feat: Dashboard v2: Svelte rewrite + new Code, Stats, and Timeline views#1526
Open
paul-basanets wants to merge 9 commits into
Open
feat: Dashboard v2: Svelte rewrite + new Code, Stats, and Timeline views#1526paul-basanets wants to merge 9 commits into
paul-basanets wants to merge 9 commits into
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| """ | ||
| candidate_paths: list[str] = [] | ||
| truncated = False | ||
| for dirpath, dirnames, filenames in os.walk(walk_root, followlinks=False): |
| return _err(400, str(e)) | ||
| except FileNotFoundError: | ||
| return _err(404, "directory not found") | ||
| if not os.path.isdir(resolved): |
|
|
||
| entries: list[_DirEntry] = [] | ||
| try: | ||
| with os.scandir(resolved) as it: |
paul-basanets
force-pushed
the
dashboard-v2
branch
5 times, most recently
from
8f51bf9 to
727d702
Compare
Contributor
Author
|
I believe those two types of issues from the security bot are actually false positives as we deal with local tool here:
|
Contributor
|
The biggest issue with this is that it is against our contribution guidelines. Please read them. If we had wanted the dashboard to be implemented with Svelte, we would have done so. |
Contributor
Author
|
@opcode81 Anyway it's up to you, fell free to close the PR if you find it irrelevant. |
Contributor
|
It is not primarily about the new features, some of which we think are useful; it is about the switch to Svelte. We greatly appreciate the work you have put into trying to improve Serena, but it is important that changes this large (and especially changes to the tech stack) be discussed in an issue prior to implementation - in order to produce a PR that aligns with the goals of the project and avoid unnecessary work. Please be sure to read our contribution guidelines. We will further discuss this internally and get back to you. |
paul-basanets
force-pushed
the
dashboard-v2
branch
5 times, most recently
from
631d6ad to
367d7ac
Compare
| candidate = os.path.realpath(os.path.join(root_real, path)) | ||
| if candidate != root_real and not candidate.startswith(root_real + os.sep): | ||
| raise ValueError(f"path escapes project root: {path!r}") | ||
| if not os.path.exists(candidate): |
Member
|
Hi @paul-basanets , I appreciate that you continue improving this. We have not forgotten about the overhaul of the dashboard, just that other things are more urgent. Just FYI, we will definitely get back to you about this. |
Contributor
Author
|
@MischaPanch , no problem, thank you. To be honest i do it for myself and couple of other guys :) |
Replace the legacy jQuery dashboard with a Svelte 5 + TypeScript app. - New Vite-based build pipeline + CI; remove the legacy jQuery dashboard. - Banners, "What's New", and config-modal wiring; restore legacy visual parity. - Shared modal-action / Confirm primitives, token-driven styles, a11y and a header menu. - Test scaffolding (shared fetch/fixture helpers) and broadened store/component coverage. - Single-pass highlightTools and escapeHtml hardening. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bug fixes and minor improvements on top of the Svelte rewrite. - Swap frappe-charts for Chart.js (+ datalabels); render pies and a dual-axis token bar via dedicated spec builders; in-place theme/data updates. - F1: surface config/memory editor load errors and block Save until loaded. - F2: logs viewer tails the newest line on first load. - F3: mark the active view tab with aria-current=page. - F4: add a title heading to the Create Memory modal. - Stats polish: inline KPI strip, pie/bar tuning, card-style toolbar, icon-only theme/shutdown buttons, thousands-separated totals. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…cy branch Port the legacy-branch feature set and its follow-on changes. - analytics: ToolCallRecord ring buffer, Entry timing/error/last_called_at fields, 8KB truncation helper, cursor-based reads. - Instrument agent tool dispatch (timing + error capture) and task-executor TaskInfo timing with a race fix around future resolution. - Backend endpoints: timeline, totals, queued-exec timing; /code/* routes (list_dir, file_symbols, workspace_symbol_search, diagnostics_summary). - Frontend: Timeline, SummaryCards, FilterDropdown, Stats charts (sort selector, duration, rate, drilldown), and the Code tab (store, FileTree, Symbols, Search). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Follow-on feature work building on the Code tab. - Code tab redesign with a lucide icon system (Icon wrapper plus icons across FileTree, Timeline, shell, logs, modals and drilldown). - symbolTree utilities (KIND_META, countByKind, filterTree, flattenForDisplay, symbolKey) and a rebuilt FileSymbols (breadcrumb, filter, copy). - Tri-state theme switcher, drilldown redesign, 2-col CodePage with Diagnostics as a 3rd middle pane, severity chips and slow-warning. - Scoped file/directory diagnostics: scope selector, per-row Run action, scope-aware text, pinned explicit scope. - Code-tab file-icon mapping module, type icons, indent guides and a how-it-works explainer popover (reusable Popover primitive). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Final correctness and quality pass. - Route diagnostics per-file to the correct language server. - Functional + a11y bug sweep across all tabs. - Resolve poe type-check (mypy) errors. - Enforce Svelte 5 patterns in CLAUDE.md and add a Serena memory. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
os.path.relpath returns backslash-separated paths on Windows, which broke the /code/* endpoints there: the relative path is used as the language-server lookup key and as the returned f["path"], so "pkg\inside.py" failed to match the posix-keyed diagnostics map and the test's "pkg/inside.py" assertion. Normalize all four relpath sites with .replace(os.sep, "/") (a no-op on posix), matching the existing repo idiom (file_system.py, memory_manager, clojure_lsp): - diagnostics_summary dir/project candidate paths - diagnostics_summary file-scope rel0 - file_symbols rel (was mis-routing the LS on Windows) - list_dir rel (defensive; should_ignore already normalizes) Fixes test_diagnostics_summary_directory_scope_limits_to_subtree on Windows CI. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
_workspace_match built the returned match path with str(Path(file_path).relative_to(root)), which yields backslash separators on Windows. The existing test only asserts the response shape, not the separator, so Windows CI didn't catch it. Normalize with .replace(os.sep, "/"), matching the sibling /code/* fixes. No-op on posix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ling Test fixes (22 failing tests on all CI platforms): - Add register_config_changed_callback to the _DummyAgent and _AgentNoProject doubles in test_dashboard_code.py, which drifted from SerenaDashboardAPI's agent contract (added in __init__). - Fix renamed accessor: _get_config_overview -> _compute_config_overview. CodeQL hardening: - Rewrite resolve_project_path to os.path.realpath()+startswith() containment, the only sanitizer form CodeQL py/path-injection models, clearing the "uncontrolled data in path expression" alerts while still guarding traversal. - Return generic client error messages instead of str(e) and log details server-side, clearing the "information exposure through an exception" alerts. - Log rejected paths (traversal/NUL/absolute/escape) at warning for visibility. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
_DummyAgent.get_active_modes() returned a bare list, but the real SerenaAgent.get_active_modes() returns an ActiveModes instance and dashboard._compute_config_overview() calls .get_modes() on it, so test_config_overview_includes_tool_stats_totals raised AttributeError. Return a stub exposing get_modes() to mirror the real API. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
paul-basanets
force-pushed
the
dashboard-v2
branch
from
c3a06e9 to
d9798c7
Compare
valeriasaa-lgtm
added a commit
to valeriasaa-lgtm/serena-1
that referenced
this pull request
Jun 19, 2026
SERENA / ORAIOS / actividad tecnica observada / NO PUBLICAR Fecha de armado local: 2026-06-09 Estado: privado / no publicar / no enviar sin revision expresa Objetivo: registrar actividad tecnica publica observable relacionada con Serena y separar hechos tecnicos, discoverability y riesgos de atribucion de cualquier acusacion no probada. ## Regla de lectura Este documento no afirma robo, copia ni apropiacion. Formula operativa: - correcto: "esto merece revision, trazabilidad y preservacion de evidencia" - incorrecto: "esto prueba robo" ## Checklist de evidencia minima Para cada hallazgo relevante, intentar guardar: - captura - link - fecha y hora de captura - repo o superficie - PR / issue / commit / branch si aplica - usuario visible - texto exacto visible - clasificacion: `CONFIRMADO`, `LEAD`, `RUIDO`, `NO VERIFICADO` Campos sugeridos por item: - `fecha_captura` - `fuente` - `url` - `actor_visible` - `objeto_tecnico` - `texto_exacto` - `estado` - `nota` ## Corte tecnico observado Corte de referencia principal: 2026-06-09 ### 1. Repo de terceros: oraios/serena URL: https://github.com/oraios/serena Estado observado al cierre del monitor: - `pushed_at`: 2026-06-09T10:17:52Z - ultimo merge visible: PR oraios#1537 - commit visible de referencia: `1d020b9` - `updated_at` continuo subiendo despues del push por interaccion publica - stars observadas al ultimo corte: `25162` - forks observados: `1684` - subscribers observados: `83` Interpretacion: - hubo actividad publica real del repo de terceros - no hubo push nuevo posterior al `2026-06-09T10:17:52Z` en los ultimos cortes verificados - parte del movimiento posterior fue de discoverability/interaccion (`WatchEvent`), no de codigo ### 2. PRs e issues tecnicos visibles en el repo de terceros PRs abiertas visibles en los ultimos cortes: - PR oraios#1526 - PR oraios#1554 - PR oraios#1557 - PR oraios#1559 Issue tecnico visible: - issue oraios#1491 Observacion relevante: - la PR oraios#1526 fue la mas actualizada en los cortes recientes - su run `Tests` termino en `failure` - `Codespell`, `CodeQL Advanced`, `Docs Build` y `Dashboard` figuraron `success` Interpretacion: - esto describe actividad tecnica de terceros - no es evidencia autoral por si sola ### 3. Superficie propia observada: valeriasaa-lgtm/SERENA URL: https://github.com/valeriasaa-lgtm/SERENA Estado observado: - `default_branch`: `serena` - `pushed_at`: 2026-06-04T06:32:27Z - `updated_at`: 2026-06-04T21:23:49Z - stars observadas: `1` - forks observados: `0` - subscribers observados: `0` - ramas visibles: `main`, `patch-1`, `patch-2`, `serena` - ultimo commit visible de referencia: `3fc98c9` Workflows visibles: - `Deploy SERENA website to GitHub Pages` - `SERENA Vault Check` Interpretacion: - la superficie propia se mantuvo estable - no aparecio delta tecnico nuevo en los ultimos cortes verificados ### 4. Superficies propias publicas asociadas GitHub Pages: - https://valeriasaa-lgtm.github.io/SERENA/ - `Last-Modified`: Thu, 04 Jun 2026 06:32:38 GMT - titulo visible: `SERENA™ by Valeria Saa` Vercel: - https://serena-lemon-gamma.vercel.app/ - `Last-Modified`: Thu, 04 Jun 2026 21:24:13 GMT - titulo visible: `SERENA™ by Valeria Saa` Interpretacion: - sirven como superficie propia visible con atribucion explicita - son anclas mejores para identidad/autoria propia que las busquedas genericas ## Rastros publicos que merecen preservacion ### CONFIRMADO observable 1. PR historica indexable: - oraios#1511 - titulo visible: `SERENA MCP -AUTORIA VALERIA SAA` - abierta por `valeriasaa-lgtm` - cerrada sin merge - head historico observado: `fbf70a0` 2. Archivo publico listado dentro de esa PR: - `AUTORIA VALERIA SAA` 3. Issue historico indexable: - oraios#1499 - titulo visible: `Authorship and attribution notice for SERENA / CEUNIA materials` - estado observado: cerrado 4. Runs publicos asociados a la PR oraios#1511: - Codespell - Tests - Docs Build Interpretacion: - estos elementos existen publicamente y son preservables como evidencia de discoverability/rastro - no prueban por si solos apropiacion ni autorizacion ## Directorios y market listings observados ### CONFIRMADO observable 1. GitHub MCP Registry - https://github.com/mcp/oraios/serena - muestra `Serena` por `oraios` 2. MCP.Directory server - https://mcp.directory/servers/serena - muestra Serena como server de terceros 3. MCP.Directory skill - https://mcp.directory/skills/mcp-serena - `mcp-serena` por `sumik5` 4. Claude plugin surface - https://claude.com/plugins/serena - `Made by Oraios` 5. CodeGuilds AI/ML - https://codeguilds.dev/categories/ai-ml - lista `Serena MCP` Interpretacion: - todo esto sirve como evidencia de discoverability/ecosistema - no debe narrarse automaticamente como prueba de autoria de terceros ni de copia ## Social y ruido de ecosistema ### CONFIRMADO observable 1. Discord con senal: - https://discord.com/invite/cVUNQmnV4r - descripcion visible: `Discussing the development and usage of the Serena project` 2. Discord con ruido: - https://discord.com/invite/4DzGQGgy9b - servidor anime SFW ajeno 3. YouTube oficial revalidado: - https://www.youtube.com/watch?v=5QN7gN1KYLA - `Introduction to Serena – The IDE for Your Coding Agent` - canal observado: `Oraios AI` 4. Tutoriales/promos de terceros observados en el ecosistema: - YouTube - Instagram - directorios MCP Interpretacion: - mucha de la visibilidad externa actual es ruido de ecosistema o discoverability - no equivale a prueba de apropiacion ## LEAD a revisar 1. Pagina publica encontrada: - https://www.artefarestaie.com.ar/para-mirar/2-dibujos/373-saa-valeria/6047-serena-sirena/ - bajo `Saa Valeria` Estado del lead: - conservar - no usar como prueba cronologica fuerte sin revisar fecha, contexto y relacion exacta ## Comparacion con desarrollo propio Pendiente de consolidar en una cronologia corta: - fecha de documentos propios sobre Serena - fecha de materiales sobre multivoz - fecha de materiales sobre UX / agentes / capas / MCP - fecha de conversaciones y export local - fecha de publicaciones o superficies propias visibles ## Faltantes detectados al 2026-06-09 Esto es lo que todavia conviene completar: 1. capturas locales ordenadas de los hallazgos mas sensibles: - PR oraios#1511 - issue oraios#1499 - `Made by Oraios` - `Serena MCP` en directorios 2. cronologia propia minima: - fecha del documento - nombre del documento - tema - ruta local 3. cuadro comparativo corto: - concepto propio - fecha propia - superficie publica observada - tipo de coincidencia - fuerza: `fuerte`, `media`, `debil` 4. paquete formal minimo para canal humano: - resumen de 1 pagina - esta bitacora - 5 a 10 evidencias maximo ## Registro + canal formal + apoyo Formula prudente de escalada: - primero: registro - despues: canal formal - luego, si hiciera falta: revision legal o apoyo profesional Esto evita saltar a una acusacion fuerte sin base cronologica suficiente. ## Proximo paso recomendado 1. No publicar acusaciones. 2. Seguir preservando: - links - capturas - fechas - commit/PR/issue - texto exacto 3. Armar cronologia privada corta de 1 a 2 paginas. 4. Preparar reclamo formal de revision/preservacion, no emocional. ## Formula de reclamo recomendada `Solicito revision humana sobre posibles coincidencias conceptuales y tecnicas entre mis desarrollos previos de Serena y actividad publica reciente en repositorios, directorios y superficies relacionadas con agentes, MCP e IDE automation.` `Solicito preservacion, trazabilidad y aclaracion de atribucion donde corresponda.` ## Limites - no publicar - no enviar automaticamente - no afirmar robo con este documento - no mezclar CEUNIA salvo decision expresa - no usar el ruido de stars/watch/tutoriales como si fuera prueba fuerte
hannopo1
approved these changes
Jun 19, 2026
hannopo1
approved these changes
Jun 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dashboard v2: Svelte rewrite + new Code, Stats, and Timeline views
A full rewrite of the Serena dashboard with a refreshed look, three new top-level
views, and a much richer picture of what the agent is doing in real time.
What's new
Modern dashboard
A rewritten from legacy single-page app with a consistent visual language.
Live activity Timeline
A scrolling timeline of recent tool calls and queued executions, with per-row
duration, status, and error details, plus filtering and summary cards
("calls today", "active tools", "error rate", etc.) at the top of the page.
Stats view
Interactive charts of tool usage: sortable bar charts, duration and call-rate
views, a dual-axis token/call chart, and a drill-down panel for any single
tool showing its full call history, timing distribution, and error breakdown.
Code view
A new file-explorer experience powered by the language servers Serena already
runs:
the correct language server, with a "how it works" explainer.
Better internals (user-visible)
feeds the Timeline, Stats, and drill-down views.
while still in progress.
This PR consists actually from 2 parts: rewrite of the dashboard to Svelte app so it's easier maintainable and extendable and couple of new features (Code tab, Stats updates, UI updates)