Skip to content

Build insight UI#339

Open
gregsexton wants to merge 2978 commits into
SkipLabs:mainfrom
gregsexton:insight-ui
Open

Build insight UI#339
gregsexton wants to merge 2978 commits into
SkipLabs:mainfrom
gregsexton:insight-ui

Conversation

@gregsexton

Copy link
Copy Markdown
Contributor

This renders a debug trace given a static JSON file that is generated
by SKStore.

mbouaziz and others added 30 commits September 3, 2024 13:54
This PR adds the `jsdoc` plugin for eslinting `skstore`.

It is run with the other rules on `npm run lint`

Current `jsdoc/...` rules that are still `warn` should be eventually
turned to `error`.
No issues found apart from a confusion between exceptions and strings in a few places.
In JS, we use `type ptr = number` to represent pointers. Nothing
prevents us from mixing `ptr` and `number`.
A first step is to make `ptr` (what Typescript people call) _opaque_ (it
corresponds to OCaml `private` types, not abstract types), i.e. it is
`number & fake_something` so that we can convert `ptr` to `number` but
not the other way around, unless using `as` or `any`, of course...
Under undefined circumstances (pun intended), it guarantees we're not
mixing both types.

The second step is to make `ptr` parametric so we know what they refer
to in the Skip world (after being compiled to LLVM and Wasm). Again, it
avoids mixing things like `ptr<int>` with `ptr<string>`. Like in C, you
can always can between pointer, via `void*` (`ptr<any>`).
I think I got everything in `skstore/ts`, except for a few places at the FFI
boundary where a variable truly does refer to a skip handle.
For symmetry with OutputMapper and correspondence with inputs of skip reactive
service inputs
@gregsexton

Copy link
Copy Markdown
Contributor Author

Carved out a PR for just the rendering while I continue working on the backend.

'Insight' is what I've been calling the debugger. It's more of a trace than a 'debugger', but in my experimentation this is much more useful - and it will work across machines, platforms, languages, etc.

I'll attach some screenshots.

@gregsexton

Copy link
Copy Markdown
Contributor Author

Here I ask for a trace of a key produced by a left outer join.

Screenshot 2024-09-25 at 12 10 22

You can zoom, pan around, adjust the positions of nodes, etc.

Screenshot 2024-09-25 at 12 10 38

As you hover over files, the upstream dependencies - including reads performed by the mapper - are highlighted.

Screenshot 2024-09-25 at 12 10 55

You can click in to the detail of how any file was produced. These are the collapsed sections.

Screenshot 2024-09-25 at 12 11 27

Here we see the logic for the computation, with the full transitive closure. Using this we can understand exactly how the logic operated and why it produced this value.

Screenshot 2024-09-25 at 12 13 11

Here are the out of band reads made compared to the input files the DAG fed the mapping function.

Screenshot 2024-09-25 at 12 14 12

@gregsexton gregsexton mentioned this pull request Oct 14, 2024
@mbouaziz mbouaziz closed this in 8a18c29 Jul 10, 2026
mbouaziz added a commit that referenced this pull request Jul 10, 2026
## Summary
Closes Dependabot alert
[#339](https://github.com/SkipLabs/skip/security/dependabot/339) —
[GHSA-v6wh-96g9-6wx3](GHSA-v6wh-96g9-6wx3)
/ CVE-2026-53632 (**medium**: `launch-editor` NTLMv2 hash disclosure via
UNC path handling on Windows). `www` had `launch-editor@2.13.2`
(vulnerable range `<= 2.14.0`).

## Fix
`launch-editor` is a transitive dep of `webpack-dev-server` (`^2.6.1`),
so a plain `npm update launch-editor --package-lock-only` bumps it to
**2.14.1** within range — no override needed. Single-package, 4-line
diff.

## Breaking-change check
Changelog 2.13.2 → 2.14.1:
- **v2.14.1**: `fix: reject UNC paths` (#138) — the security fix itself
— plus non-major dep bumps.
- **v2.14.0**: `feat: add and improve package types` (additive),
editor-path detection fixes (Trae casing, vscode path).

No breaking changes; the public API (launch an editor) is unchanged.

## Verification
- Fresh `npm install` → single `launch-editor@2.14.1`; no copy `<=
2.14.0`.
- Diff scoped to the one package; no lockfile drift.

`launch-editor` is dev-only tooling — `webpack-dev-server`'s
click-to-open-in-editor overlay during `docusaurus start` — and the vuln
is Windows/UNC-specific. It never runs in CI or reaches the shipped
static site.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
@mbouaziz mbouaziz reopened this Jul 10, 2026
@mbouaziz

mbouaziz commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Reopening — this was closed accidentally. My Dependabot fix PR #1317 used the text "Closes #339" intending Dependabot alert #339 (launch-editor), but GitHub interpreted it as this PR and auto-closed it on merge. Apologies for the noise; this PR was not meant to be touched.

--
Claude

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants