Skip to content

JSON code intelligence and LSP support#3010

Merged
abose merged 3 commits into
mainfrom
ai
Jul 3, 2026
Merged

JSON code intelligence and LSP support#3010
abose merged 3 commits into
mainfrom
ai

Conversation

@abose

@abose abose commented Jul 2, 2026

Copy link
Copy Markdown
Member

This will bring in nodejs package.json code intelligence support.

abose added 3 commits July 2, 2026 23:33
…l+Space keyup

Repeated Ctrl+Space rotates the hint selection - but the keyup of the very
Ctrl+Space that STARTED the session arrives ~100ms after keydown, while an
async provider's deferred is still pending. _updateHintList begins by
rejecting the pending deferred, so the list never appeared: any provider
slower than a keystroke (npm registry lookups, cold LSP completions) lost
this race on every explicit invocation.

Rotate only when results are already showing (deferredHints null); a
pending initial request is left to land.

Regression-checked: LegacyInteg:CodeHintManager 13/13 both with and
without this change (an apparent failure turned out to be OS-focus
flakiness of that suite, not this fix).
…gglies, dep hover

New integrated extension src/extensionsIntegrated/JSONSupport with
WebStorm-class intelligence for JSON files, on the existing multi-server
LSP framework:

1. JSON language server (desktop): vscode-json-language-server (from
vscode-langservers-extracted, resolved via src-node/node_modules/.bin)
with lazy start on the first JSON file and repoint-not-restart on project
switch. Curated schemastore.org associations (package.json, ts/jsconfig,
eslintrc, babelrc, prettierrc, composer, manifests, ...) are pushed via
workspace/didChangeConfiguration after every server up-transition; the
server downloads the schemas itself. Serves all json docs as jsonc
(comment-tolerant, matching real-world tsconfig/.eslintrc), yields
Phoenix pref files to PrefsCodeHints via the new documentFilter, and
opts into completionSnippetSupport (the server refuses to offer
completion without snippet support; insertHint already expands snippets
through TabstopManager).

2. npm package intelligence in package.json (all builds):
- Name completion in dependency keys: registry search in relevance
  order, typed-query emphasis via the standard .matched-hint style,
  descriptions in the reusable side docs popup (showHintDocPopup /
  hideHintDocPopup now exported from DefaultProviders) instead of
  widening the rows. Explicit Ctrl-Space searches the whole token under
  the cursor and skips the typing debounce.
- Version completion in values: the package's real version list newest
  first with ^latest/~latest range shortcuts; typed prefixes filter the
  FULL list (a 5.x prefix surfaces the 5.x train even when the newest 50
  are 7.x) and fall back to newest when nothing matches. Name insertion
  chains straight into version mode.
- Dependency hover (QuickView): registry summary - name, latest version,
  license, description - with Open homepage and a View docs link pinned
  bottom-right that opens the npm page anchored at the DECLARED version
  ("^5.4.11" -> /v/5.4.11, where npm renders that version's README).

3. Vulnerability squigglies: each declared range is resolved to the
version npm would install (semver.maxSatisfying over the real version
list) and checked against npm's bulk security-advisory endpoint (the
npm-audit data source). Severity-mapped (critical/high error, moderate
warning, low info), whole-entry underlines, capped and deduped per dep.
The endpoint has no CORS headers (verified), so desktop goes straight to
the new ph-npm-intel node helper - no doomed browser POST spamming the
console; browser builds try fetch and degrade quietly. scanFileAsync
never blocks on the network: cached results return immediately and a
single-flighted, dep-hash-gated background refresh requestRun()s on
change.

Framework hardening along the way:
- src-node/lsp-client.js answers server-initiated requests (spec-shaped
  null results for workspace/configuration & friends, -32601 otherwise)
  so no server can hang awaiting a reply the browser never sends.
- LanguageClient.sendCustomNotification; per-server documentFilter and
  completionSnippetSupport (per-config client capabilities); _notify now
  logs AND propagates failures so DocumentSync's lost-notification
  resync hardening actually engages.
- Hover typography: the shared .lsp-hover-quickview family (JSON schema
  hover, JS/TS hover, hint docs popup) moves to the 13px+ readability
  baseline; popup headings lose their asymmetric browser margins.

Tests: unit:JSONSupport npm intelligence 18/18 (dep-range scanner,
severity mapping/dedup, registry client with injected fetcher incl.
caching + bulk body, hint context detection, full-list version filter +
fallback, npm page URLs); integration:JSON LSP 3/3 (server syntax
diagnostics, inline-schema validation with no network, advisory
squigglies with fake fetcher); regressions integration:TypeScript LSP
20/20 and LegacyInteg:CodeHintManager 13/13.
…arse it

gulp-minify@3.1.0 bundles terser 3.17 (2019), which predates ES2020
syntax. A single `?? 9` in VulnerabilityInspection.js (part of the core
bundle via extensionsIntegrated) crashed makeJSDist with the line-less
"Cannot read properties of undefined (reading 'replace')" error. Dev
builds run unminified in Chromium, which parses `??` natively - so this
only surfaces in the prod pipeline.

Replaced with an `in`-guarded rank lookup (same semantics: critical maps
to rank 0, which is falsy, so a plain || fallback would mis-sort it -
covered by the existing dedup/sort spec).

Swept all shipped src for other ES2020+ syntax (?. / ?? / logical
assignment): this was the only real occurrence. Constraint: shipped src/
must stay at ES2019 syntax until the minifier is upgraded; src-node,
tests and src-mdviewer are exempt.

releaseProd now completes: 53s, dist size validation green (72.94 MB).
unit:JSONSupport 18/18.
@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

@abose abose merged commit a2a1c00 into main Jul 3, 2026
7 of 22 checks passed
@abose abose deleted the ai branch July 3, 2026 05:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant