Daily branch 2025 11 17

[rossmanko]

Summary by CodeRabbit

• New Features

  • Batch URL fetching with caching for file downloads in the All Files dialog; per-file loading state and ZIP export improvements.
  • Improved "View all files" behavior to include additional file sources and richer file metadata.

• Refactor

  • Standardized the Share icon across chat UI components.
  • Updated system/assistant prompt framing to assume authorized professional context.

• Chores

  • Updated many dependencies.
  • Increased terminal command timeout and bumped sandbox version.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
hackerai	Ready	Preview	Comment	Nov 18, 2025 5:00pm

[coderabbitai]

Walkthrough

Replaces inline SVG share icons with lucide-react's Share; adds batch file-URL prefetching/caching and richer file-detail propagation; increases terminal command timeout and sandbox version; rewrites the e2b install template; tweaks system-prompt wording and removes one web-tool comment; upgrades many dependencies.

Changes

Cohort / File(s)	Summary
Icon component replacements app/components/ChatHeader.tsx, app/components/ChatItem.tsx	Replaced inline SVG share icons with the Share component imported from lucide-react in header, desktop-share, and share-menu locations; preserved styling/semantics.
All-files dialog & message file propagation app/components/AllFilesDialog.tsx, app/components/Messages.tsx	Added batch prefetching/caching of presigned/storage URLs on dialog open, per-file loading state and error handling, added fileUrl prop to FileItem, and changed handleShowAllFiles to accept explicit FileDetails[] and map richer fields (url, storageId, s3Key, fileId, mediaType, partIndex, filename).
Terminal file handling & background checks lib/ai/tools/get-terminal-files.ts	Switched to index-driven processing with alternate candidate paths per file, background-process checks per candidate, retrying alternate paths on upload failure, detailed blocked-file reasons, and normalized error propagation.
Command timeout & sandbox version lib/ai/tools/run-terminal-cmd.ts, lib/ai/tools/utils/sandbox.ts	Increased MAX_COMMAND_EXECUTION_TIME from 6 → 10 minutes and bumped SANDBOX_VERSION from "v4" → "v5".
E2B container/tooling template e2b/template.ts	Replaced apt package list and verification steps: swapped many build/utility packages for Python tooling and a large set of security/recon tools; adjusted install/cleanup and explicit presence checks.
System prompt wording lib/system-prompt.ts	Reframed base prompt to assume professionals have permission and act in good faith; softened the "full authorization" phrasing and generalized the reconnaissance-tools example.
Web tool comment cleanup lib/ai/tools/web.ts	Removed a descriptive comment about truncation in the open_url flow; no functional change.
Dependency upgrades package.json	Bumped numerous dependencies (examples: @ai-sdk/*, @aws-sdk/*, langchain, next, openai, posthog, stripe, convex, lucide-react, etc.) across minor/patch versions; no repo-level public exports changed.
Minor whitespace/nonfunctional edit lib/moderation.ts	Whitespace adjustment around truncateByTokens only.

Sequence Diagram(s)

sequenceDiagram
  participant User as User (UI)
  participant Messages as Messages component
  participant Dialog as AllFilesDialog
  participant Cache as FileUrlCacheContext
  participant Convex as Convex action (server)
  participant Storage as S3 / External storage

  rect rgb(235,245,255)
    Note over Messages,Dialog: User opens "View all files"
  end

  User->>Messages: Click "View all files"
  Messages->>Dialog: open(message, fileDetails)
  Dialog->>Cache: check cached fileUrls for items
  alt missing URLs
    Dialog->>Convex: batch-request presigned URLs (fileId/storageId)
    Convex-->>Dialog: returns URLs or per-file errors
    Dialog->>Cache: store returned URLs
  end
  Dialog->>User: render file list (isLoadingUrls / per-file availability)
  User->>Dialog: click download (single or batch)
  alt URL available
    Dialog->>Storage: fetch using presigned URL -> stream/zip
  else URL missing
    Dialog->>Convex: request URL -> then Storage
  end
  Dialog-->>User: deliver ZIP or per-file errors

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Extra attention:
  • e2b/template.ts: verify package names, install order, and verification commands.
  • app/components/AllFilesDialog.tsx & app/components/Messages.tsx: validate caching logic, edge/error states, and fileUrl propagation.
  • lib/ai/tools/get-terminal-files.ts: review background-process checks, path assumptions, and error normalization.
  • package.json bumps: scan for breaking changes in upgraded packages.

