PR

[hlsitechio]

What Changed

Why

UI Changes

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

Note

Add Lab workspace, Canvas panel, embedded browser control, and multi-provider CLI support

• Introduces a Lab workspace (/lab/:threadId) with a split-pane view of ChatView and an embedded BrowserCanvas, accessible from the sidebar and chat header
• Adds an App Canvas panel (AppCanvas) that previews generated React apps in-browser with code/preview tabs and device-size presets, persisted as ThreadCanvasState per thread
• Adds a BrowserCanvas component that attaches to a native BrowserView (Electron only), supporting navigation, back/forward, resize, and state persistence; controlled via new IPC handlers in the main process and exposed through desktopBridge
• Extends provider support to claude-code, gemini-cli, and github-copilot-cli across contracts, model options, session logic, and provider health checks
• Adds document attachment to the chat composer (.txt/.md/.pdf/.docx), with drag-and-drop, localStorage draft persistence, size/count limits, and excerpt injection into sent messages
• Adds UI command intents that intercept typed commands to open/close Lab, Canvas, or Browser and execute browser navigation/action without sending to the model
• Implements GitHub device flow auth over WebSocket and a sidebar GitHub controller (behind githubSidebarControllerEnabled flag)
• Introduces two new MCP servers: labBrowserMcpServer (browser control) and appOperatorMcpServer (app context/actions), auto-configured in a managed Codex home directory when operator env vars are present
• Adds a Windows PowerShell installer (install.ps1) and switches Windows desktop builds from NSIS to MSI
• Adds client-side Prettier formatting for code blocks in ChatMarkdown before syntax highlighting, with caching and a 50 KB size guard
• Adds a token usage store (useTokenUsageStore) with per-thread/daily tracking, rate limit display, and a TokenUsageBadge component in the chat header
• Risk: The managed Codex home workflow creates and deletes temp directories at session boundaries; failures during teardown are logged but not surfaced to users

📊 Macroscope summarized 7548792. 41 files reviewed, 27 issues evaluated, 3 issues filtered, 12 comments posted

🗂️ Filtered Issues

apps/desktop/src/main.ts — 0 comments posted, 11 evaluated, 3 filtered

• line 927: When visible is false, the function does not check whether session.view.webContents.isDestroyed() before calling updateBrowserSessionState(session) at line 927. The visible=true path correctly checks for destruction at line 930-933, but the visible=false path skips this check. If the view was destroyed (but the destroyed event handler hasn't yet removed the session from the map due to event loop timing), updateBrowserSessionState will attempt to read from a destroyed webContents, which can throw an error. [ Failed validation ]
• line 1139: Race condition in startOperatorApiServer: the guard check if (operatorApiServer) at line 1139 and the assignment operatorApiServer = server at line 1196 are separated by await points (lines 1182-1188). If two calls to startOperatorApiServer() occur concurrently (e.g., from multiple IPC handlers), both can pass the initial null check before either sets operatorApiServer. This results in two servers being created, with one becoming orphaned (no reference to close it) while its port remains bound. Consider adding a mutex/lock pattern or an "in-progress" sentinel to prevent concurrent initialization. [ Failed validation ]
• line 1765: The validation !action || typeof action !== "object" allows arrays to pass through because typeof [] === "object" and ![] is false. If the renderer sends an array like [] or [1,2,3], it bypasses the check and gets cast to DesktopBrowserActInput, which likely expects an object with specific properties. Consider adding Array.isArray(action) to the rejection condition. [ Failed validation ]

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3aee69bb-c36c-4158-a1f5-44820d478f74

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can validate your CodeRabbit configuration file in your editor.

If your editor has YAML language server, you can enable auto-completion and validation by adding # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json at the top of your CodeRabbit configuration file.

[Copilot]

Pull request overview

This PR significantly expands the desktop + web app capabilities (Lab workspace, browser/canvas surfaces, provider support, token usage tracking, and MCP tooling), and updates build/release tooling (Windows MSI, installer script, CI workflow behavior) to support these additions across the monorepo.

