fix(cli): quote Windows paths with spaces in Claude CLI validation #768
+69,865
−11,172
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add comprehensive branching strategy documentation - Explain main, develop, feature, fix, release, and hotfix branches - Clarify that all PRs should target develop (not main) - Add release process documentation for maintainers - Update PR process to branch from develop - Expand table of contents with new sections
* refactor: restructure project to Apps/frontend and Apps/backend - Move auto-claude-ui to Apps/frontend with feature-based architecture - Move auto-claude to Apps/backend - Switch from pnpm to npm for frontend - Update Node.js requirement to v24.12.0 LTS - Add pre-commit hooks for lint, typecheck, and security audit - Add commit-msg hook for conventional commits - Fix CommonJS compatibility issues (postcss.config, postinstall scripts) - Update README with comprehensive setup and contribution guidelines - Configure ESLint to ignore .cjs files - 0 npm vulnerabilities Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> * feat(refactor): clean code and move to npm * feat(refactor): clean code and move to npm * chore: update to v2.7.0, remove Docker deps (LadybugDB is embedded) * feat: v2.8.0 - update workflows and configs for Apps/ structure, npm * fix: resolve Python lint errors (F401, I001) * fix: update test paths for Apps/backend structure * fix: add missing facade files and update paths for Apps/backend structure - Fix ruff lint error I001 in auto_claude_tools.py - Create missing facade files to match upstream (agent, ci_discovery, critique, etc.) - Update test paths from auto-claude/ to Apps/backend/ - Update .pre-commit-config.yaml paths for Apps/ structure - Add pytest to pre-commit hooks (skip slow/integration/Windows-incompatible tests) - Fix Unicode encoding in test_agent_architecture.py for Windows Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> * feat: improve readme * fix: new path * fix: correct release workflow and docs for Apps/ restructure - Fix ARM64 macOS build: pnpm → npm, auto-claude-ui → Apps/frontend - Fix artifact upload paths in release.yml - Update Node.js version to 24 for consistency - Update CLI-USAGE.md with Apps/backend paths - Update RELEASE.md with Apps/frontend/package.json paths 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * refactor: rename Apps/ to apps/ and fix backend path resolution - Rename Apps/ folder to apps/ for consistency with JS/Node conventions - Update all path references across CI/CD workflows, docs, and config files - Fix frontend Python path resolver to look for 'backend' instead of 'auto-claude' - Update path-resolver.ts to correctly find apps/backend in development mode This completes the Apps restructure from PR AndyMik90#122 and prepares for v2.8.0 release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(electron): correct preload script path from .js to .mjs electron-vite builds the preload script as ESM (index.mjs) but the main process was looking for CommonJS (index.js). This caused the preload to fail silently, making the app fall back to browser mock mode with fake data and non-functional IPC handlers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * - Introduced `dev:debug` script to enable debugging during development. - Added `dev:mcp` script for running the frontend in MCP mode. These enhancements streamline the development process for frontend developers. * refactor(memory): make Graphiti memory mandatory and remove Docker dependency Memory is now a core component of Auto Claude rather than optional: - Python 3.12+ is required for the backend (not just memory layer) - Graphiti is enabled by default in .env.example - Removed all FalkorDB/Docker references (migrated to embedded LadybugDB) - Deleted guides/DOCKER-SETUP.md and docker-handlers.ts - Updated onboarding UI to remove "optional" language - Updated all documentation to reflect LadybugDB architecture 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat: add cross-platform Windows support for npm scripts - Add scripts/install-backend.js for cross-platform Python venv setup - Auto-detects Python 3.12 (py -3.12 on Windows, python3.12 on Unix) - Handles platform-specific venv paths - Add scripts/test-backend.js for cross-platform pytest execution - Update package.json to use Node.js scripts instead of shell commands - Update CONTRIBUTING.md with correct paths and instructions: - apps/backend/ and apps/frontend/ paths - Python 3.12 requirement (memory system now required) - Platform-specific install commands (winget, brew, apt) - npm instead of pnpm - Quick Start section with npm run install:all 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * remove doc * fix(frontend): correct Ollama detector script path after apps restructure The Ollama status check was failing because memory-handlers.ts was looking for ollama_model_detector.py at auto-claude/ but the script is now at apps/backend/ after the directory restructure. This caused "Ollama not running" to display even when Ollama was actually running and accessible. * chore: bump version to 2.7.2 Downgrade version from 2.8.0 to 2.7.2 as the Apps/ restructure is better suited as a patch release rather than a minor release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: update package-lock.json for Windows compatibility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * docs(contributing): add hotfix workflow and update paths for apps/ structure Add Git Flow hotfix workflow documentation with step-by-step guide and ASCII diagram showing the branching strategy. Update all paths from auto-claude/auto-claude-ui to apps/backend/apps/frontend and migrate package manager references from pnpm to npm to match the new project structure. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): remove duplicate ARM64 build from Intel runner The Intel runner was building both x64 and arm64 architectures, while a separate ARM64 runner also builds arm64 natively. This caused duplicate ARM64 builds, wasting CI resources. Now each runner builds only its native architecture: - Intel runner: x64 only - ARM64 runner: arm64 only 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Alex Madera <[email protected]> Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <[email protected]>
…Mik90#141) * feat(ollama): add real-time download progress tracking for model downloads Implement comprehensive download progress tracking with: - NDJSON parsing for streaming progress data from Ollama API - Real-time speed calculation (MB/s, KB/s, B/s) with useRef for delta tracking - Time remaining estimation based on download speed - Animated progress bars in OllamaModelSelector component - IPC event streaming from main process to renderer - Proper listener management with cleanup functions Changes: - memory-handlers.ts: Parse NDJSON from Ollama stderr, emit progress events - OllamaModelSelector.tsx: Display progress bars with speed and time remaining - project-api.ts: Implement onDownloadProgress listener with cleanup - ipc.ts types: Define onDownloadProgress listener interface - infrastructure-mock.ts: Add mock implementation for browser testing This allows users to see real-time feedback when downloading Ollama models, including percentage complete, current download speed, and estimated time remaining. * test: add focused test coverage for Ollama download progress feature Add unit tests for the critical paths of the real-time download progress tracking: - Progress calculation tests (52 tests): Speed/time/percentage calculations with comprehensive edge case coverage (zero speeds, NaN, Infinity, large numbers) - NDJSON parser tests (33 tests): Streaming JSON parsing from Ollama, buffer management for incomplete lines, error handling All 562 unit tests passing with clean dependencies. Tests focus on critical mathematical logic and data processing - the most important paths that need verification. Test coverage: ✅ Speed calculation and formatting (B/s, KB/s, MB/s) ✅ Time remaining calculations (seconds, minutes, hours) ✅ Percentage clamping (0-100%) ✅ NDJSON streaming with partial line buffering ✅ Invalid JSON handling ✅ Real Ollama API responses ✅ Multi-chunk streaming scenarios * docs: add comprehensive JSDoc docstrings for Ollama download progress feature - Enhanced OllamaModelSelector component with detailed JSDoc * Documented component props, behavior, and usage examples * Added docstrings to internal functions (checkInstalledModels, handleDownload, handleSelect) * Explained progress tracking algorithm and useRef usage - Improved memory-handlers.ts documentation * Added docstring to main registerMemoryHandlers function * Documented all Ollama-related IPC handlers (check-status, list-embedding-models, pull-model) * Added JSDoc to executeOllamaDetector helper function * Documented interface types (OllamaStatus, OllamaModel, OllamaEmbeddingModel, OllamaPullResult) * Explained NDJSON parsing and progress event structure - Enhanced test file documentation * Added docstrings to NDJSON parser test utilities with algorithm explanation * Documented all calculation functions (speed, time, percentage) * Added detailed comments on formatting and bounds-checking logic - Improved overall code maintainability * Docstring coverage now meets 80%+ threshold for code review * Clear explanation of progress tracking implementation details * Better context for future maintainers working with download streaming * feat: add batch task creation and management CLI commands - Handle batch task creation from JSON files - Show status of all specs in project - Cleanup tool for completed specs - Full integration with new apps/backend structure - Compatible with implementation_plan.json workflow * test: add batch task test file and testing checklist - batch_test.json: Sample tasks for testing batch creation - TESTING_CHECKLIST.md: Comprehensive testing guide for Ollama and batch tasks - Includes UI testing steps, CLI testing steps, and edge cases - Ready for manual and automated testing * chore: update package-lock.json to match v2.7.2 * test: update checklist with verification results and architecture validation * docs: add comprehensive implementation summary for Ollama + Batch features * docs: add comprehensive Phase 2 testing guide with checklists and procedures * docs: add NEXT_STEPS guide for Phase 2 testing * fix: resolve merge conflict in project-api.ts from Ollama feature cherry-pick * fix: remove duplicate Ollama check status handler registration * test: update checklist with Phase 2 bug findings and fixes --------- Co-authored-by: ray <[email protected]>
Implemented promise queue pattern in PythonEnvManager to handle concurrent initialization requests. Previously, multiple simultaneous requests (e.g., startup + merge) would fail with "Already initializing" error. Also fixed parsePythonCommand() to handle file paths with spaces by checking file existence before splitting on whitespace. Changes: - Added initializationPromise field to queue concurrent requests - Split initialize() into public and private _doInitialize() - Enhanced parsePythonCommand() with existsSync() check Co-authored-by: Joris Slagter <[email protected]>
) Removes the legacy 'auto-claude' path from the possiblePaths array in agent-process.ts. This path was from before the monorepo restructure (v2.7.2) and is no longer needed. The legacy path was causing spec_runner.py to be looked up at the wrong location: - OLD (wrong): /path/to/auto-claude/auto-claude/runners/spec_runner.py - NEW (correct): /path/to/apps/backend/runners/spec_runner.py This aligns with the new monorepo structure where all backend code lives in apps/backend/. Fixes AndyMik90#147 Co-authored-by: Joris Slagter <[email protected]>
* fix: Linear API authentication and GraphQL types - Remove Bearer prefix from Authorization header (Linear API keys are sent directly) - Change GraphQL variable types from String! to ID! for teamId and issue IDs - Improve error handling to show detailed Linear API error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: Radix Select empty value error in Linear import modal Use '__all__' sentinel value instead of empty string for "All projects" option, as Radix Select does not allow empty string values. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat: add CodeRabbit configuration file Introduce a new .coderabbit.yaml file to configure CodeRabbit settings, including review profiles, automatic review options, path filters, and specific instructions for different file types. This enhances the code review process by providing tailored guidelines for Python, TypeScript, and test files. * fix: correct GraphQL types for Linear team queries Linear API uses different types for different queries: - team(id:) expects String! - issues(filter: { team: { id: { eq: } } }) expects ID! 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: refresh task list after Linear import Call loadTasks() after successful Linear import to update the kanban board without requiring a page reload. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * cleanup * cleanup * fix: address CodeRabbit review comments for Linear integration - Fix unsafe JSON parsing: check response.ok before parsing JSON to handle non-JSON error responses (e.g., 503 from proxy) gracefully - Use ID! type instead of String! for teamId in LINEAR_GET_PROJECTS query for GraphQL type consistency - Remove debug console.log (ESLint config only allows warn/error) - Refresh task list on partial import success (imported > 0) instead of requiring full success - Fix pre-existing TypeScript and lint issues blocking commit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * version sync logic * lints for develop branch * chore: update CI workflow to include develop branch - Modified the CI configuration to trigger on pushes and pull requests to both main and develop branches, enhancing the workflow for development and integration processes. * fix: update project directory auto-detection for apps/backend structure The project directory auto-detection was checking for the old `auto-claude/` directory name but needed to check for `apps/backend/`. When running from `apps/backend/`, the directory name is `backend` not `auto-claude`, so the check would fail and `project_dir` would incorrectly remain as `apps/backend/` instead of resolving to the project root (2 levels up). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use GraphQL variables instead of string interpolation in LINEAR_GET_ISSUES Replace direct string interpolation of teamId and linearProjectId with proper GraphQL variables. This prevents potential query syntax errors if IDs contain special characters like double quotes, and aligns with the variable-based approach used elsewhere in the file. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ui): correct logging level and await loadTasks on import complete - Change console.warn to console.log for import success messages (warn is incorrect severity for normal completion) - Make onImportComplete callback async and await loadTasks() to prevent potential unhandled promise rejections Applies CodeRabbit review feedback across 3 LinearTaskImportModal usages. * fix(hooks): use POSIX-compliant find instead of bash glob The pre-commit hook uses #!/bin/sh but had bash-specific ** glob pattern for staging ruff-formatted files. The ** pattern only works in bash with globstar enabled - in POSIX sh it expands literally and won't match subdirectories, causing formatted files in nested directories to not be staged. --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…_progress When a user drags a running task back to Planning (or any other column), the process was not being stopped, leaving a "ghost" process that prevented deletion with "Cannot delete a running task" error. Now the task process is automatically killed when status changes away from in_progress, ensuring the process state stays in sync with the UI.
* feat: add UI scale feature * refactor: extract UI scale bounds to shared constants * fix: duplicated import
…90#154) * fix: analyzer Python compatibility and settings integration Fixes project index analyzer failing with TypeError on Python type hints. Changes: - Added 'from __future__ import annotations' to all analysis modules - Fixed project discovery to support new analyzer JSON format - Read Python path directly from settings.json instead of pythonEnvManager - Added stderr/stdout logging for analyzer debugging Resolves 'Discovered 0 files' and 'TypeError: unsupported operand type' issues. * auto-claude: subtask-1-1 - Hide status badge when execution phase badge is showing When a task has an active execution (planning, coding, etc.), the execution phase badge already displays the correct state with a spinner. The status badge was also rendering, causing duplicate/confusing badges (e.g., both "Planning" and "Pending" showing at the same time). This fix wraps the status badge in a conditional that only renders when there's no active execution, eliminating the redundant badge display. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ipc): remove unused pythonEnvManager parameter and fix ES6 import Address CodeRabbit review feedback: - Remove unused pythonEnvManager parameter from registerProjectContextHandlers and registerContextHandlers (the code reads Python path directly from settings.json instead) - Replace require('electron').app with proper ES6 import for consistency 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore(lint): fix import sorting in analysis module Run ruff --fix to resolve I001 lint errors after merging develop. All 23 files in apps/backend/analysis/ now have properly sorted imports. --------- Co-authored-by: Joris Slagter <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
* fix(core): add task persistence, terminal handling, and HTTP 300 fixes Consolidated bug fixes from PRs AndyMik90#168, AndyMik90#170, AndyMik90#171: - Task persistence (AndyMik90#168): Scan worktrees for tasks on app restart to prevent loss of in-progress work and wasted API credits. Tasks in .worktrees/*/specs are now loaded and deduplicated with main. - Terminal buttons (AndyMik90#170): Fix "Open Terminal" buttons silently failing on macOS by properly awaiting createTerminal() Promise. Added useTerminalHandler hook with loading states and error display. - HTTP 300 errors (AndyMik90#171): Handle branch/tag name collisions that cause update failures. Added validation script to prevent conflicts before releases and user-friendly error messages with manual download links. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(platform): add path resolution, spaces handling, and XDG support This commit consolidates multiple bug fixes from community PRs: - PR AndyMik90#187: Path resolution fix - Update path detection to find apps/backend instead of legacy auto-claude directory after v2.7.2 restructure - PR AndyMik90#182/AndyMik90#155: Python path spaces fix - Improve parsePythonCommand() to handle quoted paths and paths containing spaces without splitting - PR AndyMik90#161: Ollama detection fix - Add new apps structure paths for ollama_model_detector.py script discovery - PR AndyMik90#160: AppImage support - Add XDG Base Directory compliant paths for Linux sandboxed environments (AppImage, Flatpak, Snap). New files: - config-paths.ts: XDG path utilities - fs-utils.ts: Filesystem utilities with fallback support - PR AndyMik90#159: gh CLI PATH fix - Add getAugmentedEnv() utility to include common binary locations (Homebrew, snap, local) in PATH for child processes. Fixes gh CLI not found when app launched from Finder/Dock. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address CodeRabbit/Cursor review comments on PR AndyMik90#185 Fixes from code review: - http-client.ts: Use GITHUB_CONFIG instead of hardcoded owner in HTTP 300 error message - validate-release.js: Fix substring matching bug in branch detection that could cause false positives (e.g., v2.7 matching v2.7.2) - bump-version.js: Remove unnecessary try-catch wrapper (exec() already exits on failure) - execution-handlers.ts: Capture original subtask status before mutation for accurate logging - fs-utils.ts: Add error handling to safeWriteFile with proper logging Dismissed as trivial/not applicable: - config-paths.ts: Exhaustive switch check (over-engineering) - env-utils.ts: PATH priority documentation (existing comments sufficient) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address additional CodeRabbit review comments (round 2) Fixes from second round of code review: - fs-utils.ts: Wrap test file cleanup in try-catch for Windows file locking - fs-utils.ts: Add error handling to safeReadFile for consistency with safeWriteFile - http-client.ts: Use GITHUB_CONFIG in fetchJson (missed in first round) - validate-release.js: Exclude symbolic refs (origin/HEAD -> origin/main) from branch check - python-detector.ts: Return cleanPath instead of pythonPath for empty input edge case Dismissed as trivial/not applicable: - execution-handlers.ts: Redundant checkSubtasksCompletion call (micro-optimization) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
* chore: update README version to 2.7.1 Updated the version badge and download links in the README to reflect the new release version 2.7.1, ensuring users have the correct information for downloading the latest builds. * feat(releases): add beta release system with user opt-in Implements a complete beta release workflow that allows users to opt-in to receiving pre-release versions. This enables testing new features before they're included in stable releases. Changes: - Add beta-release.yml workflow for creating beta releases from develop - Add betaUpdates setting with UI toggle in Settings > Updates - Add update channel support to electron-updater (beta vs latest) - Extract shared settings-utils.ts to reduce code duplication - Add prepare-release.yml workflow for automated release preparation - Document beta release process in CONTRIBUTING.md and RELEASE.md Users can enable beta updates in Settings > Updates, and maintainers can trigger beta releases via the GitHub Actions workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * workflow update --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
* chore: update README version to 2.7.1 Updated the version badge and download links in the README to reflect the new release version 2.7.1, ensuring users have the correct information for downloading the latest builds. * feat(releases): add beta release system with user opt-in Implements a complete beta release workflow that allows users to opt-in to receiving pre-release versions. This enables testing new features before they're included in stable releases. Changes: - Add beta-release.yml workflow for creating beta releases from develop - Add betaUpdates setting with UI toggle in Settings > Updates - Add update channel support to electron-updater (beta vs latest) - Extract shared settings-utils.ts to reduce code duplication - Add prepare-release.yml workflow for automated release preparation - Document beta release process in CONTRIBUTING.md and RELEASE.md Users can enable beta updates in Settings > Updates, and maintainers can trigger beta releases via the GitHub Actions workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * workflow update * ci(github): update Discord link and redirect feature requests to discussions Update Discord invite link to correct URL (QhRnz9m5HE) across all GitHub templates and workflows. Redirect feature requests from issue template to GitHub Discussions for better community engagement. Changes: - config.yml: Add feature request link to Discussions, fix Discord URL - question.yml: Update Discord link in pre-question guidance - welcome.yml: Update Discord link in first-time contributor message --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
- Change branch reference from main to develop - Fix contribution guide link to use full URL - Remove hyphen from "Auto Claude" in welcome message
…tup (AndyMik90#180 AndyMik90#167) (AndyMik90#208) This fixes critical bug where macOS users with default Python 3.9.6 couldn't use Auto-Claude because claude-agent-sdk requires Python 3.10+. Root Cause: - Auto-Claude doesn't bundle Python, relies on system Python - python-detector.ts accepted any Python 3.x without checking minimum version - macOS ships with Python 3.9.6 by default (incompatible) - GitHub Actions runners didn't explicitly set Python version Changes: 1. python-detector.ts: - Added getPythonVersion() to extract version from command - Added validatePythonVersion() to check if >= 3.10.0 - Updated findPythonCommand() to skip Python < 3.10 with clear error messages 2. python-env-manager.ts: - Import and use findPythonCommand() (already has version validation) - Simplified findSystemPython() to use shared validation logic - Updated error message from "Python 3.9+" to "Python 3.10+" with download link 3. .github/workflows/release.yml: - Added Python 3.11 setup to all 4 build jobs (macOS Intel, macOS ARM64, Windows, Linux) - Ensures consistent Python version across all platforms during build Impact: - macOS users with Python 3.9 now see clear error with download link - macOS users with Python 3.10+ work normally - CI/CD builds use consistent Python 3.11 - Prevents "ModuleNotFoundError: dotenv" and dependency install failures Fixes AndyMik90#180, AndyMik90#167 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.5 <[email protected]>
* feat: Add OpenRouter as LLM/embedding provider Add OpenRouter provider support for Graphiti memory integration, enabling access to multiple LLM providers through a single API. Changes: Backend: - Created openrouter_llm.py: OpenRouter LLM provider using OpenAI-compatible API - Created openrouter_embedder.py: OpenRouter embedder provider - Updated config.py: Added OpenRouter to provider enums and configuration - New fields: openrouter_api_key, openrouter_base_url, openrouter_llm_model, openrouter_embedding_model - Validation methods updated for OpenRouter - Updated factory.py: Added OpenRouter to LLM and embedder factories - Updated provider __init__.py files: Exported new OpenRouter functions Frontend: - Updated project.ts types: Added 'openrouter' to provider type unions - GraphitiProviderConfig extended with OpenRouter fields - Updated GraphitiStep.tsx: Added OpenRouter to provider arrays - LLM_PROVIDERS: 'Multi-provider aggregator' - EMBEDDING_PROVIDERS: 'OpenAI-compatible embeddings' - Added OpenRouter API key input field with show/hide toggle - Link to https://openrouter.ai/keys - Updated env-handlers.ts: OpenRouter .env generation and parsing - Template generation for OPENROUTER_* variables - Parsing from .env files with proper type casting Documentation: - Updated .env.example with OpenRouter section - Configuration examples - Popular model recommendations - Example configuration (AndyMik90#6) Fixes AndyMik90#92 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * refactor: address CodeRabbit review comments for OpenRouter - Add globalOpenRouterApiKey to settings types and store updates - Initialize openrouterApiKey from global settings - Update documentation to include OpenRouter in provider lists - Add OpenRouter handling to get_embedding_dimension() method - Add openrouter to provider cleanup list - Add OpenRouter to get_available_providers() function - Clarify Legacy comment for openrouterLlmModel These changes complete the OpenRouter integration by ensuring proper settings persistence and provider detection across the application. * fix: apply ruff formatting to OpenRouter code - Break long error message across multiple lines - Format provider list with one item per line - Fixes lint CI failure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Sonnet 4.5 <[email protected]>
…Mik90#209) Implements distributed file-based locking for spec number coordination across main project and all worktrees. Previously, parallel spec creation could assign the same number to different specs (e.g., 042-bmad-task and 042-gitlab-integration both using number 042). The fix adds SpecNumberLock class that: - Acquires exclusive lock before calculating spec numbers - Scans ALL locations (main project + worktrees) for global maximum - Creates spec directories atomically within the lock - Handles stale locks via PID-based detection with 30s timeout Applied to both Python backend (spec_runner.py flow) and TypeScript frontend (ideation conversion, GitHub/GitLab issue import). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <[email protected]>
* fix(ideation): add missing event forwarders for status sync - Add event forwarders in ideation-handlers.ts for progress, log, type-complete, type-failed, complete, error, and stopped events - Fix ideation-type-complete to load actual ideas array from JSON files instead of emitting only the count Resolves UI getting stuck at 0/3 complete during ideation generation. * fix(ideation): fix UI not updating after actions - Fix getIdeationSummary to count only active ideas (exclude dismissed/archived) This ensures header stats match the visible ideas count - Add transformSessionFromSnakeCase to properly transform session data from backend snake_case to frontend camelCase on ideation-complete event - Transform raw session before emitting ideation-complete event Resolves header showing stale counts after dismissing/deleting ideas. * fix(ideation): improve type safety and async handling in ideation type completion - Replace synchronous readFileSync with async fsPromises.readFile in ideation-type-complete handler - Wrap async file read in IIFE with proper error handling to prevent unhandled promise rejections - Add type validation for IdeationType with VALID_IDEATION_TYPES set and isValidIdeationType guard - Add validateEnabledTypes function to filter out invalid type values and log dropped entries - Handle ENOENT separately * fix(ideation): improve generation state management and error handling - Add explicit isGenerating flag to prevent race conditions during async operations - Implement 5-minute timeout for generation with automatic cleanup and error state - Add ideation-stopped event emission when process is intentionally killed - Replace console.warn/error with proper ideation-error events in agent-queue - Add resetGeneratingTypes helper to transition all generating types to a target state - Filter out dismissed/ * refactor(ideation): improve event listener cleanup and timeout management - Extract event handler functions in ideation-handlers.ts to enable proper cleanup - Return cleanup function from registerIdeationHandlers to remove all listeners - Replace single generationTimeoutId with Map to support multiple concurrent projects - Add clearGenerationTimeout helper to centralize timeout cleanup logic - Extract loadIdeationType IIFE to named function for better error context - Enhance error logging with projectId, * refactor: use async file read for ideation and roadmap session loading - Replace synchronous readFileSync with async fsPromises.readFile - Prevents blocking the event loop during file operations - Consistent with async pattern used elsewhere in the codebase - Improved error handling with proper event emission * fix(agent-queue): improve roadmap completion handling and error reporting - Add transformRoadmapFromSnakeCase to convert backend snake_case to frontend camelCase - Transform raw roadmap data before emitting roadmap-complete event - Add roadmap-error emission for unexpected errors during completion - Add roadmap-error emission when project path is unavailable - Remove duplicate ideation-type-complete emission from error handler (event already emitted in loadIdeationType) - Update error log message
Adds 'from __future__ import annotations' to spec/discovery.py for Python 3.9+ compatibility with type hints. This completes the Python compatibility fixes that were partially applied in previous commits. All 26 analysis and spec Python files now have the future annotations import. Related: AndyMik90#128 Co-authored-by: Joris Slagter <[email protected]>
…#241) * fix: resolve Python detection and backend packaging issues - Fix backend packaging path (auto-claude -> backend) to match path-resolver.ts expectations - Add future annotations import to config_parser.py for Python 3.9+ compatibility - Use findPythonCommand() in project-context-handlers to prioritize Homebrew Python - Improve Python detection to prefer Homebrew paths over system Python on macOS This resolves the following issues: - 'analyzer.py not found' error due to incorrect packaging destination - TypeError with 'dict | None' syntax on Python < 3.10 - Wrong Python interpreter being used (system Python instead of Homebrew Python 3.10+) Tested on macOS with packaged app - project index now loads successfully. * refactor: address PR review feedback - Extract findHomebrewPython() helper to eliminate code duplication between findPythonCommand() and getDefaultPythonCommand() - Remove hardcoded version-specific paths (python3.12) and rely only on generic Homebrew symlinks for better maintainability - Remove unnecessary 'from __future__ import annotations' from config_parser.py since backend requires Python 3.12+ where union types are native These changes make the code more maintainable, less fragile to Python version changes, and properly reflect the project's Python 3.12+ requirement.
…#250) * feat(github): add GitHub automation system for issues and PRs Implements comprehensive GitHub automation with three major components: 1. Issue Auto-Fix: Automatically creates specs from labeled issues - AutoFixButton component with progress tracking - useAutoFix hook for config and queue management - Backend handlers for spec creation from issues 2. GitHub PRs Tool: AI-powered PR review sidebar - New sidebar tab (Cmd+Shift+P) alongside GitHub Issues - PRList/PRDetail components for viewing PRs - Review system with findings by severity - Post review comments to GitHub 3. Issue Triage: Duplicate/spam/feature-creep detection - Triage handlers with label application - Configurable detection thresholds Also adds: - Debug logging (DEBUG=true) for all GitHub handlers - Backend runners/github module with orchestrator - AI prompts for PR review, triage, duplicate/spam detection - dev:debug npm script for development with logging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-runner): resolve import errors for direct script execution Changes runner.py and orchestrator.py to handle both: - Package import: `from runners.github import ...` - Direct script: `python runners/github/runner.py` Uses try/except pattern for relative vs direct imports. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): correct argparse argument order for runner.py Move --project global argument before subcommand so argparse can correctly parse it. Fixes "unrecognized arguments: --project" error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * logs when debug mode is on * refactor(github): extract service layer and fix linting errors Major refactoring to improve maintainability and code quality: Backend (Python): - Extracted orchestrator.py (2,600 → 835 lines, 68% reduction) into 7 service modules: - prompt_manager.py: Prompt template management - response_parsers.py: AI response parsing - pr_review_engine.py: PR review orchestration - triage_engine.py: Issue triage logic - autofix_processor.py: Auto-fix workflow - batch_processor.py: Batch issue handling - Fixed 18 ruff linting errors (F401, C405, C414, E741): - Removed unused imports (BatchValidationResult, AuditAction, locked_json_write) - Optimized collection literals (set([n]) → {n}) - Removed unnecessary list() calls - Renamed ambiguous variable 'l' to 'label' throughout Frontend (TypeScript): - Refactored IPC handlers (19% overall reduction) with shared utilities: - autofix-handlers.ts: 1,042 → 818 lines - pr-handlers.ts: 648 → 543 lines - triage-handlers.ts: 437 lines (no duplication) - Created utils layer: logger, ipc-communicator, project-middleware, subprocess-runner - Split github-store.ts into focused stores: issues, pr-review, investigation, sync-status - Split ReviewFindings.tsx into focused components All imports verified, type checks passing, linting clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…ndyMik90#250)" (AndyMik90#251) This reverts commit 348de6d.
* Add multilingual support and i18n integration - Implemented i18n framework using `react-i18next` for translation management. - Added support for English and French languages with translation files. - Integrated language selector into settings. - Updated all text strings in UI components to use translation keys. - Ensured smooth language switching with live updates. * Migrate remaining hard-coded strings to i18n system - TaskCard: status labels, review reasons, badges, action buttons - PhaseProgressIndicator: execution phases, progress labels - KanbanBoard: drop zone, show archived, tooltips - CustomModelModal: dialog title, description, labels - ProactiveSwapListener: account switch notifications - AgentProfileSelector: phase labels, custom configuration - GeneralSettings: agent framework option Added translation keys for en/fr locales in tasks.json, common.json, and settings.json for complete i18n coverage. * Add i18n support to dialogs and settings components - AddFeatureDialog: form labels, validation messages, buttons - AddProjectModal: dialog steps, form fields, actions - RateLimitIndicator: rate limit notifications - RateLimitModal: account switching, upgrade prompts - AdvancedSettings: updates and notifications sections - ThemeSettings: theme selection labels - Updated dialogs.json locales (en/fr) * Fix truncated 'ready' message in dialogs locales * Fix backlog terminology in i18n locales Change "Planning"/"Planification" to standard PM term "Backlog" * Migrate settings navigation and integration labels to i18n - AppSettings: nav items, section titles, buttons - IntegrationSettings: Claude accounts, auto-switch, API keys labels - Added settings nav/projectSections/integrations translation keys - Added buttons.saving to common translations * Migrate AgentProfileSettings and Sidebar init dialog to i18n - AgentProfileSettings: migrate phase config labels, section title, description, and all hardcoded strings to settings namespace - Sidebar: migrate init dialog strings to dialogs namespace with common buttons from common namespace - Add new translation keys for agent profile settings and update dialog * Migrate AppSettings navigation labels to i18n - Add useTranslation hook to AppSettings.tsx - Replace hardcoded section labels with dynamic translations - Add projectSections translations for project settings nav - Add rerunWizardDescription translation key * Add explicit typing to notificationItems array Import NotificationSettings type and use keyof to properly type the notification item keys, removing manual type assertion.
…AndyMik90#266) * ci: implement enterprise-grade PR quality gates and security scanning * ci: implement enterprise-grade PR quality gates and security scanning * fix:pr comments and improve code * fix: improve commit linting and code quality * Removed the dependency-review job (i added it) * fix: address CodeRabbit review comments - Expand scope pattern to allow uppercase, underscores, slashes, dots - Add concurrency control to cancel duplicate security scan runs - Add explanatory comment for Bandit CLI flags - Remove dependency-review job (requires repo settings) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * docs: update commit lint examples with expanded scope patterns Show slashes and dots in scope examples to demonstrate the newly allowed characters (api/users, package.json) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: remove feature request issue template Feature requests are directed to GitHub Discussions via the issue template config.yml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address security vulnerabilities in service orchestrator - Fix port parsing crash on malformed docker-compose entries - Fix shell injection risk by using shlex.split() with shell=False Prevents crashes when docker-compose.yml contains environment variables in port mappings (e.g., '${PORT}:8080') and eliminates shell injection vulnerabilities in subprocess execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…90#252) * feat(github): add GitHub automation system for issues and PRs Implements comprehensive GitHub automation with three major components: 1. Issue Auto-Fix: Automatically creates specs from labeled issues - AutoFixButton component with progress tracking - useAutoFix hook for config and queue management - Backend handlers for spec creation from issues 2. GitHub PRs Tool: AI-powered PR review sidebar - New sidebar tab (Cmd+Shift+P) alongside GitHub Issues - PRList/PRDetail components for viewing PRs - Review system with findings by severity - Post review comments to GitHub 3. Issue Triage: Duplicate/spam/feature-creep detection - Triage handlers with label application - Configurable detection thresholds Also adds: - Debug logging (DEBUG=true) for all GitHub handlers - Backend runners/github module with orchestrator - AI prompts for PR review, triage, duplicate/spam detection - dev:debug npm script for development with logging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-runner): resolve import errors for direct script execution Changes runner.py and orchestrator.py to handle both: - Package import: `from runners.github import ...` - Direct script: `python runners/github/runner.py` Uses try/except pattern for relative vs direct imports. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): correct argparse argument order for runner.py Move --project global argument before subcommand so argparse can correctly parse it. Fixes "unrecognized arguments: --project" error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * logs when debug mode is on * refactor(github): extract service layer and fix linting errors Major refactoring to improve maintainability and code quality: Backend (Python): - Extracted orchestrator.py (2,600 → 835 lines, 68% reduction) into 7 service modules: - prompt_manager.py: Prompt template management - response_parsers.py: AI response parsing - pr_review_engine.py: PR review orchestration - triage_engine.py: Issue triage logic - autofix_processor.py: Auto-fix workflow - batch_processor.py: Batch issue handling - Fixed 18 ruff linting errors (F401, C405, C414, E741): - Removed unused imports (BatchValidationResult, AuditAction, locked_json_write) - Optimized collection literals (set([n]) → {n}) - Removed unnecessary list() calls - Renamed ambiguous variable 'l' to 'label' throughout Frontend (TypeScript): - Refactored IPC handlers (19% overall reduction) with shared utilities: - autofix-handlers.ts: 1,042 → 818 lines - pr-handlers.ts: 648 → 543 lines - triage-handlers.ts: 437 lines (no duplication) - Created utils layer: logger, ipc-communicator, project-middleware, subprocess-runner - Split github-store.ts into focused stores: issues, pr-review, investigation, sync-status - Split ReviewFindings.tsx into focused components All imports verified, type checks passing, linting clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * fixes during testing of PR * feat(github): implement PR merge, assign, and comment features - Add auto-assignment when clicking "Run AI Review" - Implement PR merge functionality with squash method - Add ability to post comments on PRs - Display assignees in PR UI - Add Approve and Merge buttons when review passes - Update backend gh_client with pr_merge, pr_comment, pr_assign methods - Create IPC handlers for new PR operations - Update TypeScript interfaces and browser mocks 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * Improve PR review AI * fix(github): use temp files for PR review posting to avoid shell escaping issues When posting PR reviews with findings containing special characters (backticks, parentheses, quotes), the shell command was interpreting them as commands instead of literal text, causing syntax errors. Changed both postPRReview and postPRComment handlers to write the body content to temporary files and use gh CLI's --body-file flag instead of --body with inline content. This safely handles ALL special characters without escaping issues. Fixes shell errors when posting reviews with suggested fixes containing code snippets. * fix(i18n): add missing GitHub PRs translation and document i18n requirements Fixed missing translation key for GitHub PRs feature that was causing "items.githubPRs" to display instead of the proper translated text. Added comprehensive i18n guidelines to CLAUDE.md to ensure all future frontend development follows the translation key pattern instead of using hardcoded strings. Also fixed missing deletePRReview mock function in browser-mock.ts to resolve TypeScript compilation errors. Changes: - Added githubPRs translation to en/navigation.json - Added githubPRs translation to fr/navigation.json - Added Development Guidelines section to CLAUDE.md with i18n requirements - Documented translation file locations and namespace usage patterns - Added deletePRReview mock function to browser-mock.ts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * fix ui loading * Github PR fixes * improve claude.md * lints/tests * fix(github): handle PRs exceeding GitHub's 20K line diff limit - Add PRTooLargeError exception for large PR detection - Update pr_diff() to catch and raise PRTooLargeError for HTTP 406 errors - Gracefully handle large PRs by skipping full diff and using individual file patches - Add diff_truncated flag to PRContext to track when diff was skipped - Large PRs will now review successfully using per-file diffs instead of failing Fixes issue with PR AndyMik90#252 which has 100+ files exceeding the 20,000 line limit. * fix: implement individual file patch fetching for large PRs The PR review was getting stuck for large PRs (>20K lines) because when we skipped the full diff due to GitHub API limits, we had no code to analyze. The individual file patches were also empty, leaving the AI with just file names and metadata. Changes: - Implemented _get_file_patch() to fetch individual patches via git diff - Updated PR review engine to build composite diff from file patches when diff_truncated is True - Added missing 'state' field to PRContext dataclass - Limits composite diff to first 50 files for very large PRs - Shows appropriate warnings when using reconstructed diffs This allows AI review to proceed with actual code analysis even when the full PR diff exceeds GitHub's limits. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * 1min reduction * docs: add GitHub Sponsors funding configuration Enable the Sponsor button on the repository by adding FUNDING.yml with the AndyMik90 GitHub Sponsors profile. * feat(github-pr): add orchestrating agent for thorough PR reviews Implement a new Opus 4.5 orchestrating agent that performs comprehensive PR reviews regardless of size. Key changes: - Add orchestrator_reviewer.py with strategic review workflow - Add review_tools.py with subagent spawning capabilities - Add pr_orchestrator.md prompt emphasizing thorough analysis - Add pr_security_agent.md and pr_quality_agent.md subagent prompts - Integrate orchestrator into pr_review_engine.py with config flag - Fix critical bug where findings were extracted but not processed (indentation issue in _parse_orchestrator_output) The orchestrator now correctly identifies issues in PRs that were previously approved as "trivial". Testing showed 7 findings detected vs 0 before the fix. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * i18n * fix(github-pr): restrict pr_reviewer to read-only permissions The PR review agent was using qa_reviewer agent type which has Bash access, allowing it to checkout branches and make changes during review. Created new pr_reviewer agent type with BASE_READ_TOOLS only (no Bash, no writes, no auto-claude tools). This prevents the PR review from accidentally modifying code or switching branches during analysis. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-pr): robust category mapping and JSON parsing for PR review The orchestrator PR review was failing to extract findings because: 1. AI generates category names like 'correctness', 'consistency', 'testing' that aren't in our ReviewCategory enum - added flexible mapping 2. JSON sometimes embedded in markdown code blocks (```json) which broke parsing - added code block extraction as first parsing attempt Changes: - Add _CATEGORY_MAPPING dict to map AI categories to valid enum values - Add _map_category() helper function with fallback to QUALITY - Add severity parsing with fallback to MEDIUM - Add markdown code block detection (```json) before raw JSON parsing - Add _extract_findings_from_data() helper to reduce code duplication - Apply same fixes to review_tools.py for subagent parsing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(pr-review): improve post findings UX with batch support and feedback - Fix post findings failing on own PRs by falling back from REQUEST_CHANGES to COMMENT when GitHub returns 422 error - Change status badge to show "Reviewed" instead of "Commented" until findings are actually posted to GitHub - Add success notification when findings are posted (auto-dismisses after 3s) - Add batch posting support: track posted findings, show "Posted" badge, allow posting remaining findings in additional batches - Show loading state on button while posting 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): resolve stale timestamp and null author bugs - Fix stale timestamp in batch_issues.py: Move updated_at assignment BEFORE to_dict() serialization so the saved JSON contains the correct timestamp instead of the old value - Fix AttributeError in context_gatherer.py: Handle null author/user fields when GitHub API returns null for deleted/suspended users instead of an empty object 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high and medium severity PR review findings HIGH severity fixes: - Command Injection in autofix-handlers.ts: Use execFileSync with args array - Command Injection in pr-handlers.ts (3 locations): Use execFileSync + validation - Command Injection in triage-handlers.ts: Use execFileSync + label validation - Token Exposure in bot_detection.py: Pass token via GH_TOKEN env var MEDIUM severity fixes: - Environment variable leakage in subprocess-runner.ts: Filter to safe vars only - Debug logging in subprocess-runner.ts: Only log in development mode - Delimiter escape bypass in sanitize.py: Use regex pattern for variations - Insecure file permissions in trust.py: Use os.open with 0o600 mode - No file locking in learning.py: Use FileLock + atomic_write utilities - Bare except in confidence.py: Log error with specific exception info - Fragile module import in pr_review_engine.py: Import at module level - State transition validation in models.py: Enforce can_transition_to() 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * PR followup * fix(security): add usedforsecurity=False to MD5 hash calls MD5 is used for generating unique IDs/cache keys, not for security purposes. Adding usedforsecurity=False resolves Bandit B324 warnings. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high-priority PR review findings Fixes 5 high-priority issues from Auto Claude PR Review: 1. orchestrator_reviewer.py: Token budget tracking now increments total_tokens from API response usage data 2. pr_review_engine.py: Async exceptions now re-raise RuntimeError instead of silently returning empty results 3. batch_issues.py: IssueBatch.save() now uses locked_json_write for atomic file operations with file locking 4. project-middleware.ts: Added validateProjectPath() to prevent path traversal attacks (checks absolute, no .., exists, is dir) 5. orchestrator.py: Exception handling now logs full traceback and preserves exception type/context in error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high-priority PR review findings Fixes 5 high-priority issues from Auto Claude PR Review: 1. orchestrator_reviewer.py: Token budget tracking now increments total_tokens from API response usage data 2. pr_review_engine.py: Async exceptions now re-raise RuntimeError instead of silently returning empty results 3. batch_issues.py: IssueBatch.save() now uses locked_json_write for atomic file operations with file locking 4. project-middleware.ts: Added validateProjectPath() to prevent path traversal attacks (checks absolute, no .., exists, is dir) 5. orchestrator.py: Exception handling now logs full traceback and preserves exception type/context in error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat(ui): add PR status labels to list view Add secondary status badges to the PR list showing review state at a glance: - "Changes Requested" (warning) - PRs with blocking issues (critical/high) - "Ready to Merge" (green) - PRs with only non-blocking suggestions - "Ready for Follow-up" (blue) - PRs with new commits since last review The "Ready for Follow-up" badge uses a cached new commits check from the store, only shown after the detail view confirms new commits via SHA comparison. This prevents false positives from PR updatedAt timestamp changes (which can happen from comments, labels, etc). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * PR labels * auto-claude: Initialize subtask-based implementation plan - Workflow type: feature - Phases: 3 - Subtasks: 6 - Ready for autonomous implementation --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…yMik90#272) Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.0.15 to 4.0.16. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.16/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.0.16 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@electron/rebuild](https://github.com/electron/rebuild) from 3.7.2 to 4.0.2. - [Release notes](https://github.com/electron/rebuild/releases) - [Commits](electron/rebuild@v3.7.2...v4.0.2) --- updated-dependencies: - dependency-name: "@electron/rebuild" dependency-version: 4.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andy <[email protected]>
Co-authored-by: danielfrey63 <[email protected]> Co-authored-by: Andy <[email protected]>
* fix(planning): accept bug_fix workflow_type alias * style(planning): ruff format * fix: refatored common logic * fix: remove ruff errors * fix: remove duplicate _normalize_workflow_type method Remove the incorrectly placed duplicate method inside ContextLoader class. The module-level function is the correct implementation being used. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: danielfrey63 <[email protected]> Co-authored-by: Andy <[email protected]> Co-authored-by: AndyMik90 <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
…ow (AndyMik90#276) When dry_run=true, the workflow skipped creating the version tag but build jobs still tried to checkout that non-existent tag, causing all 4 platform builds to fail with "git failed with exit code 1". Now build jobs checkout develop branch for dry runs while still using the version tag for real releases. Closes: GitHub Actions run #20464082726
…ndyMik90#822) * fix(github): use selectedPR from hook to restore Files changed list The hook useGitHubPRs returns a selectedPR that includes full PR details including the files array and changedFiles count. GitHubPRs.tsx was ignoring this and doing its own lookup in the prs array (which only contains list-view PRs without file details). This caused the Files changed list to appear empty in the PR detail view. Fixes ACS-173 * fix(github): add null-safe fallbacks for PR additions/deletions counts The GitHub API may return null for additions, deletions, and changed_files fields in certain edge cases (e.g., draft PRs, PRs with no diff yet). Add null-safe fallbacks (?? 0) to ensure the frontend always receives numeric values instead of null. Also added debug logging to inspect the raw API response for troubleshooting. Related to ACS-173 * refactor: standardize selected item pattern across issues/PRs hooks This addresses PR review findings about inconsistent patterns: 1. Fix UI flicker in useGitHubPRs hook - Don't clear previous PR details when switching PRs - Preserve previous details during fetch to avoid empty state 2. Add selectedIssue to useGitLabIssues hook - Return computed selectedIssue instead of manual lookup - Update GitLabIssues.tsx to use hook-provided value 3. Add selectedIssue to useGitHubIssues hook - Return computed selectedIssue instead of manual lookup - Update GitHubIssues.tsx to use hook-provided value Related to ACS-173 * fix(pr): prevent stale data and race conditions when switching PRs Fixes two HIGH priority issues from PR review: 1. Stale PR data when switching between PRs - Validate that selectedPRDetails.number matches selectedPRNumber - Added useMemo wrapper for consistency with other hooks - Previously, old PR data (with its file list) was briefly shown under new PR's header until fetch completed 2. Race condition for out-of-order API responses - Track current PR being fetched in module-level variable - Only update selectedPRDetails if response matches current PR - Prevents stale responses from overwriting newer data Related to ACS-173 * refactor(pr): address code quality issues from PR review Fixes 4 issues identified during PR review: 1. Replace module-level mutable variable with per-hook ref - Removed module-level currentFetchPRNumber variable - Added currentFetchPRNumberRef using useRef inside hook - Prevents shared state across hook instances 2. Fix fetchPRs useCallback dependency array - Removed setNewCommitsCheckAction from dependencies - Function doesn't reference it, so it wasn't needed 3. Remove async modifier from fire-and-forget functions - runReview and runFollowupReview don't await anything - Store functions return void, not Promise - Updated interface to reflect void return type 4. Normalize API response to camelCase in handler layer - Updated checkNewCommits handler comment for clarity - Removed defensive fallbacks and "as any" casts in hook - Data is now properly camelCased by the handler Related to ACS-173 --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Alex <[email protected]>
…flip-flop bug (AndyMik90#824) * chore: update .gitignore to include auto-generated files and security logs - Added entries for .security-key and logs/security/ to ignore auto-generated files and security logs. * fix(ACS-51): prevent task workflow from halting after planning stage Root cause: Frontend accepted incomplete plan data (empty phases array) during spec creation, which overwrote subtask state and left tasks stuck. Changes: - Add validatePlanData() to reject incomplete plans in task-store - Add reloadPlanForIncompleteTask() hook for resume functionality - Enhance logging in project-store for plan loading diagnostics - Add comprehensive unit tests for plan validation edge cases - Add integration tests for task lifecycle IPC events - Add E2E test specs for full task workflow The fix ensures incomplete plans are rejected while the backend's validation/auto-fix pipeline completes, preserving UI state until valid data arrives. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ACS-55, ACS-71): ensure Kanban state transitions render correctly ACS-55: Task card was showing "planning" even after moving to "coding" phase - Phase transitions now bypass the 16ms batching window and apply immediately - Added debug logging when sequence number checks drop out-of-order updates - This ensures intermediate phases (planning→coding→qa) are never coalesced ACS-71: Task immediately moved to Human Review with zero subtasks - Exit handler now checks if subtasks exist before moving to human_review - Added validateStatusTransition() function to prevent invalid state changes - Blocks human_review when no subtasks exist (task still in planning) - Blocks phase regression from coding back to planning Changes: - agent-events-handlers.ts: Added validation function, fixed exit handler - useIpc.ts: Phase changes bypass batching, apply immediately - task-store.ts: Added logging for dropped out-of-order updates 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: prevent status flip-flop between Human Review and AI Review When a task completed, `updateTaskFromPlan` would override the correct 'human_review' status with 'ai_review' when all subtasks were complete, causing tasks to flip between statuses on refresh. Root cause: The function only checked for "active" phases (planning, coding, qa_review, qa_fixing). When phase was 'complete' or 'idle', it would recalculate status from subtasks and set 'ai_review'. Fix: - Add 'complete' and 'failed' as terminal phases that skip recalculation - Respect explicit 'human_review' status from plan file - Never downgrade from 'human_review' to 'ai_review' This completes the Kanban state management fixes for ACS-51, ACS-55, ACS-71. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: add missing SubtaskStatus import to task-store The SubtaskStatus type was used but not imported, causing TypeScript compilation to fail in CI. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use secure temp directories in tests to fix CodeQL alerts Replace hardcoded /tmp/ paths with mkdtempSync for secure temp directory creation. This prevents TOCTOU (time-of-check-time-of-use) attacks by using randomly generated directory names. Files fixed: - e2e/task-workflow.spec.ts - __tests__/integration/task-lifecycle.test.ts Resolves CodeQL "Insecure temporary file" high severity alerts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address PR review findings for Kanban state management - Fix reloadPlanForIncompleteTask to update Zustand store after reload - Extend flip-flop prevention to include pr_created and done statuses - Use wouldPhaseRegress() utility instead of hardcoded phase checks - Gate debug logging with debugLog utility for production - Fix unsafe type assertion for plan status - Remove redundant gitignore entry (logs/security/) - Add test coverage for terminal phase and status preservation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: address follow-up PR review suggestions (5 LOW severity) - Add ExecutionPhase type cast after type guard check - Use crypto.randomUUID() for stronger subtask ID generation - Add optional chaining for defensive coding in useTaskDetail - Clarify comment about phase bypass batching behavior - Fix misleading test comment about human_review preservation - Update test regex to accept both UUID and fallback ID formats 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: address final 3 LOW severity suggestions from CodeRabbit - Remove unused electronAPI variable in task-lifecycle test - Add comment explaining defensive fallback for description field - Rename test to clarify status recalculation skip behavior 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
) SignTool requires http://timestamp.acs.microsoft.com not https://
jeremykit
force-pushed
the
fix/windows-claude-cli-path-spaces
branch
from
c37fae5 to
7184105
Compare
Author
|
@AndyMik90 I've addressed the HIGH priority issue by adding the same quoting fix to I've also synced my branch with the latest Could you please re-review when you have a chance? Thanks! |
…user configuration or future code changes.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @apps/frontend/src/main/cli-tool-manager.ts:
- Around line 1035-1041: The async validation path in validateClaudeAsync does
not apply the same Windows-quoting logic as validateClaude(), causing commands
with spaces to be split when needsShell is true; update validateClaudeAsync to
generate cmdToRun using the same condition on needsShell, claudeCmd.includes('
'), and !claudeCmd.startsWith('"') and pass that cmdToRun into execFileAsync
(referencing claudeCmd, needsShell, cmdToRun, execFileAsync, and
validateClaudeAsync) so both validateClaude() and validateClaudeAsync handle
Windows paths with spaces consistently.
- Around line 926-932: Change the quote-detection to ensure the path is fully
quoted before skipping quoting: instead of only checking
!claudeCmd.startsWith('"'), update the condition used to build cmdToRun (the
expression referencing needsShell and claudeCmd) to verify both
claudeCmd.startsWith('"') and claudeCmd.endsWith('"') (or equivalent regex) so
you only skip quoting when the string is already fully wrapped in quotes; keep
the rest of the needsShell && space check and use double quotes for the injected
quoting.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
apps/frontend/src/main/cli-tool-manager.ts
🧰 Additional context used
📓 Path-based instructions (3)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/main/cli-tool-manager.ts
🧠 Learnings (1)
📓 Common learnings
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
Contributor
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
apps/frontend/src/main/cli-tool-manager.ts (1)
926-939: Extract quoting logic into a helper function to normalize path handlingThe quoting logic is duplicated (lines 926–939 and 1035–1047) and has a reliability issue: it adds wrapping quotes without first stripping existing ones. When
shell: trueis used on Windows, Node.js passes the command string verbatim to cmd.exe (withwindowsVerbatimArguments = true), and cmd.exe may misinterpret pre-quoted paths due to its own quote-parsing rules.Centralize the logic into a helper like
prepareWindowsShellCommand(command, needsShell)that:
- Strips any existing wrapping quotes
- Re-applies quotes only when
shell: trueand whitespace is presentThis ensures cmd.exe receives a properly formed command line and eliminates duplication.
Proposed refactor
+function prepareWindowsShellCommand(command: string, needsShell: boolean): string { + const trimmed = command.trim(); + const unwrapped = + trimmed.startsWith('"') && trimmed.endsWith('"') + ? trimmed.slice(1, -1) + : trimmed; + + // Only quote when cmd.exe is involved and whitespace exists + return needsShell && /\s/.test(unwrapped) ? `"${unwrapped}"` : unwrapped; +} + private validateClaude(claudeCmd: string): ToolValidation { try { // On Windows, .cmd files need shell: true to execute properly. // SECURITY NOTE: shell: true is safe here because: // 1. claudeCmd comes from internal path detection (user config or known system paths) // 2. Only '--version' is passed as an argument (no user input) // If claudeCmd origin ever changes to accept user input, use escapeShellArgWindows. const needsShell = process.platform === 'win32' && (claudeCmd.endsWith('.cmd') || claudeCmd.endsWith('.bat')); - // When using shell: true on Windows, paths with spaces must be quoted - // to prevent cmd.exe from splitting at spaces - const cmdToRun = needsShell && claudeCmd.includes(' ') && !(claudeCmd.startsWith('"') && claudeCmd.endsWith('"')) - ? `"${claudeCmd}"` - : claudeCmd; + const cmdToRun = prepareWindowsShellCommand(claudeCmd, needsShell); const version = execFileSync(cmdToRun, ['--version'], { encoding: 'utf-8', timeout: 5000, windowsHide: true, shell: needsShell, env: getAugmentedEnv(), }).trim();private async validateClaudeAsync(claudeCmd: string): Promise<ToolValidation> { try { const needsShell = process.platform === 'win32' && (claudeCmd.endsWith('.cmd') || claudeCmd.endsWith('.bat')); - // When using shell: true on Windows, paths with spaces must be quoted - // to prevent cmd.exe from splitting at spaces - const cmdToRun = needsShell && claudeCmd.includes(' ') && !(claudeCmd.startsWith('"') && claudeCmd.endsWith('"')) - ? `"${claudeCmd}"` - : claudeCmd; + const cmdToRun = prepareWindowsShellCommand(claudeCmd, needsShell); const { stdout } = await execFileAsync(cmdToRun, ['--version'], { encoding: 'utf-8', timeout: 5000, windowsHide: true, shell: needsShell, env: await getAugmentedEnvAsync(), });
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
apps/frontend/src/main/cli-tool-manager.ts
🧰 Additional context used
📓 Path-based instructions (3)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/main/cli-tool-manager.ts
🧠 Learnings (1)
📓 Common learnings
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
🔇 Additional comments (2)
apps/frontend/src/main/cli-tool-manager.ts (2)
926-938: Quoting fix addressescmd.exepath-splitting on WindowsThe
cmdToRunlogic correctly ensures.cmd/.batpaths with spaces aren’t split whenshell: true, and it’s applied consistently in both sync and async validation.Also applies to: 1035-1047
918-925: Verify security context ofclaudeCmdorigin andshell: trueusageThe review raises a legitimate security concern: if
claudeCmdcan originate from user-configurable settings (userConfig.claudePathin settings.json), then the security comment claiming "no user input" is inaccurate. User configuration is user input. Withshell: trueon Windows, metacharacters like&|<>^\r\ncould alter command behavior.However, the concern requires verification of:
- Whether
claudeCmdis actually sourced fromuserConfig.claudePath- What validation (if any) currently exists for
claudeCmd- Whether the suggested hardening (metacharacter validation) applies at all call sites (lines 926-939, 1032-1047)
At minimum, update the security comment to acknowledge user configuration as a source and add validation if
shell: trueis used with user-sourced paths.
…factor by expression
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @apps/frontend/src/main/cli-tool-manager.ts:
- Around line 1034-1039: The regex used to detect characters requiring quoting
in the async Claude CLI validation (used in needsQuoting where claudeCmd is
tested before calling execFileAsync) currently checks /[ &|<>^%]/; update it to
include parentheses by changing the character class to include () — i.e., add
'(' and ')' inside the brackets so commands containing parentheses are also
quoted consistently with the sync path.
- Around line 926-931: Update the quoting regex used to decide if claudeCmd
needs quoting: in the code that computes needsQuoting (referencing the
needsQuoting variable and claudeCmd), expand the character class `/[ &|<>^%]/`
to include parentheses so it also detects "(" or ")" in paths (e.g., change to
include `()` inside the brackets) before building cmdToRun and calling
execFileSync.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
apps/frontend/src/main/cli-tool-manager.ts
🧰 Additional context used
📓 Path-based instructions (3)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/main/cli-tool-manager.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/main/cli-tool-manager.ts
🧠 Learnings (2)
📓 Common learnings
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
📚 Learning: 2026-01-04T23:59:48.743Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
Applied to files:
apps/frontend/src/main/cli-tool-manager.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
…yMik90#849) * fix(ui): display subtask titles instead of UUIDs in TaskSubtasks The Subtasks tab was rendering raw UUIDs instead of human-readable titles for each subtask row. This made the list hard to scan and undermined usability. Changed: - Display subtask.title instead of subtask.id in row header - Added fallback to 'Untitled subtask' for edge cases - Updated tooltip to show full title for truncated text Fixes AndyMik90#844 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use i18n translation for untitled subtask fallback - Add 'subtasks.untitled' translation key to en/tasks.json - Add French translation to fr/tasks.json - Update TaskSubtasks.tsx to use useTranslation hook - Replace hardcoded 'Untitled subtask' with t('tasks:subtasks.untitled') Addresses CodeRabbit and Auto Claude PR review feedback. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Test User <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
…ths (AndyMik90#827) * fix: improve Claude CLI detection with Windows where.exe fallback - Add where.exe as fallback detection method on Windows (step 4) - Enables detection of Claude CLI in non-standard paths (e.g., nvm-windows) - where.exe searches PATH + Windows Registry + current directory - Add 8 comprehensive unit tests (6 sync + 2 async) - Update JSDoc comments to reflect new detection priority Fixes issue where Claude CLI installed via nvm-windows or other non-standard locations cannot be detected by standard PATH search. The where.exe utility is universally available on Windows and provides more comprehensive executable resolution than basic PATH checks. Signed-off-by: yc13 <[email protected]> * fix: prefer .cmd/.exe extensions when where.exe returns multiple paths When where.exe finds multiple paths for the same executable (e.g., both 'claude' and 'claude.cmd'), we now prefer paths with .cmd or .exe extensions since Windows requires extensions to execute files. This fixes Claude CLI detection for nvm-windows installations where the executable is installed as claude.cmd but where.exe returns the extensionless path first. Signed-off-by: yc13 <[email protected]> * fix: use execSync for .cmd/.bat files to handle paths with spaces on Windows Root cause: execFileSync cannot handle paths with spaces in .cmd/.bat files, even with shell:true. Windows requires shell to execute batch files. Solution: - Add shouldUseShell() utility to detect .cmd/.bat files - Use execSync (not execFileSync) for .cmd/.bat files with quoted paths - Use getSpawnOptions() for spawn() calls in env-handlers.ts - Add comprehensive unit tests (15 test cases) Technical details: - execFileSync + shell:true: FAILS with space in path - execSync with quoted path: WORKS correctly - spawn with getSpawnOptions(): WORKS correctly Files changed: - env-utils.ts: Add shouldUseShell() and getSpawnOptions() - cli-tool-manager.ts: Use execSync/execAsync for .cmd/.bat validation - env-handlers.ts: Use getSpawnOptions() for spawn calls - env-utils.test.ts: Add 15 unit tests Fixes issue where Claude CLI in paths like 'D:\Program Files\nvm4w\nodejs\claude.cmd' fails with error: 'D:\Program' is not recognized as internal or external command. Signed-off-by: g1331 <[email protected]> * fix: address PR review feedback - remove unused imports and fix comment numbering - Remove unused imports (execFile, app, execSync, mockDirent) - Fix duplicate step numbering in Claude CLI detection comments (5→6, 6→7) - Add exec mock to child_process for async validation support - Add shouldUseShell and getSpawnOptions mocks for Windows .cmd handling * fix: make Windows AppData test cross-platform compatible Use path component checks instead of full path string matching to handle different path separators on different host OSes (path.join uses host OS separator, not mocked process.platform) * fix: address PR review security findings and code quality issues Security fixes (HIGH): - Add double quote ("), caret (^) to isSecurePath() dangerous chars - Add Windows environment variable expansion pattern (%VAR%) detection - Apply isSecurePath() validation to user-configured claudePath on Windows Bug fixes (MEDIUM): - Include .bat extension in where.exe result preference regex Code quality (LOW): - Export existsAsync from env-utils.ts, remove duplicate in cli-tool-manager.ts - Remove unused test placeholder (it.skip for user config tests) - Add existsAsync mock to env-utils mock in test file All changes reviewed via Codex security audit. * fix: add requestAnimationFrame polyfill for jsdom test environment The terminal-copy-paste.test.ts uses jsdom environment and imports useXterm hook which calls requestAnimationFrame for initial terminal fit. jsdom doesn't provide this function by default, causing CI failure on Linux. This adds requestAnimationFrame/cancelAnimationFrame mocks to the test setup file, matching the existing scrollIntoView polyfill pattern. * fix: allow parentheses in Windows paths for Program Files (x86) locations Remove standalone parentheses () from isSecurePath() dangerous character detection. Parentheses are safe in Windows paths when properly quoted with double quotes, and are required to support standard installation locations like 'C:\Program Files (x86)\Claude\claude.exe'. Security analysis: - $() command substitution still blocked ($ character is in blocklist) - &|<> command separators still blocked - " quote breaking still blocked - %VAR% expansion still blocked - All other shell metacharacters still blocked The code always uses double-quoted paths when shell:true, making parentheses safe as literal characters in cmd.exe context. Signed-off-by: g1331 <[email protected]> --------- Signed-off-by: yc13 <[email protected]> Signed-off-by: g1331 <[email protected]> Co-authored-by: Andy <[email protected]>
* fix(ui): persist staged task state across app restarts
Previously, when a task was staged and the app restarted, the UI showed
the staging interface again instead of recognizing the task was already
staged. This happened because the condition order checked worktree
existence before checking the stagedInMainProject flag.
Changes:
- Fix condition priority in TaskReview.tsx to check stagedInMainProject
before worktreeStatus.exists
- Add 'Mark Done Only' button to mark task complete without deleting
worktree
- Add 'Review Again' button to clear staged state and re-show staging UI
- Add TASK_CLEAR_STAGED_STATE IPC handler to reset staged flags in
implementation plan files
- Add handleReviewAgain callback in useTaskDetail hook
* feat(ui): add worktree cleanup dialog when marking task as done
When dragging a task to the 'done' column, if the task has a worktree:
- Shows a confirmation dialog asking about worktree cleanup
- Staged tasks: Can 'Keep Worktree' or 'Delete Worktree & Mark Done'
- Non-staged tasks: Must delete worktree or cancel (to prevent losing work)
Also fixes a race condition where discardWorktree sent 'backlog' status
before persistTaskStatus('done') could execute, causing task to briefly
appear in Done then jump back to Planning.
Added skipStatusChange parameter to discardWorktree IPC to prevent this.
* fix(frontend): Address PR AndyMik90#800 feedback - type errors, TOCTOU race, and i18n
- Fix TypeScript error in KanbanBoard by using isValidDropColumn type guard
instead of incorrect includes() cast with TaskStatus
- Fix TOCTOU race condition in clearStagedState handler by using EAFP
pattern (try/catch) instead of existsSync before read/write
- Fix task data refresh in handleReviewAgain by calling loadTasks after
clearing staged state to reflect updated task data
- Add workspaceError reset in handleReviewAgain
- Add missing i18n translation keys for kanban worktree cleanup dialog
(en/fr: worktreeCleanupTitle, worktreeCleanupStaged, worktreeCleanupNotStaged,
keepWorktree, deleteWorktree)
- Remove unused Trash2 import and WorktreeStatus type import
- Remove unused worktreeStatus prop from StagedInProjectMessage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <[email protected]>
---------
Co-authored-by: Claude Opus 4.5 <[email protected]>
AndyMik90#765) * refactor(ui): extract shared task form components for consistent modal sizing Create shared components to unify TaskCreationWizard, TaskEditDialog, and TaskDetailModal with consistent full-height modal sizing. New shared components in task-form/: - TaskModalLayout: Full-height modal matching TaskDetailModal (95vw, max-w-5xl) - TaskFormFields: Common form fields (description, title, profile, classification) - ClassificationFields: Task classification 2x2 grid dropdowns - useImageUpload: Hook for image paste/drop handling Benefits: - All 3 task modals now have identical dimensions and positioning - Reduced code duplication (1,938 → 1,651 lines total) - TaskCreationWizard: 1,176 → 623 lines (47% reduction) - TaskEditDialog: 762 → 293 lines (62% reduction) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address PR review feedback for task form components - Fix HIGH: Pass descriptionRef from TaskCreationWizard to TaskFormFields to fix broken @ mention autocomplete positioning - Fix MEDIUM: Add i18n translations for all hardcoded strings in: - ClassificationFields.tsx - TaskFormFields.tsx - TaskModalLayout.tsx - TaskCreationWizard.tsx (modal, draft, buttons, git options) - TaskEditDialog.tsx - Fix MEDIUM: Correct isAutoProfile logic to only set true when profileId === 'auto' (not for all profiles with phase configs) - Fix MEDIUM: Update handleAutocompleteSelect signature to accept optional fullPath parameter - Fix LOW: Add proper setTimeout cleanup in useImageUpload.ts - Fix LOW: Use queueMicrotask instead of setTimeout in handleAutocompleteSelect for cursor position restoration - Fix LOW: Move fetch functions inside useEffect to fix exhaustive-deps warning - Add English and French translations for all new i18n keys 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address all i18n violations and logic bug in task form components i18n Fixes: - Replace hardcoded error messages in TaskCreationWizard with translation keys - Replace hardcoded error messages in TaskEditDialog with translation keys - Use translated default placeholder in TaskFormFields - Internationalize classification dropdown labels (category, priority, complexity, impact) using translation keys instead of hardcoded constants - Add errorMessages parameter to useImageUpload hook for i18n support - Pass translated error messages from TaskFormFields to useImageUpload Logic Bug Fix: - Fix image removal persistence in TaskEditDialog - always set attachedImages to persist removal when all images are deleted (was only set when length > 0) Translation Updates: - Add all missing translation keys to en/tasks.json and fr/tasks.json: - form.errors.* (descriptionRequired, maxImagesReached, etc.) - form.descriptionPlaceholder - form.classification.values.* (all classification option labels) - wizard.descriptionPlaceholder, wizard.errors.* - edit.errors.* Other: - Log image processing errors to console for debugging (CMT-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address memory leak and performance issues in task form components - Add isMounted flag to useEffect in TaskCreationWizard to prevent state updates after component unmount (CMT-QUALITY-001) - Wrap errorMessages merge in useMemo in useImageUpload to prevent unnecessary useCallback invalidation on re-renders (CMT-PERF-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: include phaseModels and phaseThinking in hasChanges check TaskEditDialog's hasChanges logic was missing phaseModels and phaseThinking comparisons, which could cause silent data loss when users only modified phase configuration without changing other fields. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: preserve phaseModels and phaseThinking when editing non-autoProfile tasks When editing a task with custom model/thinkingLevel that isn't an autoProfile, the dialog was resetting phaseModels and phaseThinking to defaults instead of preserving the task's actual values from metadata. This could cause data loss. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
* fix QA validation back to coding * fix/worktree-branch-selection * fix/workspace-merge * fix/cleanup-worktree-after-done * fix: address PR review feedback - Fix workspace.py: move git add and resolved_files tracking inside content check blocks - Fix workspace.py: add warning when merge-base fails (fall back to semantic analysis) - Batch git add operations for efficiency - Remove debug useEffect and console.log statements from KanbanBoard.tsx - Consolidate duplicate handleStatusChange functions into single handler - Remove debug console.log from WorktreeCleanupDialog.tsx - Add i18n translations for WorktreeCleanupDialog (en/fr) - Make _get_base_branch_from_metadata public (keep alias for compatibility) - Add toast notification for worktree cleanup failures - Add 30s timeout to git execFileSync calls for protection 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: return failure when git add fails in direct copy path When git add fails after writing files in the diverged_but_no_conflicts direct copy path, now returns success: False with error details instead of silently returning success: True with files listed as resolved. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address LOW severity PR review findings - Add debug logging when branch name fallback is used (NEW-004) - Add retry button to worktree cleanup dialog on failure (NEW-003) - Add error state propagation to WorktreeCleanupDialog - Add French translation for retry button 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address remaining PR review findings for better code quality - NEW-002: Add warning when branch deletion uses fallback pattern - Track when fallback branch name is used - Log specific warning if fallback pattern fails to match actual branch - Helps identify potential orphaned branches needing manual cleanup - NEW-003: Propagate actual error from forceCompleteTask - Change return type from boolean to PersistStatusResult - Show actual backend error in dialog instead of generic message - Improves debugging and user experience - CMT-LINT: Change console.log to console.warn in worktree cleanup - Aligns with ESLint config (no-console rule) - Debug logging now uses appropriate log level 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: prevent requestAnimationFrame test flakiness in useXterm.test.ts - Use fake timers (vi.useFakeTimers) to control async behavior - Clear timers in afterEach before restoring mocks to prevent callbacks from firing after requestAnimationFrame mock is torn down - Replace setTimeout promises with vi.advanceTimersByTimeAsync - Add cancelAnimationFrame mock for completeness 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use subshells in pre-commit to prevent worktree corruption Wrap both Python and frontend check sections in subshells to isolate directory changes (cd commands) and prevent git worktree HEAD corruption during pre-commit hook execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use console.warn for limbo state log message Change console.log to console.warn for the limbo state recovery message to match project logging standards. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: add worktree context preservation to pre-commit hook 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address PR review findings for code quality - NEW-005 MEDIUM: Track skipped files in workspace.py direct-copy path - Add skipped_files list to track files that fail to copy - Include skipped_count in stats and skipped_files in result - Return success: False when files are skipped - Print warning about skipped files for user visibility - QUAL-001 LOW: Add .catch() to handleDragEnd async calls - Prevent unhandled promise rejections in drag-and-drop - TEST-001 LOW: Isolate requestAnimationFrame mock in useXterm.test.ts - Move mock setup into beforeAll/afterAll hooks - Store and restore original functions for proper test isolation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: add path traversal protection to worktree path functions Add defense-in-depth validation to findTaskWorktree() and findTerminalWorktree() to prevent directory traversal attacks. - Add isPathWithinBase() helper to validate resolved paths - Validate that specId/name doesn't escape project directory - Return null and log error if path traversal is detected - Both new and legacy path locations are validated This addresses CodeRabbit security review finding about ensuring worktree paths stay within the project root before git operations. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]> Co-authored-by: Test User <[email protected]>
…90#889) * fix: properly quote Windows .cmd/.bat paths in spawn() calls Fixes Claude Code detection failure when Windows username contains spaces (e.g., C:\Users\First Last\AppData\Roaming\npm\claude.cmd). When spawn() is called with shell:true for .cmd/.bat files, the command path must be quoted to prevent the shell from breaking at spaces. Without quoting, a path like "C:\Users\First Last\..." is parsed as: - Command: "C:\Users\First" - Args: "Last\..." Changes: - Add getSpawnCommand() to wrap .cmd/.bat paths in quotes on Windows - Update spawn() calls to use getSpawnCommand() for proper quoting - Add comprehensive tests for getSpawnCommand() with space handling Fixes ACS-176 * refactor: make shouldUseShell/getSpawnCommand robust to already-quoted paths - shouldUseShell() now correctly detects .cmd/.bat extensions even when the path is already wrapped in quotes - getSpawnCommand() is now idempotent - calling it multiple times or with an already-quoted command returns the same result - Both functions now trim whitespace before processing This makes the public API more robust to edge cases and prevents issues if callers accidentally pass quoted commands. * refactor: make getSpawnCommand consistently trim whitespace on all platforms Previously, getSpawnCommand() only trimmed whitespace for Windows shell cases (.cmd/.bat files) but returned the original untrimmed command for non-shell cases (macOS/Linux). This caused inconsistent behavior. Now getSpawnCommand() always returns a trimmed value regardless of platform, ensuring consistent whitespace handling for all callers. Also added tests to verify whitespace trimming on macOS and Linux platforms. * fix: address PR review findings for getSpawnCommand - Add quote stripping for non-.cmd/.bat files (.exe, extensionless) to prevent returning quoted commands with shell:false - Update validateClaude/validateClaudeAsync to use getSpawnCommand() instead of manual quoting (DRY principle) - Add tests for quote-stripping behavior on .exe and extensionless files These changes make getSpawnCommand() more robust and ensure consistent behavior across all file types, while eliminating duplicate quoting logic. * test: add getSpawnCommand mock to cli-tool-manager tests The env-utils mock in cli-tool-manager.test.ts was missing getSpawnCommand, causing tests to fail when validateClaude() tried to call it. Added getSpawnCommand mock that mirrors the actual implementation: - On Windows: quotes .cmd/.bat files idempotently - For other files: returns trimmed value (strips quotes if present) --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
…with in-progress review (ACS-200) (AndyMik90#890) * fix(github-prs): show running review state when switching back to PR with in-progress review (ACS-200) Fixes issue where navigating away from a PR with an in-progress AI review and switching back would hide the running review state. The user had to click "Followup Review" to reveal the in-progress review. Root cause: prStatus computation checked reviewResult before isReviewing. Since reviewResult is null during an active review, it returned 'not_reviewed' status, hiding the running review. Solution: Check isReviewing FIRST before reviewResult in the prStatus computation. Also add 'reviewing' to the PRStatus type union. Test coverage: - PRDetail.test.tsx: 20 tests for prStatus computation logic - ReviewStatusTree.test.tsx: 21 tests for component handling Note: Pre-existing TypeScript errors with @lydell/node-pty block typecheck hook. Tests pass via vitest (41 tests passed). * fix: add @preload path alias and fix TypeScript errors in test files - Add @preload/* path alias to tsconfig.json for @preload/api modules - Add @ts-ignore for useGitHubPRs imports (vitest resolves correctly) - Fix implicit any type in filter callback * fix: change @ts-ignore to @ts-expect-error and remove unused imports - Use @ts-expect-error instead of @ts-ignore for ESLint compliance - Remove unused imports (renderHook, act, useState, vi, beforeEach) * fix(acs-200): ensure PR review state consistency when switching PRs Fixes a bug where switching between PRs would show stale review results from the previously selected PR. Root cause: Two different sources of truth for PR review state: - Hook derived reviewResult, isReviewing, reviewProgress - Component locally computed previousReviewResult and startedAt Changes: - Add previousReviewResult and startedAt to hook's return values - Remove local computation in GitHubPRs.tsx - All review state now comes from single source (hook's selectedPRReviewState) - Add startedAt prop to all ReviewStatusTree tests Related to: PR review started timestamp fix (same data flow issue) Files modified: - useGitHubPRs.ts: Add previousReviewResult/startedAt to interface and return - GitHubPRs.tsx: Use hook values instead of local computation - ReviewStatusTree.test.tsx: Add startedAt prop to all test cases * fix(test): remove unused container variables in ReviewStatusTree tests --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
…ACS-174, ACS-163) (AndyMik90#885) * fix(merge): resolve multiple merge-related issues (ACS-194, ACS-179, ACS-174, ACS-163) - ACS-179: Fix TypeError in print_conflict_info - handle both string and dict conflict formats - ACS-174: Handle git hook failures during merge - skip checkout if already on target branch - ACS-163: Fix merge failure fallthrough - return False immediately when merge fails - ACS-194: Improve AI merge success rate - add Haiku→Sonnet fallback with enhanced prompts All fixes include regression tests. * fix: improve merge robustness and fix test issues This commit addresses multiple issues related to merge functionality and test quality: 1. workspace.py: - Fix case-insensitive natural language pattern matching to detect AI explanations returned instead of code 2. worktree.py: - Guard against None stderr when handling git hook failures - Improve error messages for merge hook handling 3. workspace/display.py: - Improve print_conflict_info() to properly categorize conflicts (marker vs AI merge failures) - Add severity indicators (🔴 for high, 🟡 for medium) - Use shlex.quote() for proper git add command quoting - Provide clearer guidance for different conflict types 4. tests/test_merge_ai_resolver.py: - Fix test assertions to match actual AI_MERGE_SYSTEM_PROMPT content (check for "intelligently" and "task's intent" instead of non-existent "semantic understanding") 5. tests/test_workspace.py: - Add side-effect verification for merge failure tests - Remove unused fixtures - Add assertions for severity emoji indicators 6. tests/test_worktree.py: - Add subprocess return code checks for better test reliability Related: ACS-194, ACS-179, ACS-174, ACS-163 * fix: improve display formatting and use proper imports 1. display.py: - Fix trailing space when severity_icon is empty (low/unknown severity) - Only add leading space to icon when icon is non-empty 2. workspace/__init__.py: - Export AI_MERGE_SYSTEM_PROMPT and _build_merge_prompt - Add to __all__ for public API access 3. test_merge_ai_resolver.py: - Use standard imports from core.workspace package - Remove fragile importlib.util dynamic loading * fix: address all 6 review findings 1. workspace.py: - Fix parameter naming: max_thinking -> max_thinking_tokens (matches codebase convention used in 25+ locations) - Extract hardcoded model constants: MERGE_FAST_MODEL, MERGE_CAPABLE_MODEL, MERGE_FAST_THINKING, MERGE_COMPLEX_THINKING - Improve natural language detection: check patterns at START of line and require absence of code patterns to reduce false positives 2. display.py: - Add critical severity icon handling (⛔ for critical severity) 3. worktree.py: - Fix inconsistent stderr handling: use truthiness check for both branches (empty strings show '<no stderr>') 4. test_workspace.py: - Remove unused imports: patch, MagicMock from unittest.mock Related: ACS-194 --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
…cy (AndyMik90#898) * fix(ACS-203): Fix Kanban status flip-flop and phase state inconsistency Fixes two related bugs affecting task state management: Issue 1 - Premature "done" status with incomplete subtasks: - Added subtask validation before allowing terminal status transitions - Tasks now only move to terminal statuses when all subtasks are completed - Prevents flip-flop when plan file is written with partial data Issue 2 - Phase state inconsistency (multiple phases active): - Added completedPhases tracking to ExecutionProgress type - Implemented phase prerequisite validation (e.g., planning must complete before coding) - Phase transitions now validate that previous phase completed - Prevents coding phase from starting while planning still shows as active Changes: - apps/frontend/src/renderer/stores/task-store.ts: Add defensive checks for terminal status transitions - apps/frontend/src/shared/types/task.ts: Add completedPhases to ExecutionProgress - apps/frontend/src/shared/constants/phase-protocol.ts: Add isValidPhaseTransition() and getExpectedPreviousPhase() - apps/frontend/src/main/agent/types.ts: Add completedPhases to ExecutionProgressData - apps/frontend/src/main/agent/agent-process.ts: Track and emit completedPhases on phase transitions - apps/frontend/src/main/ipc-handlers/agent-events-handlers.ts: Validate phase transitions based on completed phases Signed-off-by: StillKnotKnown <[email protected]> * refactor(ACS-203): Address PR review feedback - type safety and code improvements Improvements based on code review: HIGH: - Add explicit blocking for 'done' and 'pr_created' when subtasks are incomplete in shouldBlockTerminalTransition function MEDIUM: - Create shared CompletablePhase type for type consistency - Replace 'as any' cast with proper type guard function LOW: - Capture attemptedStatus before reassignment for accurate debug logging - Use centralized isTerminalPhase function instead of local array - Remove unused getExpectedPreviousPhase import Files changed: - apps/frontend/src/renderer/stores/task-store.ts - apps/frontend/src/shared/constants/phase-protocol.ts - apps/frontend/src/shared/types/task.ts - apps/frontend/src/main/agent/agent-process.ts - apps/frontend/src/main/agent/types.ts - apps/frontend/src/main/ipc-handlers/agent-events-handlers.ts Signed-off-by: StillKnotKnown <[email protected]> --------- Signed-off-by: StillKnotKnown <[email protected]> Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
