Conversation
# SmartHopper 1.4.1-alpha: Provider Security, Stability, and macOS compatibility improvments [Patch] This patch release enhances provider security with a flexible three-tier verification system, improves macOS compatibility, and fixes critical stability issues in component state management and GhJSON tooling. ## Detailed list of changes: - **Provider Security Enhancement**: Replaced boolean "hard integrity check" with three selectable modes (Soft/Hard/Strict) in Providers settings with automatic migration for existing installations. SHA-256 hash verification now covers both Windows and macOS with dual-runner CI hashes and DEBUG auto-switch to Soft Check for smoother local development. - **Component Stability**: Fixed race condition in `ComponentStateManager.ProcessTransitionQueue()` where the `isTransitioning` flag was cleared before event firing, potentially allowing concurrent queue processing on macOS and causing out-of-order event handling. - **GhJSON Tooling**: Fixed `script_generate` and `script_edit` tools by setting GhJSON component `Id = 1` when `InstanceGuid` is null to satisfy GhJSON.Core validation, and added `SanitizeAndParseJson` to handle AI responses wrapped in markdown code blocks or non-JSON formatting. - **Provider Infrastructure**: Improved `AIProvider.CallApi()` error messages for non-JSON API responses (e.g., HTML error pages from proxies). Reduced provider hash verification timeout from 10s to 5s for faster offline detection and improved Settings dialog responsiveness. Added network availability check in `ProviderHashVerifier` to skip hash fetch attempts when offline. Implemented 15-minute manifest caching with thread-safe `ConcurrentDictionary`. - **Component Naming**: Renamed `AIScriptGenerator` component to `AIScriptGenerate` for consistent AI script naming. - **Tooling & Automation**: Enhanced `Change-SolutionVersion.ps1` with explicit version parsing and help output. Expanded `.gitignore` to exclude all local libraries. Improved pre-commit hook with selective staging and safer password handling. Added post-commit hook to auto-update `InternalsVisibleTo`. Added GitHub workflow to anonymize the public key on protected branches. - **CI/CD Fixes**: Skip `Update-InternalsVisibleTo` step on macOS runners since `sn.exe` (Strong Name tool) is Windows-only; assemblies still strong-name signed with SNK file. - **macOS Compatibility**: Addressed deadlock risk, GhJSON validation issues, and JSON parsing edge cases tracked in [#389](#389). - **Additional Stability**: Fixed stability and compatibility issues tracked in [#395](#395) and [#393](#393). - **Contributors Workflow**: Added automated GitHub workflow (`chore-update-contributors.yml`) to maintain the contributors section in CHANGELOG.md.
chore: add provider hash manifest for version 1.4.1-alpha (dual platform) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…rectory - Fix `latest.json` and `versions.json` output paths to use `$hashesDir` instead of `$pagesDir` - Update console output messages to reflect correct file locations in hashes/ subdirectory - Resolves 404 errors when ProviderHashVerifier and web UI attempt to fetch manifest files from incorrect paths
… files - Skip latest.json creation when latest version is a prerelease to avoid pointing users to unstable builds - Remove existing latest.json when no stable version exists to prevent stale references - Update console output to clarify stable vs prerelease version handling
Contributor
|
🏷️ This PR has been automatically assigned to milestone 1.4.1-alpha based on the version in |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Pages generation workflow and release artifacts to fix where provider-hash manifest files are published for SmartHopper’s public hash verification and web UI.
Changes:
- Add a new provider hash manifest for
1.4.1-alpha. - Update the composite Pages-generation action to emit
versions.jsonunderhashes/and adjustlatest.jsonhandling. - Document the GitHub Pages manifest-path fix in the changelog.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/actions/generate-github-pages/action.yml |
Adjusts where versions.json is written (and changes logic for creating/removing latest.json). |
hashes/1.4.1-alpha.json |
Adds the new version’s provider SHA-256 manifest and metadata. |
CHANGELOG.md |
Notes the intended Pages deployment fix for manifest locations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+111
to
+124
| # Copy latest version to latest.json only if it's a stable release | ||
| if ($latestVersion.IsStable) { | ||
| $latestHashPath = Join-Path $hashesDir "latest.json" | ||
| Copy-Item $latestVersion.File.FullName -Destination $latestHashPath -Force | ||
| Write-Host " ✓ Created hashes/latest.json from stable version $($latestVersion.Version)" | ||
| } else { | ||
| Write-Host " ⚠ Skipped latest.json - latest version $($latestVersion.Version) is a prerelease, not stable" | ||
| # Remove existing latest.json if it exists (to avoid stale latest pointing to old stable) | ||
| $existingLatest = Join-Path $hashesDir "latest.json" | ||
| if (Test-Path $existingLatest) { | ||
| Remove-Item $existingLatest -Force | ||
| Write-Host " ✓ Removed stale hashes/latest.json" | ||
| } | ||
| } |
There was a problem hiding this comment.
The new logic skips generating hashes/latest.json when the newest available version is a prerelease. In this repo’s current state (hashes/ contains only 1.4.0-alpha.json and 1.4.1-alpha.json), that means latest.json will not be published at all, so clients falling back to .../hashes/latest.json (e.g., ProviderHashVerifier) will still hit 404. Consider always generating latest.json (using the latest stable when present, otherwise the latest prerelease), or publish a separate latest-stable.json if you want stable-only semantics.
Suggested change
| # Copy latest version to latest.json only if it's a stable release | |
| if ($latestVersion.IsStable) { | |
| $latestHashPath = Join-Path $hashesDir "latest.json" | |
| Copy-Item $latestVersion.File.FullName -Destination $latestHashPath -Force | |
| Write-Host " ✓ Created hashes/latest.json from stable version $($latestVersion.Version)" | |
| } else { | |
| Write-Host " ⚠ Skipped latest.json - latest version $($latestVersion.Version) is a prerelease, not stable" | |
| # Remove existing latest.json if it exists (to avoid stale latest pointing to old stable) | |
| $existingLatest = Join-Path $hashesDir "latest.json" | |
| if (Test-Path $existingLatest) { | |
| Remove-Item $existingLatest -Force | |
| Write-Host " ✓ Removed stale hashes/latest.json" | |
| } | |
| } | |
| # Always copy selected latest version (stable preferred, otherwise prerelease) to latest.json | |
| $latestHashPath = Join-Path $hashesDir "latest.json" | |
| Copy-Item $latestVersion.File.FullName -Destination $latestHashPath -Force | |
| if ($latestVersion.IsStable) { | |
| Write-Host " ✓ Created hashes/latest.json from stable version $($latestVersion.Version)" | |
| } else { | |
| Write-Host " ✓ Created hashes/latest.json from prerelease version $($latestVersion.Version)" | |
| } | |
| # Additionally, publish latest-stable.json if a stable version exists | |
| if ($stableVersions.Count -gt 0) { | |
| $latestStable = $stableVersions[0] | |
| $latestStablePath = Join-Path $hashesDir "latest-stable.json" | |
| Copy-Item $latestStable.File.FullName -Destination $latestStablePath -Force | |
| Write-Host " ✓ Created hashes/latest-stable.json from stable version $($latestStable.Version)" | |
| } |
| - fix(tools): set GhJSON component `Id = 1` when `InstanceGuid` is null in `script_generate` and `script_edit` to satisfy GhJSON.Core validation requiring at least one identifier | ||
| - fix(tools): add `SanitizeAndParseJson` to handle AI responses wrapped in markdown code blocks or non-JSON formatting in `script_generate` and `script_edit` | ||
| - fix(infrastructure): improve `AIProvider.CallApi()` error messages for non-JSON API responses (e.g., HTML error pages from proxies) | ||
| - fix(infrastructure): GitHub Pages deployment now correctly places `latest.json` and `versions.json` in the `hashes/` subdirectory instead of site root, fixing 404 errors when ProviderHashVerifier and the web UI attempt to fetch manifest files |
There was a problem hiding this comment.
This changelog entry claims GitHub Pages now places latest.json under hashes/, but the updated action currently skips generating hashes/latest.json when there are no stable versions. Since the repository’s hashes/ folder currently only contains prereleases (alpha), latest.json would still be missing and the described 404 fix wouldn’t hold. Please align the changelog with the actual behavior, or adjust the action to always publish hashes/latest.json (possibly pointing at the latest prerelease when no stable exists).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.