feat(auth): add AWS Bedrock support as alternative to OAuth #896
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add comprehensive branching strategy documentation - Explain main, develop, feature, fix, release, and hotfix branches - Clarify that all PRs should target develop (not main) - Add release process documentation for maintainers - Update PR process to branch from develop - Expand table of contents with new sections
* refactor: restructure project to Apps/frontend and Apps/backend - Move auto-claude-ui to Apps/frontend with feature-based architecture - Move auto-claude to Apps/backend - Switch from pnpm to npm for frontend - Update Node.js requirement to v24.12.0 LTS - Add pre-commit hooks for lint, typecheck, and security audit - Add commit-msg hook for conventional commits - Fix CommonJS compatibility issues (postcss.config, postinstall scripts) - Update README with comprehensive setup and contribution guidelines - Configure ESLint to ignore .cjs files - 0 npm vulnerabilities Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> * feat(refactor): clean code and move to npm * feat(refactor): clean code and move to npm * chore: update to v2.7.0, remove Docker deps (LadybugDB is embedded) * feat: v2.8.0 - update workflows and configs for Apps/ structure, npm * fix: resolve Python lint errors (F401, I001) * fix: update test paths for Apps/backend structure * fix: add missing facade files and update paths for Apps/backend structure - Fix ruff lint error I001 in auto_claude_tools.py - Create missing facade files to match upstream (agent, ci_discovery, critique, etc.) - Update test paths from auto-claude/ to Apps/backend/ - Update .pre-commit-config.yaml paths for Apps/ structure - Add pytest to pre-commit hooks (skip slow/integration/Windows-incompatible tests) - Fix Unicode encoding in test_agent_architecture.py for Windows Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> * feat: improve readme * fix: new path * fix: correct release workflow and docs for Apps/ restructure - Fix ARM64 macOS build: pnpm → npm, auto-claude-ui → Apps/frontend - Fix artifact upload paths in release.yml - Update Node.js version to 24 for consistency - Update CLI-USAGE.md with Apps/backend paths - Update RELEASE.md with Apps/frontend/package.json paths 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * refactor: rename Apps/ to apps/ and fix backend path resolution - Rename Apps/ folder to apps/ for consistency with JS/Node conventions - Update all path references across CI/CD workflows, docs, and config files - Fix frontend Python path resolver to look for 'backend' instead of 'auto-claude' - Update path-resolver.ts to correctly find apps/backend in development mode This completes the Apps restructure from PR AndyMik90#122 and prepares for v2.8.0 release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(electron): correct preload script path from .js to .mjs electron-vite builds the preload script as ESM (index.mjs) but the main process was looking for CommonJS (index.js). This caused the preload to fail silently, making the app fall back to browser mock mode with fake data and non-functional IPC handlers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * - Introduced `dev:debug` script to enable debugging during development. - Added `dev:mcp` script for running the frontend in MCP mode. These enhancements streamline the development process for frontend developers. * refactor(memory): make Graphiti memory mandatory and remove Docker dependency Memory is now a core component of Auto Claude rather than optional: - Python 3.12+ is required for the backend (not just memory layer) - Graphiti is enabled by default in .env.example - Removed all FalkorDB/Docker references (migrated to embedded LadybugDB) - Deleted guides/DOCKER-SETUP.md and docker-handlers.ts - Updated onboarding UI to remove "optional" language - Updated all documentation to reflect LadybugDB architecture 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat: add cross-platform Windows support for npm scripts - Add scripts/install-backend.js for cross-platform Python venv setup - Auto-detects Python 3.12 (py -3.12 on Windows, python3.12 on Unix) - Handles platform-specific venv paths - Add scripts/test-backend.js for cross-platform pytest execution - Update package.json to use Node.js scripts instead of shell commands - Update CONTRIBUTING.md with correct paths and instructions: - apps/backend/ and apps/frontend/ paths - Python 3.12 requirement (memory system now required) - Platform-specific install commands (winget, brew, apt) - npm instead of pnpm - Quick Start section with npm run install:all 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * remove doc * fix(frontend): correct Ollama detector script path after apps restructure The Ollama status check was failing because memory-handlers.ts was looking for ollama_model_detector.py at auto-claude/ but the script is now at apps/backend/ after the directory restructure. This caused "Ollama not running" to display even when Ollama was actually running and accessible. * chore: bump version to 2.7.2 Downgrade version from 2.8.0 to 2.7.2 as the Apps/ restructure is better suited as a patch release rather than a minor release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: update package-lock.json for Windows compatibility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * docs(contributing): add hotfix workflow and update paths for apps/ structure Add Git Flow hotfix workflow documentation with step-by-step guide and ASCII diagram showing the branching strategy. Update all paths from auto-claude/auto-claude-ui to apps/backend/apps/frontend and migrate package manager references from pnpm to npm to match the new project structure. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ci): remove duplicate ARM64 build from Intel runner The Intel runner was building both x64 and arm64 architectures, while a separate ARM64 runner also builds arm64 natively. This caused duplicate ARM64 builds, wasting CI resources. Now each runner builds only its native architecture: - Intel runner: x64 only - ARM64 runner: arm64 only 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Alex Madera <[email protected]> Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <[email protected]>
…Mik90#141) * feat(ollama): add real-time download progress tracking for model downloads Implement comprehensive download progress tracking with: - NDJSON parsing for streaming progress data from Ollama API - Real-time speed calculation (MB/s, KB/s, B/s) with useRef for delta tracking - Time remaining estimation based on download speed - Animated progress bars in OllamaModelSelector component - IPC event streaming from main process to renderer - Proper listener management with cleanup functions Changes: - memory-handlers.ts: Parse NDJSON from Ollama stderr, emit progress events - OllamaModelSelector.tsx: Display progress bars with speed and time remaining - project-api.ts: Implement onDownloadProgress listener with cleanup - ipc.ts types: Define onDownloadProgress listener interface - infrastructure-mock.ts: Add mock implementation for browser testing This allows users to see real-time feedback when downloading Ollama models, including percentage complete, current download speed, and estimated time remaining. * test: add focused test coverage for Ollama download progress feature Add unit tests for the critical paths of the real-time download progress tracking: - Progress calculation tests (52 tests): Speed/time/percentage calculations with comprehensive edge case coverage (zero speeds, NaN, Infinity, large numbers) - NDJSON parser tests (33 tests): Streaming JSON parsing from Ollama, buffer management for incomplete lines, error handling All 562 unit tests passing with clean dependencies. Tests focus on critical mathematical logic and data processing - the most important paths that need verification. Test coverage: ✅ Speed calculation and formatting (B/s, KB/s, MB/s) ✅ Time remaining calculations (seconds, minutes, hours) ✅ Percentage clamping (0-100%) ✅ NDJSON streaming with partial line buffering ✅ Invalid JSON handling ✅ Real Ollama API responses ✅ Multi-chunk streaming scenarios * docs: add comprehensive JSDoc docstrings for Ollama download progress feature - Enhanced OllamaModelSelector component with detailed JSDoc * Documented component props, behavior, and usage examples * Added docstrings to internal functions (checkInstalledModels, handleDownload, handleSelect) * Explained progress tracking algorithm and useRef usage - Improved memory-handlers.ts documentation * Added docstring to main registerMemoryHandlers function * Documented all Ollama-related IPC handlers (check-status, list-embedding-models, pull-model) * Added JSDoc to executeOllamaDetector helper function * Documented interface types (OllamaStatus, OllamaModel, OllamaEmbeddingModel, OllamaPullResult) * Explained NDJSON parsing and progress event structure - Enhanced test file documentation * Added docstrings to NDJSON parser test utilities with algorithm explanation * Documented all calculation functions (speed, time, percentage) * Added detailed comments on formatting and bounds-checking logic - Improved overall code maintainability * Docstring coverage now meets 80%+ threshold for code review * Clear explanation of progress tracking implementation details * Better context for future maintainers working with download streaming * feat: add batch task creation and management CLI commands - Handle batch task creation from JSON files - Show status of all specs in project - Cleanup tool for completed specs - Full integration with new apps/backend structure - Compatible with implementation_plan.json workflow * test: add batch task test file and testing checklist - batch_test.json: Sample tasks for testing batch creation - TESTING_CHECKLIST.md: Comprehensive testing guide for Ollama and batch tasks - Includes UI testing steps, CLI testing steps, and edge cases - Ready for manual and automated testing * chore: update package-lock.json to match v2.7.2 * test: update checklist with verification results and architecture validation * docs: add comprehensive implementation summary for Ollama + Batch features * docs: add comprehensive Phase 2 testing guide with checklists and procedures * docs: add NEXT_STEPS guide for Phase 2 testing * fix: resolve merge conflict in project-api.ts from Ollama feature cherry-pick * fix: remove duplicate Ollama check status handler registration * test: update checklist with Phase 2 bug findings and fixes --------- Co-authored-by: ray <[email protected]>
Implemented promise queue pattern in PythonEnvManager to handle concurrent initialization requests. Previously, multiple simultaneous requests (e.g., startup + merge) would fail with "Already initializing" error. Also fixed parsePythonCommand() to handle file paths with spaces by checking file existence before splitting on whitespace. Changes: - Added initializationPromise field to queue concurrent requests - Split initialize() into public and private _doInitialize() - Enhanced parsePythonCommand() with existsSync() check Co-authored-by: Joris Slagter <[email protected]>
) Removes the legacy 'auto-claude' path from the possiblePaths array in agent-process.ts. This path was from before the monorepo restructure (v2.7.2) and is no longer needed. The legacy path was causing spec_runner.py to be looked up at the wrong location: - OLD (wrong): /path/to/auto-claude/auto-claude/runners/spec_runner.py - NEW (correct): /path/to/apps/backend/runners/spec_runner.py This aligns with the new monorepo structure where all backend code lives in apps/backend/. Fixes AndyMik90#147 Co-authored-by: Joris Slagter <[email protected]>
* fix: Linear API authentication and GraphQL types - Remove Bearer prefix from Authorization header (Linear API keys are sent directly) - Change GraphQL variable types from String! to ID! for teamId and issue IDs - Improve error handling to show detailed Linear API error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: Radix Select empty value error in Linear import modal Use '__all__' sentinel value instead of empty string for "All projects" option, as Radix Select does not allow empty string values. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat: add CodeRabbit configuration file Introduce a new .coderabbit.yaml file to configure CodeRabbit settings, including review profiles, automatic review options, path filters, and specific instructions for different file types. This enhances the code review process by providing tailored guidelines for Python, TypeScript, and test files. * fix: correct GraphQL types for Linear team queries Linear API uses different types for different queries: - team(id:) expects String! - issues(filter: { team: { id: { eq: } } }) expects ID! 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: refresh task list after Linear import Call loadTasks() after successful Linear import to update the kanban board without requiring a page reload. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * cleanup * cleanup * fix: address CodeRabbit review comments for Linear integration - Fix unsafe JSON parsing: check response.ok before parsing JSON to handle non-JSON error responses (e.g., 503 from proxy) gracefully - Use ID! type instead of String! for teamId in LINEAR_GET_PROJECTS query for GraphQL type consistency - Remove debug console.log (ESLint config only allows warn/error) - Refresh task list on partial import success (imported > 0) instead of requiring full success - Fix pre-existing TypeScript and lint issues blocking commit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * version sync logic * lints for develop branch * chore: update CI workflow to include develop branch - Modified the CI configuration to trigger on pushes and pull requests to both main and develop branches, enhancing the workflow for development and integration processes. * fix: update project directory auto-detection for apps/backend structure The project directory auto-detection was checking for the old `auto-claude/` directory name but needed to check for `apps/backend/`. When running from `apps/backend/`, the directory name is `backend` not `auto-claude`, so the check would fail and `project_dir` would incorrectly remain as `apps/backend/` instead of resolving to the project root (2 levels up). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use GraphQL variables instead of string interpolation in LINEAR_GET_ISSUES Replace direct string interpolation of teamId and linearProjectId with proper GraphQL variables. This prevents potential query syntax errors if IDs contain special characters like double quotes, and aligns with the variable-based approach used elsewhere in the file. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ui): correct logging level and await loadTasks on import complete - Change console.warn to console.log for import success messages (warn is incorrect severity for normal completion) - Make onImportComplete callback async and await loadTasks() to prevent potential unhandled promise rejections Applies CodeRabbit review feedback across 3 LinearTaskImportModal usages. * fix(hooks): use POSIX-compliant find instead of bash glob The pre-commit hook uses #!/bin/sh but had bash-specific ** glob pattern for staging ruff-formatted files. The ** pattern only works in bash with globstar enabled - in POSIX sh it expands literally and won't match subdirectories, causing formatted files in nested directories to not be staged. --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…_progress When a user drags a running task back to Planning (or any other column), the process was not being stopped, leaving a "ghost" process that prevented deletion with "Cannot delete a running task" error. Now the task process is automatically killed when status changes away from in_progress, ensuring the process state stays in sync with the UI.
* feat: add UI scale feature * refactor: extract UI scale bounds to shared constants * fix: duplicated import
…90#154) * fix: analyzer Python compatibility and settings integration Fixes project index analyzer failing with TypeError on Python type hints. Changes: - Added 'from __future__ import annotations' to all analysis modules - Fixed project discovery to support new analyzer JSON format - Read Python path directly from settings.json instead of pythonEnvManager - Added stderr/stdout logging for analyzer debugging Resolves 'Discovered 0 files' and 'TypeError: unsupported operand type' issues. * auto-claude: subtask-1-1 - Hide status badge when execution phase badge is showing When a task has an active execution (planning, coding, etc.), the execution phase badge already displays the correct state with a spinner. The status badge was also rendering, causing duplicate/confusing badges (e.g., both "Planning" and "Pending" showing at the same time). This fix wraps the status badge in a conditional that only renders when there's no active execution, eliminating the redundant badge display. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ipc): remove unused pythonEnvManager parameter and fix ES6 import Address CodeRabbit review feedback: - Remove unused pythonEnvManager parameter from registerProjectContextHandlers and registerContextHandlers (the code reads Python path directly from settings.json instead) - Replace require('electron').app with proper ES6 import for consistency 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore(lint): fix import sorting in analysis module Run ruff --fix to resolve I001 lint errors after merging develop. All 23 files in apps/backend/analysis/ now have properly sorted imports. --------- Co-authored-by: Joris Slagter <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
* fix(core): add task persistence, terminal handling, and HTTP 300 fixes Consolidated bug fixes from PRs AndyMik90#168, AndyMik90#170, AndyMik90#171: - Task persistence (AndyMik90#168): Scan worktrees for tasks on app restart to prevent loss of in-progress work and wasted API credits. Tasks in .worktrees/*/specs are now loaded and deduplicated with main. - Terminal buttons (AndyMik90#170): Fix "Open Terminal" buttons silently failing on macOS by properly awaiting createTerminal() Promise. Added useTerminalHandler hook with loading states and error display. - HTTP 300 errors (AndyMik90#171): Handle branch/tag name collisions that cause update failures. Added validation script to prevent conflicts before releases and user-friendly error messages with manual download links. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(platform): add path resolution, spaces handling, and XDG support This commit consolidates multiple bug fixes from community PRs: - PR AndyMik90#187: Path resolution fix - Update path detection to find apps/backend instead of legacy auto-claude directory after v2.7.2 restructure - PR AndyMik90#182/AndyMik90#155: Python path spaces fix - Improve parsePythonCommand() to handle quoted paths and paths containing spaces without splitting - PR AndyMik90#161: Ollama detection fix - Add new apps structure paths for ollama_model_detector.py script discovery - PR AndyMik90#160: AppImage support - Add XDG Base Directory compliant paths for Linux sandboxed environments (AppImage, Flatpak, Snap). New files: - config-paths.ts: XDG path utilities - fs-utils.ts: Filesystem utilities with fallback support - PR AndyMik90#159: gh CLI PATH fix - Add getAugmentedEnv() utility to include common binary locations (Homebrew, snap, local) in PATH for child processes. Fixes gh CLI not found when app launched from Finder/Dock. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address CodeRabbit/Cursor review comments on PR AndyMik90#185 Fixes from code review: - http-client.ts: Use GITHUB_CONFIG instead of hardcoded owner in HTTP 300 error message - validate-release.js: Fix substring matching bug in branch detection that could cause false positives (e.g., v2.7 matching v2.7.2) - bump-version.js: Remove unnecessary try-catch wrapper (exec() already exits on failure) - execution-handlers.ts: Capture original subtask status before mutation for accurate logging - fs-utils.ts: Add error handling to safeWriteFile with proper logging Dismissed as trivial/not applicable: - config-paths.ts: Exhaustive switch check (over-engineering) - env-utils.ts: PATH priority documentation (existing comments sufficient) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address additional CodeRabbit review comments (round 2) Fixes from second round of code review: - fs-utils.ts: Wrap test file cleanup in try-catch for Windows file locking - fs-utils.ts: Add error handling to safeReadFile for consistency with safeWriteFile - http-client.ts: Use GITHUB_CONFIG in fetchJson (missed in first round) - validate-release.js: Exclude symbolic refs (origin/HEAD -> origin/main) from branch check - python-detector.ts: Return cleanPath instead of pythonPath for empty input edge case Dismissed as trivial/not applicable: - execution-handlers.ts: Redundant checkSubtasksCompletion call (micro-optimization) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
* chore: update README version to 2.7.1 Updated the version badge and download links in the README to reflect the new release version 2.7.1, ensuring users have the correct information for downloading the latest builds. * feat(releases): add beta release system with user opt-in Implements a complete beta release workflow that allows users to opt-in to receiving pre-release versions. This enables testing new features before they're included in stable releases. Changes: - Add beta-release.yml workflow for creating beta releases from develop - Add betaUpdates setting with UI toggle in Settings > Updates - Add update channel support to electron-updater (beta vs latest) - Extract shared settings-utils.ts to reduce code duplication - Add prepare-release.yml workflow for automated release preparation - Document beta release process in CONTRIBUTING.md and RELEASE.md Users can enable beta updates in Settings > Updates, and maintainers can trigger beta releases via the GitHub Actions workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * workflow update --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
* chore: update README version to 2.7.1 Updated the version badge and download links in the README to reflect the new release version 2.7.1, ensuring users have the correct information for downloading the latest builds. * feat(releases): add beta release system with user opt-in Implements a complete beta release workflow that allows users to opt-in to receiving pre-release versions. This enables testing new features before they're included in stable releases. Changes: - Add beta-release.yml workflow for creating beta releases from develop - Add betaUpdates setting with UI toggle in Settings > Updates - Add update channel support to electron-updater (beta vs latest) - Extract shared settings-utils.ts to reduce code duplication - Add prepare-release.yml workflow for automated release preparation - Document beta release process in CONTRIBUTING.md and RELEASE.md Users can enable beta updates in Settings > Updates, and maintainers can trigger beta releases via the GitHub Actions workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * workflow update * ci(github): update Discord link and redirect feature requests to discussions Update Discord invite link to correct URL (QhRnz9m5HE) across all GitHub templates and workflows. Redirect feature requests from issue template to GitHub Discussions for better community engagement. Changes: - config.yml: Add feature request link to Discussions, fix Discord URL - question.yml: Update Discord link in pre-question guidance - welcome.yml: Update Discord link in first-time contributor message --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
- Change branch reference from main to develop - Fix contribution guide link to use full URL - Remove hyphen from "Auto Claude" in welcome message
…tup (AndyMik90#180 AndyMik90#167) (AndyMik90#208) This fixes critical bug where macOS users with default Python 3.9.6 couldn't use Auto-Claude because claude-agent-sdk requires Python 3.10+. Root Cause: - Auto-Claude doesn't bundle Python, relies on system Python - python-detector.ts accepted any Python 3.x without checking minimum version - macOS ships with Python 3.9.6 by default (incompatible) - GitHub Actions runners didn't explicitly set Python version Changes: 1. python-detector.ts: - Added getPythonVersion() to extract version from command - Added validatePythonVersion() to check if >= 3.10.0 - Updated findPythonCommand() to skip Python < 3.10 with clear error messages 2. python-env-manager.ts: - Import and use findPythonCommand() (already has version validation) - Simplified findSystemPython() to use shared validation logic - Updated error message from "Python 3.9+" to "Python 3.10+" with download link 3. .github/workflows/release.yml: - Added Python 3.11 setup to all 4 build jobs (macOS Intel, macOS ARM64, Windows, Linux) - Ensures consistent Python version across all platforms during build Impact: - macOS users with Python 3.9 now see clear error with download link - macOS users with Python 3.10+ work normally - CI/CD builds use consistent Python 3.11 - Prevents "ModuleNotFoundError: dotenv" and dependency install failures Fixes AndyMik90#180, AndyMik90#167 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.5 <[email protected]>
* feat: Add OpenRouter as LLM/embedding provider Add OpenRouter provider support for Graphiti memory integration, enabling access to multiple LLM providers through a single API. Changes: Backend: - Created openrouter_llm.py: OpenRouter LLM provider using OpenAI-compatible API - Created openrouter_embedder.py: OpenRouter embedder provider - Updated config.py: Added OpenRouter to provider enums and configuration - New fields: openrouter_api_key, openrouter_base_url, openrouter_llm_model, openrouter_embedding_model - Validation methods updated for OpenRouter - Updated factory.py: Added OpenRouter to LLM and embedder factories - Updated provider __init__.py files: Exported new OpenRouter functions Frontend: - Updated project.ts types: Added 'openrouter' to provider type unions - GraphitiProviderConfig extended with OpenRouter fields - Updated GraphitiStep.tsx: Added OpenRouter to provider arrays - LLM_PROVIDERS: 'Multi-provider aggregator' - EMBEDDING_PROVIDERS: 'OpenAI-compatible embeddings' - Added OpenRouter API key input field with show/hide toggle - Link to https://openrouter.ai/keys - Updated env-handlers.ts: OpenRouter .env generation and parsing - Template generation for OPENROUTER_* variables - Parsing from .env files with proper type casting Documentation: - Updated .env.example with OpenRouter section - Configuration examples - Popular model recommendations - Example configuration (AndyMik90#6) Fixes AndyMik90#92 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * refactor: address CodeRabbit review comments for OpenRouter - Add globalOpenRouterApiKey to settings types and store updates - Initialize openrouterApiKey from global settings - Update documentation to include OpenRouter in provider lists - Add OpenRouter handling to get_embedding_dimension() method - Add openrouter to provider cleanup list - Add OpenRouter to get_available_providers() function - Clarify Legacy comment for openrouterLlmModel These changes complete the OpenRouter integration by ensuring proper settings persistence and provider detection across the application. * fix: apply ruff formatting to OpenRouter code - Break long error message across multiple lines - Format provider list with one item per line - Fixes lint CI failure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Sonnet 4.5 <[email protected]>
…Mik90#209) Implements distributed file-based locking for spec number coordination across main project and all worktrees. Previously, parallel spec creation could assign the same number to different specs (e.g., 042-bmad-task and 042-gitlab-integration both using number 042). The fix adds SpecNumberLock class that: - Acquires exclusive lock before calculating spec numbers - Scans ALL locations (main project + worktrees) for global maximum - Creates spec directories atomically within the lock - Handles stale locks via PID-based detection with 30s timeout Applied to both Python backend (spec_runner.py flow) and TypeScript frontend (ideation conversion, GitHub/GitLab issue import). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <[email protected]>
* fix(ideation): add missing event forwarders for status sync - Add event forwarders in ideation-handlers.ts for progress, log, type-complete, type-failed, complete, error, and stopped events - Fix ideation-type-complete to load actual ideas array from JSON files instead of emitting only the count Resolves UI getting stuck at 0/3 complete during ideation generation. * fix(ideation): fix UI not updating after actions - Fix getIdeationSummary to count only active ideas (exclude dismissed/archived) This ensures header stats match the visible ideas count - Add transformSessionFromSnakeCase to properly transform session data from backend snake_case to frontend camelCase on ideation-complete event - Transform raw session before emitting ideation-complete event Resolves header showing stale counts after dismissing/deleting ideas. * fix(ideation): improve type safety and async handling in ideation type completion - Replace synchronous readFileSync with async fsPromises.readFile in ideation-type-complete handler - Wrap async file read in IIFE with proper error handling to prevent unhandled promise rejections - Add type validation for IdeationType with VALID_IDEATION_TYPES set and isValidIdeationType guard - Add validateEnabledTypes function to filter out invalid type values and log dropped entries - Handle ENOENT separately * fix(ideation): improve generation state management and error handling - Add explicit isGenerating flag to prevent race conditions during async operations - Implement 5-minute timeout for generation with automatic cleanup and error state - Add ideation-stopped event emission when process is intentionally killed - Replace console.warn/error with proper ideation-error events in agent-queue - Add resetGeneratingTypes helper to transition all generating types to a target state - Filter out dismissed/ * refactor(ideation): improve event listener cleanup and timeout management - Extract event handler functions in ideation-handlers.ts to enable proper cleanup - Return cleanup function from registerIdeationHandlers to remove all listeners - Replace single generationTimeoutId with Map to support multiple concurrent projects - Add clearGenerationTimeout helper to centralize timeout cleanup logic - Extract loadIdeationType IIFE to named function for better error context - Enhance error logging with projectId, * refactor: use async file read for ideation and roadmap session loading - Replace synchronous readFileSync with async fsPromises.readFile - Prevents blocking the event loop during file operations - Consistent with async pattern used elsewhere in the codebase - Improved error handling with proper event emission * fix(agent-queue): improve roadmap completion handling and error reporting - Add transformRoadmapFromSnakeCase to convert backend snake_case to frontend camelCase - Transform raw roadmap data before emitting roadmap-complete event - Add roadmap-error emission for unexpected errors during completion - Add roadmap-error emission when project path is unavailable - Remove duplicate ideation-type-complete emission from error handler (event already emitted in loadIdeationType) - Update error log message
Adds 'from __future__ import annotations' to spec/discovery.py for Python 3.9+ compatibility with type hints. This completes the Python compatibility fixes that were partially applied in previous commits. All 26 analysis and spec Python files now have the future annotations import. Related: AndyMik90#128 Co-authored-by: Joris Slagter <[email protected]>
…#241) * fix: resolve Python detection and backend packaging issues - Fix backend packaging path (auto-claude -> backend) to match path-resolver.ts expectations - Add future annotations import to config_parser.py for Python 3.9+ compatibility - Use findPythonCommand() in project-context-handlers to prioritize Homebrew Python - Improve Python detection to prefer Homebrew paths over system Python on macOS This resolves the following issues: - 'analyzer.py not found' error due to incorrect packaging destination - TypeError with 'dict | None' syntax on Python < 3.10 - Wrong Python interpreter being used (system Python instead of Homebrew Python 3.10+) Tested on macOS with packaged app - project index now loads successfully. * refactor: address PR review feedback - Extract findHomebrewPython() helper to eliminate code duplication between findPythonCommand() and getDefaultPythonCommand() - Remove hardcoded version-specific paths (python3.12) and rely only on generic Homebrew symlinks for better maintainability - Remove unnecessary 'from __future__ import annotations' from config_parser.py since backend requires Python 3.12+ where union types are native These changes make the code more maintainable, less fragile to Python version changes, and properly reflect the project's Python 3.12+ requirement.
…#250) * feat(github): add GitHub automation system for issues and PRs Implements comprehensive GitHub automation with three major components: 1. Issue Auto-Fix: Automatically creates specs from labeled issues - AutoFixButton component with progress tracking - useAutoFix hook for config and queue management - Backend handlers for spec creation from issues 2. GitHub PRs Tool: AI-powered PR review sidebar - New sidebar tab (Cmd+Shift+P) alongside GitHub Issues - PRList/PRDetail components for viewing PRs - Review system with findings by severity - Post review comments to GitHub 3. Issue Triage: Duplicate/spam/feature-creep detection - Triage handlers with label application - Configurable detection thresholds Also adds: - Debug logging (DEBUG=true) for all GitHub handlers - Backend runners/github module with orchestrator - AI prompts for PR review, triage, duplicate/spam detection - dev:debug npm script for development with logging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-runner): resolve import errors for direct script execution Changes runner.py and orchestrator.py to handle both: - Package import: `from runners.github import ...` - Direct script: `python runners/github/runner.py` Uses try/except pattern for relative vs direct imports. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): correct argparse argument order for runner.py Move --project global argument before subcommand so argparse can correctly parse it. Fixes "unrecognized arguments: --project" error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * logs when debug mode is on * refactor(github): extract service layer and fix linting errors Major refactoring to improve maintainability and code quality: Backend (Python): - Extracted orchestrator.py (2,600 → 835 lines, 68% reduction) into 7 service modules: - prompt_manager.py: Prompt template management - response_parsers.py: AI response parsing - pr_review_engine.py: PR review orchestration - triage_engine.py: Issue triage logic - autofix_processor.py: Auto-fix workflow - batch_processor.py: Batch issue handling - Fixed 18 ruff linting errors (F401, C405, C414, E741): - Removed unused imports (BatchValidationResult, AuditAction, locked_json_write) - Optimized collection literals (set([n]) → {n}) - Removed unnecessary list() calls - Renamed ambiguous variable 'l' to 'label' throughout Frontend (TypeScript): - Refactored IPC handlers (19% overall reduction) with shared utilities: - autofix-handlers.ts: 1,042 → 818 lines - pr-handlers.ts: 648 → 543 lines - triage-handlers.ts: 437 lines (no duplication) - Created utils layer: logger, ipc-communicator, project-middleware, subprocess-runner - Split github-store.ts into focused stores: issues, pr-review, investigation, sync-status - Split ReviewFindings.tsx into focused components All imports verified, type checks passing, linting clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…ndyMik90#250)" (AndyMik90#251) This reverts commit 348de6d.
* Add multilingual support and i18n integration - Implemented i18n framework using `react-i18next` for translation management. - Added support for English and French languages with translation files. - Integrated language selector into settings. - Updated all text strings in UI components to use translation keys. - Ensured smooth language switching with live updates. * Migrate remaining hard-coded strings to i18n system - TaskCard: status labels, review reasons, badges, action buttons - PhaseProgressIndicator: execution phases, progress labels - KanbanBoard: drop zone, show archived, tooltips - CustomModelModal: dialog title, description, labels - ProactiveSwapListener: account switch notifications - AgentProfileSelector: phase labels, custom configuration - GeneralSettings: agent framework option Added translation keys for en/fr locales in tasks.json, common.json, and settings.json for complete i18n coverage. * Add i18n support to dialogs and settings components - AddFeatureDialog: form labels, validation messages, buttons - AddProjectModal: dialog steps, form fields, actions - RateLimitIndicator: rate limit notifications - RateLimitModal: account switching, upgrade prompts - AdvancedSettings: updates and notifications sections - ThemeSettings: theme selection labels - Updated dialogs.json locales (en/fr) * Fix truncated 'ready' message in dialogs locales * Fix backlog terminology in i18n locales Change "Planning"/"Planification" to standard PM term "Backlog" * Migrate settings navigation and integration labels to i18n - AppSettings: nav items, section titles, buttons - IntegrationSettings: Claude accounts, auto-switch, API keys labels - Added settings nav/projectSections/integrations translation keys - Added buttons.saving to common translations * Migrate AgentProfileSettings and Sidebar init dialog to i18n - AgentProfileSettings: migrate phase config labels, section title, description, and all hardcoded strings to settings namespace - Sidebar: migrate init dialog strings to dialogs namespace with common buttons from common namespace - Add new translation keys for agent profile settings and update dialog * Migrate AppSettings navigation labels to i18n - Add useTranslation hook to AppSettings.tsx - Replace hardcoded section labels with dynamic translations - Add projectSections translations for project settings nav - Add rerunWizardDescription translation key * Add explicit typing to notificationItems array Import NotificationSettings type and use keyof to properly type the notification item keys, removing manual type assertion.
…AndyMik90#266) * ci: implement enterprise-grade PR quality gates and security scanning * ci: implement enterprise-grade PR quality gates and security scanning * fix:pr comments and improve code * fix: improve commit linting and code quality * Removed the dependency-review job (i added it) * fix: address CodeRabbit review comments - Expand scope pattern to allow uppercase, underscores, slashes, dots - Add concurrency control to cancel duplicate security scan runs - Add explanatory comment for Bandit CLI flags - Remove dependency-review job (requires repo settings) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * docs: update commit lint examples with expanded scope patterns Show slashes and dots in scope examples to demonstrate the newly allowed characters (api/users, package.json) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: remove feature request issue template Feature requests are directed to GitHub Discussions via the issue template config.yml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address security vulnerabilities in service orchestrator - Fix port parsing crash on malformed docker-compose entries - Fix shell injection risk by using shlex.split() with shell=False Prevents crashes when docker-compose.yml contains environment variables in port mappings (e.g., '${PORT}:8080') and eliminates shell injection vulnerabilities in subprocess execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…90#252) * feat(github): add GitHub automation system for issues and PRs Implements comprehensive GitHub automation with three major components: 1. Issue Auto-Fix: Automatically creates specs from labeled issues - AutoFixButton component with progress tracking - useAutoFix hook for config and queue management - Backend handlers for spec creation from issues 2. GitHub PRs Tool: AI-powered PR review sidebar - New sidebar tab (Cmd+Shift+P) alongside GitHub Issues - PRList/PRDetail components for viewing PRs - Review system with findings by severity - Post review comments to GitHub 3. Issue Triage: Duplicate/spam/feature-creep detection - Triage handlers with label application - Configurable detection thresholds Also adds: - Debug logging (DEBUG=true) for all GitHub handlers - Backend runners/github module with orchestrator - AI prompts for PR review, triage, duplicate/spam detection - dev:debug npm script for development with logging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-runner): resolve import errors for direct script execution Changes runner.py and orchestrator.py to handle both: - Package import: `from runners.github import ...` - Direct script: `python runners/github/runner.py` Uses try/except pattern for relative vs direct imports. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): correct argparse argument order for runner.py Move --project global argument before subcommand so argparse can correctly parse it. Fixes "unrecognized arguments: --project" error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * logs when debug mode is on * refactor(github): extract service layer and fix linting errors Major refactoring to improve maintainability and code quality: Backend (Python): - Extracted orchestrator.py (2,600 → 835 lines, 68% reduction) into 7 service modules: - prompt_manager.py: Prompt template management - response_parsers.py: AI response parsing - pr_review_engine.py: PR review orchestration - triage_engine.py: Issue triage logic - autofix_processor.py: Auto-fix workflow - batch_processor.py: Batch issue handling - Fixed 18 ruff linting errors (F401, C405, C414, E741): - Removed unused imports (BatchValidationResult, AuditAction, locked_json_write) - Optimized collection literals (set([n]) → {n}) - Removed unnecessary list() calls - Renamed ambiguous variable 'l' to 'label' throughout Frontend (TypeScript): - Refactored IPC handlers (19% overall reduction) with shared utilities: - autofix-handlers.ts: 1,042 → 818 lines - pr-handlers.ts: 648 → 543 lines - triage-handlers.ts: 437 lines (no duplication) - Created utils layer: logger, ipc-communicator, project-middleware, subprocess-runner - Split github-store.ts into focused stores: issues, pr-review, investigation, sync-status - Split ReviewFindings.tsx into focused components All imports verified, type checks passing, linting clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * fixes during testing of PR * feat(github): implement PR merge, assign, and comment features - Add auto-assignment when clicking "Run AI Review" - Implement PR merge functionality with squash method - Add ability to post comments on PRs - Display assignees in PR UI - Add Approve and Merge buttons when review passes - Update backend gh_client with pr_merge, pr_comment, pr_assign methods - Create IPC handlers for new PR operations - Update TypeScript interfaces and browser mocks 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * Improve PR review AI * fix(github): use temp files for PR review posting to avoid shell escaping issues When posting PR reviews with findings containing special characters (backticks, parentheses, quotes), the shell command was interpreting them as commands instead of literal text, causing syntax errors. Changed both postPRReview and postPRComment handlers to write the body content to temporary files and use gh CLI's --body-file flag instead of --body with inline content. This safely handles ALL special characters without escaping issues. Fixes shell errors when posting reviews with suggested fixes containing code snippets. * fix(i18n): add missing GitHub PRs translation and document i18n requirements Fixed missing translation key for GitHub PRs feature that was causing "items.githubPRs" to display instead of the proper translated text. Added comprehensive i18n guidelines to CLAUDE.md to ensure all future frontend development follows the translation key pattern instead of using hardcoded strings. Also fixed missing deletePRReview mock function in browser-mock.ts to resolve TypeScript compilation errors. Changes: - Added githubPRs translation to en/navigation.json - Added githubPRs translation to fr/navigation.json - Added Development Guidelines section to CLAUDE.md with i18n requirements - Documented translation file locations and namespace usage patterns - Added deletePRReview mock function to browser-mock.ts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * fix ui loading * Github PR fixes * improve claude.md * lints/tests * fix(github): handle PRs exceeding GitHub's 20K line diff limit - Add PRTooLargeError exception for large PR detection - Update pr_diff() to catch and raise PRTooLargeError for HTTP 406 errors - Gracefully handle large PRs by skipping full diff and using individual file patches - Add diff_truncated flag to PRContext to track when diff was skipped - Large PRs will now review successfully using per-file diffs instead of failing Fixes issue with PR AndyMik90#252 which has 100+ files exceeding the 20,000 line limit. * fix: implement individual file patch fetching for large PRs The PR review was getting stuck for large PRs (>20K lines) because when we skipped the full diff due to GitHub API limits, we had no code to analyze. The individual file patches were also empty, leaving the AI with just file names and metadata. Changes: - Implemented _get_file_patch() to fetch individual patches via git diff - Updated PR review engine to build composite diff from file patches when diff_truncated is True - Added missing 'state' field to PRContext dataclass - Limits composite diff to first 50 files for very large PRs - Shows appropriate warnings when using reconstructed diffs This allows AI review to proceed with actual code analysis even when the full PR diff exceeds GitHub's limits. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> * 1min reduction * docs: add GitHub Sponsors funding configuration Enable the Sponsor button on the repository by adding FUNDING.yml with the AndyMik90 GitHub Sponsors profile. * feat(github-pr): add orchestrating agent for thorough PR reviews Implement a new Opus 4.5 orchestrating agent that performs comprehensive PR reviews regardless of size. Key changes: - Add orchestrator_reviewer.py with strategic review workflow - Add review_tools.py with subagent spawning capabilities - Add pr_orchestrator.md prompt emphasizing thorough analysis - Add pr_security_agent.md and pr_quality_agent.md subagent prompts - Integrate orchestrator into pr_review_engine.py with config flag - Fix critical bug where findings were extracted but not processed (indentation issue in _parse_orchestrator_output) The orchestrator now correctly identifies issues in PRs that were previously approved as "trivial". Testing showed 7 findings detected vs 0 before the fix. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * i18n * fix(github-pr): restrict pr_reviewer to read-only permissions The PR review agent was using qa_reviewer agent type which has Bash access, allowing it to checkout branches and make changes during review. Created new pr_reviewer agent type with BASE_READ_TOOLS only (no Bash, no writes, no auto-claude tools). This prevents the PR review from accidentally modifying code or switching branches during analysis. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github-pr): robust category mapping and JSON parsing for PR review The orchestrator PR review was failing to extract findings because: 1. AI generates category names like 'correctness', 'consistency', 'testing' that aren't in our ReviewCategory enum - added flexible mapping 2. JSON sometimes embedded in markdown code blocks (```json) which broke parsing - added code block extraction as first parsing attempt Changes: - Add _CATEGORY_MAPPING dict to map AI categories to valid enum values - Add _map_category() helper function with fallback to QUALITY - Add severity parsing with fallback to MEDIUM - Add markdown code block detection (```json) before raw JSON parsing - Add _extract_findings_from_data() helper to reduce code duplication - Apply same fixes to review_tools.py for subagent parsing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(pr-review): improve post findings UX with batch support and feedback - Fix post findings failing on own PRs by falling back from REQUEST_CHANGES to COMMENT when GitHub returns 422 error - Change status badge to show "Reviewed" instead of "Commented" until findings are actually posted to GitHub - Add success notification when findings are posted (auto-dismisses after 3s) - Add batch posting support: track posted findings, show "Posted" badge, allow posting remaining findings in additional batches - Show loading state on button while posting 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(github): resolve stale timestamp and null author bugs - Fix stale timestamp in batch_issues.py: Move updated_at assignment BEFORE to_dict() serialization so the saved JSON contains the correct timestamp instead of the old value - Fix AttributeError in context_gatherer.py: Handle null author/user fields when GitHub API returns null for deleted/suspended users instead of an empty object 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high and medium severity PR review findings HIGH severity fixes: - Command Injection in autofix-handlers.ts: Use execFileSync with args array - Command Injection in pr-handlers.ts (3 locations): Use execFileSync + validation - Command Injection in triage-handlers.ts: Use execFileSync + label validation - Token Exposure in bot_detection.py: Pass token via GH_TOKEN env var MEDIUM severity fixes: - Environment variable leakage in subprocess-runner.ts: Filter to safe vars only - Debug logging in subprocess-runner.ts: Only log in development mode - Delimiter escape bypass in sanitize.py: Use regex pattern for variations - Insecure file permissions in trust.py: Use os.open with 0o600 mode - No file locking in learning.py: Use FileLock + atomic_write utilities - Bare except in confidence.py: Log error with specific exception info - Fragile module import in pr_review_engine.py: Import at module level - State transition validation in models.py: Enforce can_transition_to() 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * PR followup * fix(security): add usedforsecurity=False to MD5 hash calls MD5 is used for generating unique IDs/cache keys, not for security purposes. Adding usedforsecurity=False resolves Bandit B324 warnings. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high-priority PR review findings Fixes 5 high-priority issues from Auto Claude PR Review: 1. orchestrator_reviewer.py: Token budget tracking now increments total_tokens from API response usage data 2. pr_review_engine.py: Async exceptions now re-raise RuntimeError instead of silently returning empty results 3. batch_issues.py: IssueBatch.save() now uses locked_json_write for atomic file operations with file locking 4. project-middleware.ts: Added validateProjectPath() to prevent path traversal attacks (checks absolute, no .., exists, is dir) 5. orchestrator.py: Exception handling now logs full traceback and preserves exception type/context in error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(security): address all high-priority PR review findings Fixes 5 high-priority issues from Auto Claude PR Review: 1. orchestrator_reviewer.py: Token budget tracking now increments total_tokens from API response usage data 2. pr_review_engine.py: Async exceptions now re-raise RuntimeError instead of silently returning empty results 3. batch_issues.py: IssueBatch.save() now uses locked_json_write for atomic file operations with file locking 4. project-middleware.ts: Added validateProjectPath() to prevent path traversal attacks (checks absolute, no .., exists, is dir) 5. orchestrator.py: Exception handling now logs full traceback and preserves exception type/context in error messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * feat(ui): add PR status labels to list view Add secondary status badges to the PR list showing review state at a glance: - "Changes Requested" (warning) - PRs with blocking issues (critical/high) - "Ready to Merge" (green) - PRs with only non-blocking suggestions - "Ready for Follow-up" (blue) - PRs with new commits since last review The "Ready for Follow-up" badge uses a cached new commits check from the store, only shown after the detail view confirms new commits via SHA comparison. This prevents false positives from PR updatedAt timestamp changes (which can happen from comments, labels, etc). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * PR labels * auto-claude: Initialize subtask-based implementation plan - Workflow type: feature - Phases: 3 - Subtasks: 6 - Ready for autonomous implementation --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
…yMik90#272) Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.0.15 to 4.0.16. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.16/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.0.16 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@electron/rebuild](https://github.com/electron/rebuild) from 3.7.2 to 4.0.2. - [Release notes](https://github.com/electron/rebuild/releases) - [Commits](electron/rebuild@v3.7.2...v4.0.2) --- updated-dependencies: - dependency-name: "@electron/rebuild" dependency-version: 4.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andy <[email protected]>
Co-authored-by: danielfrey63 <[email protected]> Co-authored-by: Andy <[email protected]>
* fix(planning): accept bug_fix workflow_type alias * style(planning): ruff format * fix: refatored common logic * fix: remove ruff errors * fix: remove duplicate _normalize_workflow_type method Remove the incorrectly placed duplicate method inside ContextLoader class. The module-level function is the correct implementation being used. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: danielfrey63 <[email protected]> Co-authored-by: Andy <[email protected]> Co-authored-by: AndyMik90 <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
…ow (AndyMik90#276) When dry_run=true, the workflow skipped creating the version tag but build jobs still tried to checkout that non-existent tag, causing all 4 platform builds to fail with "git failed with exit code 1". Now build jobs checkout develop branch for dry runs while still using the version tag for real releases. Closes: GitHub Actions run #20464082726
…flip-flop bug (AndyMik90#824) * chore: update .gitignore to include auto-generated files and security logs - Added entries for .security-key and logs/security/ to ignore auto-generated files and security logs. * fix(ACS-51): prevent task workflow from halting after planning stage Root cause: Frontend accepted incomplete plan data (empty phases array) during spec creation, which overwrote subtask state and left tasks stuck. Changes: - Add validatePlanData() to reject incomplete plans in task-store - Add reloadPlanForIncompleteTask() hook for resume functionality - Enhance logging in project-store for plan loading diagnostics - Add comprehensive unit tests for plan validation edge cases - Add integration tests for task lifecycle IPC events - Add E2E test specs for full task workflow The fix ensures incomplete plans are rejected while the backend's validation/auto-fix pipeline completes, preserving UI state until valid data arrives. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix(ACS-55, ACS-71): ensure Kanban state transitions render correctly ACS-55: Task card was showing "planning" even after moving to "coding" phase - Phase transitions now bypass the 16ms batching window and apply immediately - Added debug logging when sequence number checks drop out-of-order updates - This ensures intermediate phases (planning→coding→qa) are never coalesced ACS-71: Task immediately moved to Human Review with zero subtasks - Exit handler now checks if subtasks exist before moving to human_review - Added validateStatusTransition() function to prevent invalid state changes - Blocks human_review when no subtasks exist (task still in planning) - Blocks phase regression from coding back to planning Changes: - agent-events-handlers.ts: Added validation function, fixed exit handler - useIpc.ts: Phase changes bypass batching, apply immediately - task-store.ts: Added logging for dropped out-of-order updates 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: prevent status flip-flop between Human Review and AI Review When a task completed, `updateTaskFromPlan` would override the correct 'human_review' status with 'ai_review' when all subtasks were complete, causing tasks to flip between statuses on refresh. Root cause: The function only checked for "active" phases (planning, coding, qa_review, qa_fixing). When phase was 'complete' or 'idle', it would recalculate status from subtasks and set 'ai_review'. Fix: - Add 'complete' and 'failed' as terminal phases that skip recalculation - Respect explicit 'human_review' status from plan file - Never downgrade from 'human_review' to 'ai_review' This completes the Kanban state management fixes for ACS-51, ACS-55, ACS-71. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: add missing SubtaskStatus import to task-store The SubtaskStatus type was used but not imported, causing TypeScript compilation to fail in CI. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use secure temp directories in tests to fix CodeQL alerts Replace hardcoded /tmp/ paths with mkdtempSync for secure temp directory creation. This prevents TOCTOU (time-of-check-time-of-use) attacks by using randomly generated directory names. Files fixed: - e2e/task-workflow.spec.ts - __tests__/integration/task-lifecycle.test.ts Resolves CodeQL "Insecure temporary file" high severity alerts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address PR review findings for Kanban state management - Fix reloadPlanForIncompleteTask to update Zustand store after reload - Extend flip-flop prevention to include pr_created and done statuses - Use wouldPhaseRegress() utility instead of hardcoded phase checks - Gate debug logging with debugLog utility for production - Fix unsafe type assertion for plan status - Remove redundant gitignore entry (logs/security/) - Add test coverage for terminal phase and status preservation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: address follow-up PR review suggestions (5 LOW severity) - Add ExecutionPhase type cast after type guard check - Use crypto.randomUUID() for stronger subtask ID generation - Add optional chaining for defensive coding in useTaskDetail - Clarify comment about phase bypass batching behavior - Fix misleading test comment about human_review preservation - Update test regex to accept both UUID and fallback ID formats 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * chore: address final 3 LOW severity suggestions from CodeRabbit - Remove unused electronAPI variable in task-lifecycle test - Add comment explaining defensive fallback for description field - Rename test to clarify status recalculation skip behavior 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
) SignTool requires http://timestamp.acs.microsoft.com not https://
…yMik90#849) * fix(ui): display subtask titles instead of UUIDs in TaskSubtasks The Subtasks tab was rendering raw UUIDs instead of human-readable titles for each subtask row. This made the list hard to scan and undermined usability. Changed: - Display subtask.title instead of subtask.id in row header - Added fallback to 'Untitled subtask' for edge cases - Updated tooltip to show full title for truncated text Fixes AndyMik90#844 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: use i18n translation for untitled subtask fallback - Add 'subtasks.untitled' translation key to en/tasks.json - Add French translation to fr/tasks.json - Update TaskSubtasks.tsx to use useTranslation hook - Replace hardcoded 'Untitled subtask' with t('tasks:subtasks.untitled') Addresses CodeRabbit and Auto Claude PR review feedback. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Test User <[email protected]> Co-authored-by: Claude Opus 4.5 <[email protected]>
…ths (AndyMik90#827) * fix: improve Claude CLI detection with Windows where.exe fallback - Add where.exe as fallback detection method on Windows (step 4) - Enables detection of Claude CLI in non-standard paths (e.g., nvm-windows) - where.exe searches PATH + Windows Registry + current directory - Add 8 comprehensive unit tests (6 sync + 2 async) - Update JSDoc comments to reflect new detection priority Fixes issue where Claude CLI installed via nvm-windows or other non-standard locations cannot be detected by standard PATH search. The where.exe utility is universally available on Windows and provides more comprehensive executable resolution than basic PATH checks. Signed-off-by: yc13 <[email protected]> * fix: prefer .cmd/.exe extensions when where.exe returns multiple paths When where.exe finds multiple paths for the same executable (e.g., both 'claude' and 'claude.cmd'), we now prefer paths with .cmd or .exe extensions since Windows requires extensions to execute files. This fixes Claude CLI detection for nvm-windows installations where the executable is installed as claude.cmd but where.exe returns the extensionless path first. Signed-off-by: yc13 <[email protected]> * fix: use execSync for .cmd/.bat files to handle paths with spaces on Windows Root cause: execFileSync cannot handle paths with spaces in .cmd/.bat files, even with shell:true. Windows requires shell to execute batch files. Solution: - Add shouldUseShell() utility to detect .cmd/.bat files - Use execSync (not execFileSync) for .cmd/.bat files with quoted paths - Use getSpawnOptions() for spawn() calls in env-handlers.ts - Add comprehensive unit tests (15 test cases) Technical details: - execFileSync + shell:true: FAILS with space in path - execSync with quoted path: WORKS correctly - spawn with getSpawnOptions(): WORKS correctly Files changed: - env-utils.ts: Add shouldUseShell() and getSpawnOptions() - cli-tool-manager.ts: Use execSync/execAsync for .cmd/.bat validation - env-handlers.ts: Use getSpawnOptions() for spawn calls - env-utils.test.ts: Add 15 unit tests Fixes issue where Claude CLI in paths like 'D:\Program Files\nvm4w\nodejs\claude.cmd' fails with error: 'D:\Program' is not recognized as internal or external command. Signed-off-by: g1331 <[email protected]> * fix: address PR review feedback - remove unused imports and fix comment numbering - Remove unused imports (execFile, app, execSync, mockDirent) - Fix duplicate step numbering in Claude CLI detection comments (5→6, 6→7) - Add exec mock to child_process for async validation support - Add shouldUseShell and getSpawnOptions mocks for Windows .cmd handling * fix: make Windows AppData test cross-platform compatible Use path component checks instead of full path string matching to handle different path separators on different host OSes (path.join uses host OS separator, not mocked process.platform) * fix: address PR review security findings and code quality issues Security fixes (HIGH): - Add double quote ("), caret (^) to isSecurePath() dangerous chars - Add Windows environment variable expansion pattern (%VAR%) detection - Apply isSecurePath() validation to user-configured claudePath on Windows Bug fixes (MEDIUM): - Include .bat extension in where.exe result preference regex Code quality (LOW): - Export existsAsync from env-utils.ts, remove duplicate in cli-tool-manager.ts - Remove unused test placeholder (it.skip for user config tests) - Add existsAsync mock to env-utils mock in test file All changes reviewed via Codex security audit. * fix: add requestAnimationFrame polyfill for jsdom test environment The terminal-copy-paste.test.ts uses jsdom environment and imports useXterm hook which calls requestAnimationFrame for initial terminal fit. jsdom doesn't provide this function by default, causing CI failure on Linux. This adds requestAnimationFrame/cancelAnimationFrame mocks to the test setup file, matching the existing scrollIntoView polyfill pattern. * fix: allow parentheses in Windows paths for Program Files (x86) locations Remove standalone parentheses () from isSecurePath() dangerous character detection. Parentheses are safe in Windows paths when properly quoted with double quotes, and are required to support standard installation locations like 'C:\Program Files (x86)\Claude\claude.exe'. Security analysis: - $() command substitution still blocked ($ character is in blocklist) - &|<> command separators still blocked - " quote breaking still blocked - %VAR% expansion still blocked - All other shell metacharacters still blocked The code always uses double-quoted paths when shell:true, making parentheses safe as literal characters in cmd.exe context. Signed-off-by: g1331 <[email protected]> --------- Signed-off-by: yc13 <[email protected]> Signed-off-by: g1331 <[email protected]> Co-authored-by: Andy <[email protected]>
* fix(ui): persist staged task state across app restarts
Previously, when a task was staged and the app restarted, the UI showed
the staging interface again instead of recognizing the task was already
staged. This happened because the condition order checked worktree
existence before checking the stagedInMainProject flag.
Changes:
- Fix condition priority in TaskReview.tsx to check stagedInMainProject
before worktreeStatus.exists
- Add 'Mark Done Only' button to mark task complete without deleting
worktree
- Add 'Review Again' button to clear staged state and re-show staging UI
- Add TASK_CLEAR_STAGED_STATE IPC handler to reset staged flags in
implementation plan files
- Add handleReviewAgain callback in useTaskDetail hook
* feat(ui): add worktree cleanup dialog when marking task as done
When dragging a task to the 'done' column, if the task has a worktree:
- Shows a confirmation dialog asking about worktree cleanup
- Staged tasks: Can 'Keep Worktree' or 'Delete Worktree & Mark Done'
- Non-staged tasks: Must delete worktree or cancel (to prevent losing work)
Also fixes a race condition where discardWorktree sent 'backlog' status
before persistTaskStatus('done') could execute, causing task to briefly
appear in Done then jump back to Planning.
Added skipStatusChange parameter to discardWorktree IPC to prevent this.
* fix(frontend): Address PR AndyMik90#800 feedback - type errors, TOCTOU race, and i18n
- Fix TypeScript error in KanbanBoard by using isValidDropColumn type guard
instead of incorrect includes() cast with TaskStatus
- Fix TOCTOU race condition in clearStagedState handler by using EAFP
pattern (try/catch) instead of existsSync before read/write
- Fix task data refresh in handleReviewAgain by calling loadTasks after
clearing staged state to reflect updated task data
- Add workspaceError reset in handleReviewAgain
- Add missing i18n translation keys for kanban worktree cleanup dialog
(en/fr: worktreeCleanupTitle, worktreeCleanupStaged, worktreeCleanupNotStaged,
keepWorktree, deleteWorktree)
- Remove unused Trash2 import and WorktreeStatus type import
- Remove unused worktreeStatus prop from StagedInProjectMessage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <[email protected]>
---------
Co-authored-by: Claude Opus 4.5 <[email protected]>
|
|
Contributor
📝 WalkthroughWalkthroughAdds AWS Bedrock as an alternative authentication path alongside OAuth across backend and frontend: new Bedrock config/types, validation, secret encryption, env wiring, UI settings, CLI/docs updates, and updates to modules that previously required an OAuth token. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant App as Application Module
participant Auth as core.auth
participant Bedrock as Bedrock Config/Env
participant OAuth as OAuth Token Store
User->>App: Request AI operation
App->>Auth: require_claude_auth()
alt Bedrock enabled
Auth->>Bedrock: validate_bedrock_config()
Bedrock-->>Auth: config valid / warnings
Auth-->>App: return None (use Bedrock)
App->>Bedrock: build/use Bedrock env/credentials
else Bedrock not enabled
Auth->>OAuth: require_auth_token()
OAuth-->>Auth: token or error
Auth-->>App: return token
App->>OAuth: use token for request
end
App-->>User: Return result
sequenceDiagram
participant Spawner as Spawn Process
participant Settings as Settings IPC
participant Encrypt as bedrock-encryption
participant Env as Environment Builder
Spawner->>Settings: Request env for spawn
Settings->>Settings: read bedrockEnabled flag
alt Bedrock enabled
Settings->>Encrypt: decryptBedrockSecrets()
Encrypt-->>Settings: decrypted credentials
Settings->>Env: apply Bedrock env vars (high priority)
else
Settings->>Env: apply OAuth/profile env vars (high priority)
end
Env-->>Spawner: merged environment
Spawner->>Spawner: spawn child process
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🎉 Thanks for your first PR!
A maintainer will review it soon. Please make sure:
- Your branch is synced with
develop - CI checks pass
- You've followed our contribution guide
Welcome to the Auto Claude community!
Contributor
Summary of ChangesHello @CyranoB, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a significant new feature by integrating AWS Bedrock as an alternative authentication method for accessing the Claude API. This provides users with greater flexibility, particularly those who prefer to manage their AI infrastructure within AWS. The changes span both backend and frontend, establishing a robust dual authentication system that prioritizes Bedrock when configured, while maintaining compatibility with the existing OAuth flow. The implementation includes secure handling of AWS credentials, a comprehensive user interface for configuration, and updated documentation to guide users through the new setup process. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This is an excellent and comprehensive pull request that adds AWS Bedrock support as a new authentication method. The changes are well-thought-out, with clear separation of concerns between the backend logic, frontend UI, and security aspects like secret encryption. The new authentication path is integrated carefully to coexist with the existing OAuth flow, and the addition of tests and documentation is much appreciated. The refactoring of the ideation auth hook and its tests also significantly improves code quality. I have one suggestion for a minor refactoring to reduce code duplication in the frontend agent queue.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 22
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
apps/frontend/src/main/agent/agent-queue.ts (1)
281-299: Consider extracting duplicated Bedrock environment logic.This Bedrock-aware environment precedence logic is duplicated in
spawnRoadmapProcess(lines 608-626). Extract a helper function to reduce duplication and ensure consistent behavior.♻️ Suggested refactor
// Add helper function at class level or module scope private buildFinalEnv( processEnv: NodeJS.ProcessEnv, pythonEnv: Record<string, string>, combinedEnv: Record<string, string>, oauthModeClearVars: Record<string, string>, profileEnv: Record<string, string>, apiProfileEnv: Record<string, string | undefined>, combinedPythonPath: string ): Record<string, string | undefined> { const settings = readSettingsFile() as AppSettings | undefined; const isBedrockEnabled = settings?.bedrockEnabled && settings?.bedrockConfig; return { ...processEnv, ...pythonEnv, ...combinedEnv, ...oauthModeClearVars, ...(isBedrockEnabled ? {} : profileEnv), ...apiProfileEnv, ...(isBedrockEnabled ? profileEnv : {}), PYTHONPATH: combinedPythonPath, PYTHONUNBUFFERED: '1', PYTHONUTF8: '1' }; }apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (1)
351-375: Prefer fake timers (orwaitForwith controlled resolution) over realsetTimeoutin tests.
Real timers introduce unnecessary latency and can be flaky under load.Proposed fix
it('should set loading state during manual checkAuth', async () => { + vi.useFakeTimers(); mockCheckSourceToken.mockImplementation( () => new Promise(resolve => { setTimeout(() => resolve({ success: true, data: { hasToken: true } }), 100); }) ); setupStoreState({ profiles: [], activeProfileId: null }); const { result } = renderHook(() => useIdeationAuth()); await waitFor(() => { expect(result.current.isLoading).toBe(false); }); act(() => { result.current.checkAuth(); }); expect(result.current.isLoading).toBe(true); + await vi.advanceTimersByTimeAsync(100); await waitFor(() => { expect(result.current.isLoading).toBe(false); }); + + vi.useRealTimers(); });
🤖 Fix all issues with AI agents
In @.gitignore:
- Around line 169-173: Remove the duplicate "Auto Claude generated files"
comment and consolidate the two entries under a single header; specifically,
keep one "Auto Claude generated files" comment and place both `.security-key`
and `logs/security/` beneath it so the .gitignore has a single, non-redundant
section for those items.
In @apps/backend/.env.example:
- Around line 59-63: Update the comment above
ANTHROPIC_MODEL/ANTHROPIC_SMALL_FAST_MODEL to explicitly show the format
difference between direct API model IDs and Bedrock model identifiers by adding
a brief example: include one direct API model ID (e.g., "claude-3.5:latest") and
the equivalent Bedrock-style ID (e.g., "us.anthropic.claude-3-5:0" or the
existing "us.anthropic.claude-sonnet-4-5-202509-v1:0") so users see the mapping
and know to use the Bedrock full identifier format for these variables
(reference symbols: ANTHROPIC_MODEL and ANTHROPIC_SMALL_FAST_MODEL).
- Around line 41-47: Update the option descriptions to avoid implying
environment restrictions: change the AWS SSO line (currently saying "RECOMMENDED
for interactive/development use") to emphasize the security benefit (e.g.,
"RECOMMENDED — avoids long‑lived credentials; more secure") and remove the
environment limitation, and update the Access Keys line (currently "for CI/CD
and temporary credentials ONLY") to state that access keys can be used in any
environment but you should avoid long‑lived credentials (e.g., "Can be used in
CI/CD or other environments; avoid long‑lived access keys—prefer short‑lived
session tokens").
In @apps/backend/commit_message.py:
- Around line 204-205: The imports at the top are failing Ruff I001; reorder the
import statements and names alphabetically so they satisfy the linter — ensure
the "from core.auth import ensure_claude_code_oauth_token, get_auth_token,
is_bedrock_enabled" and "from core.model_config import get_utility_model_config"
lines are in alphabetical order by module and that the names inside each
from-import are alphabetized; after adjusting, run ruff check --fix
apps/backend/commit_message.py to auto-fix and verify.
In @apps/backend/core/workspace.py:
- Line 1432: The import names on the line importing from core.auth need to be
alphabetized; reorder the symbols so they are in strict alphabetical order
(ensure_claude_code_oauth_token, get_auth_token, is_bedrock_enabled) or split
them one-per-line if your linter prefers multi-line imports, making sure spacing
and commas follow project import style; update the line that currently imports
ensure_claude_code_oauth_token, get_auth_token, is_bedrock_enabled accordingly.
In @apps/backend/merge/ai_resolver/claude_client.py:
- Line 37: The import line with "ensure_claude_code_oauth_token, get_auth_token,
is_bedrock_enabled" is unsorted; reorder the imports to satisfy Ruff's sorting
rules (alphabetical within the import group) and run the formatter/linter;
update the import statement that references ensure_claude_code_oauth_token,
get_auth_token and is_bedrock_enabled so the names are alphabetically ordered
and grouped consistently with other imports in claude_client.py.
In @apps/backend/runners/ai_analyzer/claude_client.py:
- Around line 40-44: Rename the misleading method _validate_oauth_token to a
clearer name such as _validate_authentication or _validate_claude_auth across
the claude_client module; update the method definition, its docstring to reflect
general Claude authentication, and all internal references/call sites that
invoke _validate_oauth_token so they call the new name, and ensure any
imports/tests referencing the old symbol are adjusted to the new symbol to avoid
breakage (the method body should continue to call require_claude_auth()).
In @apps/frontend/src/main/bedrock-encryption.ts:
- Around line 87-102: The current createMaskedBedrockConfig blindly replaces any
non-empty secret with the mask, which hides already-encrypted values and
prevents distinguishing encrypted vs plaintext; change createMaskedBedrockConfig
(and optionally isBedrockSecretMasked) to accept a masking option (e.g.,
maskPlainOnly: boolean) and implement logic that: 1) leaves undefined/empty
values alone, 2) if value === '••••••••' treat as already masked and leave, 3)
if value startsWith('enc:') treat as encrypted and preserve the 'enc:...'
string, and 4) if maskPlainOnly is true (or by default) replace only plaintext
secrets with '••••••••' (otherwise mask everything except
encrypted/empty/already-masked); update callers to pass the option if needed.
- Around line 41-65: encryptBedrockSecrets and decryptBedrockSecrets currently
assume inputs and helper functions succeed; add input validation and error
propagation: for each field in BEDROCK_SECRET_FIELDS check the value is a
non-empty string before calling encryptValue/decryptValue (throw a TypeError or
similar if invalid), wrap each helper call in a try-catch inside
encryptBedrockSecrets/decryptBedrockSecrets, and on error rethrow a new Error
containing contextual information (e.g., "Failed to encrypt field
'awsSecretAccessKey': <orig message>") so callers receive field-level
diagnostics; also add brief JSDoc to both functions describing thrown errors and
validation behavior.
- Around line 87-98: Create a module-level named constant (e.g., MASKED_VALUE)
to replace the duplicated hardcoded mask string '••••••••' used in
createMaskedBedrockConfig and isBedrockSecretMasked; update both functions to
reference this constant instead of the literal so the mask is defined in one
place for maintainability.
- Around line 24-35: The decryptValue function currently swallows decryption
failures and returns an empty string; change it to propagate errors to the
caller instead: remove the console.error call and in the catch block rethrow a
non-sensitive Error (or rethrow the original error) so callers can handle
failures; ensure you still check storedValue.startsWith('enc:') and
safeStorage.isEncryptionAvailable() before calling safeStorage.decryptString,
and reference decryptValue and
safeStorage.decryptString/safeStorage.isEncryptionAvailable when making the
change.
- Around line 12-22: The encryptValue function currently falls back to plaintext
silently; change it to throw a descriptive Error when
safeStorage.isEncryptionAvailable() is false or when encryption fails unless an
explicit allowPlaintextFallback flag is enabled (default false). Add a config
parameter or ENV-driven option (e.g., allowPlaintextFallback) to the module and
check it in encryptValue; if false, throw an Error with context instead of
returning the plaintext. Replace console.warn with calls to your secure audit
logger (not console) to record the failure before throwing, and only if
allowPlaintextFallback is true return plaintext while still emitting an audit
log entry describing the risk.
In @apps/frontend/src/main/updater/path-resolver.ts:
- Around line 82-86: The override existence check should rely only on the marker
file check and deduplicate the marker path: introduce a constant like
BACKEND_MARKER = path.join('runners', 'spec_runner.py') and build overrideMarker
as path.join(overridePath, BACKEND_MARKER); then remove the redundant
existsSync(overridePath) and just return overridePath when
existsSync(overrideMarker) is true, updating other occurrences in this file to
use BACKEND_MARKER to avoid repetition.
In
@apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts:
- Around line 338-340: The test calls the async method
result.current.checkAuth() inside act() without awaiting it, which can let async
state updates escape the act scope; update each call to await
result.current.checkAuth() inside an async act (e.g., await act(async () => {
await result.current.checkAuth(); })), and apply the same change to the other
occurrences around the file (the calls at lines referenced: the blocks using
act() wrapping result.current.checkAuth() at the three locations).
- Around line 401-519: Add a negative test case in useIdeationAuth.test.ts under
the "Bedrock authentication" describe block that mirrors the access-keys
missing-keys test but for authMethod: 'api_key' — call setupSourceToken(false),
setupStoreState with bedrockEnabled: true and bedrockConfig containing
authMethod: 'api_key', awsRegion set (e.g., 'eu-west-1') and
awsBearerTokenBedrock set to '' or omitted, then renderAndWait() and assert
result.current.hasToken is false and mockCheckSourceToken was called; use the
same helpers (setupStoreState, setupSourceToken, renderAndWait,
mockCheckSourceToken) so it parallels the existing negative test patterns.
- Around line 33-59: setupStoreState currently overwrites settings and uses the
wrong type for setState; update setupStoreState to merge bedrock values into the
existing settings (use useSettingsStore.getState() to read current settings and
assign storeState.settings = { ...current.settings, bedrockEnabled:
state.bedrockEnabled, bedrockConfig: state.bedrockConfig }), change the cast to
Partial<ReturnType<typeof useSettingsStore.getState>> when calling
useSettingsStore.setState, and add a beforeEach in the test file to reset the
settings store to its known initial state (call the project’s existing
initial/default state initializer or use the store’s default state) so
Bedrock-related flags don’t leak between tests; apply the same changes to the
other occurrence referenced (lines ~70-93).
In @apps/frontend/src/renderer/components/settings/BedrockSettings.tsx:
- Around line 106-111: The Save and Cancel button labels are hardcoded in the
BedrockSettings component; replace them with i18n translations by using the
project's translation hook/function (e.g., useTranslation()/t) and swap the
literal strings in the Button JSX for translated keys (e.g., t('settings.save')
and t('settings.cancel')), ensuring the translation keys are added to the locale
files and the Button props remain identical; update any imports to include the
translation hook and reference handleSave and handleCancel unchanged.
In @guides/AWS-BEDROCK-SUPPORT-PLAN.md:
- Around line 1-8: Update the document header status from "Draft (v2 - Oracle
Reviewed)" to a completed state (e.g., "Implemented" or "Completed") in the AWS
Bedrock Support for Auto-Claude — Execution Plan file; locate the header block
at the top (the title and metadata section containing "Status:" and "Author:"),
change the Status field to the chosen final state, and ensure the Date/version
metadata remains accurate and the change is noted in the document history or
changelog if one exists.
In @tests/test_auth_bedrock.py:
- Around line 1-9: Remove the ad-hoc sys.path manipulation from
tests/test_auth_bedrock.py and centralize test import path setup; create a
conftest.py at the tests root that performs the same sys.path insertion (or
better, uses pytest_configure to add Path(__file__).parents[1] / "apps" /
"backend" to sys.path) so all tests import core.auth consistently, or instead
add the backend package to test env via pyproject.toml/pythonpath or install the
package in the test environment; update tests/test_auth_bedrock.py to simply
import core.auth as auth_module without modifying sys.path.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (41)
.gitignoreCLAUDE.mdapps/backend/.env.exampleapps/backend/analysis/insight_extractor.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/client.pyapps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/types/project.tsapps/frontend/src/shared/types/settings.tsguides/AWS-BEDROCK-SUPPORT-PLAN.mdguides/CLI-USAGE.mdtests/test_auth_bedrock.pytests/test_sdk_structured_output.py
🧰 Additional context used
📓 Path-based instructions (9)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/rate-limit-detector.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/rate-limit-detector.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/rate-limit-detector.ts
apps/backend/.env*
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/.env*: Enable Electron MCP for E2E testing by settingELECTRON_MCP_ENABLED=truein.envand starting the Electron app withnpm run dev
Configure memory system credentials inapps/backend/.envand validate withgraphiti_config.py
Files:
apps/backend/.env.example
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/workspace.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/spec/compaction.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/simple_client.pyapps/backend/run.pyapps/backend/runners/insights_runner.pyapps/backend/phase_config.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/workspace.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/spec/compaction.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/simple_client.pyapps/backend/run.pyapps/backend/runners/insights_runner.pyapps/backend/phase_config.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/client.pyapps/backend/core/auth.pyapps/backend/core/workspace.pyapps/backend/core/simple_client.py
apps/backend/core/client.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Files:
apps/backend/core/client.py
tests/**
⚙️ CodeRabbit configuration file
tests/**: Ensure tests are comprehensive and follow pytest conventions.
Check for proper mocking and test isolation.
Files:
tests/test_sdk_structured_output.pytests/test_auth_bedrock.py
apps/frontend/src/shared/i18n/locales/**/*.json
📄 CodeRabbit inference engine (CLAUDE.md)
apps/frontend/src/shared/i18n/locales/**/*.json: Store translation strings in namespace-organized JSON files atapps/frontend/src/shared/i18n/locales/{lang}/*.jsonfor each supported language
When implementing new frontend features, add translation keys to all language files (minimum: en/.json and fr/.json)
Files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
🧠 Learnings (11)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/.env.exampleapps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/spec/compaction.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/simple_client.pyapps/backend/run.pyapps/backend/runners/insights_runner.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initialization
Applied to files:
apps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/spec/compaction.pyapps/backend/core/simple_client.pyapps/backend/runners/insights_runner.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/simple_client.pyapps/backend/runners/insights_runner.py
📚 Learning: 2026-01-02T19:30:59.118Z
Learnt from: hluisi
Repo: AndyMik90/Auto-Claude PR: 0
File: :0-0
Timestamp: 2026-01-02T19:30:59.118Z
Learning: In the Claude Agent SDK (Python), PreToolUse hooks receive `cwd` (current working directory) in the `input_data` dictionary parameter, not in the `context` parameter. The hook signature is `async def hook(input_data: dict, tool_use_id: str | None, context: HookContext)` where `input_data["cwd"]` contains the working directory passed from `ClaudeAgentOptions(cwd=...)`. The `context` parameter is reserved for future use and does NOT contain `cwd`.
<!-- <review_comment_addressed>
Applied to files:
apps/backend/core/client.py
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Configure memory system credentials in `apps/backend/.env` and validate with `graphiti_config.py`
Applied to files:
guides/CLI-USAGE.mdapps/backend/run.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Store project-specific data including specs, plans, and QA reports in `.auto-claude/specs/` directory and add to .gitignore
Applied to files:
guides/CLI-USAGE.md.gitignoreCLAUDE.md
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : Store translation strings in namespace-organized JSON files at `apps/frontend/src/shared/i18n/locales/{lang}/*.json` for each supported language
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.json
📚 Learning: 2026-01-10T15:30:12.808Z
Learnt from: taniar88
Repo: AndyMik90/Auto-Claude PR: 883
File: apps/frontend/src/main/agent/agent-process.ts:21-21
Timestamp: 2026-01-10T15:30:12.808Z
Learning: Before adding a new language to AVAILABLE_LANGUAGES, ensure UI translations exist and are complete in apps/frontend/src/shared/i18n/locales. Do not advertise official support for a language until its locale files are fully translated and validated, to avoid user-facing issues.
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
🧬 Code graph analysis (25)
apps/frontend/src/shared/types/settings.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/backend/core/client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(367-392)require_claude_auth(99-105)
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsx (1)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (1)
BedrockSettings(158-425)
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (9)
envConfig(23-23)isLoadingEnv(25-25)envError(26-26)updateEnvConfig(29-29)expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/frontend/src/main/updater/path-resolver.ts (1)
apps/frontend/src/__mocks__/electron.ts (1)
app(8-22)
tests/test_sdk_structured_output.py (1)
apps/backend/core/auth.py (2)
is_bedrock_enabled(59-60)validate_bedrock_config(63-96)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/agent/agent-process.ts (3)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/rate-limit-detector.ts (1)
getProfileEnv(256-321)
apps/frontend/src/main/agent/agent-queue.ts (2)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(395-407)get_auth_token(198-220)is_bedrock_enabled(59-60)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (1)
apps/frontend/src/shared/types/project.ts (1)
ProjectEnvConfig(304-373)
tests/test_auth_bedrock.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(99-105)
apps/backend/core/workspace.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(395-407)get_auth_token(198-220)is_bedrock_enabled(59-60)
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (4)
apps/frontend/src/main/services/profile/profile-service.ts (1)
createProfile(127-178)apps/frontend/src/main/services/profile/index.ts (1)
createProfile(24-24)apps/frontend/src/renderer/stores/settings-store.ts (1)
useSettingsStore(46-296)apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (1)
useIdeationAuth(4-67)
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (1)
apps/frontend/src/main/bedrock-encryption.ts (3)
hasPlaintextBedrockSecrets(77-85)encryptBedrockSecrets(41-52)decryptBedrockSecrets(54-65)
apps/backend/analysis/insight_extractor.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(395-407)get_auth_token(198-220)is_bedrock_enabled(59-60)
apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (5)
expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/backend/integrations/linear/updater.py (2)
apps/backend/core/auth.py (1)
require_claude_auth(99-105)apps/backend/phase_config.py (1)
resolve_model_id(93-128)
apps/backend/cli/utils.py (1)
apps/backend/core/auth.py (3)
get_auth_token(198-220)get_auth_token_source(223-240)is_bedrock_enabled(59-60)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (3)
.design-system/src/components/Input.tsx (1)
Input(4-24)apps/frontend/src/renderer/components/project-settings/index.ts (1)
PasswordInput(19-19)apps/frontend/src/shared/types/project.ts (2)
BedrockConfig(291-301)BedrockAuthMethod(289-289)
apps/backend/spec/compaction.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(99-105)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(99-105)
apps/backend/core/simple_client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(367-392)require_claude_auth(99-105)
apps/backend/runners/insights_runner.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(395-407)get_auth_token(198-220)is_bedrock_enabled(59-60)
apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockAuthMethod(289-289)
🪛 GitHub Actions: Lint
apps/backend/commit_message.py
[error] 204-204: Command 'ruff check apps/backend/ --output-format=github' failed. I001 Import block is un-sorted or un-formatted.
🪛 GitHub Check: python
apps/backend/merge/ai_resolver/claude_client.py
[failure] 37-40: Ruff (I001)
apps/backend/merge/ai_resolver/claude_client.py:37:5: I001 Import block is un-sorted or un-formatted
apps/backend/commit_message.py
[failure] 204-205: Ruff (I001)
apps/backend/commit_message.py:204:5: I001 Import block is un-sorted or un-formatted
apps/backend/core/workspace.py
[failure] 1432-1432: Ruff (I001)
apps/backend/core/workspace.py:1432:13: I001 Import block is un-sorted or un-formatted
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts
Outdated
Show resolved
Hide resolved
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @apps/backend/core/auth.py:
- Around line 44-55: The "AWS Bedrock configuration" comment incorrectly groups
non-Bedrock variables; split and clarify comments above the environment variable
list so each section only describes the variables it contains: leave
Bedrock-specific vars (e.g., "AWS_REGION", "AWS_PROFILE", "AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "AWS_BEARER_TOKEN_BEDROCK", and
"ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION") under an "AWS / Bedrock configuration"
comment, and move or relabel general-purpose entries like
"ANTHROPIC_SMALL_FAST_MODEL" and "DISABLE_PROMPT_CACHING" into a separate
"General model / SDK configuration" comment to accurately reflect scope.
In @apps/frontend/src/main/agent/agent-process.test.ts:
- Line 101: The mock for app.getPath in agent-process.test.ts is
parameter-agnostic and always returns '/fake/user/data', which can hide bugs
when different path names are requested; update the mock for getPath to be
parameter-aware (e.g., implement vi.fn(name => return different fake paths for
'userData', 'appData', 'temp', etc.) so tests behave like Electron's API), or if
you are certain only 'userData' is used, add a clear comment next to the getPath
mock stating the test assumes only getPath('userData') is ever called.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (5)
apps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/workspace.pyapps/backend/merge/ai_resolver/claude_client.pyapps/frontend/src/main/agent/agent-process.test.ts
🧰 Additional context used
📓 Path-based instructions (5)
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/core/workspace.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/commit_message.pyapps/backend/core/auth.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/core/workspace.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/commit_message.pyapps/backend/core/auth.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/workspace.pyapps/backend/core/auth.py
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/main/agent/agent-process.test.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/main/agent/agent-process.test.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/main/agent/agent-process.test.ts
🧠 Learnings (3)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/merge/ai_resolver/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/merge/ai_resolver/claude_client.pyapps/backend/core/auth.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Enable Electron MCP for E2E testing by setting `ELECTRON_MCP_ENABLED=true` in `.env` and starting the Electron app with `npm run dev`
Applied to files:
apps/frontend/src/main/agent/agent-process.test.ts
🧬 Code graph analysis (2)
apps/backend/core/workspace.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(394-406)get_auth_token(197-219)is_bedrock_enabled(58-59)apps/backend/core/workspace/models.py (1)
ParallelMergeResult(43-50)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(394-406)get_auth_token(197-219)is_bedrock_enabled(58-59)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: CodeQL (javascript-typescript)
🔇 Additional comments (10)
apps/backend/commit_message.py (3)
189-201: LGTM: Clean text extraction helper.The helper function correctly extracts text content from AssistantMessage blocks and follows the established pattern of type-name checking used throughout the codebase.
203-217: LGTM: Correct Bedrock authentication integration.The authentication flow correctly supports both OAuth and Bedrock paths:
- Proceeds if either a token exists or Bedrock is enabled
- Only enforces OAuth token when Bedrock is disabled
- Early return is consistent with existing error handling pattern
241-245: LGTM: Performance improvement for response assembly.The refactor from string concatenation to list accumulation is a good performance optimization, especially for longer responses. The use of the new helper function also improves code clarity.
apps/backend/core/auth.py (5)
10-15: LGTM: Standard logging setup.Appropriate addition of logging infrastructure for the new Bedrock authentication features.
58-59: LGTM: Clean Bedrock detection.Simple and correct implementation for detecting Bedrock mode.
62-96: LGTM: Solid Bedrock configuration validation.The validation logic correctly:
- Requires AWS_REGION when Bedrock is enabled
- Ensures credential consistency (access key + secret must both be present)
- Appropriately warns when relying on the default AWS credential chain (instance profiles, etc.)
The warning at lines 91-95 is correct since AWS SDK can discover credentials from the environment (EC2 instance metadata, ECS task roles, etc.).
98-105: LGTM: Clean unified authentication gate.The function correctly abstracts the authentication path selection:
- Validates Bedrock config and returns None when Bedrock is enabled
- Falls back to OAuth token requirement otherwise
This provides a clean API for callers who don't need to know which auth method is in use.
255-282: LGTM: Helpful error messages and correct token enforcement.The updated error messages provide clear guidance for both OAuth and Bedrock authentication paths. The short-circuit in
ensure_claude_code_oauth_token()correctly bypasses token enforcement when Bedrock is enabled.Also applies to: 398-400
apps/backend/merge/ai_resolver/claude_client.py (1)
37-51: LGTM: Consistent Bedrock authentication pattern.The authentication flow matches the pattern used across the codebase:
- Allows authentication via OAuth token OR Bedrock
- Only enforces token when Bedrock is disabled
- Returns empty resolver when authentication unavailable
apps/backend/core/workspace.py (1)
1432-1447: LGTM: Correct Bedrock authentication in async merge.The authentication flow correctly handles both OAuth and Bedrock in the async merge context:
- Checks for token OR Bedrock availability
- Conditionally enforces token only when Bedrock is disabled
- Properly propagates authentication errors via ParallelMergeResult
AndyMik90#765) * refactor(ui): extract shared task form components for consistent modal sizing Create shared components to unify TaskCreationWizard, TaskEditDialog, and TaskDetailModal with consistent full-height modal sizing. New shared components in task-form/: - TaskModalLayout: Full-height modal matching TaskDetailModal (95vw, max-w-5xl) - TaskFormFields: Common form fields (description, title, profile, classification) - ClassificationFields: Task classification 2x2 grid dropdowns - useImageUpload: Hook for image paste/drop handling Benefits: - All 3 task modals now have identical dimensions and positioning - Reduced code duplication (1,938 → 1,651 lines total) - TaskCreationWizard: 1,176 → 623 lines (47% reduction) - TaskEditDialog: 762 → 293 lines (62% reduction) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address PR review feedback for task form components - Fix HIGH: Pass descriptionRef from TaskCreationWizard to TaskFormFields to fix broken @ mention autocomplete positioning - Fix MEDIUM: Add i18n translations for all hardcoded strings in: - ClassificationFields.tsx - TaskFormFields.tsx - TaskModalLayout.tsx - TaskCreationWizard.tsx (modal, draft, buttons, git options) - TaskEditDialog.tsx - Fix MEDIUM: Correct isAutoProfile logic to only set true when profileId === 'auto' (not for all profiles with phase configs) - Fix MEDIUM: Update handleAutocompleteSelect signature to accept optional fullPath parameter - Fix LOW: Add proper setTimeout cleanup in useImageUpload.ts - Fix LOW: Use queueMicrotask instead of setTimeout in handleAutocompleteSelect for cursor position restoration - Fix LOW: Move fetch functions inside useEffect to fix exhaustive-deps warning - Add English and French translations for all new i18n keys 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address all i18n violations and logic bug in task form components i18n Fixes: - Replace hardcoded error messages in TaskCreationWizard with translation keys - Replace hardcoded error messages in TaskEditDialog with translation keys - Use translated default placeholder in TaskFormFields - Internationalize classification dropdown labels (category, priority, complexity, impact) using translation keys instead of hardcoded constants - Add errorMessages parameter to useImageUpload hook for i18n support - Pass translated error messages from TaskFormFields to useImageUpload Logic Bug Fix: - Fix image removal persistence in TaskEditDialog - always set attachedImages to persist removal when all images are deleted (was only set when length > 0) Translation Updates: - Add all missing translation keys to en/tasks.json and fr/tasks.json: - form.errors.* (descriptionRequired, maxImagesReached, etc.) - form.descriptionPlaceholder - form.classification.values.* (all classification option labels) - wizard.descriptionPlaceholder, wizard.errors.* - edit.errors.* Other: - Log image processing errors to console for debugging (CMT-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: address memory leak and performance issues in task form components - Add isMounted flag to useEffect in TaskCreationWizard to prevent state updates after component unmount (CMT-QUALITY-001) - Wrap errorMessages merge in useMemo in useImageUpload to prevent unnecessary useCallback invalidation on re-renders (CMT-PERF-001) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: include phaseModels and phaseThinking in hasChanges check TaskEditDialog's hasChanges logic was missing phaseModels and phaseThinking comparisons, which could cause silent data loss when users only modified phase configuration without changing other fields. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> * fix: preserve phaseModels and phaseThinking when editing non-autoProfile tasks When editing a task with custom model/thinkingLevel that isn't an autoProfile, the dialog was resetting phaseModels and phaseThinking to defaults instead of preserving the task's actual values from metadata. This could cause data loss. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]> --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
from
1937a24 to
6f8c820
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
apps/backend/core/auth.py (2)
10-55: Bedrock/AWS passthrough env var list looks incomplete (likely missing AWS_ROLE_ARN + AWS_DEFAULT_REGION).PR objectives mention
AWS_ROLE_ARN, butSDK_ENV_VARSdoesn’t include it, so the SDK subprocess may never see it. Also consider supportingAWS_DEFAULT_REGIONalongsideAWS_REGION(many AWS tools/SDKs use either).Proposed fix
SDK_ENV_VARS = [ @@ # AWS Bedrock configuration "CLAUDE_CODE_USE_BEDROCK", "AWS_REGION", + "AWS_DEFAULT_REGION", "AWS_PROFILE", + "AWS_ROLE_ARN", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", "AWS_BEARER_TOKEN_BEDROCK", @@ ]
284-311: Windows guidance is inaccurate: code reads credential files, not Credential Manager.
_get_token_from_windows_credential_files()reads JSON files under%USERPROFILE%/.claudeand%LOCALAPPDATA%/..., but the error message says “saved to Windows Credential Manager” (Line 302). That will mislead debugging.Proposed fix
elif system == "Windows": error_msg += ( "To authenticate:\n" " 1. Run: claude setup-token\n" - " 2. The token will be saved to Windows Credential Manager\n\n" + " 2. The token will be saved to Claude credential files\n\n" "If auto-detection fails, set CLAUDE_CODE_OAUTH_TOKEN in your .env file.\n" "Check: %LOCALAPPDATA%\\Claude\\credentials.json" )apps/backend/commit_message.py (1)
203-249: Bedrock path skips config validation; consider calling require_claude_auth() to fail fast with actionable errors.Right now, if Bedrock is enabled but misconfigured (e.g., missing region), this function will proceed until a later failure (likely inside the SDK) and then return
""with a generic error. Callingrequire_claude_auth()upfront would reuse the new validation and yield clearer diagnostics.Also: docstring says “Call Claude API” but this is Claude SDK.
Proposed fix
async def _call_claude(prompt: str) -> str: - """Call Claude API to generate commit message.""" + """Call Claude SDK to generate commit message.""" from core.auth import ( ensure_claude_code_oauth_token, get_auth_token, is_bedrock_enabled, + require_claude_auth, ) @@ if not get_auth_token() and not is_bedrock_enabled(): logger.warning("No authentication token found") return "" + # Validate auth/config early (OAuth token presence or Bedrock config correctness). + require_claude_auth() + if not is_bedrock_enabled(): ensure_claude_code_oauth_token()
🤖 Fix all issues with AI agents
In @apps/backend/commit_message.py:
- Around line 189-201: The function _extract_text_from_message currently relies
on type name checks ("AssistantMessage"/"TextBlock"); change it to use duck
typing: ensure msg has a .content attribute that is iterable (e.g., hasattr(msg,
"content") and isinstance(msg.content, (list, tuple))) then iterate msg.content
and for each block append block.text only if hasattr(block, "text"); remove
string equality on type names so the function works across SDK versions while
still returning the concatenated text parts as before.
In @apps/backend/core/auth.py:
- Around line 58-66: The is_bedrock_enabled function currently checks
CLAUDE_CODE_USE_BEDROCK strictly against the string "1"; change it to normalize
the env var (strip whitespace, lowercase) and compare against a set of common
truthy values like {"1", "true", "yes", "y", "t"} so values such as "True", "
YES ", or "1" all enable Bedrock; update only the logic inside
is_bedrock_enabled to read os.environ.get("CLAUDE_CODE_USE_BEDROCK"), normalize
it, and return True if it matches any member of that truthy set, otherwise
False.
In @apps/backend/runners/ai_analyzer/claude_client.py:
- Around line 38-45: The authentication check only calls require_claude_auth()
but doesn't set the CLAUDE_CODE_OAUTH_TOKEN env var for the SDK subprocess;
update _validate_authentication to, after require_claude_auth(), call
ensure_claude_code_oauth_token() when is_bedrock_enabled() is false (i.e., if
not is_bedrock_enabled(): ensure_claude_code_oauth_token()). Also replace any
direct ClaudeSDKClient(...) instantiation in this module with the centralized
factory create_client() from apps/backend/core/client.py so the factory handles
auth and env setup consistently.
In @apps/frontend/src/main/ipc-handlers/settings-handlers.ts:
- Around line 186-194: On decryption failure in the catch block around
decryptBedrockSecrets, clear the unusable encrypted payload so the rest of the
app/UI knows reconfiguration is required: inside the catch for
decryptBedrockSecrets assign settings.bedrockConfig = undefined (or null) and
keep the error log; this ensures callers receiving the settings object won't get
an encrypted bedrockConfig and will prompt the user to re-enter secrets.
