Skip to content

feat: Implement omnibox navigation with overlay manager #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Implement omnibox navigation with overlay manager #77

wants to merge 2 commits into from

Conversation

@maceip
Copy link
Contributor

@maceip maceip commented Jul 11, 2025

Summary

This PR introduces the omnibox navigation system with an overlay manager for improved browser navigation and search functionality.

Changes

  • Implemented overlay manager for omnibox dropdown
  • Added user profile store with navigation history tracking
  • Integrated omnibox with the main browser navigation system

Commits

  • 576c574 feat: Create user-profile-store.ts with navigation history interfaces
  • 7e4db24 feat: Implement overlay manager and integrate omnibox

mac added 2 commits July 11, 2025 00:57
"feat: ✨cortex✨ nonchalant chrome omnibox
2fa2eb2 
    _autocomplete navbar with agentic memory_

  - Add user profile store with persistent storage
  - Support multiple user profiles with unique IDs
  - Track navigation history per profile with visit counts
  - Implement smart history ranking based on frequency and recency
  - Add profile management actions (create, update, delete)
  - Limit history to 1000 entries per profile for performance"
  - Use profile ID for Electron session partitions
  - Each profile gets isolated cookies, cache, and storage
  - Fallback to default partition if no profile exists
  - Track navigation history on URL changes"
  - Register profile history IPC handlers
  - Add profile API to preload script
  - Initialize user profile store on app startup
  - Expose navigation history and profile info to renderer"
  - Integrate @tanstack/react-virtual for performant list rendering
  - Add Perplexity API integration (mocked)
  - Add local agent suggestions (mocked)
  - Implement profile-based navigation history suggestions
  - Fix z-index issues to render above browser content
  - Add loading states and animations
  - Enhance keyboard navigation (arrows, tab, escape)"
  - Extend window.vibe interface with profile API
  - Add proper types for navigation history
  - Define profile API methods and return types"
  - Document implemented features
  - Provide testing steps
  - Add debugging information"

# Conflicts:
#	apps/electron-app/src/main/index.ts
1. Created OverlayManager (src/main/browser/overlay-manager.ts)
7fde7c3 
  - Manages a transparent WebContentsView that sits above all browser content
  - Handles IPC communication for overlay commands
  - Forwards events from overlay to main window
  - Maintains proper z-index ordering

  2. Integrated with ViewManager (src/main/browser/view-manager.ts)

  - Added overlay initialization in ApplicationWindow
  - Ensures overlay stays on top when views are added/shown
  - Removed unused imports and fixed TypeScript errors

  3. Added Overlay API to Preload (src/preload/index.ts)

  - Exposed vibeOverlay API with show/hide/render/clear/update/execute methods
  - Maintains security with contextBridge

  4. Created React Integration (src/renderer/src/hooks/useOmniboxOverlay.ts)

  - Custom hook for managing omnibox overlay
  - Handles suggestion rendering with proper HTML/CSS
  - Manages keyboard navigation and click events
  - Fixed to work without relying on window.electron in injected scripts

  5. Updated NavigationBar (src/renderer/src/components/layout/NavigationBar.tsx)

  - Integrated overlay system for dropdown suggestions
  - Fixed Tab key behavior to only navigate for valid domains/URLs
  - Removed old portal-based dropdown approach
  - Cleaned up deprecated code

  6. Created Overlay HTML (src/renderer/overlay.html)

  - Base HTML with transparent background
  - CSS for interactive elements
  - Script setup for IPC communication

  Key Fixes Applied:

  1. Fixed JavaScript execution errors by adding proper checks for window.electron
  2. Fixed TypeScript errors related to WebContentsView methods
  3. Fixed IPC forwarding from overlay to main window
  4. Added proper event listener cleanup
  5. Ensured overlay maintains proper stacking order
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 11, 2025

Warning

Rate limit exceeded

@maceip has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between a75f9fd and 7fde7c3.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (25)
  • .claude/settings.local.json (1 hunks)
  • apps/electron-app/electron.vite.config.ts (2 hunks)
  • apps/electron-app/src/main/browser/application-window.ts (1 hunks)
  • apps/electron-app/src/main/browser/overlay-manager.ts (1 hunks)
  • apps/electron-app/src/main/browser/tab-manager.ts (3 hunks)
  • apps/electron-app/src/main/browser/view-manager.ts (6 hunks)
  • apps/electron-app/src/main/index.ts (12 hunks)
  • apps/electron-app/src/main/ipc/index.ts (2 hunks)
  • apps/electron-app/src/main/ipc/user/profile-history.ts (1 hunks)
  • apps/electron-app/src/main/ipc/window/chat-panel.ts (2 hunks)
  • apps/electron-app/src/main/store/user-profile-store.ts (1 hunks)
  • apps/electron-app/src/preload/index.ts (2 hunks)
  • apps/electron-app/src/renderer/overlay.html (1 hunks)
  • apps/electron-app/src/renderer/src/components/layout/NavigationBar.tsx (13 hunks)
  • apps/electron-app/src/renderer/src/components/main/MainApp.tsx (1 hunks)
  • apps/electron-app/src/renderer/src/components/styles/BrowserUI.css (1 hunks)
  • apps/electron-app/src/renderer/src/components/styles/NavigationBar.css (7 hunks)
  • apps/electron-app/src/renderer/src/env.d.ts (0 hunks)
  • apps/electron-app/src/renderer/src/global.d.ts (1 hunks)
  • apps/electron-app/src/renderer/src/hooks/useOmniboxOverlay.ts (1 hunks)
  • apps/electron-app/src/renderer/src/styles/omnibox-overlay.css (1 hunks)
  • apps/electron-app/src/renderer/src/types/overlay.d.ts (1 hunks)
  • apps/electron-app/tsconfig.web.json (1 hunks)
  • docs/test-omnibox.md (1 hunks)
  • packages/shared-types/src/constants/index.ts (1 hunks)
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@claude
Copy link

claude bot commented Jul 11, 2025
edited
Loading

Claude finished @maceip's task —— View job

PR Code Review: Omnibox Navigation with Overlay Manager

Comprehensive review of the omnibox navigation implementation with overlay manager functionality.

