Bump plxt CLI to 0.2.0 and finalize v0.4.0 release#11
Merged
Conversation
Replace the repo root README (which includes VS Code banner and full Taplo README) with a CLI-focused standalone README for the PyPI page. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Code blocks render as plain TOML on GitHub and have no syntax coloring on PyPI. Use a hosted screenshot instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backfill CHANGELOG.md with all changes since v0.2.1 (0.3.0–0.3.2 + unreleased), annotate CLI-specific entries with plxt versions, and broaden the title to cover both extension and CLI. Add Changelog URL to pyproject.toml [project.urls] for PyPI sidebar. Add .claude/skills/release/ project skill with detection script, version map reference, and workflow instructions for automated version bumping and changelog updates via /release. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The fix was already shipped in plxt 0.1.4 / ext v0.3.2 but was mislabeled under [Unreleased] with an incorrect future version annotation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Integrate pipelex-agent CLI to provide on-save validation diagnostics for MTHDS files with source-located errors, and add a "Show Method Graph" command that renders the ReactFlow graph in a side panel. Includes CLI resolution (venv, PATH, uv fallback), validation types, source locator, and unit tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use undefined instead of ViewColumn.Beside when revealing an existing panel so it stays in its current column. Add retainContextWhenHidden to preserve webview content when backgrounded. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a file opens in the graph panel's editor group (e.g. user clicks explorer while the graph has focus), close it there and re-open it in the main editor column to keep the graph group dedicated. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… path Address 6 PR review issues: extract shared processUtils (spawnCli, cancelInflight helpers), cancel all inflight graph jobs on file switch with staleness check, guard against infinite loop when panel is in column 1, add missing warning message in MethodGraphPanel, detect Windows .venv/Scripts path, and gate validator/graph behind child_process availability for browser hosts. Add cliResolver unit tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
registerNodeFeatures was called fire-and-forget, so the showMethodGraph
command could be missing at activation time and import failures were
unhandled. Make registerPipelexFeatures async, await the helper, and
surface errors as warnings.
Fix filename extraction using split('/') which broke on Windows
backslash paths — replace with a regex that handles both separators.
Add staleness guard after fs.promises.readFile so a file switch during
the read doesn't overwrite the current graph with stale HTML.
Add three new test files (processUtils, methodGraphPanel,
pipelexExtension) covering these bugs plus regression guards for
previous fixes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Expose pipelex-agent's --direction flag as a pipelex.graph.direction setting (top_down | left_to_right, default top_down) so users can control the method graph layout direction from VS Code settings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uses the existing config discovery logic to find and print the resolved configuration file path, or prints "no config file found" to stderr. Also fixes doc comments to reference `plxt.toml` instead of `.pipelex.toml`. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds env and pipelex-tools targets so `maturin develop --release` runs inside an auto-created .venv (via uv), and wires it into `make build`. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds changelog entries for plxt config which, schema association improvements, graph panel fix, and Makefile target. Updates release date to 2026-02-21. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 587a941835
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
The schema tests use #[tokio::test] which requires the `macros` and `rt-multi-thread` features. These were silently provided by feature unification in full-workspace builds but missing when CI tests only upstream crates (`cargo test -p taplo-common -p taplo-lsp ...`). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
…gnostics Address three PR #11 review comments: - resolveCli() now accepts an optional documentUri to prefer the owning workspace folder's .venv in multi-root setups - expand_tilde() falls back to USERPROFILE when HOME is unset (Windows) - Clear diagnostics on timeout/spawn errors to prevent stale problems Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…detect_changes.sh Restore `#[serde(deny_unknown_fields)]` on `SchemaOptions` to match the other config structs, and switch `((count++))` to `((++count))` so the first increment doesn't return exit code 1 and kill the subshell under `set -e`. Adds a unit test for the serde guard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
Author
|
@cubic-dev-ai review this |
@lchoquel I have started the AI code review. It will take a few minutes to complete. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
15 issues found across 40 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/pipelex-cli/src/commands/config.rs">
<violation number="1" location="crates/pipelex-cli/src/commands/config.rs:23">
P2: Misleading error message: when `cwd_normalized()` returns `None`, the issue is that the working directory cannot be determined, not that a config file wasn't found. Consider a more accurate message like `"unable to determine current working directory"`.</violation>
<violation number="2" location="crates/pipelex-cli/src/commands/config.rs:28">
P2: `plxt config which` exits with code 0 even when no config file is found. Since `main()` maps `Ok` → `exit(0)` and `Err` → `exit(1)`, this branch should return an `Err` on failure so callers can detect "not found" from the exit code (the standard convention for `which`-style commands).</violation>
</file>
<file name="editors/vscode/package.json">
<violation number="1" location="editors/vscode/package.json:474">
P2: `pipelex.validation.timeout` should use `"type": "integer"` with a `"minimum"` constraint to be consistent with the other duration settings in this file (`memoryExpiration`, `diskExpiration`) and to prevent nonsensical fractional/negative/zero values.</violation>
</file>
<file name="editors/vscode/src/pipelex/validation/pipelexValidator.ts">
<violation number="1" location="editors/vscode/src/pipelex/validation/pipelexValidator.ts:124">
P2: Stale diagnostics are not cleared on transient errors (timeout, spawn failure). Other error branches explicitly call `this.diagnostics.delete(document.uri)`, but the fallback path at line 120 only logs to the output channel. Add `this.diagnostics.delete(document.uri)` before or after the log line to avoid misleading leftover markers.</violation>
<violation number="2" location="editors/vscode/src/pipelex/validation/pipelexValidator.ts:151">
P2: `extractJson` returns everything from the first `{` to end-of-string, so any trailing non-JSON content (log lines, extra warnings) after the closing `}` causes `JSON.parse` to throw silently, dropping valid validation diagnostics. Slice between the first `{` and last `}` instead.</violation>
</file>
<file name="editors/vscode/src/pipelex/validation/cliResolver.ts">
<violation number="1" location="editors/vscode/src/pipelex/validation/cliResolver.ts:32">
P2: User setting `pipelex.validation.agentCliPath` should take priority over `.venv` auto-detection. An explicit user configuration is silently overridden when a `.venv/bin/pipelex-agent` happens to exist in the workspace, which is surprising and inconsistent with VS Code extension conventions where a user-configured path is the highest-priority override.</violation>
</file>
<file name="crates/taplo-common/src/schema/mod.rs">
<violation number="1" location="crates/taplo-common/src/schema/mod.rs:222">
P2: `load_schema_waterfall` is dead code — it is never called. The identical waterfall loop pattern is implemented inline in `resolve_association` below. Either remove this method or refactor `resolve_association` to delegate to it.</violation>
</file>
<file name="Makefile">
<violation number="1" location="Makefile:40">
P1: If `uv` is not already installed, the install in the first recipe line won't be visible to the second recipe line because each line runs in a separate non-interactive shell that doesn't source profile files. The `uv venv` call will fail with "command not found". Either combine both blocks into a single recipe line (with `&&`), or explicitly add the install directory to `PATH` in the second block (e.g., `export PATH="$$HOME/.local/bin:$$PATH"`).</violation>
</file>
<file name="editors/vscode/src/pipelex/__tests__/methodGraphPanel.test.ts">
<violation number="1" location="editors/vscode/src/pipelex/__tests__/methodGraphPanel.test.ts:233">
P2: This test is ineffective — it can never fail. The assertion `not.toContain('stale')` is vacuously true because the `readFile` mock always returns `'<html>graph</html>'` (which doesn't contain `'stale'`). Even if the staleness check after `spawnCli` were deleted from production code, this test would still pass.
The unused `const fs = await import('fs')` suggests the intended assertion was `expect(fs.promises.readFile).not.toHaveBeenCalled()` (verifying `readFile` was never reached). Either add that assertion, or change `mockState.readFileResult` to a string containing `'stale'` so the `not.toContain` check would actually catch the regression.</violation>
</file>
<file name="editors/vscode/src/pipelex/graph/methodGraphPanel.ts">
<violation number="1" location="editors/vscode/src/pipelex/graph/methodGraphPanel.ts:70">
P2: Webview created with `enableScripts: true` but no Content Security Policy set. VS Code documentation explicitly recommends all webviews set a CSP, especially script-enabled ones. This panel loads external HTML files (ReactFlow visualizations) from paths returned by CLI output, making defense-in-depth via CSP particularly important.
For the statically-generated `messageHtml`/`loadingHtml`, add a restrictive CSP meta tag. For the externally-loaded ReactFlow HTML, consider injecting a CSP `<meta>` tag into the loaded content or documenting the accepted risk.</violation>
</file>
<file name="editors/vscode/src/pipelex/__tests__/pipelexExtension.test.ts">
<violation number="1" location="editors/vscode/src/pipelex/__tests__/pipelexExtension.test.ts:44">
P2: The `importShouldFail` flag in `vi.mock()` factories won't work across tests. `vi.mock` factories run once and the result is cached; `vi.clearAllMocks()` doesn't re-evaluate them. A future test setting `mockState.importShouldFail = true` would silently still get the successful mock. You'd need `vi.resetModules()` in `beforeEach` (and a dynamic re-import of the SUT) for this pattern to work.</violation>
</file>
<file name=".claude/skills/release/scripts/detect_changes.sh">
<violation number="1" location=".claude/skills/release/scripts/detect_changes.sh:55">
P1: Bug: `((count++))` exits the script under `set -e` when `count` is 0. Post-increment returns the *old* value (0), so `(( 0 ))` returns exit code 1. Since it's the last command in a `&&` chain, `errexit` applies and the script aborts. Use `((++count))` (pre-increment, returns 1) or an assignment form that always succeeds.</violation>
</file>
<file name="editors/vscode/src/pipelex/validation/processUtils.ts">
<violation number="1" location="editors/vscode/src/pipelex/validation/processUtils.ts:22">
P2: `(err as any).code ?? err.code` is redundant — both operands access the same `.code` property. The nullish coalescing fallback is dead code. Did you mean `(err as any).exitCode ?? err.code`?</violation>
<violation number="2" location="editors/vscode/src/pipelex/validation/processUtils.ts:31">
P2: The `onAbort` listener is never removed from `signal` when the process exits normally. This leaks a reference to the `proc` handle until the `AbortController` is GC'd or aborted. Add cleanup in both the resolve and reject paths.</violation>
</file>
<file name="crates/taplo-common/src/config.rs">
<violation number="1" location="crates/taplo-common/src/config.rs:296">
P2: `expand_tilde` incorrectly handles `~username/path` patterns: `strip_prefix('~')` yields `username/path`, producing `{HOME}username/path` instead of leaving it unexpanded. The check should ensure `~` is followed by `/` or is the entire string.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
…ad code
- Makefile: combine uv install + venv into single recipe so PATH is visible
- plxt config which: return non-zero exit on failure, fix misleading error msg
- expand_tilde: only expand ~/... and bare ~, not ~username/path; add tests
- schema/mod.rs: refactor resolve_association to delegate to load_schema_waterfall
- package.json: change validation timeout type to integer with minimum: 1000
- extractJson: slice from first { to last } to handle trailing non-JSON content
- processUtils: remove abort listener on process exit to prevent leak, simplify
error code access to (err as NodeJS.ErrnoException).code
- methodGraphPanel test: make staleness assertion non-vacuous by setting mock
readFileResult to contain 'stale'
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
…om tests vi.mock() factories run once at module resolution time and are cached, so setting importShouldFail later in tests had no effect. Remove the dead code and an outdated comment about fire-and-forget async behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace PIPELEX_CSP_NONCE sentinel with crypto nonce in pipelex HTML and inject Content-Security-Policy meta tags. Simple HTML (loading/error) gets minimal style-only CSP. Also exclude vitest.config.mts from tsconfig and add skipLibCheck to avoid unrelated node_modules type errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tection User setting `agentCliPath` now takes priority over `.venv` auto-detection, preventing silent overrides. Also add upstream taplo crate paths (taplo-cli, taplo, taplo-wasm, lsp-async-stub) to detect_changes.sh so release detection correctly categorizes changes in shared dependencies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
Author
|
@cubic-dev-ai review |
@lchoquel I have started the AI code review. It will take a few minutes to complete. |
There was a problem hiding this comment.
