Strict cookies don't survive the cross-port jump from
server.ts:34567 to the agent's random port from a chrome-extension
origin. The WS opened then immediately closed → "Session ended."
- /pty-session now also returns ptySessionToken in the JSON body.
- Extension calls `new WebSocket(url, [`gstack-pty.<token>`])`.
Browser sends Sec-WebSocket-Protocol on the upgrade.
- Agent reads the protocol header, validates against validTokens,
and MUST echo the protocol back (Chromium closes the connection
immediately if a server doesn't pick one of the offered protocols).
- Cookie path is kept as a fallback for non-browser callers (curl,
integration tests).
- New integration test exercises the full protocol-auth round-trip
via raw fetch+Upgrade so a future regression of this exact class
fails in CI.
2. fix(extension): UX polish on the Terminal pane
- Eager auto-connect when the sidebar opens — no "Press any key to
start" friction every reload.
- Always-visible ↻ Restart button in the terminal toolbar (not
gated on the ENDED state) so the user can force a fresh claude
mid-session.
- MutationObserver on #tab-terminal's class attribute drives a
fitAddon.fit() + term.refresh() when the pane becomes visible
again — xterm doesn't auto-redraw after display:none → display:flex.
3. feat(extension): rip the chat tab + sidebar-agent.ts
- Sidebar is Terminal-only. No more Terminal | Chat primary nav.
- sidebar-agent.ts deleted. /sidebar-command, /sidebar-chat,
/sidebar-agent/event, /sidebar-tabs* and friends all deleted.
- The pickSidebarModel router (sonnet vs opus) is gone — the live
PTY uses whatever model the user's `claude` CLI is configured with.
- Quick-actions (🧹 Cleanup / 📸 Screenshot / 🍪 Cookies) survive
in the Terminal toolbar. Cleanup now injects its prompt into the
live PTY via window.gstackInjectToTerminal — no more
/sidebar-command POST. The Inspector "Send to Code" action uses
the same injection path.
- clear-chat button removed from the footer.
- sidepanel.js shed ~900 lines of chat polling, optimistic UI,
stop-agent, etc.
Net diff: -3.4k lines across 16 files. CLAUDE.md, TODOS.md, and
docs/designs/SIDEBAR_MESSAGE_FLOW.md rewritten to match. The sidebar
regression test (browse/test/sidebar-tabs.test.ts) is rewritten as 27
structural assertions locking the new layout — Terminal sole pane,
no chat input, quick-actions in toolbar, eager-connect, MutationObserver
repaint, restart helper.
* feat: live tab awareness for the Terminal pane
claude in the PTY now has continuous tab-aware context. Three pieces:
1. Live state files. background.js listens to chrome.tabs.onActivated /
onCreated / onRemoved / onUpdated (throttled to URL/title/status==
complete so loading spinners don't spam) and pushes a snapshot. The
sidepanel relays it as a custom event; sidepanel-terminal.js sends
{type:"tabState"} text frames over the live PTY WebSocket.
terminal-agent.ts writes:
<stateDir>/tabs.json all open tabs (id, url, title, active,
pinned, audible, windowId)
<stateDir>/active-tab.json current active tab (skips chrome:// and
chrome-extension:// internal pages)
Atomic write via tmp + rename so claude never reads a half-written
document. A fresh snapshot is pushed on WS open so the files exist by
the time claude finishes booting.
2. New $B tab-each <command> [args...] meta-command. Fans out a single
command across every open tab, returns
{command, args, total, results: [{tabId, url, title, status, output}]}.
Skips chrome:// pages; restores the originally active tab in a finally
block (so a mid-batch error doesn't leave the user looking at a
different tab); uses bringToFront: false so the OS window doesn't
jump on every fanout. Scope-checks the inner command BEFORE the loop.
3. --append-system-prompt hint at spawn time. Claude is told about both
the state files and the $B tab-each command up front, so it doesn't
have to discover the surface by trial. Passed via the --append-system-
prompt CLI flag, NOT as a leading PTY write — the hint stays out of
the visible transcript.
Tests:
- browse/test/tab-each.test.ts (new) — registration + source-level
invariants (scope check before loop, finally-restore, bringToFront:false,
chrome:// skip) + behavior tests with a mock BrowserManager that verify
iteration order, JSON shape, error handling, and active-tab restore.
- browse/test/terminal-agent.test.ts — three new assertions for
tabState handler shape, atomic-write pattern, and the
--append-system-prompt wiring at spawn.
Verified live: opened 5 tabs, ran $B tab-each url against the live
server, got per-tab JSON results back, original active tab restored
without OS focus stealing.
* chore: drop sidebar-agent test refs after chat rip
Five test files / describe blocks targeted the deleted chat path:
- browse/test/security-e2e-fullstack.test.ts (full-stack chat-pipeline E2E
with mock claude — whole file gone)
- browse/test/security-review-fullstack.test.ts (review-flow E2E with real
classifier — whole file gone)
- browse/test/security-review-sidepanel-e2e.test.ts (Playwright E2E for
the security event banner that was ripped from sidepanel.html)
- browse/test/security-audit-r2.test.ts (5 describe blocks: agent queue
permissions, isValidQueueEntry stateFile traversal, loadSession session-ID
validation, switchChatTab DocumentFragment, pollChat reentrancy guard,
/sidebar-tabs URL sanitization, sidebar-agent SIGTERM→SIGKILL escalation,
AGENT_SRC top-level read converted to graceful fallback)
- browse/test/security-adversarial-fixes.test.ts (canary stream-chunk split
detection on detectCanaryLeak; one tool-output test on sidebar-agent)
- test/skill-validation.test.ts (sidebar agent #584 describe block)
These all assumed sidebar-agent.ts existed and tested chat-queue plumbing,
chat-tab DOM round-trip, chat-polling reentrancy, or per-message classifier
canary detection. With the live PTY there is no chat queue, no chat tab,
no LLM stream to canary-scan, and no per-message subprocess. The Terminal
pane's invariants are covered by the new browse/test/sidebar-tabs.test.ts
(27 structural assertions), browse/test/terminal-agent.test.ts, and
browse/test/terminal-agent-integration.test.ts.
bun test → exit 0, 0 failures.
* chore: bump version and changelog (v1.14.0.0)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(extension): xterm fills the full Terminal panel height
The Terminal pane only rendered into the top portion of the panel — most
of the panel below the prompt was an empty black gap. Three layered
issues, all about xterm.js measuring dimensions during a layout state
that wasn't ready yet:
1. order-of-operations in connect(): ensureXterm() ran BEFORE
setState(LIVE), so term.open() measured els.mount while it was still
display:none. xterm caches a 0-size viewport synchronously inside
open() and never auto-recovers when the container goes visible.
Flipped: setState(LIVE) → ensureXterm.
2. first fit() ran synchronously before the browser had applied the
.active class transition. Wrapped in requestAnimationFrame so layout
has settled before fit() reads clientHeight.
3. CSS flex-overflow trap: .terminal-mount has flex:1 inside the
flex-column #tab-terminal, but .tab-content's `overflow-y: auto` and
the lack of `min-height: 0` on .terminal-mount meant the item
couldn't shrink below content size. flex:1 then refused to expand
into available space and xterm rendered into whatever its initial
2x2 measurement happened to be.