In @apps/frontend/src/renderer/components/settings/BedrockSettings.tsx:
- Around line 85-90: Replace the hardcoded button labels in the BedrockSettings
component with i18n translation keys: use the translation hook (t) to render the
labels for the Change and Clear buttons where handleStartEdit and handleClear
are used (e.g., t('common:buttons.change') and t('common:buttons.clear')), and
ensure those keys exist in the translation files (e.g., en/common.json and
fr/common.json); keep the Button props (variant/size/onClick) unchanged.
- Around line 337-344: Replace the masked PasswordInput used for the AWS Access
Key ID with a regular Input to allow users to see and verify the value;
specifically, in the component where PasswordInput is rendered for
bedrockConfig.awsAccessKeyId, swap PasswordInput for Input and keep the same
placeholder, value binding (bedrockConfig.awsAccessKeyId || ''), and onChange
handler (handleUpdateBedrockConfig) so the label (Label) and update flow remain
unchanged.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (6)
apps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsx
🧰 Additional context used
📓 Path-based instructions (5)
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/auth.pyapps/backend/commit_message.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/auth.pyapps/backend/commit_message.py
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/settings-handlers.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/settings-handlers.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/settings-handlers.ts
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/auth.py
🧠 Learnings (6)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/auth.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/runners/ai_analyzer/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx,jsx} : Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
🧬 Code graph analysis (4)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (1)
apps/frontend/src/main/bedrock-encryption.ts (3)
hasPlaintextBedrockSecrets(99-107)encryptBedrockSecrets(49-65)decryptBedrockSecrets(71-87)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
🔇 Additional comments (13)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (1)
159-426: Overall implementation looks solid.The component follows React best practices:
- ✅ Proper TypeScript typing with readonly interfaces
- ✅ Appropriate use of
useStateanduseCallbackfor state management- ✅ Accessible markup with proper label associations and ARIA-compliant controls
- ✅ Translation keys used throughout (except the two buttons flagged separately)
- ✅ Security-conscious design with
SecretFieldInputfor sensitive values- ✅ Good UX with expand/collapse, auto-expand on enable, and clear field management
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (3)
19-23: LGTM: Clean imports for Bedrock encryption.The imports are well-organized and bring in the necessary encryption utilities for handling Bedrock secrets throughout the settings lifecycle.
153-162: LGTM: Dev mode auto-detection with helpful warning.The updated logic correctly prioritizes local development paths in dev mode and provides a clear warning when the detected path differs from the saved configuration. This improves the developer experience.
230-238: LGTM: Secure encryption before persistence.The implementation correctly encrypts Bedrock secrets before writing to disk and fails fast with a clear error message if encryption is unavailable. The underlying
encryptBedrockSecretsfunction safely handles already-encrypted values.apps/frontend/src/main/bedrock-encryption.ts (6)
4-8: Verify exclusion of awsAccessKeyId from encrypted fields.The
BEDROCK_SECRET_FIELDSarray includesawsSecretAccessKey,awsSessionToken, andawsBearerTokenBedrockbut excludesawsAccessKeyId. While AWS access key IDs are less sensitive than secret keys (they're visible in IAM console and often appear in logs), they're still considered sensitive credentials in many security frameworks.Was the exclusion of
awsAccessKeyIdan intentional design decision? If so, please add a comment explaining the rationale. If not, consider adding it to the encrypted fields list.
12-12: LGTM: Standard masking value for UI display.The masked value
'••••••••'is a clear visual indicator for hidden secrets in the UI. TheisBedrockSecretMaskedfunction uses this to detect whether users have modified a previously saved secret.
18-39: LGTM: Robust encryption/decryption with proper error handling.The implementation correctly:
- Checks encryption availability before attempting operations
- Uses Electron's
safeStorageAPI (platform-appropriate encryption)- Prefixes encrypted values with
'enc:'for easy identification- Throws clear errors on failure
- Handles plaintext fallback in
decryptValue(line 32) as a safety measure
49-87: LGTM: Well-designed encrypt/decrypt functions.Both functions demonstrate excellent practices:
- Immutability: Return new config objects without mutating inputs
- Idempotency: Skip fields already in the target state (encrypted/decrypted)
- Error context: Include field names in error messages for easier debugging
- Type safety: Proper TypeScript typing with readonly array and type inference
89-107: LGTM: Clear utility functions for encryption state checks.These functions provide clean boolean checks for determining the encryption state of Bedrock secrets, enabling the migration logic in
settings-handlers.tsto work correctly.
109-124: LGTM: Effective masking utilities for secure UI display.The masking functions provide a clean way to:
- Display Bedrock config in the UI without exposing secrets (line 115)
- Detect whether users have modified previously saved secrets (line 123)
The immutable pattern (returning new objects) is maintained consistently.
apps/backend/core/auth.py (3)
423-435: No action needed. Theensure_claude_code_oauth_token()function correctly early-returns when Bedrock is enabled. The claude-agent-sdk does not requireCLAUDE_CODE_OAUTH_TOKENin Bedrock mode—it uses AWS credentials instead. The code implementation matches the SDK's expected behavior.
68-112: AWS_REGION requirement is correct; AWS_ROLE_ARN is not supported by the SDK design.The
validate_bedrock_config()implementation is correct. The claude-agent-sdk explicitly requiresAWS_REGIONto be set as an environment variable and does not read it from~/.aws/config, so the hard requirement is necessary and intentional.Regarding
AWS_ROLE_ARN: the SDK does not support it as a direct credential method. When assuming roles, users must first assume the role separately (via AWS CLI or other tooling) and then export the resulting temporary credentials asAWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, andAWS_SESSION_TOKEN. The current code correctly validates these credential paths.
114-134: All call sites properly handle thestr | Nonereturn value.The function is safe to use in Bedrock mode. Call sites that capture the return value explicitly check for
None(apps/backend/core/simple_client.py:67, apps/backend/core/client.py:485). Call sites that don't capture the return value are validation-only calls that don't consume the token. Tests confirm both Bedrock (None) and OAuth (string token) paths work correctly.
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
2 times, most recently
from
d74bf40 to
b7d3747
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 16
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
apps/backend/core/workspace.py (1)
432-447: Bedrock authentication integration is functionally correct, but error message could be clearer.The authentication logic properly gates on either OAuth token or Bedrock being enabled. The conditional OAuth token setup (lines 446-447) correctly skips token enforcement when Bedrock is active.
However, the error message at line 443 says "No authentication token available" when the actual condition is "No authentication available (neither OAuth token nor Bedrock)". Consider clarifying the message to reflect both authentication paths.
📝 Optional: More accurate error message
if not get_auth_token() and not is_bedrock_enabled(): return ParallelMergeResult( file_path=task.file_path, merged_content=None, success=False, - error="No authentication token available", + error="No authentication available (OAuth token or Bedrock required)", )apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
12-46: Prop-surface expansion is straightforward; keep the auth prop types centralized if possible.apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (1)
21-48: AlignhandleClaudeSetuptype with upstream (Promise<void>) to avoid drift.
SectionRouterPropshashandleClaudeSetup: () => Promise<void>; keeping it as() => voidhere can hide missingawait/error handling expectations inClaudeAuthSection.Proposed fix
- handleClaudeSetup: () => void; + handleClaudeSetup: () => Promise<void>;
🤖 Fix all issues with AI agents
In @.gitignore:
- Around line 172-173: Remove the duplicate "# Auto Claude generated files"
header and place the "logs/security/" entry under the existing single header;
specifically, delete the second header instance and move or add the
"logs/security/" line beneath the first "# Auto Claude generated files" header
so there is only one header followed by its related entries.
In @apps/backend/commit_message.py:
- Around line 189-200: Replace fragile string-based type checks in
_extract_text_from_message by using isinstance(): import or reference the
AssistantMessage class and check `isinstance(msg, AssistantMessage)` instead of
comparing type(msg).__name__, and for iterating blocks use `isinstance(block,
TextBlock)` (or the appropriate block class) before accessing block.text; this
ensures robust type checking and avoids relying on name strings while preserving
the existing behavior of returning "" for non-matching messages and
concatenating TextBlock.text values.
In @apps/frontend/src/main/agent/agent-queue.ts:
- Around line 21-62: The code calls readSettingsFile() inside buildSpawnEnv
without handling failures; change buildSpawnEnv to accept an optional
AppSettings parameter (e.g., settings?: AppSettings) passed from the caller to
avoid file I/O here, and if that param is not provided, wrap readSettingsFile()
in a try/catch and handle errors defensively (log or return a safe default) so
isBedrockEnabled is computed reliably; update references to readSettingsFile,
isBedrockEnabled, and the buildSpawnEnv signature accordingly and ensure callers
pass the settings when available to improve testability.
In @apps/frontend/src/main/ipc-handlers/env-handlers.ts:
- Around line 151-182: When updating Bedrock env vars in the block that reads
config.bedrockConfig, ensure you remove keys when the incoming value is
empty/undefined as well as when authMethod changes: for example, if
bc.awsProfile is falsy delete existingVars[BEDROCK_ENV_KEYS.PROFILE]; if
bc.awsAccessKeyId/awsSecretAccessKey/awsSessionToken/awsBearerTokenBedrock are
falsy delete their corresponding BEDROCK_ENV_KEYS entries; likewise delete MODEL
and SMALL_MODEL when bc.anthropicModel or bc.anthropicSmallFastModel are falsy,
and treat config.bedrockEnabled === false by deleting BEDROCK_ENV_KEYS.ENABLED —
update the logic around existingVars and the bc.* checks so empty
strings/null/undefined explicitly remove the stale keys.
- Around line 276-304: The OAuth token is being erased when Bedrock is enabled
because oauthLine currently emits a commented empty CLAUDE_CODE_OAUTH_TOKEN;
change oauthLine so that when bedrockEnabled is true it still emits a commented
CLAUDE_CODE_OAUTH_TOKEN line containing the
existingVars['CLAUDE_CODE_OAUTH_TOKEN'] value (if present) instead of an empty
value, referencing BEDROCK_ENV_KEYS.ENABLED and the oauthLine variable so
toggling back preserves the token.
- Around line 469-504: The code marks config.claudeAuthStatus as 'authenticated'
whenever REGION and any of PROFILE, ACCESS_KEY_ID, or BEARER_TOKEN exist, but
for the access_keys authMethod you must require both AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY; update the check that computes hasBedrockCreds to require
both vars[BEDROCK_ENV_KEYS.ACCESS_KEY_ID] and
vars[BEDROCK_ENV_KEYS.SECRET_ACCESS_KEY] when authMethod === 'access_keys'
(e.g., compute hasAccessKeys = Boolean(vars[ACCESS_KEY_ID] &&
vars[SECRET_ACCESS_KEY]) and then set hasBedrockCreds = Boolean(vars[PROFILE] ||
vars[BEARER_TOKEN] || hasAccessKeys)), then keep the existing logic that sets
config.claudeAuthStatus ('authenticated' if hasRegion && hasBedrockCreds, else
'token_set' if hasRegion || hasBedrockCreds) so the UI won’t show authenticated
when secret key is missing; reference BEDROCK_ENV_KEYS, authMethod,
config.bedrockConfig, hasBedrockCreds, and config.claudeAuthStatus.
In @apps/frontend/src/main/rate-limit-detector.ts:
- Around line 323-346: getBedrockEnvVars currently sets CLAUDE_CODE_USE_BEDROCK
but silently omits AWS_REGION, causing failures; update
getBedrockEnvVars(BedrockConfig) to validate that config.awsRegion is present
and, if missing, throw a clear error (e.g. "AWS_REGION is required when Bedrock
is enabled") or at minimum log a fatal error before returning so callers know
configuration is invalid; ensure the error message references
CLAUDE_CODE_USE_BEDROCK/AWS_REGION and keep the rest of the env population logic
unchanged.
- Around line 257-266: Wrap the readSettingsFile() call in a try-catch inside
the getProfileEnv flow: call readSettingsFile() in the try block, assign to
settings, and if any error is thrown catch it, log a warning (including the
error) and continue without returning so the function falls back to OAuth
profile authentication; keep the existing Bedrock logic (decryptBedrockSecrets,
getBedrockEnvVars, bedrockEnv) unchanged but only execute it when settings was
successfully read.
In @apps/frontend/src/main/updater/path-resolver.ts:
- Around line 58-62: The early return when isDev is true prevents the later
override and settings logic from running; remove that immediate return and
instead treat getBundledSourcePath() as the final fallback: keep the isDev flag
but proceed to run the settings check (the settings reading logic) and the
override path check (the backend-source override directory logic), and only
return getBundledSourcePath() if no override or settings-provided path is found;
ensure references to isDev, getBundledSourcePath, the override 'backend-source'
check, and the settings lookup remain intact and are evaluated before falling
back.
In @apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx:
- Around line 130-151: expandedSections.claude may be undefined and is being
passed to the controlled prop isExpanded on ClaudeAuthSection; coerce it to a
boolean (for example using !!expandedSections.claude or a fallback like
expandedSections.claude ?? false) when calling ClaudeAuthSection and ensure the
toggleSection('claude') call still receives the same key; update the isExpanded
prop in the JSX (ClaudeAuthSection) to use the boolean coercion so it never
receives undefined at runtime.
In @apps/frontend/src/renderer/components/settings/BedrockSettings.tsx:
- Around line 85-90: Replace the hardcoded "Change" and "Clear" labels in the
BedrockSettings component with i18n translation keys: update the two Button
components (the ones using onClick={handleStartEdit} and onClick={handleClear})
to render translated text via the project's i18n helper (e.g.,
t('buttons.change') and t('buttons.clear')), and add the corresponding keys to
the locales (en/common.json and fr/common.json) under "buttons". Ensure you
import/use the i18n hook or function currently used in this file (e.g.,
useTranslation or t) so the buttons display the translated strings.
- Around line 213-236: The collapsible header button in BedrockSettings is
missing focus-visible styling: update the button element that uses
onClick={handleToggleExpanded} (the one wrapping Settings2, statusLabel, the
Switch and Chevron icons) to include the classes "focus-visible:outline-none
focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2" in its
className so keyboard focus is visible and matches other controls (the Switch
already stops propagation with onClick and no additional keyboard handling is
required).
In @apps/frontend/src/shared/i18n/locales/en/settings.json:
- Around line 315-330: The French locale is missing translations for several new
general settings keys; add entries for authentication, autoBuildIntegration,
notInitialized, initializeDescription, initializing, initialize, initialized,
checkingStatus, agentConfiguration, model, notificationsTitle,
notifyOnTaskComplete, notifyOnTaskFailed, notifyOnReviewNeeded, and notifySound
to fr/settings.json with appropriate French strings (preferably mirror the
English meaning), ensuring keys exactly match those in the en/settings.json
snippet so the app picks them up.
In @apps/frontend/src/shared/types/project.ts:
- Around line 289-301: Replace the plain string for awsRegion with a typed union
to provide IDE autocomplete while allowing future regions: add an exported type
AwsRegion = 'us-east-1' | 'us-east-2' | 'us-west-2' | 'eu-west-1' | ... (include
the specific regions used in BedrockSettings.tsx) with a fallback union arm of
(string & {}) to permit unknown regions, then change BedrockConfig.awsRegion:
string to awsRegion: AwsRegion so BedrockConfig and BedrockSettings.tsx share
the same region set and get stronger typing/autocomplete.
In @guides/AWS-BEDROCK-SUPPORT-PLAN.md:
- Around line 1-1026: Summary: The guide is approved but reviewer suggested
optionally reorganizing long-term documentation (keep in guides/, move to docs/,
or extract an ADR). Action: Decide which location to use for the finalized
Bedrock integration content (retain guides/AWS-BEDROCK-SUPPORT-PLAN.md, move it
to docs/, or split into a user-facing summary + ADR), then update references and
navigation accordingly (e.g., update README, docs index, and any internal links
that point to guides/AWS-BEDROCK-SUPPORT-PLAN.md), and if you choose ADR create
a short ADR file (e.g., docs/adr/000X-bedrock-integration.md) capturing the
Decisions section; ensure any CI or mkdocs/site config that indexes docs is
updated to include the new path.
In @tests/test_auth_bedrock.py:
- Around line 19-27: Rename the test function
test_require_claude_auth_bedrock_returns_none to a more descriptive name such as
test_require_claude_auth_bedrock_uses_default_credential_chain and add a
one-line docstring explaining it validates that when Bedrock is enabled with
AWS_REGION set and no explicit AWS credentials the code logs a warning in
validate_bedrock_config and falls back to the default AWS credential chain
returning None; keep the existing monkeypatch setup and assertion unchanged and
reference the validate_bedrock_config behavior in the docstring for clarity.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (42)
.gitignoreCLAUDE.mdapps/backend/.env.exampleapps/backend/analysis/insight_extractor.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/client.pyapps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/types/project.tsapps/frontend/src/shared/types/settings.tsguides/AWS-BEDROCK-SUPPORT-PLAN.mdguides/CLI-USAGE.mdtests/test_auth_bedrock.pytests/test_sdk_structured_output.py
🧰 Additional context used
📓 Path-based instructions (9)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/core/simple_client.pyapps/backend/cli/utils.pyapps/backend/core/workspace.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/commit_message.pyapps/backend/spec/compaction.pyapps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/run.pyapps/backend/runners/insights_runner.pyapps/backend/cli/main.pyapps/backend/core/auth.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/core/simple_client.pyapps/backend/cli/utils.pyapps/backend/core/workspace.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/commit_message.pyapps/backend/spec/compaction.pyapps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/run.pyapps/backend/runners/insights_runner.pyapps/backend/cli/main.pyapps/backend/core/auth.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/core/client.pyapps/backend/core/auth.py
tests/**
⚙️ CodeRabbit configuration file
tests/**: Ensure tests are comprehensive and follow pytest conventions.
Check for proper mocking and test isolation.
Files:
tests/test_sdk_structured_output.pytests/test_auth_bedrock.py
apps/backend/core/client.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Files:
apps/backend/core/client.py
apps/frontend/src/shared/i18n/locales/**/*.json
📄 CodeRabbit inference engine (CLAUDE.md)
apps/frontend/src/shared/i18n/locales/**/*.json: Store translation strings in namespace-organized JSON files atapps/frontend/src/shared/i18n/locales/{lang}/*.jsonfor each supported language
When implementing new frontend features, add translation keys to all language files (minimum: en/.json and fr/.json)
Files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
apps/backend/.env*
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/.env*: Enable Electron MCP for E2E testing by settingELECTRON_MCP_ENABLED=truein.envand starting the Electron app withnpm run dev
Configure memory system credentials inapps/backend/.envand validate withgraphiti_config.py
Files:
apps/backend/.env.example
🧠 Learnings (15)
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/core/simple_client.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/spec/compaction.pyapps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/run.pyapps/backend/.env.exampleapps/backend/runners/insights_runner.pyapps/backend/core/auth.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initialization
Applied to files:
apps/backend/core/simple_client.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/spec/compaction.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/integrations/linear/updater.pyapps/backend/runners/insights_runner.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/core/simple_client.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/runners/insights_runner.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx,jsx} : Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx} : Use `useTranslation()` hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Enable Electron MCP for E2E testing by setting `ELECTRON_MCP_ENABLED=true` in `.env` and starting the Electron app with `npm run dev`
Applied to files:
apps/frontend/src/main/agent/agent-process.test.ts
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Configure memory system credentials in `apps/backend/.env` and validate with `graphiti_config.py`
Applied to files:
guides/CLI-USAGE.md
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Store project-specific data including specs, plans, and QA reports in `.auto-claude/specs/` directory and add to .gitignore
Applied to files:
guides/CLI-USAGE.md.gitignoreCLAUDE.md
📚 Learning: 2026-01-02T19:30:59.118Z
Learnt from: hluisi
Repo: AndyMik90/Auto-Claude PR: 0
File: :0-0
Timestamp: 2026-01-02T19:30:59.118Z
Learning: In the Claude Agent SDK (Python), PreToolUse hooks receive `cwd` (current working directory) in the `input_data` dictionary parameter, not in the `context` parameter. The hook signature is `async def hook(input_data: dict, tool_use_id: str | None, context: HookContext)` where `input_data["cwd"]` contains the working directory passed from `ClaudeAgentOptions(cwd=...)`. The `context` parameter is reserved for future use and does NOT contain `cwd`.
<!-- <review_comment_addressed>
Applied to files:
apps/backend/core/client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/spec_agents/**/*.py : Implement multi-phase spec creation pipeline with complexity-based phase selection (SIMPLE: 3 phases, STANDARD: 6-7 phases, COMPLEX: 8 phases)
Applied to files:
apps/backend/phase_config.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : Store translation strings in namespace-organized JSON files at `apps/frontend/src/shared/i18n/locales/{lang}/*.json` for each supported language
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.json
📚 Learning: 2026-01-10T15:30:12.808Z
Learnt from: taniar88
Repo: AndyMik90/Auto-Claude PR: 883
File: apps/frontend/src/main/agent/agent-process.ts:21-21
Timestamp: 2026-01-10T15:30:12.808Z
Learning: Before adding a new language to AVAILABLE_LANGUAGES, ensure UI translations exist and are complete in apps/frontend/src/shared/i18n/locales. Do not advertise official support for a language until its locale files are fully translated and validated, to avoid user-facing issues.
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
🧬 Code graph analysis (22)
apps/frontend/src/shared/types/settings.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/backend/core/simple_client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(395-420)require_claude_auth(114-133)
apps/backend/cli/utils.py (1)
apps/backend/core/auth.py (3)
get_auth_token(226-248)get_auth_token_source(251-268)is_bedrock_enabled(58-65)
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (3)
apps/frontend/src/main/services/profile/index.ts (1)
createProfile(24-24)apps/frontend/src/renderer/stores/settings-store.ts (1)
useSettingsStore(46-296)apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (1)
useIdeationAuth(4-67)
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (9)
envConfig(23-23)isLoadingEnv(25-25)envError(26-26)updateEnvConfig(29-29)expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockAuthMethod(289-289)
apps/backend/core/workspace.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)apps/backend/core/workspace/models.py (1)
ParallelMergeResult(43-50)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
apps/frontend/src/main/agent/agent-queue.ts (2)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (1)
apps/frontend/src/main/bedrock-encryption.ts (3)
hasPlaintextBedrockSecrets(99-107)encryptBedrockSecrets(49-65)decryptBedrockSecrets(71-87)
apps/backend/spec/compaction.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/core/client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(395-420)require_claude_auth(114-133)
tests/test_auth_bedrock.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/merge/ai_resolver/claude_client.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/updater/path-resolver.ts (1)
apps/frontend/src/__mocks__/electron.ts (1)
app(8-22)
apps/backend/analysis/insight_extractor.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
apps/backend/integrations/linear/updater.py (2)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)apps/backend/phase_config.py (1)
resolve_model_id(93-128)
apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (1)
apps/frontend/src/shared/types/project.ts (1)
ProjectEnvConfig(304-373)
apps/backend/runners/insights_runner.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (5)
expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
🔇 Additional comments (54)
CLAUDE.md (1)
62-64: LGTM!The documentation clearly presents AWS Bedrock as an alternative authentication method, providing users with the necessary environment variables for setup.
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.ts (1)
107-107: LGTM!The addition of the Bedrock section to
expandedSectionsfollows the established pattern for other collapsible sections and correctly initializes to a collapsed state.apps/frontend/src/main/agent/agent-process.test.ts (1)
100-101: LGTM!The addition of the
getPathmock is appropriate for testing code that accesses Electron's user data directory, likely used by the Bedrock encryption feature.apps/backend/integrations/linear/updater.py (1)
116-124: Add Bedrock compatibility check to match established patterns.The code calls
ensure_claude_code_oauth_token()unconditionally, whileensure_claude_code_oauth_token()already handles Bedrock mode safely by returning early. However, this inconsistently differs from the established pattern used throughout the codebase (commit_message.py,insights_runner.py,merge/ai_resolver/,analysis/insight_extractor.py,core/workspace.py), whereif not is_bedrock_enabled():guards the call. Update the Linear updater to match the standard pattern:require_claude_auth() if not is_bedrock_enabled(): ensure_claude_code_oauth_token()⛔ Skipped due to learnings
Learnt from: CR Repo: AndyMik90/Auto-Claude PR: 0 File: CLAUDE.md:0-0 Timestamp: 2025-12-30T16:38:36.314Z Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directlyLearnt from: CR Repo: AndyMik90/Auto-Claude PR: 0 File: CLAUDE.md:0-0 Timestamp: 2025-12-30T16:38:36.314Z Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initializationLearnt from: CR Repo: AndyMik90/Auto-Claude PR: 0 File: CLAUDE.md:0-0 Timestamp: 2025-12-30T16:38:36.314Z Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)apps/backend/analysis/insight_extractor.py (2)
33-33: LGTM: Bedrock authentication import added.The import of
is_bedrock_enabledcorrectly adds support for the new Bedrock authentication path. Based on learnings, this follows the established pattern of using auth helpers fromapps/backend/core/auth.py.
355-360: LGTM: Bedrock-aware authentication gating implemented correctly.The dual-path authentication logic is well-structured:
- Line 355: Allows proceeding if either OAuth token exists OR Bedrock is enabled
- Lines 359-360: Only ensures OAuth token setup when Bedrock is not enabled
This pattern correctly implements the conditional authentication requirement described in the PR objectives.
apps/backend/.env.example (1)
18-68: LGTM: Comprehensive Bedrock configuration documentation.The new AWS Bedrock integration section provides clear, well-structured documentation covering:
- Authentication priority (Bedrock takes priority when enabled)
- Three authentication methods (SSO profile, access keys, API key) with security guidance
- Required vs optional configuration
- Model overrides specific to Bedrock
The warnings about avoiding long-lived credentials and the explicit note that region must be set (not read from ~/.aws/config) are particularly helpful.
apps/backend/cli/main.py (1)
78-87: LGTM: CLI help text updated for Bedrock authentication.The updated documentation correctly reflects the dual authentication paths:
- OAuth via
claude setup-tokenand CLAUDE_CODE_OAUTH_TOKEN- Bedrock via CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION
The conditional phrasing ("required unless Bedrock enabled") accurately represents the new authentication logic implemented across the backend.
apps/frontend/src/main/rate-limit-detector.ts (1)
323-346: No duplication ofgetBedrockEnvVarsexists. The function is defined only once at line 323 and called once at line 261 in the same file.apps/frontend/src/main/agent/agent-process.ts (1)
426-443: LGTM! Bedrock precedence logic implemented correctly.The conditional environment variable ordering ensures Bedrock variables take highest priority when enabled, while maintaining backward compatibility with OAuth-only setups. The defensive check for both
bedrockEnabledandbedrockConfigis appropriate.apps/backend/core/simple_client.py (1)
67-71: Correctly implements Bedrock-aware authentication pattern.The change from
require_auth_token()torequire_claude_auth()properly supports both authentication modes:
- OAuth mode: Sets
CLAUDE_CODE_OAUTH_TOKENfrom the returned token- Bedrock mode: Returns
None, allowing AWS credentials to pass through viaget_sdk_env_vars()This matches the implementation pattern documented in the AWS-BEDROCK-SUPPORT-PLAN.md and aligns with the changes in
core/client.py.apps/frontend/src/main/bedrock-encryption.ts (1)
1-125: Well-implemented encryption utilities with good security practices.The use of Electron's
safeStorageAPI provides OS-level encryption, and the implementation correctly:
- Checks encryption availability before operations
- Uses base64 encoding with a clear prefix for identification
- Provides per-field error context for debugging
- Includes masking utilities for UI display
- Avoids exposing sensitive data in error messages
💡 Optional: Consider adding JSDoc for exported constants
For better developer experience, consider adding JSDoc comments for the exported constants:
+/** + * Fields in BedrockConfig that contain sensitive credentials and should be encrypted. + * These fields will be encrypted at rest using Electron's safeStorage API. + */ const BEDROCK_SECRET_FIELDS = [ 'awsSecretAccessKey', 'awsSessionToken', 'awsBearerTokenBedrock' ] as const; +/** + * Placeholder value displayed in UI when a secret field is masked. + * Used to indicate a secret exists without revealing its value. + */ const MASKED_VALUE = '••••••••';Likely an incorrect or invalid review comment.
apps/backend/spec/compaction.py (1)
12-12: LGTM! Authentication migration is correct.The migration from
require_auth_tokentorequire_claude_authcorrectly implements the dual-path authentication pattern (OAuth or Bedrock). The function is used here only for validation, so not capturing the return value is appropriate.Also applies to: 37-37
apps/backend/run.py (1)
28-30: LGTM! Documentation accurately reflects dual authentication.The updated prerequisites section clearly documents both OAuth and Bedrock authentication paths, helping users understand their options.
apps/backend/phase_config.py (1)
99-113: LGTM! Global model override properly prioritized for Bedrock.The addition of
ANTHROPIC_MODELas the highest-priority override is well-implemented. The early return at line 112 ensures the global override takes precedence over all other model selection logic, which is exactly what's needed for Bedrock deployments where model IDs may differ from the standard Claude API.apps/frontend/src/renderer/components/settings/IntegrationSettings.tsx (1)
32-32: LGTM! Bedrock settings component properly integrated.The
BedrockSettingscomponent is correctly imported and rendered within the API Keys section. Props are properly passed through for settings management. The integration follows the existing UI composition patterns in this file.Also applies to: 765-766
apps/backend/core/client.py (2)
137-137: LGTM: Import updated for unified authentication.The import change from
require_auth_tokentorequire_claude_authcorrectly adopts the new authentication abstraction that supports both OAuth and Bedrock paths.Based on learnings, this aligns with the established pattern of using centralized authentication functions from
core.auth.
485-487: LGTM: Correct handling of Bedrock authentication path.The conditional token assignment properly handles both authentication methods:
- OAuth path:
require_claude_auth()returns token string → setsCLAUDE_CODE_OAUTH_TOKEN- Bedrock path:
require_claude_auth()returnsNone→ skips token env var, SDK uses AWS credentialsThis implementation correctly follows the authentication contract defined in
core/auth.py.apps/backend/merge/ai_resolver/claude_client.py (2)
37-41: LGTM: Import additions support Bedrock authentication.The added imports
is_bedrock_enabledand updatedget_auth_tokenimport enable the dual authentication path (OAuth or Bedrock) for merge resolution.
46-51: LGTM: Correct dual-path authentication logic.The authentication flow properly supports both OAuth and Bedrock:
- Line 46: Proceeds if either OAuth token exists OR Bedrock is enabled
- Lines 50-51: Only enforces OAuth token setup when NOT using Bedrock
This correctly implements the authentication contract where Bedrock authentication bypasses OAuth token requirements.
tests/test_sdk_structured_output.py (2)
13-23: LGTM: Test setup supports dual authentication paths.The additions properly configure the test environment:
- Loads backend
.envfor consistent configuration- Imports Bedrock authentication helpers for dual-path testing
This enables the test to validate both OAuth and Bedrock authentication scenarios.
52-58: LGTM: Proper test skip logic for both authentication paths.The skip conditions correctly handle both scenarios:
- Bedrock enabled: Validates config and skips if invalid (lines 52-56)
- Bedrock disabled: Skips if OAuth token missing (lines 57-58)
This ensures the test only runs with valid authentication, preventing false failures.
apps/backend/runners/ai_analyzer/claude_client.py (1)
38-44: LGTM: Correct refactoring to support dual authentication.The method rename and refactoring properly extends authentication support:
- Method name
_validate_authenticationaccurately reflects dual-path support- Uses
require_claude_auth()which validates both OAuth and Bedrock paths- Docstring correctly documents "OAuth or Bedrock" support
Based on learnings, this follows the established pattern of using
require_claude_auth()as the primary authentication entry point.guides/CLI-USAGE.md (2)
61-68: LGTM: Clear documentation of dual authentication options.The documentation updates properly present both authentication paths:
- Option A (OAuth): Traditional token-based authentication
- Option B (Bedrock): AWS infrastructure-based authentication with required env vars
The examples clearly show the required configuration for each option, making it easy for users to choose and configure their preferred authentication method.
198-199: LGTM: Environment variables table correctly documents Bedrock settings.The additions properly document the new Bedrock authentication variables:
CLAUDE_CODE_USE_BEDROCK: Optional flag to enable Bedrock (set to 1)AWS_REGION: Conditionally required when Bedrock is enabledThe "Conditional" requirement for
AWS_REGIONaccurately reflects the dependency on Bedrock being enabled.apps/frontend/src/shared/types/settings.ts (1)
284-286: LGTM! Clean type additions for Bedrock configuration.The new optional properties integrate well with the existing
AppSettingsinterface, maintaining backward compatibility. The importedBedrockConfigtype properly encapsulates all AWS authentication variants (SSO profile, access keys, API key).apps/backend/runners/insights_runner.py (1)
147-156: LGTM! Correct dual-auth path implementation.The authentication logic correctly handles both paths:
- Falls back to simple mode only when neither OAuth token nor Bedrock is available
- Skips OAuth token enforcement when Bedrock is enabled
The explicit
is_bedrock_enabled()check on line 155 adds clarity, even thoughensure_claude_code_oauth_token()handles this internally.apps/frontend/src/shared/i18n/locales/fr/settings.json (2)
315-330: LGTM! Additional project settings translations.The new keys under
projectSettings.general(authentication, autoBuildIntegration, status messages, agent configuration, notifications) are properly localized in French.
365-468: All Bedrock translation keys properly implemented in both English and French files.The French translations are well-structured and grammatically correct. Verification confirms that the English translation file (
en/settings.json) contains all matchingbedrocksubsections: status, region, regions, authMethod, authMethods, fields, modelOverrides, actions, errors, and securityWarning. Translation implementation satisfies coding guidelines requirement of keys in both language files.apps/backend/cli/utils.py (1)
163-179: LGTM! Proper Bedrock integration in environment validation.The implementation correctly:
- Validates that either OAuth token or Bedrock is configured (line 163)
- Provides clear instructions for Bedrock setup (lines 167-169)
- Displays the appropriate auth source with region info when Bedrock is enabled
The defensive default
"not set"for missingAWS_REGIONis a good practice.apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (2)
17-67: Well-structured test helpers that reduce duplication.The helper functions (
createProfile,setupSourceToken,setupStoreState,renderAndWait) significantly improve test readability and maintainability. ThesetupStoreStatehelper properly types the Bedrock configuration options.
401-518: Comprehensive Bedrock authentication test coverage.The tests thoroughly cover:
- All three auth methods (SSO profile, access keys, API key)
- Verification that OAuth check is bypassed when Bedrock is properly configured
- Fallback scenarios when Bedrock config is incomplete (missing region, missing credentials)
The assertion
expect(mockCheckSourceToken).not.toHaveBeenCalled()correctly verifies the Bedrock-first path.apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (2)
13-22: LGTM! Thorough Bedrock configuration validation.The
isBedrockConfiguredcallback properly validates all prerequisites:
- Master toggle enabled
- Region configured
- Auth method-specific credentials present
The memoization with
[bedrockEnabled, bedrockConfig]dependencies is correct.
29-32: Bug:isLoadingnot set tofalsewhen Bedrock is configured.When
isBedrockConfigured()returnstrue, the early return bypasses thefinallyblock, leavingisLoadingstuck attrue. This will cause the UI to show a perpetual loading state for Bedrock users.🐛 Proposed fix
try { if (isBedrockConfigured()) { setHasToken(true); + setIsLoading(false); return; }Likely an incorrect or invalid review comment.
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (3)
174-194: LGTM! Secure Bedrock secrets handling with encryption at rest.The implementation correctly:
- Migrates existing plaintext secrets to encrypted storage on load
- Decrypts secrets in memory for runtime use
- Handles encryption/decryption failures gracefully with appropriate logging
The error-tolerant approach for migration (continuing with plaintext if encryption fails) is reasonable for backward compatibility.
230-238: LGTM! Encryption enforced before persisting settings.Unlike the GET path (which is error-tolerant for migration), the SAVE path correctly returns an error if encryption fails. This ensures secrets are never written to disk in plaintext after the initial migration.
153-162: LGTM! Improved auto-detection logic for dev mode.The refined gating (
is.dev || !settings.autoBuildPath) ensures:
- In dev mode: always use detected path (helpful for local development)
- In production: only auto-detect if no path is saved
The warning log when dev mode overrides a saved path aids debugging.
apps/backend/commit_message.py (2)
203-217: LGTM - Bedrock-aware authentication flow correctly implemented.The auth logic properly handles both authentication paths:
- Lines 212-214: Early return when neither OAuth nor Bedrock auth is available
- Lines 216-217: Skips OAuth token setup when Bedrock is enabled
This aligns with the require_claude_auth() pattern shown in the code snippets.
238-248: LGTM - Improved response assembly using list accumulation.The refactored response handling (lines 242-246) is more efficient:
- Accumulates text in a list (line 242-244)
- Joins once at the end (line 246)
This avoids repeated string allocation compared to incremental concatenation and properly uses the new
_extract_text_from_messagehelper.apps/frontend/src/main/agent/agent-queue.ts (1)
324-332: LGTM - Good refactoring to eliminate environment construction duplication.The introduction of
buildSpawnEnv(lines 324-332, 641-649) successfully eliminates duplicate environment precedence logic between ideation and roadmap processes. The centralized function ensures consistent Bedrock vs OAuth environment handling across both code paths.Also applies to: 641-649
apps/frontend/src/shared/types/project.ts (1)
310-311: LGTM - Bedrock fields properly integrated into ProjectEnvConfig.The optional
bedrockEnabledandbedrockConfigfields (lines 310-311) are correctly positioned alongside other Claude authentication options and follow the existing pattern for optional project configuration.apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (2)
180-195: LGTM - Auth method switching properly clears irrelevant credentials.The
handleAuthMethodChangefunction (lines 180-195) correctly maintains data hygiene by preserving only the credential fields relevant to the selected authentication method. This prevents:
- Credential leakage between methods
- Confusion about which credentials are active
- Stale credentials being sent to the backend
159-426: All Bedrock translation keys are properly defined in both English and French locales.Verification confirms all translation keys (35+ keys across the bedrock namespace including region selections, authentication methods, field labels, hints, security warnings, and model overrides) are complete and present in both apps/frontend/src/shared/i18n/locales/en/settings.json and apps/frontend/src/shared/i18n/locales/fr/settings.json. The translations follow i18n guidelines with both required language files properly configured.
tests/test_auth_bedrock.py (1)
84-107: LGTM - Good sanity checks for SDK environment variables.These tests prevent configuration errors by validating:
- No duplicate entries in SDK_ENV_VARS (lines 84-92)
- All required Bedrock variables are included (lines 95-107)
Both tests follow pytest conventions with proper type hints and are well-isolated. The
AWS_BEARER_TOKEN_BEDROCKenvironment variable (line 103) is the official Anthropic/AWS standard for Bedrock bearer token authentication.apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (2)
77-112: Auth fields wiring looks consistent with the hook-proxy pattern.Destructuring and keeping
hookRef+createHookProxy(hookRef)should continue to avoid the “new hook object each render” loop, and the new auth fields match the proxy getters pattern. Based on learnings, defer unrelated UI/i18n cleanup.
125-160: Good: pass-through of Claude auth props intoSectionRouteris explicit and testable.apps/backend/core/auth.py (4)
9-55: SDK env passthrough expansion is reasonable; keepSDK_ENV_VARSas the single source of truth.
271-313: Error text update is fine; keep it aligned with actual validation rules.Minor: the Bedrock instructions say “configure AWS credentials (SSO profile, access keys, or Bedrock API key)”, but only access-key pair completeness is enforced here—frontend and docs should avoid marking “authenticated” on partial configs.
423-435: Good: skip OAuth token auto-detection when Bedrock is enabled.
58-134:require_claude_auth()is a clean choke point for authentication management.The code correctly handles the SDK environment contract for Bedrock:
- Returning
Nonein Bedrock mode is correct;CLAUDE_CODE_OAUTH_TOKENis only set when using OAuth (lines 486–487 inclient.py)AWS_BEARER_TOKEN_BEDROCKis a legitimate SDK environment variable included inSDK_ENV_VARSand passed to the SDK viaget_sdk_env_vars()- AWS credentials are properly forwarded to the SDK subprocess without requiring
CLAUDE_CODE_OAUTH_TOKENThe dual-path design (OAuth vs. Bedrock) is sound.
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
52-112: Pass-through intoGeneralSettingsis correct; no extra branching introduced.apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
4-36: Good: centralizing Bedrock env var names reduces drift across handlers.apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (2)
68-127: Good i18n conversion for newly touched UI strings.
155-259: Remaining label/header i18n updates look consistent with the repo’ssettingsnamespace usage.
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
from
b7d3747 to
de5f756
Compare
Author
|
The The failing test Evidence:
This appears to be a flaky test that occasionally fails in CI. Re-running the workflow should resolve it. |
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
from
de5f756 to
6beb1d0
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const originalNavigatorPlatform = navigator.platform; | ||
|
|
||
| // Mock requestAnimationFrame for jsdom environment (not provided by default) | ||
| const originalRAF = global.requestAnimationFrame; |
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note test
Contributor
There was a problem hiding this comment.
Actionable comments posted: 21
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (7)
.gitignore (1)
56-63: Consolidate redundant "Auto Claude Generated" sections.The file now has two separate section headers for auto-generated artifacts (lines 56–63 and 169). Merge the entries under one section to improve maintainability and clarity.
♻️ Proposed consolidation
Remove the duplicate section header and merge entries:
# =========================== # Auto Claude Generated # =========================== .auto-claude/ .auto-build-security.json .auto-claude-security.json .auto-claude-status .claude_settings.json .update-metadata.json +.security-key +logs/security/Then delete lines 169–171.
Also applies to: 169-171
apps/frontend/src/main/updater/path-resolver.ts (1)
64-86: Settings take precedence over installed updates.The current order checks
settings.autoBuildPath(lines 64-77) before the override path inuserData/backend-source(lines 82-86). However,getUpdateTargetPath()shows that updates are installed touserData/backend-sourcein packaged mode.This precedence means if a user has configured
autoBuildPath, newly installed updates will be ignored. Typically, updates should take precedence to ensure users get critical fixes and improvements.♻️ Proposed fix: Check updates before user settings
export function getEffectiveSourcePath(): string { const isDev = !app.isPackaged; if (isDev) { return getBundledSourcePath(); } + // Check for updates first (highest priority in production) + const overridePath = path.join(app.getPath('userData'), 'backend-source'); + const overrideMarker = path.join(overridePath, 'runners', 'spec_runner.py'); + if (existsSync(overridePath) && existsSync(overrideMarker)) { + return overridePath; + } + + // Then check user settings try { const settingsPath = path.join(app.getPath('userData'), 'settings.json'); if (existsSync(settingsPath)) { const settings = JSON.parse(readFileSync(settingsPath, 'utf-8')); if (settings.autoBuildPath && existsSync(settings.autoBuildPath)) { const markerPath = path.join(settings.autoBuildPath, 'runners', 'spec_runner.py'); if (existsSync(markerPath)) { return settings.autoBuildPath; } console.warn( `[path-resolver] Configured autoBuildPath "${settings.autoBuildPath}" is missing runners/spec_runner.py, falling back to bundled source` ); } } } catch { // Ignore settings read errors } - const overridePath = path.join(app.getPath('userData'), 'backend-source'); - const overrideMarker = path.join(overridePath, 'runners', 'spec_runner.py'); - if (existsSync(overridePath) && existsSync(overrideMarker)) { - return overridePath; - } - return getBundledSourcePath(); }guides/CLI-USAGE.md (2)
56-68: Setup snippet is clear; add a hint that Bedrock needs AWS credentials too (profile/role/keys), not only region.
193-200: Docs bug:CLAUDE_CODE_OAUTH_TOKENcannot be “Required: Yes” if Bedrock auth is supported.
This contradicts the stated behavior (“OAuth token is NOT required when Bedrock is enabled”) and will confuse users.Proposed doc table fix
-| `CLAUDE_CODE_OAUTH_TOKEN` | Yes | OAuth token from `claude setup-token` | +| `CLAUDE_CODE_OAUTH_TOKEN` | Conditional | OAuth token from `claude setup-token` (required unless Bedrock is enabled) | | `CLAUDE_CODE_USE_BEDROCK` | No | Enable AWS Bedrock auth (set to 1) | | `AWS_REGION` | Conditional | Required when Bedrock is enabled |apps/backend/phase_config.py (1)
93-128: Strip and validateANTHROPIC_MODELoverride to prevent whitespace-only values from being passed to the SDK.The global override check uses a simple truthy check, which allows whitespace-only strings (e.g., " ") to be returned as valid model IDs. This can cause downstream failures in the SDK.
Proposed fix
- global_override = os.environ.get("ANTHROPIC_MODEL") - if global_override: - return global_override + global_override = os.environ.get("ANTHROPIC_MODEL") + if global_override is not None: + global_override = global_override.strip() + if global_override: + return global_overrideAlso add a unit test verifying the precedence order (ANTHROPIC_MODEL > ANTHROPIC_DEFAULT_* > MODEL_ID_MAP > passthrough) and edge cases like whitespace-only overrides.
apps/backend/analysis/insight_extractor.py (1)
45-53: Bug:is_extraction_enabled()doesn't account for Bedrock authentication.This function will return
Falsewhen Bedrock is enabled but no OAuth token exists, even though Bedrock auth should be sufficient. This is inconsistent with the updated logic inrun_insight_extraction()at lines 355-360.🐛 Proposed fix
def is_extraction_enabled() -> bool: """Check if insight extraction is enabled.""" # Extraction requires Claude SDK and authentication token if not SDK_AVAILABLE: return False - if not get_auth_token(): + if not get_auth_token() and not is_bedrock_enabled(): return False enabled_str = os.environ.get("INSIGHT_EXTRACTION_ENABLED", "true").lower() return enabled_str in ("true", "1", "yes")apps/backend/runners/insights_runner.py (1)
184-196: Consider usingcreate_client()orcreate_simple_client()instead of directClaudeSDKClientinitialization.Per the coding guidelines, SDK clients should be instantiated via the factory functions in
apps/backend/core/client.pyrather than directly initializingClaudeSDKClient. This ensures consistent configuration and tool permissions.Based on learnings, this violates: "Use the
create_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization."This may have been an intentional design choice for the insights runner. Please verify whether the direct initialization is needed for specific customization, or if it can be refactored to use the factory function.
🤖 Fix all issues with AI agents
In @apps/backend/.env.example:
- Around line 18-71: Add a short security reminder in the Bedrock env block
advising not to commit AWS credentials and to prefer AWS_PROFILE or IAM roles;
specifically mention the credential env vars (AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_BEARER_TOKEN_BEDROCK) and suggest
using AWS_PROFILE or temporary credentials/roles in production—place this
one-liner near the top of the Bedrock section (before the authentication
options) so readers see it when choosing between AWS_PROFILE, access keys, or
API key.
In @apps/backend/cli/utils.py:
- Around line 163-180: validate_environment() currently treats
is_bedrock_enabled() as sufficient auth and sets valid=True even if Bedrock
config is incomplete; instead call require_claude_auth() to perform full Bedrock
validation and use its result to decide validity. Replace the branch that sets
valid when is_bedrock_enabled() with a call like valid = require_claude_auth()
(and still print the region/auth info via os.environ.get and
get_auth_token_source()) so missing AWS_REGION or other Bedrock requirements
cause validation to fail rather than a false-positive.
In @apps/backend/commit_message.py:
- Around line 189-201: The _extract_text_from_message function currently takes
an untyped msg and relies on brittle string type checks like type(...).__name__
== "TextBlock"; update the signature to msg: Any (import Any from typing) and
replace name-based checks with capability/instance checks: first verify msg has
a content attribute (hasattr(msg, "content")) and that msg.content is iterable,
then for each block check for a text attribute with hasattr(block, "text") or
getattr(block, "text", None) and only append when present; remove all string
comparisons to type names and keep the function return type as -> str to
preserve the signature.
- Around line 203-218: Replace the manual auth checks in _call_claude with the
client factory: remove
get_auth_token/is_bedrock_enabled/ensure_claude_code_oauth_token usage and
instead call require_claude_auth() up-front and create_simple_client() to get
the Claude client; keep using get_utility_model_config() for model selection and
then call the client to generate the commit message, letting
create_simple_client() enforce and surface auth/Bedrock configuration errors
consistently.
In @apps/backend/core/workspace.py:
- Around line 1432-1447: Replace the manual auth checks in the
ParallelMergeResult path by calling the centralized helper require_claude_auth()
instead of separately calling get_auth_token(), is_bedrock_enabled(), and
ensure_claude_code_oauth_token(); locate the block that currently imports
ensure_claude_code_oauth_token/get_auth_token/is_bedrock_enabled and returns a
ParallelMergeResult on missing token, remove those manual checks and the
ensure_claude_code_oauth_token call, and instead invoke require_claude_auth()
(import it) so authentication is enforced consistently with simple_client.py and
client.py.
In @apps/frontend/src/main/agent/agent-process.test.ts:
- Around line 98-103: The mock for Electron's app uses a zero-arg getPath which
diverges from the real API; update the vi.mock stanza so app.getPath is a
function that accepts the single parameter (e.g. name) and returns appropriate
values (or a default) based on that argument, e.g. replace getPath: vi.fn(() =>
'/fake/user/data') with getPath: vi.fn((name) => /* return path for name */) so
tests mirror the real getPath(name) signature and catch incorrect call sites;
keep the existing getAppPath mock as-is.
In @apps/frontend/src/main/agent/agent-queue.ts:
- Around line 34-62: buildSpawnEnv currently reads readSettingsFile() to decide
Bedrock precedence, which duplicates disk state; remove the disk read and
instead accept an isBedrockEnabled boolean (add parameter isBedrockEnabled:
boolean to buildSpawnEnv) and use that to choose between spreading profileEnv
before/after apiProfileEnv, or if you prefer infer mode from profileEnv by
checking keys like CLAUDE_CODE_USE_BEDROCK or AWS_REGION; update all callers to
pass the flag (or rely on the profileEnv inference) and eliminate
readSettingsFile() from buildSpawnEnv.
In @apps/frontend/src/main/ipc-handlers/env-handlers.ts:
- Around line 151-182: The BEDROCK_ENABLED env value is set to '1' / '' but
other booleans use 'true'/'false'; update the assignment that uses
config.bedrockEnabled to set existingVars[BEDROCK_ENV_KEYS.ENABLED] =
config.bedrockEnabled ? 'true' : 'false' (refer to config.bedrockEnabled and
BEDROCK_ENV_KEYS.ENABLED), leaving the rest of the bedrockConfig
credential-cleanup branches intact.
In @apps/frontend/src/main/ipc-handlers/settings-handlers.ts:
- Around line 230-238: The IPC handler returns a hardcoded user-facing error
string when encryptBedrockSecrets fails; change the handler to return a stable
error code/key (e.g., BEDROCK_ENCRYPTION_FAILED) instead of the literal message
and keep full error details only in the console/process log for debugging;
update the return shape to include an errorCode (and optional safe metadata like
errorType) so the renderer can map to i18n copy, and ensure this change is made
in the block around encryptBedrockSecrets where the try/catch currently returns
the literal string.
In @apps/frontend/src/main/rate-limit-detector.ts:
- Around line 256-266: Wrap the Bedrock branch inside getProfileEnv in a
try-catch: call decryptBedrockSecrets and getBedrockEnvVars in the try, and if
successful return bedrockEnv as before; in catch log the error (e.g.,
console.error or existing logger) with context that Bedrock decryption failed
and then continue so the function falls back to the OAuth/profile logic instead
of throwing; reference getProfileEnv, decryptBedrockSecrets, getBedrockEnvVars
and readSettingsFile so the change is limited to handling exceptions from
decryptBedrockSecrets.
- Around line 323-346: Extract the duplicated getBedrockEnvVars function into a
shared utility module (e.g., bedrock-env-utils.ts) that exports function
getBedrockEnvVars(config: BedrockConfig): Record<string,string>; move the
current implementation there, import the BedrockConfig type from the shared
types, then replace the local definitions in rate-limit-detector.ts,
agent-process.ts, and agent-queue.ts with imports from the new module (use the
same function name so call sites need no changes). Ensure the new module is
exported and each file imports the function and any needed types, run a quick
build to verify no missing references.
In
@apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts:
- Around line 33-59: The tests leak bedrock settings because setupStoreState
only sets settings when bedrockEnabled/bedrockConfig are provided; update tests
to ensure isolation by resetting settings in beforeEach or by always setting
settings inside setupStoreState (even when undefined) so
useSettingsStore.setState always receives an explicit settings object; modify
the test file to either add a beforeEach that calls useSettingsStore.setState({
settings: { bedrockEnabled: undefined, bedrockConfig: undefined } }) or change
setupStoreState to always include storeState.settings = { bedrockEnabled:
state.bedrockEnabled ?? undefined, bedrockConfig: state.bedrockConfig ??
undefined } before calling useSettingsStore.setState.
In @apps/frontend/src/renderer/components/settings/BedrockSettings.tsx:
- Around line 85-90: Replace the hardcoded "Change" and "Clear" button labels in
the BedrockSettings component by using the i18n translation function (e.g., t)
instead of literal strings: update the two Button elements that call
handleStartEdit and handleClear to use translation keys such as
t('buttons.change') and t('buttons.clear'); then add the corresponding keys
under "buttons" in the locale files
(apps/frontend/src/shared/i18n/locales/en/common.json and
apps/frontend/src/shared/i18n/locales/fr/common.json) with appropriate English
and French translations.
- Around line 337-343: Replace the masked PasswordInput used for awsAccessKeyId
in BedrockSettings.tsx with a plain Input component (i.e., change the component
rendering the awsAccessKeyId field from PasswordInput to Input), keep
PasswordInput/SecretFieldInput for actual secrets like awsSecretAccessKey and
awsSessionToken, and update the onChange handler for the awsAccessKeyId field to
extract the value from the event (e.g., using e.target.value) before calling
handleUpdateBedrockConfig({ awsAccessKeyId: value }) so the handler matches the
Input component's event signature.
In @apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts:
- Around line 65-67: The test captures originalRAF but never restores it; either
remove the unused originalRAF declaration or restore
global.requestAnimationFrame = originalRAF in the afterEach alongside
originalNavigatorPlatform restoration, and also ensure
global.cancelAnimationFrame is restored; for more robust isolation and to avoid
RAF callbacks firing after cleanup, switch the test to use fake timers (e.g.,
vi.useFakeTimers()/vi.runAllTimers()) when mocking requestAnimationFrame so
callbacks run deterministically before teardown.
- Around line 187-190: The afterEach cleanup currently calls
vi.runAllTimersAsync() and swallows errors, which is incorrect because fake
timers aren't enabled; either enable fake timers in the test setup (call
vi.useFakeTimers() in the corresponding beforeEach) and then keep
vi.runAllTimersAsync() so timers are properly flushed, or remove the
vi.runAllTimersAsync(). If you need deterministic timer control, add
vi.useFakeTimers() in beforeEach and vi.useRealTimers() in afterEach; otherwise
simply delete the await vi.runAllTimersAsync().catch(() => {}) line and rely on
vi.restoreAllMocks() and proper test isolation to fix flakiness.
In @CLAUDE.md:
- Around line 59-65: Clarify that using Bedrock requires AWS credentials in
addition to setting CLAUDE_CODE_USE_BEDROCK and AWS_REGION: update the doc lines
mentioning CLAUDE_CODE_USE_BEDROCK and AWS_REGION to note that users must also
have AWS credentials available via the default credential chain (environment
variables like AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, AWS_PROFILE/SSO, or an
assumed role) so Bedrock auth succeeds.
In @tests/test_auth_bedrock.py:
- Around line 3-10: Remove the per-test sys.path mutation from
tests/test_auth_bedrock.py and instead perform the path setup once for the test
session (e.g., create or update tests/conftest.py) so imports like "from core
import auth as auth_module" work without local sys.path changes; specifically,
delete the sys.path.insert call and add equivalent setup logic to conftest.py
(or configure the test package/import path via packaging or pytest.ini) so all
tests import core.auth consistently and order-independently.
- Around line 93-103: Replace the manual duplicate scan in
test_sdk_env_vars_no_duplicates with a direct length equality assertion using
auth_module.SDK_ENV_VARS (assert len(auth_module.SDK_ENV_VARS) ==
len(set(auth_module.SDK_ENV_VARS))) and similarly simplify the Bedrock-related
test by asserting the Bedrock env var list is a subset of SDK env vars (assert
set(<the Bedrock var list used in the
test>).issubset(set(auth_module.SDK_ENV_VARS))). Update the tests
test_sdk_env_vars_no_duplicates and the Bedrock test (lines ~105-118) to use
these two concise assertions.
- Around line 22-32: The tests that clear AWS credential env vars (e.g.,
test_require_claude_auth_bedrock_returns_none and the similar block at lines
81–91) omit AWS_SESSION_TOKEN; update both tests to also remove
AWS_SESSION_TOKEN via monkeypatch.delenv("AWS_SESSION_TOKEN", raising=False) so
all SDK_ENV_VARS are cleared for proper test isolation and to avoid CI-provided
session tokens affecting behavior.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (42)
.gitignoreCLAUDE.mdapps/backend/.env.exampleapps/backend/analysis/insight_extractor.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/client.pyapps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/types/project.tsapps/frontend/src/shared/types/settings.tsguides/CLI-USAGE.mdtests/test_auth_bedrock.pytests/test_sdk_structured_output.py
🧰 Additional context used
📓 Path-based instructions (9)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/shared/types/project.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/shared/types/project.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/shared/types/project.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.ts
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/runners/insights_runner.pyapps/backend/core/auth.pyapps/backend/spec/compaction.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/cli/main.pyapps/backend/commit_message.pyapps/backend/run.pyapps/backend/phase_config.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/cli/utils.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/runners/insights_runner.pyapps/backend/core/auth.pyapps/backend/spec/compaction.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/cli/main.pyapps/backend/commit_message.pyapps/backend/run.pyapps/backend/phase_config.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/cli/utils.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/simple_client.pyapps/backend/core/client.pyapps/backend/core/auth.pyapps/backend/core/workspace.py
apps/backend/.env*
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/.env*: Enable Electron MCP for E2E testing by settingELECTRON_MCP_ENABLED=truein.envand starting the Electron app withnpm run dev
Configure memory system credentials inapps/backend/.envand validate withgraphiti_config.py
Files:
apps/backend/.env.example
apps/backend/core/client.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Files:
apps/backend/core/client.py
tests/**
⚙️ CodeRabbit configuration file
tests/**: Ensure tests are comprehensive and follow pytest conventions.
Check for proper mocking and test isolation.
Files:
tests/test_sdk_structured_output.pytests/test_auth_bedrock.py
apps/frontend/src/shared/i18n/locales/**/*.json
📄 CodeRabbit inference engine (CLAUDE.md)
apps/frontend/src/shared/i18n/locales/**/*.json: Store translation strings in namespace-organized JSON files atapps/frontend/src/shared/i18n/locales/{lang}/*.jsonfor each supported language
When implementing new frontend features, add translation keys to all language files (minimum: en/.json and fr/.json)
Files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
🧠 Learnings (16)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Configure memory system credentials in `apps/backend/.env` and validate with `graphiti_config.py`
Applied to files:
guides/CLI-USAGE.md
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Store project-specific data including specs, plans, and QA reports in `.auto-claude/specs/` directory and add to .gitignore
Applied to files:
guides/CLI-USAGE.md.gitignoreCLAUDE.md
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/.env.exampleapps/backend/core/client.pyapps/backend/runners/insights_runner.pyapps/backend/core/auth.pyapps/backend/spec/compaction.pyapps/backend/integrations/linear/updater.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initialization
Applied to files:
apps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/backend/integrations/linear/updater.pyapps/backend/runners/ai_analyzer/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/runners/insights_runner.pyapps/backend/integrations/linear/updater.pyapps/backend/runners/ai_analyzer/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Enable Electron MCP for E2E testing by setting `ELECTRON_MCP_ENABLED=true` in `.env` and starting the Electron app with `npm run dev`
Applied to files:
apps/frontend/src/main/agent/agent-process.test.ts
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsx
📚 Learning: 2026-01-02T19:30:59.118Z
Learnt from: hluisi
Repo: AndyMik90/Auto-Claude PR: 0
File: :0-0
Timestamp: 2026-01-02T19:30:59.118Z
Learning: In the Claude Agent SDK (Python), PreToolUse hooks receive `cwd` (current working directory) in the `input_data` dictionary parameter, not in the `context` parameter. The hook signature is `async def hook(input_data: dict, tool_use_id: str | None, context: HookContext)` where `input_data["cwd"]` contains the working directory passed from `ClaudeAgentOptions(cwd=...)`. The `context` parameter is reserved for future use and does NOT contain `cwd`.
