feat: add custom prompts panel#93
Conversation
|
Few things:
|
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b05596da33
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
Yes I think the blocking thing for me is really the workspace write, look how I've moved the worktree, you can probably use same kind of folder structure |
|
Updated workspace prompts to live under app data (workspaces//prompts) so no workspace writes, mirroring the worktree layout. Also rejected whitespace in prompt names to match slash parsing. Global prompts stay in CODEX_HOME. |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 086392e765
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let target = PathBuf::from(path); | ||
| if !target.exists() { | ||
| return Ok(()); | ||
| } | ||
| fs::remove_file(&target).map_err(|err| err.to_string()) |
There was a problem hiding this comment.
The new prompt commands accept a raw path from the renderer and immediately act on it, so any caller that can invoke Tauri commands (e.g., via XSS or a compromised preload) can delete arbitrary files on disk by pointing path outside the prompts directories; the same pattern appears in prompts_update/prompts_move for writes and renames. This is a security footgun introduced with the new prompts CRUD and should be gated to workspace/global prompts roots or rejected when the path is outside those directories.
Useful? React with 👍 / 👎.
src-tauri/src/prompts.rs
Outdated
| if let Some(parent) = next_path.parent() { | ||
| fs::create_dir_all(parent).map_err(|err| err.to_string())?; | ||
| } | ||
| fs::rename(&target_path, &next_path).map_err(|err| err.to_string())?; |
There was a problem hiding this comment.
prompts_move uses fs::rename directly, which fails with EXDEV when the workspace prompts directory (app data) and the global prompts directory (CODEX_HOME) live on different filesystems (e.g., CODEX_HOME on an external drive). In that case the UI will always error and the prompt cannot be moved; a copy+delete fallback is needed for cross-volume moves.
Useful? React with 👍 / 👎.
Co-authored-by: Thomas Ricouard <ricouard77@gmail.com>
2 participants
Summary
Demo
https://screen.studio/share/hJeWwB2R
Testing