Fixes:
- extension/sidepanel-terminal.js: reorder + RAF fit
- extension/sidepanel.css: .terminal-mount gets `flex: 1 1 0` +
`min-height: 0` + `position: relative`. #tab-terminal overrides
.tab-content's `overflow-y: auto` to `overflow: hidden` (xterm has
its own viewport scroll; the parent shouldn't compete) and explicitly
re-declares `display: flex; flex-direction: column` for #tab-terminal.active.
bun test browse/test/sidebar-tabs.test.ts → 27/27 pass.
Manually verified: side panel opens → Terminal fills full panel height,
xterm scrollback works, debug-tab toggle still repaints correctly.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1052 lines
40 KiB
JavaScript
1052 lines
40 KiB
JavaScript
/**
|
|
* gstack browse — Side Panel
|
|
*
|
|
* Terminal pane (default): live claude PTY via xterm.js, driven by
|
|
* sidepanel-terminal.js. The chat queue + sidebar-agent.ts were ripped
|
|
* in favor of the interactive REPL — no more one-shot claude -p.
|
|
*
|
|
* Debug tabs (behind the `debug` toggle): activity feed (SSE) + refs +
|
|
* inspector. Quick-actions toolbar (Cleanup / Screenshot / Cookies)
|
|
* lives at the top of the Terminal pane.
|
|
*/
|
|
|
|
const NAV_COMMANDS = new Set(['goto', 'back', 'forward', 'reload']);
|
|
const INTERACTION_COMMANDS = new Set(['click', 'fill', 'select', 'hover', 'type', 'press', 'scroll', 'wait', 'upload']);
|
|
const OBSERVE_COMMANDS = new Set(['snapshot', 'screenshot', 'diff', 'console', 'network', 'text', 'html', 'links', 'forms', 'accessibility', 'cookies', 'storage', 'perf']);
|
|
|
|
let lastId = 0;
|
|
let eventSource = null;
|
|
let serverUrl = null;
|
|
let serverToken = null;
|
|
let connState = 'disconnected'; // disconnected | connected | reconnecting | dead
|
|
let reconnectAttempts = 0;
|
|
let reconnectTimer = null;
|
|
const MAX_RECONNECT_ATTEMPTS = 30; // 30 * 2s = 60s before showing "dead"
|
|
|
|
// Auth headers for sidebar endpoints
|
|
function authHeaders() {
|
|
const h = { 'Content-Type': 'application/json' };
|
|
if (serverToken) h['Authorization'] = `Bearer ${serverToken}`;
|
|
return h;
|
|
}
|
|
|
|
// ─── Connection State Machine ─────────────────────────────────────
|
|
|
|
function setConnState(state) {
|
|
const prev = connState;
|
|
connState = state;
|
|
const banner = document.getElementById('conn-banner');
|
|
const bannerText = document.getElementById('conn-banner-text');
|
|
const bannerActions = document.getElementById('conn-banner-actions');
|
|
|
|
if (state === 'connected') {
|
|
if (prev === 'reconnecting' || prev === 'dead') {
|
|
// Show "reconnected" toast that fades
|
|
banner.style.display = '';
|
|
banner.className = 'conn-banner reconnected';
|
|
bannerText.textContent = 'Reconnected';
|
|
bannerActions.style.display = 'none';
|
|
setTimeout(() => { banner.style.display = 'none'; }, 5000);
|
|
} else {
|
|
banner.style.display = 'none';
|
|
}
|
|
reconnectAttempts = 0;
|
|
if (reconnectTimer) { clearInterval(reconnectTimer); reconnectTimer = null; }
|
|
} else if (state === 'reconnecting') {
|
|
banner.style.display = '';
|
|
banner.className = 'conn-banner reconnecting';
|
|
bannerText.textContent = `Reconnecting... (${reconnectAttempts}/${MAX_RECONNECT_ATTEMPTS})`;
|
|
bannerActions.style.display = 'none';
|
|
} else if (state === 'dead') {
|
|
banner.style.display = '';
|
|
banner.className = 'conn-banner dead';
|
|
bannerText.textContent = 'Server offline';
|
|
bannerActions.style.display = '';
|
|
if (reconnectTimer) { clearInterval(reconnectTimer); reconnectTimer = null; }
|
|
} else {
|
|
banner.style.display = 'none';
|
|
}
|
|
}
|
|
|
|
function startReconnect() {
|
|
if (reconnectTimer) return;
|
|
setConnState('reconnecting');
|
|
reconnectTimer = setInterval(() => {
|
|
reconnectAttempts++;
|
|
if (reconnectAttempts > MAX_RECONNECT_ATTEMPTS) {
|
|
setConnState('dead');
|
|
return;
|
|
}
|
|
setConnState('reconnecting');
|
|
tryConnect();
|
|
}, 2000);
|
|
}
|
|
|
|
|
|
// ─── Chat path ripped ────────────────────────────────────────────
|
|
// Chat queue + sendMessage + pollChat + switchChatTab + browser-tabs
|
|
// strip + security banner all lived here. Replaced by the interactive
|
|
// claude PTY in sidepanel-terminal.js (and terminal-agent.ts on the
|
|
// server side).
|
|
|
|
// ─── Reload Sidebar ─────────────────────────────────────────────
|
|
document.getElementById('reload-sidebar').addEventListener('click', () => {
|
|
location.reload();
|
|
});
|
|
|
|
// ─── Copy Cookies ───────────────────────────────────────────────
|
|
document.getElementById('chat-cookies-btn').addEventListener('click', async () => {
|
|
if (!serverUrl) return;
|
|
// Navigate the browser to the cookie picker page hosted by the browse server
|
|
try {
|
|
await fetch(`${serverUrl}/command`, {
|
|
method: 'POST',
|
|
headers: authHeaders(),
|
|
body: JSON.stringify({ command: 'goto', args: [`${serverUrl}/cookie-picker`] }),
|
|
});
|
|
} catch (err) {
|
|
console.error('[gstack sidebar] Failed to open cookie picker:', err.message);
|
|
}
|
|
});
|
|
|
|
// ─── Debug Tabs ─────────────────────────────────────────────────
|
|
|
|
const debugToggle = document.getElementById('debug-toggle');
|
|
const debugTabs = document.getElementById('debug-tabs');
|
|
const closeDebug = document.getElementById('close-debug');
|
|
let debugOpen = false;
|
|
|
|
// The Terminal pane is the only primary surface; Activity / Refs / Inspector
|
|
// are debug overlays behind the `debug` toggle. Closing debug returns to
|
|
// the Terminal pane, which is always present.
