Commit Graph

5503 Commits

Author SHA1 Message Date
dc75f16221 fix(ai): move generic subcommand autocomplete outside nested conditionals
The generic `/ai <subcommand>` tab-completion was nested inside conditional
blocks that prevented it from firing in common cases — for example,
`/ai<tab>` or `/ai <tab>` would never match subcommands because the
`autocomplete_param_with_ac()` call was guarded by argument count checks
and nested inside the explicit handler branches.

Move the fallback subcommand autocomplete to execute unconditionally after
all explicit handler branches, ensuring `/ai <tab>` always lists available
subcommands regardless of argument count or which subcommand was typed.

Also move the `/ai set` subcommand fallback outside the inner else-block
so it runs whenever args[0] is "set", not only when num_args >= 2.
2026-04-30 22:51:07 +00:00
da0bf43d73 fix(ai): join multi-word arguments in cmd_ai_correct
Use g_strjoinv to join all arguments from args[1] onwards into a
single prompt string. Previously only args[1] was used, truncating
multi-word prompts like '/ai correct hello world' to just 'hello'
2026-04-30 19:24:39 +00:00
9e1f9b666e fix(ai): fix provider_name leak and const-cast in cmd_ai_start
Use auto_gchar temporary for g_strndup result in cmd_ai_start to
prevent memory leak. Fix const-cast warning by using a proper
non-const temporary variable.
2026-04-30 19:14:49 +00:00
93ad7379e2 fix(ai): align ai_list_providers with documented contract
Remove ai_provider_ref() from ai_list_providers() so the returned
providers do not need to be unref'd by the caller. This matches the
header docstring which states "caller must not free the list or
providers". Also update all callers (cmd_ai_providers, tests) to
remove redundant ai_provider_unref() calls.
2026-04-30 19:09:46 +00:00
caa0b3ccba fix(ai): remove redundant g_strdup on api_key assignment
ai_get_provider_key() already returns a freshly g_strdup'd copy of
the API key. The outer g_strdup in ai_session_create() created an
unnecessary second copy, leaking the original pointer.
2026-04-30 19:06:49 +00:00
c9a5239117 fix(ai): remove API key from debug log
Remove the log_debug line in ai_client.c that leaked the first 10
characters of the API key into logs. This is also contained a memory leak (g_strndup
return value was never freed).
2026-04-30 19:05:33 +00:00
25e0459979 fix(ai): persist API keys to disk after set/remove operations
API keys set via /ai set token were only stored in memory and lost
on client restart. prefs_ai_set_token() and prefs_ai_remove_token()
mutated the in-memory prefs but never called _save_prefs(), unlike
other preference setters in the same file.

Both functions now call _save_prefs() after mutating the keyfile,
ensuring API keys persist across client restarts as advertised.
2026-04-30 19:01:10 +00:00
bccd3ecded fix(ai): remove duplicate assistant response in the message history 2026-04-30 18:05:51 +00:00
cff05ca802 ref(ai): move unfitting functions out of window.c; create aiwin.c 2026-04-30 18:01:24 +00:00
9c8ad57b59 ref(ai): add stub, fix includes, move aiwin_send_message location 2026-04-30 17:41:36 +00:00
1f1770bd58 fix(ai): set correct links in tests, fix headers 2026-04-30 17:02:54 +00:00
e43e8378b0 feat(ai): add AI client with multi-provider support and UI
Add an AI client module that integrates with OpenAI-compatible API
providers (OpenAI, Perplexity, and custom providers) to provide
AI-assisted responses within the profanity client.

The implementation includes:

- src/ai/ai_client.c/h: Core AI client with provider management,
  session handling, and async HTTP request handling via libcurl.
  Supports per-provider API keys stored in preferences, reference-
  counted sessions, and conversation history tracking.

- src/ui/window.c/window_list.c: New AI window type (ProfAiWin) for
  displaying AI conversations, with response streaming and error
  display capabilities.

- Command integration: New `/ai` command (cmd_defs.c, cmd_funcs.c)
  for creating sessions, sending prompts, and managing providers.
  Provider autocomplete support in cmd_ac.c.

- Preferences integration: API keys for providers are persisted in
  the preferences system (config/preferences.c).

- Unit tests: 472 lines of comprehensive tests covering provider
  management, session lifecycle, JSON escaping, and autocomplete
  (tests/unittests/test_ai_client.c).

Architecture decisions:
- Asynchronous design: HTTP requests run on a separate thread to
  avoid blocking the main UI loop. Callbacks are invoked on the main
  thread via direct function call (profanity uses ncurses, not GLib
  main loop).
- Reference counting: Both AIProvider and AISession use ref counting
  for safe shared ownership.
- Response size limit: 10MB cap on HTTP responses to prevent OOM.
2026-04-29 19:23:33 +00:00
9ec01fa8cc fix: CWE-134 format string audit and compiler hardening
Security:
Fix CWE-134 in iq.c: user-controlled string passed as format argument
Add G_GNUC_PRINTF annotations to all variadic printf-like wrappers
in ui.h, log.h and http_common.h
Compiler flags (configure.ac):

Replace basic -Wformat/-Wformat-nonliteral with -Wformat=2
Add -Wextra, -Wnull-dereference, -Wpointer-arith,
-Wimplicit-function-declaration, -Wundef, -Wfloat-equal,
-Wredundant-decls, -Walloc-zero
Add -fstack-protector-strong, -fno-common, -D_FORTIFY_SOURCE=2
Add GCC-specific flags via AC_COMPILE_IFELSE: -Wlogical-op,
-Wduplicated-cond, -Wduplicated-branches, -Wstringop-overflow,
-Warray-bounds=2
Suppress noisy -Wextra sub-warnings: -Wno-unused-parameter,
-Wno-missing-field-initializers, -Wno-sign-compare,
-Wno-cast-function-type
Remove AM_CFLAGS/CFLAGS duplication
Bug fixes found by new warnings:

chatlog.c: non-MUCPM redact path passed resourcepart instead of NULL
rosterwin.c: merge duplicated if/else branches into single condition
omemo.c: redundant else-if in omemo_automatic_start; remove
unnecessary scope block and goto, use early return
console.c: pointer compared to integer 0 instead of NULL
stanza.c: increase pri_str/idle_str buffers from 10 to 12 bytes
(INT_MIN = -2147483648 needs 12 bytes including NUL)
vcard.c: NULL guard for filename before g_file_set_contents
api.c: broken log_warning() calls with extra format argument
Format mismatch fixes:

chatwin.c: Jid* → char* for %s
connection.c: %x → %lx for long flags
cmd_funcs.c: %d → %zu for size_t; cast gpointer to char* for %s
cmd_defs.c: %d → %u for g_list_length() return (guint)
iq.c: barejid → fulljid for from_jid
console.c, mucwin.c, privwin.c, account.c, omemo.c, presence.c:
gpointer → (char*) casts for %s
Const-correctness and cleanup:

database.c: const for type, query, sort variables
form.c/xmpp.h: const for form_set_value parameter
files.c: refactor to early return, eliminating NULL logfile path
muc.c/muc.h: remove meaningless top-level const on return type
common.c: const for URL string literal
Remove stale declarations: cons_show_desktop_prefs (ui.h),
connection_set_priority (connection.h),
omemo_devicelist_configure_and_request (omemo.h)
test_common.c: add currb NULL check to silence -Wnull-dereference
Tooling (check-cwe134.sh):

Reduce from 5 checks to 2 (checks 1-3 redundant with -Wformat=2)
Check 1: verify known wrappers have G_GNUC_PRINTF attribute
Check 2: auto-detect unannotated variadic printf-like functions
Match both const char* and const gchar* in variadic patterns

Author: jabber.developer2 <jabber.developer2@jabber.space>
2026-03-07 11:55:50 +01:00
4fce333c9a fix(xmpp): show message for empty disco#items results (XEP-0030)
Per XEP-0030 section 3.1: 'if an entity has no associated items,
it MUST return an empty <query/> element.'

The client should display 'No service discovery items for X' when
receiving an empty result, not silently ignore it.

Previous version introduced in commit f28655c5c (2016-05-08) which added an early
return when child == NULL, preventing the message from being shown.
2026-02-11 01:10:55 +03:00
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
e31240a4be Merge branch 'fix/connect_max_args' 2026-01-07 10:14:38 +01:00
88b48000f8 fix(cmd): increase /connect max args from 7 to 9
The /connect command can take: account + server <s> + port <p> + tls <t> + auth <a>
which totals 9 arguments, not 7. This fixes argument parsing for full command usage.
2026-01-06 17:22:53 +03:00
f446f48d07 feat(ui,window): add accurate unread indicators and history paging support
- Track unread message indicators and paging state in the window component
- Clear and restore unread markers correctly when navigating between conversations
- Suppress buffer updates and message printing while viewing history to prevent
  unwanted scroll jumps and viewport lock

Also includes minor code-style, whitespace, and comment cleanups as well as
updated documentation for metrics and buffer handling.
2025-12-02 17:59:25 +01:00
20af44196b fix(cmd): cmd_time: Avoid extra loop iterations for single option 2025-11-27 11:38:49 +01:00
84d6253561 fix(xmpp): format debug logging statements for consistency
Add debug output tracking connection lifecycle.
    - Track disconnects and reconnects
    - Record session login, logout, and reconnection attempts
    - Use [CONNDBG] tag for easy log filtering
2025-11-21 10:03:50 +01:00
266f5aa046 feat(api): add get_current_window call
Add prof_get_current_window API to retrieve the title of the currently active window, matching the titlebar display.