Changes:

• Add Lab workspace routes and desktop-only Browser Canvas + in-app React Canvas surface, with supporting contracts and native bridge APIs.
• Expand provider/model contracts (Claude Code, Gemini CLI, GitHub Copilot CLI) and add GitHub device-flow + MCP servers for operator tooling.
• Update build/release pipeline (Windows MSI defaults, artifact config, installer PowerShell script) and improve terminal performance (debounced persistence, WebGL renderer, I/O buffering).

Reviewed changes

Copilot reviewed 76 out of 78 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
scripts/dev-runner.ts	Adds layered .env.local loading and desktop dev-mode env adjustments.
scripts/build-desktop-artifact.ts	Switches Windows default target to MSI and tweaks build config.
packages/shared/src/model.ts	Extends model slug sets for additional providers.
packages/contracts/src/ws.ts	Adds WS RPC method names and request schemas for GitHub, canvas, and server CLI detection.
packages/contracts/src/server.ts	Adds contracts for detecting CLI installations.
packages/contracts/src/orchestration.ts	Expands ProviderKind to include additional providers.
packages/contracts/src/model.ts	Adds provider model options, defaults, and model lists for new providers.
packages/contracts/src/ipc.ts	Extends DesktopBridge/NativeApi types for browser, GitHub auth, server CLI detection, and canvas APIs.
packages/contracts/src/index.ts	Exports new canvas contracts.
packages/contracts/src/editor.ts	Adds Windsurf and OpenCode editors.
packages/contracts/src/canvas.ts	Introduces canvas state/input schemas for thread-scoped canvas.
package.json	Updates root scripts (Windows desktop dist target to MSI).
install.ps1	Adds a Windows interactive installer/updater for the desktop app + dependencies.
apps/web/vite.config.ts	Adds Prettier aliasing and build chunk splitting configuration.
apps/web/src/wsNativeApi.ts	Exposes new WS-backed NativeApi namespaces (GitHub, server CLI detection, canvas, desktop browser bridge).
apps/web/src/vite-env.d.ts	Adds typed Vite env vars for Clerk + WS URL.
apps/web/src/uiCommandIntents.ts	Adds parsing for lab/browser/canvas UI command intents.
apps/web/src/uiCommandIntents.test.ts	Adds tests for UI command intent parsing.
apps/web/src/tokenUsageStore.ts	Adds persisted Zustand store for token usage, daily totals, and rate limit/account info.
apps/web/src/session-logic.ts	Updates provider picker types/options to align with new ProviderKind values.
apps/web/src/session-logic.test.ts	Updates tests for provider picker placeholders.
apps/web/src/routes/lab.tsx	Adds /lab layout route with sidebar + outlet.
apps/web/src/routes/lab.index.tsx	Adds lab landing/index view.
apps/web/src/routes/lab.$threadId.tsx	Adds lab thread view with chat + desktop-only browser canvas.
apps/web/src/routes/_chat.tsx	Updates chat layout sidebar behavior (rail + resizing + icon collapse).
apps/web/src/routes/_chat.index.tsx	Replaces minimal home view with a workspace home/intake experience and surface launchers.
apps/web/src/routes/_chat.docs.tsx	Adds docs route shell under chat.
apps/web/src/routes/_chat.$threadId.tsx	Adds browser/canvas panels driven by route search params with responsive sheet behavior.
apps/web/src/routes/__root.tsx	Wraps the app in an auth gate and mounts token usage syncing.
apps/web/src/routeTree.gen.ts	Updates generated route tree to include Lab and Docs routes.
apps/web/src/index.css	Updates dark theme tokens and adds animations/styles for settings transitions.
apps/web/src/hooks/useWorkspaceSurfaceLaunchers.ts	Adds shared helpers for opening Terminal/Lab/Canvas surfaces.
apps/web/src/hooks/useTokenUsageSync.ts	Adds activity-driven synchronization into token usage store.
apps/web/src/hooks/useProjectOnboarding.ts	Adds onboarding helpers to create/open projects/threads from the home experience.
apps/web/src/diffRouteSearch.ts	Extends route search parsing/stripping to include browser and canvas flags.
apps/web/src/components/ui/sidebar.tsx	Tweaks sidebar rail styling/interaction affordances.
