Skip to content

build(deps): bump picomatch from 4.0.3 to 4.0.4 in /freeq-app#19

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/freeq-app/picomatch-4.0.4
Open

build(deps): bump picomatch from 4.0.3 to 4.0.4 in /freeq-app#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/freeq-app/picomatch-4.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026

Copy link
Copy Markdown
Contributor

Bumps picomatch from 4.0.3 to 4.0.4.

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 26, 2026
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/freeq-app/picomatch-4.0.4 branch from 610d3c6 to b253dbe Compare April 1, 2026 16:57
chad added a commit that referenced this pull request May 9, 2026
freeq's progressive-message protocol (per server agent_assist/tools.rs:1394
and SDK client.ts:741):
  • first chunk:  PRIVMSG with +freeq.at/streaming=1
  • mid chunks:   PRIVMSG with +draft/edit=<orig-msgid> + streaming=1
  • final:        PRIVMSG with +draft/edit=<orig-msgid> (streaming tag
                  cleared — clients render only the final edit)

dispatch.ts: new dispatchToClaudeStreaming(text, handlers) spawns
'claude --print --output-format stream-json --verbose
--include-partial-messages [--resume <id>]', parses JSON-Lines, fires
onChunk(accumulated) on every text_delta, onComplete(final, sessionId,
durationMs, costUsd) on the {type: 'result'} record, onError on
non-zero exit / parse failure / process crash.

daemon.ts: dispatch branch now streams.
  • First chunk → PRIVMSG with +freeq.at/streaming=1; SDK auto-includes
    msgid; we recover the server-assigned msgid via echo-message (SDK's
    'message' event with isSelf=true and our streaming tag).
  • Subsequent chunks → 500ms-throttled edits referencing the captured
    msgid (server flood limit is 5 msgs/2s; 2/sec headroom is plenty).
  • Final → if msgid known, edit clears the streaming tag; if not (echo
    never arrived in 2s), fall back to a plain PRIVMSG with the final
    text and warn — the user gets the reply even if the client renders
    the original chunk as still-streaming.
  • PRESENCE flips executing → online around the dispatch window as
    before.

Direct test: dispatchToClaudeStreaming('say one short greeting', ...)
fires 2 chunks ('h', 'hi') then onComplete with final='hi' in 2675ms.

Cost telemetry from the result event (total_cost_usd) is captured in
the onComplete signature; not yet wired to status/audit (#19 in the
roadmap).

Entire-Checkpoint: 62fc7ebdaa37
chad added a commit that referenced this pull request May 9, 2026
… rotate-key

- daemon.ts: SIGINT/SIGTERM handler now wipes ~/.freeqcc/daemon.pid
  before process.exit (#10). Also tracks dispatchCount + totalCostUsd
  across the run; persists to ~/.freeqcc/telemetry.json after each
  successful dispatch (#19).
- gate.ts: loadGateState() / saveGateState() round-trip the rolling
  hourly window, last-dispatch ts, and per-sender refusal cooldowns
  via ~/.freeqcc/gate.json so cooldowns survive daemon restarts (#16).
  Daemon calls saveGateState() in fire-and-forget mode after every
  dispatch and refusal.
- cli.ts:
  • new 'freeqcc rotate-key' deletes agent.key + delegation.json +
    session.json after a confirm prompt; refuses if daemon running (#20)
  • new 'freeqcc tail' shells out to 'tail -F -n 40 ~/.freeqcc/daemon.log'
    so users don't need to know the path (#18)
  • 'freeqcc status' now prints dispatch count + cumulative cost + last
    dispatch cost from telemetry.json when present (#19)

Entire-Checkpoint: bcdd8127f664
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants