All notable changes to PortScope will be documented in this file.
- Multi-Port Log Interleaving — The
logscommand now supports unified tailing. By passing multiple comma-separated ports (e.g.,portscope logs 3000,5000) or using the--allflag (portscope logs --all), PortScope will dynamically multiplex logs from all active development processes into a single terminal window. Each stream is color-coded and prefixed (e.g.,[node :3000]), and the internal line-buffer ensures that high-throughput outputs, like JSON stack traces, do not tear or inject tags mid-line.
- Instant Provider Revocation — The
/revokecommand now supports an optional provider argument (e.g./revoke openai). Passing the provider name automatically bypasses the interactive confirmation prompts and instantly revokes the associated key for seamless workflow. - Live Mode for
listCommand — Completely redesigned thelist --livepolling architecture. Separated the heavy background process/port polling (updates every 2 seconds) from the terminal UI rendering loop (updates every 1 second). This allows processUPTIMEto tick flawlessly per-second for a significantly smoother and more responsive terminal experience.
- Release Automation Formatting — Restructured the
release.tomlfile to inject the official PortScope Hero Banner and standardized markdown headings natively into GitHub Release notes for future automated versions. - Robust Signal Handling — Deep architectural reliability optimizations targeting OS-level signal handling to ensure graceful process termination and interrupt catches across varied terminal environments.
- Usage Metrics Persistence — Fixed a critical bug where
/usagemetrics were resetting entirely upon exiting the interactive session. Telemetry data now correctly syncs to~/.portscope/metrics.jsonvia nativefsmethods, accurately tracking LLM token consumption, costs, and context compactions indefinitely. - Windows Watch Mode Interrupts — Resolved an issue affecting Windows users where interrupting
watchmode failed to correctly catch signals and terminate associated sub-processes, resulting in stalled terminal states.
- Dependabot Automation — Configured
.github/dependabot.ymlfor weekly ecosystem package updates and automatic PR generation for both the core CLI tool and the React website. - Website CI Checks — Added a
test-websitejob to.github/workflows/pr-checks.ymlthat automatically lints and builds the React website on every pull request. - Explicit Cancellation Option — Added a
0(Exit/Cancel) option to the model selection prompt in interactive mode, allowing users to back out gracefully without selecting a model. - Live Pricing Synchronization — Enhanced the
/usagedashboard to auto-sync LLM pricing data seamlessly in the background. The CLI now performs an unawaited, asynchronous fetch to pull the latestllm-pricing.json(maintained every 12h via GitHub Actions) directly from the repository if the local user cache is older than 24 hours. This ensures cost estimates remain completely accurate for existing users without requiring a CLI update.
- Node 18 CI Deprecation — Dropped Node 18 from the GitHub Actions (
pr-checks.yml) test matrix to focus CI test cycles exclusively on active LTS (Node 20) and current (Node 22) environments. - PNPM CI Migration — Fully migrated GitHub Actions pipelines (
pr-checks.yml,coverage.yml,deploy-website.yml,release.yml) fromnpmtopnpmusing native cache configuration for significantly faster builds. - Model Discovery Strict Filtering — Overhauled the model fetching logic (
src/config/models.js) with a strictcleanModelListsanitizer. Actively filters out non-chat capabilities (e.g.,transcribe,tts,diarize,search,image, and experimentalossvariants) ensuring only relevant conversational models are displayed in the CLI. AddedmodelsUrltoschema.jsfor OpenAI and Gemini for dynamic discovery. - Advanced Pricing Resolution — Rewrote cost estimation logic in
src/ai/usage.jsto ingest the dynamically syncedsrc/data/llm-pricing.json. Replaced basic fallback mapping with an intelligentgetRates()resolver that automatically accounts for provider prefixes and model variations. - UI Aesthetics & Alignment — Upgraded the provider-flow prompts to use rich
chalk.bgGreen(✔) andchalk.bgRed(✕) block icons for action feedback. Fixed terminal spacing and alignment for API key outputs. Adjusted ASCII banner spacing. - Test Coverage & Error Styling — Expanded native Node.js test suite with robust UI formatting (
src/ui/format.js) and error sanitation (src/config/sanitize-error.js) coverage. Replaced basicsanitizeErrorglobally with styledformatChatError. Reached 296 total tests with 100% test coverage in targeted files, pushing overall line coverage past 50.90%.
