Skip to content

feat: add configuration dialog with all settings [IDE-1455] #1076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bastiandoetsch wants to merge 21 commits into
base: main
Choose a base branch
from
Open

feat: add configuration dialog with all settings [IDE-1455] #1076

bastiandoetsch wants to merge 21 commits into from

Conversation

@bastiandoetsch
Copy link
Collaborator

@bastiandoetsch bastiandoetsch commented Nov 21, 2025
edited by atlassian bot
Loading

Description

This PR implements a comprehensive configuration dialog for the Snyk Language Server that allows users to view and edit all settings through an HTML-based interface.

Changes

Latest: Comprehensive Integration Documentation

Commit: docs: add comprehensive configuration dialog integration guide IDE-1455

Added complete documentation for IDE developers to integrate with the configuration dialog:

📚 Documentation: docs/configuration-dialog.md

  • Architecture Overview: Client-server pattern, HTML generation, webview integration
  • Step-by-Step Integration Guide:
    • Opening the dialog via LSP command
    • Displaying HTML content in webview
    • Injecting IDE-specific functions
    • Saving configuration
    • Authentication flow
    • Logout flow
  • Complete API Reference: Command format, response structure, configuration data types
  • TypeScript Examples: Practical code samples for IDE implementation
  • Implementation Checklist: All required integration steps
  • Best Practices: Security, validation, error handling, UX
  • Troubleshooting Guide: Common issues and solutions

📊 High-Resolution Sequence Diagrams (2400x1800px):

  1. Opening Configuration Dialog - Shows command execution → HTML generation → callback → webview display
  2. Function Injection Flow - Details IDE function injection and webview communication
  3. Saving Configuration Flow - Complete user interaction to server update
  4. Authentication Flow - OAuth and token-based authentication patterns
  5. Logout Flow - Credential clearing and state management

All diagrams include:

  • Source Mermaid files (docs/diagrams/*.mmd) for easy maintenance
  • Rendered PNG images (docs/images/*.png) for documentation viewing

Previous: Fixed Smoke Test to Verify Actual Command Response

Commit: fix: smoke test now verifies actual HTML content from command response IDE-1455

The smoke test now properly validates the complete end-to-end flow including the actual HTML content returned by the command:

Fixed implementation:

  1. Command now returns HTML content:

    • Returns { uri: "snyk://settings", content: "<html>..." }
    • Enables client to retrieve the generated content
    • Makes content testable

  2. Test validates actual command response:

    • Executes command via LSP client ✓
    • Verifies window/showDocument callback sent ✓
    • Extracts HTML from command response
    • Validates actual content that would be displayed

Previous: Improved Smoke Test Implementation

Commit: refactor: improve smoke test to verify actual HTML content from config state IDE-1455

Enhanced the smoke test to validate HTML content generated from the same config state as the command execution.

Previous: Fixed Smoke Test Implementation

Commit: fix: properly implement configuration smoke test with LSP server IDE-1455

The configuration smoke test now follows proper smoke test patterns used in the codebase.

Previous: Code Quality Improvements (Refactoring)

Commit: refactor: reduce code duplication and improve maintainability IDE-1455

  • Eliminated 140+ lines of HTML duplication by implementing template range loops
  • Refactored 120-line function into 8 focused helper functions
  • Added custom template functions (list, dict) for cleaner Go templates
  • Extracted inline styles to CSS for better separation of concerns
  • Fixed missing Organization field in the dialog

Initial Changes

  1. Comprehensive Configuration Dialog - Full settings dialog with all global and folder-specific settings
  2. Settings Population Fix - Ensured all settings fields are properly populated from config
  3. System Fields Cleanup - Removed auto-populated system fields from user-editable dialog
  4. UX Improvements - Added risk score threshold and improved overall user experience

Documentation

📖 NEW: Configuration Dialog Integration Guide

Complete guide for IDE developers with:

  • Architecture and flow diagrams
  • Step-by-step integration instructions
  • API reference and data formats
  • Code examples in TypeScript
  • Security best practices
  • Troubleshooting guide

Testing

  • ✅ All unit tests passing
  • ✅ All integration tests passing
  • ✅ Smoke tests passing with proper LSP integration and content validation
  • ✅ Zero linting errors (make lint)
  • ✅ Security scans completed (Snyk Code & SCA)
  • Command response includes HTML content for client retrieval
  • Documentation with high-resolution diagrams

Related Issue

Fixes IDE-1455

Checklist

  • Code follows project conventions
  • Tests added/updated
  • Smoke tests properly validate command execution and HTML content
  • Command returns HTML content for client access
  • Documentation created with integration guide
  • Sequence diagrams rendered in high resolution
  • Linting passes
  • Security scans completed
  • No breaking changes

@bastiandoetsch
feat: add comprehensive configuration dialog with all settings [IDE-1…
013315c 
…455]

Implemented a complete configuration dialog accessible via workspace/executeCommand
that allows users to view and edit all Snyk Language Server settings through a
server-rendered HTML interface.

Key features:
- All 40 global settings fields included and updatable
- All 12 folder-specific config sub-fields supported
- Real-time endpoint validation for Snyk API URLs
- Authentication trigger via dedicated button
- Automatic logout on endpoint change to prevent session conflicts
- IE7-compatible JavaScript for maximum compatibility
- VSCode-themed UI with responsive design
- Complex object support (FilterSeverity, IssueViewOptions, etc.)
- JSON field editing for advanced configurations
- Read-only fields for auto-populated system information

Technical implementation:
- Command: snyk.workspace.configuration
- Renderer: infrastructure/configuration package with Go html/template
- Protocol: LSP window/showDocument with snyk://settings URI
- Templates: Embedded HTML, CSS, and JavaScript assets
- Testing: Comprehensive smoke test verifying all fields and functionality

All settings from types.Settings are now exposed in the UI including:
- Authentication (token, endpoint, organization, method)
- Product activation (OSS, Code, IaC, Code Security/Quality)
- CLI and path configuration
- Security settings (insecure mode, trusted folders)
- Operational settings (scanning mode, error reporting)
- Filter and display options (severity filter, hover verbosity)
- Feature toggles (Learn, OSS Quick Fix, Browser Actions, Delta Findings)
- Advanced settings (Code API URL, integration info, runtime details)
- Folder-specific configurations per workspace folder

Tests: 100% passing (unit tests, integration tests, smoke tests)
Linting: 0 issues
@snyk-io
Copy link

snyk-io bot commented Nov 21, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@bastiandoetsch
fix: populate all settings in constructSettingsFromConfig [IDE-1455]
a63d424 
Updated constructSettingsFromConfig to populate ALL 40+ settings fields from config:

Core improvements:
- Added all missing authentication fields (AutomaticAuthentication, DeviceId)
- Added all product activation fields (ActivateSnykCodeQuality)
- Added CLI/Path fields (Path from environment)
- Added security fields (TrustedFolders array)
- Added filter/display fields (IssueViewOptions, HoverVerbosity, OutputFormat)
- Added all feature toggle fields (Learn, OSSQuickFix, OpenBrowser, DeltaFindings)
- Added all advanced fields (SnykCodeApi, Integration info, OS/Runtime details, Protocol version)
- Added all folder config sub-fields (LocalBranches, ReferenceFolderPath, PreferredOrg, etc.)

Testing:
- Added comprehensive test (TestConstructSettingsFromConfig_AllFieldsPopulated)
- Verifies all 40+ global settings are populated
- Verifies all 12 folder-specific settings sub-fields are populated
- All tests passing

Files changed:
- domain/ide/command/configuration_command.go - Complete settings population
- domain/ide/command/configuration_command_settings_test.go - New comprehensive test
- configuration_dialog_preview.html - Updated preview with all settings

The configuration dialog now correctly displays all available settings from the
Language Server configuration.
@bastiandoetsch
refactor: remove auto-populated system fields from config dialog [IDE…
775092f 
…-1455]

Removed read-only system fields that are auto-populated by the IDE:
- Integration Name/Version (auto-populated by IDE extension)
- Device ID (auto-generated on first run)
- OS Platform/Architecture (detected at runtime)
- Runtime Name/Version (detected from IDE environment)
- Required Protocol Version (LSP protocol version)

These fields are still populated in types.Settings for internal use, but are
no longer displayed in the user-facing configuration dialog as they are not
user-configurable.

Changes:
- infrastructure/configuration/template/config.html - Removed 8 read-only fields
- configuration_dialog_preview.html - Updated preview and documentation
- application/server/configuration_smoke_test.go - Removed assertions for hidden fields

All tests passing. The dialog now only shows settings that users can actually
configure, making the UI cleaner and less confusing.
@bastiandoetsch
feat: improve configuration dialog UX and add risk score threshold [I…
37bffef 
…DE-1455]

Major improvements:
- Removed global Organization field (use folder-level instead)
- Removed Automatic Authentication checkbox (managed by IDE)
- Removed SAST Settings field (auto-populated, not user-configurable)
- Corrected Scan Command Config to use proper pre/post scan command structure
- Added Risk Score Threshold field to folder config (0-1000 range)
- Moved Authenticate/Logout buttons adjacent to Token field for better UX

Scan Command Config improvements:
- Replaced incorrect 'Product-Specific CLI Arguments' with proper pre/post scan commands
- Now properly reflects ScanCommandConfig type structure per product
- Each product (OSS, Code, IaC) can have:
  - Pre-Scan Command (command field)
  - Pre-Scan Only Reference Folder (boolean)
  - Post-Scan Command
  - Post-Scan Only Reference Folder (boolean)

