Conversation
…thasdev#535) * Improve large-file virtual scrolling performance * Improve security hardening and auth flow * Add auth, autocomplete, and extension validation tests
…ng + mimalloc + LTO (athasdev#532) * fix memory leak, reduce I/O, parallelize extensions, add code splitting + mimalloc + LTO - plug unbounded Map growth in app-store (lastBufferContent/historyDebounceTimers never cleared on buffer close) - debounce saveSessionToStore so closing 10 tabs = 1 disk write instead of 10 - extensions load in parallel via Promise.allSettled instead of sequential await loop - lazy-load 9 heavy components (terminal, sqlite viewer, diff viewer, PR viewer, image/pdf/web viewer, agent tab, external editor) + UpdateDialog - add mimalloc as global allocator (~2x faster small allocs vs default Windows heap) - add lto="thin" + codegen-units=1 for release builds (~5-8% runtime gain) * Fix CI formatting and ignore local Claude settings --------- Co-authored-by: Mehmet Özgül <mehmetozguldev@gmail.com> Co-authored-by: Mehmet Ozgul <91568457+mehmetozguldev@users.noreply.github.com>
…unavailable" This reverts commit 501823f.
OpenCode is installed via `go install` which places the binary at ~/go/bin. Without searching Go and Cargo paths, agents installed through these package managers would never be detected.
- Remove extensions/ directory (grammars, manifests, packages, registry) - Remove legacy manifests from src/extensions/languages/manifests/ - Remove obsolete workflows (extensions-index, deploy) and scripts - Update language-packager to fetch manifests from CDN instead of import.meta.glob - Update extension-store to initialize language packager before loading - Update diff highlighting hooks to use CDN URLs for parsers and queries - Update full-extensions download URLs from packages/ to direct paths
Remove verbose CSS variable listing from rules, simplify contributing guide
Remove .editorconfig, .tool-versions, CHANGELOG.md, CODE_OF_CONDUCT.md, ROADMAP.md
Replace old workflows with unified ci.yml, update release workflow with ARM targets and docs deploy
Restructure docs from docs/app/ Next.js layout to flat docs/*.mdx files
Extensions validation now lives in the extensions repo
…conflicts # Conflicts: # src-tauri/src/features/ai/acp/bridge.rs # src-tauri/src/features/ai/acp/client.rs # src-tauri/src/features/ai/acp/config.rs # src/features/ai/components/chat/ai-chat.tsx # src/features/ai/components/chat/chat-header.tsx # src/features/ai/components/chat/chat-messages.tsx # src/features/ai/components/messages/tool-call-display.tsx # src/features/ai/types/acp.ts # src/features/settings/store.ts # src/features/window/custom-title-bar.tsx # src/hooks/use-deep-link.ts # src/utils/acp-handler.ts # src/utils/ai-chat.ts
|
Important Review skippedToo many files! This PR contains 260 files, which is 110 over the limit of 150. ⛔ Files ignored due to path filters (40)
📒 Files selected for processing (260)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+16
to
+44
| if: github.repository == 'athasdev/athas' | ||
| name: Bun — typecheck, lint | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@v2 | ||
| with: | ||
| bun-version: latest | ||
|
|
||
| - name: Cache Bun dependencies | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ~/.bun/install/cache | ||
| key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-bun- | ||
|
|
||
| - name: Install dependencies | ||
| run: bun install | ||
|
|
||
| - name: Run typecheck | ||
| run: bun typecheck | ||
|
|
||
| - name: Run biome check | ||
| run: bun check | ||
|
|
||
| rust: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 14 days ago
In general, the fix is to explicitly declare a minimal permissions: block in the workflow file so that the GITHUB_TOKEN used by the jobs is limited to the least privileges required. For CI workflows that only check out code, restore caches, install dependencies, and run checks, contents: read is typically sufficient; no write or admin scopes are needed.
The best way to fix this workflow without changing functionality is to add a root-level permissions: block setting contents: read. This applies to all jobs (bun and rust), since neither job performs write operations back to GitHub. Concretely, in .github/workflows/ci.yml, add:
permissions:
contents: readbetween the concurrency: section (line 10–12) and the jobs: section (line 14). No additional imports or definitions are required because this is pure workflow configuration. We do not need per-job permissions blocks unless different jobs require different scopes, which they do not here.
Suggested changeset
1
.github/workflows/ci.yml
| @@ -11,6 +11,9 @@ | ||
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| bun: | ||
| if: github.repository == 'athasdev/athas' |
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines
+153
to
+160
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Trigger docs rebuild on www | ||
| uses: peter-evans/repository-dispatch@v3 | ||
| with: | ||
| token: ${{ secrets.WWW_DEPLOY_TOKEN }} | ||
| repository: athasdev/www | ||
| event-type: docs-updated |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 14 days ago
In general, the problem is fixed by explicitly declaring the least-privilege permissions needed for each job (or at the workflow root). For this workflow, publish-tauri already has permissions: contents: write, but deploy-docs has no permissions and therefore inherits potentially broad defaults. Since deploy-docs only triggers a repository-dispatch event on another repository using a custom token and does not appear to need any repository access via GITHUB_TOKEN, we can safely lock GITHUB_TOKEN down to contents: read (or even permissions: {}; however, contents: read matches common minimal guidance).
The best minimal, non-breaking fix is to add a permissions block under the deploy-docs job definition (around line 152–153) with read-only contents access. No imports or additional methods are required since this is just a YAML configuration change in .github/workflows/release.yml.
Concretely:
- Edit
.github/workflows/release.yml. - Under
jobs: deploy-docs:, add:permissions: contents: read
- Leave the rest of the job steps unchanged.
Suggested changeset
1
.github/workflows/release.yml
| @@ -150,6 +150,8 @@ | ||
| args: ${{ matrix.args }} | ||
|
|
||
| deploy-docs: | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Trigger docs rebuild on www |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolve PR Conflicts