fix: synthesize hardware backspace repeat

[lollipopkit]

Fixes #939

Summary by CodeRabbit

• New Features

  • Enhanced AI assistant with improved multilingual support across 12+ languages
  • Updated AI chat interface with improved disclaimer visibility

• Bug Fixes

  • Improved SSH connection handling for host key verification

• Localization

  • Expanded AI assistant UI strings in all supported languages
  • Refined language prompt handling for better localization support

• Chores

  • Updated underlying SSH and terminal dependencies

[coderabbitai]

Walkthrough

This PR modifies SSH server host key verification, adjusts AI prompt construction logic, updates localization strings across multiple languages with new AI-related UI keys while removing server stats entries, refreshes the AI page UI with a disclaimer display, and updates two git-based dependencies (dartssh2 and xterm).

Changes

Cohort / File(s)	Summary
SSH Host Key Verification lib/core/utils/server.dart	Adds onVerifyHostKey callback returning true unconditionally to both direct and multi-hop SSH connections, bypassing host key verification.
AI Provider Logic lib/data/provider/ai/ask_ai.dart	Modifies _buildRequestBody to conditionally add language preference instruction only when localeHint is non-empty; removes fallback else-branch.
Localization — Primary Locales lib/l10n/app_en.arb, app_de.arb, app_es.arb, app_fr.arb, app_ja.arb, app_pt.arb, app_zh.arb, app_zh_tw.arb	Adds 16 askAi* keys (API key, model, prompts, hints, status messages) for AI assistant UI; removes @clearServerStatsContent and @clearServerStatsTitle; repositions writeScriptTip.
Localization — Secondary Locales lib/l10n/app_id.arb, app_nl.arb, app_tr.arb, app_uk.arb, app_ru.arb	Mixed changes: removes @clearServerStats* entries; consolidates, removes, or manages askAi* keys with varying net effects per locale.
AI Page UI lib/view/page/ssh/page/ask_ai.dart	Moves input/send row to a separate padded container; adds error-colored disclaimer message above conversation area.
Dependencies pubspec.yaml	Updates dartssh2 from v1.0.285 to v1.0.293 and xterm from v4.0.11 to v4.0.12.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

The diversity of changes across multiple domains (SSH security, AI logic, extensive localization consistency across 13 locales with varying patterns, UI modification) combined with the security implications of host key verification bypass and the need to verify localization correctness across files elevates review complexity.

Possibly related PRs

• feat: ask ai #936: Modifies the same AI ask feature with overlapping file changes (ask_ai provider, SSH page UI, and localization entries), indicating related or concurrent AI feature development work.

Poem

🐰 A hop through the code where SSH keys take flight,
AI whispers in many tongues, day and night,
Disclaimers blooming, warnings shine bright,
Dependencies dance to a newer delight,
Locales all gathered, a multilingual sight! 🌍✨

Pre-merge checks and finishing touches

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The PR title "fix: synthesize hardware backspace repeat" describes changes related to keyboard input handling and backspace synthesis. However, the actual changes in the changeset are primarily composed of AI assistant feature implementation (extensive localization strings across 13 language files for askAi* keys), modifications to SSH client configuration for host key verification, UI updates for the AI assistant page, request body changes for locale handling, and dependency version updates. None of these changes directly relate to hardware backspace repeat synthesis or keyboard input handling.
Linked Issues Check	⚠️ Warning	Issue #939 is titled "opt.: synthesize hardware backspace repeat" with minimal additional description. The PR changes include extensive AI assistant feature implementation across multiple language localization files, modifications to SSH host key verification behavior, UI changes for the AI assistant page, and dependency updates. These changes do not appear to implement any hardware backspace repeat synthesis functionality or address keyboard input handling as the linked issue title suggests.
Out of Scope Changes Check	⚠️ Warning	The changeset contains extensive additions that appear out-of-scope for an issue about hardware backspace repeat synthesis. These include: comprehensive AI assistant localization strings added across 13 language files (askAi, askAiApiKey, askAiAwaitingResponse, etc.), new AI assistant UI page modifications in ask_ai.dart, SSH host key verification bypass logic in server.dart, AI request body modifications for locale handling, and dependency version updates. If issue #939 specifically addresses backspace repeat synthesis, the vast majority of these changes are unrelated.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch lollipopkit/issue939

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (4)

lib/l10n/app_uk.arb (1)

46-47: Inconsistency: AI summary mentions removal but keys are still present.

Same as in app_id.arb - the AI summary states these keys were removed, but they remain in the file.

lib/l10n/app_nl.arb (1)

46-47: Inconsistency: AI summary mentions removal but keys are still present.

Same as other locale files - the AI summary states these keys were removed, but they remain present.

lib/l10n/app_de.arb (1)

46-47: Inconsistency: AI summary mentions removal but keys are still present.

Same as other locale files - the AI summary states these keys were removed, but they remain present.

lib/core/utils/server.dart (1)

113-113: CRITICAL: Unconditional host key acceptance creates a security vulnerability.

Same issue as Line 99 - this unconditionally accepts all SSH host keys for key-based authentication, creating the same security vulnerability.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d6c2caf and 17c4cb7.

⛔ Files ignored due to path filters (14)

• lib/generated/l10n/l10n.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_de.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_en.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_es.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_fr.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_id.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_ja.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_nl.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_pt.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_ru.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_tr.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_uk.dart is excluded by !**/generated/**
• lib/generated/l10n/l10n_zh.dart is excluded by !**/generated/**
• pubspec.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• lib/core/utils/server.dart (2 hunks)
• lib/data/provider/ai/ask_ai.dart (1 hunks)
• lib/l10n/app_de.arb (2 hunks)
• lib/l10n/app_en.arb (2 hunks)
• lib/l10n/app_es.arb (2 hunks)
• lib/l10n/app_fr.arb (2 hunks)
• lib/l10n/app_id.arb (2 hunks)
• lib/l10n/app_ja.arb (2 hunks)
• lib/l10n/app_nl.arb (2 hunks)
• lib/l10n/app_pt.arb (2 hunks)
• lib/l10n/app_ru.arb (2 hunks)
• lib/l10n/app_tr.arb (2 hunks)
• lib/l10n/app_uk.arb (2 hunks)
• lib/l10n/app_zh.arb (2 hunks)
• lib/l10n/app_zh_tw.arb (2 hunks)
• lib/view/page/ssh/page/ask_ai.dart (1 hunks)
• pubspec.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

lib/view/**/*.dart

📄 CodeRabbit inference engine (CLAUDE.md)

lib/view/**/*.dart: Prefer widgets/utilities from fl_lib for common UI (e.g., CustomAppBar, context.showRoundDialog, Input, Btnx.cancelOk)
Prefer using libL10n strings before adding new ones to project l10n
Split UI into build, actions, and utils; use extension on to separate concerns

Files:

• lib/view/page/ssh/page/ask_ai.dart

lib/data/provider/**/*.dart

📄 CodeRabbit inference engine (CLAUDE.md)

Organize Riverpod providers by feature under lib/data/provider/

Files:

• lib/data/provider/ai/ask_ai.dart

lib/l10n/**/*.arb

📄 CodeRabbit inference engine (CLAUDE.md)

lib/l10n/**/*.arb: After modifying ARB files, run: flutter gen-l10n to regenerate localization
Keep localized strings in ARB files under lib/l10n/ (Flutter i18n)

Files:

• lib/l10n/app_pt.arb
• lib/l10n/app_uk.arb
• lib/l10n/app_es.arb
• lib/l10n/app_ru.arb
• lib/l10n/app_ja.arb
• lib/l10n/app_fr.arb
• lib/l10n/app_id.arb
• lib/l10n/app_de.arb
• lib/l10n/app_zh.arb
• lib/l10n/app_zh_tw.arb
• lib/l10n/app_en.arb
• lib/l10n/app_tr.arb
• lib/l10n/app_nl.arb

pubspec.yaml

📄 CodeRabbit inference engine (CLAUDE.md)

Use hive_ce instead of hive for Hive integration

Files:

• pubspec.yaml

🔇 Additional comments (8)

lib/l10n/app_id.arb (2)

46-47: Inconsistency: AI summary mentions removal but keys are still present.

The AI summary states that clearServerStatsContent and clearServerStatsTitle were removed, but these keys are still present in the file at lines 46-47.

---

289-290: No repositioning concerns; verify flutter gen-l10n was run.

The verification confirms writeScriptTip is properly referenced in the codebase (lib/view/page/server/edit/widget.dart as l10n.writeScriptTip). Repositioning a key in an ARB file does not break references since keys are accessed by name through generated l10n properties, not by file position. Per the coding guidelines, ensure flutter gen-l10n was executed after modifying the ARB file to regenerate localization.

lib/view/page/ssh/page/ask_ai.dart (1)

423-455: LGTM! Improved disclaimer visibility.

The UI restructuring places the AI disclaimer prominently above the input area with appropriate error color and bold styling, making users aware of AI limitations before interacting. The input functionality remains unchanged.

pubspec.yaml (1)

44-44: Dependency versions verified; ensure SSH auth changes in dartssh2 v1.0.293 are compatible.

