Feature/441 a2ui

[felix-schultz]

This pull request introduces several dependency updates, new workspace packages, and important changes to backend components, particularly around AWS Lambda execution and file tracking. The most significant updates include adding new packages to the workspace, updating core dependencies, refactoring the file tracker to remove direct S3 deletions (preventing Lambda recursion), and extending execution payloads to support runtime variables. There are also improvements to documentation and licensing clarity in the README.md.

Workspace and Dependency Updates:

• Added new packages packages/catalog/geo and packages/wasm to the workspace and as dependencies, expanding catalog and WASM support. [1] [2]
• Updated core dependencies: rig-core to 0.29.0, rmcp to 0.13.0, and the markitdown git revision, ensuring the project uses the latest features and fixes.

Backend AWS Executor and Runtime Enhancements:

• Changed flow-like-executor dependency to include the all-execute feature in all AWS executor/runtime and Docker Compose runtime crates, enabling broader execution capabilities. [1] [2] [3] [4]
• Extended the DispatchPayload struct in both executor-async and runtime-async to include an optional runtime_variables field, and updated the execution logic to pass this field, allowing more flexible runtime configuration. [1] [2] [3] [4]

AWS File Tracker Refactor:

• Removed all direct dependencies on aws-sdk-s3 and related S3 client code from the file tracker Lambda, including S3 object deletion logic. Now, on failure, only DynamoDB state is reverted, preventing recursive Lambda invocations caused by S3 event triggers. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Documentation and License Improvements:

• Updated README.md to add a "Buy Me a Coffee" badge, a new section detailing the Business Source License (BSL 1.1) and its rationale, and clarified the use of AI-assisted coding and its review requirements. [1] [2] [3] [4]

Minor Codebase Cleanups:

• Removed unnecessary #[allow(dead_code)] attributes and unused imports in several backend files, and made minor enum attribute cleanups. [1] [2]

These changes collectively improve the maintainability, extensibility, and operational safety of the project, while also clarifying licensing and contribution guidelines.

In general, the safest way to handle this pattern is:

• Treat image URLs as data, not HTML, and strictly validate which schemes and origins are allowed before assigning them to src.
• For user uploads, prefer browser-generated blob: URLs or server-generated HTTPS URLs on trusted origins.
• Avoid using new URL(url, window.location.origin) on arbitrary strings, because it can normalize/interpret unexpected inputs; instead, parse and validate the URL more defensively.

For this specific case, we can harden sanitizeImageUrl in packages/ui/lib/utils.ts without changing how Id uses it:

1. Extend the sanitizer to:
   • Explicitly allow blob: URLs only if they look like real blob URLs (blob: followed by an origin + an opaque reference).
   • Treat bare paths and relative URLs as safe only if they resolve to the current origin and (optionally) look like image paths.
   • Continue to validate data: URLs using the existing regex.
2. Replace the new URL(url, window.location.origin) usage with logic that:
   • Checks protocol for absolute URLs containing :// or that start with blob: or data:.
   • For relative URLs (no scheme), resolves against window.location.origin and confirms the result uses an allowed protocol and origin.
3. Keep the current API (sanitizeImageUrl(url, fallback): string) so callers such as <img src={sanitizeImageUrl(localMetadata?.thumbnail, "/placeholder-thumbnail.webp")}> keep working unchanged.

All changes are confined to packages/ui/lib/utils.ts; the apps/desktop/app/library/config/page.tsx file does not need modification, because it already calls the sanitizer.

---

In general, to fix this type of issue you ensure that any URL derived from untrusted or semi-trusted sources is strictly validated and normalized before being bound into attributes like src, especially when the same sanitizer might be reused in other contexts. The sanitizer should either return a clearly safe, normalized URL string or fall back to a trusted default, and it should avoid passing through arbitrary text that the browser could reinterpret in surprising ways.

For this codebase, the best fix is to tighten sanitizeImageUrl in packages/ui/lib/utils.ts so that:

• All returned URLs are fully normalized via the URL API.
• It never returns the raw, unparsed url string.
• data: URLs are validated against a strict image-only pattern and, if valid, are returned as-is (since new URL cannot parse them easily with window.location.origin).
• Other protocols (http, https, blob) are returned via parsed.href, ensuring consistent encoding and removing any chance of stray whitespace or characters being interpreted oddly.
• Any parsing error or protocol mismatch causes the sanitizer to return the provided fallback.

No changes are required in apps/desktop/app/library/config/page.tsx, because that file already uses sanitizeImageUrl correctly; our fix will be entirely within packages/ui/lib/utils.ts.

Concretely:

• Update sanitizeImageUrl to:
  • Keep the strict data: URL regex check.
  • For data: URLs, return the original URL only if it matches the regex; otherwise use the fallback.
  • For non-data: URLs, parse using new URL(url, window.location.origin), verify the protocol against SAFE_URL_PROTOCOLS, and return parsed.href instead of url.
  • Fall back on any error or protocol mismatch.

This keeps existing behavior for valid URLs but removes the direct passthrough of tainted text that CodeQL is warning about.

---

In general, the problem is that sanitizeImageUrl currently considers any http:, https:, blob:, or data: URL as safe and returns it unchanged. This is too permissive: data: URLs can encode HTML or script in some browsers, and the function does not enforce that “data” URLs are image-only nor does it ensure that blob URLs originated from trusted sources. To harden this, we should strictly constrain which URL patterns are allowed and return a safe fallback in all other cases, without relying on “DOM text” being treated safely by consumers.

The best targeted fix without changing existing functionality more than necessary is to:

1. Restrict SAFE_URL_PROTOCOLS to ["http:", "https:", "blob:"].
2. Keep the special case for data: URLs but only allow data URLs that match a strict, image-only pattern (data:image/...;base64,...).
3. Avoid returning the original url string directly; instead, return a normalized, trusted string derived from the parsed URL, such as parsed.href. This ensures we do not propagate unexpected control characters or malformed URLs returned by tainted input.

Concretely, in packages/ui/lib/utils.ts, we will:

• Update SAFE_URL_PROTOCOLS to exclude "data:".
• Update the logic in sanitizeImageUrl so that:
  • If the protocol is not in SAFE_URL_PROTOCOLS, but the original string is a valid, safe image data URL according to the strict regex, we allow it as-is.
  • Otherwise, return fallback.
  • For non-data: URLs, return parsed.href instead of url.

The call site in chatbox.tsx does not need changes; it will now receive a hardened URL from sanitizeImageUrl. This keeps the component’s behavior the same (valid blob: URLs still work; safe image data URLs are still allowed) while tightening the sanitizer to satisfy CodeQL and improve security.

---

[gemini-code-assist]

Summary of Changes

Hello @felix-schultz, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's capabilities by introducing robust UI development tools, a comprehensive WASM package management system, and critical backend improvements for stability and extensibility. The changes aim to streamline the development workflow, improve operational safety, and provide a richer user experience through new features like runtime variable configuration and system tray integration.

Highlights

• Expanded Workspace and Dependency Updates: New workspace packages packages/catalog/geo and packages/wasm have been added. Core dependencies like rig-core and rmcp are updated to their latest versions, and the markitdown git revision has been advanced.
• Enhanced Backend AWS Executor and Runtime: The flow-like-executor dependency now includes the all-execute feature across AWS executor/runtime and Docker Compose runtime crates. DispatchPayload in executor-async and runtime-async has been extended with an optional runtime_variables field for flexible runtime configuration.
• Refactored AWS File Tracker: Direct S3 deletion logic and aws-sdk-s3 dependencies have been removed from the file tracker Lambda. This change prevents recursive Lambda invocations by reverting only DynamoDB state on failure, allowing SQS retry mechanisms to handle reconciliation.
• Comprehensive Documentation and Licensing Improvements: The README.md now features a 'Buy Me a Coffee' badge, a detailed section explaining the Business Source License (BSL 1.1) and its rationale, and clarified guidelines for AI-assisted coding and review requirements.
• New UI for A2UI Pages, Widgets, and Runtime Variables: Dedicated UI pages have been introduced for managing A2UI pages, widgets, and runtime variables within the desktop application, enhancing the visual development experience.
• WASM Package Registry Integration: The desktop application now includes functionality to explore, install, update, and publish WASM node packages through a new registry interface, along with local package loading for development.
• Unified Copilot Chat and Execution Elements API: The copilot chat functionality has been unified to support both board and UI generation, and a new API endpoint get_execution_elements allows fetching elements required for workflow execution on specific pages.
• System Tray Integration: A new system tray provider has been added to the desktop application, offering quick access to notifications, active runs, resource usage, and other system-level controls.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[felix-schultz]

@gemini-code-assist review

[gemini-code-assist]

Code Review

This is a massive and impressive pull request that introduces several major features, including a comprehensive package management system for WASM nodes, a visual page and widget builder (A2UI), app routing, runtime variable management, and system tray integration. The backend changes, particularly the refactoring of the AWS file tracker to prevent Lambda recursion, are critical improvements for stability and scalability. The frontend has been significantly refactored to use a centralized API state and shared UI components, which greatly improves maintainability. The documentation has also been thoroughly updated to reflect these new features, which is excellent for contributors and users alike. My review focuses on a few minor points regarding concurrency handling and configuration, but overall, this is a fantastic set of additions to the project.

[gemini-code-assist]

Using try_lock here is a good way to avoid blocking, but silently returning Ok(false) if the lock is busy could lead to a confusing user experience where a deeplink does nothing. It might be better to return an error that can be surfaced to the user, or perhaps implement a short retry with a timeout to handle transient contention.

[gemini-code-assist]

Adding todo to the .gitignore is a bit unusual. Typically, files like TODO.md are tracked to keep a record of pending work. Was this intended for a specific tool that generates an untracked todo file, or could it be a mistake?

[gemini-code-assist]

This is an excellent change. Removing the S3 object deletion on failure is a crucial fix to prevent recursive Lambda invocations. The detailed comment explaining the reasoning is also very clear and will be helpful for future maintenance. Great work on identifying and resolving this potential infinite loop.

[gemini-code-assist]

This change from blocking_lock to try_lock is a good improvement for responsiveness. However, the fallback is to silently skip the cron job execution if the lock is contended. While this prevents blocking, it might lead to missed executions. Is this the desired behavior, or should there be a retry mechanism or a more prominent error log for these cases?

[gemini-code-assist]

The new cancellation logic using abort_handle is much cleaner and more robust. I noticed the previous implementation had a flush_logs_cancelled call to ensure logs were saved even on cancellation. Is that behavior still preserved with this new approach, perhaps handled within the internal_run.execute task when it's aborted? If not, we might lose valuable debugging information for cancelled runs.

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive feature-gating mechanism for heavy dependencies in nodes, along with new documentation detailing its implementation in Cargo.toml and Rust source files. It also includes significant refactoring across the desktop application's frontend, migrating numerous API calls from direct fetcher and put utilities to a new backend.apiState service, thereby centralizing API interaction logic and removing useAuth dependencies in several admin and library pages. New administrative pages for WASM packages and a dedicated page for managing runtime variables have been added, alongside new UI components for pages and widgets, including a visual page builder and widget editor with versioning capabilities. The core application layout has been enhanced with new providers for execution services, notifications, runtime variables, and system tray integration. Backend changes support these new features, including updates to the event bus, event sink handling, and new Tauri commands for A2UI (pages, widgets, routes) and WASM package registry management. Dependency updates include rig-core, rmcp, markitdown, and next.js, and the .gitignore file now excludes todo and docling_cache. A review comment highlights the importance of including the user's ID in react-query keys to prevent stale data issues, while another emphasizes the need for a Dead-Letter Queue for SQS to ensure robustness against persistent failures in the file-tracker service.

[gemini-code-assist]

The queryKey for useQuery should uniquely identify the data being fetched. By removing the user's ID from the key, there's a risk of showing stale, cached data from a previous user if one user logs out and another logs in. Although the enabled flag will trigger a refetch when the profile changes, react-query might still serve the stale data from the cache for a moment before the new data arrives. To prevent this, the user's ID should be part of the query key.

Suggested change

	queryKey: [method, path, data],
	queryKey: [method, path, data, profile.data?.hub_profile.id],

[gemini-code-assist]

The logic to avoid deleting the S3 object and rely on SQS retries is a great way to prevent Lambda recursion. However, for this to be fully robust against persistent failures (e.g., a database issue that outlasts the retry attempts), it's crucial that the SQS queue is configured with a Dead-Letter Queue (DLQ). This will ensure that messages that repeatedly fail processing are captured for manual inspection instead of being lost after the retention period expires. It might be worth adding a note about this requirement in the infrastructure-as-code or deployment documentation.