| Age | Commit message (Collapse) | Author |
|
Remove the in-repo libpanto sources and binding projects from pantograph.
Consume libpantograph through the Zig package URL at
code.tjp.lol/libpantograph.git, including the Lua module artifact used by
CLI extensions.
|
|
|
|
|
|
- resiliency for tool ids that come back from some openai_chat providers
- fixing codepoint width recognition
- implement proper rendering for full markdown as seen from ai models
|
|
|
|
|
|
|
|
|
|
Stage writable event-field overrides by tool call id so they can be applied at the correct point in the turn lifecycle. Capture input overrides from tool_call_complete, capture output overrides from tool_result, and clear staged overrides defensively at turn start and shutdown.
Also honor user_message text overrides when starting a turn, add the helper that applies staged overrides to the agent at dispatch boundaries, and cover the behavior with tests for staged input/output overrides.
|
|
Replace the split [tools]/[extensions] config sections and the two-stage
load gate with a single model:
- [extensions] is now one policy resolved across all layers. Rules from
every layer are kept (not clobbered) and resolved by last-match-wins
after sorting by (layer, glob specificity, deny-last), so a base layer
can carve one name out of an otherwise-denied group and a higher layer's
broad rule still wins. Default is allow; whitelist via deny=["**"].
- Registration is deferred: a source returns an entry {name, activate}
(or a list, or the sugar tool table), is always eval'd side-effect-free,
and only permitted names get activate()d. Identity is the declared name,
not the filename. Collapses the old pre/post-load two-stage gate.
- The loader runs two passes (eval -> shadow -> filter -> activate) with
precedence project>user>base and, within a layer, rocks<paths<dir.
- extensions.paths adds extra scan dirs; extensions.rocks loads luarocks
packages as extension sources (require-as-entries). Startup installs
only missing rocks (no per-launch network hit); panto update force-
(re)installs every configured rock.
deny is a feature toggle, not a security boundary: rocks is where registry
code enters, so the pin list is the trust boundary. Rock integrity
(first-party GPG signing + --verify) is designed but not yet wired; until
then rocks pins which version, not which bytes.
Breaking: [tools] is removed; extensions must return entries. Built-in
tools and the wc example keep working via the sugar tool form.
|
|
|
|
|
|
Treat 1:1 component swaps and pure insertions as differential TUI updates
instead of structural changes that force full redraws. Keep full redraws
for net removals and edits above the viewport, and add tests covering the
streaming-tool flicker regression and scrollback behavior.
Also remove the unfinished Go ToolSource batch-registration bridge.
|
|
|
|
|
|
go: explicitly wrap C.PANTO_* constants rather than using `iota` and
trying to get the order exactly right.
|
|
- ensuring stream.next() sequences are interruptible
- Agent.run() takes any user message, not just chat text
|
|
|
|
Round-trip persistent message content through the C session store bridge
instead of dropping it, including tool-use, tool-result, system, and
thinking blocks. Reconstruct borrowed C content blocks with arena-backed
helpers, carry message identity fields like API style/model/reasoning, and
add tests covering append marshalling and thinking signature origin
round-tripping.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
closing formatting
|
|
|
|
|
|
|
|
|
|
Teach provider config and auth resolution about the Codex Responses
dialect, including user-facing `style = "openai_responses"` with
`dialect = "codex"`. Serialize and parse Responses traffic with
provider-specific reasoning replay, assistant phase metadata, and robust
function-call assembly keyed by `output_index` so streamed tool inputs
survive proxy quirks and empty terminal payloads.
Also persist thinking origins and message metadata across sessions, add
the Anthropic interleaved-thinking header switch, write per-session
debug logs, and improve the TUI and scripts for inspecting tool output
and session costs.
|
|
|
|
Collapse the auth schema: infer `type` from keys, replace key/key_env_var with
a single `key` (resolved via substitution), flatten the exchange to flat
`exchange_*` keys, and drop the auth-level headers tables in favor of reusing
the provider's `extra_headers` on the auth HTTP calls. Add `${sibling}` and
`${env:VAR}` substitution over auth values (GitHub Enterprise = set `domain`).
Restore api_key-empty → provider-drop. Update default config, docs, and tests.
|
|
limitation
|
|
Add the OpenAI Responses API wire dialect (openai_responses APIStyle +
OpenAIResponsesConfig), a request serializer (instructions/input items,
flat function tools, reasoning, store:false, include encrypted reasoning),
and a streaming state machine over the typed response.* SSE events mapping
to the shared block model. Wire dispatch, buildProviderConfig, the C-ABI
free switch, and the reasoning selectors. Ship a commented Codex example in
the default config.
Implemented from the Responses API docs + the open-source Codex client and
covered by fixture tests; live verification against a ChatGPT plan is still
required (documented).
|
|
Record resolved open questions (clean break, key_env_var, codex dialect,
file-backed storage), the core/CLI split, verified device-flow specifics for
Copilot and Codex, the Codex Responses-API finding, and verification status.
|
|
Resolve the active provider's auth before each turn via the AuthManager,
rendering an inline device-code prompt when login is needed, and force a
single refresh/exchange retry on a provider auth failure. Wire the manager
through RunOptions from main.zig.
|
|
Add src/auth_manager.zig (turn-time resolution: load→login→refresh→exchange→
build credential, patch live config) and `panto auth status|login|logout`
subcommands with a line-based device-code presenter. Add config_file.loadFromString.
|
|
Implement the device-authorization flow for both dialects (GitHub `token`
direct-poll; Codex `codex` poll→authorization-code→PKCE exchange), refresh_token
grant, Copilot secondary token exchange, JWT exp parsing, Codex account-id
extraction, and pure credential-building/refresh predicates. Adds a Presenter
hook for rendering the device-code prompt. Exported from public.zig.
|
|
Add libpanto http_helper (non-streaming request/response over the global
client, plus dotted-JSON-path readers) and token persistence in auth.zig
(load/save/delete TokenSet under an embedder-chosen auth dir, owner-only
files). Add $PANTO_HOME/auth to the panto_home layout.
|
|
Add provider.mergeHeaders and use it in both the openai_chat and
anthropic_messages providers so config extra_headers ride on the model
request, merged onto the built-in header set.
|
|
Replace provider-level api_key/api_key_env_var with named auth sessions:
providers now reference `auth = "<name>"` and credentials live under
`[auth.<name>]`. Adds the libpanto auth type surface (AuthConfig, TokenSet,
ResolvedCredential), a Header type and provider `extra_headers`, and rewires
the CLI config loader (parse [auth.<name>], require auth=, providers always
survive, eager api_key resolution). Updates the shipped default config.
|
|
|
|
|
|
|
|
|
|
|
|
Remove setFrameTime() method and fps-related rendering from Footer.
Replace with setModel() to display model name with dim styling. Update
all Footer tests accordingly, adjusting line counts and expectations for
new layout with top/bottom rules wrapping content. Remove reverse video
styling from footer.
|
|
|