<!-- <review_comment_addressed>
Applied to files:
apps/backend/core/client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx,jsx} : Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx} : Use `useTranslation()` hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-19T15:00:48.233Z
Learnt from: AndyMik90
Repo: AndyMik90/Auto-Claude PR: 41
File: auto-claude/qa/loop.py:126-136
Timestamp: 2025-12-19T15:00:48.233Z
Learning: In auto-claude/qa/loop.py, when creating clients for QA fixer sessions (including human feedback processing), use get_phase_model(spec_dir, "qa", model) instead of hardcoding "sonnet" as the fallback to support dynamic model selection based on profiles.
Applied to files:
apps/backend/phase_config.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : Store translation strings in namespace-organized JSON files at `apps/frontend/src/shared/i18n/locales/{lang}/*.json` for each supported language
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.json
📚 Learning: 2026-01-10T15:30:12.808Z
Learnt from: taniar88
Repo: AndyMik90/Auto-Claude PR: 883
File: apps/frontend/src/main/agent/agent-process.ts:21-21
Timestamp: 2026-01-10T15:30:12.808Z
Learning: Before adding a new language to AVAILABLE_LANGUAGES, ensure UI translations exist and are complete in apps/frontend/src/shared/i18n/locales. Do not advertise official support for a language until its locale files are fully translated and validated, to avoid user-facing issues.
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2026-01-04T23:59:48.743Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
Applied to files:
apps/frontend/src/shared/i18n/locales/en/settings.json
🧬 Code graph analysis (26)
apps/backend/core/simple_client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(395-420)require_claude_auth(114-133)
apps/backend/merge/ai_resolver/claude_client.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (3)
apps/frontend/src/main/services/profile/profile-service.ts (1)
createProfile(127-178)apps/frontend/src/main/services/profile/index.ts (1)
createProfile(24-24)apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (1)
useIdeationAuth(4-67)
apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (2)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (2)
error(18-18)setError(19-19)apps/frontend/src/renderer/stores/settings-store.ts (1)
useSettingsStore(46-296)
apps/backend/analysis/insight_extractor.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (9)
envConfig(23-23)isLoadingEnv(25-25)envError(26-26)updateEnvConfig(29-29)expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/frontend/src/shared/types/settings.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/agent/agent-process.ts (3)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/rate-limit-detector.ts (1)
getProfileEnv(256-321)
apps/backend/core/client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(395-420)require_claude_auth(114-133)
apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (5)
expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/backend/runners/insights_runner.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)
tests/test_sdk_structured_output.py (1)
apps/backend/core/auth.py (2)
is_bedrock_enabled(58-65)validate_bedrock_config(68-111)
apps/frontend/src/main/updater/path-resolver.ts (1)
apps/frontend/src/__mocks__/electron.ts (1)
app(8-22)
apps/backend/spec/compaction.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/core/workspace.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)apps/backend/core/workspace/models.py (1)
ParallelMergeResult(43-50)
tests/test_auth_bedrock.py (2)
scripts/bump-version.js (1)
match(66-66)apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/integrations/linear/updater.py (2)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)apps/backend/phase_config.py (1)
resolve_model_id(93-128)
apps/frontend/src/main/agent/agent-queue.ts (2)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (3)
apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287).design-system/src/components/Input.tsx (1)
Input(4-24)apps/frontend/src/shared/types/project.ts (2)
BedrockConfig(291-301)BedrockAuthMethod(289-289)
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsx (1)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (1)
BedrockSettings(159-426)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(423-435)get_auth_token(226-248)is_bedrock_enabled(58-65)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
apps/frontend/src/main/rate-limit-detector.ts (4)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/bedrock-encryption.ts (1)
decryptBedrockSecrets(71-87)apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(114-133)
apps/backend/cli/utils.py (1)
apps/backend/core/auth.py (3)
get_auth_token(226-248)get_auth_token_source(251-268)is_bedrock_enabled(58-65)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockAuthMethod(289-289)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (python)
- GitHub Check: CodeQL (javascript-typescript)
apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts
Show resolved
Hide resolved
apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts
Show resolved
Hide resolved
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
from
6beb1d0 to
756409e
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 25
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (7)
apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts (1)
187-196: Consider logging suppressed errors for better test diagnostics.The async timer flushing correctly addresses the
requestAnimationFramerace condition. However, silently swallowing errors with.catch(() => {})may hide legitimate test issues.♻️ Log errors instead of silently suppressing
afterEach(async () => { vi.restoreAllMocks(); // Flush any pending timers to prevent unhandled errors after test cleanup - await vi.runAllTimersAsync().catch(() => {}); + await vi.runAllTimersAsync().catch((err) => { + console.warn('[useXterm.test] Timer cleanup error:', err); + }); // Reset navigator.platform to original value Object.defineProperty(navigator, 'platform', { value: originalNavigatorPlatform, writable: true }); });This preserves the error-suppression behavior while providing visibility into any issues during development.
apps/backend/runners/insights_runner.py (1)
184-196: Consider usingcreate_client()helper instead of direct instantiation.The direct instantiation of
ClaudeSDKClienton line 184 does not follow the project's coding guideline. As per coding guidelines, backend code should use thecreate_client()function fromapps/backend/core/client.pyrather than directClaudeSDKClientinitialization. This helper provides consistent agent-specific tool permissions and configuration.Based on coding guidelines, the recommended pattern is:
♻️ Refactor to use create_client() helper
from core.client import create_client # Replace lines 184-196 with: client = create_client( agent_type="insights", # or appropriate agent type model=resolve_model_id(model), system_prompt=system_prompt, allowed_tools=["Read", "Glob", "Grep"], max_turns=30, cwd=str(project_path), )This change is not blocking for this PR since the direct instantiation was pre-existing, but should be addressed to align with project standards.
apps/frontend/src/main/agent/agent-queue.ts (1)
9-62: Bedrock precedence switch should not depend on parsing the settings file (risk: Bedrock loses priority on parse error).
readSettingsFile()can returnundefinedon JSON parse errors; in that caseisBedrockEnabledbecomes falsy andapiProfileEnvcan override Bedrock vars (the exact thing this helper is trying to prevent). Prefer deriving the mode fromprofileEnv.CLAUDE_CODE_USE_BEDROCK(or a dedicatedgetProfileEnv()flag), and makeisBedrockEnableda real boolean.Proposed fix (derive from env, remove settings read)
-import type { IdeationConfig, Idea, AppSettings } from '../../shared/types'; +import type { IdeationConfig, Idea } from '../../shared/types'; @@ -import { readSettingsFile } from '../settings-utils'; - @@ function buildSpawnEnv( @@ ): Record<string, string | undefined> { - // Check if Bedrock is enabled - if so, Bedrock env vars should override API Profile - const settings = readSettingsFile() as AppSettings | undefined; - const isBedrockEnabled = settings?.bedrockEnabled && settings?.bedrockConfig; + // Derive from env (robust even if settings file is unreadable) + const bedrockFlag = (profileEnv.CLAUDE_CODE_USE_BEDROCK ?? '').toLowerCase().trim(); + const isBedrockEnabled = ['1', 'true', 'yes', 'on'].includes(bedrockFlag); // Build final environment with proper precedence: // When Bedrock enabled: profileEnv (with Bedrock vars) has highest priority // When OAuth: apiProfileEnv has highest priority for ANTHROPIC_* vars return {As per coding guidelines, this keeps the Bedrock-vs-OAuth precedence deterministic and resilient.
apps/backend/commit_message.py (1)
231-236: Refactorcreate_simple_client()to delegate tocreate_client()or usecreate_client()directly.The backend guidelines require using
create_client()fromapps/backend/core/client.pyfor all Claude SDK client instantiation, explicitly forbidding directClaudeSDKClientinitialization. However,create_simple_client()directly instantiatesClaudeSDKClienton lines 87–97 without delegating tocreate_client(). This bypasses tool-permissions, auth wiring, and other centralized security configurations. Either refactorcreate_simple_client()to callcreate_client()internally, or usecreate_client()directly incommit_message.pyinstead.apps/frontend/src/shared/i18n/locales/fr/settings.json (1)
310-468: Fix grammar: "Bedrock a priorité…" → "Bedrock a la priorité…" (Line 370)EN/FR key parity for Bedrock section is correct—all translation keys are properly aligned across both language files.
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
12-46: New auth props onSectionRouterPropsare fine, but consider narrowingtoggleSection’s parameter type.
Right now it’s(section: string) => void, but usage appears to be keyed (e.g.'claude'). A stringly-typed API is easy to break silently.apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (1)
29-48: Tighten types:expandedSections.claudeshould be boolean, andhandleClaudeSetupshould likely be async.
This avoidsundefinedleaking intoClaudeAuthSectionand keeps signatures consistent with the rest of the auth plumbing.Proposed patch
interface GeneralSettingsProps { @@ - expandedSections: Record<string, boolean>; + expandedSections: Record<string, boolean>; toggleSection: (section: string) => void; @@ - handleClaudeSetup: () => void; + handleClaudeSetup: () => Promise<void>; } @@ <ClaudeAuthSection - isExpanded={expandedSections.claude} + isExpanded={!!expandedSections.claude} onToggle={() => toggleSection('claude')} @@ onClaudeSetup={handleClaudeSetup} />Also applies to: 130-149
🤖 Fix all issues with AI agents
In @apps/backend/.env.example:
- Around line 69-70: Update the .env.example comment for DISABLE_PROMPT_CACHING
to specify concrete scenarios where prompt caching should be disabled (e.g.,
when using Bedrock in cross-region inference, specific Bedrock model versions
that return non-deterministic context IDs, or when you observe stale prompt
outputs after model/endpoint updates); replace the vague "may be needed for some
Bedrock configurations" text with a short list of these scenarios and an example
usage line showing DISABLE_PROMPT_CACHING=1 so users know when and how to enable
it.
In @apps/backend/cli/utils.py:
- Around line 163-171: The message printed when both get_auth_token() and
is_bedrock_enabled() are false is misleading because it frames Bedrock as an
"alternative" even though Bedrock is a valid authentication method; update the
printed text in the branch where get_auth_token() is falsy and
is_bedrock_enabled() is falsy to clearly state that no supported authentication
was found and list the valid options (OAuth via claude setup-token or enable
Bedrock by setting CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION). Locate the
conditional using get_auth_token() and is_bedrock_enabled() and modify the
printed lines to first state "No supported authentication found" (or similar),
then present the two valid authentication methods and the exact actions to take
for each so the messaging is unambiguous.
In @apps/backend/commit_message.py:
- Around line 203-218: Replace the ad-hoc auth checks in _call_claude with the
single entry point require_claude_auth(): import require_claude_auth and call it
at the start of _call_claude to validate Bedrock/config and ensure tokens, and
remove the manual get_auth_token(), is_bedrock_enabled() and
ensure_claude_code_oauth_token() branching; keep other imports like
get_utility_model_config but rely on require_claude_auth() to enforce auth so
failures occur early and consistently.
- Around line 189-201: Update _extract_text_from_message to accept a typed
object (e.g., change signature to msg: object) and import AssistantMessage and
TextBlock from claude_agent_sdk; replace string-based type checks
(type(msg).__name__ and type(block).__name__) with isinstance(msg,
AssistantMessage) and isinstance(block, TextBlock), and keep the content/text
existence guards (hasattr checks) as needed before accessing .content and .text.
In @apps/backend/core/auth.py:
- Around line 58-67: Update the is_bedrock_enabled function docstring (or the
module docstring) to explicitly list the accepted truthy values including "1",
"true", "yes", and "on" and note that "on" is intentionally supported for
shell-style configurations; locate the function named is_bedrock_enabled in
auth.py and add a one-line clarification about accepted values and
case-insensitivity so future readers know "on" is deliberate.
In @apps/backend/core/workspace.py:
- Around line 1438-1447: Update the error returned in the ParallelMergeResult
when neither get_auth_token() nor is_bedrock_enabled() is true to include both
authentication options; locate the branch that constructs ParallelMergeResult
(the code using get_auth_token(), is_bedrock_enabled(), and task.file_path) and
change the error string from "No authentication token available" to a clearer
message mentioning that either an OAuth token (get_auth_token) or Bedrock
(is_bedrock_enabled) must be available, keeping the rest of the return structure
unchanged.
In @apps/backend/integrations/linear/updater.py:
- Around line 123-124: Guard the call to ensure_claude_code_oauth_token() so it
only runs when OAuth is the active auth method (Bedrock does not use OAuth).
Update the sequence around require_claude_auth() /
ensure_claude_code_oauth_token() to check the auth mode (e.g., use an existing
auth config or helper such as is_bedrock_auth_enabled(), auth_config.provider,
or similar) and call ensure_claude_code_oauth_token() only when the check
indicates non-Bedrock/OAuth-based authentication.
In @apps/backend/runners/ai_analyzer/claude_client.py:
- Around line 37-45: The _validate_authentication flow in ClaudeAnalysisClient
currently calls require_claude_auth() but ignores the returned OAuth token and
directly instantiates ClaudeSDKClient; refactor to use the centralized
create_client() factory instead: call require_claude_auth() to get oauth_token,
set os.environ["CLAUDE_CODE_OAUTH_TOKEN"] when present, and replace direct
ClaudeSDKClient construction with create_client() so authentication and config
are applied consistently; update ClaudeAnalysisClient (and its
_validate_authentication or constructor) to obtain the client via
create_client() rather than instantiating ClaudeSDKClient directly.
In @apps/frontend/src/main/agent/agent-process.ts:
- Line 424: The comment in agent-process.ts contains a typo: change "commandto"
to "command to" in the comment that explains parsing Python commands (the
comment near the Python command parsing logic in the agent process, e.g., the
comment line above the code handling space-separated Python commands). Just
correct the comment text to "Parse Python command to handle space-separated
commands like \"py -3\"" without altering any code behavior.
- Around line 426-432: readSettingsFile() is being cast directly to AppSettings
| undefined which can hide invalid shapes; add a runtime validation step after
calling readSettingsFile() to ensure the returned object conforms to the
AppSettings shape (e.g., check presence and types of bedrockEnabled and
bedrockConfig) and fall back to undefined or a safe default if validation fails;
also avoid re-reading from disk on every spawnProcess() by introducing a simple
cachedSettings store updated by readSettingsFile(), exposing an
invalidateSettings() function (or subscribe to settings change events) so
spawnProcess() reads cachedSettings and only refreshes when invalidated;
reference functions readSettingsFile, spawnProcess, getProfileEnv and the
AppSettings type when implementing these changes.
- Around line 434-443: The comment above the env spread in the spawn call is
incomplete; update the comment to list all sources included in the `env` object
returned by `setupProcessEnvironment()` (not just process.env, extraEnv,
PYTHONUNBUFFERED, PYTHONUTF8) so it also mentions `augmentedEnv`, `gitBashEnv`,
and `PYTHONIOENCODING`; keep the existing explanation of Bedrock vs OAuth
precedence and reference the relevant symbols (`spawn`, `pythonCommand`,
`pythonBaseArgs`, `env`, `pythonEnv`, `oauthModeClearVars`, `profileEnv`,
`apiProfileEnv`, `isBedrockEnabled`, `setupProcessEnvironment`) so the comment
clearly documents the full environment composition and precedence.
In @apps/frontend/src/main/bedrock-encryption.ts:
- Around line 4-107: encryptBedrockSecrets and hasPlaintextBedrockSecrets must
skip masked placeholders so we don't encrypt the mask or treat it as plaintext;
update both functions (encryptBedrockSecrets and hasPlaintextBedrockSecrets) to
check isBedrockSecretMasked(value) and skip the field when it returns true
(i.e., only attempt encrypting or flagging plaintext when value is present, not
encrypted, and not masked).
In @apps/frontend/src/main/ipc-handlers/env-handlers.ts:
- Around line 470-505: Currently we only populate config.bedrockConfig when
bedrockEnabled is true; change this so we still parse and set
config.bedrockConfig whenever any Bedrock env vars exist so the UI can toggle
back on without retyping values. Specifically: compute a hasAnyBedrockVars
boolean from BEDROCK_ENV_KEYS (e.g., REGION, PROFILE, ACCESS_KEY_ID,
BEARER_TOKEN, etc.); always build config.bedrockConfig when hasAnyBedrockVars is
true (using the same authMethod detection logic and fields currently used), but
only set config.bedrockEnabled = true when vars[BEDROCK_ENV_KEYS.ENABLED] ===
'1'; run the existing claudeAuthStatus logic (hasRegion/hasBedrockCreds ->
config.claudeAuthStatus) based on the presence of those vars rather than the
enabled flag. Reference symbols: BEDROCK_ENV_KEYS, bedrockEnabled,
config.bedrockConfig, config.claudeAuthStatus, authMethod.
In @apps/frontend/src/main/ipc-handlers/settings-handlers.ts:
- Around line 153-162: The current gating uses shouldAutoDetect = is.dev ||
!settings.autoBuildPath which can overwrite an explicit user path in dev; change
the logic so auto-detection only runs when settings.autoBuildPath is falsy
(i.e., if (!settings.autoBuildPath) { ... }) and remove is.dev from the gate;
keep the existing dev warning but invert it: if (is.dev &&
settings.autoBuildPath && settings.autoBuildPath !== detectedPath) log a warning
that you are NOT overriding the saved path and suggest how to opt into the
detected path, and only assign settings.autoBuildPath = detectedPath when it was
originally falsy. Ensure references to detectAutoBuildSourcePath,
settings.autoBuildPath, shouldAutoDetect/is.dev are updated accordingly.
- Around line 230-238: The handler currently returns a user-facing error string
when encryptBedrockSecrets fails; instead return a stable error code/key (e.g.,
SETTINGS_SAVE_BEDROCK_ENCRYPT_FAILED) so the renderer can localize it; keep the
detailed console.error log for diagnostics, and update the failed branch in the
settings save flow (the block that calls encryptBedrockSecrets in
settings-handlers.ts) to return { success: false, error:
'SETTINGS_SAVE_BEDROCK_ENCRYPT_FAILED' } (or your project's canonical error key)
rather than the literal message.
In @apps/frontend/src/renderer/components/settings/BedrockSettings.tsx:
- Around line 384-392: Replace the direct window.open call in the
BedrockSettings Button onClick handler with the IPC helper used elsewhere: call
window.electronAPI?.openExternal?.('https://docs.anthropic.com/en/docs/build-with-claude/claude-code/bedrock')
instead of window.open; update the onClick in the Button component inside
BedrockSettings (the handler currently using window.open) so it uses
window.electronAPI?.openExternal?.(...) to keep Electron renderer IPC patterns
and testability consistent.
- Around line 213-237: Add ARIA attributes to the collapsible header button in
BedrockSettings: set aria-expanded={isExpanded} on the <button> and add
aria-controls pointing to the collapsible panel's id (create a stable id like
"bedrock-settings-panel" or derive one from component props). Ensure the panel
element rendered when expanded has matching id="bedrock-settings-panel" (or the
chosen id) so screen readers can associate the button with the collapsible
content; keep existing onClick/handleToggleExpanded logic unchanged.
In @apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts:
- Line 65: The test stores requestAnimationFrame into originalRAF but never uses
it; either remove the const originalRAF = global.requestAnimationFrame
declaration, or restore it in the test cleanup by adding
global.requestAnimationFrame = originalRAF inside the afterEach hook (the
cleanup surrounding useXterm.test.ts). Ensure you reference and restore the
exact symbol originalRAF and place the restore in the existing afterEach so the
global requestAnimationFrame is returned to its original value.
In @apps/frontend/src/shared/types/project.ts:
- Around line 289-312: Convert BedrockConfig from a flat interface into a
discriminated union keyed by authMethod so TypeScript enforces required fields
per method: define BedrockConfig as one of three types (e.g., { authMethod:
'sso_profile'; awsRegion: string; awsProfile: string; ... }, { authMethod:
'access_keys'; awsRegion: string; awsAccessKeyId: string; awsSecretAccessKey:
string; awsSessionToken?: string; ... }, { authMethod: 'api_key'; awsRegion:
string; awsBearerTokenBedrock: string; ... }); keep BedrockAuthMethod if desired
but ensure awsRegion remains required on all variants and update any usages
expecting the old optional fields to match the new discriminated properties.
In @tests/test_auth_bedrock.py:
- Around line 93-119: Replace the current iterative duplicate detection in
test_sdk_env_vars_no_duplicates with a direct deterministic check: assert that
len(auth_module.SDK_ENV_VARS) == len(set(auth_module.SDK_ENV_VARS)), and if you
still want to show which items duplicate produce a deterministic list using
collections.Counter to find items with count > 1 and sort that list before
including it in the assertion message; update the test function
test_sdk_env_vars_no_duplicates to use this approach so failures are simpler and
deterministic.
- Around line 3-10: The test mutates sys.path (sys.path.insert(0, ...)) in
tests/test_auth_bedrock.py to import core.auth (aliased auth_module); remove
that mutation and instead provide a stable import path by adding a test-level
fixture or configuration: create or update conftest.py to adjust PYTHONPATH or
use pytest's importlib/mocker to add the project root/apps/backend to sys.path
before tests run (or better, make apps/backend an installable test dependency),
then update tests/test_auth_bedrock.py to import core.auth normally (import
core.auth as auth_module) without calling sys.path.insert.
- Around line 13-91: Add 1–2 pytest cases to tests/test_auth_bedrock.py that
assert require_claude_auth() behaves correctly when AWS env var aliases or
surrounding whitespace are present: add a test that sets AWS_DEFAULT_REGION
instead of AWS_REGION (with CLAUDE_CODE_USE_BEDROCK set) and expects the same
Bedrock-required behavior, and a test that sets CLAUDE_CODE_USE_BEDROCK to a
value with whitespace (e.g., " 1 " or " true ") and ensures
require_claude_auth() trims/accepts it consistently; reference the existing test
helpers and function under test (require_claude_auth and tests like
test_require_claude_auth_bedrock_requires_region) when adding these cases so
they follow the same monkeypatch pattern and assertions.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (42)
.gitignoreCLAUDE.mdapps/backend/.env.exampleapps/backend/analysis/insight_extractor.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/client.pyapps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/types/project.tsapps/frontend/src/shared/types/settings.tsguides/CLI-USAGE.mdtests/test_auth_bedrock.pytests/test_sdk_structured_output.py
🧰 Additional context used
📓 Path-based instructions (9)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/bedrock-encryption.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/bedrock-encryption.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/main/bedrock-encryption.ts
apps/frontend/src/shared/i18n/locales/**/*.json
📄 CodeRabbit inference engine (CLAUDE.md)
apps/frontend/src/shared/i18n/locales/**/*.json: Store translation strings in namespace-organized JSON files atapps/frontend/src/shared/i18n/locales/{lang}/*.jsonfor each supported language
When implementing new frontend features, add translation keys to all language files (minimum: en/.json and fr/.json)
Files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/phase_config.pyapps/backend/runners/insights_runner.pyapps/backend/cli/main.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/integrations/linear/updater.pyapps/backend/commit_message.pyapps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/run.pyapps/backend/core/client.pyapps/backend/core/auth.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/spec/compaction.pyapps/backend/cli/utils.pyapps/backend/core/workspace.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/phase_config.pyapps/backend/runners/insights_runner.pyapps/backend/cli/main.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/integrations/linear/updater.pyapps/backend/commit_message.pyapps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/run.pyapps/backend/core/client.pyapps/backend/core/auth.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/spec/compaction.pyapps/backend/cli/utils.pyapps/backend/core/workspace.py
tests/**
⚙️ CodeRabbit configuration file
tests/**: Ensure tests are comprehensive and follow pytest conventions.
Check for proper mocking and test isolation.
Files:
tests/test_auth_bedrock.pytests/test_sdk_structured_output.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/simple_client.pyapps/backend/core/client.pyapps/backend/core/auth.pyapps/backend/core/workspace.py
apps/backend/core/client.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Files:
apps/backend/core/client.py
apps/backend/.env*
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/.env*: Enable Electron MCP for E2E testing by settingELECTRON_MCP_ENABLED=truein.envand starting the Electron app withnpm run dev
Configure memory system credentials inapps/backend/.envand validate withgraphiti_config.py
Files:
apps/backend/.env.example
🧠 Learnings (16)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : Store translation strings in namespace-organized JSON files at `apps/frontend/src/shared/i18n/locales/{lang}/*.json` for each supported language
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2026-01-10T15:30:12.808Z
Learnt from: taniar88
Repo: AndyMik90/Auto-Claude PR: 883
File: apps/frontend/src/main/agent/agent-process.ts:21-21
Timestamp: 2026-01-10T15:30:12.808Z
Learning: Before adding a new language to AVAILABLE_LANGUAGES, ensure UI translations exist and are complete in apps/frontend/src/shared/i18n/locales. Do not advertise official support for a language until its locale files are fully translated and validated, to avoid user-facing issues.
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Store project-specific data including specs, plans, and QA reports in `.auto-claude/specs/` directory and add to .gitignore
Applied to files:
.gitignoreguides/CLI-USAGE.mdCLAUDE.md
📚 Learning: 2025-12-19T15:00:48.233Z
Learnt from: AndyMik90
Repo: AndyMik90/Auto-Claude PR: 41
File: auto-claude/qa/loop.py:126-136
Timestamp: 2025-12-19T15:00:48.233Z
Learning: In auto-claude/qa/loop.py, when creating clients for QA fixer sessions (including human feedback processing), use get_phase_model(spec_dir, "qa", model) instead of hardcoding "sonnet" as the fallback to support dynamic model selection based on profiles.
Applied to files:
apps/backend/phase_config.py
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/commit_message.pyapps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/merge/ai_resolver/claude_client.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/integrations/linear/updater.pyapps/backend/commit_message.pyapps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/run.pyapps/backend/core/client.pyapps/backend/.env.exampleapps/backend/core/auth.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/spec/compaction.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initialization
Applied to files:
apps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/integrations/linear/updater.pyapps/backend/commit_message.pyapps/backend/core/simple_client.pyapps/backend/analysis/insight_extractor.pyapps/backend/core/client.pyapps/backend/spec/compaction.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Configure memory system credentials in `apps/backend/.env` and validate with `graphiti_config.py`
Applied to files:
guides/CLI-USAGE.md
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx,jsx} : Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/ipc-handlers/settings-handlers.ts
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx} : Use `useTranslation()` hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2026-01-02T19:30:59.118Z
Learnt from: hluisi
Repo: AndyMik90/Auto-Claude PR: 0
File: :0-0
Timestamp: 2026-01-02T19:30:59.118Z
Learning: In the Claude Agent SDK (Python), PreToolUse hooks receive `cwd` (current working directory) in the `input_data` dictionary parameter, not in the `context` parameter. The hook signature is `async def hook(input_data: dict, tool_use_id: str | None, context: HookContext)` where `input_data["cwd"]` contains the working directory passed from `ClaudeAgentOptions(cwd=...)`. The `context` parameter is reserved for future use and does NOT contain `cwd`.
<!-- <review_comment_addressed>
Applied to files:
apps/backend/core/client.py
📚 Learning: 2026-01-04T23:59:48.743Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
Applied to files:
apps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Enable Electron MCP for E2E testing by setting `ELECTRON_MCP_ENABLED=true` in `.env` and starting the Electron app with `npm run dev`
Applied to files:
apps/frontend/src/main/agent/agent-process.test.ts
🧬 Code graph analysis (26)
apps/frontend/src/shared/types/settings.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.ts (2)
apps/frontend/src/main/services/profile/profile-service.ts (1)
createProfile(127-178)apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (1)
useIdeationAuth(4-67)
apps/frontend/src/main/agent/agent-queue.ts (2)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsx (1)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (1)
BedrockSettings(159-426)
apps/backend/runners/insights_runner.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/frontend/src/main/agent/agent-process.ts (3)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/rate-limit-detector.ts (1)
getProfileEnv(256-321)
tests/test_auth_bedrock.py (1)
apps/backend/core/auth.py (2)
require_claude_auth(116-135)is_bedrock_enabled(58-67)
apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (5)
expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)
apps/backend/integrations/linear/updater.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)
tests/test_sdk_structured_output.py (1)
apps/backend/core/auth.py (2)
is_bedrock_enabled(58-67)validate_bedrock_config(70-113)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (4)
apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287).design-system/src/components/Input.tsx (1)
Input(4-24)apps/frontend/src/renderer/components/project-settings/index.ts (1)
PasswordInput(19-19)apps/frontend/src/shared/types/project.ts (2)
BedrockConfig(291-301)BedrockAuthMethod(289-289)
apps/backend/commit_message.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)apps/backend/core/model_config.py (1)
get_utility_model_config(18-68)
apps/backend/core/simple_client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(397-422)require_claude_auth(116-135)
apps/frontend/src/main/updater/path-resolver.ts (1)
apps/frontend/src/__mocks__/electron.ts (1)
app(8-22)
apps/backend/core/client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(397-422)require_claude_auth(116-135)
apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockAuthMethod(289-289)
apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (2)
apps/frontend/src/shared/types/project.ts (1)
ProjectEnvConfig(304-373)apps/frontend/src/renderer/components/project-settings/index.ts (1)
ClaudeAuthSection(10-10)
apps/backend/merge/ai_resolver/claude_client.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/backend/spec/compaction.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)
apps/backend/cli/utils.py (1)
apps/backend/core/auth.py (3)
get_auth_token(228-250)get_auth_token_source(253-270)is_bedrock_enabled(58-67)
apps/backend/core/workspace.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (1)
apps/frontend/src/main/bedrock-encryption.ts (3)
hasPlaintextBedrockSecrets(99-107)encryptBedrockSecrets(49-65)decryptBedrockSecrets(71-87)
apps/frontend/src/main/rate-limit-detector.ts (4)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/bedrock-encryption.ts (1)
decryptBedrockSecrets(71-87)apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (9)
envConfig(23-23)isLoadingEnv(25-25)envError(26-26)updateEnvConfig(29-29)expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (javascript-typescript)
- GitHub Check: CodeQL (python)
apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts
Show resolved
Hide resolved
Comment on lines
+93
to
+119
| def test_sdk_env_vars_no_duplicates() -> None: | ||
| """Test that SDK_ENV_VARS list has no duplicate entries.""" | ||
| seen = set() | ||
| duplicates = [] | ||
| for var in auth_module.SDK_ENV_VARS: | ||
| if var in seen: | ||
| duplicates.append(var) | ||
| seen.add(var) | ||
|
|
||
| assert not duplicates, f"Duplicate SDK_ENV_VARS found: {duplicates}" | ||
|
|
||
|
|
||
| def test_sdk_env_vars_contains_bedrock_vars() -> None: | ||
| """Test that all required Bedrock env vars are included in SDK_ENV_VARS.""" | ||
| bedrock_vars = [ | ||
| "CLAUDE_CODE_USE_BEDROCK", | ||
| "AWS_REGION", | ||
| "AWS_PROFILE", | ||
| "AWS_ACCESS_KEY_ID", | ||
| "AWS_SECRET_ACCESS_KEY", | ||
| "AWS_SESSION_TOKEN", | ||
| "AWS_BEARER_TOKEN_BEDROCK", | ||
| ] | ||
|
|
||
| for var in bedrock_vars: | ||
| assert var in auth_module.SDK_ENV_VARS, f"{var} should be in SDK_ENV_VARS" | ||
|
|
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Simplify SDK_ENV_VARS duplicate check (clearer failure signal).
