fix: cua unknow

[zerob13]

Summary by CodeRabbit

• Bug Fixes

  • CUA Settings: Message area now clears after successful permission checks instead of displaying "Unknown"
  • Permission status updates display correctly in the settings UI

• Tests

  • Added regression test coverage for CUA plugin settings behavior

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR fixes the CUA plugin settings UI to clear the message area after successful permission checks instead of displaying a fallback "Unknown" message. The change modifies setMessage() to render text verbatim and permit empty strings, adds a regression test validating the behavior, and documents the fix through specification and task-tracking files.

Changes

CUA Settings Empty Message Behavior

Layer / File(s)	Summary
Specification & Planning docs/issues/cua-settings-empty-message/spec.md, docs/issues/cua-settings-empty-message/plan.md, docs/issues/cua-settings-empty-message/tasks.md	User story and acceptance criteria require that successful permission checks update only status rows and leave the message area empty when no diagnostic error occurs. Implementation plan outlines setMessage() modification to support empty strings and adds a regression test.
Settings UI Implementation plugins/cua/settings/assets/index.js	setMessage() now directly sets messageNode.textContent to the provided value or an empty string when falsy, replacing the previous setText() delegation that applied an "Unknown" fallback.
Test Coverage test/renderer/plugins/cuaSettings.test.ts	New Vitest suite sets up a minimal DOM structure with mocked plugin status and actions, evaluates the settings UI script, simulates a permission check button click, and verifies that status rows update to "Granted"/"Denied" while the message area is cleared.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A message that once refused to fade,
Now clears when checks succeed, not delayed.
Settings shine clean with empty grace,
No "Unknown" haunts the message space! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: cua unknow' is vague and contains a typo ('unknow' instead of 'unknown'), making it unclear what specific issue is being fixed despite the changes relating to CUA settings empty message handling.	Revise the title to be more specific and descriptive, such as 'fix: clear CUA settings message on successful permission check' or similar, and correct the typo.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/cua-unknow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/renderer/plugins/cuaSettings.test.ts`:
- Line 67: The test currently uses window.eval(await readFile(scriptPath,
'utf8')) which triggers the security lint rule noGlobalEval; replace this with
an ESM dynamic import of the script file instead (e.g., convert scriptPath into
a file:// URL with url.pathToFileURL and await import(fileUrl)) so the module is
loaded as an ES module rather than evaluated via global eval; update the test to
await import(fileUrl) and remove window.eval usage while ensuring the test
environment supports dynamic import.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9fcb4404-2091-45c3-823b-a89ef59da2d0

📥 Commits

Reviewing files that changed from the base of the PR and between 42599e6 and 7d8894f.

📒 Files selected for processing (5)

• docs/issues/cua-settings-empty-message/plan.md
• docs/issues/cua-settings-empty-message/spec.md
• docs/issues/cua-settings-empty-message/tasks.md
• plugins/cua/settings/assets/index.js
• test/renderer/plugins/cuaSettings.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify there are no eval usages left in renderer tests.
rg -nP --type=ts '\b(?:window\.)?eval\s*\(' test/renderer

# Verify the CUA settings test now loads via import().
rg -n -C2 'pathToFileURL|import\(' test/renderer/plugins/cuaSettings.test.ts

Repository: ThinkInAIXYZ/deepchat

Length of output: 162

---

Replace window.eval to avoid security lint failure.

Line 67 uses window.eval, which is flagged by lint/security/noGlobalEval and will fail required lint checks.

🔧 Proposed fix (load script via ESM import)

-import { readFile } from 'node:fs/promises'
 import { resolve } from 'node:path'
+import { pathToFileURL } from 'node:url'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
@@
-    window.eval(await readFile(scriptPath, 'utf8'))
+    await import(`${pathToFileURL(scriptPath).href}?t=${Date.now()}`)
     await flushPromises()

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	window.eval(await readFile(scriptPath, 'utf8'))
	import { resolve } from 'node:path'
	import { pathToFileURL } from 'node:url'
	import { beforeEach, describe, expect, it, vi } from 'vitest'
	// ... other code ...
	await import(`${pathToFileURL(scriptPath).href}?t=${Date.now()}`)
	await flushPromises()

🧰 Tools

🪛 Biome (2.4.14)

[error] 67-67: eval() exposes to security risks and performance issues.

(lint/security/noGlobalEval)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/renderer/plugins/cuaSettings.test.ts` at line 67, The test currently
uses window.eval(await readFile(scriptPath, 'utf8')) which triggers the security
lint rule noGlobalEval; replace this with an ESM dynamic import of the script
file instead (e.g., convert scriptPath into a file:// URL with url.pathToFileURL
and await import(fileUrl)) so the module is loaded as an ES module rather than
evaluated via global eval; update the test to await import(fileUrl) and remove
window.eval usage while ensuring the test environment supports dynamic import.