FE-737: Web shell over the same host (M3)

[lunelson]

FE-737: Start web shell frontier

FE-737 reject non-linear transcript JSONL

FE-737 fail fast on non-linear session RPC

FE-737 block TUI branch flows

[lunelson]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• FE-744: Document Pi command containment evidence #150
• FE-737: Web shell over the same host (M3) #147 👈 (View in Graphite)
• FE-736: JSONL session viability proof (M2) #146
• FE-735: Mode shell and fixture driver (M1) #144
• FE-702: Walking skeleton — brunch binary + TUI over pi (M0) #142
• next

This stack of pull requests is managed by Graphite. Learn more about stacking.

[semgrep-code-hashintel]

The use of a weak cryptographic algorithm (e.g., SHA-1 or MD5) has been identified. These algorithms are considered insecure due to vulnerabilities that make them susceptible to collision attacks, allowing attackers to compromise data integrity or security. Replace SHA-1 or MD5 with secure hashing algorithms, such as: SHA-256 or higher (e.g., SHA-3).

⭐ Fixed in commit ec2f985 ⭐

[cursor]

PR Summary

Medium Risk
Introduces a new browser transport and session-projection contract that many clients will depend on; mistakes in binding/linearity or RPC params could mis-route reads, though scope stays read-only POC with broad automated coverage.

Overview
Delivers M3 (web-shell): brunch --mode web runs a local HTTP host that serves the Vite-built React shell and exposes the same JSON-RPC handlers over WebSocket /rpc (no REST product reads). The browser stack adds React 19, TanStack Router/Query, dist-web in the build, and a minimal index.html entry.

Transcript and session reads are centralized on a canonical Brunch session envelope (readBrunchSessionEnvelope): one Pi header, one brunch.session_binding, strict entry shape, and fail-fast linearity (no branch-derived sessions, branch summaries, or multi-child graphs). Active-branch JSONL projection is removed; elicitation and display paths go through linear loaders with an allowlisted set of prompt-side custom entry types and new session.transcriptDisplay RPC alongside session.elicitationExchanges, including optional explicit { sessionId, specId } targets and a -32002 error for non-linear transcripts. The TUI extension cancels Pi session_before_tree / session_before_fork with a stable warning.

Shared json-rpc-protocol helpers factor parse/dispatch out of transports; fixture capture and tests are updated for the linear model. SPEC/PLAN mark web-shell complete, document D33-L (connections are client attachments, one-writer/many-observer POC), and advance the active frontier to graph-data-plane. Also adds the ln-judo-review agent skill and minor workflow doc tweaks (Graphite frontier setup, dist-web gitignore).

^{Reviewed by Cursor Bugbot for commit eab91df. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit eab91df. Configure here.}

[cursor]

Identical function duplicated within same file

Low Severity

hasRequiredSessionEntryShape and isSessionEntry in brunch-session-envelope.ts have identical implementations — both return isTranscriptEntry(value) && hasStringOrNullParentId(value). One of them is unnecessary and risks diverging silently if only one is updated in the future.

Additional Locations (1)

• src/brunch-session-envelope.ts#L159-L162

 

^{Reviewed by Cursor Bugbot for commit eab91df. Configure here.}

[cursor]

Transcript entry helpers duplicated across two files

Low Severity

isTranscriptEntry, isSessionEntry, and hasStringOrNullParentId are identically copy-pasted as private functions in both brunch-session-envelope.ts and elicitation-exchange.ts. Since elicitation-exchange.ts already imports from brunch-session-envelope.ts, these helpers could be shared rather than duplicated, reducing the risk of future divergence.

Additional Locations (1)

• src/brunch-session-envelope.ts#L159-L183

 

^{Reviewed by Cursor Bugbot for commit eab91df. Configure here.}

[augmentcode]

🤖 Augment PR Summary

Summary: This PR introduces the M3 “web shell” as a native React UI served by the Brunch host, using a single WebSocket-backed JSON-RPC transport (no REST read model).

Changes:

• Adds --mode web CLI support and a Node HTTP host that serves built web assets plus /rpc WebSocket JSON-RPC.
• Introduces a typed JSON-RPC protocol helper module to centralize parsing/dispatch and standard error frames.
• Adds a browser WebSocket RPC client with request multiplexing and protocol-failure hardening.
• Builds the initial React dashboard using TanStack Router + Query to render workspace chrome and a read-only transcript display.
• Adds a canonical “Brunch session envelope” reader that validates session self-description (brunch.session_binding) and enforces linear transcript constraints.
• Hardens projection/RPC paths to reject non-linear transcripts and to require explicit session/spec targets for durable reads.
• Blocks Pi branch flows (/tree, /fork) in the TUI with a stable user-facing warning.
• Wires Vite build output to dist-web and updates packaging/tsconfig accordingly.

Technical Notes: Session-consuming reads now treat transport connections as ephemeral attachments; explicit { sessionId, specId } targeting is used for web projections, and non-linear Pi JSONL shapes fail fast.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

src/fixture-capture.ts:164 — Since response comes from JSON.parse without runtime validation, a malformed frame that lacks both error and result will now fall through and return undefined, which can mask protocol failures during fixture capture.

Severity: medium

⏳ Generating Fix in Augment link...

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}