Skip to content

Release/v5.0.1 #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
code-crusher merged 2 commits into from
Jan 9, 2026
Merged

Release/v5.0.1 #28

code-crusher merged 2 commits into from
Jan 9, 2026

Conversation

@code-crusher
Copy link
Member

@code-crusher code-crusher commented Jan 9, 2026

No description provided.

@matter-code-review
Copy link
Contributor

matter-code-review bot commented Jan 9, 2026

Code Quality type: new feature

Context

Summary By MatterAI MatterAI logo

🔄 What Changed

This PR executes a comprehensive rebranding and architectural refactor, migrating the entire package namespace from ai.axoncode to so.matterai. It also introduces enhanced build logic for VSCode plugin resource management, updates the JetBrains protocol command for authentication, and implements a regex-based protocol path sanitizer for webview HTML content.

🔍 Impact of the Change

The change aligns the codebase with the new matterai.so domain and branding. Technically, it improves the reliability of asset loading within JetBrains webviews by normalizing vscode-file protocols and streamlines the distribution process for bundled resources. All internal service proxies and IPC actors are now correctly namespaced under the new domain.

Implementation

📁 Total Files Changed

Click to Expand
File ChangeLog
Build Config build.gradle.kts Added vscodePlugin property and updated resource directory resolution logic.
Plugin Metadata gradle.properties.template Updated pluginGroup to so.matterai.jetbrains.
NPM Config package.json Renamed package to @axon-code/jetbrains-plugin and added resource copy scripts.
Action Rename ActionConstants.kt Migrated package to so.matterai.jetbrains.actions.
Auth Protocol AxonCodeAuthProtocolCommand.kt Updated protocol ID to so.matterai.jetbrains.auth and added logging.
Webview Logic MainThreadWebviewsShape.kt Implemented regex to sanitize vscode-file protocol paths in HTML content.
IPC Server ExtensionUnixDomainSocketServer.kt Updated temporary socket file prefix for uniqueness.
Service Registry ServiceProxyRegistry.kt Updated all proxy identifiers to use the new so.matterai namespace.

Screenshots

before after
N/A N/A

How to Test

🧪 Test Added/Recommended

Recommended

  • Namespace Verification: Perform a global search for ai.axoncode to ensure no legacy imports remain.
  • Protocol Integration Test: Verify that jetbrains://idea/so.matterai.jetbrains.auth?token=XYZ correctly triggers the AxonCodeAuthProtocolCommand.
  • Webview Path Test: Unit test the regex in MainThreadWebviewsShape with various vscode-file:/ URI formats to ensure correct path normalization.

Get in Touch

🔒 Security Vulnerabilities

  • N/A: No direct security vulnerabilities detected. The package rename is purely structural. Ensure that the temporary socket files in /tmp have restricted permissions (already handled by Files.createTempFile).

⏳ Estimated code review effort

HIGH (~45 minutes)

Tip

Quality Recommendations

  1. Extract the hardcoded regex in MainThreadWebviewsShape.kt to a named constant in PluginConstants for better maintainability.

  2. Add a unit test specifically for the URI transformation logic in MainThreadWebviewsShape to prevent regressions in asset loading.

  3. Ensure that the 'axoncode' string in the regex is also updated if the VSCode plugin folder name changes in the future.

♫ Tanka Poem

Namespaces transform,
Matter AI takes the new lead,
Paths clean and refined,
Sockets hum in silent lines,
Branding shines in every file. 🚀

Sequence Diagram

sequenceDiagram
    participant EH as ExtensionHost
    participant RPC as RPCManager
    participant WS as MainThreadWebviewsShape
    participant EB as EventBus
    participant WV as WebViewInstance

    EH->>RPC: setHtml(handle, htmlContent)
    RPC->>WS: setHtml(handle, value)
    Note over WS: Regex: Replace vscode-file:/.../axoncode/ with /
    WS->>WS: sanitizeHtml(value)
    WS->>EB: post(WebviewHtmlUpdateData)
    EB->>WV: updateContent(modifiedHtml)
    WV-->>WS: success
    WS-->>RPC: void
    RPC-->>EH: response
Loading

matter-code-review[bot]
matter-code-review bot reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

@matter-code-review matter-code-review bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧪 PR Review is completed: The PR implements a comprehensive package rename to so.matterai. The changes look mostly consistent, but there are critical security implications in the socket creation logic and potential path mismatches in the build script.

Skipped files
  • .vscode/tasks.json: Skipped file pattern
  • CHANGELOG.md: Skipped file pattern
  • DEVELOPMENT.md: Skipped file pattern
  • apps/kilocode-docs/docs/extending/development-environment.md: Skipped file pattern
  • apps/kilocode-docs/i18n/zh-CN/docusaurus-plugin-content-docs/current/extending/development-environment.md: Skipped file pattern
  • jetbrains/README.md: Skipped file pattern
⬇️ Low Priority Suggestions (2)
jetbrains/plugin/build.gradle.kts (1 suggestion)

Location: jetbrains/plugin/build.gradle.kts (Lines 145-145)

🟠 Configuration

Issue: The resource path points to ai/axoncode (src/main/resources/ai/axoncode/...), but the project packages are being renamed to so.matterai. If the directory structure was also updated to match the package name (which is standard), this path will be incorrect.

Fix: Update the path to match the new so/matterai directory structure.

Impact: Ensures the build process can correctly locate configuration resources.

-              val configDir = File("$projectDir/src/main/resources/ai/axoncode/jetbrains/plugin/config")
+              val configDir = File("$projectDir/src/main/resources/so/matterai/jetbrains/plugin/config")
jetbrains/plugin/src/main/kotlin/ai/axoncode/jetbrains/core/ExtensionProcessManager.kt (1 suggestion)

Location: jetbrains/plugin/src/main/kotlin/ai/axoncode/jetbrains/core/ExtensionProcessManager.kt (Lines 349-349)

🔵 Code Quality

Issue: Redundant fully qualified name so.matterai.jetbrains.util.PluginResourceUtil. The class is already imported or available in the classpath context.

Fix: Use the simple class name PluginResourceUtil.

Impact: Improves code readability.

-          val resourcesPath = so.matterai.jetbrains.util.PluginResourceUtil.getResourcePath(PLUGIN_ID, "$RUNTIME_DIR/$EXTENSION_ENTRY_FILE")
+          val resourcesPath = PluginResourceUtil.getResourcePath(PLUGIN_ID, "$RUNTIME_DIR/$EXTENSION_ENTRY_FILE")

jetbrains/plugin/src/main/kotlin/ai/axoncode/jetbrains/core/ExtensionUnixDomainSocketServer.kt
Comment on lines 214 to 220
// Create temporary socket file, ensure uniqueness
private fun createSocketFile(): Path {
val tmpDir = java.nio.file.Paths.get("/tmp")
val sockPath = Files.createTempFile(tmpDir, "kilocode-idea-extension-ipc-", ".sock")
val sockPath = Files.createTempFile(tmpDir, "axoncode-idea-extension-ipc-", ".sock")
Files.deleteIfExists(sockPath) // Ensure it does not exist
return sockPath
}
Copy link
Contributor

@matter-code-review matter-code-review bot Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Security

Issue: Creating a temporary file in /tmp and then deleting it to reuse the path for a socket introduces a race condition (TOCTOU) and potential security risks (symlink attacks) since /tmp is world-writable.

Fix: Create a private temporary directory using Files.createTempDirectory (which has secure permissions 0700) and place the socket file inside it.

Impact: Prevents local privilege escalation or denial of service attacks via socket hijacking.

Suggested change
// Create temporary socket file, ensure uniqueness
private fun createSocketFile(): Path {
val tmpDir = java.nio.file.Paths.get("/tmp")
val sockPath = Files.createTempFile(tmpDir, "kilocode-idea-extension-ipc-", ".sock")
val sockPath = Files.createTempFile(tmpDir, "axoncode-idea-extension-ipc-", ".sock")
Files.deleteIfExists(sockPath) // Ensure it does not exist
return sockPath
}
// Create temporary socket file, ensure uniqueness
private fun createSocketFile(): Path {
val socketDir = Files.createTempDirectory("axoncode-ipc")
socketDir.toFile().deleteOnExit()
val sockPath = socketDir.resolve("axoncode-idea-extension-ipc.sock")
sockPath.toFile().deleteOnExit()
return sockPath
}

@code-crusher code-crusher merged commit c5da46b into main Jan 9, 2026
6 of 14 checks passed
@code-crusher code-crusher deleted the release/v5.0.1 branch January 9, 2026 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matter-code-review matter-code-review[bot] matter-code-review[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@code-crusher