feat(web-studio): add frontend console workspace#2128
Conversation
- 新增顶栏(全宽) + 左侧边栏 + 右侧内容区的三段式布局 - 将 Data 大页面拆分为独立路由: FileSystem、Find、Add Memory - 将 Access 页面迁移为独立的 Settings 页面 - 侧边栏按 Data/Ops/Access 分组显示导航项 - 提取共享工具函数到 data-utils.ts - 修复 .gitignore 中 data/ 规则误匹配子目录的问题
- Add i18next with browser language detection (zh-CN / en) - Add language switcher dropdown in header bar - Add dark/light theme toggle with animated Sun/Moon icons - Wire up next-themes ThemeProvider with class-based dark mode - Replace shadcn dark theme with default Zinc (neutral gray) - Connect sidebar labels to i18n translation keys - Fix dropdown menu forced dark styling
- Added translation support for the PlaceholderPage component, including layout notes and current status descriptions. - Updated use-app-connection hook to return connection identity summaries with translation keys. - Enhanced server mode descriptions with translation keys in the use-server-mode hook. - Introduced a new resources file for managing translations in English and Chinese. - Updated admin, operations, resources, and sessions routes to utilize translations for titles, descriptions, and highlights. - Refactored error handling in the ov-client to improve clarity and maintainability. - Improved utility functions for better type handling and code readability.
…upstream-pr/web-studio
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
PR Code Suggestions ✨No code suggestions found for the PR. |
qin-ctx
left a comment
qin-ctx
left a comment
There was a problem hiding this comment.
I found one blocking security issue around credential persistence, plus one non-blocking production-hardening suggestion.
| } | ||
|
|
||
| try { | ||
| window.localStorage.setItem( |
There was a problem hiding this comment.
[Bug] (blocking) This persists the full ConnectionDraft into localStorage, and ConnectionDraft includes apiKey. The README says the API key should only live in sessionStorage, but after saving the connection this writes it into ov_console_connection and keeps it across browser restarts. That materially increases credential exposure for any same-origin XSS, malicious dependency script, browser extension, or shared-machine access. Please keep localStorage limited to non-secret fields such as baseUrl, accountId, and userId, explicitly drop/clean any previously stored apiKey, and leave the API key in sessionStorage or behind an explicit user opt-in.
| <Outlet /> | ||
| </AppShell> | ||
| <Toaster /> | ||
| <TanStackDevtools |
There was a problem hiding this comment.
[Suggestion] (non-blocking) This renders TanStack Devtools unconditionally, so production Web Studio users can inspect router/search state such as session ids and resource URIs. Please gate this behind import.meta.env.DEV or a dedicated debug build flag, and consider keeping the devtools packages out of runtime dependencies.
There was a problem hiding this comment.
@Ferry-200 @qin-ctx feedback on @hey-api would be welcome!
7 participants
This PR is frontend-only and primarily touches
web-studio/.It consumes existing OpenViking APIs and the Console BFF already present in the target branch from #2016. It does not introduce new backend contracts, and it keeps raw OV Server contracts centralized under
web-studio/types/ov-server/for the first PR’s actual API surface.What changed
web-studio/src/lib/sessions/.ResourceUploadProviderto the Resources route instead of the global app shell./api/v1/console/*paths.Validation
npm --prefix web-studio run lintnpm --prefix web-studio run buildnpm --prefix web-studio run formatNotes
2026-05-19.17-52-33.mov