- Documentation Links — Fixed malformed paths to the
CONTRIBUTING.mdandAI_USAGE_POLICY.mdfiles acrossREADME.mdandCODE_OF_CONDUCT.md.
- Auto-Compaction — Added an auto-compaction feature that silently resets tracking usage to 15% when context consumption hits 85% of the total limit (128k tokens) to maintain a lean UI and handle usage visualization.
- Context Compaction Metric — The
/usagedashboard now tracks and prominently displays the number of⟲ Context Compactionscycles during long chat sessions. - GitHub Actions Test Coverage — Added
.github/workflows/coverage.ymlto automatically execute the test suite using Node 20's native--experimental-test-coveragecapability, ensuring reliable test coverage tracking on all pushes and PRs without external dependencies. - Release Automation Config — Added standardized
release.tomlconfiguration to root to support modern automated release tooling and CI/CD pipelines.
- Persistent Kill History — Saves details of killed dev processes to
~/.portscope/kill-history.jsonwith a 24-hour expiration window. Allows restarting previously-killed ports even if no active process is currently running on them. - Dynamic Dev Command Relauncher — Resolves the exact package manager and start/dev script (e.g.
pnpm run dev,npm run dev,yarn dev) when restarting processes, falling back to framework-specific native commands for non-Node ecosystems (Django, Flask, Rails, Go, Rust, etc.). - Process Autoreload Mode — Added a
--autoreload/--arflag towatchmode. Automatically restarts crashed dev processes using their recorded start commands. - OS-Aware System Process Guard (
src/scanner/system-guard.js) — Blocks PortScope from sending signals (killing, pausing, resuming) to critical OS processes (PIDs 0/1, launchd, systemd, sshd, kernel_task, smss, csrss, svchost, etc.). Prevents system instability with specific warning alerts. - Interactive Tree Prompt Styling — Reshaped interactive confirmation prompts (like
Enable autoreload?andAllow AI to execute...) to use the connected box-tree layout matching AI response bubbles. Indents subsequent AI responses dynamically to represent child levels. - Automated Secrets Scan (
.github/workflows/secrets-scan.yml) — Integrated official Gitleaks security scans into GitHub Actions to scan pull requests and branch pushes, preventing credential or API key leakage.
- Double Input in REPL Prompts — Fixed a bug where readline prompts inside the REPL received duplicate keystrokes due to multiple readline instances listening on
process.stdin. Reuses the active REPL readline interface. - SIGINT / Ctrl+C Event Leaks — Ensured that cancelling prompts using Ctrl+C safely recovers and returns control back to the active REPL prompt instead of exiting the entire CLI session.
- IPv6 Bind Address Resolution — Fixed IPv6 bind address parsing across platform layers (macOS, Linux, and Windows) to properly handle bracketed formats like
[::]and[::1], falling back cleanly to0.0.0.0or custom loopback.
- Port Connection Topology — New
get_port_connectionsAI tool detects and displays live connections between local ports (e.g., Next.js frontend on:3000↔ Flask backend on:5000). Implemented via nativelsof(macOS),ss/netstat(Linux), andnetstat(Windows). Returns a full connection map annotated with process names and frameworks. - Pre-Transmission Data Sanitizer (
src/config/sanitize-data.js) — All tool results are scrubbed of secrets before leaving the machine. Redacts API keys (sk-*,api_*), Bearer tokens, JWTs, database connection strings (Postgres, MongoDB, Redis, MySQL, AMQP), PEM private key blocks, AWS access key IDs, sensitive env var assignments (*_KEY=,DATABASE_URL=, etc.), and long hex strings. Supports user-configurable custom patterns viasanitizePatternsinportscope.config.json. - Client-Side Intent Classifier (
src/ai/intent.js) — Zero-latency local classifier runs before every AI call. Detects and blocks prompt injection attempts (identity overrides, DAN/jailbreak, delimiter injection, system prompt extraction), off-topic queries (non-port questions), and vague inputs. Greetings pass directly to the AI; vague inputs show contextual hints but still forward to AI so the user always gets a response. - Sliding-Window Context Compaction (
src/ai/context.js) — Keeps the last 3 conversation turns verbatim ("hot zone") and compacts older tool results into 1-line summaries for transmission. Strips null fields recursively before serialization. Configurable viamaxContextTokens(default: 32000 tokens). - Human-Readable Tool Status Labels — Tool execution status lines now display friendly labels instead of raw function names (e.g.,
⚡ Scanning ports...instead of⚡ list_ports...). All 11 tools have bespoke labels; unknown tools fall back to underscore-to-space conversion. - New Test Suites — Added 69 new tests across 4 new test files:
tests/context.test.js(13),tests/intent.test.js(31),tests/sanitize-data.test.js(21),tests/topology.test.js(6). Total suite now at 278 tests, 0 failures.
