fix: add path validation to allowed_paths#70
Open
vlordier wants to merge 9 commits intoLiquid4All:mainfrom
Open
fix: add path validation to allowed_paths#70vlordier wants to merge 9 commits intoLiquid4All:mainfrom
vlordier wants to merge 9 commits intoLiquid4All:mainfrom
Conversation
- Tool Result Compression: smart summarization for large tool outputs (directory listings, search results, JSON data) - Request Deduplication: 500ms debounce on send button to prevent duplicate requests from rapid clicks - Config Hot Reload: poll config file for changes, reload without restart, show toast notification - Error Boundary: timeout wrapper (120s) around tool execution, graceful error messages instead of crashing agent loop
- Add 13 tests for settings.rs (AppSettings, SamplingConfig, config hot reload) - Add 12 tests for chat.rs compression functions (truncate, compress directory, search, JSON) - Total tests: 392 (up from 365) - Coverage: 42.5% (up from 39.5%)
- Add ModelStatus tests (serialization, healthy/unhealthy states) - Add SamplingOverrides serialization tests - Add InferenceClient tests for: - LM Studio URL construction and model selection - Tool call format (NativeJson vs Pythonic) - Fallback chain exhaustion (AllModelsUnavailable) - is_retriable for various HTTP status codes - Error repair from malformed tool calls - Total tests: 417 (up from 392)
- Add tests for data_dir(), cache_dir(), resolve_db_path() - Add rotate_log_file() tests (creates rotated copies, handles missing files) - Add filter_by_enabled_servers() tests (filters correctly, handles missing/invalid config) - Add resolve_vision_model() tests (returns None without config) - Add filter_tools_by_allowlist() test (doesn't panic without config) - Add load_override_file() tests (parses config, returns empty for missing) - Total tests: 430 (up from 417) - Coverage: 43.3% (up from 42.5%)
- Add helpful debug message when LM Studio port connection fails - Distinguish between connection errors and timeouts in health_check
- Document default LM Studio port (1234) in environment configuration
- Add GitHub Actions workflow for shellcheck - Add shellcheck validation to pre-commit hook for staged .sh files This improves on PR Liquid4All#55 by adding automated shellcheck validation.
- Add 3 attempts with exponential backoff to health_check() - Improves reliability of PR Liquid4All#58 health monitoring by handling transient failures This helps avoid false negatives when model server is temporarily slow.
- Validate path exists (or parent exists) when adding allowed path - Remove non-existent paths on settings load - Return Result from add_allowed_path for error handling This improves on PR Liquid4All#57 by preventing invalid paths in settings.
There was a problem hiding this comment.
Pull request overview
This PR improves app settings persistence (building on PR #57) by adding path validation to allowed_paths — validating on add, cleaning non-existent paths on load, and returning a Result from add_allowed_path. However, the actual implementation files for these described changes (e.g., src-tauri/src/commands/settings.rs or equivalent) do not appear in the diff. The diff is dominated by large initial file additions for the broader application infrastructure.
Changes:
- Initial setup of the Tauri app scaffolding (frontend stores, UI components, configuration)
- Initial setup of the Rust backend (MCP client, inference, agent core, Tauri commands)
- Initial project configuration files (Cargo.toml, tauri.conf.json, capabilities, entitlements)
Reviewed changes
Copilot reviewed 51 out of 58 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
src/stores/settingsStore.ts |
New Zustand store managing settings panel state and IPC calls |
src/components/Chat/MessageInput.tsx |
New message input component with debouncing and auto-resize |
src/App.tsx |
Root app component wiring settings, onboarding, and config watch |
src-tauri/tauri.conf.json |
Tauri app configuration (window, CSP, bundle) |
src-tauri/src/mcp_client/types.rs |
MCP/JSON-RPC type definitions with tests |
src-tauri/src/mcp_client/transport.rs |
JSON-RPC stdio transport implementation with tests |
src-tauri/src/mcp_client/lifecycle.rs |
MCP server process lifecycle management |
src-tauri/src/mcp_client/errors.rs |
MCP error types |
src-tauri/src/mcp_client/discovery.rs |
MCP server auto-discovery with tests |
src-tauri/src/mcp_client/client.rs |
High-level MCP client with tests |
src-tauri/src/mcp_client/mod.rs |
MCP client module re-exports |
src-tauri/src/commands/settings.rs |
(referenced but not present in diff) |
src-tauri/src/commands/session.rs |
Tauri IPC commands for session management |
src-tauri/src/commands/python_env.rs |
Python venv provisioning commands with tests |
src-tauri/src/commands/python_env_startup.rs |
Startup-time Python venv provisioning |
src-tauri/src/commands/ollama.rs |
Ollama integration IPC commands |
src-tauri/src/commands/model_download.rs |
Model download and verification commands |
src-tauri/src/commands/filesystem.rs |
Filesystem browsing commands |
src-tauri/src/commands/hardware.rs |
Hardware detection commands |
src-tauri/src/commands/mod.rs |
Commands module declaration |
src-tauri/src/inference/ |
Inference client, types, streaming, config, errors |
src-tauri/src/agent_core/ |
Agent orchestration, permissions, tokens, tool routing |
src-tauri/src/main.rs |
Tauri entry point |
src-tauri/Cargo.toml |
Rust dependencies |
src-tauri/mcp-servers.json |
Empty MCP servers config |
src-tauri/entitlements.plist |
macOS entitlements |
src-tauri/capabilities/default.json |
Tauri capability permissions |
src-tauri/build.rs |
Tauri build script |
examples/localcowork/.github/workflows/shellcheck.yml |
Shellcheck CI workflow |
examples/localcowork/.git-hooks/pre-commit |
Pre-commit hook additions |
examples/localcowork/.env.example |
LM Studio endpoint comment |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+142
to
+143
| if (interval) { | ||
| clearInterval(interval); |
There was a problem hiding this comment.
On line 142, interval is used but it was never declared — the destructured variable is named configWatchInterval. This will cause a ReferenceError at runtime. The condition should reference configWatchInterval instead of interval.
Suggested change
| if (interval) { | |
| clearInterval(interval); | |
| if (configWatchInterval) { | |
| clearInterval(configWatchInterval); |
| // fs was overridden | ||
| assert_eq!(merged["fs"].command, "node"); | ||
| // ocr was NOT overridden — preserved from discovery | ||
| assert_eq!(merged["ocr"].command, "npx"); |
There was a problem hiding this comment.
The test asserts that the non-overridden "ocr" server has command "npx", but it was inserted using ts_config("ocr") which sets command to the result of default_npx_command() — which returns "npx.cmd" on Windows. This assertion will fail when the test suite runs on Windows.
Suggested change
| assert_eq!(merged["ocr"].command, "npx"); | |
| assert_eq!(merged["ocr"].command, super::default_npx_command()); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Improves on PR #57 (app settings persistence) with path validation:
This prevents invalid paths from accumulating in settings.json.
Testing