Replace console-only catch blocks with structured logging, user-facing toasts, and safer fallback behavior in key UI and hook flows. Add shared error-utils helper and align i18n keys/messages for new failure paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Drop Prettier and yamllint from scripts, CI, task runners, docs, and Nix env definitions Consolidates quality flow on vp check/lint/fmt plus rustfmt and deletes obsolete Prettier config files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Run YAML check via vp exec prettier to avoid missing pnpm on runners and replace Chocolatey just install with taiki-e install action for windows reliability. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Run YAML check via vp exec prettier to avoid missing pnpm on runners and replace Chocolatey just install with taiki-e install action for windows reliability. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Switch staged YAML validation to Prettier, keep tooling config updates, and commit lockfile/workspace changes so frozen installs in CI stay in sync. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use shared i18n Translate type across App.tsx-dependent hooks/components and add missing server.toast.saveFailed key in locale/type definitions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace CI Python/yamllint steps with pnpm-based Prettier YAML checks and keep existing yamllint command surface. Update README, development guide, and contributing docs to remove pip/yamllint setup and describe Prettier-based YAML checks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
ref: Makefile command alias chore: Update settings in tsconfig.app.json that were deprecated in Vite 6 and later
Require non-empty signatures and mandatory Windows setup.exe updater artifacts in release workflow Align runbook verification and createUpdaterArtifacts guidance with Tauri v2 behavior Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Require non-empty signatures and mandatory Windows setup.exe updater artifacts in release workflow Align runbook verification and createUpdaterArtifacts guidance with Tauri v2 behavior Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace Unix-specific make/just tasks with Node-based scripts for clean, release, extension install, and optional cargo checks. Document Windows hosts behavior and Nix WSL2-only policy; add rimraf dependency. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Agent-Logs-Url: https://github.com/tukuyomil032/MC-Vector/sessions/108b7ffb-0533-43c8-ada4-aee36157876c Co-authored-by: tukuyomil032 <118542180+tukuyomil032@users.noreply.github.com>
Publish release assets before gh-pages manifest and add manifest/url validation gates Add updater recovery runbook and legacy-key reinstall guidance Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fix/backup plugin file bugs
Regenerate pnpm-lock.yaml so the workspace overrides match the frozen install path used by setup-vp in CI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?v=4){kind=small}
Fixed 2 file(s) based on 3 unresolved review comments. Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Replace invalid fs:scope-app-specific in default capability with valid fs:scope so Tauri build script resolves permissions in CI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Treat name-classifier-version suffixes as valid metadata fallback matches Add classifier-stripped lookup candidate to improve WorldEdit metadata hydration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Align getModrinthVersionById import/export usage to unblock build-check Hydrate installed plugin metadata independently from browse cache to restore logos/descriptions Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Restore installed metadata mapping and improve dependency-check dialog readability Add missing uninstall confirmation locale keys in en/ja Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fixed 4 file(s) based on 8 unresolved review comments. Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Record the post-fix version increment generated during commit hooks so the branch stays clean. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Complete backup selector and plugin browser bugfixes, including installed-state UI cleanup and action reliability improvements. Adds Tauri fs remove/rename permissions, hardens plugin file operation paths, and finalizes related i18n/style updates. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Switch release workflow to setup-vp and use vp install/build commands, matching the CI pipeline that already passes with the same lockfile. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update release workflow setup-node from v20 to v22 so pnpm v10 can run on GitHub Actions without ERR_UNKNOWN_BUILTIN_MODULE. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
fix: force dark-only theme and remove theme selector
Pin macOS window theme and transparent title bar background to dark and set root base tokens to dark defaults so titlebar-exposed surfaces no longer render white. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove theme selection UI and Light/System handling so the app always renders with the dark palette. Also enforce dark native window appearance on macOS in Tauri setup to eliminate the white titlebar strip. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sync architecture, development-guide, and tutorial with the current 2.0.52 implementation, including security/performance command flow updates. Keep docs/development-environment-research.md and docs/engineering-requirements.md deleted as requested policy (keep-deleted). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Security hardening re-merge with regular merge commit
Revert squash merge of PR 80
This reverts commit 99cb496893b202413068fec93b9d5f4040afd656.