- Tool Status Bolt Color — The
⚡indicator during tool execution is now rendered inchalk.rgb(185, 148, 0)(deep amber) across all rendering paths (TTY glow animation, verbose mode, non-TTY fallback). The glow animation pulses through the amber spectrum for a refined visual. - Smart Log Trimming —
view_logstool no longer hard-caps lines. Instead it trims dynamically from the tail within an 8KB character budget (~2000 tokens), preserving diagnostic integrity and appending a[... N earlier lines omitted]marker only when trimming occurs. - Command Field Truncation —
inspect_portdetailed results now truncate the raw process command to<exe-basename> … (N chars)when it exceeds 80 characters, preventing Electron/Chromium processes from producing absurdly wide table cells. - Config Schema — Added
ai.maxContextTokens(default:32000) andai.sanitizePatterns(default:[]) toDEFAULT_CONFIGinsrc/config/schema.js. - System Prompt Hardening — AI system prompt now explicitly forbids DAN mode, jailbreak, and developer mode. Identity is declared immutable. Added vague-query and greeting handling guidelines.
- Verbose Mode — Tool status line in verbose mode now shows
⚡ Friendly Label · raw_tool_nameso power users retain full visibility without compromising the default UX.
- Greetings Blocked as Vague —
hi,hello,heywere incorrectly caught by the vague-input classifier and silently returned a suggestion block with no AI response. Greetings are now classified asport_queryand forwarded to the AI. clearTreated as Unknown Input — Theclearcommand was being routed through intent classification instead of the direct command handler.- Hallucinated Port Labels — When a query contained nonsense words (e.g., "abra cadabra ports"), the AI would echo the phrase back as a fictional category name above real port data. A new Data Fidelity section in the system prompt instructs the model to strip meaningless filter words and present tool results without invented framing.
src/ai/conversation.jsModularized — The 895-line monolith is split into five focused ES modules.conversation.jsitself is now a 4-line re-export barrel with zero logic. New files:src/ai/prompt.js—SYSTEM_PROMPTconstant (standalone, easy to edit)src/ai/chat.js—startChat()REPL loopsrc/ai/slash-commands.js—handleSlashCommand()+printSlashHelp()src/ai/provider-flow.js—switchProvider(),revokeApiKeyFlow(),browseModels(),printChatHeader(),printStatus()src/ai/tool-loop.js—processConversation()with internalcallAIWithSpinner()andexecuteToolCall()helpers extracted for clarity
- Zero breaking changes — all external callers (
src/commands/chat.js,src/commands/interactive.js) import fromconversation.jsas before; the barrel re-exports the same public API.
portscope restart <port>— Kill and relaunch a process using its original command and working directory. Works from the CLI (portscope restart 3000), the interactive REPL (restart 3000), and via natural language through the AI (restart_processtool). Supports--force/-fflag forSIGKILL. Includes Docker-process guard, quote-aware command parser (noshell: true), and dual polling loops that wait for the port to become free before relaunching and then confirm the new PID is bound.restart_processAI tool — New tool available to all AI providers and MCP clients. Marked as destructive (requires confirmation in interactive mode, runs headlessly via MCP).
- MCP server version hardcoded — The MCP server was advertising
version: "1.7.0"as a literal string. Now reads fromsrc/version.js(which sourcespackage.json) so MCP clients always see the correct version without a manual edit per release. - Cerebras default model in README — The supported-providers table listed
llama3.3-70bfor Cerebras; corrected tollama-4-scout-17b-16e-instructto matchsrc/config/schema.js.
- MCP Server Support — PortScope can now act as a Model Context Protocol (MCP) server! This allows external AI agents (like Claude Desktop, Cursor) to securely use PortScope's port scanning and process management tools.
