FE-737: Web shell over the same host (M3)

[lunelson]

FE-737: Start web shell frontier

FE-737 reject non-linear transcript JSONL

FE-737 fail fast on non-linear session RPC

FE-737 block TUI branch flows

[lunelson]

• FE-808 persist graph node ordinals #171
• Sync plan for FE-806 start #169
• FE-795: Track live graph observer frontier #166
• FE-785: M5 agent-graph-integration #163
• FE-776: Graph Layer preps #162
• FE-744: Document Pi command containment evidence #150
• FE-737: Web shell over the same host (M3) #147 👈 (View in Graphite)
• FE-736: JSONL session viability proof (M2) #146
• FE-735: Mode shell and fixture driver (M1) #144
• FE-702: Walking skeleton — brunch binary + TUI over pi (M0) #142
• next

This stack of pull requests is managed by Graphite. Learn more about stacking.

[semgrep-code-hashintel]

The use of a weak cryptographic algorithm (e.g., SHA-1 or MD5) has been identified. These algorithms are considered insecure due to vulnerabilities that make them susceptible to collision attacks, allowing attackers to compromise data integrity or security. Replace SHA-1 or MD5 with secure hashing algorithms, such as: SHA-256 or higher (e.g., SHA-3).

⭐ Fixed in commit ec2f985 ⭐

[cursor]

PR Summary

Medium Risk
Touches session/RPC contracts and transcript policy (linear-only, explicit session targeting) that TUI, fixtures, and the new web client all share; regressions would affect every read surface, though coverage is broad.

Overview
M3 web shell (FE-737) adds brunch --mode web: a native React app (TanStack Router + Query) served as static assets with a WebSocket-backed JSON-RPC client—no REST product reads and no pi-web-ui. The build pipeline gains vite build → dist-web, wired into npm run build.

Session-facing reads are tightened around a canonical Brunch session envelope (readBrunchSessionEnvelope): one Pi header, one brunch.session_binding, validated shapes, and fail-fast linear transcript checks. Active-branch / flattening projection is removed; elicitation and transcript display go through linear loaders and explicit { sessionId, specId } RPC targets (session.elicitationExchanges, session.transcriptDisplay). Non-linear JSONL surfaces a product error on RPC (and tests cover stdio/WebSocket).

JSON-RPC dispatch/response helpers move to json-rpc-protocol.ts; TUI hooks cancel session_before_tree / session_before_fork with a stable warning. Elicitation projection uses an allowlist of prompt-side custom entry types and renders displayable brunch.elicitation_prompt rows in the web transcript.

Planning/spec docs mark web-shell done, advance graph-data-plane, and codify D33-L (connections are client attachments, one-writer/many-observer POC) plus partial coverage updates for I19-L / I21-L. Also adds the ln-judo-review agent skill and minor Graphite frontier-setup notes.

^{Reviewed by Cursor Bugbot for commit 8204774. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit eab91df. Configure here.}

[cursor]

Identical function duplicated within same file

Low Severity

hasRequiredSessionEntryShape and isSessionEntry in brunch-session-envelope.ts have identical implementations — both return isTranscriptEntry(value) && hasStringOrNullParentId(value). One of them is unnecessary and risks diverging silently if only one is updated in the future.

Additional Locations (1)

• src/brunch-session-envelope.ts#L159-L162

 

^{Reviewed by Cursor Bugbot for commit eab91df. Configure here.}

[augmentcode]

🤖 Augment PR Summary

Summary: This PR introduces the M3 “web shell” as a native React UI served by the Brunch host, using a single WebSocket-backed JSON-RPC transport (no REST read model).

Changes:

• Adds --mode web CLI support and a Node HTTP host that serves built web assets plus /rpc WebSocket JSON-RPC.
• Introduces a typed JSON-RPC protocol helper module to centralize parsing/dispatch and standard error frames.
• Adds a browser WebSocket RPC client with request multiplexing and protocol-failure hardening.
• Builds the initial React dashboard using TanStack Router + Query to render workspace chrome and a read-only transcript display.
• Adds a canonical “Brunch session envelope” reader that validates session self-description (brunch.session_binding) and enforces linear transcript constraints.
• Hardens projection/RPC paths to reject non-linear transcripts and to require explicit session/spec targets for durable reads.
• Blocks Pi branch flows (/tree, /fork) in the TUI with a stable user-facing warning.
• Wires Vite build output to dist-web and updates packaging/tsconfig accordingly.

Technical Notes: Session-consuming reads now treat transport connections as ephemeral attachments; explicit { sessionId, specId } targeting is used for web projections, and non-linear Pi JSONL shapes fail fast.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

src/fixture-capture.ts:164 — Since response comes from JSON.parse without runtime validation, a malformed frame that lacks both error and result will now fall through and return undefined, which can mask protocol failures during fixture capture.

Severity: medium

⏳ Generating Fix in Augment link...

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[graphite-app]

Merge activity

• Jun 2, 5:35 PM UTC: Graphite rebased this pull request, because this pull request is set to merge when ready.