feat(session): encrypted sessions, Settings, and OS keychain#2
feat(session): encrypted sessions, Settings, and OS keychain#2JessicaMulein wants to merge 1 commit into
Conversation
Wire optional AES-256-GCM session save/load through Vision API and Tauri (CECLI_SESSION_KEY via keyring), add Settings persistence toggles, and pin cecli submodule to feat/session-encryption. Includes Stop/interrupt API for in-flight turns; excludes agent-todo sync and /add queue UI. Co-authored-by: Cursor <cursoragent@cursor.com>
|
Warning Review limit reached
More reviews will be available in 59 minutes and 43 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (25)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Static Code Review 📊 🛑 36 quality checks failed!
|
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
Review Summary by QodoAdd encrypted session persistence, Settings UI, and OS keychain integration
WalkthroughsDescription• Add optional AES-256-GCM session encryption via Cecli with OS keychain integration
- session_encrypt, auto_save, auto_load flags in HTTP API and headless args
- CECLI_SESSION_KEY environment variable set by Tauri session_key.rs module
- New headless_persistence.py module to wire persistence options to Cecli
• Implement session persistence Settings UI with toggles for encryption, auto-save/load
- SessionPersistenceSection component with chat history, session name, encryption controls
- Config migration and localStorage persistence for all session flags
• Add POST /sessions/{id}/interrupt endpoint for UI Stop button during in-flight turns
• Comprehensive test coverage for session crypto, persistence, and HTTP API integration
- 43 session-related core tests including encryption roundtrip and keychain scenarios
- E2E tests for Settings persistence flags and API payload validation
• Pin Cecli submodule to feat/session-encryption branch with session crypto support
• Update workspace metadata directory references from .aider-vision to .cecli
Diagramflowchart LR
A["Settings UI<br/>SessionPersistenceSection"] -->|sessionEncrypt<br/>autoSave flags| B["VisionConfig"]
B -->|passed to API| C["CreateSessionRequest"]
C -->|apply_persistence_to_args| D["Cecli Headless Args"]
D -->|session_encrypt=true| E["Cecli SessionManager"]
E -->|encrypt_session_dict| F["AES-256-GCM Blob"]
F -->|saved to| G[".cecli/sessions/*.json"]
H["Tauri session_key.rs"] -->|ensure_session_encryption_key| I["OS Keychain"]
I -->|CECLI_SESSION_KEY env| J["Vision API Process"]
J -->|resolve_key| E
K["POST /interrupt"] -->|interrupt_turn| L["In-flight Turn"]
File Changes1. bright_vision_core/headless_persistence.py
|
Code Review by Qodo
1. Broken workspace_paths import
|
![typo-app[bot]](https://avatars.githubusercontent.com/in/360763?s=60&v=4){kind=small}
| except Exception: | ||
| pass |
There was a problem hiding this comment.
logic: Broad exception with 'pass' silently ignores all session loading errors. Emit a warning event to inform the user of failures.
| except Exception: | |
| pass | |
| except Exception as e: | |
| io.emit("warning", text=f"Could not auto-load session '{name}': {e}") |
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| from bright_vision_core.headless_persistence import apply_persistence_to_args | ||
| from bright_vision_core.todo_spec_generate import build_generate_message, parse_generated_layers | ||
| from bright_vision_core.slash_helpers import is_switch_coder_signal, run_slash_command_sync | ||
| from bright_vision_core.workspace_paths import attachments_dir, attachments_prefix |
There was a problem hiding this comment.
1. Broken workspace_paths import 🐞 Bug ≡ Correctness
bright_vision_core.session imports bright_vision_core.workspace_paths, but that module is not present in the package, so importing Session (and starting http_api) will crash with ModuleNotFoundError. stage_uploaded_file() also calls attachments_dir(), so uploads break even if the import were patched ad-hoc.
Agent Prompt
### Issue description
`bright_vision_core/session.py` imports `attachments_dir`/`attachments_prefix` from `bright_vision_core.workspace_paths`, but the module is missing from the repo, causing runtime import failure.
### Issue Context
This import is executed when the FastAPI app imports `Session`, so it prevents the Vision API from starting.