- Dual Transports for MCP — Fully supports both
stdio(for local MCP clients) andsse(Server-Sent Events, for remote/network orchestration). - Headless Execution — Added a
headlessmode to bypass interactive CLI prompts for destructive actions when tools are invoked over MCP, gracefully deferring confirmation to the MCP client. - MCP Prompts — Added
portscope-helpprompt to provide immediate usage examples and syntax guidelines to connected AI agents. - MCP Resources — Added
portscope://statusresource endpoint for real-time monitoring of the MCP server's uptime and memory usage. - MCP Environment Configuration — The server now parses
.envautomatically, allowing you to setPORTSCOPE_MCP_PORTto configure the SSE server port.
- Ctrl+C Ghost Process Fix — Resolved a critical UI lifecycle bug where hitting
Ctrl+Cduringwatchmode inside the interactive REPL would incorrectly close the globalreadlineinterface. Thewatchinterval would continue running as a hidden "ghost" process, dumping logs sporadically.Ctrl+Cnow correctly forwardsSIGINTdirectly to the active command, cleanly stoppingwatchand instantly returning you to the main prompt.
- Watch Mode Metrics Upgrade — Greatly enhanced
watchmode with live readouts for Memory Usage (RAM), Process Uptime, Bind Address (127.0.0.1 vs 0.0.0.0 network exposure), Process ID (PID), and active Bandwidth / Throughput (↑...B/s ↓...B/s).
- Direct AI Answers — Adjusted the AI assistant's system prompt to enforce "Direct Answers First". The assistant will now provide direct conversational answers to explicit questions (e.g., "what process is consuming max ram?") before outputting summary tables, making it feel much more intelligent.
- Watch Mode UI Refinements — Streamlined the
watchinterface by fusing process name and PID, simplifying update labels, and perfectly aligning columns by keeping the throughput metrics locked in position and dynamically appending request rates to the very end of active server rows. - Layout Jitter Fixes — Resolved severe initial layout jitter and misalignment in
watchmode by pre-seeding existing ports and keeping column reservations consistent.
- System Telemetry Tool — Added
get_system_stats()AI tool utilizing the native Node.jsosmodule to fetch system-wide CPU load, memory pressure, and available RAM, enabling the assistant to diagnose machine-level performance bottlenecks. - Self-Elevating Sudo Interceptor — Automatically intercepts permission denied (
EPERM) errors for root-owned processes. Dynamically prompts the user (❯ Run this action with sudo? [y/N]) inside the REPL, temporarily elevating permissions to fetch logs or terminate protected processes without requiring a full CLI restart.
- Aesthetic Telemetry Output — The AI now formats system diagnostic data natively as a highly styled Markdown table with color-coded status emojis (🟢 Normal, 🟡 Moderate, 🔴 High) and encapsulated blockquote summaries.
- Smart Metric Colorization — Upgraded the custom Markdown renderer to automatically color-code status keywords (Normal, Moderate, High, Critical) in AI responses. Engineered a negative lookbehind/lookahead regex to safely ignore hyphenated compound words (e.g.,
high-memory). - Blockquote Wrapping & Styling — Improved Markdown blockquote (
>) rendering in the terminal. Blockquotes are now properly wrapped viawrapAnsito prevent layout breaking, padded accurately, and prefixed with a vibrant💡icon for a premium UX.
- Verbose & Streaming AI — Added a
/verboseinteractive toggle and--verboseCLI flag to enable real-time SSE streaming for supported AI providers (Anthropic, OpenAI, OpenRouter, NVIDIA, Cerebras, Groq). Displays real-time progress indicators, token metrics, latency stats, and detailed tool execution data. Falls back gracefully to non-streaming. - Contextual Port Suggestions — Enhanced the ghost-text interface to intelligently suggest active port numbers from a cached list when typing port-accepting commands (
kill,pause,resume,logs,inspect). Typekill 3to auto-suggestkill 3000if port 3000 is active.
- History File Crash — Resolved a crash on startup where legacy, corrupted history entries missing a
conversationIdcaused the CLI to fail during initialization. - Interactive Mode ID Sync — Fixed an issue where new conversations started in interactive mode lacked a unique
conversationId, preventing them from properly saving their chat history. - Ghost-text Rendering Conflict — Fixed terminal UI artifacts and overlapping text bugs caused when readline processed Tab or Enter key completions simultaneously with the custom suggestion renderer.
- Logs Fall-Through Bug — Patched a fall-through execution bug in the
logscommand that caused the CLI to display misleading secondary status messages after successfully tailing logs. - React/Vite Port Identification — Improved framework detection to prioritize React over Vite and explicitly detect Create React App (
react-scripts), ensuring accurate environment tagging for React applications.
- Smart System Prompt — The AI system prompt is now more conversational when asked about its core capabilities (e.g., "what can portscope do?"), overriding the restrictive greeting fallback to provide helpful command summaries.
- Invalid API Key Error - Fixed a bug where the CLI would crash when an invalid API key was provided for an AI provider. The CLI now prompts the user to clear the invalid API key and restart the CLI.
- Environment Detection — PortScope now automatically detects and displays the runtime environment (development, production, test, staging) for each process. Added new
ENVcolumn in the port table betweenFRAMEWORKandUPTIME, showing color-coded environment indicators: green (dev), yellow (prod), blue (test), magenta (stage). - Live Traffic Visibility in Watch Mode —
portscope watchnow displays active connection counts and request rates (req/s) for each port in real-time. Shows connection metrics when ports are discovered and updates when traffic patterns change, helping identify load issues and monitor live traffic without additional tools. - Added Autocomplete Suggestions — Implemented intelligent autocomplete suggestions for slash commands and direct commands as you type, similar to fish shell's autosuggestions. Press right arrow or Ctrl+E to accept suggestions. No third-party dependencies required.
- Enhanced Help UI — Updated help text section headers with vibrant orange color (
rgb(255, 140, 0)) for better visual hierarchy and improved readability. Sections "Direct Commands", "AI & Config", and "History & Export" now stand out prominently. - Comprehensive Environment Detection — Supports 15+ frameworks including Node.js (Next.js, Vite, Nuxt), Python (Django, Flask, FastAPI), Ruby (Rails), and detects from environment variables (
NODE_ENV,RAILS_ENV,DJANGO_SETTINGS_MODULE), command-line flags (--env=,--mode=,--production), and process patterns (npm scripts, nodemon, pm2, gunicorn). - API Key Masking — Enhanced security by automatically masking API keys when displayed in the CLI. Keys now show only the first 5 and last 4 characters (e.g.,
sk-12***************mnop), preventing exposure during screen sharing, screenshots, or shoulder surfing. Applies to all cloud providers (Anthropic, OpenAI, Gemini, OpenRouter, NVIDIA, Cerebras, Groq) while preserving "local" for Ollama. Visible in/providersetup flow and/statuscommand output. - Provider Switch Confirmation — Added safety warning when switching AI providers mid-conversation. Users are now prompted to confirm before switching, preventing accidental loss of conversation history. The warning displays when active messages exist and offers the option to cancel. Upon confirmation, conversation history is automatically cleared and usage metrics are reset.
- Error Sanitization — Implemented comprehensive error message sanitization to prevent sensitive data leakage in logs and error displays. Automatically redacts API keys, Bearer tokens, Authorization headers, JWT tokens, base64-encoded credentials, and long hex strings from all error messages. Protects against accidental exposure of secrets in error logs, stack traces, and console output.
- API Key Revocation — Added a dedicated
/revokecommand to securely remove configured API keys from local storage. The interactive flow displays active keys, requires confirmation, and gracefully resets the active provider if its key is revoked.
- Command Alignment — Improved visual alignment in interactive mode so command shortcuts align perfectly with the "Ask" text above for better readability.
- Test Suite Expansion — Expanded test coverage from 120 to 207 tests, adding 31 environment detection tests, 7 format tests, 14 ghost text suggestion tests, 10 API key masking tests, 4 provider switch confirmation tests, and 21 error sanitization tests. All tests passing with zero failures.
- Enhanced Watch Mode Alignment — All columns in watch mode now align perfectly with right-aligned numeric values. Process names are left-padded to a consistent width, connection counts and request rates stack vertically, and separators line up across all rows for improved readability.
- Improved Status Display — The
/statuscommand now shows masked API keys with enhanced formatting, displaying a checkmark with the masked key for configured providers, "✓ local" for Ollama, and "✕ missing" for unconfigured providers. - Safer Provider Switching — Switching AI providers now requires explicit confirmation when an active conversation exists, preventing accidental data loss. Conversation history and usage metrics are automatically cleared after confirmation.
- UI Aesthetics — Replaced the legacy 3x3 dot grid spinner with a sleek single-line braille spinner and added a dynamic ghost text shimmer effect to the AI loading verb for a more premium feel.
- Secure Error Handling — All error messages throughout the application are now automatically sanitized before display, preventing accidental exposure of API keys, tokens, and other sensitive credentials in error logs and console output.
- Markdown Table Alignment — Resolved a visual bug where terminal table borders were misaligned by 2 spaces due to inconsistent padding logic between the markdown renderer and the interactive console loop.
- Model Selection Persistence — Fixed a bug where selecting an AI model via the interactive
/modelpaginated list failed to save the choice to the configuration file, causing the CLI to revert to the previous model upon restart. - Watch Command Ctrl+C Crash — Resolved critical bug where pressing Ctrl+C in watch mode would cause
ERR_USE_AFTER_CLOSEreadline error. Fixed by usingprocess.once()instead ofprocess.on()for SIGINT handlers and adding readline state checks before prompting. Watch command now exits cleanly without crashes. - SIGINT Handler Conflicts — Eliminated conflicting SIGINT handlers between interactive mode and watch command that caused readline interface to close prematurely. Added proper cleanup with
process.off()to remove handlers after use. - Readline State Management — Added defensive checks (
!rl.closed) in 5 critical locations throughout the interactive prompt loop to prevent attempting operations on closed readline interfaces. - Lingering Spinner on Auth Error — Fixed a bug where the "Flowing..." spinner would linger on the console when an AI provider returned an authentication error (like an expired API key). The execution loop now properly guarantees cleanup using
try...finallyblocks. - Conversation State Corruption — Fixed a bug where an API or authentication error would leave unanswered user prompts in the conversation history. The application now intelligently removes failed user inputs from the history, allowing users to cleanly retry their prompts after fixing their credentials.
- New Modules:
src/scanner/environment.js(350 lines),src/ui/ghost-text.js(290 lines),src/config/mask.js(25 lines),src/config/sanitize-error.js(70 lines) - New Tests:
tests/environment.test.js(31 tests),tests/format.test.js(7 tests),tests/ghost-text.test.js(14 tests),tests/mask.test.js(10 tests),tests/provider-switch.test.js(4 tests),tests/sanitize-error.test.js(21 tests) - Cross-Platform: Environment detection works on Linux (reads
/proc/<pid>/environ), macOS (usesps eww), and Windows (limited support viawmic) - Security: API keys stored in
~/.portscope/.envwith file permissions set to0o600(read/write owner only). All error messages automatically sanitized to prevent credential leakage. Supports redaction of API keys (sk-, api_, key_*), Bearer tokens, Authorization headers, JWT tokens, base64 credentials, and hex strings. - UX Enhancement: Provider switching now includes conversation state validation and automatic cleanup
- Expanded AI Ecosystem — Added full support for Google Gemini, Cerebras, and Groq inference providers, expanding the total provider count to 8. Integrated their respective fast-inference models and custom API authentication schemas.
- Empty State Modernization — Replaced basic text "Not Found" terminal messages for inactive port/process views with professional, high-fidelity ASCII "Bento" UI panels.
- Unified Observability Dashboard — Consolidated additional metrics into the main
/usagecommand. Introduced a beautifully engineered 128k context utilization grid and real-time connectivity status metrics. - Model-Specific Usage Persistence —
portscopenow automatically saves and persistssessionmetrics to~/.portscope/metrics.json. Usage stats remain intact across restarts, automatically resetting only when a different AI provider or model is explicitly selected.
- Animated Process Spinner — Replaced static UI indicators with an animated 3×3 spiraling grid (
src/ui/spinner.js) that uses over 140 randomly selected, fun action verbs. - Token & Cost Tracking — Implemented
src/ai/usage.jsto accumulate token consumption across all providers and estimate session costs via a new/usageslash command. - Conversation History & Export — Automatically saves AI sessions locally. Introduced
/history,/load <n>, and/export [md|html|txt]commands to easily restore or save conversations. - Vision Model Support — Added
src/ai/image.jsto automatically extract and base64-encode image paths (e.g.,.png,.jpg) provided in chat, seamlessly passing them to supported multimodal LLMs. - Micro-Animations — Added
src/ui/animate.jsto provide high-end CLI visual flair, including staggered text reveals for help menus and flashing success indicators for commands like/clear.
- Security Hardening — Mitigated shell injection vulnerabilities by introducing strict integer checks for PIDs and shell-safe path sanitization (
src/scanner/sanitize.js). - File Permissions — Local configurations and environment variables (
.env,config.json) are now strictly generated with0o600permissions inside a0o700restricted~/.portscopedirectory. - API Resilience — Integrated exponential backoff and retry mechanisms into
src/ai/client.jsto gracefully handle transient network timeouts or 502 Bad Gateway errors. - Graceful Shutdowns — Fixed process lifecycle bugs in
watchandlogscommands where hardprocess.exit(0)calls were creating zombie processes. Signal handlers now allow the event loop to drain naturally.
- Patched a prototype pollution vulnerability inside the internal
deepMergeutility. - Resolved an issue in the
.envparser where inline comments were not safely stripped. - Fixed an
exportbug where unreferenced variables caused errors when no previous text messages existed. - Added explicit
npm teststep to CI workflows to prevent regressions. Test suite expanded to 120 robust tests.
- Product Website — Developed a fully responsive, single-page product website using React, Vite, and Tailwind CSS (
/website) - Aesthetic UI Components — Added a dynamic
PackageInstallerTabscomponent modeled after premium IDE terminals, glassmorphic feature grids, and a rich 4-column aesthetic footer - Fluidic Background Canvas — Integrated a highly customized
CrypticFluidBackgroundcomponent utilizing HTML5 Canvas and complex sine waves to simulate a matrix-like faded fluidic flow that dynamically adapts to both light and dark themes - Circular View Transitions — Replaced standard dark mode crossfades with a native
document.startViewTransitionAPI implementation, providing a flawless expanding radial gradient effect - GitHub Pages CI/CD — Configured
.github/workflows/deploy-website.ymlto automatically build and securely deploy the Vite React app toneilblaze.github.io/portscopewhenever changes hit thewebsite/directory
- Refined typography by adopting the clean, geometric
Lexendfont across all feature headers - Updated Vite configuration to inherently resolve relative
/portscope/asset paths for seamless GitHub Pages routing
- Mocking Scripts — Added
mock-healthy.sh,mock-orphaned.sh,mock-paused.sh, andmock-multiple.shin thescripts/directory to natively simulate deterministic port states for robust local QA testing - Contributor Guidelines — Mapped explicit codebase setup, testing loops, and CI deployment instructions via
.docs/CONTRIBUTING.md
- Batch AI Permitted Confirmations — Elevated the
kill_processtool parameter schema from a solitarytargetto a bulktargetsarray object. This allows the internal LLM executor to loop destructively in the background under a single, unified user prompt (e.g., "kill ports 2400-2410"), massively reducing prompt fatigue - Eager Natural CLI Intent Clashes — Resolved a highly confusing bug where typing "list ports again" or "kill ports ... " locally broke the direct-command router simply because they started with standard CLI keywords. Natural sentences explicitly bypass the command regex engine now, seamlessly falling through to the AI
- Repetitive ASCII Banner Spam — Suppressed visual dashboard logo repainting conditionally inside
src/ui/tables.jsandsrc/commands/interactive.js, so typing explicit CLI functions dynamically renders isolated grids without the distracting logo banner jumping continuously - Markdown Table Alignment Gap — Buffered left-padded alignment spaces (
" ") dynamically for AIcli-table3outputs ensuring rigid visual uniformity with the rest of the application - Invisible Sandbox Nodes — Explicitly whitelisted UNIX socket binaries (
