8000 fix: resolve Mermaid CSP errors with enhanced bundling strategy by KJ7LNW · Pull Request #3681 · RooCodeInc/Roo-Code · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: resolve Mermaid CSP errors with enhanced bundling strategy #3681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: resolve Mermaid CSP errors with enhanced bundling strategy #3681

wants to merge 1 commit into from
+39 −2

Conversation

KJ7LNW
Copy link
Collaborator
@KJ7LNW KJ7LNW commented May 16, 2025
edited by ellipsis-dev bot
Loading

Context

Mermaid diagrams were causing CSP errors in the webview because Mermaid was attempting to dynamically load chunks from the webview's origin. This PR implements an enhanced bundling strategy to resolve these errors.

Implementation

This PR implements a more robust bundling strategy for Mermaid diagrams to prevent dynamic chunk loading at runtime:

  1. Added a custom manualChunks function in vite.config.ts to consolidate all Mermaid code and its dependencies (like dagre) into a single bundle named mermaid-bundle.js
  2. Added Mermaid and dagre to optimizeDeps.include for pre-bundling
  3. Customized chunkFileNames to ensure predictable output
  4. Removed incorrect static imports in MermaidBlock.tsx and reordered imports

The solution ensures that all Mermaid-related code is part of the initial JavaScript load, served via vscode-webview-resource: URIs, which are permitted by the existing Content Security Policy.

How to Test

  1. Build the webview UI: cd webview-ui && npm run build
  2. Reload the VS Code extension: Command Palette > "Developer: Reload Window"
  3. Test rendering various Mermaid diagrams (flowchart, sequence, class, state, gantt, pie)
  4. Open the webview developer console and verify there are no net::ERR_ACCESS_DENIED errors or CSP violations related to Mermaid chunks

Get in Touch

Discord: KJ7LNW

Important

Resolve Mermaid CSP errors by consolidating Mermaid and dependencies into a single bundle using Vite's enhanced bundling strategy.

  • Bundling Strategy:
    • Added manualChunks in vite.config.ts to consolidate Mermaid and dependencies (e.g., dagre) into mermaid-bundle.js.
    • Added Mermaid and dagre to optimizeDeps.include for pre-bundling in vite.config.ts.
    • Customized chunkFileNames in vite.config.ts for predictable output.
  • Code Changes:
    • Removed incorrect static imports in MermaidBlock.tsx and reordered imports.
    • Relied on Vite's bundling configuration for loading Mermaid code in MermaidBlock.tsx.

This description was created by Ellipsis for ddea899. You can customize this summary. It will automatically update as commits are pushed.

fix: resolve Mermaid CSP errors with enhanced bundling strategy
ddea899 
Implements a more robust bundling strategy for Mermaid diagrams to prevent
dynamic chunk loading at runtime, which was causing CSP violations.

Key changes:
- Added manualChunks function in vite.config.ts to consolidate all Mermaid
  code and dependencies into a single bundle
- Added mermaid and dagre to optimizeDeps.include for pre-bundling
- Customized chunkFileNames to ensure predictable output
- Removed incorrect static imports in MermaidBlock.tsx

This resolves the CSP errors where Mermaid was attempting to dynamically
load chunks like chunk-RZ5BOZE2.js and channel.js from the webview origin.

Fixes: cline#3680
Signed-off-by: Eric Wheeler <roo-code@z.ewheeler.org>
@KJ7LNW KJ7LNW requested review from mrubens and cte as code owners May 16, 2025 21:45
@changeset-bot changeset-bot
Copy link
changeset-bot bot commented May 16, 2025

⚠️ No Changeset found

Latest commit: ddea899

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. bug Something isn't working labels May 16, 2025
@hannesrudolph hannesrudolph moved this from New to PR [Pre Approval Review] in Roo Code Roadmap May 20, 2025
@KJ7LNW
Copy link
Collaborator Author
KJ7LNW commented May 21, 2025

Fixes: #3680

@hannesrudolph hannesrudolph moved this from PR [Needs Review] to TEMP in Roo Code Roadmap May 26, 2025
@daniel-lxs daniel-lxs moved this from TEMP to PR [Needs Review] in Roo Code Roadmap May 27, 2025
@daniel-lxs
Copy link
Collaborator

Hey @KJ7LNW, thank you!