|
|
const PRIMARY_PANE_ID = 'tab-terminal';
|
|
|
|
function showPrimaryPane() {
|
|
document.querySelectorAll('.tab-content').forEach(c => c.classList.remove('active'));
|
|
document.getElementById(PRIMARY_PANE_ID).classList.add('active');
|
|
document.querySelectorAll('.debug-tabs .tab').forEach(t => t.classList.remove('active'));
|
|
}
|
|
|
|
debugToggle.addEventListener('click', () => {
|
|
debugOpen = !debugOpen;
|
|
debugToggle.classList.toggle('active', debugOpen);
|
|
debugTabs.style.display = debugOpen ? 'flex' : 'none';
|
|
if (!debugOpen) showPrimaryPane();
|
|
});
|
|
|
|
closeDebug.addEventListener('click', () => {
|
|
debugOpen = false;
|
|
debugToggle.classList.remove('active');
|
|
debugTabs.style.display = 'none';
|
|
showPrimaryPane();
|
|
});
|
|
|
|
document.querySelectorAll('.debug-tabs .tab:not(.close-debug)').forEach(tab => {
|
|
tab.addEventListener('click', () => {
|
|
document.querySelectorAll('.debug-tabs .tab').forEach(t => t.classList.remove('active'));
|
|
document.querySelectorAll('.tab-content').forEach(c => c.classList.remove('active'));
|
|
tab.classList.add('active');
|
|
document.getElementById(`tab-${tab.dataset.tab}`).classList.add('active');
|
|
|
|
if (tab.dataset.tab === 'refs') fetchRefs();
|
|
});
|
|
});
|
|
|
|
// ─── Activity Feed ──────────────────────────────────────────────
|
|
|
|
function getEntryClass(entry) {
|
|
if (entry.status === 'error') return 'error';
|
|
if (entry.type === 'command_start') return 'pending';
|
|
const cmd = entry.command || '';
|
|
if (NAV_COMMANDS.has(cmd)) return 'nav';
|
|
if (INTERACTION_COMMANDS.has(cmd)) return 'interaction';
|
|
if (OBSERVE_COMMANDS.has(cmd)) return 'observe';
|
|
return '';
|
|
}
|
|
|
|
function formatTime(ts) {
|
|
const d = new Date(ts);
|
|
return d.toLocaleTimeString('en-US', { hour12: false, hour: '2-digit', minute: '2-digit', second: '2-digit' });
|
|
}
|
|
|
|
let pendingEntries = new Map();
|
|
|
|
function createEntryElement(entry) {
|
|
const div = document.createElement('div');
|
|
div.className = `activity-entry ${getEntryClass(entry)}`;
|
|
div.setAttribute('role', 'article');
|
|
div.tabIndex = 0;
|
|
|
|
const argsText = entry.args ? entry.args.join(' ') : '';
|
|
const statusIcon = entry.status === 'ok' ? '\u2713' : entry.status === 'error' ? '\u2717' : '';
|
|
const statusClass = entry.status === 'ok' ? 'ok' : entry.status === 'error' ? 'err' : '';
|
|
const duration = entry.duration ? `${entry.duration}ms` : '';
|
|
|
|
div.innerHTML = `
|
|
<div class="entry-header">
|
|
<span class="entry-time">${formatTime(entry.timestamp)}</span>
|
|
<span class="entry-command">${escapeHtml(entry.command || entry.type)}</span>
|
|
</div>
|
|
${argsText ? `<div class="entry-args">${escapeHtml(argsText)}</div>` : ''}
|
|
${entry.type === 'command_end' ? `
|
|
<div class="entry-status">
|
|
<span class="${statusClass}">${statusIcon}</span>
|
|
<span class="duration">${duration}</span>
|
|
</div>
|
|
` : ''}
|
|
${entry.result ? `
|
|
<div class="entry-detail">
|
|
<div class="entry-result">${escapeHtml(entry.result)}</div>
|
|
</div>
|
|
` : ''}
|
|
`;
|
|
|
|
div.addEventListener('click', () => div.classList.toggle('expanded'));
|
|
return div;
|
|
}
|
|
|
|
function addEntry(entry) {
|
|
const feed = document.getElementById('activity-feed');
|
|
const empty = document.getElementById('empty-state');
|
|
if (empty) empty.style.display = 'none';
|
|
|
|
if (entry.type === 'command_end') {
|
|
for (const [id, el] of pendingEntries) {
|
|
if (el.querySelector('.entry-command')?.textContent === entry.command) {
|
|
el.remove();
|
|
pendingEntries.delete(id);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
const el = createEntryElement(entry);
|
|
feed.appendChild(el);
|
|
if (entry.type === 'command_start') pendingEntries.set(entry.id, el);
|
|
el.scrollIntoView({ behavior: 'smooth', block: 'end' });
|
|
|
|
if (entry.url) document.getElementById('footer-url')?.textContent && (document.getElementById('footer-url').textContent = new URL(entry.url).hostname);
|
|
lastId = Math.max(lastId, entry.id);
|
|
}
|
|
|
|
function escapeHtml(str) {
|
|
const div = document.createElement('div');
|
|
div.textContent = str;
|
|
// DOM text-node serialization escapes &, <, > but NOT " or '. Call sites
|
|
// that interpolate escapeHtml output inside an attribute value (title="...",
|
|
// data-x="...") need those escaped too or an attacker-controlled value can
|
|
// break out of the attribute. Add both manually.
|
|
return div.innerHTML
|
|
.replace(/"/g, '"')
|
|
.replace(/'/g, ''');
|
|
}
|
|
|
|
// ─── SSE Connection ─────────────────────────────────────────────
|
|
|
|
// Fetch a view-only SSE session cookie before opening EventSource.
|
|
// EventSource can't send Authorization headers, and putting the root
|
|
// token in the URL (the old ?token= path) leaks it to logs, referer
|
|
// headers, and browser history. POST /sse-session issues an HttpOnly
|
|
// SameSite=Strict cookie scoped to SSE reads only; withCredentials:true
|
|
// on EventSource makes the browser send it back.