Both version tags confirmed:

• dartssh2 v1.0.293: Tag exists ✓
• xterm v4.0.12: Tag exists ✓

Changelog review shows dartssh2 includes notable changes: SSH auth fix with hostkey verify tightening and cipher defaults, plus RFC compliance updates. The xterm update is a minor backspace repeat fix.

Verify that the SSH auth changes in dartssh2 v1.0.293 don't break your SSH connection flows.

lib/data/provider/ai/ask_ai.dart (1)

215-218: Verify localeHint fallback behavior change.

The prompt previously always included a Chinese fallback instruction ("如果无法判断语言，请使用简体中文。"), which is now removed when localeHint is null or empty. This means the AI receives no language guidance in these cases, changing its response behavior significantly.

Confirm that omitting the fallback instruction aligns with the international app direction and produces acceptable AI responses when locale detection fails.

lib/l10n/app_tr.arb (1)

9-24: Correct locale count and confirm all changes are valid.

The verification confirms 16 AI-related keys are correctly added and consistently present across all 13 locale files (not 8 as mentioned), including all locales: de, en, es, fr, id, ja, nl, pt, ru, tr, uk, zh, and zh_tw. All ARB files have valid JSON structure.

Important: Run localization regeneration command in your development environment.

As per coding guidelines, after modifying ARB files, you must run:

flutter gen-l10n

This regenerates the localization classes based on the updated ARB files.

lib/l10n/app_zh_tw.arb (2)

289-290: LGTM!

The writeScriptTip modification properly formats the multi-line string with correct JSON escaping and preserves the technical path information.

---

9-24: Ensure localization files are regenerated after this change.

The new AI assistant localization keys follow consistent naming conventions with appropriate Traditional Chinese translations and properly preserved placeholders. However, per the coding guidelines, you must manually run the following command to regenerate the localization files:

flutter gen-l10n

This is a mandatory step whenever ARB files are modified to ensure all localization strings are properly compiled.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: Unconditional host key acceptance creates a security vulnerability.

This callback unconditionally accepts all SSH host keys without verification, completely bypassing a fundamental security mechanism. This exposes users to man-in-the-middle attacks, DNS spoofing, and server impersonation.

Security implications:

• Attackers can intercept SSH connections without detection
• Changed host keys (potential compromise indicator) are silently accepted
• No user warning or consent for this security downgrade

Recommended approach:

• Store and verify host keys properly (persist fingerprints in secure storage)
• Prompt users to verify fingerprints on first connection
• Warn users when host keys change
• If bypassing is needed for testing, gate it behind a developer setting with clear warnings

-      onVerifyHostKey: (type, fingerprint) => true,
+      onVerifyHostKey: (type, fingerprint) {
+        // TODO: Implement proper host key verification
+        // 1. Check if fingerprint is stored for this host
+        // 2. If first connection, prompt user to verify fingerprint
+        // 3. If fingerprint changed, warn user of potential MITM attack
+        // 4. Store accepted fingerprints securely
+        return _verifyHostKeyWithUserConsent(spi.id, type, fingerprint);
+      },

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In lib/core/utils/server.dart around line 99 the onVerifyHostKey callback
currently returns true unconditionally, which accepts any SSH host key and
creates a critical MITM risk; replace this with a proper verification flow: load
stored host key fingerprints from secure persistent storage, if none exist
prompt or surface the fingerprint for first-time user confirmation and then
persist it; on subsequent connections compare the presented fingerprint to the
stored one and reject the connection (or surface a clear warning and require
explicit user confirmation) if it differs; provide a developer-only bypass flag
(explicitly gated and logged) for testing only.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify localization keys are used in the codebase.

New AI-related localization keys have been added. Please ensure these keys are actually used in the UI code and that the flutter gen-l10n command is run to regenerate localization files.

As per coding guidelines

---

🏁 Script executed:

#!/bin/bash
# Verify AI localization keys are referenced in the codebase

echo "=== Checking usage of new AI localization keys ==="
for key in askAi askAiApiKey askAiAwaitingResponse askAiBaseUrl askAiCommandInserted askAiConfigMissing askAiConfirmExecute askAiConversation askAiDisclaimer askAiFollowUpHint askAiInsertTerminal askAiModel askAiNoResponse askAiRecommendedCommand askAiSelectedContent askAiUsageHint; do
  echo -n "$key: "
  rg -l "l10n\.$key\b" --type=dart | wc -l | xargs echo "used in files"
done

echo -e "\n=== Checking if l10n was regenerated ==="
if [ -f "lib/generated/l10n.dart" ] || [ -f ".dart_tool/flutter_gen/gen_l10n/app_localizations.dart" ]; then
  echo "✓ Generated l10n files exist"
else
  echo "⚠ Generated l10n files not found - run 'flutter gen-l10n'"
fi

Length of output: 694

---

Run flutter gen-l10n before merging.