* feat: add security gateway RBAC and rate limiting Implement authorize_action and rate_limit_check in security_gateway with explicit deny/error behavior and tests. Expose typed security command wrappers for role-based authorization and user rate-limit checks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: extend security gateway with safe command/path and audit Add validate_safe_command, resolve_safe_path, and audit_log actions with strict payload validation and explicit errors. Expand security wrappers and Rust tests for command safety, traversal checks, and audit payloads. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: add security command gateway dispatch flow Implement handle_command path that enforces rate-limit and RBAC before dispatching security actions. Extend wrappers and tests for command validation, safe path resolution, audit logging, and gateway dispatch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: harden ngrok tunnel URL extraction Validate ngrok stdout URL parsing and accept only bounded tcp scheme values before emitting connected status. Add ngrok URL extraction tests to prevent malformed or unexpected scheme handling. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: harden server command input boundaries Validate server_id across server commands and reject control-character command payloads to prevent injection-like multi-line inputs. Apply normalized server identifiers consistently for lookup and limiter bookkeeping. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: add audit logging for server control actions Emit security.audit logs for start_server, stop_server, and send_command paths. Improve operational traceability for privileged server process actions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: tighten tauri csp directives Add restrictive CSP directives for object, base URI, frame ancestry, and form action handling. Reduce attack surface for embedded web content while preserving existing app connectivity requirements. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: clean command limiter state on server exit Wire CommandLimiter state into start_server lifecycle and remove stale per-server limiter entries when child process exits. Improve process lifecycle hygiene and reduce residual state after stop/crash transitions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add security ipc contract coverage Expand security gateway tests to verify response key shapes and missing-field error contracts. Reduce Rust-TS payload drift risk across gateway actions and command dispatch path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * format code * fix: address PR #81 review findings Harden security gateway argument/path validation and rate-limit state management Make resolve_safe_path tests cross-platform and strengthen TS response guards Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: resolve CodeRabbit security findings Run authorization before rate-limit check in security gateway command handling Add ngrok URL parsing regression tests for quoted URL and max-length guard Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merge origin/main into security branch and resolve server.rs conflicts by preserving performance queue path plus security validation/audit guards Includes server ID validation, audit logging, limiter cleanup on exit, and command queue/log buffer behavior Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Performance offload: Rust parser queue buffer and scheduling
Run authorization before rate-limit check in security gateway command handling Add ngrok URL parsing regression tests for quoted URL and max-length guard Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Address ANSI reset parsing, dropped-line streaming, dashboard stat reset, and restart scheduling races Move command timestamp update after successful send and switch managed read to async tokio fs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Harden security gateway argument/path validation and rate-limit state management Make resolve_safe_path tests cross-platform and strengthen TS response guards Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Harden automation tick scheduling, backup retry timing, and console overlap parsing Restore send_command limiter checks and keep queue-based delivery consistent Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Expand security gateway tests to verify response key shapes and missing-field error contracts. Reduce Rust-TS payload drift risk across gateway actions and command dispatch path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add ignored benchmark-style test for ANSI parser throughput over large representative batches. Keep benchmark maintainable with correctness invariants and no brittle hard thresholds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Centralize automation scheduling and reduce dashboard rerender/recompute pressure with memoized derivations and dedupe windows. Improve runtime stability under frequent stats/log updates while preserving UX behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add read_managed_text_file and normalize managed path handling in Rust, then route TS file reads through the managed command path. Improve I/O consistency and reduce repeated JS-side path normalization work. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Introduce per-server command queue and bounded stdout buffering with paced emission to stabilize high-throughput scenarios. Reduce burst write failures and guard against log flood pressure in server runtime. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use append-only incremental parsing flow in ConsoleView and keep strict fallback behavior for invalid/missing Rust output. Add parser coverage for color reset, bold/background SGR, and UTF-8 log lines. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Wire CommandLimiter state into start_server lifecycle and remove stale per-server limiter entries when child process exits. Improve process lifecycle hygiene and reduce residual state after stop/crash transitions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add restrictive CSP directives for object, base URI, frame ancestry, and form action handling. Reduce attack surface for embedded web content while preserving existing app connectivity requirements. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Emit security.audit logs for start_server, stop_server, and send_command paths. Improve operational traceability for privileged server process actions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Validate server_id across server commands and reject control-character command payloads to prevent injection-like multi-line inputs. Apply normalized server identifiers consistently for lookup and limiter bookkeeping. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Validate ngrok stdout URL parsing and accept only bounded tcp scheme values before emitting connected status. Add ngrok URL extraction tests to prevent malformed or unexpected scheme handling. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
chore(deps): bump the all-github-actions-dependencies group with 6 updates
Implement handle_command path that enforces rate-limit and RBAC before dispatching security actions. Extend wrappers and tests for command validation, safe path resolution, audit logging, and gateway dispatch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add validate_safe_command, resolve_safe_path, and audit_log actions with strict payload validation and explicit errors. Expand security wrappers and Rust tests for command safety, traversal checks, and audit payloads. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace parse_ansi_lines stub with SGR-aware parsing and align TS DTO handling. Use Rust-parsed segments in ConsoleView with strict runtime validation and TS fallback. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Implement authorize_action and rate_limit_check in security_gateway with explicit deny/error behavior and tests. Expose typed security command wrappers for role-based authorization and user rate-limit checks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Introduce security_gateway and parse_ansi_lines commands with typed TS wrappers and allowlist split. Wire ConsoleView to consume Rust ANSI parsing with TS fallback. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=small}
Bumps the all-github-actions-dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [extractions/setup-just](https://github.com/extractions/setup-just) | `2` | `4` | | [pnpm/action-setup](https://github.com/pnpm/action-setup) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `extractions/setup-just` from 2 to 4 - [Release notes](https://github.com/extractions/setup-just/releases) - [Commits](https://github.com/extractions/setup-just/compare/v2...v4) Updates `pnpm/action-setup` from 5 to 6 - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](https://github.com/pnpm/action-setup/compare/v5...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies - dependency-name: extractions/setup-just dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies - dependency-name: pnpm/action-setup dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps-dev): bump vite-plus from 0.1.15 to 0.1.18
Bumps [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli) from 0.1.15 to 0.1.18. - [Release notes](https://github.com/voidzero-dev/vite-plus/releases) - [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.1.18/packages/cli) --- updated-dependencies: - dependency-name: vite-plus dependency-version: 0.1.18 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
fix: follow-up UI regressions and interaction polish
Unify managed file writes through a Rust command, register the new invoke path, and improve FilesView save failure diagnostics while keeping user-facing toasts concise. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Delete stale UI research, review artifacts, and superpowers plan/spec files that are no longer needed on this branch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sync latest main and keep release/docs versions at 2.0.51. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update package.json, Cargo.toml, and tauri.conf.json to 2.0.51 and align README/docs project descriptions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fix Java runtime manage button clipping in server settings with responsive layout updates, and switch sidebar/files SVG rendering to theme-aware mask icons for better readability. Updates app layout and files/server settings styles while preserving existing behavior and states. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Improve backup selector, files view, Java manager, and plugin browser styling for clearer hierarchy in light mode. Refresh sidebar and action icons, add the PaperMC logo asset, and update locale keys for Java path related copy. Add supporting SCSS overrides and UI investigation/fix notes for the 2026-04-15 polish batch. Validation: pnpm build, pnpm lint, pnpm run --if-present test. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Improve accessibility semantics for backup view-mode toggle and proxy backend labels, and harden proxy port input validation/range handling. Center proxy setup inner container on wide layouts to match intended general-settings alignment. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Refine backup selector graph/theme/responsive behavior, unify plugin platform switch motion, restyle proxy setup, and improve shared select control consistency. Add follow-up research notes and apply accessibility fixes for backup and proxy controls. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Documented current implementation analysis, identified root causes, and mapped completed fixes for save/plugin/proxy/backup/select issues. Includes file-level change references for follow-up review rounds. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Restore file save reliability with managed-path compatibility handling, unify plugin browser visuals and animations, improve proxy layout, and add backup selector tree/graph mode. Includes interpolation compatibility for {}/{{}} placeholders and global select option typography alignment updates. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Harden Tauri security and refactor App.tsx components
Harden managed path resolution against symlink/traversal escapes and register guarded resolver command Add updater re-entry guard and strengthen runtime event handling for duplicate crash/offline and invalid IPC payloads Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Apply validated Copilot and CodeRabbit fixes for runtime guards, save consistency, backup dedupe, and stop/restart fallback handling Align ngrok execution-boundary hardening and capability filename references in the security audit report Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- use-server-runtime-listeners: build latestProps once and assign to both useRef init and propsRef.current to remove duplication - AppContextMenu: add role="menuitem" to all three buttons so ARIA role="menu" container has correct child roles Agent-Logs-Url: https://github.com/tukuyomil032/MC-Vector/sessions/764d64c3-1d42-4324-af05-19dd1ae51347 Co-authored-by: tukuyomil032 <118542180+tukuyomil032@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Store all props in a propsRef that is updated synchronously on every render. The subscription effect runs exactly once (empty dep array is intentional) but every event callback reads from propsRef.current, so it always has access to fresh selectedServerId, setServers, loadTemplates, appendServerLog, showToast, t, setDownloadStatus, setNgrokData, and handleServerStatusChange values. Agent-Logs-Url: https://github.com/tukuyomil032/MC-Vector/sessions/764d64c3-1d42-4324-af05-19dd1ae51347 Co-authored-by: tukuyomil032 <118542180+tukuyomil032@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>