Possibly related PRs

• Daily branch 2025 10 06 #48 — Overlapping edits to app/components/AllFilesDialog.tsx and integration with Messages.tsx (file-listing and URL handling).
• Daily branch 2025 10 14 #54 — Related changes to terminal tooling flows (lib/ai/tools/get-terminal-files.ts and lib/ai/tools/run-terminal-cmd.ts).
• refactor: update sandbox template #91 — Overlapping edits to sandbox/versioning and e2b/template.ts adjustments.

Poem

🐰 I swapped the tiny SVG for lucide's bright share,
Batched links, stretched timeouts, tuned a sandbox in the air.
The template grew sharp tools, error messages explain,
I hop with tiny paws — the repo's neat again! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'Daily branch 2025 11 17' is a generic date-based label that does not convey any meaningful information about the actual changes in the pull request.	Use a descriptive title that summarizes the main changes, such as 'Replace inline SVG icons with lucide-react components and update dependencies' or 'Add system prompt changes and sandbox environment updates'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch daily-branch-2025-11-17

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 14abf28 and d8e23ca.

📒 Files selected for processing (1)

• lib/system-prompt.ts (1 hunks)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

lib/ai/tools/get-terminal-files.ts (1)

32-100: Per-file multi-path handling and background checks look good; consider minor DX/observability tweaks

The overall control flow per file (try absolute/relative variants, skip when background processes are active, accumulate lastError, and classify into providedFiles vs blockedFiles) looks correct and is easy to reason about. Nice improvement in user-facing reasons for blocked files.

A few small suggestions:

• The tool description still says “Use full file paths” (Lines 10–17, 21–23), but you now support relative paths by trying both /home/user/... and the raw path. It may be worth updating the description to mention that relative paths are also accepted so the behavior is explicit.
• In the catch (bgCheckError) block (Lines 70–72), you silently swallow any failure from backgroundProcessTracker.hasActiveProcessesForFiles. Adding at least debug-level logging there would help diagnose misconfigurations or tracker failures without impacting user-facing behavior.
• When pushing blocked files due to upload failures (Lines 93–98), you only include the last error; if you start adding more candidate paths or heuristics later, you might consider aggregating the distinct error messages per file (even just joined with ; ) to make debugging easier, while still keeping path: originalPath as you do now.

app/components/AllFilesDialog.tsx (3)

33-47: FileItem fileUrl handling and UI gating look solid

Passing a resolved fileUrl and hiding the Download button when it’s missing keeps the row clickable for selection while preventing broken downloads. The early return in handleDownload also guards against accidental calls without a URL.

If you expect very large files, consider a small per-item “downloading…” state to avoid double-clicks, but this is optional polish.

Also applies to: 110-121

---

252-297: Tighten batch download error handling for failed fetches

The batch ZIP logic correctly prefers pre-fetched URLs (fileUrls / file.part.url) and falls back to fetching as needed, with per-file try/catch. However, failed HTTP responses (e.g. 403/404) will still be zipped as whatever response.blob() returns, without logging.

Consider checking response.ok before adding the blob to JSZip:

-          if (url) {
-            const response = await fetch(url);
-            const blob = await response.blob();
+          if (url) {
+            const response = await fetch(url);
+            if (!response.ok) {
+              console.error(
+                `Failed to fetch ${file.part.name} for ZIP:`,
+                response.status,
+              );
+              return;
+            }
+            const blob = await response.blob();

This keeps corrupted or unauthorized responses out of the archive and improves debuggability.

---

401-405: Global isLoadingUrls gate is clear and user-friendly

Showing a single “Loading files…” state while URLs are being prefetched is a simple, predictable UX, and the per-row fileUrl resolution (fileUrls.get(index) || file.part.url || null) lines up with the FileItem behavior.

If you later want more granularity, you could render the list while loading and only hide the Download buttons for rows without a resolved URL, but the current approach is perfectly acceptable.

Also applies to: 409-419

app/components/Messages.tsx (1)

449-454: “View all files” click handler wiring looks good (minor refactor opportunity)

Passing message plus effectiveFileDetails || [] into handleShowAllFiles aligns with the filtering used to build savedFiles, and the early-return in the handler ensures no dialog for empty inputs.

If you want to reduce duplicated filtering, you could pass savedFiles directly and let handleShowAllFiles skip the .filter(...), but this is purely optional.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9705d3f and e16f536.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• app/components/AllFilesDialog.tsx (7 hunks)
• app/components/ChatHeader.tsx (2 hunks)
• app/components/Messages.tsx (2 hunks)
• lib/ai/tools/get-terminal-files.ts (2 hunks)
• lib/moderation.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• lib/moderation.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• app/components/ChatHeader.tsx

🧰 Additional context used

🧬 Code graph analysis (3)

app/components/Messages.tsx (2)

types/chat.ts (1)

• ChatMessage (84-87)

types/file.ts (1)

• FileDetails (84-91)

lib/ai/tools/get-terminal-files.ts (1)

lib/ai/tools/utils/sandbox-file-uploader.ts (1)

• uploadSandboxFileToConvex (42-153)

app/components/AllFilesDialog.tsx (3)

__mocks__/convex-react.ts (2)

• useConvex (28-28)
• useAction (9-9)

convex/s3Actions.ts (1)

• getFileUrlAction (79-148)

app/contexts/FileUrlCacheContext.tsx (1)

• useFileUrlCacheContext (28-30)

🔇 Additional comments (2)

lib/ai/tools/get-terminal-files.ts (1)

120-122: Error normalization is good; verify exposure of raw messages is acceptable

Normalizing error to a string and returning result: "Error providing files: ..." is helpful, but this will surface the raw error message from lower layers (sandbox, Convex, S3, etc.) to the tool consumer.

Please double-check that:

• This result string isn’t shown directly to end users without sanitization, and
• Downstream error messages from uploadSandboxFileToConvex or sandbox APIs can’t contain sensitive details (e.g., internal URLs, stack traces, or secrets).

If either of these isn’t guaranteed, consider mapping low-level errors to a more generic user-facing message while still logging the detailed error server-side.

app/components/Messages.tsx (1)

186-210: FileDetails → dialog file mapping is consistent and safe

handleShowAllFiles correctly guards against empty fileDetails, filters by url / storageId / s3Key, and maps into the { part, partIndex, messageId } shape that AllFilesDialog expects. Using file.url ?? undefined keeps the part shape clean while still supporting URL-prefetched entries.

The empty dependency array is fine here since you only rely on stable state setters.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e16f536 and 0f2ee30.

📒 Files selected for processing (1)

• app/components/AllFilesDialog.tsx (7 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

app/components/AllFilesDialog.tsx (3)

__mocks__/convex-react.ts (2)

• useConvex (28-28)
• useAction (9-9)

convex/s3Actions.ts (1)

• getFileUrlAction (79-148)

app/contexts/FileUrlCacheContext.tsx (1)

• useFileUrlCacheContext (28-30)

🔇 Additional comments (4)

app/components/AllFilesDialog.tsx (4)

36-124: LGTM! Clean file-URL integration in FileItem.

The fileUrl prop is properly guarded (line 46) and the download button visibility is correctly tied to URL availability (line 110). Error handling is in place for fetch failures.

---

149-218: Well done! Cancellation flag correctly implements the suggested fix.

The cancellation pattern properly addresses the race condition flagged in the previous review. The cleanup function (lines 215-217) sets the flag, and the state updates (lines 207-210) are guarded, preventing stale updates after the dialog closes.

---

261-340: LGTM! Robust batch download with good fallback logic.

The implementation correctly uses pre-fetched URLs (line 275) and falls back to fetching missing ones (lines 278-290). Per-file error handling (lines 301-303) ensures that individual failures don't break the entire batch. The ZIP filename sanitization (lines 319-322) is a nice touch.

---

410-428: LGTM! Loading state and URL propagation work correctly.

The loading indicator (lines 410-413) provides good UX while URLs are being fetched. The fileUrl derivation (line 418) correctly falls back to file.part.url when not in the fetched map, and proper propagation to FileItem (line 427) enables the download functionality.