apps/web/src/components/WorkspaceSurfaceActions.tsx	Adds UI actions for terminal/lab/canvas and provider readiness display.
apps/web/src/components/TokenUsageBadge.tsx	Adds a badge UI for thread + daily usage and rate-limit warnings.
apps/web/src/components/ThreadTerminalDrawer.tsx	Adds WebGL renderer support and debounced terminal I/O buffering + minimize control.
apps/web/src/components/Icons.tsx	Adds Windsurf icon.
apps/web/src/components/GitActionsControl.tsx	Adds disabled “GitHub Integration” menu section placeholders.
apps/web/src/components/ChatMarkdown.tsx	Adds optional Prettier formatting for fenced code blocks before highlighting.
apps/web/src/components/BrowserCanvas.tsx	Adds desktop-only browser canvas UI with resize + navigation + live state.
apps/web/src/components/AppCanvas.tsx	Adds in-app Canvas surface with preview/code/brief tabs.
apps/web/src/appSettings.ts	Adds canvas + GitHub-related settings schema/options and normalizers.
apps/web/package.json	Adds Clerk, xterm WebGL addon, and Prettier dependencies.
apps/web/.env.example	Adds Clerk publishable key env example.
apps/server/tsdown.config.ts	Adds an additional build entry for the MCP server.
apps/server/tsconfig.json	Adjusts Effect lint configuration settings.
apps/server/src/terminal/Services/Manager.ts	Extends terminal session state to track dirty history.
apps/server/src/terminal/Layers/Manager.ts	Improves terminal history persistence performance and adjusts debounce timing.
apps/server/src/provider/Layers/ProviderSessionDirectory.ts	Allows additional ProviderKind values in persistence decoding.
apps/server/src/provider/Layers/ProviderHealth.ts	Runs Codex version+auth probes concurrently and tweaks status resolution.
apps/server/src/orchestration/Layers/ProviderRuntimeIngestion.ts	Emits new activity kinds for usage/rate-limit/account update events.
apps/server/src/orchestration/Layers/ProviderRuntimeIngestion.test.ts	Updates test typing to allow non-codex provider values.
apps/server/src/open.ts	Adds editor launch support for Windsurf/OpenCode nuances.
apps/server/src/main.ts	Changes boolean flag resolution and default for websocket event logging.
apps/server/src/labBrowserMcpServer.ts	Adds MCP server for operating the lab browser via operator endpoints.
apps/server/src/git/githubDeviceFlow.ts	Adds GitHub OAuth device flow helper functions.
apps/server/src/codexAppServerManager.ts	Creates managed Codex home folders and injects MCP server config entries per session.
apps/server/src/appOperatorMcpServer.ts	Adds MCP server for app operator endpoints (context/actions/canvas).
apps/server/scripts/cli.ts	Ensures the web app is built before bundling client assets into the server dist.
apps/server/package.json	Adds MCP SDK + zod dependency.
apps/server/.env.example	Adds Clerk secret key env example.
apps/desktop/src/preload.ts	Exposes new browser IPC methods/events on desktopBridge.
apps/desktop/src/browserOperator.ts	Implements DOM-based browser observe/act/extract scripting for BrowserView.
apps/desktop/src/browserCdp.ts	Adds CDP screenshot capture via webContents.debugger.
apps/desktop/src/bootstrapDeps.ts	Adds first-run dependency bootstrapper for desktop app (winget/npm).
README.md	Updates product positioning, install instructions, and feature/architecture docs.
.github/workflows/release.yml	Switches Windows artifacts to MSI and adjusts release job dependencies/behavior.
.github/workflows/ci.yml	Switches runners and adjusts test/browser-test behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[macroscopeapp]

🟢 Low src/tokenUsageStore.ts:77

isThisWeek mixes UTC and local time zones, causing getWeekUsage to exclude today's usage for users in negative UTC offsets. todayKey() stores UTC dates like "2024-01-15", but isThisWeek parses that string as UTC midnight while comparing against startOfWeek computed in local time. For a user at UTC-8, "2024-01-15" parses as 2024-01-15T00:00:00Z (which is 2024-01-14T16:00:00 local), so the date falls before local Sunday midnight and gets filtered out. Consider using consistent UTC math: parse the date string as UTC and compare against a UTC-based start of week.