Current loop works, but you can make it more direct (and keep failing output deterministic) by comparing lengths of SDK_ENV_VARS and set(SDK_ENV_VARS) and/or using collections.Counter.
🤖 Prompt for AI Agents
In @tests/test_auth_bedrock.py around lines 93 - 119, Replace the current
iterative duplicate detection in test_sdk_env_vars_no_duplicates with a direct
deterministic check: assert that len(auth_module.SDK_ENV_VARS) ==
len(set(auth_module.SDK_ENV_VARS)), and if you still want to show which items
duplicate produce a deterministic list using collections.Counter to find items
with count > 1 and sort that list before including it in the assertion message;
update the test function test_sdk_env_vars_no_duplicates to use this approach so
failures are simpler and deterministic.
Author
CodeRabbit Issues AddressedThe following CodeRabbit review comments have been addressed in the latest commit: Fixed Issues
Additional Tests Added
Total test count: 26 (up from 9) |
This commit adds support for AWS Bedrock as an alternative to OAuth authentication, enabling users to run Auto-Claude with their own AWS credentials. Backend changes: - Add is_bedrock_enabled(), validate_bedrock_config(), require_claude_auth() functions in core/auth.py with comprehensive docstrings - Update all runners to use require_claude_auth() pattern - Support ANTHROPIC_MODEL env var override in core/models.py - Reduce cognitive complexity in commit_message.py via helper extraction Frontend changes: - Add BedrockSettings.tsx with full i18n support for configuration UI - Add bedrock-encryption.ts with secure encrypt/decrypt, input validation, and MASKED_VALUE constant for sensitive field handling - Update settings-handlers.ts with try/catch for encrypt/decrypt operations - Update agent-process.ts and agent-queue.ts to pass Bedrock env vars with highest priority to spawned processes - Update rate-limit-detector.ts getProfileEnv() to return decrypted vars - Refactor useIdeationAuth.ts to eliminate duplicate code - Extract buildSpawnEnv() helper in agent-queue.ts to reduce duplication Documentation: - Add guides/AWS-BEDROCK-SUPPORT-PLAN.md with implementation details - Update guides/CLI-USAGE.md with Bedrock authentication section - Update .env.example with Bedrock configuration options Testing: - Add tests/test_auth_bedrock.py with 9 comprehensive auth path tests - Update useIdeationAuth.test.ts with refactored test structure Signed-off-by: Eddie <[email protected]>
CyranoB
force-pushed
the
feature/aws-bedrock-support
branch
from
756409e to
22dc78f
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 19
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (10)
guides/CLI-USAGE.md (1)
56-68: Make the setup snippet reflect “credentials still required” and align Python minimum version.
The Bedrock snippet is fine, but the doc currently says “Python 3.9+” while the backend entrypoint enforces 3.10+ (and other repo docs mention 3.12+). Please align the minimum version in this guide to the actual supported minimum.apps/backend/.env.example (1)
174-202: Consider aligning.env.examplewith the repo’s “enable Electron MCP for E2E” guideline.
Right nowELECTRON_MCP_ENABLED=trueremains commented; if the intent is “on by default for E2E”, the example should reflect that (or the guideline should be softened). Based on learnings, configure and validate Graphiti viagraphiti_config.pyas well.apps/frontend/src/main/rate-limit-detector.ts (2)
248-346: Fix Bedrock env precedence: don’t override OAuth unless Bedrock config is minimally valid (AWS_REGION + credentials).
getBedrockEnvVars()always returns{ CLAUDE_CODE_USE_BEDROCK: '1' }, sogetProfileEnv()will always short-circuit to Bedrock wheneverbedrockEnabledis true—even if region/creds are missing—causing auth failures that are harder to diagnose. Also,decryptBedrockSecrets()should be guarded so settings corruption/crypto failures don’t crash the process.Proposed fix
export function getProfileEnv(profileId?: string): Record<string, string> { - const settings = readSettingsFile() as AppSettings | undefined; - - if (settings?.bedrockEnabled && settings?.bedrockConfig) { - const decryptedConfig = decryptBedrockSecrets(settings.bedrockConfig); - const bedrockEnv = getBedrockEnvVars(decryptedConfig); - if (Object.keys(bedrockEnv).length > 0) { - console.warn('[getProfileEnv] Using Bedrock authentication (global settings)'); - return bedrockEnv; - } - } + try { + const raw = readSettingsFile(); + const settings = raw as AppSettings | undefined; + + if (settings?.bedrockEnabled && settings?.bedrockConfig) { + const decryptedConfig = decryptBedrockSecrets(settings.bedrockConfig); + const bedrockEnv = getBedrockEnvVars(decryptedConfig); + // Only take precedence if Bedrock is actually usable. + if (bedrockEnv.AWS_REGION) { + console.warn('[getProfileEnv] Using Bedrock authentication (global settings)'); + return bedrockEnv; + } + } + } catch (err) { + console.warn('[getProfileEnv] Failed to load/decrypt Bedrock settings; falling back to profile auth.', err); + } const profileManager = getClaudeProfileManager(); const profile = profileId ? profileManager.getProfile(profileId) : profileManager.getActiveProfile(); @@ function getBedrockEnvVars(config: BedrockConfig): Record<string, string> { - const env: Record<string, string> = { - CLAUDE_CODE_USE_BEDROCK: '1' - }; + // Minimum requirement: region. If missing, return empty so we don't override OAuth. + if (!config.awsRegion) return {}; + + const env: Record<string, string> = { + CLAUDE_CODE_USE_BEDROCK: '1', + AWS_REGION: config.awsRegion + }; - if (config.awsRegion) { - env.AWS_REGION = config.awsRegion; - } - if (config.authMethod === 'sso_profile' && config.awsProfile) { env.AWS_PROFILE = config.awsProfile; } else if (config.authMethod === 'access_keys') { if (config.awsAccessKeyId) env.AWS_ACCESS_KEY_ID = config.awsAccessKeyId; if (config.awsSecretAccessKey) env.AWS_SECRET_ACCESS_KEY = config.awsSecretAccessKey; if (config.awsSessionToken) env.AWS_SESSION_TOKEN = config.awsSessionToken; } else if (config.authMethod === 'api_key' && config.awsBearerTokenBedrock) { env.AWS_BEARER_TOKEN_BEDROCK = config.awsBearerTokenBedrock; } + + // If no credential material was populated, don't override OAuth. + const hasCreds = + !!env.AWS_PROFILE || + (!!env.AWS_ACCESS_KEY_ID && !!env.AWS_SECRET_ACCESS_KEY) || + !!env.AWS_BEARER_TOKEN_BEDROCK; + if (!hasCreds) return {}; if (config.anthropicModel) env.ANTHROPIC_MODEL = config.anthropicModel; if (config.anthropicSmallFastModel) env.ANTHROPIC_SMALL_FAST_MODEL = config.anthropicSmallFastModel; return env; }
273-280: Avoid logging PII in main-process logs (email).
console.warn('[getProfileEnv] Active profile:', { ... email: profile?.email ... })can leak user identifiers into log files/crash reports.apps/backend/core/auth.py (1)
286-313: Windows auth guidance text appears incorrect vs implementation (credential files, not Credential Manager).Line 304: message says token is saved to “Windows Credential Manager”, but
_get_token_from_windows_credential_files()reads JSON files under%LOCALAPPDATA%/%APPDATA%. This is user-facing, so please align wording with the actual storage/read path.apps/backend/analysis/insight_extractor.py (1)
33-54: Critical: Bedrock users will never run extraction becauseis_extraction_enabled()still requires an OAuth token.Line 47-Line 52:
is_extraction_enabled()returnsFalsewhenget_auth_token()is missing, even if Bedrock is enabled—soextract_session_insights()exits before reaching the Bedrock-aware logic added later.Proposed patch (Bedrock-aware enabled check)
-from core.auth import ensure_claude_code_oauth_token, get_auth_token, is_bedrock_enabled +from core.auth import ( + ensure_claude_code_oauth_token, + get_auth_token, + is_bedrock_enabled, + require_claude_auth, +) @@ def is_extraction_enabled() -> bool: """Check if insight extraction is enabled.""" - # Extraction requires Claude SDK and authentication token + # Extraction requires Claude SDK and authentication (OAuth or Bedrock) if not SDK_AVAILABLE: return False - if not get_auth_token(): - return False + try: + require_claude_auth() + except ValueError: + return False enabled_str = os.environ.get("INSIGHT_EXTRACTION_ENABLED", "true").lower() return enabled_str in ("true", "1", "yes")apps/backend/runners/ai_analyzer/claude_client.py (1)
95-121: Route throughcreate_client()instead of directClaudeSDKClientinstantiation.The analyzer directly instantiates
ClaudeSDKClient(options=ClaudeAgentOptions(...)), bypassing the centralized client factory inapps/backend/core/client.py. This violates the repo guideline and misses out on:
- Security hooks (bash command validation via
PreToolUse)- Agent-specific tool permissions (an "analysis" agent config exists in AGENT_CONFIGS)
- MCP server lifecycle management
- Project index caching and performance optimizations
Refactor to use
create_client(project_dir, spec_dir, model, agent_type="analysis"). If analyzer doesn't need a spec directory, passproject_dirfor both parameters. Also remove the manual security settings file creation—create_client()handles this.apps/backend/integrations/linear/updater.py (2)
111-147: Userequire_claude_auth()return value to setCLAUDE_CODE_OAUTH_TOKEN(avoid redundant lookup).This avoids re-reading credentials and makes the OAuth path explicit.
Proposed fix
- require_claude_auth() - ensure_claude_code_oauth_token() + oauth_token = require_claude_auth() + if oauth_token is not None: + os.environ["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token + ensure_claude_code_oauth_token()
30-31: Backend guideline: prefercore.client.create_client()over directClaudeSDKClient()construction.If this “mini-agent” needs a minimal client, consider adding a small factory in
apps/backend/core/client.pyrather than duplicating SDK setup here. (As per coding guidelines/learnings.)Also applies to: 111-147
apps/backend/runners/insights_runner.py (1)
182-196: Usecreate_client()fromapps/backend/core/client.pyinstead of directClaudeSDKClientinstantiation.This runner bypasses the centralized security hooks, settings file, MCP server configuration, and auth setup that
create_client()provides. All AI interactions inapps/backend/**should use the factory function to ensure consistent security posture and tool permissions based on agent role.If the insights-specific customizations (system_prompt, allowed_tools, max_turns) are necessary, consider refactoring
create_client()to support optional parameter overrides or creating a dedicatedcreate_insights_client()factory.
🤖 Fix all issues with AI agents
In @.gitignore:
- Around line 169-171: Consolidate the duplicate "Auto Claude generated files"
entries by moving the new logs/security/ line into the existing "Auto Claude
generated files" section (the block that contains .security-key and the
surrounding separator comments) and remove the redundant trailing block that
currently contains ".security-key" and "logs/security/"; ensure the final
section uses the same separator/comment formatting and capitalization as the
original section so there is only one consistent "Auto Claude generated files"
block.
In @apps/backend/analysis/insight_extractor.py:
- Around line 355-361: The current block redundantly checks Bedrock and auth;
replace the dual checks with a single call to require_claude_auth() to validate
Bedrock/AWS config and authentication atomically (call require_claude_auth()
instead of using get_auth_token() and is_bedrock_enabled() separately), and keep
ensure_claude_code_oauth_token() only in the non-Bedrock path (i.e., call
ensure_claude_code_oauth_token() when require_claude_auth() indicates
non-Bedrock usage). Ensure any early-exit warning (logger.warning) is removed or
consolidated into require_claude_auth() usage so missing/partial AWS config
fails early.
In @apps/backend/cli/main.py:
- Around line 76-87: Update the CLI help text for CLAUDE_CODE_USE_BEDROCK to
reflect actual enablement semantics: mention that is_bedrock_enabled() accepts
multiple truthy values (e.g., "1/true/yes/on") rather than only "=1", and state
that Bedrock also requires AWS credentials (profile, access keys, or role) in
addition to AWS_REGION; update the Environment Variables block and the
CLAUDE_CODE_USE_BEDROCK description to convey these minimum requirements and
avoid implying "=1 only" suffices.
In @apps/backend/commit_message.py:
- Around line 189-204: The helper _extract_text_from_message currently performs
local imports of AssistantMessage and TextBlock inside the function; if
claude_agent_sdk is guaranteed to be present, move "from claude_agent_sdk.types
import AssistantMessage, TextBlock" to the module-level imports and remove the
try/except/ImportError branch and the runtime import guard inside
_extract_text_from_message, leaving the type checks and content extraction logic
(text_parts loop and return) intact; update any top-of-file import section to
include these symbols so the function uses them directly.
In @apps/backend/core/auth.py:
- Around line 70-114: Update validate_bedrock_config to accept
AWS_DEFAULT_REGION as a valid region source and normalize it to AWS_REGION for
downstream code: when is_bedrock_enabled() is true, check os.environ for
AWS_REGION first and if missing but AWS_DEFAULT_REGION is present, set
os.environ["AWS_REGION"] = os.environ["AWS_DEFAULT_REGION"] (or equivalent)
before proceeding; keep the existing missing-region ValueError only if neither
variable is set, and retain the rest of the credential checks (has_profile,
has_access_key_id, has_secret_key, has_bedrock_key) unchanged.
In @apps/backend/merge/ai_resolver/claude_client.py:
- Around line 37-52: Replace the manual auth gating logic with
require_claude_auth(): import require_claude_auth from core.auth, remove the
get_auth_token()/is_bedrock_enabled() conditional blocks and the separate
ensure_claude_code_oauth_token() call, and instead call require_claude_auth() in
a try/except ValueError block; on ValueError call logger.warning("No
authentication token found, AI resolution unavailable") and return AIResolver(),
otherwise proceed as before. Ensure you reference require_claude_auth,
AIResolver, logger, and remove the duplicated checks so Bedrock config
validation (e.g., AWS_REGION) is enforced centrally.
In @apps/backend/phase_config.py:
- Around line 98-113: The current ANTHROPIC_MODEL global override may return
whitespace-only values; when reading os.environ.get("ANTHROPIC_MODEL") (the
global_override variable) strip() the value and only return it if the stripped
string is non-empty; otherwise treat it as not set and continue with
model-specific env var, MODEL_ID_MAP, or passthrough logic (i.e., replace the
direct return of global_override with a trimmed-check and return only when
trimmed value is truthy).
In @apps/backend/run.py:
- Around line 25-31: Documentation and runtime version checks are inconsistent:
the entrypoint docstring lists prerequisites but the project requires Python
3.12+ elsewhere while the entrypoint enforces 3.10+. Update the entrypoint to
match the canonical project requirement (or vice versa): locate the version
check in run.py (the docstring block starting "Prerequisites" and the runtime
check using sys.version_info or a MIN_PYTHON_VERSION constant), and change the
enforced minimum from 3.10 to 3.12 (or update global docs to 3.10 if you intend
to downgrade); ensure the docstring and the runtime check use the same version
string/constant so both docs and enforcement are aligned.
In @apps/backend/runners/insights_runner.py:
- Line 36: The Bedrock path currently only "skips token" and defers AWS config
validation; replace that with a call to require_claude_auth() to validate
Bedrock configuration and perform OAuth setup when is_bedrock_enabled() is true.
Locate the block where ensure_claude_code_oauth_token / get_auth_token /
is_bedrock_enabled are used in insights_runner.py and: when is_bedrock_enabled()
would allow proceeding without a token, instead call require_claude_auth() to
validate config and return/set up the OAuth token (or raise/exit on invalid
config); update both the earlier import/site and the later similar block (the
region around the second use of these functions) so both entrypoints use
require_claude_auth() as the single validation/setup path.
In @apps/frontend/src/main/agent/agent-process.test.ts:
- Around line 100-101: Update the getPath mock in the test to match Electron's
signature by making vi.fn accept a name parameter (e.g., (name: string) =>
string) and return the appropriate fake path for that name; modify the mock
defined alongside getAppPath (the getPath vi.fn) to switch/lookup on common
names like "userData", "temp", "appData" and return defaults so the test better
mirrors app.getPath(name) behavior and improves type safety.
In @apps/frontend/src/main/agent/agent-queue.ts:
- Around line 34-62: The buildSpawnEnv function's precedence for profileEnv vs
apiProfileEnv when Bedrock is enabled/OAuth is subtle and needs clearer inline
comments; update the buildSpawnEnv function to add concise comments near the
conditional spreads that explain the intent: note that when isBedrockEnabled is
true the profileEnv must override apiProfileEnv (hence profileEnv is spread
after apiProfileEnv), and when false profileEnv should be shadowed by
apiProfileEnv for ANTHROPIC_* keys (hence profileEnv is spread before
apiProfileEnv), and explain why oauthModeClearVars is applied earlier; reference
the buildSpawnEnv function and the two conditional spread expressions
...(isBedrockEnabled ? {} : profileEnv) and ...(isBedrockEnabled ? profileEnv :
{}) when adding these comments.
In @apps/frontend/src/main/rate-limit-detector.ts:
- Around line 323-346: Duplicate Bedrock env var construction in
getBedrockEnvVars and the env-handlers logic should be extracted to a single
shared utility; create (or extend) a module like bedrock-utils.ts exporting a
function (e.g., buildBedrockEnv or getBedrockEnvVars) that accepts BedrockConfig
and returns the Record<string,string> with the same logic
(CLAUDE_CODE_USE_BEDROCK, AWS_REGION, AWS_PROFILE, AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_BEARER_TOKEN_BEDROCK,
ANTHROPIC_MODEL, ANTHROPIC_SMALL_FAST_MODEL), then replace the local
getBedrockEnvVars in rate-limit-detector.ts and the corresponding construction
in env-handlers.ts to import and call this shared function so both sites use the
same implementation.
In @CLAUDE.md:
- Around line 59-65: Update the CLAUDE.md Bedrock note to mention that setting
CLAUDE_CODE_USE_BEDROCK and AWS_REGION alone is not enough; the runtime also
requires AWS credentials discoverable via the default credential provider chain
(environment variables, AWS SSO, shared credentials/profile, or IAM role).
Reference the existing variables CLAUDE_CODE_USE_BEDROCK and AWS_REGION in the
note and add a short sentence like “Ensure AWS credentials are available via the
default provider chain (env vars, SSO, shared profile, or role).”
In @guides/CLI-USAGE.md:
- Around line 65-68: Add blank lines above and below the heading "# Option B:
AWS Bedrock" so the heading is separated by an empty line on both sides (and do
the same for the following code block if needed); update the lines around the
commented env vars "CLAUDE_CODE_USE_BEDROCK=1" and "AWS_REGION=us-east-1" to
ensure there is an empty line before the heading and an empty line after the
fenced code block to satisfy markdownlint MD022.
- Around line 195-200: Update the environment variables table so
`CLAUDE_CODE_OAUTH_TOKEN` is marked "Conditional" instead of "Yes" and clarify
its description to indicate it's required only when `CLAUDE_CODE_USE_BEDROCK` is
not enabled (e.g., "Required unless `CLAUDE_CODE_USE_BEDROCK=1`"); keep
`CLAUDE_CODE_USE_BEDROCK` and `AWS_REGION` entries as-is but ensure `AWS_REGION`
still indicates it is required when Bedrock is enabled.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (42)
.gitignoreCLAUDE.mdapps/backend/.env.exampleapps/backend/analysis/insight_extractor.pyapps/backend/cli/main.pyapps/backend/cli/utils.pyapps/backend/commit_message.pyapps/backend/core/auth.pyapps/backend/core/client.pyapps/backend/core/simple_client.pyapps/backend/core/workspace.pyapps/backend/integrations/linear/updater.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/phase_config.pyapps/backend/run.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/spec/compaction.pyapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/types/project.tsapps/frontend/src/shared/types/settings.tsguides/CLI-USAGE.mdtests/test_auth_bedrock.pytests/test_sdk_structured_output.py
🧰 Additional context used
📓 Path-based instructions (9)
apps/frontend/src/**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.ts
apps/frontend/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
Use
useTranslation()hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.ts
apps/frontend/**/*.{ts,tsx}
⚙️ CodeRabbit configuration file
apps/frontend/**/*.{ts,tsx}: Review React patterns and TypeScript type safety.
Check for proper state management and component composition.
Files:
apps/frontend/src/renderer/components/project-settings/hooks/useProjectSettings.tsapps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/shared/types/settings.tsapps/frontend/src/renderer/components/ideation/hooks/__tests__/useIdeationAuth.test.tsapps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.tsapps/frontend/src/shared/types/project.tsapps/frontend/src/main/ipc-handlers/env-handlers.tsapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/agent/agent-process.test.tsapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsxapps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsapps/frontend/src/main/rate-limit-detector.tsapps/frontend/src/main/bedrock-encryption.tsapps/frontend/src/main/updater/path-resolver.tsapps/frontend/src/main/ipc-handlers/settings-handlers.tsapps/frontend/src/main/agent/agent-process.tsapps/frontend/src/main/agent/agent-queue.ts
apps/backend/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/**/*.py: Always use the Claude Agent SDK (claude-agent-sdkpackage) for all AI interactions, never use the Anthropic API directly
Use thecreate_client()function fromapps/backend/core/client.pyto instantiate Claude SDK clients, not directClaudeSDKClientinitialization
Files:
apps/backend/cli/main.pyapps/backend/core/workspace.pyapps/backend/spec/compaction.pyapps/backend/core/auth.pyapps/backend/integrations/linear/updater.pyapps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/run.pyapps/backend/commit_message.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/cli/utils.pyapps/backend/phase_config.py
⚙️ CodeRabbit configuration file
apps/backend/**/*.py: Focus on Python best practices, type hints, and async patterns.
Check for proper error handling and security considerations.
Verify compatibility with Python 3.12+.
Files:
apps/backend/cli/main.pyapps/backend/core/workspace.pyapps/backend/spec/compaction.pyapps/backend/core/auth.pyapps/backend/integrations/linear/updater.pyapps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/run.pyapps/backend/commit_message.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.pyapps/backend/cli/utils.pyapps/backend/phase_config.py
apps/backend/core/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement dynamic command allowlisting based on detected project stack using
core/security.pyfor bash command validation
Files:
apps/backend/core/workspace.pyapps/backend/core/auth.pyapps/backend/core/simple_client.pyapps/backend/core/client.py
tests/**
⚙️ CodeRabbit configuration file
tests/**: Ensure tests are comprehensive and follow pytest conventions.
Check for proper mocking and test isolation.
Files:
tests/test_sdk_structured_output.pytests/test_auth_bedrock.py
apps/frontend/src/shared/i18n/locales/**/*.json
📄 CodeRabbit inference engine (CLAUDE.md)
apps/frontend/src/shared/i18n/locales/**/*.json: Store translation strings in namespace-organized JSON files atapps/frontend/src/shared/i18n/locales/{lang}/*.jsonfor each supported language
When implementing new frontend features, add translation keys to all language files (minimum: en/.json and fr/.json)
Files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
apps/backend/.env*
📄 CodeRabbit inference engine (CLAUDE.md)
apps/backend/.env*: Enable Electron MCP for E2E testing by settingELECTRON_MCP_ENABLED=truein.envand starting the Electron app withnpm run dev
Configure memory system credentials inapps/backend/.envand validate withgraphiti_config.py
Files:
apps/backend/.env.example
apps/backend/core/client.py
📄 CodeRabbit inference engine (CLAUDE.md)
Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Files:
apps/backend/core/client.py
🧠 Learnings (16)
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Store project-specific data including specs, plans, and QA reports in `.auto-claude/specs/` directory and add to .gitignore
Applied to files:
.gitignoreguides/CLI-USAGE.mdCLAUDE.md
📚 Learning: 2026-01-04T12:37:52.222Z
Learnt from: StillKnotKnown
Repo: AndyMik90/Auto-Claude PR: 648
File: apps/frontend/src/renderer/components/settings/ModelSearchableSelect.tsx:262-265
Timestamp: 2026-01-04T12:37:52.222Z
Learning: Dropdown components in apps/frontend/src/renderer/components/settings use a fixed max-height (e.g., max-h-60) with internal overflow-y-auto scrolling. This pattern is intentional and prevents dropdowns from extending beyond the viewport; do not add dynamic viewport positioning or clipping-prevention logic for these components. If you add new dropdowns in this area, follow the same fixed-height + internal-scroll approach for consistency.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
📚 Learning: 2026-01-04T23:59:45.209Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:45.209Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings) can be deferred for future i18n cleanup passes. Do not fix such issues in PRs that do not introduce new i18n violations, especially in frontend TSX components (e.g., apps/frontend/**/*.tsx). If a PR adds new i18n violations, address them in that PR.
Applied to files:
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsxapps/frontend/src/renderer/components/settings/sections/SectionRouter.tsxapps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/renderer/components/project-settings/GeneralSettings.tsxapps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Configure memory system credentials in `apps/backend/.env` and validate with `graphiti_config.py`
Applied to files:
guides/CLI-USAGE.mdapps/backend/.env.example
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx,jsx} : Always use i18n translation keys for all user-facing text in the frontend instead of hardcoded strings
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/main/ipc-handlers/settings-handlers.ts
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : When implementing new frontend features, add translation keys to all language files (minimum: en/*.json and fr/*.json)
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.jsonapps/frontend/src/main/ipc-handlers/settings-handlers.ts
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/**/*.{ts,tsx} : Use `useTranslation()` hook with namespace prefixes (e.g., 'navigation:items.key') for accessing translation strings in React components
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/frontend/src/shared/i18n/locales/**/*.json : Store translation strings in namespace-organized JSON files at `apps/frontend/src/shared/i18n/locales/{lang}/*.json` for each supported language
Applied to files:
apps/frontend/src/renderer/components/settings/BedrockSettings.tsxapps/frontend/src/shared/i18n/locales/fr/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/.env* : Enable Electron MCP for E2E testing by setting `ELECTRON_MCP_ENABLED=true` in `.env` and starting the Electron app with `npm run dev`
Applied to files:
apps/frontend/src/main/agent/agent-process.test.ts
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Always use the Claude Agent SDK (`claude-agent-sdk` package) for all AI interactions, never use the Anthropic API directly
Applied to files:
apps/backend/spec/compaction.pyapps/backend/core/auth.pyapps/backend/integrations/linear/updater.pyapps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/run.pyapps/backend/.env.exampleapps/backend/commit_message.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/**/*.py : Use the `create_client()` function from `apps/backend/core/client.py` to instantiate Claude SDK clients, not direct `ClaudeSDKClient` initialization
Applied to files:
apps/backend/spec/compaction.pyapps/backend/integrations/linear/updater.pyapps/backend/core/simple_client.pyapps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.py
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/core/client.py : Implement agent-specific tool permissions in the Claude SDK client based on agent role (planner, coder, qa_reviewer, qa_fixer)
Applied to files:
apps/backend/integrations/linear/updater.pyapps/backend/core/simple_client.pyapps/backend/merge/ai_resolver/claude_client.pyapps/backend/runners/insights_runner.pyapps/backend/runners/ai_analyzer/claude_client.pyapps/backend/commit_message.pyapps/backend/core/client.pyapps/backend/analysis/insight_extractor.py
📚 Learning: 2026-01-02T19:30:59.118Z
Learnt from: hluisi
Repo: AndyMik90/Auto-Claude PR: 0
File: :0-0
Timestamp: 2026-01-02T19:30:59.118Z
Learning: In the Claude Agent SDK (Python), PreToolUse hooks receive `cwd` (current working directory) in the `input_data` dictionary parameter, not in the `context` parameter. The hook signature is `async def hook(input_data: dict, tool_use_id: str | None, context: HookContext)` where `input_data["cwd"]` contains the working directory passed from `ClaudeAgentOptions(cwd=...)`. The `context` parameter is reserved for future use and does NOT contain `cwd`.
<!-- <review_comment_addressed>
Applied to files:
apps/backend/runners/ai_analyzer/claude_client.pyapps/backend/core/client.py
📚 Learning: 2026-01-10T15:30:12.808Z
Learnt from: taniar88
Repo: AndyMik90/Auto-Claude PR: 883
File: apps/frontend/src/main/agent/agent-process.ts:21-21
Timestamp: 2026-01-10T15:30:12.808Z
Learning: Before adding a new language to AVAILABLE_LANGUAGES, ensure UI translations exist and are complete in apps/frontend/src/shared/i18n/locales. Do not advertise official support for a language until its locale files are fully translated and validated, to avoid user-facing issues.
Applied to files:
apps/frontend/src/shared/i18n/locales/fr/settings.jsonapps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2026-01-04T23:59:48.743Z
Learnt from: MikeeBuilds
Repo: AndyMik90/Auto-Claude PR: 661
File: apps/frontend/src/renderer/components/onboarding/OllamaModelSelector.tsx:176-189
Timestamp: 2026-01-04T23:59:48.743Z
Learning: In the AndyMik90/Auto-Claude repository, pre-existing i18n issues (hardcoded user-facing strings that should be localized) can be deferred to future i18n cleanup passes rather than requiring immediate fixes in PRs that don't introduce new i18n violations.