|
|
async function ensureSseSessionCookie() {
|
|
if (!serverUrl || !serverToken) return false;
|
|
try {
|
|
const resp = await fetch(`${serverUrl}/sse-session`, {
|
|
method: 'POST',
|
|
credentials: 'include',
|
|
headers: { 'Authorization': `Bearer ${serverToken}` },
|
|
});
|
|
return resp.ok;
|
|
} catch (err) {
|
|
console.warn('[gstack sidebar] Failed to mint SSE session cookie:', err && err.message);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
async function connectSSE() {
|
|
if (!serverUrl) return;
|
|
if (eventSource) { eventSource.close(); eventSource = null; }
|
|
|
|
await ensureSseSessionCookie();
|
|
const url = `${serverUrl}/activity/stream?after=${lastId}`;
|
|
eventSource = new EventSource(url, { withCredentials: true });
|
|
|
|
eventSource.addEventListener('activity', (e) => {
|
|
try { addEntry(JSON.parse(e.data)); } catch (err) {
|
|
console.error('[gstack sidebar] Failed to parse activity event:', err.message);
|
|
}
|
|
});
|
|
|
|
eventSource.addEventListener('gap', (e) => {
|
|
try {
|
|
const data = JSON.parse(e.data);
|
|
const feed = document.getElementById('activity-feed');
|
|
const banner = document.createElement('div');
|
|
banner.className = 'gap-banner';
|
|
banner.textContent = `Missed ${data.availableFrom - data.gapFrom} events`;
|
|
feed.appendChild(banner);
|
|
} catch (err) {
|
|
console.error('[gstack sidebar] Failed to parse gap event:', err.message);
|
|
}
|
|
});
|
|
}
|
|
|
|
// ─── Refs Tab ───────────────────────────────────────────────────
|
|
|
|
async function fetchRefs() {
|
|
if (!serverUrl) return;
|
|
try {
|
|
const headers = {};
|
|
if (serverToken) headers['Authorization'] = `Bearer ${serverToken}`;
|
|
const resp = await fetch(`${serverUrl}/refs`, { signal: AbortSignal.timeout(3000), headers });
|
|
if (!resp.ok) return;
|
|
const data = await resp.json();
|
|
|
|
const list = document.getElementById('refs-list');
|
|
const empty = document.getElementById('refs-empty');
|
|
const footer = document.getElementById('refs-footer');
|
|
|
|
if (!data.refs || data.refs.length === 0) {
|
|
empty.style.display = '';
|
|
list.innerHTML = '';
|
|
footer.textContent = '';
|
|
return;
|
|
}
|
|
|
|
empty.style.display = 'none';
|
|
list.innerHTML = data.refs.map(r => `
|
|
<div class="ref-row">
|
|
<span class="ref-id">${escapeHtml(r.ref)}</span>
|
|
<span class="ref-role">${escapeHtml(r.role)}</span>
|
|
<span class="ref-name">"${escapeHtml(r.name)}"</span>
|
|
</div>
|
|
`).join('');
|
|
footer.textContent = `${data.refs.length} refs`;
|
|
} catch (err) {
|
|
console.error('[gstack sidebar] Failed to fetch refs:', err.message);
|
|
}
|
|
}
|
|
|
|
// ─── Inspector Tab ──────────────────────────────────────────────
|
|
|
|
let inspectorPickerActive = false;
|
|
let inspectorData = null; // last inspect result
|
|
let inspectorModifications = []; // tracked style changes
|
|
let inspectorSSE = null;
|
|
|
|
// Inspector DOM refs
|
|
const inspectorPickBtn = document.getElementById('inspector-pick-btn');
|
|
const inspectorSelected = document.getElementById('inspector-selected');
|
|
const inspectorModeBadge = document.getElementById('inspector-mode-badge');
|
|
const inspectorEmpty = document.getElementById('inspector-empty');
|
|
const inspectorLoading = document.getElementById('inspector-loading');
|
|
const inspectorError = document.getElementById('inspector-error');
|
|
const inspectorPanels = document.getElementById('inspector-panels');
|
|
const inspectorBoxmodel = document.getElementById('inspector-boxmodel');
|
|
const inspectorRules = document.getElementById('inspector-rules');
|
|
const inspectorRuleCount = document.getElementById('inspector-rule-count');
|
|
const inspectorComputed = document.getElementById('inspector-computed');
|
|
const inspectorQuickedit = document.getElementById('inspector-quickedit');
|
|
const inspectorSend = document.getElementById('inspector-send');
|
|
const inspectorSendBtn = document.getElementById('inspector-send-btn');
|
|
|
|
// Pick button
|
|
inspectorPickBtn.addEventListener('click', () => {
|
|
if (inspectorPickerActive) {
|
|
inspectorPickerActive = false;
|
|
inspectorPickBtn.classList.remove('active');
|
|
chrome.runtime.sendMessage({ type: 'stopInspector' });
|
|
} else {
|
|
inspectorPickerActive = true;
|
|
inspectorPickBtn.classList.add('active');
|
|
inspectorShowLoading(false); // don't show loading yet, just activate
|
|
chrome.runtime.sendMessage({ type: 'startInspector' }, (result) => {
|
|
if (result?.error) {
|
|
inspectorPickerActive = false;
|
|
inspectorPickBtn.classList.remove('active');
|
|
inspectorShowError(result.error);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
|
|
function inspectorShowEmpty() {
|
|
inspectorEmpty.style.display = '';
|
|
inspectorLoading.style.display = 'none';
|
|
inspectorError.style.display = 'none';
|
|
inspectorPanels.style.display = 'none';
|
|
inspectorSend.style.display = 'none';
|
|
}
|
|
|
|
function inspectorShowLoading(show) {
|
|
if (show) {
|
|
inspectorEmpty.style.display = 'none';
|
|
inspectorLoading.style.display = '';
|
|
inspectorError.style.display = 'none';
|
|
inspectorPanels.style.display = 'none';
|
|
} else {
|
|
inspectorLoading.style.display = 'none';
|
|
}
|
|
}
|
|
|
|
function inspectorShowError(message) {
|
|
inspectorEmpty.style.display = 'none';
|
|
inspectorLoading.style.display = 'none';
|
|
inspectorError.style.display = '';
|
|
inspectorError.textContent = message;
|
|
inspectorPanels.style.display = 'none';
|
|
}
|
|
|
|
function inspectorShowData(data) {
|
|
inspectorData = data;
|
|
inspectorModifications = [];
|
|
inspectorEmpty.style.display = 'none';
|
|
inspectorLoading.style.display = 'none';
|
|
inspectorError.style.display = 'none';
|
|
inspectorPanels.style.display = '';
|
|
inspectorSend.style.display = '';
|
|
|
|
// Update toolbar
|
|
const tag = data.tagName || '?';
|
|
const cls = data.classes && data.classes.length > 0 ? '.' + data.classes.join('.') : '';
|
|
const idStr = data.id ? '#' + data.id : '';
|
|
