Artifact v1: backend persistence + default artifacts working dir#55
Artifact v1: backend persistence + default artifacts working dir#55tulsi-builder wants to merge 1 commit intomainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6cde9a07ff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| fn default_artifacts_working_dir() -> PathBuf { | ||
| if let Some(home_dir) = dirs::home_dir() { | ||
| return home_dir.join(".goose").join("artifacts"); | ||
| } | ||
| PathBuf::from("/tmp").join(".goose").join("artifacts") |
There was a problem hiding this comment.
When working_dir is omitted, every ACP run is placed in the same ~/.goose/artifacts folder, so concurrent or later sessions without a project can overwrite each other’s relative output files and pollute persisted artifacts. Since session_id is already available in acp_send_message, the default should include a session-specific subdirectory (for example ~/.goose/artifacts/<session_id>) before invoking the driver.
Useful? React with 👍 / 👎.
| { | ||
| "identifier": "opener:allow-open-path", | ||
| "allow": [ | ||
| { "path": "$HOME/**" }, |
There was a problem hiding this comment.
This capability change grants opener:allow-open-path to all of $HOME/**, which is a much broader privilege than the artifact feature requires and lets the renderer request opening arbitrary home-directory files. To avoid unnecessary privilege expansion, limit the allow-list to the specific Goose-managed artifact directories instead of the entire home tree.
Useful? React with 👍 / 👎.
1 participant
Overview
Category:
fixUser Impact: Users can reliably open files the agent creates, even when a chat has no project folder selected.
Problem: Artifact-related tool output was not always persisted in a way the UI could recover, and chats without a project working directory had inconsistent default write behavior. This produced path mismatches and opener permission failures in the artifact flow.
Solution: This PR persists structured ACP assistant content (including tool request/response blocks), defaults no-project writes to
~/.goose/artifacts, and grants explicitopen_pathcapability for allowed home/artifacts roots so local file opening works consistently.Changes
File changes
src-tauri/src/services/acp/writer.rs
Persists accumulated structured assistant content (text + tool request/response) instead of only final text so artifact path resolution survives reloads. Also aligns assistant message timestamps to millisecond precision for stable ordering.
src-tauri/src/commands/acp.rs
Adds a deterministic default artifacts working directory helper and ensures the directory exists before prompt dispatch. This removes ambiguous write destinations for chats without a selected project.
src-tauri/src/services/acp/mod.rs
Switches user message timestamp creation to millisecond precision for consistent cross-message ordering.
src-tauri/capabilities/default.json
Adds explicit
opener:allow-open-pathpermissions for home and.goose/artifactspaths required by Artifact V1 open actions.src-tauri/gen/schemas/capabilities.json
Regenerates capability schema output to reflect the new opener policy.
Reproduction Steps
~/.goose/artifacts.Open fileaction for that output and confirm it opens withoutopener.open_path not allowederrors.