nc/netcat) insidesrc/scanner/utils.js, guaranteeing local shell mock environments render by default without requiring--all - 422 Sigstore Check & 403 Git Actions Loop — Pushed complete automated release modifications connecting seamlessly to
npm.pkg.github.qkg1.topusing nestedGITHUB_TOKENexplicit scope - Horizontal Terminal Overflows — Segregated the UI direct commands help bar spanning across two layers to inherently prevent jarring narrow-terminal text breaks
- MLOps & Inference Server Detection — PortScope now recognizes
vLLM,Triton Inference Server,Ollama,llama.cpp,LM Studio,Jupyter(Notebook/Lab),TensorBoard,Gradio,Streamlit, andMLflowvia command heuristics, Docker image matching, and process name detection - Ollama (Local AI) Provider — air-gapped, cost-free AI chat using local Ollama models (e.g.,
llama3,qwen2.5-coder). Auto-detectshttp://localhost:11434— no API key required. Select via/provider→ Ollama - Process Pause/Resume —
portscope pause <port|pid>sendsSIGSTOPto suspend a process;portscope resume <port|pid>sendsSIGCONTto resume it. Useful for temporarily freeing resources (e.g., pausing a 10GB inference server to run a Docker build) - Test Suite —
npm testruns 102 tests using Node.js built-innode:testrunner (zero new dependencies). Covers framework detection, utility functions, config schema, and signal dispatch
- Framework detection expanded from 30+ to 40+ recognized frameworks/tools
PROVIDER_IDSnow includesollamaalongsideanthropic,openai,openrouter,nvidia- Help output and interactive tip bar updated with
pause/resumecommands
- First-message welcome intro — on the user's first AI query, PortScope shows a one-time overview of available actions before the AI responds
- Direct commands in tip bar —
kill,ps,logs,clean,watch,<port>(inspect) are now shown inline beneath the port table so users can act immediately without AI - Ghost placeholder updated to "Type a command or say hi to PortScope ..."
- OpenAI
max_tokenserror — newer OpenAI models (gpt-5-nano,o3-mini) rejectmax_tokens; now sendsmax_completion_tokensfor OpenAI andmax_tokensfor OpenRouter/NVIDIA NIM - REPL crash on direct commands — fixed a double-echo and sudden-exit bug when natively running
kill allorcleaninside the interactive prompt
- Help output header now says "Direct Commands (no AI needed)" for clarity
- Interactive REPL —
portscopestays alive after showing ports; type commands or ask questions naturally - AI chat with natural language port management (Anthropic, OpenAI, OpenRouter, NVIDIA NIM)
- Terminal markdown rendering — AI responses render bold, italic,
code, tables (╭╮╰╯), blockquotes (│), and bullet points natively - AI responses now render port/process listings as cli-table3 tables (same rounded-corner format as native output)
- Tab-autocomplete for slash commands (type
/then pressTab) - Interactive provider setup via
/providerwith API key validation and persistent storage - Provider and model choices persist across restarts (
~/.portscope/config.json) - Ghost placeholder prompt — "Say hi to PortScope ..." hint on first launch
- Live model browsing for OpenRouter and NVIDIA NIM via
/models portscope kill all— kill all dev server ports with mandatoryy/Nconfirmation- Comma-separated port killing:
portscope kill 3000,5173,8080 - 8-bit ASCII art splash banner with gradient coloring
- Rounded-corner table rendering (
╭╮╰╯) - 30+ framework auto-detection
- Cross-platform support (macOS, Linux, Windows)
- GitHub Actions CI/CD: release, PR checks (3×3 matrix), stale bot
- Structured issue templates (bug report, feature request)
- Double-echo on y/N prompts — executor was creating a second readline on the same stdin; now reuses the REPL's readline
- Sudden exit after declining kill — closing the executor's readline cascaded to the REPL's readline and killed the process
- API key not detected on restart — provider choice wasn't persisted; config defaulted to anthropic on every restart
- NVIDIA 502 showing raw HTML — error responses now strip HTML tags and show friendly message with model-switch hint
- API requests now have a 30s timeout with clear error messaging instead of hanging indefinitely
- Terminal now clears npm's noisy header (
> portscope@1.0.0 dev) on interactive startup
- Full process names — uses
pscommand path to resolve lsof's 9-char truncation on macOS - NVIDIA NIM default model changed to
deepseek-ai/deepseek-v4-flash - System prompt: direct/professional tone, always uses markdown tables for structured data, no generic pleasantries
- Version badge right-aligned under banner for visual symmetry
- Provider selection is now interactive (removed
PORTSCOPE_AI_PROVIDERenv var)