Review Tasks:

  • Analyze overlay manager implementation
  • Review user profile store architecture
  • Examine navigation bar changes and React integration
  • Check IPC communication patterns and security
  • Review hooks and component architecture
  • Assess error handling and resource management
  • Evaluate performance implications
  • Check test coverage and documentation

🔍 Overlay Manager Analysis (overlay-manager.ts)

Strengths:

  • Good separation of concerns with dedicated overlay management
  • Proper WebContentsView initialization with security settings (contextIsolation, sandbox)
  • Transparent overlay with proper z-index handling
  • IPC event forwarding between overlay and main window
  • Proper cleanup in destroy() method

Security Concerns:

  • 🚨 HIGH RISK: eval() usage in line 157 - this is a major security vulnerability
  • ⚠️ MEDIUM RISK: CSP allows unsafe-eval in overlay.html:8 - weakens security
  • ⚠️ LOW RISK: Script injection via executeJavaScript() - should validate input

Bugs/Issues:

  • Line 266: @ts-expect-error suppression for webContents.destroy() - should use proper typing
  • Missing proper error handling for overlay initialization
  • No validation of OverlayContent parameters before execution

🗂️ User Profile Store Analysis (user-profile-store.ts)

Strengths:

  • Well-structured Zustand store with clear interfaces
  • Proper data persistence with automatic profile creation
  • Good navigation history management with deduplication
  • Smart ranking algorithm combining visit frequency and recency
  • Proper history size limiting (1000 entries)

Issues:

  • ⚠️ MEDIUM RISK: No input validation for profile names or URLs
  • 🐛 BUG: Line 322 - auto-initializes store on import, could cause side effects
  • ⚡ PERFORMANCE: addNavigationEntry does linear search for duplicate URLs

🎯 Navigation Bar Analysis (NavigationBar.tsx)

Strengths:

  • Comprehensive omnibox with intelligent suggestions
  • Good keyboard navigation support
  • Proper debouncing for API calls (200ms)
  • Smart URL/domain detection
  • Integration with multiple suggestion sources

Critical Issues:

  • 🚨 HIGH RISK: Line 469 - Type assertion (window.vibe as any).profile bypasses type safety
  • 🚨 HIGH RISK: No error boundaries for API failures
  • 🐛 BUG: Missing cleanup for debounce timers on unmount
  • 🐛 BUG: Potential memory leak with multiple useEffect listeners

Code Quality Issues:

  • COMPLEX: 891 lines - component is too large and should be split
  • DUPLICATION: Multiple similar URL validation functions
  • INCONSISTENT: Mix of async/await and Promise patterns

📡 IPC Communication Analysis

Security Issues:

  • 🚨 HIGH RISK: IPC handlers in profile-history.ts don't validate input parameters
  • ⚠️ MEDIUM RISK: No authentication/authorization for IPC calls
  • ⚠️ MEDIUM RISK: Direct store access from IPC handlers bypasses validation

Architecture Issues:

  • 🐛 BUG: IPC handlers not properly removed in overlay destroy
  • 🐛 BUG: No error propagation from IPC handlers to UI
  • CONCERN: Tight coupling between IPC handlers and Zustand store

🎣 React Hook Analysis (useOmniboxOverlay.ts)

Strengths:

  • Clean separation of overlay logic from component
  • Proper IPC event listener cleanup
  • Good keyboard navigation implementation

Critical Issues:

  • 🚨 HIGH RISK: Inline eval() usage in overlay script generation (line 157)
  • 🚨 HIGH RISK: HTML injection without sanitization (escapeHtml is basic)
  • ⚠️ MEDIUM RISK: No validation of suggestion data before rendering

Performance Issues:

  • ⚡ PERFORMANCE: Large HTML strings generated on every render
  • ⚡ PERFORMANCE: No memoization of expensive template generation
  • CONCERN: DOM manipulation via string concatenation instead of proper templating

📊 Overall Assessment

Test Coverage:CRITICAL - No tests found for any of the new functionality

Error Handling:POOR - Missing error boundaries, no graceful fallbacks

Performance: ⚠️ NEEDS IMPROVEMENT - Multiple performance bottlenecks identified

Security: 🚨 HIGH RISK - Multiple security vulnerabilities need immediate attention

🔧 Priority Recommendations

  1. URGENT - Security Fixes:

    • Remove all eval() usage immediately
    • Implement proper HTML sanitization
    • Add input validation for all IPC handlers
    • Strengthen CSP policies

  2. HIGH - Code Quality:

    • Split NavigationBar into smaller components
    • Add comprehensive test coverage
    • Implement proper error boundaries
    • Fix memory leaks and cleanup issues

  3. MEDIUM - Performance:

    • Optimize suggestion generation
    • Add memoization for expensive operations
    • Implement request cancellation

  4. LOW - Maintainability:

    • Add proper TypeScript types
    • Improve documentation
    • Standardize async patterns

Verdict: ⚠️ NEEDS MAJOR REVISION - While the feature implementation is comprehensive, critical security vulnerabilities and missing test coverage require significant work before this can be safely merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maceip