Feat/agent observability Improve agent observability and file sync resilience

[lvzhouyang]

Summary

This PR improves ColaMD's agent-observability workflow and file-sync robustness.

• hardens file-open and live-sync behavior with clearer error handling
• improves renderer startup reliability and custom-theme loading behavior
• adds a lightweight agent activity timeline with recent change summaries
• lets recent agent changes jump to the changed content
• tightens inline HTML sanitization for both rendering and export

Validation

• npm run typecheck
• npm run build
• manual smoke testing for live file updates, timeline UI, recent-change jump navigation, and theme/error handling flows

---

Note

Medium Risk
Touches core file open/watch/save flows and renderer IPC/UI wiring; regressions could break live-sync or saving. Also changes security posture (CSP/sandbox/HTML sanitization), which is beneficial but can have compatibility edge cases.

Overview
Improves agent observability by adding a "Recent Changes" panel that tracks the last few external file updates, summarizes what changed, and lets users jump to the affected section; external updates now also trigger a short-lived in-editor diff highlight.

Hardens file-sync and UX resilience: centralizes file reads with size/type checks, handles atomic-save rename events, retries watcher failures, preserves scroll on external updates, and surfaces open/save/export/theme errors to the renderer via a new app-error IPC and toast UI.

Tightens security and export correctness by enabling Electron sandbox, strengthening the renderer CSP, sanitizing inline HTML node rendering, and sanitizing exported HTML; also adds CI/typecheck wiring (typecheck script + release workflow step) and ignores agent-loop logs.

^{Written by Cursor Bugbot for commit 6d5deda. This will update automatically on new commits. Configure here.}

[lvzhouyang]

已修复三个 review 问题：

1. sanitize.ts (High) - Sanitizer skips children of removed disallowed elements
修复：当 disallowed 标签被替换时，先收集被提升的子 Element 节点，替换后再对它们递归 walk 清理属性。

2. base.css (High) - Missing CSS for diff highlight classes
修复：添加 agent-diff-added（绿色背景高亮）和 agent-diff-fadeout（淡出动画）的 CSS 规则，使 animationend 事件能正常触发。

3. main/index.ts (Medium) - Uncaught exception in rename retry crashes main process
修复：用 try-catch 包裹 fs.watch() 调用，异常时停止 watcher 并延迟 500ms 重试，避免同步异常导致进程崩溃。

提交: 988f7d6

[lvzhouyang]

已修复另外两个 review 问题：

1. main/index.ts (High) - Rename handler omits file re-read after atomic save
修复：rename 事件后立即调用 readTextDocument() 读取文件内容并通知渲染器，不再只依赖 'change' 事件。

2. main/index.ts (Medium) - Rename handler resets agent activity detection state
修复：不再调用 stopWatching()（会重置 agentState 和 lastExternalChange），改为只关闭 watcher 并重启 watcher，保持 agent 状态连续性。

提交: b3649e4

[lvzhouyang]

已修复另外两个 review 问题：

1. sanitize.ts (High) - Sanitizer allows disallowed tags promoted from nested context
修复：在递归检查被提升元素时，先检查其标签本身是否 allowed。若 disallowed，则继续提升其子节点而非直接 walk，防止 <style> 等危险标签绕过检查。

2. main.ts (Medium) - Jump navigation fails for markdown-formatted target text
修复：添加 stripMarkdown() 函数，移除 **、[link](url)、``` 等 markdown 格式字符，使 targetText 与 DOM.textContent 匹配。

提交: 6d5deda

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Sanitizer strips heading tags from HTML export

High Severity

ALLOWED_HTML_TAGS is missing h1 through h6. This set was designed for inline HTML sanitization in html-view.ts, but sanitizeHTMLFragment is now also applied to the full document HTML in the export path (sanitizeHTMLFragment(getHTML())). Since getHTML() serializes ProseMirror content using DOMSerializer which produces <h1>–<h6> tags, the sanitizer strips all headings from the exported HTML, replacing them with their unwrapped text content.

Additional Locations (1)

• src/renderer/main.ts#L392-L393