[pull] main from commontoolsinc:main #135
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add ct-markdown component for rendering markdown content New component that renders markdown with: - GFM support via marked library - Copy buttons on code blocks - LLM-friendly cell link support (/of: links) - Theme-aware styling - Comprehensive CSS for headings, lists, tables, blockquotes, etc. Extracted from ct-chat-message's markdown rendering into a standalone reusable component. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Refactor ct-chat-message to use ct-markdown component - Add Cell<string> support to ct-markdown content prop - Add variant prop ("default" | "inverse") for user message styling - Add streaming prop for blinking cursor effect - Add inverse variant CSS for code blocks, blockquotes, tables, etc. - Refactor ct-chat-message to delegate markdown rendering to ct-markdown - Remove ~200 lines of duplicate markdown rendering code from ct-chat-message - Update tests for both components ct-markdown is now the single source of truth for markdown rendering, eliminating code duplication and ensuring consistent behavior. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Fix framework-quality issues in ct-markdown component - Fix property binding in ct-chat-message (use .content= not content=) - Move Cell subscription to willUpdate for correct timing - Fix entity decoding: use browser API when available, regex fallback - Fix marked global state: use marked.parse(content, options) - Add CSS custom properties for inverse variant theming - Add comprehensive JSDoc with CSS custom property docs - Add tests for Cell subscription cleanup and entity decoding 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Add ct-markdown to JSX intrinsic elements - Add CTMarkdownElement interface - Add CTMarkdownAttributes with content, $content, variant, streaming - Register ct-markdown in IntrinsicElements 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * fix(ct-markdown): escape label attribute to prevent injection Escape anchor text before interpolating into the label attribute to prevent quotes or special characters from breaking markup or allowing attribute injection. Fixes P2 security issue flagged in PR #2177 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * feat(ct-markdown): add compact prop for reduced paragraph spacing Add compact property to ct-markdown that reduces paragraph spacing when enabled. Update ct-chat-message to pass compact prop through to ct-markdown to maintain existing compact mode behavior. Fixes P2 issue flagged in PR #2177 where switching to ct-markdown dropped compact paragraph spacing. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * fix(ct-markdown): sanitize HTML with DOMPurify to prevent XSS Add isomorphic-dompurify dependency and sanitize all rendered HTML before passing to unsafeHTML to prevent XSS attacks from untrusted markdown content. Configure DOMPurify to allow custom ct-* elements and their attributes. Fixes P0 critical security issue flagged in PR #2177 where untrusted markdown could inject arbitrary script/HTML. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * fix: update deno.lock for isomorphic-dompurify dependency Update lockfile to include isomorphic-dompurify and its transitive dependencies. This fixes the CI test failure caused by an out-of-date lockfile. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * fix: use correct OpenTelemetry versions from main lockfile The PR was using OpenTelemetry 1.19.0 which doesn't support span Processors in the TracerConfig. Main uses 1.30.1 which does. This updates the lockfile to match main's OpenTelemetry versions while keeping the isomorphic-dompurify dependency. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Remove DOMPurify sanitization temporarily to fix lockfile issues Per discussion with Ben, removing isomorphic-dompurify dependency and sanitization to unblock CI. Added prominent TODO comment documenting the XSS vulnerability and options for proper fix. This component should only be used with trusted markdown content until proper sanitization is implemented. 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Update OpenTelemetry dependencies to fix type errors - Remove isomorphic-dompurify from packages/ui/deno.json - Upgrade OpenTelemetry packages from ^1.19.0 to ^1.30.0 - Fixes type error: spanProcessors property requires OpenTelemetry 1.30+ - Regenerate lockfile without isomorphic-dompurify dependency The otel.ts code uses the spanProcessors property in TracerConfig which was added in OpenTelemetry SDK 1.30.0. The previous ^1.19.0 constraint was too permissive and resolved to 1.19.0 which doesn't have this property. 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Format ct-markdown.ts with deno fmt 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Fix lint: Tag TODO comment with issue number 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> * Update TODO with proper Linear issue number CT-1088 🤖 Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Happy <yesreply@happy.engineering>
* Implement `ct-cell-context` component and basic debug feature * Watch cells * Working-end-to-end * Format pass * Wrap interesting use-sites in `ct-cell-context` for testing * Add `label` to `jsx.d.ts` * Fix lint * Auto-insert into ct-render? * Automatically wrap anything with [UI] in cell-context * Format pass * Remove beads files * Write to `$cell` * Action cubic review * Add missing jsx.d.ts definition
* Fix home space schema application for favorites * Fix type error * Fix lint
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )