feat(ui): consent modal + boot UX fixes (hotfix)#50
Merged
Conversation
Adds a first-load risk-acknowledgement dialog that blocks the rest of
init() until the user clicks "I understand and accept". Persists
acceptance in localStorage under 'coda:risks-accepted-v1' so returning
users see it once.
The modal focuses on user authority and accountability — not system
weaknesses. By design it does NOT name specific endpoints, describe
exploitable conditions, or telegraph anything an attacker reading the
disclaimer could use. The risk-acceptance layer is for informed consent
about the trust model, not a vuln advisory. Specific risks enumerated:
1. Full workspace authority (commands + agents run with your creds)
2. AI agents take real actions (Claude/Codex/OpenCode/Gemini/Hermes
can read, write, delete on your behalf)
3. Actions are irreversible (no staging/undo)
4. You are accountable (audit log under your identity)
5. Single-user app (don't share URL/screen/session)
6. You are responsible for what you run
Plus a fine-print line linking the LICENSE + project-support notes, and
the CODA_TELEMETRY_DISABLED opt-out hint.
Bump the '-v1' key suffix to re-prompt all users when the modal copy
materially changes (new agent, new risk disclosure, new policy).
Implementation:
- `<dialog>`-style overlay (`#consent-overlay`) inserted just after
`<body>`, hidden by default, shown via `.visible` class.
- Matches existing `#shortcuts-overlay` styling conventions
(border-radius, backdrop-filter, ARIA dialog role).
- `ensureConsent()` gates `init()` BEFORE any network call —
no `/api/version` ping, no setup-status poll, no PAT prompt until
the button is clicked. Resolves immediately on subsequent loads.
- `acceptBtn.focus()` for keyboard accessibility; one interactive
element so no focus trap needed.
Co-authored-by: Isaac
Two UX fixes for the boot screen that made CoDA look broken on first use: 1. **Top-left overlap.** The #status element (position: absolute; top: 10px; left: 10px; z-index: 1000) stayed visible during the entire PAT prompt — createTab() blocks awaiting user input, so "Initializing terminal..." remained on screen overlapping the tab bar. Now hidden before createTab() runs; the catch block re-shows it on error so failures stay visible. 2. **Silent setup polling.** Token validation + 30–60s CLI install showed two static lines and then nothing. Replaced with a braille spinner that animates at 10fps and rewrites in place via \r\x1b[K. The spinner label updates each poll cycle to show the currently- running setup step + completion count (e.g. "Configuring Claude CLI (3/12)"), so the user sees real motion AND knows what's actually happening. Also DRY'd the two identical setup-polling blocks (PAT-bootstrap path + already-configured-on-load path) into a single waitForSetup() helper. Net: +64 / -38 lines, less duplication. Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
First-run consent modal so users acknowledge CoDA's trust model before booting, plus two UX fixes for the boot screen that made CoDA look broken on first use. Visually verified on live daveok deployment before push.
Commits
1. `feat(ui): first-run consent modal for risk acceptance` (`24cec95`)
Adds a first-load risk-acknowledgement dialog that blocks the rest of `init()` until the user clicks "I understand and accept". Persists acceptance in `localStorage` under `coda:risks-accepted-v1` so returning users see it once.
The modal is deliberately framed around user authority and accountability — not system weaknesses. It does NOT name specific endpoints, describe exploitable conditions, or telegraph anything an attacker reading the disclaimer could use. Risks enumerated:
Plus a fine-print line linking the LICENSE + project-support notes, with the `CODA_TELEMETRY_DISABLED` opt-out hint.
Bump the `-v1` key suffix to re-prompt all users when the modal copy materially changes (new agent, new risk disclosure, new policy).
2. `fix(ui): hide loading indicator + live progress on PAT bootstrap` (`90ffbe6`)
Top-left overlap fix: `#status` (position: absolute, z-index 1000) stayed visible during the entire PAT prompt because `createTab()` blocks awaiting user input. "Initializing terminal…" overlapped the tab bar. Now hidden before `createTab()` runs; catch block re-shows it on error.
Live boot progress: token validation + 30–60s CLI install previously showed two static lines and looked dead. Replaced with a braille spinner (`⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏`) animating at 10fps, rewriting in place via `\\r\\x1b[K`. The spinner label updates each poll cycle to show the currently-running step + completion count (e.g. `Configuring Claude CLI (3/12)`) so the user sees real motion AND knows what's happening.
DRY'd the two duplicated setup-polling blocks (PAT bootstrap path + already-configured-on-load path) into a single `waitForSetup()` helper. Net: +64 / -38 lines.
Verification
Why this merge cadence
Same "PR → self-merge" pattern as #42 (configure-pat hotfix) — the boot-screen UX issues make CoDA look broken on first use, which is high-impact for any user opening the app for the first time. The consent modal is also a legal-coverage layer that's load-bearing for the broader trust model.
Sathish, requesting post-hoc review on the modal copy + spinner UX — flag anything you'd phrase differently.
Test plan
This pull request and its description were written by Isaac.