### Fix Focus Areas
- Add module: `bright_vision_core/workspace_paths.py` with `attachments_dir(workspace: Path) -> Path` and `attachments_prefix() -> str` (and any other helpers you intended).
- Or remove the import and inline the path logic in `bright_vision_core/session.py`.
### Fix Focus Areas (paths/lines)
- bright_vision_core/session.py[37-42]
- bright_vision_core/session.py[676-679]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| /// Cecli project tree; BrightVision uses ``todos.json``, ``specs/``, ``attachments/`` subtrees. | ||
| const WORKSPACE_META_DIR: &str = ".cecli"; | ||
|
|
||
| fn is_image_ext(path: &Path) -> bool { | ||
| path.extension() | ||
| .and_then(|e| e.to_str()) |
There was a problem hiding this comment.
2. Meta dir path divergence 🐞 Bug ≡ Correctness
Desktop (Tauri) now persists todos/specs under .cecli/, but the Python core WorkspaceTodos still reads/writes .aider-vision/, so the desktop Tasks UI and core session/todo APIs will operate on different on-disk stores. This will manifest as “missing tasks/specs” depending on whether the operation was performed by desktop UI (Rust) or core API (Python).
Agent Prompt
### Issue description
Rust/Tauri has switched workspace state paths to `.cecli/`, but Python core still uses `.aider-vision/` for todos/specs. This splits persisted state across two directories.
### Issue Context
Desktop UI uses Tauri commands to read/write todos; core session APIs use `WorkspaceTodos`.
### Fix Focus Areas
- Choose a single workspace metadata dir (likely `.cecli/`).
- Update Python `WorkspaceTodos` paths accordingly.
- If you need backward compatibility, implement migration (copy/merge `.aider-vision/` into `.cecli/` once).
### Fix Focus Areas (paths/lines)
- src-tauri/src/main.rs[735-748]
- bright_vision_core/workspace_todos.py[224-232]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| import type { VisionConfig } from '../../ipc/config' | ||
| import { isTauriRuntime } from '../../ipc/isTauri' | ||
| import { WORKSPACE_META_DIR } from '../../brand' | ||
|
|
There was a problem hiding this comment.
3. Missing workspace_meta_dir export 🐞 Bug ≡ Correctness
SessionPersistenceSection imports WORKSPACE_META_DIR from src/brand.ts, but src/brand.ts does not export that symbol, causing a TypeScript build failure. This blocks the Settings panel from compiling.
Agent Prompt
### Issue description
A new Settings component imports `WORKSPACE_META_DIR` from `../../brand`, but `src/brand.ts` does not export it.
### Issue Context
This is a compile-time failure in the frontend.
### Fix Focus Areas
- Add `export const WORKSPACE_META_DIR = '.cecli'` (or whichever dir you standardize on) to `src/brand.ts`.
- Optionally also add a matching constant in `bright_vision_core/brand.py` and keep them in sync.
### Fix Focus Areas (paths/lines)
- src/components/settings/SessionPersistenceSection.tsx[10-13]
- src/brand.ts[1-68]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
1 participant
Summary
feat/session-encryption): optional AES-256-GCM for.cecli/sessions/JSONCreateSessionRequestpersistence fields;headless_persistence.apply_persistence_to_args; session create wires encrypt/auto-save/auto-load/chat historysession_key.rs+ensure_session_encryption_key→CECLI_SESSION_KEYwhen Settings enable encryptionSessionPersistenceSection(encrypt, auto-save/load, session name, chat history file)POST /sessions/{id}/interrupt+ clientinterruptTurnon SSE abortNot in this PR (left on
mainworking tree): agent-todo sync, message-queue chip, suggested-files/addtray changes, About dialog, fonts/appearance.Depends on
Test plan
source activate.sh && python -m pytest tests/core/test_session_crypto.py tests/core/test_headless_persistence.py tests/core/test_http_session_persistence.py tests/core/test_http_interrupt.py tests/core/test_sessions.py -qyarn test:bright-core.cecli/sessions/*.jsonis encrypted blobyarn test:e2e e2e/settings-config.spec.ts(session persistence tests)Made with Cursor