function isThisWeek(dateStr: string): boolean {
-  const date = new Date(dateStr);
+  const date = new Date(dateStr + "T00:00:00Z");
   const now = new Date();
-  const startOfWeek = new Date(now);
+  const startOfWeek = new Date(Date.UTC(now.getFullYear(), now.getMonth(), now.getDate() - now.getDay()));
-  startOfWeek.setDate(now.getDate() - now.getDay());
-  startOfWeek.setHours(0, 0, 0, 0);
   return date >= startOfWeek;
 }

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/tokenUsageStore.ts around lines 77-84:

`isThisWeek` mixes UTC and local time zones, causing `getWeekUsage` to exclude today's usage for users in negative UTC offsets. `todayKey()` stores UTC dates like `"2024-01-15"`, but `isThisWeek` parses that string as UTC midnight while comparing against `startOfWeek` computed in local time. For a user at UTC-8, `"2024-01-15"` parses as 2024-01-15T00:00:00Z (which is 2024-01-14T16:00:00 local), so the date falls before local Sunday midnight and gets filtered out. Consider using consistent UTC math: parse the date string as UTC and compare against a UTC-based start of week.

Evidence trail:
apps/web/src/tokenUsageStore.ts lines 73-84 (REVIEWED_COMMIT): `todayKey()` uses `toISOString().slice(0, 10)` returning UTC dates; `isThisWeek()` parses dateStr with `new Date(dateStr)` (UTC midnight for ISO date-only strings per ECMAScript spec) but computes `startOfWeek` using local-time methods (`getDay()`, `getDate()`, `setHours(0,0,0,0)`). Line 84 comparison `date >= startOfWeek` compares UTC midnight against local midnight, causing false negatives for negative UTC offsets.

[macroscopeapp]

🟢 Low src/uiCommandIntents.ts:144

When normalizeBrowserNavigationTarget receives an uppercase protocol like HTTP://example.com, looksLikeDirectBrowserUrl accepts it due to case-insensitive regex, but line 145's startsWith("http://") and startsWith("https://") checks are case-sensitive and both fail. The code then prepends https://, producing https://HTTP://example.com which new URL() either throws on or treats as malformed. Consider using case-insensitive prefix checks (e.g., trimmed.toLowerCase().startsWith(...) or a case-insensitive regex) so the protocol detection aligns with looksLikeDirectBrowserUrl.

  const withProtocol =
-    trimmed.startsWith("http://") || trimmed.startsWith("https://") ? trimmed : `https://${trimmed}`;
+    trimmed.toLowerCase().startsWith("http://") || trimmed.toLowerCase().startsWith("https://") ? trimmed : `https://${trimmed}`;

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/uiCommandIntents.ts around lines 144-145:

When `normalizeBrowserNavigationTarget` receives an uppercase protocol like `HTTP://example.com`, `looksLikeDirectBrowserUrl` accepts it due to case-insensitive regex, but line 145's `startsWith("http://")` and `startsWith("https://")` checks are case-sensitive and both fail. The code then prepends `https://`, producing `https://HTTP://example.com` which `new URL()` either throws on or treats as malformed. Consider using case-insensitive prefix checks (e.g., `trimmed.toLowerCase().startsWith(...)` or a case-insensitive regex) so the protocol detection aligns with `looksLikeDirectBrowserUrl`.

Evidence trail:
apps/web/src/uiCommandIntents.ts lines 32-37: `looksLikeDirectBrowserUrl` function with case-insensitive regex `/^(?:https?:\/\/)/i` (the `i` flag).

apps/web/src/uiCommandIntents.ts lines 145-146: `const withProtocol = trimmed.startsWith("http://") || trimmed.startsWith("https://") ? trimmed : \`https://${trimmed}\`;` - case-sensitive string comparison.