The feature is especially useful to track currently used plugin window.
2025-10-20 19:00:48 +02:00
3738be4af1 fix: prevent autoping disable on false negative ping support check
Remove autodisable logic (prefs_set_autoping(0)) and early return in autoping
to treat intermittent false negatives from connection_supports(XMPP_FEATURE_PING).
Add one-time error display with debug features print for monitoring; warn on first failing
check without aborting to maintain functionality while investigating root cause.
2025-10-14 12:42:00 +02:00
ad95edb2b9 feat: make /log level work with non-default files 2025-10-13 20:47:34 +02:00
fac1e224bc fix(scroll): handle edge case of extremely long messages
Prior commit (6ad8a190) did not properly handle overflow by long (9000 lines) message,
to address this issue, multiple changes were made:
- Add lines recalculation on win_redraw
- Move `prof_buff_t` struct to header file so its lines could be externally changed
- Call win_redraw once overflow is detected: it allows to recalculate sizes in lines and apply changes to the buffer
2025-10-08 13:00:32 +02:00
6ad8a19053 fix(buffer): use dynamic buffer size to prevent unnecessary buffer cleanups
Refactor buffer trimming logic to use dynamic line counts (_lines per entry)
against PAD_SIZE (10k) instead of fixed entry count (MAX_BUFFER_SIZE=200). This
prevents premature cleanups for short messages, reduces scrolling disruptions
during history loads, and scales better with rendered content size.

Delete oldest/newest entry from opposite end only when total lines approach
ncurses pad limit, minimizing unnecessary deletions.
Simplify overflow warning log by removing unused MAX_BUFFER_SIZE reference.

Update buffer.c header for improved DX:
- Add detailed module overview explaining role (in-memory UI buffer vs. DB
persistence), key features (trimming, metadata), and integration (ncurses).
- Shorten copyright/license boilerplate to concise pointer (LICENSE ref).
- Add fork notice; preserve original copyrights per GPLv3.

Partially addresses #36 (stuck scroll mitigation via fewer cleanups)
Related to #36
2025-10-07 15:12:20 +02:00
Steffen Jaeckel
9b1cb6ab85 If config keyfile does not exist, create it.
Fixes #1911
Alternative to #2056

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit b12521ca21)
2025-09-10 14:20:08 +02:00
Steffen Jaeckel
75b378cf54 Don't use memchr() on strings potentially shorter than 4 bytes.
When running profanity under Valgrind with slashguard enabled, the
following error could occur:

```
[...]
==4021347== Invalid read of size 1
==4021347==    at 0x4851F49: memchr (vg_replace_strmem.c:986)
==4021347==    by 0x45CEAD: _inp_slashguard_check (inputwin.c:183)
==4021347==    by 0x45CEAD: inp_readline (inputwin.c:225)
==4021347==    by 0x431184: prof_run (profanity.c:121)
==4021347==    by 0x42C609: main (main.c:176)
==4021347==  Address 0xe850883 is 0 bytes after a block of size 3 alloc'd
==4021347==    at 0x48477C4: malloc (vg_replace_malloc.c:446)
[...]
```

`memchr()` requires the complete memory that shall be searched to be
accessible. Using `strchr()` could work for shorter strings, but we only
want to search in the first 4 chars.

Instead of somehow working around those limitations, simply search manually
in the first 4 bytes.

Fixes: 3c56b289 ("Add slashguard feature")
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit 7f48452d84)
2025-09-10 14:16:19 +02:00
Steffen Jaeckel
d3fa1c2f78 Tidy up some code
* less allocations
* less duplicate code

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit 9d335729a0)
2025-09-10 14:07:41 +02:00
Steffen Jaeckel
1a385b8cd2 Refactor slashguard
Fixes #2054
Fixes: 95c2199c ("Some more memory improvements")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
(cherry picked from commit 40aafd06e7)
2025-09-10 14:05:30 +02:00
Steffen Jaeckel
39aab45162 Fix memory leak.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit e0f107f75e)
2025-09-10 14:01:22 +02:00
Steffen Jaeckel
0d5123e69a Trampoline Python unref again.
In the past `Py_XDECREF()` was a macro. Preserve compat to ancient Python
versions by having a trampoline which calls `Py_XDECREF()`.

Fixes: #2043
Fixes: c0da36c4 ("Rage-cleanup.")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
(cherry picked from commit 3299dd8fc6)
2025-09-10 14:00:51 +02:00
Martin Dosch
6b6576b31c Fix typo in examples.
(cherry picked from commit 5696bf77c7)

Author:    Martin Dosch <martin@mdosch.de>
2025-09-10 13:58:57 +02:00
ea8a758ecf Merge branch 'fix/correct-autocompletion' 2025-09-02 14:20:23 +02:00
2808def933 fix(chatwin): Fix LMC autocompletion to suggest corrected message content
- Modified chatwin_outgoing_msg to call _chatwin_set_last_message for corrected messages, using replace_id per XEP-0308.
- Updated _chatwin_set_last_message to skip redundant and invalid free/strdup for same pointers.
- Added null checks in _chatwin_set_last_message for safety.
- Fixes autocompletion suggesting original message content instead of corrected content.

Fixes #24
2025-09-02 00:29:13 +02:00
741dc4c275 fix(ui.h): cons_show_qrcode declaration. Minor change
Prior to the change declaration did not include parameters,
leading to errors within static analyzers and potential issues with compilation.
2025-09-01 23:29:26 +02:00
65cf9ddb9c fix(cmd_sub): Prevent crash with malformed JID in /sub command
Added null check for jidp in cmd_sub to handle jid_create returning NULL.

Crash occurred when processing malformed JID inputs like @example.com.

Ensures robust handling of invalid JIDs.

Fixes #22
2025-09-01 23:29:26 +02:00
51d2355d97 fix(cmd_caps): Prevent crash in /caps with malformed JID input
- Added null check for `jid` in `cmd_caps` to handle `jid_create` returning NULL.
- Crash occurred when processing malformed inputs like `@example.com` in `/caps`.
- Ensures robust handling of invalid JID strings in `WIN_CHAT` and `WIN_CONSOLE` cases.

Fixes #20
2025-09-01 21:28:19 +02:00
f4405d114a Add unit tests for forced encryption check function 2025-08-27 16:48:27 +02:00
442bfb6ce1 feat: Add /force-encryption command and update message handling
Implement /force-encryption command to configure forced encryption
settings with on|off and policy resend-to-confirm|block options.

The changes enhance user experience by clarifying encryption requirements
and providing actionable commands. Users can now press Enter again to
confirm unencrypted messages in resend-to-confirm mode.
2025-08-25 21:11:27 +02:00
ad294cdd6d feat(editor): add asynchronous external editor support
The synchronous `get_message_from_editor` blocked the main loop (`prof_run`) while launching an external editor like `vim`, halting network I/O in `session_process_events` and preventing incoming message reception.

Introduced `get_message_from_editor_async` for `cmd_editor` to run the editor asynchronously. It forks and execs the editor in a thread (`editor_thread`), suspending NCurses to free the terminal. The main loop skips `inp_readline` and `ui_update` via a new `background_mode` flag while the editor runs, allowing `session_process_events` to keep the connection alive.

On editor completion, `editor_process` (called per loop iteration) resumes NCurses with `ui_resize`, inserts the result into the readline buffer and clears `background_mode`.

Retained synchronous `get_message_from_editor` for ~20 existing code paths (e.g., `vcard_nickname`) to avoid breaking them.

Tested with `vim` and `nano`: confirms no rendering conflicts, messages received during editing, and seamless resume. Edge cases like editor crashes handled via error logging and seamless resume.
2025-08-07 03:03:43 +02:00
e1ce7ac630 fix(caps): Add features in caps_init to avoid redundant presence updates
Previously, features like `XMPP_FEATURE_OMEMO_DEVICELIST_NOTIFY` were
added in separate init methods (e.g., `omemo_devicelist_subscribe`) via
`caps_add_feature`, triggering `cl_ev_presence_send` and sending multiple
"online" XMPP presence stanzas. This caused other clients to see users
as appearing "online" multiple times.

