cli
cli copied to clipboard
snyk
chore(language-server): integrate LS
Changes since last integration of Language Server
commit ff4aa3f0d1152c8d7a5c4ba9b7404614462ac886
Author: Bastian Doetsch <[email protected]>
Date: Thu Dec 11 15:31:53 2025 +0100
feat: add configuration dialog with all settings [IDE-1455] (#1076)
* feat: add comprehensive configuration dialog with all settings [IDE-1455]
Implemented a complete configuration dialog accessible via workspace/executeCommand
that allows users to view and edit all Snyk Language Server settings through a
server-rendered HTML interface.
Key features:
- All 40 global settings fields included and updatable
- All 12 folder-specific config sub-fields supported
- Real-time endpoint validation for Snyk API URLs
- Authentication trigger via dedicated button
- Automatic logout on endpoint change to prevent session conflicts
- IE7-compatible JavaScript for maximum compatibility
- VSCode-themed UI with responsive design
- Complex object support (FilterSeverity, IssueViewOptions, etc.)
- JSON field editing for advanced configurations
- Read-only fields for auto-populated system information
Technical implementation:
- Command: snyk.workspace.configuration
- Renderer: infrastructure/configuration package with Go html/template
- Protocol: LSP window/showDocument with snyk://settings URI
- Templates: Embedded HTML, CSS, and JavaScript assets
- Testing: Comprehensive smoke test verifying all fields and functionality
All settings from types.Settings are now exposed in the UI including:
- Authentication (token, endpoint, organization, method)
- Product activation (OSS, Code, IaC, Code Security/Quality)
- CLI and path configuration
- Security settings (insecure mode, trusted folders)
- Operational settings (scanning mode, error reporting)
- Filter and display options (severity filter, hover verbosity)
- Feature toggles (Learn, OSS Quick Fix, Browser Actions, Delta Findings)
- Advanced settings (Code API URL, integration info, runtime details)
- Folder-specific configurations per workspace folder
Tests: 100% passing (unit tests, integration tests, smoke tests)
Linting: 0 issues
* fix: populate all settings in constructSettingsFromConfig [IDE-1455]
Updated constructSettingsFromConfig to populate ALL 40+ settings fields from config:
Core improvements:
- Added all missing authentication fields (AutomaticAuthentication, DeviceId)
- Added all product activation fields (ActivateSnykCodeQuality)
- Added CLI/Path fields (Path from environment)
- Added security fields (TrustedFolders array)
- Added filter/display fields (IssueViewOptions, HoverVerbosity, OutputFormat)
- Added all feature toggle fields (Learn, OSSQuickFix, OpenBrowser, DeltaFindings)
- Added all advanced fields (SnykCodeApi, Integration info, OS/Runtime details, Protocol version)
- Added all folder config sub-fields (LocalBranches, ReferenceFolderPath, PreferredOrg, etc.)
Testing:
- Added comprehensive test (TestConstructSettingsFromConfig_AllFieldsPopulated)
- Verifies all 40+ global settings are populated
- Verifies all 12 folder-specific settings sub-fields are populated
- All tests passing
Files changed:
- domain/ide/command/configuration_command.go - Complete settings population
- domain/ide/command/configuration_command_settings_test.go - New comprehensive test
- configuration_dialog_preview.html - Updated preview with all settings
The configuration dialog now correctly displays all available settings from the
Language Server configuration.
* refactor: remove auto-populated system fields from config dialog [IDE-1455]
Removed read-only system fields that are auto-populated by the IDE:
- Integration Name/Version (auto-populated by IDE extension)
- Device ID (auto-generated on first run)
- OS Platform/Architecture (detected at runtime)
- Runtime Name/Version (detected from IDE environment)
- Required Protocol Version (LSP protocol version)
These fields are still populated in types.Settings for internal use, but are
no longer displayed in the user-facing configuration dialog as they are not
user-configurable.
Changes:
- infrastructure/configuration/template/config.html - Removed 8 read-only fields
- configuration_dialog_preview.html - Updated preview and documentation
- application/server/configuration_smoke_test.go - Removed assertions for hidden fields
All tests passing. The dialog now only shows settings that users can actually
configure, making the UI cleaner and less confusing.
* feat: improve configuration dialog UX and add risk score threshold [IDE-1455]
Major improvements:
- Removed global Organization field (use folder-level instead)
- Removed Automatic Authentication checkbox (managed by IDE)
- Removed SAST Settings field (auto-populated, not user-configurable)
- Corrected Scan Command Config to use proper pre/post scan command structure
- Added Risk Score Threshold field to folder config (0-1000 range)
- Moved Authenticate/Logout buttons adjacent to Token field for better UX
Scan Command Config improvements:
- Replaced incorrect 'Product-Specific CLI Arguments' with proper pre/post scan commands
- Now properly reflects ScanCommandConfig type structure per product
- Each product (OSS, Code, IaC) can have:
- Pre-Scan Command (command field)
- Pre-Scan Only Reference Folder (boolean)
- Post-Scan Command
- Post-Scan Only Reference Folder (boolean)
UI enhancements:
- Authentication and Logout buttons now inline with Token field
- Cleaner, more intuitive layout
- Better grouping of related controls
Type changes:
- Added RiskScoreThreshold int field to FolderConfig
- Updated Clone() method to include new field
Testing:
- All smoke tests passing
- Fixed test assertions for removed global organization field
- Verified all form fields render and collect data correctly
Files changed:
- internal/types/lsp.go - Added RiskScoreThreshold to FolderConfig
- infrastructure/configuration/template/config.html - Updated UI structure
- infrastructure/configuration/template/scripts.js - Updated data collection logic
- application/server/configuration_smoke_test.go - Fixed assertions
- configuration_dialog_preview.html - Updated preview with all changes
* refactor: reduce code duplication and improve maintainability [IDE-1455]
- Eliminated 140+ lines of HTML template duplication by implementing template range loops
for scan command configuration sections (OSS, Code, IaC)
- Refactored 120-line constructSettingsFromConfig into 8 focused helper functions
for better single responsibility and testability
- Added custom template functions (list, dict) to enable cleaner Go templates
- Removed excessive comments (20 lines → 3 lines) in config_html.go
- Extracted inline styles to CSS classes for better separation of concerns
- Fixed missing Organization field in configuration dialog
- Added Organization input field to authentication section
Impact:
- Improved maintainability: changes to scan config UI now require only one update
- Better testability: individual sections can be tested independently
- Cleaner code: reduced complexity and improved readability
- Zero breaking changes: all existing functionality preserved
Tests: All unit and integration tests passing, 0 linting errors
* fix: properly implement configuration smoke test with LSP server [IDE-1455]
The configuration smoke test was not following the smoke test pattern:
- It wasn't starting the LSP server
- It wasn't using the LSP client to execute commands
- It was just calling the renderer directly (more like a unit test)
Changes:
- Now properly starts LSP server using setupServer(t, c)
- Uses loc.Client.Call() to execute workspace/executeCommand
- Verifies window/showDocument callback is sent with correct URI
- Validates callback parameters (uri, external, takeFocus)
- Follows the same pattern as other smoke tests in server_smoke_test.go
The test now properly validates the full LSP command execution flow:
1. Client sends workspace/executeCommand with snyk.workspace.configuration
2. Server executes command
3. Server sends window/showDocument callback with snyk://settings URI
4. Test validates the callback was sent with correct parameters
Tests: Smoke test passes with SMOKE_TESTS=1
* refactor: improve smoke test to verify actual HTML content from config state [IDE-1455]
The smoke test now properly verifies the HTML content that would be displayed:
Previous approach:
- Executed command via LSP ✓
- Verified callback sent ✓
- Generated HTML separately with test data (not from actual config)
Improved approach:
- Executes command via LSP ✓
- Verifies window/showDocument callback sent ✓
- Generates HTML from the SAME config state the command uses ✓
- Validates all fields in the actual HTML that would be displayed ✓
This ensures the smoke test validates the actual content that would be shown
in the dialog, using the same config state as the command execution.
Changes:
- Consolidated test into single test function with sub-tests
- Removed duplicate test setup (c and loc were created twice)
- Added clear test section 'Verify HTML Content from Config State'
- HTML verification now uses config state from the same test context
- Fixed linting issue (unnecessary leading newline)
Tests: SMOKE_TESTS=1 go test passes with all sub-tests
* fix: smoke test now verifies actual HTML content from command response [IDE-1455]
The smoke test now properly validates the complete command execution flow:
**Previous approach:**
- Executed command via LSP ✓
- Verified callback sent ✓
- Generated HTML separately (not what command actually returned)
**Corrected approach:**
1. Execute command via LSP client
2. Verify window/showDocument callback sent with correct URI
3. **Extract HTML content from command response**
4. Validate all fields in the actual HTML returned by the command
**Key changes:**
- Command now returns HTML content in response: { uri, content }
- Test extracts and verifies HTML from command response
- Removed createComprehensiveSettings() helper (no longer needed)
- Made folder-specific field checks conditional (no folders in smoke test env)
- Removed unused configuration import
**Implementation details:**
- domain/ide/command/configuration_command.go: Now returns map with uri and content
- Test uses response.UnmarshalResult() to extract HTML
- HTML verification runs against actual command output
This ensures the smoke test validates:
- LSP command execution ✓
- Callback notification sent ✓
- **HTML content generation and return** ✓
- **Content validation from actual response** ✓
Tests: SMOKE_TESTS=1 go test passes, make lint passes
* docs: add comprehensive configuration dialog integration guide [IDE-1455]
Created complete documentation for IDE integration with the configuration dialog:
**Documentation (docs/configuration-dialog.md):**
- Overview of architecture and integration flow
- Step-by-step guide for opening and displaying the dialog
- Function injection patterns (ideLogin, ideSaveConfig, ideLogout)
- Configuration data format specification
- Authentication and logout flows
- Implementation checklist and best practices
- Troubleshooting guide
**Sequence Diagrams (high-resolution PNG, 2400x1800):**
1. Opening Configuration Dialog
- Shows command execution → HTML generation → callback → display
2. Function Injection Flow
- Details how IDEs inject and expose functions to the webview
3. Saving Configuration Flow
- Complete flow from user action to server config update
4. Authentication Flow
- OAuth and token-based authentication patterns
5. Logout Flow
- Credential clearing and state management
**Diagram Sources:**
- Mermaid (.mmd) source files for all diagrams in docs/diagrams/
- Enables easy updates and maintenance of diagrams
**Key Features:**
- Complete LSP command reference
- TypeScript interface examples
- Security best practices
- Error handling patterns
- Detailed data format specifications
This documentation enables IDE developers to properly integrate the
configuration dialog, understanding the complete flow from triggering
the command to handling user interactions.
* refactor: remove unnecessary window/showDocument callback [IDE-1455]
The window/showDocument callback is no longer needed since the command
response now includes both the URI and HTML content. Clients can act
directly on the command response without waiting for an additional callback.
**Code Changes:**
- domain/ide/command/configuration_command.go:
- Removed window/showDocument callback notification
- Command now simply returns {uri, content} response
- Simplified logging
- application/server/configuration_smoke_test.go:
- Removed callback verification from test
- Test now only verifies command response content
- Updated test documentation comment
- Removed unused jsonRPCRecorder variable
**Documentation Changes:**
- docs/configuration-dialog.md:
- Removed all references to window/showDocument callback
- Updated integration guide to reflect direct response handling
- Simplified implementation checklist
- Updated sequence diagram to remove callback step
- docs/diagrams/configuration-dialog-open.mmd:
- Removed window/showDocument callback from flow
- Streamlined diagram to show direct response handling
- docs/images/configuration-dialog-open.png:
- Re-rendered diagram without callback step
**Benefits:**
- Simpler integration for IDE developers
- Fewer moving parts in the protocol
- Clients get everything they need in one response
- No need to handle asynchronous callbacks
**Breaking Change:** None - clients were already receiving the content
in the command response, so removing the callback is backward compatible.
Tests: All tests passing, make lint passes
* test: update configuration command test to verify response instead of callback [IDE-1455]
Updated the test to reflect the removal of the window/showDocument callback:
**Changes:**
- Removed expectation for Server.Callback() mock call
- Test now verifies the command response contains uri and content
- Validates response structure: { uri: string, content: string }
- Removed unused import of sourcegraph/go-lsp
**Test Coverage:**
- Verifies command executes successfully
- Validates response is a map with correct fields
- Confirms HTML content is generated and not empty
Tests: TestConfigurationCommand_Execute and SMOKE_TESTS pass
* refactor: simplify response to return HTML string directly [IDE-1455]
Removed the unnecessary URI field from the command response for maximum
simplicity. The command now returns the HTML content directly as a string.