Commit: REVIEWED_COMMIT

[macroscopeapp]

🟢 Low src/uiCommandIntents.ts:76

In parseBrowserActionIntent, keys not present in BROWSER_PRESS_KEY_ALIASES are converted to lowercase via .toLowerCase() on line 104. Browser key values are case-sensitive, so inputs like "press F1" return { kind: "press", key: "f1" } instead of "F1", and "press PageDown" returns "pagedown" instead of "PageDown". These lowercase keys are likely to be rejected or misinterpreted by browser keyboard APIs. Consider preserving the original casing for unmapped keys instead of forcing lowercase.

-    const rawKey = stripWrappingQuotes(pressMatch[1]).trim().toLowerCase();
+    const rawKey = stripWrappingQuotes(pressMatch[1]).trim();
     const key = BROWSER_PRESS_KEY_ALIASES[rawKey] ?? rawKey;

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/uiCommandIntents.ts around lines 76-105:

In `parseBrowserActionIntent`, keys not present in `BROWSER_PRESS_KEY_ALIASES` are converted to lowercase via `.toLowerCase()` on line 104. Browser key values are case-sensitive, so inputs like "press F1" return `{ kind: "press", key: "f1" }` instead of "F1", and "press PageDown" returns "pagedown" instead of "PageDown". These lowercase keys are likely to be rejected or misinterpreted by browser keyboard APIs. Consider preserving the original casing for unmapped keys instead of forcing lowercase.

Evidence trail:
apps/web/src/uiCommandIntents.ts lines 104-105 (REVIEWED_COMMIT): `const rawKey = stripWrappingQuotes(pressMatch[1]).trim().toLowerCase(); const key = BROWSER_PRESS_KEY_ALIASES[rawKey] ?? rawKey;`
apps/web/src/uiCommandIntents.ts lines 12-29 (REVIEWED_COMMIT): BROWSER_PRESS_KEY_ALIASES definition shows no F-keys or PageUp/PageDown mappings
apps/desktop/src/browserOperator.ts lines 220-225 (REVIEWED_COMMIT): `active?.dispatchEvent(new KeyboardEvent("keydown", { key: action.key, bubbles: true }));` - shows the key is passed directly to KeyboardEvent constructor
DOM spec reference: KeyboardEvent.key uses specific casing like 'F1', 'PageDown' per https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values

[macroscopeapp]

🟢 Low components/AppCanvas.tsx:40

Injecting stylesFile?.contents directly into the <style> tag at line 40 will break the HTML document if the generated CSS contains the literal string </style> (e.g., in a content property). The browser's HTML parser will prematurely close the style tag, causing malformed HTML and a broken preview. Consider escaping </style> in the CSS before injection, or wrapping the style content in a CDATA-like escape sequence.

-${stylesFile?.contents ?? ""}

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/components/AppCanvas.tsx around line 40:

Injecting `stylesFile?.contents` directly into the `<style>` tag at line 40 will break the HTML document if the generated CSS contains the literal string `</style>` (e.g., in a `content` property). The browser's HTML parser will prematurely close the style tag, causing malformed HTML and a broken preview. Consider escaping `</style>` in the CSS before injection, or wrapping the style content in a CDATA-like escape sequence.

Evidence trail:
apps/web/src/components/AppCanvas.tsx lines 18-23 (escapeHtml function), lines 28-41 (stylesFile extraction and direct injection into <style> tag without escaping). The code shows `escapedTitle` uses `escapeHtml()` but `stylesFile?.contents` is injected raw at line 40. HTML5 raw text element parsing specification confirms `</style>` terminates style elements regardless of context.

[macroscopeapp]

🟠 High

Issue on line in apps/server/src/terminal/Layers/Manager.ts:1093:

In closeSession, the session is deleted from this.sessions before flushPersistQueue is called. Since flushPersistQueue now looks up the session to check historyDirty, it finds undefined and skips persisting any dirty history. This causes data loss when closing a terminal with unpersisted output. The same bug exists in the close method where sessions are deleted in the loop before flushing.