inspectorSelected.textContent = `<${tag}>${idStr}${cls}`;
|
|
inspectorSelected.title = data.selector;
|
|
|
|
// Mode badge
|
|
if (data.mode === 'basic') {
|
|
inspectorModeBadge.textContent = 'Basic mode';
|
|
inspectorModeBadge.style.display = '';
|
|
inspectorModeBadge.className = 'inspector-mode-badge basic';
|
|
} else if (data.mode === 'cdp') {
|
|
inspectorModeBadge.textContent = 'CDP';
|
|
inspectorModeBadge.style.display = '';
|
|
inspectorModeBadge.className = 'inspector-mode-badge cdp';
|
|
} else {
|
|
inspectorModeBadge.style.display = 'none';
|
|
}
|
|
|
|
// Render sections
|
|
renderBoxModel(data);
|
|
renderMatchedRules(data);
|
|
renderComputedStyles(data);
|
|
renderQuickEdit(data);
|
|
updateSendButton();
|
|
}
|
|
|
|
// ─── Box Model Rendering ────────────────────────────────────────
|
|
|
|
function renderBoxModel(data) {
|
|
const box = data.basicData?.boxModel || data.boxModel;
|
|
if (!box) { inspectorBoxmodel.innerHTML = '<span class="inspector-no-data">No box model data</span>'; return; }
|
|
|
|
const m = box.margin || {};
|
|
const b = box.border || {};
|
|
const p = box.padding || {};
|
|
const c = box.content || {};
|
|
|
|
inspectorBoxmodel.innerHTML = `
|
|
<div class="boxmodel-margin">
|
|
<span class="boxmodel-label">margin</span>
|
|
<span class="boxmodel-value boxmodel-top">${fmtBoxVal(m.top)}</span>
|
|
<span class="boxmodel-value boxmodel-right">${fmtBoxVal(m.right)}</span>
|
|
<span class="boxmodel-value boxmodel-bottom">${fmtBoxVal(m.bottom)}</span>
|
|
<span class="boxmodel-value boxmodel-left">${fmtBoxVal(m.left)}</span>
|
|
<div class="boxmodel-border">
|
|
<span class="boxmodel-label">border</span>
|
|
<span class="boxmodel-value boxmodel-top">${fmtBoxVal(b.top)}</span>
|
|
<span class="boxmodel-value boxmodel-right">${fmtBoxVal(b.right)}</span>
|
|
<span class="boxmodel-value boxmodel-bottom">${fmtBoxVal(b.bottom)}</span>
|
|
<span class="boxmodel-value boxmodel-left">${fmtBoxVal(b.left)}</span>
|
|
<div class="boxmodel-padding">
|
|
<span class="boxmodel-label">padding</span>
|
|
<span class="boxmodel-value boxmodel-top">${fmtBoxVal(p.top)}</span>
|
|
<span class="boxmodel-value boxmodel-right">${fmtBoxVal(p.right)}</span>
|
|
<span class="boxmodel-value boxmodel-bottom">${fmtBoxVal(p.bottom)}</span>
|
|
<span class="boxmodel-value boxmodel-left">${fmtBoxVal(p.left)}</span>
|
|
<div class="boxmodel-content">
|
|
<span>${Math.round(c.width || 0)} x ${Math.round(c.height || 0)}</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
`;
|
|
}
|
|
|
|
function fmtBoxVal(v) {
|
|
if (v === undefined || v === null) return '-';
|
|
const n = typeof v === 'number' ? v : parseFloat(v);
|
|
if (isNaN(n) || n === 0) return '0';
|
|
return Math.round(n * 10) / 10;
|
|
}
|
|
|
|
// ─── Matched Rules Rendering ────────────────────────────────────
|
|
|
|
function renderMatchedRules(data) {
|
|
const rules = data.matchedRules || data.basicData?.matchedRules || [];
|
|
inspectorRuleCount.textContent = rules.length > 0 ? `(${rules.length})` : '';
|
|
|
|
if (rules.length === 0) {
|
|
inspectorRules.innerHTML = '<div class="inspector-no-data">No matched rules</div>';
|
|
return;
|
|
}
|
|
|
|
// Separate UA rules from author rules
|
|
const authorRules = [];
|
|
const uaRules = [];
|
|
for (const rule of rules) {
|
|
if (rule.origin === 'user-agent' || rule.isUA) {
|
|
uaRules.push(rule);
|
|
} else {
|
|
authorRules.push(rule);
|
|
}
|
|
}
|
|
|
|
let html = '';
|
|
|
|
// Author rules (expanded)
|
|
for (const rule of authorRules) {
|
|
html += renderRule(rule, false);
|
|
}
|
|
|
|
// UA rules (collapsed by default)
|
|
if (uaRules.length > 0) {
|
|
html += `
|
|
<div class="inspector-ua-rules">
|
|
<button class="inspector-ua-toggle collapsed" aria-expanded="false">
|
|
<span class="inspector-toggle-arrow">▶</span>
|
|
User Agent (${uaRules.length})
|
|
</button>
|
|
<div class="inspector-ua-body collapsed">
|
|
`;
|
|
for (const rule of uaRules) {
|
|
html += renderRule(rule, true);
|
|
}
|
|
html += '</div></div>';
|
|
}
|
|
|
|
inspectorRules.innerHTML = html;
|
|
|
|
// Bind UA toggle
|
|
const uaToggle = inspectorRules.querySelector('.inspector-ua-toggle');
|
|
if (uaToggle) {
|
|
uaToggle.addEventListener('click', () => {
|
|
const body = inspectorRules.querySelector('.inspector-ua-body');
|
|
const isCollapsed = uaToggle.classList.contains('collapsed');
|
|
uaToggle.classList.toggle('collapsed', !isCollapsed);
|
|
uaToggle.setAttribute('aria-expanded', isCollapsed);
|
|
uaToggle.querySelector('.inspector-toggle-arrow').innerHTML = isCollapsed ? '▼' : '▶';
|
|
body.classList.toggle('collapsed', !isCollapsed);
|
|
});
|
|
}
|
|
}
|
|
|
|
function renderRule(rule, isUA) {
|
|
const selectorText = escapeHtml(rule.selector || '');
|
|
const truncatedSelector = selectorText.length > 35 ? selectorText.slice(0, 35) + '...' : selectorText;
|
|
const source = rule.source || '';
|
|
const sourceDisplay = source.includes('/') ? source.split('/').pop() : source;
|
|
const specificity = rule.specificity || '';
|
|
|
|
let propsHtml = '';
|
|
const props = rule.properties || [];
|
|
for (const prop of props) {
|
|
const overridden = prop.overridden ? ' overridden' : '';
|
|
const nameHtml = escapeHtml(prop.name);
|
|
const valText = escapeHtml(prop.value || '');
|
|
const truncatedVal = valText.length > 30 ? valText.slice(0, 30) + '...' : valText;
|
|
const priority = prop.priority === 'important' ? ' <span class="inspector-important">!important</span>' : '';
|
|
propsHtml += `<div class="inspector-prop${overridden}"><span class="inspector-prop-name">${nameHtml}</span>: <span class="inspector-prop-value" title="${valText}">${truncatedVal}</span>${priority};</div>`;
|
|
}
|
|
|
|
return `
|
|
<div class="inspector-rule" role="treeitem">
|
|
<div class="inspector-rule-header">
|
|
<span class="inspector-selector" title="${selectorText}">${truncatedSelector}</span>
|
|
${specificity ? `<span class="inspector-specificity">${escapeHtml(specificity)}</span>` : ''}
|
|
</div>
|
|