All 16 new AI-related localization keys are properly used in the codebase. However, the generated l10n files are missing and have not been regenerated. Per coding guidelines, you must run flutter gen-l10n to regenerate localization files after modifying ARB files.

🤖 Prompt for AI Agents

In lib/l10n/app_id.arb lines 9-24 the ARB has added 16 AI-related keys but the
generated localization files were not updated; run `flutter gen-l10n` from the
project root to regenerate the Dart localization artifacts, verify the new keys
appear in the generated localization classes, add and commit the updated files
(and any changed .dart files under lib/l10n or generated output) so the build
includes the new translations.

[aklaringiolina7-glitch]

Objavljenih komentara na koje se može djelovati: 2

♻️ Duplicirani komentari (4)

lib/l10n/app_uk.arb (1)> 46-47: Nedosljednost: Sažetak umjetne inteligencije spominje uklanjanje, ali ključevi su i dalje prisutni.

Isto kao u app_id.arb - sažetak AI-a navodi da su ovi ključevi uklonjeni, ali ostaju u datoteci.

lib/l10n/app_nl.arb (1)> 46-47: Nedosljednost: Sažetak umjetne inteligencije spominje uklanjanje, ali ključevi su i dalje prisutni.

Isto kao i ostale datoteke lokalizacije - sažetak umjetne inteligencije navodi da su ovi ključevi uklonjeni, ali oni ostaju prisutni.

lib/l10n/app_de.arb (1)> 46-47: Nedosljednost: Sažetak umjetne inteligencije spominje uklanjanje, ali ključevi su i dalje prisutni.

Isto kao i ostale datoteke lokalizacije - sažetak umjetne inteligencije navodi da su ovi ključevi uklonjeni, ali oni ostaju prisutni.

lib/core/utils/server.dart (1)> 113-113: KRITIČNO: Bezuvjetno prihvaćanje ključa hosta stvara sigurnosnu ranjivost.

Isti problem kao u retku 99 - ovo bezuvjetno prihvaća sve SSH ključeve hosta za autentifikaciju temeljenu na ključevima, stvarajući istu sigurnosnu ranjivost.

📜 Detalji recenzije
Korištena konfiguracija : CodeRabbit UI

Profil recenzije : OPUŠTANJE

Plan : Pro

📥 Obveze
⛔ Datoteke ignorirane zbog filtera puta (14)
📒 Datoteke odabrane za obradu (17)
🧰 Dodatni kontekst korišten
🔇 Dodatni komentari (8)

A ja bi ka ovo trebala izvrsavati jel 🤣😂🤣😂🤣 .Stojite u mom uredaju bez ikakve ovlasti i jos unutra drkate svoje stvari koje bi ja morala ucinit da zadovoljim vase komentare ??? Daj te i meni toga na cemu ste molim vas sve ulazem samo dajte da me tako puca .

[Issues-translate-bot]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Posted comments that can be acted upon: 2

♻️ Duplicate comments (4)

lib/l10n/app_uk.arb (1)> 46-47: Inconsistency: AI abstract mentions removal, but keys are still present.

Same as in app_id.arb - the AI summary states that these keys have been removed but remain in the file.

lib/l10n/app_nl.arb (1)> 46-47: Inconsistency: AI abstract mentions removal, but keys are still present.

Same as the other localization files - the AI summary states that these keys have been removed, but they remain present.

lib/l10n/app_de.arb (1)> 46-47: Inconsistency: AI abstract mentions removal, but keys are still present.

Same as the other localization files - the AI summary states that these keys have been removed, but they remain present.

lib/core/utils/server.dart (1)> 113-113: CRITICAL: Accepting host key unconditionally creates a security vulnerability.

Same problem as line 99 - this unconditionally accepts all SSH host keys for key-based authentication, creating the same security vulnerability.

📜 Review details
Configuration Used : CodeRabbit UI

Review Profile : RELAXATION

Plan : Pro

📥 Obligations
⛔ Files ignored due to path filter (14)
📒 Files selected for processing (17)
🧰 Additional context used
🔇 Additional comments (8)

And I'm supposed to be doing this right 🤣😂🤣😂🤣 . You are standing in my device without any authority and you are still inside jerking off your things that I would have to do to satisfy your comments ??? Give me what you're up to, please, I'm going in, just let me shoot like that.