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/server/src/terminal/Layers/Manager.ts around line 1093:

In `closeSession`, the session is deleted from `this.sessions` before `flushPersistQueue` is called. Since `flushPersistQueue` now looks up the session to check `historyDirty`, it finds `undefined` and skips persisting any dirty history. This causes data loss when closing a terminal with unpersisted output. The same bug exists in the `close` method where sessions are deleted in the loop before flushing.

Evidence trail:
apps/server/src/terminal/Layers/Manager.ts lines 1089-1105 (`closeSession` method): session deleted at line 1098, `flushPersistQueue` called at line 1101.
apps/server/src/terminal/Layers/Manager.ts lines 541-565 (`close` method): sessions deleted in loop at lines 550-553, `flushPersistQueue` called at lines 554-558.
apps/server/src/terminal/Layers/Manager.ts lines 974-991 (`flushPersistQueue` method): looks up session at line 979 with `this.sessions.get(persistenceKey)`, checks `session?.historyDirty` at line 980.

[macroscopeapp]

🟡 Medium components/ChatView.tsx:5854

PROVIDER_ICON_BY_PROVIDER maps "github-copilot-cli" to CursorIcon, which shows Cursor's branding for a different product (GitHub Copilot CLI). If this mapping is intentional, consider adding a comment explaining why; otherwise, use the correct icon for Copilot CLI.

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/components/ChatView.tsx around line 5854:

`PROVIDER_ICON_BY_PROVIDER` maps `"github-copilot-cli"` to `CursorIcon`, which shows Cursor's branding for a different product (GitHub Copilot CLI). If this mapping is intentional, consider adding a comment explaining why; otherwise, use the correct icon for Copilot CLI.

Evidence trail:
apps/web/src/components/ChatView.tsx lines 5854-5858 shows the `PROVIDER_ICON_BY_PROVIDER` mapping with `"github-copilot-cli": CursorIcon`. apps/web/src/components/ChatView.tsx line 173 shows `CursorIcon` is imported from `./Icons`. apps/web/src/components/Icons.tsx lines 17-21 show `CursorIcon` is defined as an SVG with a hexagonal path that is the Cursor AI editor's distinctive logo.

[macroscopeapp]

🟢 Low

Issue on line in apps/server/src/codexAppServerManager.ts:718:

When prepareManagedCodexHome (line 550) succeeds but an error occurs before context is created (e.g., assertSupportedCodexCliVersion throws at line 554 or spawn fails at line 559), codexHomePath points to a created directory that is never cleaned up. The catch block checks if (context) at line 720, but context is still undefined, so stopSession is never called and the directory cleanup code at lines 1010-1012 is unreachable.

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/server/src/codexAppServerManager.ts around line 718:

When `prepareManagedCodexHome` (line 550) succeeds but an error occurs before `context` is created (e.g., `assertSupportedCodexCliVersion` throws at line 554 or `spawn` fails at line 559), `codexHomePath` points to a created directory that is never cleaned up. The catch block checks `if (context)` at line 720, but `context` is still `undefined`, so `stopSession` is never called and the directory cleanup code at lines 1010-1012 is unreachable.

Evidence trail:
1. apps/server/src/codexAppServerManager.ts lines 550-553: `codexHomePath` assigned from `prepareManagedCodexHome`
2. apps/server/src/codexAppServerManager.ts lines 1654-1657: `prepareManagedCodexHome` creates temp dir with `mkdtemp`
3. apps/server/src/codexAppServerManager.ts lines 554-559: `assertSupportedCodexCliVersion` and `spawn` can throw before context assignment
4. apps/server/src/codexAppServerManager.ts lines 570-585: `context` is assigned here (after potential failure points)
5. apps/server/src/codexAppServerManager.ts lines 719-720: catch block checks `if (context)` - doesn't clean up if undefined
6. apps/server/src/codexAppServerManager.ts lines 1010-1012: cleanup code (`rm(context.managedCodexHomePath, ...)`) only reachable via `stopSession` when context exists

[macroscopeapp]

🟢 Low components/ChatMarkdown.tsx:75

formattedCodePromiseCache is a plain Map that grows unboundedly without eviction, unlike highlightedCodeCache which uses an LRUCache with entry and memory limits. In a long-running session with many different code blocks, this accumulates entries indefinitely, leaking memory since each cached Promise<string> retains a reference to the formatted code string.