<div class="inspector-rule-props">${propsHtml}</div>
|
|
${sourceDisplay ? `<div class="inspector-rule-source">${escapeHtml(sourceDisplay)}</div>` : ''}
|
|
</div>
|
|
`;
|
|
}
|
|
|
|
// ─── Computed Styles Rendering ──────────────────────────────────
|
|
|
|
function renderComputedStyles(data) {
|
|
const styles = data.computedStyles || data.basicData?.computedStyles || {};
|
|
const keys = Object.keys(styles);
|
|
|
|
if (keys.length === 0) {
|
|
inspectorComputed.innerHTML = '<div class="inspector-no-data">No computed styles</div>';
|
|
return;
|
|
}
|
|
|
|
let html = '';
|
|
for (const key of keys) {
|
|
const val = styles[key];
|
|
if (!val || val === 'none' || val === 'normal' || val === 'auto' || val === '0px' || val === 'rgba(0, 0, 0, 0)') continue;
|
|
html += `<div class="inspector-computed-row"><span class="inspector-prop-name">${escapeHtml(key)}</span>: <span class="inspector-prop-value">${escapeHtml(val)}</span></div>`;
|
|
}
|
|
|
|
if (!html) {
|
|
html = '<div class="inspector-no-data">All values are defaults</div>';
|
|
}
|
|
|
|
inspectorComputed.innerHTML = html;
|
|
}
|
|
|
|
// ─── Quick Edit ─────────────────────────────────────────────────
|
|
|
|
function renderQuickEdit(data) {
|
|
const selector = data.selector;
|
|
if (!selector) { inspectorQuickedit.innerHTML = ''; return; }
|
|
|
|
// Show common editable properties with current values
|
|
const editableProps = ['color', 'background-color', 'font-size', 'padding', 'margin', 'border', 'display', 'opacity'];
|
|
const computed = data.computedStyles || data.basicData?.computedStyles || {};
|
|
|
|
let html = '<div class="inspector-quickedit-list">';
|
|
for (const prop of editableProps) {
|
|
const val = computed[prop] || '';
|
|
html += `
|
|
<div class="inspector-quickedit-row" data-prop="${escapeHtml(prop)}">
|
|
<span class="inspector-prop-name">${escapeHtml(prop)}</span>:
|
|
<span class="inspector-quickedit-value" data-selector="${escapeHtml(selector)}" data-prop="${escapeHtml(prop)}" tabindex="0" role="button" title="Click to edit">${escapeHtml(val || '(none)')}</span>
|
|
</div>
|
|
`;
|
|
}
|
|
html += '</div>';
|
|
inspectorQuickedit.innerHTML = html;
|
|
|
|
// Bind click-to-edit
|
|
inspectorQuickedit.querySelectorAll('.inspector-quickedit-value').forEach(el => {
|
|
el.addEventListener('click', () => startQuickEdit(el));
|
|
el.addEventListener('keydown', (e) => {
|
|
if (e.key === 'Enter' || e.key === ' ') { e.preventDefault(); startQuickEdit(el); }
|
|
});
|
|
});
|
|
}
|
|
|
|
function startQuickEdit(valueEl) {
|
|
if (valueEl.querySelector('input')) return; // already editing
|
|
|
|
const currentVal = valueEl.textContent === '(none)' ? '' : valueEl.textContent;
|
|
const prop = valueEl.dataset.prop;
|
|
const selector = valueEl.dataset.selector;
|
|
|
|
const input = document.createElement('input');
|
|
input.type = 'text';
|
|
input.className = 'inspector-quickedit-input';
|
|
input.value = currentVal;
|
|
valueEl.textContent = '';
|
|
valueEl.appendChild(input);
|
|
input.focus();
|
|
input.select();
|
|
|
|
function commit() {
|
|
const newVal = input.value.trim();
|
|
valueEl.textContent = newVal || '(none)';
|
|
if (newVal && newVal !== currentVal) {
|
|
chrome.runtime.sendMessage({
|
|
type: 'applyStyle',
|
|
selector,
|
|
property: prop,
|
|
value: newVal,
|
|
});
|
|
inspectorModifications.push({ property: prop, value: newVal, selector });
|
|
updateSendButton();
|
|
}
|
|
}
|
|
|
|
function cancel() {
|
|
valueEl.textContent = currentVal || '(none)';
|
|
}
|
|
|
|
input.addEventListener('blur', commit);
|
|
input.addEventListener('keydown', (e) => {
|
|
if (e.key === 'Enter') { e.preventDefault(); input.blur(); }
|
|
if (e.key === 'Escape') { e.preventDefault(); input.removeEventListener('blur', commit); cancel(); }
|
|
});
|
|
}
|
|
|
|
// ─── Send to Agent ──────────────────────────────────────────────
|
|
|
|
function updateSendButton() {
|
|
if (inspectorModifications.length > 0) {
|
|
inspectorSendBtn.textContent = 'Send to Code';
|
|
inspectorSendBtn.title = `${inspectorModifications.length} modification(s) to send`;
|
|
} else {
|
|
inspectorSendBtn.textContent = 'Send to Agent';
|
|
inspectorSendBtn.title = 'Send full inspector data';
|
|
}
|
|
}
|
|
|
|
inspectorSendBtn.addEventListener('click', () => {
|
|
if (!inspectorData) return;
|
|
|
|
let message;
|
|
if (inspectorModifications.length > 0) {
|
|
// Format modification diff
|
|
const diffs = inspectorModifications.map(m =>
|
|
` ${m.property}: ${m.value} (selector: ${m.selector})`
|
|
).join('\n');
|
|
message = `CSS Inspector modifications:\n\nSelector: ${inspectorData.selector}\n\nChanges:\n${diffs}`;
|
|
|
|
// Include source file info if available
|
|
const rules = inspectorData.matchedRules || inspectorData.basicData?.matchedRules || [];
|
|
const sources = rules.filter(r => r.source && r.source !== 'inline').map(r => r.source);
|
|
if (sources.length > 0) {
|
|
message += `\n\nSource files:\n${[...new Set(sources)].map(s => ` ${s}`).join('\n')}`;
|
|
}
|
|
} else {
|
|
// Send full inspector data
|
|
message = `CSS Inspector data for: ${inspectorData.selector}\n\n${JSON.stringify(inspectorData, null, 2)}`;
|
|
}
|
|
|
|
// Inject into the running claude PTY so the user can ask claude to act
|
|
// on the inspector data. Replaces the old `sidebar-command` route which
|
|
// spawned a one-shot claude -p (sidebar-agent.ts is gone).
|
|
const ok = window.gstackInjectToTerminal?.(message + '\n');
|
|
if (!ok) {
|
|
console.warn('[gstack sidebar] Inspector send needs an active Terminal session.');
|
|
}
|
|
});
|
|
|
|
// ─── Quick Action Helpers (toolbar buttons) ──────────────────────
|
|
|
|
/**
|
|
* "Cleanup" injects a prompt into the running claude PTY. claude takes the
|
|
* prompt, snapshots the page, hides ads/banners/popups, leaves article
|
|
* content. The user watches it happen in the Terminal pane.
|
|
*
|
|
* Replaced the old chat-queue path (sidebar-agent.ts spawning a one-shot
|
|
* claude -p) — we have a live REPL now, so route through that instead.
