Merged
Conversation
…, import/export Major architecture changes: Go Server: - Replace monolithic notebook.db with per-page .rznb SQLite files - New store.go with PageDB (per-file), Catalog (directory manager), SettingsStore - Add RecordCommandRequest/Response, ExportPageResponse, ImportPageResponse to protobuf - Add /record, /export, /import API endpoints (both protobuf and JSON) - Add binary_hash field to Page for integrity verification - Add migration from legacy notebook.db and JSON formats - Global changed from store *Store to catalog *Catalog across all server files Rizin C Plugin (rz_notebook.c): - Remove auto-start on plugin init (no auto-spawn) - Add session state: g_active_page, g_connected - New commands: NBc (connect), NBs (spawn), NBi (info), NBl (list), NBn (create with binary), NBo (open with hash verify), NBq (close), NBp (page details), NBd (delete), NBx (local exec + record), NBxs (server script), NBe (export .rznb), NBm (import .rznb), NBu (URL) - NBx executes locally via rz_core_cmd_str and POSTs result to /record - Binary hash verification on NBo using SHA-256 Cutter Plugin (CutterNotebookPlugin v2.0.0): - Remove auto-start, add explicit Connect/Spawn buttons - Add active page tracking with star marker in page list - Run command locally via Core()->cmdRaw() and POST to /record - Add Export/Import buttons and file dialogs - Binary hash verification using QCryptographicHash::Sha256 - Scripts still execute on server Web Templates: - index.tmpl: Add Import .rznb button with JS upload handler - page-view.tmpl: Add Export .rznb button, display SHA-256 hash
…file checks
Critical fixes:
1. store.go: Fix race condition in Catalog.ListPages() and Catalog.GetPage()
- Both methods used RLock but called openPageUnlocked() which writes
to the openPages map. Concurrent goroutines caused data races and
Go runtime panics (the 'crashy sessions' symptom).
- Changed from RLock/RUnlock to Lock/Unlock for correctness.
2. CutterNotebookPlugin: Fix stack overflow (0xc00000fd) crash
- Added m_populatingPages guard flag to break infinite recursion:
currentTextChanged -> setActivePage -> populatePages -> clear()
-> currentTextChanged -> ... (infinite loop).
- Guard checked in the signal handler and in populatePages entry.
- Flag reset at all exit paths of populatePages.
3. rz_notebook.c: Add file-open check in NBx command
- cmd_nb_exec now calls nb_current_filename() before executing.
- If no file is open, shows clear error instead of cryptic
'core file isn't open' from Rizin internals.
4. CutterNotebookPlugin: Add file-open check for exec-command mode
- onSubmitEditor checks Core()->cmdRaw('o.') before running
a local command to verify a binary is loaded in Cutter.
Also includes (from prior session):
- server_api.go: apiJSONImportPage now accepts both multipart/form-data
and raw body (application/octet-stream) for .rznb import.
- Regenerated protobuf-c files with RecordCommand/Export/Import messages.
store.go:
- Remove CREATE INDEX from pageSchemaSQL (fails on old-schema imports
where 'position' column doesn't exist yet)
- Add ensureColumns() called after OpenPageDB: uses PRAGMA table_info()
to detect and add missing columns (position, executed, binary_hash)
and handle binary->binary_key column rename via ALTER TABLE
- Rewrite ExportPage() to properly open page and WAL checkpoint under
mutex before reading the raw .rznb file
- Rewrite ImportPage() with: stale WAL/SHM cleanup, legacy 'pages'
table fallback, default meta creation, binary hash recomputation
rz_notebook.c:
- Add JSON fallback diagnostics to cmd_nb_info and cmd_nb_list: if
protobuf decode fails and response body starts with '{' or '[',
print 'Server returned JSON (expected protobuf)' with raw body
- Add raw-file fallback to cmd_nb_export: if protobuf decode fails,
try writing raw response body as .rznb file directly
Tested: export->import round-trip, old-schema .rznb import (missing
position/executed/binary_hash columns, binary->binary_key rename)
- Add currentBinaryPath() using ij JSON for reliable file detection - onNewPage auto-attaches loaded binary (no file dialog, mirrors rizin NBn) - exec-command check uses currentBinaryPath instead of fragile o. command - onAttachBinary defaults to currently loaded binary - onOpenPipe auto-offers Cutter binary when page has none - Increase sendJsonRequest timeout for binary uploads (30s POST, 5s GET) - verifyBinaryHash uses currentBinaryPath for path detection
…d screenshots and minor coloring improvement for readability
wargio
reviewed
Mar 18, 2026
assets/static/autocomplete.js
Outdated
| var m = matches[i]; | ||
| var summ = m.cmd.summary || m.cmd.description || ""; | ||
| if (summ.length > 60) summ = summ.substring(0, 57) + "…"; | ||
| html += |
Contributor
Author
There was a problem hiding this comment.
Could you please check the recent commit? (b9cad9b)
The safer DOM-building approach you suggested, was only replaced earlier (144fc75) in search integration, inspite of other injections I used elsewhere.
Also, the added helper in shortcuts.js parses rendered markdown into an inert document, rebuilds only an allowlisted safe DOM subset, strips blocked tags/attrs/protocols, and exposes NotebookSafeMarkdown.
…stances, added a simple sanitizer in shortcuts.js
wargio
reviewed
Mar 19, 2026
wargio
reviewed
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The PR simply aims to propose few major improvements to existing Notebook. It adds plugins for Rizin and Cutter, provides CI and release artifact integration, and a per-page notebook architecture. It also has binary attach and fetch, and also enhances keybindings, autocomplete, and search UX.
closes #1
closes #2
closes #3
#7 was marked not relevant