Looks like this solves the issue, I don't see this anymore:
image

Just curious, does this increase the bundle size at all? Should we look out for this or is it negligible?

@daniel-lxs daniel-lxs moved this from PR [Needs Prelim Review] to PR [Needs Review] in Roo Code Roadmap May 30, 2025
@KJ7LNW
Copy link
Collaborator Author
KJ7LNW commented May 30, 2025

Hey @KJ7LNW, thank you!

Looks like this solves the issue, I don't see this anymore: ![image]

Just curious, does this increase the bundle size at all? Should we look out for this or is it negligible?

I do not know what the size difference looks like, but it does load all the mermaid code into the webview.

Subjectively, this has the side effect that mermaid diagram seem to load faster and renders more smoothly while scrolling.

@KJ7LNW
Copy link
Collaborator Author
KJ7LNW commented May 30, 2025

You can sort of think of this as analogous to the audio pull request (#3470) where sound output was moved into the webview instead of the backend.

@daniel-lxs
Copy link
Collaborator
daniel-lxs commented May 30, 2025
edited
Loading

Could this potentially aggravate the memory issues we are having on the webview?

Let's say the code is not as small as we think, I think it makes sense to at least have an idea of the impact.

@KJ7LNW
Copy link
Collaborator Author
KJ7LNW commented May 30, 2025

Let's say the code is not as small as we think, I think it makes sense to at least have an idea of the impact.

I had the model build with and without and the results are surprising. The effect of bundling it introduced optimizations that reduce the size. This is the model evaluation with a full clean between two different builds and compared the output size:

The decrease in total bundle size (from 43M to 42M) despite consolidating Mermaid code into a single bundle is counter-intuitive but technically explainable through several optimization mechanisms:

  1. Elimination of Chunk Overhead: Each separate JavaScript chunk includes its own wrapper code, module loading logic, and metadata. When we reduced the total chunks from 326 to 283, we eliminated 43 chunks worth of this overhead.

  2. Deduplication of Shared Dependencies: When Mermaid was split across multiple dynamic chunks, shared dependencies might have been duplicated across chunks. For example:

    • Before: chunk-A.js and chunk-B.js might each contain copies of the same utility functions
    • After: In mermaid-bundle.js, these utilities appear only once

  3. More Effective Tree-Shaking: When the bundler can see all Mermaid code together, it can better determine which parts are actually used:

    • Before: The bundler had to be conservative about what to include in each chunk
    • After: With a complete view of dependencies, unused code is more effectively eliminated

  4. Removal of Dynamic Import Machinery: Dynamic imports require additional runtime code to handle asynchronous loading, dependency resolution, and error handling. This machinery is no longer needed with the consolidated approach.

  5. Improved Compression Efficiency: Larger, consolidated files often compress better than many small files, as compression algorithms can find more patterns across a larger dataset.

  6. Optimized Import Boundaries: The manual chunking strategy defined in the commit creates more optimal boundaries between chunks based on actual dependency relationships rather than arbitrary splitting.

The log shows that while we created one large 2.5M Mermaid bundle, we eliminated multiple smaller chunks that together exceeded this size. This demonstrates that bundling strategies that prioritize fewer, more logically grouped chunks can sometimes be more efficient than highly granular dynamic splitting.

@daniel-lxs
Copy link
Collaborator

Looks good to me, thank you for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
bug Something isn't working PR - Needs Review size:M This PR changes 30-99 lines, ignoring generated files.
Projects
Roo Code Roadmap
Status: PR [Needs Review]
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KJ7LNW @daniel-lxs
0