|
|
*/
|
|
async function runCleanup(...buttons) {
|
|
buttons.forEach(b => b?.classList.add('loading'));
|
|
const cleanupPrompt = [
|
|
'Clean up the active browser page for reading. Run:',
|
|
'$B cleanup --all',
|
|
'then $B snapshot -i, identify any remaining ads, cookie/consent banners,',
|
|
'newsletter popups, login walls, video autoplay, sidebar widgets, share',
|
|
'buttons, floating chat widgets, and hide each via $B eval. Keep the site',
|
|
'header/masthead, headline, article body, images, byline, and date. Also',
|
|
'unlock scrolling if the page is scroll-locked.',
|
|
].join('\n');
|
|
const sent = window.gstackInjectToTerminal?.(cleanupPrompt + '\n');
|
|
if (!sent) {
|
|
console.warn('[gstack sidebar] Cleanup needs an active Terminal session.');
|
|
}
|
|
setTimeout(() => buttons.forEach(b => b?.classList.remove('loading')), 1200);
|
|
}
|
|
|
|
async function runScreenshot(...buttons) {
|
|
if (!serverUrl || !serverToken) return;
|
|
buttons.forEach(b => b?.classList.add('loading'));
|
|
try {
|
|
const resp = await fetch(`${serverUrl}/command`, {
|
|
method: 'POST',
|
|
headers: { ...authHeaders(), 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({ command: 'screenshot', args: [] }),
|
|
signal: AbortSignal.timeout(15000),
|
|
});
|
|
const text = await resp.text();
|
|
if (!resp.ok) {
|
|
console.warn('[gstack sidebar] Screenshot failed:', text);
|
|
} else {
|
|
console.log('[gstack sidebar] Screenshot:', text);
|
|
}
|
|
} catch (err) {
|
|
console.error('[gstack sidebar] Screenshot error:', err.message);
|
|
} finally {
|
|
buttons.forEach(b => b?.classList.remove('loading'));
|
|
}
|
|
}
|
|
|
|
// ─── Wire up all cleanup/screenshot buttons (inspector + chat toolbar) ──
|
|
|
|
const inspectorCleanupBtn = document.getElementById('inspector-cleanup-btn');
|
|
const inspectorScreenshotBtn = document.getElementById('inspector-screenshot-btn');
|
|
const chatCleanupBtn = document.getElementById('chat-cleanup-btn');
|
|
const chatScreenshotBtn = document.getElementById('chat-screenshot-btn');
|
|
|
|
if (inspectorCleanupBtn) inspectorCleanupBtn.addEventListener('click', () => runCleanup(inspectorCleanupBtn, chatCleanupBtn));
|
|
if (inspectorScreenshotBtn) inspectorScreenshotBtn.addEventListener('click', () => runScreenshot(inspectorScreenshotBtn, chatScreenshotBtn));
|
|
if (chatCleanupBtn) chatCleanupBtn.addEventListener('click', () => runCleanup(chatCleanupBtn, inspectorCleanupBtn));
|
|
if (chatScreenshotBtn) chatScreenshotBtn.addEventListener('click', () => runScreenshot(chatScreenshotBtn, inspectorScreenshotBtn));
|
|
|
|
// ─── Section Toggles ────────────────────────────────────────────
|
|
|
|
document.querySelectorAll('.inspector-section-toggle').forEach(toggle => {
|
|
toggle.addEventListener('click', () => {
|
|
const section = toggle.dataset.section;
|
|
const body = document.getElementById(`inspector-${section}`);
|
|
const isCollapsed = toggle.classList.contains('collapsed');
|
|
|
|
toggle.classList.toggle('collapsed', !isCollapsed);
|
|
toggle.setAttribute('aria-expanded', isCollapsed);
|
|
toggle.querySelector('.inspector-toggle-arrow').innerHTML = isCollapsed ? '▼' : '▶';
|
|
body.classList.toggle('collapsed', !isCollapsed);
|
|
});
|
|
});
|
|
|
|
// ─── Inspector SSE ──────────────────────────────────────────────
|
|
|
|
async function connectInspectorSSE() {
|
|
if (!serverUrl || !serverToken) return;
|
|
if (inspectorSSE) { inspectorSSE.close(); inspectorSSE = null; }
|
|
|
|
// Same session-cookie pattern as connectSSE. ?token= is gone (see N1
|
|
// in the v1.6.0.0 security wave plan).
|
|
await ensureSseSessionCookie();
|
|
const url = `${serverUrl}/inspector/events?_=${Date.now()}`;
|
|
|
|
try {
|
|
inspectorSSE = new EventSource(url, { withCredentials: true });
|
|
|
|
inspectorSSE.addEventListener('inspectResult', (e) => {
|
|
try {
|
|
const data = JSON.parse(e.data);
|
|
inspectorShowData(data);
|
|
} catch (err) {
|
|
console.error('[gstack sidebar] Failed to parse inspectResult:', err.message);
|
|
}
|
|
});
|
|
|
|
inspectorSSE.addEventListener('error', () => {
|
|
// SSE connection failed — inspector works without it (basic mode)
|
|
if (inspectorSSE) { inspectorSSE.close(); inspectorSSE = null; }
|
|
});
|
|
} catch (err) {
|
|
console.debug('[gstack sidebar] Inspector SSE not available:', err.message);
|
|
}
|
|
}
|
|
|
|
// ─── Server Discovery ───────────────────────────────────────────
|
|
|
|
function setActionButtonsEnabled(enabled) {
|
|
const btns = document.querySelectorAll('.quick-action-btn, .inspector-action-btn');
|
|
btns.forEach(btn => {
|
|
btn.disabled = !enabled;
|
|
btn.classList.toggle('disabled', !enabled);
|
|
});
|
|
}
|
|
|
|
function updateConnection(url, token) {
|
|
const wasConnected = !!serverUrl;
|
|
serverUrl = url;
|
|
serverToken = token || null;
|
|
// Expose for sidepanel-terminal.js (PTY surface). The terminal pane needs
|
|
// the bootstrap token to POST /pty-session and the port to derive the WS
|
|
// URL. We never expose the PTY token — it lives in an HttpOnly cookie.
|
|
if (url) {
|
|
try { window.gstackServerPort = parseInt(new URL(url).port, 10); } catch {}
|
|
window.gstackAuthToken = token || null;
|
|
} else {
|
|
window.gstackServerPort = null;
|
|
window.gstackAuthToken = null;
|
|
}
|
|
if (url) {
|
|
document.getElementById('footer-dot').className = 'dot connected';
|
|
const port = new URL(url).port;
|
|
document.getElementById('footer-port').textContent = `:${port}`;
|
|
setConnState('connected');
|
|
setActionButtonsEnabled(true);
|
|
// Tell the active tab's content script the sidebar is open — this hides
|
|
// the welcome page arrow hint. Only fires on actual sidebar connection.
|
|
chrome.runtime.sendMessage({ type: 'sidebarOpened' }).catch(() => {});
|
|
connectSSE();
|
|
connectInspectorSSE();
|
|
} else {
|
|
document.getElementById('footer-dot').className = 'dot';
|
|
document.getElementById('footer-port').textContent = '';
|
|
setActionButtonsEnabled(false);
|
|
if (wasConnected) startReconnect();
|
|
}
|
|
}
|
|
|
|
// ─── Port Configuration ─────────────────────────────────────────
|
|
|
|
const portLabel = document.getElementById('footer-port');
|
|
const portInput = document.getElementById('port-input');
|
|
|
|
portLabel.addEventListener('click', () => {
|
|
portLabel.style.display = 'none';
|
|
portInput.style.display = '';
|
|
chrome.runtime.sendMessage({ type: 'getPort' }, (resp) => {
|
|
portInput.value = resp?.port || '';
|
|
portInput.focus();
|
|
portInput.select();
|
|
});
|
|
});
|
|
|
|
function savePort() {
|
|
const port = parseInt(portInput.value, 10);
|
|
if (port > 0 && port < 65536) {
|
|
chrome.runtime.sendMessage({ type: 'setPort', port });
|
|
}
|
|
portInput.style.display = 'none';
|
|
portLabel.style.display = '';
|
|
}
|
|
portInput.addEventListener('blur', savePort);
|
|
portInput.addEventListener('keydown', (e) => {
|
|
if (e.key === 'Enter') savePort();
|
|
if (e.key === 'Escape') { portInput.style.display = 'none'; portLabel.style.display = ''; }
|
|
});
|
|
|
|
// ─── Reconnect / Copy Buttons ────────────────────────────────────
|
|
|
|
document.getElementById('conn-reconnect').addEventListener('click', () => {
|
|
reconnectAttempts = 0;
|
|
startReconnect();
|
|
});
|
|
|
|
document.getElementById('conn-copy').addEventListener('click', () => {
|
|
navigator.clipboard.writeText('/open-gstack-browser').then(() => {
|
|
const btn = document.getElementById('conn-copy');
|
|
btn.textContent = 'copied!';
|
|
setTimeout(() => { btn.textContent = '/open-gstack-browser'; }, 2000);
|
|
});
|
|
});
|
|
|
|
// Try to connect immediately, retry every 2s until connected.