…ndyMik90#894) * fix(ui): add Post Clean Review button for clean PR reviews (ACS-201) When a PR review completes with no findings or only LOW severity findings, users can now post a clean review comment to GitHub. This posts a COMMENT (not APPROVE/REQUEST_CHANGES) to document the review without changing the PR's review status. Changes: - Add "Post Clean Review" button when review is clean and no findings selected - Add translation keys for clean review button (en/fr) - Add 29 unit tests for clean review functionality - Reset clean review posted state when PR changes Affected files: - src/renderer/components/github-prs/components/PRDetail.tsx - src/shared/i18n/locales/en/common.json - src/shared/i18n/locales/fr/common.json - src/renderer/components/github-prs/components/__tests__/PRDetail.cleanReview.test.ts * test: improve clean review tests with integration tests and error handling - Add error handling (try/catch) to handlePostCleanReview function - Add PRDetail.integration.test.tsx with React Testing Library integration tests - Update PRDetail.cleanReview.test.ts with improved state reset tests - Tests verify cleanReviewPosted state resets when pr.number changes - Tests verify button visibility based on review cleanliness * test: fix TypeScript errors in integration tests - Add required prNumber and repo to PRReviewResult mocks - Add required title and fixable to PRReviewFinding mocks * fix: add error handling and improve integration tests PRDetail.tsx: - Add cleanReviewError state for tracking posting errors - Update handlePostCleanReview with proper try/catch/finally - Set error message on failure, clear on success - Display error in UI (red text with XCircle icon) - Reset error state when PR changes PRDetail.integration.test.tsx: - Add renderPRDetail helper function to reduce code duplication - Update first test to actually click button and verify success message - Add error handling test for failed clean review posts - Use fireEvent instead of userEvent (not installed) - Tests verify full flow: click → wait for success → verify state reset * fix: resolve TypeScript errors in integration test - Import PRReviewResult from correct path (useGitHubPRs) - Fix mock type to avoid explicit any warning * fix(tests): resolve TypeScript errors in PRDetail integration test Fixed Mock type assignment errors by: - Defining PostCommentFn type alias matching (body: string) => void | Promise<void> - Using vi.fn<PostCommentFn>() for properly typed mock - Updating overrides.onPostComment type in renderPRDetail helper Resolves CI TypeScript errors on lines 108, 171, 283. * i18n: replace hardcoded clean review message with translation keys Replace the inline cleanReviewMessage construction in handlePostCleanReview with i18n translation keys for better localization support. Changes: - Added cleanReviewMessageTitle, cleanReviewMessageStatus, and cleanReviewMessageFooter keys to en/common.json - Added corresponding French translations to fr/common.json - Updated handlePostCleanReview to compose message from translation keys - Removed comment about English being lingua franca (now translatable) Error handling and behavior remain unchanged. * fix: improve clean review error handling and prevent state leaks This commit addresses several issues with the clean review functionality: Error Display (line 832-860): - Replace raw error display with normalized/friendly message - Add "View details"/"Hide details" toggle for full error text - Use translation key 'failedPostCleanReview' for user-facing message - Log full error to console before rendering for debugging Race Condition Prevention (line 737, 760): - Post Clean Review button now checks (isPostingCleanReview || isPosting) - Approve button now checks (isPosting || isPostingCleanReview) - Both buttons disable during either posting operation State Leak Prevention (line 542-645): - Capture current pr.number at start of all posting handlers - Guard all setState calls with pr.number === currentPr check - Reset isPostingCleanReview in PR change effect (line 266) - Use Promise.resolve() for onPostComment to handle non-Promise implementations Locale Updates: - Keep GitHub PR comments in English-only (lingua franca policy) - French locale now uses same English text for comment messages - Add French translations for UI error messages Test Updates: - Update integration test to check for normalized error message - Add assertion for "View details" button presence All posting handlers now consistently: - Capture PR number before async operations - Guard state updates against PR changes - Clear loading state only if PR hasn't changed * test: fix test issues and add accessibility attributes Fixes for code review findings: Test Fixes: - Fix test 'should show clean review success message after posting clean review' to actually click the button and verify the success message appears - Add documentation to unit tests clarifying they test algorithm, not React behavior - Add JSDoc comment explaining algorithm tests vs integration tests Accessibility: - Add useId import and generate stable ID for error details - Add aria-expanded and aria-controls attributes to error toggle button - Add corresponding id to error details div for proper accessibility Documentation: - Add comment explaining inline error pattern vs Card-based pattern - Document why action bar errors use inline layout for consistency All 35 tests pass. * feat: add startedAt prop to match upstream develop branch Add startedAt: string | null property throughout the PR review state chain: - PRDetailProps interface - PRReviewState interface in pr-review-store.ts - All store actions (startPRReview, startFollowupReview, setPRReviewProgress, setPRReviewResult, setPRReviewError, setNewCommitsCheck) - UseGitHubPRsResult interface and hook extraction/return - GitHubPRs.tsx destructuring and JSX props - All PRDetail renders in integration tests This aligns with upstream develop branch changes. * fix: remove duplicate startedAt declarations --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
The extraResources entry for node_modules/@lydell/node-pty was producing a "file source doesn't exist" warning during builds because the directory is empty. This entry was carried over from the migration away from node-pty (commit e1aee6a) but is unnecessary for @lydell/node-pty. Background: - @lydell/node-pty uses platform-specific optional dependencies (@lydell/node-pty-darwin-arm64, -win32-x64, -linux-x64, etc.) - The base @lydell/node-pty directory contains only metadata, not binaries - electron-builder automatically detects and handles native .node modules - The platform-specific packages are included via npm's dependency resolution Tested: macOS arm64 build works correctly with terminal functionality intact. The native binaries are properly included in app.asar.unpacked via electron-builder's automatic native module detection. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
AndyMik90#912) * fix(planner): enforce implementation_plan schema * fix(logs): sync planning->coding phase to source * style(backend): ruff format * fix(progress): backfill empty description from title * fix(planner): prevent post-processing during planning * fix(planner): normalize phase_id and reuse alias mapping * fix(planner): address review suggestions * fix(progress): prevent phase field overrides * test(planner): avoid hardcoded planner.md path * fix(auto-fix): normalize phase_id and depends_on * fix(planner): harden plan normalization edge cases * fix(auto-fix): handle file I/O errors
…ror (ACS-215) (AndyMik90#924) * fix(graphiti): add isinstance(dict) validation to prevent AttributeError (ACS-215) Add isinstance(data, dict) check before processing Graphiti search results to prevent crashes when non-dict objects are returned. This fixes AttributeError: 'str' object has no attribute 'get' in session history retrieval. Affected methods: - get_session_history() - primary bug location - get_similar_task_outcomes() - consistency fix - get_patterns_and_gotchas() - consistency fix (2 locations) Also add comprehensive unit tests for the bug fix. * style(tests): fix import order in test_graphiti_search.py Move 'import sys' to top-level imports before sys_path assignment. * refactor(tests): improve test coverage and use pytest-asyncio pattern - Add idempotent guard for sys.path mutation to prevent leaks - Remove unused spec_dir fixture from graphiti_search - Fix non-dict objects to include EPISODE_TYPE markers for proper testing - Fix invalid JSON test to include EPISODE_TYPE_SESSION_INSIGHT marker - Convert all tests to use @pytest.mark.asyncio, async def, and await - Improves test coverage for isinstance(dict) guard in all search methods * fix(tests): correct mock_client.graphiti.search reference Fix typo where mock_client.graphiti_search was used instead of mock_client.graphiti.search in test setup. * refactor(tests): remove unused asyncio import Tests now use @pytest.mark.asyncio pattern which doesn't require direct asyncio module usage. --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
…ndyMik90#905) * fix(memory): use shared project-wide memory for cross-spec learning Task execution memory was isolated per spec (GroupIdMode.SPEC), preventing learnings from one spec from benefiting other specs. Changed all GraphitiMemory instantiations to use GroupIdMode.PROJECT for shared project-wide context. This aligns task memory with PR review memory, which already uses shared databases for cross-session learning. Fixes AndyMik90#205 * refactor(memory): centralize GraphitiMemory instantiation via helper Use the existing get_graphiti_memory helper function instead of directly instantiating GraphitiMemory in multiple places. This reduces code duplication and improves maintainability by having a single source of truth for memory creation. The helper already uses GroupIdMode.PROJECT for cross-spec learning, so this refactor maintains the original fix while centralizing the logic. Addresses review comments on AndyMik90#905 * refactor(memory): improve error handling for GraphitiMemory instantiation Move get_graphiti_memory() calls inside try/except blocks to properly catch construction errors. Also use explicit 'is None' checks instead of truthiness to avoid surprising __bool__ behavior. - In get_graphiti_context: Move memory creation inside try block - In save_session_memory: Move memory creation inside try block - In _save_to_graphiti_async: Remove redundant is_graphiti_enabled check, use 'is None' for explicit None checking These changes ensure that any construction errors are caught and handled, allowing graceful fallback to file-based memory. Addresses additional review comments on AndyMik90#905 * style(memory): use explicit None checks in finally blocks Replace truthy checks with explicit 'is not None' checks in finally blocks for consistency with other explicit None checks in memory_manager.py. Addresses review comment on AndyMik90#905 * fix(memory): use explicit None check in second finally block Update the finally block in save_session_memory to use explicit None check for consistency. The first finally block was updated but this one was missed. Addresses remaining review comment on AndyMik90#905 * refactor(memory): use finally block for consistent cleanup in save_to_graphiti_async Refactor save_to_graphiti_async to use a finally block with explicit None check for resource cleanup, matching the pattern established in memory_manager.py. Previously, close() was called in both the try and except blocks, which could lead to resource leaks in certain edge cases. The finally block ensures cleanup always occurs. Addresses CodeRabbit review feedback on AndyMik90#905 * refactor(memory): add type hints and improve cleanup safety - Add return type annotation to get_graphiti_memory() using TYPE_CHECKING to avoid circular imports while keeping call sites honest - Wrap memory.close() in try/except within finally blocks to prevent close() exceptions from overriding success/failure flows - Use explicit 'memory is not None' checks to avoid misleading warnings when memory isn't available - Distinguish between 'memory is None' (not available) and 'memory.is_enabled is False' (disabled) for clearer logging Addresses CodeRabbit review feedback on AndyMik90#905 * fix(memory): wrap close() in try/except in save_to_graphiti_async finally Wrap graphiti.close() in try/except within the finally block to prevent close() exceptions from overriding successful outcomes. This matches the pattern established in memory_manager.py for consistent resource cleanup. Addresses CodeRabbit review feedback on AndyMik90#905 * fix(memory): address follow-up review findings - Wrap close() in try/except in tools/memory.py finally block to match the pattern in graphiti_helpers.py and memory_manager.py, preventing close() exceptions from overriding successful outcomes - Update get_graphiti_memory() default in integrations/graphiti/memory.py from GroupIdMode.SPEC to GroupIdMode.PROJECT for consistency with the PR's intent of enabling cross-spec learning by default - Add deprecation note explaining the default change Addresses follow-up review findings on AndyMik90#905: - NEW-001: Inconsistent close() handling - e87df0a37e94: Duplicate get_graphiti_memory function with different default * refactor(memory): log close failures at debug level Update all finally blocks to log memory.close() failures at debug level instead of silently swallowing them. This provides useful diagnostics while still preventing close() exceptions from overriding the main result. Changes: - tools/memory.py: Add logger.debug() with exc_info for close failures - graphiti_helpers.py: Add logger.debug() with exc_info for close failures - memory_manager.py: Add logger.debug() with exc_info for close failures (2 locations) The debug-level logging ensures close failures are visible for debugging but do not affect the primary operation outcome. Addresses review feedback on AndyMik90#905 * fix(memory): log close failures in nested finally block Add debug logging to the nested finally block in save_session_memory that was missed by the previous replace_all operation due to different indentation levels. This ensures all close failures are logged at debug level for debugging purposes while still preventing them from overriding the main result. Addresses review feedback on AndyMik90#905 * fix(logging): use exc_info=True for proper traceback in debug logs Change logger.debug calls to use exc_info=True instead of exc_info=e when logging close failures. This ensures the current exception's traceback is included in the log output for better debugging. exc_info=e only includes the exception object but not the traceback, while exc_info=True captures the full traceback information from the current exception context. Changes: - memory_manager.py: Update both finally blocks (2 locations) - graphiti_helpers.py: Update finally block - tools/memory.py: Update finally block Addresses review feedback on AndyMik90#905 --------- Co-authored-by: StillKnotKnown <[email protected]> Co-authored-by: Andy <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When validating Claude CLI on Windows with shell: true (for .cmd/.bat files), paths containing spaces were being split by cmd.exe. For example:
D:\Program Files\nodejs\claude.cmdwas parsed as commandD:\Programwith argumentsFiles\nodejs\claude.cmd --version.This fix adds proper quoting for paths with spaces when using shell: true, preventing cmd.exe from incorrectly splitting the path at space characters.
🤖 Generated with Claude Code
Base Branch
developbranch (required for all feature/fix PRs)main(hotfix only - maintainers)Description
Related Issue
Closes #
Type of Change
Area
Commit Message Format
Follow conventional commits:
<type>: <subject>Types: feat, fix, docs, style, refactor, test, chore
Example:
feat: add user authentication systemChecklist
developbranchCI/Testing Requirements
Screenshots
Feature Toggle
use_feature_nameBreaking Changes
Breaking: Yes / No
Details:
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.