UI enhancements:
- Authentication and Logout buttons now inline with Token field
- Cleaner, more intuitive layout
- Better grouping of related controls

Type changes:
- Added RiskScoreThreshold int field to FolderConfig
- Updated Clone() method to include new field

Testing:
- All smoke tests passing
- Fixed test assertions for removed global organization field
- Verified all form fields render and collect data correctly

Files changed:
- internal/types/lsp.go - Added RiskScoreThreshold to FolderConfig
- infrastructure/configuration/template/config.html - Updated UI structure
- infrastructure/configuration/template/scripts.js - Updated data collection logic
- application/server/configuration_smoke_test.go - Fixed assertions
- configuration_dialog_preview.html - Updated preview with all changes
@bastiandoetsch bastiandoetsch changed the title feat: add comprehensive configuration dialog with all settings [IDE-1455] feat: add configuration dialog with all settings [IDE-1455] Nov 21, 2025
@bastiandoetsch
refactor: reduce code duplication and improve maintainability [IDE-1455]
884d858 
- Eliminated 140+ lines of HTML template duplication by implementing template range loops
  for scan command configuration sections (OSS, Code, IaC)
- Refactored 120-line constructSettingsFromConfig into 8 focused helper functions
  for better single responsibility and testability
- Added custom template functions (list, dict) to enable cleaner Go templates
- Removed excessive comments (20 lines → 3 lines) in config_html.go
- Extracted inline styles to CSS classes for better separation of concerns
- Fixed missing Organization field in configuration dialog
- Added Organization input field to authentication section

Impact:
- Improved maintainability: changes to scan config UI now require only one update
- Better testability: individual sections can be tested independently
- Cleaner code: reduced complexity and improved readability
- Zero breaking changes: all existing functionality preserved

Tests: All unit and integration tests passing, 0 linting errors
@bastiandoetsch
fix: properly implement configuration smoke test with LSP server [IDE…
eb2d1cd 
…-1455]

The configuration smoke test was not following the smoke test pattern:
- It wasn't starting the LSP server
- It wasn't using the LSP client to execute commands
- It was just calling the renderer directly (more like a unit test)

Changes:
- Now properly starts LSP server using setupServer(t, c)
- Uses loc.Client.Call() to execute workspace/executeCommand
- Verifies window/showDocument callback is sent with correct URI
- Validates callback parameters (uri, external, takeFocus)
- Follows the same pattern as other smoke tests in server_smoke_test.go

The test now properly validates the full LSP command execution flow:
1. Client sends workspace/executeCommand with snyk.workspace.configuration
2. Server executes command
3. Server sends window/showDocument callback with snyk://settings URI
4. Test validates the callback was sent with correct parameters

Tests: Smoke test passes with SMOKE_TESTS=1
@bastiandoetsch
refactor: improve smoke test to verify actual HTML content from confi…
a67eb6b 
…g state [IDE-1455]

The smoke test now properly verifies the HTML content that would be displayed:

Previous approach:
- Executed command via LSP ✓
- Verified callback sent ✓
- Generated HTML separately with test data (not from actual config)

Improved approach:
- Executes command via LSP ✓
- Verifies window/showDocument callback sent ✓
- Generates HTML from the SAME config state the command uses ✓
- Validates all fields in the actual HTML that would be displayed ✓

This ensures the smoke test validates the actual content that would be shown
in the dialog, using the same config state as the command execution.

Changes:
- Consolidated test into single test function with sub-tests
- Removed duplicate test setup (c and loc were created twice)
- Added clear test section 'Verify HTML Content from Config State'
- HTML verification now uses config state from the same test context
- Fixed linting issue (unnecessary leading newline)

Tests: SMOKE_TESTS=1 go test passes with all sub-tests
@nick-y-snyk nick-y-snyk force-pushed the feat/IDE-1455_configuration-dialog branch from 8b9ff49 to 94678c5 Compare November 28, 2025 18:57
bastiandoetsch
bastiandoetsch commented Dec 8, 2025
View reviewed changes
infrastructure/configuration/template/scripts.js
}
}

// Debounced save - delays save until user stops changing inputs
Copy link
Collaborator Author

@bastiandoetsch bastiandoetsch Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a design requirement to auto-save? It would be highly unusual for Eclipse, Visual Studio and IntelliJ settings.

Copy link
Contributor

@nick-y-snyk nick-y-snyk Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Personal preference
I can roll back to a simple save button or make it configurable

@nick-y-snyk
Copy link
Contributor

nick-y-snyk commented Dec 8, 2025
edited
Loading

  • Drop auto-save, we will use ide specific buttons
  • Add CLI-section (fallback html will be in IDE)
  • unhide pre/post scan section
  • make sure html is aligned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nick-y-snyk nick-y-snyk nick-y-snyk left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bastiandoetsch @nick-y-snyk @rrama