**Command Changes:**
- domain/ide/command/configuration_command.go:
- Now returns HTML string directly instead of map with uri and content
- Removed unused go-lsp import
- Simplified logging
**Test Updates:**
- application/server/configuration_smoke_test.go:
- Updated to unmarshal HTML string directly
- Removed assertions for uri field
- domain/ide/command/configuration_command_test.go:
- Simplified to verify HTML string response
- Removed map structure checks
**Documentation Updates:**
- docs/configuration-dialog.md:
- Updated response format to show plain HTML string
- Simplified integration example code
- Removed all references to uri field
- README.md:
- Added Configuration Dialog command documentation
- Included return type and example
- Added link to full integration guide
**Integration Benefits:**
**Impact:**
- Even simpler integration for IDE developers
- No need to parse response structure
- Direct HTML ready for display
- 2 lines of code instead of 3
Tests: All unit and smoke tests passing
* docs: enhance configuration saving documentation with complete flow details [IDE-1455]
Added comprehensive documentation on how configuration saving works between
the IDE and language server to help IDE developers understand the complete flow.
**New Documentation Sections:**
1. **How the Language Server Processes Configuration:**
- Step-by-step breakdown of what happens when config is received
- Validation -> Apply -> Persist -> Apply changes
- Explains fire-and-forget nature (no response expected)
- How to verify success (monitoring, re-execution)
2. **Complete Implementation Example:**
- Full async/await example showing best practices
- IDE-side validation before sending
- Proper error handling
- User feedback implementation
- Optional dialog refresh
3. **Important Notes:**
- One-way notification pattern
- Optional/partial updates supported
- Settings merging behavior
- Error handling doesn't fail entire update
- Security: token encryption
- Immediate effect of changes
4. **Error Handling:**
- Monitor window/showMessage notifications
- IDE-side validation recommendations
- User feedback patterns
**Benefits:**
- IDE developers have complete understanding of the flow
- Clear examples prevent common implementation mistakes
- Explains both happy path and error scenarios
- Shows best practices for validation and feedback
This complements the existing sequence diagram with detailed
implementation guidance.
* docs: fix sequence diagrams to match current implementation [IDE-1455]
Updated the opening dialog sequence diagram to accurately reflect the
simplified implementation that returns HTML directly as a string.
**Changes:**
1. **Mermaid Source (configuration-dialog-open.mmd):**
- Changed response from: {uri: "snyk://settings", content: "<html>..."}
- To: "<html>..." (HTML string)
- Removed "Extract HTML from response" step (no longer needed)
- Simplified to show direct HTML usage
2. **Markdown Documentation (configuration-dialog.md):**
- Updated embedded mermaid diagram to match source
- Now accurately shows direct HTML string response
3. **PNG Rendering (configuration-dialog-open.png):**
- Re-rendered diagram at 2400x1800 resolution
- Updated from 89 KB to 75 KB (reflects simpler flow)
**Result:**
All diagrams and documentation now accurately represent the current
implementation where the command simply returns an HTML string with
no URI or wrapper object.
* feat: enhance configuration dialog with org auto-select and field tooltips [IDE-1455]
- Add Auto Select Organization toggle for folder settings
- When enabled, displays auto-determined org (read-only)
- When disabled, allows manual org input
- Dynamic field toggle with proper state management
- Replace IDE placeholder syntax with window function calls
- Change ${ideSaveConfig} to window.__ideSaveConfig__()
- Change ${ideLogin} to window.__ideLogin__()
- Change ${ideLogout} to window.__ideLogout__()
- Fixes JavaScript syntax errors caused by template literal syntax
- Add Bootstrap tooltips to all configuration fields
- Descriptions sourced from vscode-extension package.json
- Tooltip initialization on page load
- Proper badge alignment and spacing
- Remove redundant code
- Remove duplicate productCodenameToProduct function
- Remove unused getScanConfig template function
- Clean up unused product import
- Add Visual Studio support with dynamic folder/solution labels
* chore: preview of html
* feat: auto save instead of a button
* fix: remove trustedFolders from settings page. Merge folder configs
instead of blindly replacing
* feat: filter out folder configs which are not part of the workspace
* chore: bump protocol version to 22
* feat: add BaseUrl support and enhance configuration handling [IDE-1455]
- Add BaseUrl field to Config with getter/setter methods
- Include BaseUrl in Settings struct for LSP protocol
- Extract and populate CLI settings (path, params, insecure) in configuration command
- Add CLI release channel detection from runtime version
- Update configuration dialog comments for IDE integration functions
- Add RiskScoreThreshold to Settings struct
- Bump LS_PROTOCOL_VERSION to 22
- Remove test output file (config_output.html)
* refactor: improve config dialog UX with nested product collapsibles
- Change Pre/Post Scan Commands section to use nested collapsibles
- Convert product headers (OSS, Code, IaC) to collapsible buttons
- Fix collapse icon rotation for all collapsible sections
- Add hover effects to nested product toggles (gray -> white)
- Add test script at scripts/config-dialog for generating HTML
- Clean up unused CSS styles (removed h5 product heading styles)
- Update .gitignore to exclude generated config_output.html
* feat: add dirty form tracking to configuration dialog [IDE-1455]
Implement dirty state tracking to notify IDEs when configuration has unsaved changes. IDEs can now inject __onFormDirtyChange__ handler to receive state transition events (clean↔dirty).
- Add modular JavaScript architecture (utils.js, dirty-tracker.js)
- Implement deep comparison for nested config structures
- Fix CSP nonce syntax and remove inline event handlers
- Add risk score validation (0-1000 range)
- Improve layout: risk score and delta findings side-by-side
- Expose __isFormDirty__ and __resetDirtyState__ for IDE integration
* fix: resolve ScanCommandConfig template error [IDE-1455]
Fix template error when folders have ScanCommandConfig set. The template was trying to access the map using struct field syntax (.oss, .code, .iac) which doesn't work with Go's typed map keys.
- Add getScanConfig template helper function to properly access map[product.Product]
- Update all ScanCommandConfig template references to use helper
- Add test data with ScanCommandConfig to prevent regression
- Update tests to cover both populated and empty ScanCommandConfig cases
Fixes error: "can't evaluate field oss in type map[product.Product]types.ScanCommandConfig"
* fix: linter errors
* feat: add css variables
* fix: tests
* fix: pr comments, add trusted folders and PAT auth method, refactor js
code into files
* feat: update field descriptions
* fix: tests
* feat(oss): propagate RiskScore to IDE diagnostics [IDE-1455]
Add RiskScore field to types.OssIssueData in the LSP layer and update
the converter to propagate the value from the domain layer. This allows
IDE clients to access risk score data in diagnostic payloads.
- Add RiskScore uint16 field to types.OssIssueData (internal/types/lsp.go)
- Update getOssIssue converter to copy RiskScore from domain layer
- Add unit test TestToDiagnostics_OssIssue_RiskScore to verify propagation
* feat: clear token and disable button on logout
* chore: cleanup before merge
---------
Co-authored-by: Nick Yasnohorodskyi <[email protected]>
Co-authored-by: Ben Durrans <[email protected]>
M .gitignore
M .goreleaser.yaml
M README.md
M application/config/config.go
M application/server/configuration.go
A application/server/configuration_smoke_test.go
M application/server/server.go
A docs/configuration-dialog.md
A docs/diagrams/configuration-dialog-auth.mmd
A docs/diagrams/configuration-dialog-injection.mmd
A docs/diagrams/configuration-dialog-logout.mmd
A docs/diagrams/configuration-dialog-open.mmd
A docs/diagrams/configuration-dialog-save.mmd
A docs/images/configuration-dialog-auth.png
A docs/images/configuration-dialog-injection.png
A docs/images/configuration-dialog-logout.png
A docs/images/configuration-dialog-open.png
A docs/images/configuration-dialog-save.png
M domain/ide/command/command_factory.go
A domain/ide/command/configuration_command.go
A domain/ide/command/configuration_command_settings_test.go
A domain/ide/command/configuration_command_test.go
M domain/ide/converter/converter.go
M domain/ide/converter/converter_test.go
A infrastructure/configuration/config_html.go
A infrastructure/configuration/config_html_test.go
A infrastructure/configuration/template/config.html
A infrastructure/configuration/template/js/authentication.js
A infrastructure/configuration/template/js/auto-save.js
A infrastructure/configuration/template/js/dirty-tracker.js
A infrastructure/configuration/template/js/dirty-tracking.js
A infrastructure/configuration/template/js/folder-management.js
A infrastructure/configuration/template/js/form-data.js
A infrastructure/configuration/template/js/helpers.js
A infrastructure/configuration/template/js/init.js
A infrastructure/configuration/template/js/trusted-folders.js
A infrastructure/configuration/template/js/utils.js
A infrastructure/configuration/template/js/validation.js
A infrastructure/configuration/template/styles.css
M internal/types/command.go
M internal/types/lsp.go
A scripts/config-dialog/README.md
A scripts/config-dialog/main.go
| Warnings | |
|---|---|
| :warning: |
"chore: automatic integration of language server ff4aa3f0d1152c8d7a5c4ba9b7404614462ac886" is too long. Keep the first line of your commit message under 72 characters. |
Generated by :no_entry_sign: dangerJS against ccc80f9364aa3fdab8a425babe9326f2f0b1c6c0
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}