4 issues found across 41 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/pipelex-common/src/config.rs">
<violation number="1" location="crates/pipelex-common/src/config.rs:6">
P3: The string `".pipelex/plxt.toml"` is duplicated between `PIPELEX_CONFIG_FILE_NAMES[0]` and the new `PIPELEX_HOME_CONFIG`. Define it once and reference it in both places to avoid silent divergence if the path ever changes.</violation>
</file>
<file name=".claude/skills/release/scripts/detect_changes.sh">
<violation number="1" location=".claude/skills/release/scripts/detect_changes.sh:124">
P2: Off-by-one in `UNRELEASED_LINES`: `echo` appends a newline to the already newline-terminated `$UNRELEASED_CONTENT`, so `wc -l` always overcounts by 1. Use `printf '%s'` instead to avoid the extra trailing newline.</violation>
</file>
<file name="editors/vscode/src/pipelex/graph/methodGraphPanel.ts">
<violation number="1" location="editors/vscode/src/pipelex/graph/methodGraphPanel.ts:202">
P2: The Content-Security-Policy for CLI-generated HTML is overly permissive: `connect-src https:` allows the webview to make network requests to any HTTPS endpoint, and `style-src` includes `'unsafe-inline'` alongside the nonce. Consider restricting `connect-src` to only the origins the ReactFlow visualization actually needs (or `'none'` if it doesn't need network access), and removing `'unsafe-inline'` from `style-src` since the nonce is already present.</violation>
</file>
<file name="editors/vscode/src/pipelex/validation/pipelexValidator.ts">
<violation number="1" location="editors/vscode/src/pipelex/validation/pipelexValidator.ts:150">
P2: `extractJson` doesn't actually skip WARNING lines—it finds the first `{` in the entire string. If any WARNING line contains `{` (e.g., a URL or placeholder), the function will capture an invalid slice and the real JSON payload will be silently dropped. Consider skipping lines that start with `WARNING:` before searching for `{`, or iterating candidate `{` positions until `JSON.parse` succeeds.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
… dedup, line count - Tighten graph webview CSP: connect-src 'none', remove unsafe-inline from style-src - Filter WARNING lines before brace search in extractJson to prevent false matches - Deduplicate .pipelex/plxt.toml string in config.rs by referencing PIPELEX_HOME_CONFIG - Fix off-by-one in detect_changes.sh unreleased line count using printf instead of echo Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
plxtCLI version from 0.1.4 to 0.2.0plxt config which, schema association improvements, graph panel fix, and Makefile targetTest plan
cargo check -p pipelex-clipassescargo check -p pipelex-wasm --target wasm32-unknown-unknownpassespipelex-vscode-ext/v0.4.0andplxt-cli/v0.2.0after merge🤖 Generated with Claude Code
Note
Medium Risk
Touches release/versioning plus schema resolution and editor validation paths, which can affect lint/LSP behavior and end-user workflows; changes are well-scoped but span multiple components (VS Code extension + Rust crates).
Overview
Finalizes the
0.4.0extension release and bumps theplxtCLI to0.2.0, updatingCHANGELOG.mdand version pins (editors/vscode/package.json,crates/pipelex-cli/Cargo.toml,Cargo.lock).Adds new Pipelex IDE features gated to Node hosts: on-save
pipelex-agentvalidation with inline diagnostics and apipelex.showMethodGraphwebview (with new settings for validation and graph direction), plus supporting VS Code-side utilities and tests.Improves config discovery by adding support for a user-level
~/.pipelex/plxt.tomland introducesplxt config whichto print the resolved config path.Enhances Taplo schema handling with a waterfall schema source list (
sources→resolved_sources) and association fallbacks, updating CLI/LSP validation paths accordingly and adding coverage tests. Also updates build/docs tooling (Makefile Python package target + PyPI README + README branding) and adds a.clauderelease skill (workflow docs + change detection script).Written by Cursor Bugbot for commit 8484bb5. This will update automatically on new commits. Configure here.