-const formattedCodePromiseCache = new Map<string, Promise<string>>();

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/components/ChatMarkdown.tsx around line 75:

`formattedCodePromiseCache` is a plain `Map` that grows unboundedly without eviction, unlike `highlightedCodeCache` which uses an `LRUCache` with entry and memory limits. In a long-running session with many different code blocks, this accumulates entries indefinitely, leaking memory since each cached `Promise<string>` retains a reference to the formatted code string.

Evidence trail:
apps/web/src/components/ChatMarkdown.tsx lines 70-75: `highlightedCodeCache = new LRUCache<string>(MAX_HIGHLIGHT_CACHE_ENTRIES, MAX_HIGHLIGHT_CACHE_MEMORY_BYTES)` vs `formattedCodePromiseCache = new Map<string, Promise<string>>()`. Lines 214-220: entries added via `formattedCodePromiseCache.set(cacheKey, promise)` with no eviction. apps/web/src/lib/lruCache.ts defines `LRUCache` class with eviction mechanisms. Commit: REVIEWED_COMMIT

[macroscopeapp]

🟢 Low src/codexAppServerManager.ts:1620

When T3CODE_HOST is set to an IPv6 address like ::1, the URL produced is http://::1:${port}/__t3_operator, which is malformed. IPv6 addresses in URLs must be wrapped in brackets (e.g., http://[::1]:8080/path). Consider adding brackets when the host contains a colon, or using a URL construction library that handles this automatically.

-    return {
-      url: `http://${host}:${port}/__t3_operator`,
+    const needsBrackets = host.includes(":");
+    const hostPart = needsBrackets ? `[${host}]` : host;
+    return {
+      url: `http://${hostPart}:${port}/__t3_operator`,

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/server/src/codexAppServerManager.ts around lines 1620-1633:

When `T3CODE_HOST` is set to an IPv6 address like `::1`, the URL produced is `http://::1:${port}/__t3_operator`, which is malformed. IPv6 addresses in URLs must be wrapped in brackets (e.g., `http://[::1]:8080/path`). Consider adding brackets when the host contains a colon, or using a URL construction library that handles this automatically.

Evidence trail:
apps/server/src/codexAppServerManager.ts lines 1625-1630 (REVIEWED_COMMIT): `const host = process.env.T3CODE_HOST?.trim() || "127.0.0.1";` followed by `url: \`http://${host}:${port}/__t3_operator\``. RFC 3986 Section 3.2.2 specifies that IPv6 addresses in URIs must be enclosed in square brackets.

[macroscopeapp]

🟢 Low src/auth.tsx:121

writeStoredSession calls localStorage.setItem without exception handling, so when localStorage is full or blocked, the error propagates and AppAuthGate.signIn() fails to call setSession. The UI remains stuck on the welcome screen without feedback. Consider wrapping the setItem call in a try-catch to handle storage errors gracefully.

-function writeStoredSession(session: DesktopAuthSession | null): void {
-  if (typeof window === "undefined") return;
-  if (!session) {
-    window.localStorage.removeItem(AUTH_STORAGE_KEY);
-    return;
-  }
-  window.localStorage.setItem(AUTH_STORAGE_KEY, JSON.stringify(session));
-}

🚀 Reply "fix it for me" or copy this AI Prompt for your agent:

In file apps/web/src/auth.tsx around lines 121-128:

`writeStoredSession` calls `localStorage.setItem` without exception handling, so when localStorage is full or blocked, the error propagates and `AppAuthGate.signIn()` fails to call `setSession`. The UI remains stuck on the welcome screen without feedback. Consider wrapping the `setItem` call in a try-catch to handle storage errors gracefully.

Evidence trail:
apps/web/src/auth.tsx lines 121-127 (writeStoredSession without try-catch), lines 655-658 (signIn calls writeStoredSession then setSession), lines 108-119 (readStoredSession with try-catch for comparison), line 680 (render condition showing welcome screen when session is null)

[Noojuno]

Hey @hlsitechio, did you mean to push this PR to the main repo?