This change adds `STANZA_NS_MOOD_NOTIFY` and
`XMPP_FEATURE_OMEMO_DEVICELIST_NOTIFY` in `caps_init`, ensuring they are
in `prof_features` early. This allows `caps_add_feature` to exit early
when called for these features, avoiding redundant presence updates.
2025-07-19 18:33:03 +02:00
5ed8ec30f0 Update name and license 2025-07-19 14:32:26 +02:00
Michael Vetter
091ff41c06 Merge pull request #2041 from profanity-im/some-improvements
Summary:
- Print the final storage location when successfully decrypting a file with `aesgcm://` source.
- Less GString
- Re-factor cmd_presence()
- Improve const correctness
- Use correct free function. Fixes: 75d7663 ("Free wins summary list")

Pull Request Source: https://github.com/profanity-im/profanity/pull/2041

Author: Steffen Jaeckel <s@jaeckel.eu>
2025-07-19 00:13:49 +02:00
Steffen Jaeckel
b7afea7ec3 Use correct free function.
Fixes: 75d76638 ("Free wins summary list")

Author: Steffen Jaeckel <s@jaeckel.eu>
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-07-19 00:13:40 +02:00
d07ca9953d fix: reduce logging
If we can't debug_log because we couldn't obtain some data, but otherwise the app is working, "warning" level is clearly excessive.
2025-07-05 20:54:06 +02:00
f636090fd9 fix(window): preserve scroll offset on page_down and refactor
When paging down beyond the visible chat buffer, the scroll position could
jump unexpectedly. This occurred because the visual distance from the bottom
(e.g. 6 lines until the last message) wasn’t preserved after loading new
messages from the DB.

This patch fixes that by capturing the visual offset (`current_offset`) before
the DB fetch and reapplying it after, based on the y-position of the final
buffer entry. This ensures consistent and smooth scroll transitions, even
as message heights vary.

In addition to fixing the visual glitch, this commit introduces a targeted
performance optimization: once the bottom of the chat has been reached
(`WIN_SCROLL_REACHED_BOTTOM`), we skip expensive operations entirely —
including datetime lookups and entry formatting — during further page_down
events. This reduces performance stalls
during rapid paging (e.g. holding the Page Down key at the bottom of the scrolling area).

This update also adapts to the recent change in `chatwin_db_history()`,
which now returns a `db_history_result_t` instead of `gboolean`, allowing
correct differentiation between an empty result and an actual DB error.

Together, these changes:
- Fix a scroll-jump bug in `page_down`
- Improve performance and responsiveness during rapid navigation
- Align with improved DB result handling
2025-07-02 19:27:15 +02:00
6871a4d46f Fix memory leak in _handle_string_or_none_result
The function did not decref the Python object on type error paths,
resulting in a reference count leak. This caused memory to accumulate
over time. Added Py_XDECREF on all early return paths to properly free
the Python object reference and prevent leaks.
2025-07-02 15:05:44 +02:00
f824cde45f fix(mam, log): improve datetime handling and memory management in MAM and log fetching
- Introduce static helper `_truncate_datetime_suffix()` to safely trim datetime strings, removing unwanted suffixes like timezone offsets
- Replace manual string management with auto_gchar and g_strdup for safer, clearer ownership and to prevent leaks
- Add safety checks and logging warnings for unexpected datetime string lengths or null pointers
- Refactor _mam_rsm_id_handler to use the helper function and updated string handling
- Change log_database_get_previous_chat parameters for consistent ownership semantics, avoiding double frees and mem leaks
- Overall improve stability and prevent memory leaks during log database queries
2025-07-02 14:59:31 +02:00
40b7a12543 Clarify and improve win_page_up() scrolling offset adjustment for smoother paging
This commit refines the existing logic in win_page_up() by:
- Improving comments to clearly explain the rationale behind adjusting
  the scroll offset relative to the first buffer entry’s visual position,
  helping future maintainers understand why this is necessary.
- Fixing offset recalculation to better handle cases where older messages
  with variable heights are loaded from the DB, improving scroll smoothness.
- Changing the logging of negative *page_start values from warning to debug,
  recognizing that this can be a normal scenario when insufficient history is loaded.
- Simplifying some conditionals and renaming variables for clearer intent.

No changes yet applied to win_page_down(), but similar improvements could
be considered in the future.

Overall, this enhances the robustness and user experience of scrolling up
in chat windows, while preserving existing functional logic.
2025-07-01 20:53:18 +02:00
6a394ae2e5 fix: Increase scrollback buffer height for chat rendering (PAD_SIZE)
f27fa98 commit introduced issue of scrolling seemingly randomly being stuck and the following message flood in the logs: "WRN: Ncurses Overflow..."

A pad is an off-screen buffer — larger than the visible terminal screen — that you can scroll, render parts of, or update selectively.

Unlike regular windows, a pad is not tied to screen size. You can create a pad that's 1,000 lines tall, even if your terminal is only 40 lines tall.

This commit addresses the issue by increasing PAD_SIZE to a reasonable number,
allowing messages from buffer to be displayed without overflowing NCurses' window size (maxy).

Minor change: add .cache folder to gitignore
2025-07-01 16:42:03 +02:00