|
|
// Show exactly what's happening at each step so the user is never
|
|
// staring at a blank "Connecting..." with no info.
|
|
let connectAttempts = 0;
|
|
function setLoadingStatus(msg, debug) {
|
|
// The status line lives inside the Terminal bootstrap card now —
|
|
// sidepanel-terminal.js owns it. We only update the debug pre block,
|
|
// and trust the terminal pane to surface the human-readable status.
|
|
const dbg = document.getElementById('loading-debug');
|
|
if (dbg && debug !== undefined) dbg.textContent = debug;
|
|
}
|
|
|
|
async function tryConnect() {
|
|
connectAttempts++;
|
|
setLoadingStatus(
|
|
`Looking for browse server... (attempt ${connectAttempts})`,
|
|
`Asking background.js for server port...`
|
|
);
|
|
|
|
// Step 1: Ask background for the port
|
|
const resp = await new Promise(resolve => {
|
|
chrome.runtime.sendMessage({ type: 'getPort' }, (r) => {
|
|
if (chrome.runtime.lastError) {
|
|
resolve({ error: chrome.runtime.lastError.message });
|
|
} else {
|
|
resolve(r || {});
|
|
}
|
|
});
|
|
});
|
|
|
|
if (resp.error) {
|
|
setLoadingStatus(
|
|
`Extension error (attempt ${connectAttempts})`,
|
|
`chrome.runtime.sendMessage failed:\n${resp.error}`
|
|
);
|
|
setTimeout(tryConnect, 2000);
|
|
return;
|
|
}
|
|
|
|
const port = resp.port || 34567;
|
|
|
|
// Step 2: If background says connected + has token, use that
|
|
if (resp.port && resp.connected && resp.token) {
|
|
setLoadingStatus(
|
|
`Server found on port ${port}, connecting...`,
|
|
`token: yes\nStarting SSE + chat polling...`
|
|
);
|
|
updateConnection(`http://127.0.0.1:${port}`, resp.token);
|
|
return;
|
|
}
|
|
|
|
// Step 3: Background not connected yet. Try hitting /health directly.
|
|
// This bypasses the background.js health poll timing gap.
|
|
setLoadingStatus(
|
|
`Checking server directly... (attempt ${connectAttempts})`,
|
|
`port: ${port}\nbackground connected: ${resp.connected || false}\nTrying GET http://127.0.0.1:${port}/health ...`
|
|
);
|
|
|
|
try {
|
|
const healthResp = await fetch(`http://127.0.0.1:${port}/health`, {
|
|
signal: AbortSignal.timeout(2000)
|
|
});
|
|
if (healthResp.ok) {
|
|
const data = await healthResp.json();
|
|
if (data.status === 'healthy' && data.token) {
|
|
setLoadingStatus(
|
|
`Server healthy on port ${port}, connecting...`,
|
|
`token: yes (from /health)\nStarting SSE + activity feed...`
|
|
);
|
|
updateConnection(`http://127.0.0.1:${port}`, data.token);
|
|
// The SEC shield used to drive off /health.security via the chat
|
|
// path's classifier; with the chat path ripped, the indicator is
|
|
// not driven yet. Leaving the shield element hidden by default.
|
|
return;
|
|
}
|
|
setLoadingStatus(
|
|
`Server responded but not healthy (attempt ${connectAttempts})`,
|
|
`status: ${data.status}\ntoken: ${data.token ? 'yes' : 'no'}`
|
|
);
|
|
} else {
|
|
setLoadingStatus(
|
|
`Server returned ${healthResp.status} (attempt ${connectAttempts})`,
|
|
`GET /health → ${healthResp.status} ${healthResp.statusText}`
|
|
);
|
|
}
|
|
} catch (e) {
|
|
setLoadingStatus(
|
|
`Server not reachable on port ${port} (attempt ${connectAttempts})`,
|
|
`GET /health failed: ${e.message}\n\nThe browse server may still be starting.\nRun /open-gstack-browser in Claude Code.`
|
|
);
|
|
}
|
|
|
|
setTimeout(tryConnect, 2000);
|
|
}
|
|
tryConnect();
|
|
|
|
// ─── Message Listener ───────────────────────────────────────────
|
|
|
|
chrome.runtime.onMessage.addListener((msg) => {
|
|
if (msg.type === 'health') {
|
|
if (msg.data) {
|
|
const url = `http://127.0.0.1:${msg.data.port || 34567}`;
|
|
// Request token via targeted sendResponse (not broadcast) to limit exposure
|
|
chrome.runtime.sendMessage({ type: 'getToken' }, (resp) => {
|
|
updateConnection(url, resp?.token || null);
|
|
});
|
|
} else {
|
|
updateConnection(null);
|
|
}
|
|
}
|
|
if (msg.type === 'refs') {
|
|
if (document.querySelector('.tab[data-tab="refs"].active')) {
|
|
fetchRefs();
|
|
}
|
|
}
|
|
if (msg.type === 'inspectResult') {
|
|
inspectorPickerActive = false;
|
|
inspectorPickBtn.classList.remove('active');
|
|
if (msg.data) {
|
|
inspectorShowData(msg.data);
|
|
} else {
|
|
inspectorShowError('Element not found, try picking again');
|
|
}
|
|
}
|
|
if (msg.type === 'pickerCancelled') {
|
|
inspectorPickerActive = false;
|
|
inspectorPickBtn.classList.remove('active');
|
|
}
|
|
// browserTabState: full snapshot of all open tabs + the active one,
|
|
// pushed by background.js on chrome.tabs events. We forward it as a
|
|
// custom event so sidepanel-terminal.js can relay to terminal-agent.ts.
|
|
// Result: claude's <stateDir>/tabs.json + active-tab.json stay live.
|
|
if (msg.type === 'browserTabState') {
|
|
document.dispatchEvent(new CustomEvent('gstack:tab-state', {
|
|
detail: { active: msg.active, tabs: msg.tabs, reason: msg.reason },
|
|
}));
|
|
}
|
|
});
|