Skip to content

feat(tui): uam explore — jailed file explorer integrated into sessions via prefix+e#13

Closed
aksOps wants to merge 1 commit into
mainfrom
feat/cockpit
Closed

feat(tui): uam explore — jailed file explorer integrated into sessions via prefix+e#13
aksOps wants to merge 1 commit into
mainfrom
feat/cockpit

Conversation

@aksOps

@aksOps aksOps commented May 31, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds an opt-in file explorer integrated into managed sessions. Inside any uam session, press <prefix> e (default Ctrl+b then e) to split the window and open uam explore — a borderless, jailed file explorer with live preview — rooted at that pane's working directory (the project). Also usable standalone: uam explore [dir].

This replaces the earlier dashboard-mode "cockpit" with the tmux-split integration the project wanted: the explorer lives beside the agent, inside the session.

Explorer (internal/explore)

  • Jailed to the launch directory (symlink-proof via EvalSymlinks) — can't navigate above the project root.
  • Live preview on highlight↑↓ previews the file instantly (no enter); /enter enters a dir, /backspace goes up (stops at root), pgup/pgdn scroll, q/esc quit.
  • Syntax-highlighted (chroma), line-numbered, borderless 2-pane layout; size + binary guards on the preview (read via io.LimitReader, no TOCTOU).

Integration

  • uam explore [dir] subcommand.
  • uam's tmux server binds <prefix> esplit-window -c <pane dir> uam explore (best-effort; same path-safety guard as the session-closed hook). Applied automatically when uam (re)configures its server.

Deps / toolchain

  • Adds bubbles v0.21.1 (viewport), chroma/v2 v2.24.0, termenv — all MIT, on the Go-1.24-compatible lines.
  • Bumps toolchain go1.24.7go1.25.8 to fix reachable stdlib vuln GO-2026-4602 (os, reachable via the Bubble Tea TUI) — clears the govulncheck CI failure.
  • gosec G304 on the file read is annotated #nosec G304 (read-only; path jailed to the project) — clears the gosec CI failure.

Test plan

  • go test -race ./... — all pass (incl. jail/symlink-escape, preview, truncation tests)
  • golangci-lint run ./... — 0 issues
  • govulncheck ./... under go1.25.8 — 0 reachable
  • gosec — 0 issues (G304 annotated)
  • go build / make build; installed + smoke-tested standalone; confirmed the <prefix> e binding is live on the running uam server
  • Reviewer: try <prefix> e in a session — confirm the jail + live preview

🤖 Generated with Claude Code

@socket-security

socket-security Bot commented May 31, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedgithub.com/​alecthomas/​chroma/​v2@​v2.24.09910010010070
Addedgithub.com/​charmbracelet/​bubbles@​v0.21.1100100100100100

View full report

Comment thread internal/app/fileview.go Fixed
@aksOps aksOps changed the title feat(tui): toggleable file-explorer cockpit (explorer | viewer | assistant) feat(tui): uam explore — jailed file explorer integrated into sessions via prefix+e May 31, 2026
A standalone, borderless file explorer with live preview, opened inside any managed session via the tmux prefix+e binding (split-window rooted at the pane's directory). Replaces the earlier dashboard cockpit approach.

- internal/explore: symlink-proof jailed file tree + live, syntax-highlighted, line-numbered preview; preview-on-highlight (no enter needed); q/esc quits.

- uam explore [dir] subcommand (internal/cli) + Usage entry.

- uam tmux server binds prefix+e to split the window and run uam explore rooted+jailed at the pane's current directory (best-effort; same path-safety guard as the session-closed hook).

- Adds bubbles v0.21.1 (viewport), chroma/v2 v2.24.0, termenv for highlighting; sets go/toolchain to 1.25.8 (from 1.24) to fix reachable stdlib vuln GO-2026-4602 (os) — and keeps CI's setup-go on a single version (no toolchain switch, fixes the covdata coverage break).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@sonarqubecloud

Copy link
Copy Markdown

@RandomCodeSpace RandomCodeSpace locked and limited conversation to collaborators Jun 1, 2026
@RandomCodeSpace RandomCodeSpace unlocked this conversation Jun 1, 2026
@aksOps aksOps closed this Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants