singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

docs: update Tier 0 with port status; flag SSE parser refactor as bigger work

Browse source 
5 of 9 Tier 0 items landed:
- #1 HTML export escape (security)            701ec8fb8 + 92c6d933c
- #2 Empty tools array fix                    58b1d7c60
- #4 undici 5min timeout                      d0907b6d8
- #5 Bedrock inference profile                7c487bb60

Deferred:
- #3 Anthropic SSE proxy event tolerance — fix applies to pi-mono's
  custom SSE parser, but we still use @anthropic-ai/sdk directly.
  To get protection we'd need to port the full "own Anthropic SSE
  parsing" refactor (3 commits, ~200 LOC). Added as a separate Tier 0
  item.

Remaining TODO from Tier 0: items #6-#9 (symlinked dedup, setWorkingVisible
extension API, Cloudflare provider, Azure Cognitive Services).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mikael Hugo 2026-04-29 14:35:55 +02:00
parent d0907b6d87
commit dea4c2dbc1
1 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
BUILD_PLAN.md
View file

@ -16,17 +16,18 @@ Pi-mono (`badlogic/pi-mono`) has shipped 4 releases (v0.70.3 → v0.70.6) since
Order: **security first → real bugs → infra → features**.
| Order | Pi-mono fix | Why | Reference (pi-mono SHA) |
|---|---|---|---|
| 1 | **HTML export: escape image data + session metadata** | Security — crafted session content could inject markup in exported HTML | PRs #3819, #3883 (in v0.70.6) |
| 2 | **Empty `tools` array fix for providers that reject** | Correctness bug — some providers reject the call | PR #3650 (in v0.70.3) |
| 3 | **Anthropic SSE: ignore unknown proxy events** | Correctness bug — proxies emit OpenAI-style `done` events that crash our parser | issue #3708 (in v0.70.3) |
| 4 | **Long local-LLM SSE timeout (5-min undici cutoff)** | Correctness bug — local Ollama / LM Studio sessions over 5 min die with `UND_ERR_BODY_TIMEOUT` | issue #3715 (in v0.70.3) |
| 5 | **Bedrock inference profile normalization** | Bedrock prompt-caching + adaptive-thinking checks fail on inference profile ARNs | PR #3527 (in v0.70.3) |
| 6 | **Symlinked packages/resources/skills/sessions dedup** | Selectors and loaders show duplicates when paths are symlinked | PR #3818 (in v0.70.3) |
| 7 | **`ctx.ui.setWorkingVisible()` extension API** | Lets extensions hide the built-in working-loader row; useful for autopilot UX | issue #3674 (in v0.70.3) |
| 8 | **Cloudflare Workers AI provider** | New provider option (`CLOUDFLARE_API_KEY`/`CLOUDFLARE_ACCOUNT_ID`) | PR #3851 (in v0.70.6) |
| 9 | **Azure Cognitive Services endpoint** | Azure OpenAI Responses base URL support | PR #3799 (in v0.70.3) |
| Order | Pi-mono fix | Why | Status | Reference |
|---|---|---|---|---|
| 1 | **HTML export: escape image data + session metadata** | Security — crafted session content could inject markup in exported HTML | ✅ `701ec8fb8` + dist `92c6d933c` | PRs #3819, #3883 |
| 2 | **Empty `tools` array fix for providers that reject** | Correctness bug — some providers reject the call | ✅ `58b1d7c60` | PR #3650 |
| 3 | **Anthropic SSE: ignore unknown proxy events** | Correctness bug — proxies emit OpenAI-style `done` events | **DEFERRED** — fix doesn't apply directly. Pi-mono moved off the SDK to a custom SSE parser (3 commits: `4b926a30a` + `e58d631c8` + `3e7ffff18`); we still use `client.messages.stream()` from `@anthropic-ai/sdk`. To get this protection we'd need to port the entire pi-mono custom-SSE refactor (~200 LOC). Real engineering effort, separate item. | issue #3708 |
| 4 | **Long local-LLM SSE timeout (5-min undici cutoff)** | Correctness bug — local Ollama / LM Studio over 5 min die with UND_ERR_BODY_TIMEOUT | ✅ `d0907b6d8` | issue #3715 |
| 5 | **Bedrock inference profile normalization** | Bedrock prompt-caching + adaptive-thinking checks fail on inference profile ARNs | ✅ `7c487bb60` | PR #3527 |
| 6 | **Symlinked packages/resources/skills/sessions dedup** | Selectors and loaders show duplicates when paths are symlinked | TODO | PR #3818 |
| 7 | **`ctx.ui.setWorkingVisible()` extension API** | Lets extensions hide the built-in working-loader row; useful for autopilot UX | TODO | issue #3674 |
| 8 | **Cloudflare Workers AI provider** | New provider option (`CLOUDFLARE_API_KEY`/`CLOUDFLARE_ACCOUNT_ID`) | TODO | PR #3851 |
| 9 | **Azure Cognitive Services endpoint** | Azure OpenAI Responses base URL support | TODO | PR #3799 |
| **NEW** | **Port pi-mono custom Anthropic SSE parsing (replaces SDK)** | Address #3 properly: own the SSE parser like pi-mono, then unknown-event filter applies. Multi-commit refactor. | TODO | `4b926a30a` + `e58d631c8` + `3e7ffff18` |
**Process for each:** read the pi-mono commit, port the fix to our `packages/pi-*` (cherry-pick should work cleanly here — same namespace as upstream); commit with `port(pi-mono): <description> (refs <pi-mono SHA>)` style.