Applied to files:
apps/frontend/src/shared/i18n/locales/en/settings.json
📚 Learning: 2025-12-30T16:38:36.314Z
Learnt from: CR
Repo: AndyMik90/Auto-Claude PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-30T16:38:36.314Z
Learning: Applies to apps/backend/prompts/**/*.md : Agent prompts should be stored as markdown files in `apps/backend/prompts/` with descriptive names matching their purpose
Applied to files:
apps/backend/.env.example
🧬 Code graph analysis (24)
apps/frontend/src/renderer/components/settings/IntegrationSettings.tsx (2)
apps/frontend/src/renderer/components/settings/BedrockSettings.tsx (1)
BedrockSettings(159-426)apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (1)
settings(15-15)
apps/frontend/src/shared/types/settings.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/renderer/components/ideation/hooks/useIdeationAuth.ts (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (2)
error(18-18)setError(19-19)
apps/frontend/src/main/ipc-handlers/env-handlers.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockAuthMethod(289-289)
apps/frontend/src/renderer/components/settings/sections/SectionRouter.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (9)
envConfig(23-23)isLoadingEnv(25-25)envError(26-26)updateEnvConfig(29-29)expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
apps/backend/core/workspace.py (2)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)apps/backend/core/workspace/models.py (1)
ParallelMergeResult(43-50)
apps/frontend/src/renderer/components/project-settings/GeneralSettings.tsx (3)
apps/frontend/src/shared/types/project.ts (1)
ProjectEnvConfig(304-373)apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (10)
versionInfo(20-20)expandedSections(38-38)toggleSection(39-39)envConfig(23-23)isLoadingEnv(25-25)envError(26-26)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)updateEnvConfig(29-29)apps/frontend/src/renderer/components/project-settings/index.ts (1)
ClaudeAuthSection(10-10)
apps/backend/spec/compaction.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)
apps/frontend/src/renderer/components/settings/ProjectSettingsContent.tsx (1)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (5)
expandedSections(38-38)toggleSection(39-39)isCheckingClaudeAuth(46-46)claudeAuthStatus(47-47)handleClaudeSetup(55-55)
tests/test_auth_bedrock.py (1)
apps/backend/core/auth.py (2)
require_claude_auth(116-135)is_bedrock_enabled(58-67)
apps/backend/integrations/linear/updater.py (2)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)apps/backend/phase_config.py (1)
resolve_model_id(93-128)
apps/backend/core/simple_client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(397-422)require_claude_auth(116-135)
apps/backend/merge/ai_resolver/claude_client.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/backend/runners/insights_runner.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/frontend/src/main/rate-limit-detector.ts (3)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/frontend/src/main/bedrock-encryption.ts (1)
apps/frontend/src/shared/types/project.ts (1)
BedrockConfig(291-301)
apps/backend/runners/ai_analyzer/claude_client.py (1)
apps/backend/core/auth.py (1)
require_claude_auth(116-135)
apps/frontend/src/main/updater/path-resolver.ts (1)
apps/frontend/src/__mocks__/electron.ts (1)
app(8-22)
apps/frontend/src/main/ipc-handlers/settings-handlers.ts (2)
apps/frontend/src/renderer/components/settings/utils/hookProxyFactory.ts (2)
settings(15-15)error(18-18)apps/frontend/src/main/bedrock-encryption.ts (3)
hasPlaintextBedrockSecrets(99-107)encryptBedrockSecrets(49-65)decryptBedrockSecrets(71-87)
apps/frontend/src/main/agent/agent-process.ts (3)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)apps/frontend/src/main/rate-limit-detector.ts (1)
getProfileEnv(256-321)
apps/frontend/src/main/agent/agent-queue.ts (2)
apps/frontend/src/main/settings-utils.ts (1)
readSettingsFile(29-43)apps/frontend/src/shared/types/settings.ts (1)
AppSettings(219-287)
apps/backend/core/client.py (1)
apps/backend/core/auth.py (2)
get_sdk_env_vars(397-422)require_claude_auth(116-135)
apps/backend/analysis/insight_extractor.py (1)
apps/backend/core/auth.py (3)
ensure_claude_code_oauth_token(425-437)get_auth_token(228-250)is_bedrock_enabled(58-67)
apps/backend/cli/utils.py (1)
apps/backend/core/auth.py (3)
get_auth_token(228-250)get_auth_token_source(253-270)is_bedrock_enabled(58-67)
🪛 markdownlint-cli2 (0.18.1)
guides/CLI-USAGE.md
67-67: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: CodeQL (python)
- GitHub Check: CodeQL (javascript-typescript)
Comment on lines
169
to
171
| # Auto Claude generated files | ||
| .security-key | ||
| logs/security/ |
Contributor
There was a problem hiding this comment.
Consolidate duplicate "Auto Claude Generated" sections.
There are two separate "Auto Claude Generated" sections in the file:
- Lines 56-63: Properly formatted with separator comments
- Lines 169-171: Redundant section with inconsistent formatting (missing separators, different capitalization)
The new logs/security/ entry should be added to the existing section (lines 56-63) rather than creating a duplicate. This aligns with the PR objectives, which note that duplicate section comments were consolidated.
🔧 Proposed consolidation
# ===========================
# Auto Claude Generated
# ===========================
.auto-claude/
.auto-build-security.json
.auto-claude-security.json
.auto-claude-status
.claude_settings.json
.update-metadata.json
+.security-key
+logs/security/
# ===========================
# Python (apps/backend)
# ===========================Then remove the duplicate section at lines 169-171.
🤖 Prompt for AI Agents
In @.gitignore around lines 169 - 171, Consolidate the duplicate "Auto Claude
generated files" entries by moving the new logs/security/ line into the existing
"Auto Claude generated files" section (the block that contains .security-key and
the surrounding separator comments) and remove the redundant trailing block that
currently contains ".security-key" and "logs/security/"; ensure the final
section uses the same separator/comment formatting and capitalization as the
original section so there is only one consistent "Auto Claude generated files"
block.
Comment on lines
+355
to
361
| if not get_auth_token() and not is_bedrock_enabled(): | ||
| logger.warning("No authentication token found, skipping insight extraction") | ||
| return None | ||
|
|
||
| # Ensure SDK can find the token | ||
| ensure_claude_code_oauth_token() | ||
| if not is_bedrock_enabled(): | ||
| ensure_claude_code_oauth_token() | ||
|
|
Contributor
There was a problem hiding this comment.
Also validate Bedrock config here (use require_claude_auth() once) instead of duplicating checks.
Line 355-Line 361: after the fix above, you can simplify this block to a single require_claude_auth() call (and keep ensure_claude_code_oauth_token() only for non-Bedrock). This prevents late failures due to missing/partial AWS config.
🤖 Prompt for AI Agents
In @apps/backend/analysis/insight_extractor.py around lines 355 - 361, The
current block redundantly checks Bedrock and auth; replace the dual checks with
a single call to require_claude_auth() to validate Bedrock/AWS config and
authentication atomically (call require_claude_auth() instead of using
get_auth_token() and is_bedrock_enabled() separately), and keep
ensure_claude_code_oauth_token() only in the non-Bedrock path (i.e., call
ensure_claude_code_oauth_token() when require_claude_auth() indicates
non-Bedrock usage). Ensure any early-exit warning (logger.warning) is removed or
consolidated into require_claude_auth() usage so missing/partial AWS config
fails early.
Comment on lines
76
to
87
| Prerequisites: | ||
| 1. Create a spec first: claude /spec | ||
| 2. Run 'claude setup-token' and set CLAUDE_CODE_OAUTH_TOKEN | ||
| 2. Authenticate with Claude Code: | ||
| - OAuth: run 'claude setup-token' and set CLAUDE_CODE_OAUTH_TOKEN | ||
| - Bedrock: set CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION | ||
| Environment Variables: | ||
| CLAUDE_CODE_OAUTH_TOKEN Your Claude Code OAuth token (required) | ||
| CLAUDE_CODE_OAUTH_TOKEN OAuth token (required unless Bedrock enabled) | ||
| Get it by running: claude setup-token | ||
| CLAUDE_CODE_USE_BEDROCK Enable Bedrock auth (optional) | ||
| AWS_REGION Required when Bedrock enabled | ||
| AUTO_BUILD_MODEL Override default model (optional) |
Contributor
There was a problem hiding this comment.
Clarify Bedrock enablement semantics + minimum required config in CLI help (avoid “=1 only” implication).
Backend is_bedrock_enabled() accepts multiple truthy values (e.g., true/yes/on), and Bedrock also needs credentials (profile/keys/role) in addition to AWS_REGION; the help text currently reads like only =1 + AWS_REGION is sufficient.
Proposed tweak (help text only)
- - Bedrock: set CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION
+ - Bedrock: set CLAUDE_CODE_USE_BEDROCK=1 (or true/yes/on) and AWS_REGION (+ valid AWS credentials/profile)
...
- CLAUDE_CODE_USE_BEDROCK Enable Bedrock auth (optional)
+ CLAUDE_CODE_USE_BEDROCK Enable Bedrock auth (optional; truthy: 1/true/yes/on)
AWS_REGION Required when Bedrock enabled📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| Prerequisites: | |
| 1. Create a spec first: claude /spec | |
| 2. Run 'claude setup-token' and set CLAUDE_CODE_OAUTH_TOKEN | |
| 2. Authenticate with Claude Code: | |
| - OAuth: run 'claude setup-token' and set CLAUDE_CODE_OAUTH_TOKEN | |
| - Bedrock: set CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION | |
| Environment Variables: | |
| CLAUDE_CODE_OAUTH_TOKEN Your Claude Code OAuth token (required) | |
| CLAUDE_CODE_OAUTH_TOKEN OAuth token (required unless Bedrock enabled) | |
| Get it by running: claude setup-token | |
| CLAUDE_CODE_USE_BEDROCK Enable Bedrock auth (optional) | |
| AWS_REGION Required when Bedrock enabled | |
| AUTO_BUILD_MODEL Override default model (optional) | |
| Prerequisites: | |
| 1. Create a spec first: claude /spec | |
| 2. Authenticate with Claude Code: | |
| - OAuth: run 'claude setup-token' and set CLAUDE_CODE_OAUTH_TOKEN | |
| - Bedrock: set CLAUDE_CODE_USE_BEDROCK=1 (or true/yes/on) and AWS_REGION (+ valid AWS credentials/profile) | |
| Environment Variables: | |
| CLAUDE_CODE_OAUTH_TOKEN OAuth token (required unless Bedrock enabled) | |
| Get it by running: claude setup-token | |
| CLAUDE_CODE_USE_BEDROCK Enable Bedrock auth (optional; truthy: 1/true/yes/on) | |
| AWS_REGION Required when Bedrock enabled | |
| AUTO_BUILD_MODEL Override default model (optional) |
🤖 Prompt for AI Agents
In @apps/backend/cli/main.py around lines 76 - 87, Update the CLI help text for
CLAUDE_CODE_USE_BEDROCK to reflect actual enablement semantics: mention that
is_bedrock_enabled() accepts multiple truthy values (e.g., "1/true/yes/on")
rather than only "=1", and state that Bedrock also requires AWS credentials
(profile, access keys, or role) in addition to AWS_REGION; update the
Environment Variables block and the CLAUDE_CODE_USE_BEDROCK description to
convey these minimum requirements and avoid implying "=1 only" suffices.
Comment on lines
+163
to
180
| if not get_auth_token() and not is_bedrock_enabled(): | ||
| print("Error: No OAuth token found") | ||
| print("\nAuto Claude requires Claude Code OAuth authentication.") | ||
| print("Direct API keys (ANTHROPIC_API_KEY) are not supported.") | ||
| print("\nTo authenticate, run:") | ||
| print("\nAlternatively, use AWS Bedrock:") | ||
| print(" Set CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION") | ||
| print("\nTo authenticate with OAuth, run:") | ||
| print(" claude setup-token") | ||
| valid = False | ||
| else: | ||
| # Show which auth source is being used | ||
| source = get_auth_token_source() | ||
| if source: | ||
| print(f"Auth: {source}") | ||
| if is_bedrock_enabled(): | ||
| region = os.environ.get("AWS_REGION", "not set") | ||
| print(f"Auth: AWS Bedrock (region: {region})") | ||
| else: | ||
| source = get_auth_token_source() | ||
| if source: | ||
| print(f"Auth: {source}") | ||
|
|
Contributor
There was a problem hiding this comment.
Fail fast when Bedrock is enabled but misconfigured (at minimum require AWS_REGION; ideally call validate_bedrock_config()).
Right now is_bedrock_enabled() bypasses the “No OAuth token found” error even if AWS_REGION is unset, and the CLI proceeds in a state that will likely fail deeper in execution.
Proposed fix (use existing Bedrock validator)
-from core.auth import get_auth_token, get_auth_token_source, is_bedrock_enabled
+from core.auth import (
+ get_auth_token,
+ get_auth_token_source,
+ is_bedrock_enabled,
+ validate_bedrock_config,
+)
def validate_environment(spec_dir: Path) -> bool:
@@
- if not get_auth_token() and not is_bedrock_enabled():
+ if is_bedrock_enabled():
+ try:
+ validate_bedrock_config()
+ except ValueError as e:
+ print(f"Error: Bedrock authentication is enabled but invalid: {e}")
+ valid = False
+ elif not get_auth_token():
print("Error: No OAuth token found")
print("\nAuto Claude requires Claude Code OAuth authentication.")
print("Direct API keys (ANTHROPIC_API_KEY) are not supported.")
print("\nAlternatively, use AWS Bedrock:")
print(" Set CLAUDE_CODE_USE_BEDROCK=1 and AWS_REGION")
print("\nTo authenticate with OAuth, run:")
print(" claude setup-token")
valid = False
else:
if is_bedrock_enabled():
region = os.environ.get("AWS_REGION", "not set")
print(f"Auth: AWS Bedrock (region: {region})")
else:
source = get_auth_token_source()
if source:
print(f"Auth: {source}")
Comment on lines
+189
to
+204
| def _extract_text_from_message(msg) -> str: | ||
| """Extract text content from an AssistantMessage.""" | ||
| try: | ||
| from claude_agent_sdk.types import AssistantMessage, TextBlock | ||
| except ImportError: | ||
| return "" | ||
|
|
||
| Reads model/thinking settings from environment variables: | ||
| - UTILITY_MODEL_ID: Full model ID (e.g., "claude-haiku-4-5-20251001") | ||
| - UTILITY_THINKING_BUDGET: Thinking budget tokens (e.g., "1024") | ||
| """ | ||
| from core.auth import ensure_claude_code_oauth_token, get_auth_token | ||
| if not isinstance(msg, AssistantMessage) or not hasattr(msg, "content"): | ||
| return "" | ||
|
|
||
| text_parts = [] | ||
| for block in msg.content: | ||
| if isinstance(block, TextBlock) and hasattr(block, "text"): | ||
| text_parts.append(block.text) | ||
| return "".join(text_parts) | ||
|
|
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider moving imports to module level if SDK is always available.
The function imports AssistantMessage and TextBlock inside the function body (lines 192-194), which is inefficient if called repeatedly. If claude_agent_sdk is a required dependency (per coding guidelines), these imports should be at the module level.
However, if the current pattern is intentional for optional dependency handling or graceful degradation, it's acceptable as-is.
♻️ Proposed refactor (if SDK is always available)
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+ from claude_agent_sdk.types import AssistantMessage
+
+try:
+ from claude_agent_sdk.types import AssistantMessage, TextBlock
+ _HAS_SDK = True
+except ImportError:
+ _HAS_SDK = False
def _extract_text_from_message(msg) -> str:
"""Extract text content from an AssistantMessage."""
- try:
- from claude_agent_sdk.types import AssistantMessage, TextBlock
- except ImportError:
+ if not _HAS_SDK:
return ""
if not isinstance(msg, AssistantMessage) or not hasattr(msg, "content"):
return ""
text_parts = []
for block in msg.content:
if isinstance(block, TextBlock) and hasattr(block, "text"):
text_parts.append(block.text)
return "".join(text_parts)Based on learnings, the Claude Agent SDK should always be used for AI interactions in apps/backend/**/*.py.
🤖 Prompt for AI Agents
In @apps/backend/commit_message.py around lines 189 - 204, The helper
_extract_text_from_message currently performs local imports of AssistantMessage
and TextBlock inside the function; if claude_agent_sdk is guaranteed to be
present, move "from claude_agent_sdk.types import AssistantMessage, TextBlock"
to the module-level imports and remove the try/except/ImportError branch and the
runtime import guard inside _extract_text_from_message, leaving the type checks
and content extraction logic (text_parts loop and return) intact; update any
top-of-file import section to include these symbols so the function uses them
directly.
Comment on lines
+85
to
+89
| <Button variant="outline" size="sm" onClick={handleStartEdit}> | ||
| Change | ||
| </Button> | ||
| <Button variant="ghost" size="sm" onClick={handleClear}> | ||
| Clear |
Contributor
There was a problem hiding this comment.
Hardcoded button labels should use i18n translation keys.
Per coding guidelines, all user-facing text in frontend components must use i18n translation keys. The "Change" and "Clear" button labels are hardcoded strings in this new component.
Proposed fix
- <Button variant="outline" size="sm" onClick={handleStartEdit}>
- Change
- </Button>
- <Button variant="ghost" size="sm" onClick={handleClear}>
- Clear
- </Button>
+ <Button variant="outline" size="sm" onClick={handleStartEdit}>
+ {t('common:buttons.change')}
+ </Button>
+ <Button variant="ghost" size="sm" onClick={handleClear}>
+ {t('common:buttons.clear')}
+ </Button>Also add the translation keys to en/common.json and fr/common.json:
{
"buttons": {
"change": "Change",
"clear": "Clear"
}
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| <Button variant="outline" size="sm" onClick={handleStartEdit}> | |
| Change | |
| </Button> | |
| <Button variant="ghost" size="sm" onClick={handleClear}> | |
| Clear | |
| <Button variant="outline" size="sm" onClick={handleStartEdit}> | |
| {t('common:buttons.change')} | |
| </Button> | |
| <Button variant="ghost" size="sm" onClick={handleClear}> | |
| {t('common:buttons.clear')} | |
| </Button> |
Comment on lines
64
to
68
| // Mock requestAnimationFrame for jsdom environment (not provided by default) | ||
| const originalRAF = global.requestAnimationFrame; | ||
| global.requestAnimationFrame = vi.fn((cb: FrameRequestCallback) => setTimeout(cb, 0) as unknown as number); | ||
| global.cancelAnimationFrame = vi.fn((id: number) => clearTimeout(id)); | ||
|
|
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.ts | head -200Repository: AndyMik90/Auto-Claude
Length of output: 7239
🏁 Script executed:
# Check if there are more timer-related patterns in the test file
grep -n "runAllTimersAsync\|useFakeTimers\|Promise(setTimeout\|await new Promise" apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsRepository: AndyMik90/Auto-Claude
Length of output: 1114
🏁 Script executed:
# Check what's exported from Vitest and look for version info
find . -name "package.json" -path "*/frontend*" | head -5 | xargs grep -l "vitest" | head -1 | xargs cat | grep -A 5 '"vitest"'Repository: AndyMik90/Auto-Claude
Length of output: 438
🏁 Script executed:
# Search for other RAF/CAF usage in the test or related files
rg "requestAnimationFrame|cancelAnimationFrame|runAllTimersAsync" apps/frontend/src --type ts --type tsx -B 2 -A 2Repository: AndyMik90/Auto-Claude
Length of output: 92
🏁 Script executed:
# Search for RAF/CAF usage correctly
rg "requestAnimationFrame|cancelAnimationFrame|runAllTimersAsync" apps/frontend/src --type typescript -B 2 -A 2Repository: AndyMik90/Auto-Claude
Length of output: 99
🏁 Script executed:
# Check if useFakeTimers is used anywhere
rg "useFakeTimers" apps/frontend/src --type typescriptRepository: AndyMik90/Auto-Claude
Length of output: 99
🏁 Script executed:
# Check Vitest documentation and actual mock restoration behavior
# Let's look at how vi.restoreAllMocks works with direct global assignments
python3 << 'EOF'
# Vitest 4.x behavior:
# vi.restoreAllMocks() restores mocks created via vi.fn() and vi.mock()
# However, it does NOT revert direct global assignments like:
# global.requestAnimationFrame = vi.fn(...)
# To restore, you need explicit assignment:
# global.requestAnimationFrame = originalRAF
# Also, vi.runAllTimersAsync() only flushes timers if vi.useFakeTimers() is active
# Without vi.useFakeTimers(), real setTimeout timers are used and won't be flushed
print("Key findings:")
print("1. vi.restoreAllMocks() does NOT revert direct global assignments")
print("2. vi.runAllTimersAsync() requires vi.useFakeTimers() to be active")
print("3. The test uses real timers with setTimeout but calls runAllTimersAsync")
print("4. RAF/CAF mocks assigned globally can leak to other tests")
EOFRepository: AndyMik90/Auto-Claude
Length of output: 343
🏁 Script executed:
# Check if there are multiple test files in the same suite that might be affected
find apps/frontend/src -path "*__tests__/*.test.ts" -o -path "*__tests__/*.test.tsx" | wc -lRepository: AndyMik90/Auto-Claude
Length of output: 67
🏁 Script executed:
# Look for other RAF/CAF mocks that might conflict
rg "global\.requestAnimationFrame|global\.cancelAnimationFrame" apps/frontend --type typescriptRepository: AndyMik90/Auto-Claude
Length of output: 99
🏁 Script executed:
# Search for global RAF/CAF assignments without type flag
rg "global\.requestAnimationFrame|global\.cancelAnimationFrame" apps/frontendRepository: AndyMik90/Auto-Claude
Length of output: 818
🏁 Script executed:
# Check the entire test file from line 187-196 to confirm cleanup
sed -n '187,196p' apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsRepository: AndyMik90/Auto-Claude
Length of output: 421
🏁 Script executed:
# Check a few other test files to see if they also override global RAF/CAF
fd "\.test\." apps/frontend/src --max-results 5 -x grep -l "requestAnimationFrame\|cancelAnimationFrame" {}Repository: AndyMik90/Auto-Claude
Length of output: 276
🏁 Script executed:
# Check the setup.ts file to understand the global RAF/CAF setup
cat -n apps/frontend/src/__tests__/setup.ts | head -50Repository: AndyMik90/Auto-Claude
Length of output: 1853
🏁 Script executed:
# Look for test files that might be affected by the global RAF/CAF assignment
fd "\.test\." apps/frontend/src | head -10Repository: AndyMik90/Auto-Claude
Length of output: 667
🏁 Script executed:
# Confirm that originalCAF is NOT captured (only originalRAF is)
sed -n '64,68p' apps/frontend/src/renderer/components/terminal/__tests__/useXterm.test.tsRepository: AndyMik90/Auto-Claude
Length of output: 372
🏁 Script executed:
# Check if Vitest 4.0.16 requires vi.useFakeTimers() for runAllTimersAsync
python3 << 'EOF'
# Verify the issue:
# 1. Line 65 captures originalRAF but NOT originalCAF
# 2. Line 188: vi.restoreAllMocks() only restores mock call history
# 3. The vi.fn() assignments remain in place after restoreAllMocks()
# 4. line 190: runAllTimersAsync() without vi.useFakeTimers() won't work
print("Analysis Summary:")
print("================")
print("Issue 1: originalCAF not captured (line 67 missing capture)")
print("Issue 2: afterEach doesn't restore globals - only vi.restoreAllMocks()")
print("Issue 3: vi.runAllTimersAsync() requires vi.useFakeTimers() (not present)")
print("Issue 4: Test uses many 'await new Promise(setTimeout)' patterns")
print("\nConclusion: Review comment is CORRECT - globals leak and timer flushing is ineffective")
EOFRepository: AndyMik90/Auto-Claude
Length of output: 457
Restore requestAnimationFrame and cancelAnimationFrame globals in afterEach and fix timer flushing.
Direct global assignment at lines 66–67 bypasses vi.restoreAllMocks() cleanup, leaving mocks in place for subsequent test files and breaking isolation. Additionally, originalCAF is never captured (line 67 has no backup), and vi.runAllTimersAsync() at line 190 won't flush timers without vi.useFakeTimers() enabled—the test currently uses real setTimeout. The 16 instances of await new Promise(resolve => setTimeout(resolve, 0)) indicate fragile real-time scheduling.
Proposed fix
// Mock requestAnimationFrame for jsdom environment (not provided by default)
const originalRAF = global.requestAnimationFrame;
+const originalCAF = global.cancelAnimationFrame;
-global.requestAnimationFrame = vi.fn((cb: FrameRequestCallback) => setTimeout(cb, 0) as unknown as number);
-global.cancelAnimationFrame = vi.fn((id: number) => clearTimeout(id));
+global.requestAnimationFrame = vi.fn((cb: FrameRequestCallback) => {
+ queueMicrotask(() => cb(performance.now()));
+ return 0 as unknown as number;
+});
+global.cancelAnimationFrame = vi.fn((_id: number) => {}); afterEach(async () => {
vi.restoreAllMocks();
- // Flush any pending timers to prevent unhandled errors after test cleanup
- await vi.runAllTimersAsync().catch(() => {});
+ // Restore RAF globals (vi.restoreAllMocks won't revert direct assignment)
+ global.requestAnimationFrame = originalRAF;
+ global.cancelAnimationFrame = originalCAF;Alternatively, switch to vi.useFakeTimers() globally (in beforeEach) and replace scattered await new Promise(setTimeout...) calls with await vi.runOnlyPendingTimersAsync() for deterministic timer control.
Comment on lines
59
to
65
| # Set up OAuth token | ||
| claude setup-token | ||
| # Add to apps/backend/.env: CLAUDE_CODE_OAUTH_TOKEN=your-token | ||
| # Or use AWS Bedrock instead: | ||
| # CLAUDE_CODE_USE_BEDROCK=1 | ||
| # AWS_REGION=us-east-1 | ||
| ``` |
Contributor
There was a problem hiding this comment.
Doc update is clear; consider mentioning “AWS credentials via default chain” in the Bedrock note.
Right now the snippet lists CLAUDE_CODE_USE_BEDROCK + AWS_REGION, but some users may miss that credentials still need to be discoverable (env/SSO/profile/role).
🤖 Prompt for AI Agents
In @CLAUDE.md around lines 59 - 65, Update the CLAUDE.md Bedrock note to mention
that setting CLAUDE_CODE_USE_BEDROCK and AWS_REGION alone is not enough; the
runtime also requires AWS credentials discoverable via the default credential
provider chain (environment variables, AWS SSO, shared credentials/profile, or
IAM role). Reference the existing variables CLAUDE_CODE_USE_BEDROCK and
AWS_REGION in the note and add a short sentence like “Ensure AWS credentials are
available via the default provider chain (env vars, SSO, shared profile, or
role).”
Comment on lines
+65
to
68
| # Option B: AWS Bedrock | ||
| # CLAUDE_CODE_USE_BEDROCK=1 | ||
| # AWS_REGION=us-east-1 | ||
| ``` |
Contributor
There was a problem hiding this comment.
Fix markdownlint MD022 (blank lines around headings) in this area.
CI/static analysis reports MD022 near this section; please add surrounding blank lines where a heading is missing them.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
67-67: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
68-68: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
🤖 Prompt for AI Agents
In @guides/CLI-USAGE.md around lines 65 - 68, Add blank lines above and below
the heading "# Option B: AWS Bedrock" so the heading is separated by an empty
line on both sides (and do the same for the following code block if needed);
update the lines around the commented env vars "CLAUDE_CODE_USE_BEDROCK=1" and
"AWS_REGION=us-east-1" to ensure there is an empty line before the heading and
an empty line after the fenced code block to satisfy markdownlint MD022.
Comment on lines
195
to
200
| | Variable | Required | Description | | ||
| |----------|----------|-------------| | ||
| | `CLAUDE_CODE_OAUTH_TOKEN` | Yes | OAuth token from `claude setup-token` | | ||
| | `CLAUDE_CODE_USE_BEDROCK` | No | Enable AWS Bedrock auth (set to 1) | | ||
| | `AWS_REGION` | Conditional | Required when Bedrock is enabled | | ||
| | `AUTO_BUILD_MODEL` | No | Model override (default: claude-opus-4-5-20251101) | |
Contributor
There was a problem hiding this comment.
CLAUDE_CODE_OAUTH_TOKEN should be “Conditional”, not always required, when Bedrock is supported.
With Bedrock enabled, OAuth token isn’t required, so the table should reflect conditional requirement (OAuth-only) to avoid incorrect setup guidance.
Proposed doc tweak
-| `CLAUDE_CODE_OAUTH_TOKEN` | Yes | OAuth token from `claude setup-token` |
+| `CLAUDE_CODE_OAUTH_TOKEN` | Conditional | OAuth token from `claude setup-token` (required when Bedrock is NOT enabled) |
| `CLAUDE_CODE_USE_BEDROCK` | No | Enable AWS Bedrock auth (set to 1) |
| `AWS_REGION` | Conditional | Required when Bedrock is enabled |🤖 Prompt for AI Agents
In @guides/CLI-USAGE.md around lines 195 - 200, Update the environment variables
table so `CLAUDE_CODE_OAUTH_TOKEN` is marked "Conditional" instead of "Yes" and
clarify its description to indicate it's required only when
`CLAUDE_CODE_USE_BEDROCK` is not enabled (e.g., "Required unless
`CLAUDE_CODE_USE_BEDROCK=1`"); keep `CLAUDE_CODE_USE_BEDROCK` and `AWS_REGION`
entries as-is but ensure `AWS_REGION` still indicates it is required when
Bedrock is enabled.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds AWS Bedrock as an alternative authentication method to OAuth for users who prefer to use their own AWS infrastructure.
Changes
Backend (
apps/backend/)core/auth.py: New functionsis_bedrock_enabled(),validate_bedrock_config(),require_claude_auth()for dual auth path supportcore/client.py&simple_client.py: Use newrequire_claude_auth()patterncore/models.py: SupportANTHROPIC_MODELenv var for Bedrock model overridecommit_message.py: Refactored to reduce cognitive complexity (SonarQube compliance)Frontend (
apps/frontend/)BedrockSettings.tsx: Full configuration UI with:bedrock-encryption.ts: Encrypt/decrypt Bedrock secrets at restsettings-handlers.ts: Auto-encrypt on save, decrypt on load, migrate plaintext secretsagent-process.ts&agent-queue.ts: Bedrock env vars get highest priority when enableduseIdeationAuth.ts: Refactored to eliminate duplicate auth check logicDocumentation
guides/CLI-USAGE.md: Added Bedrock authentication sectionguides/AWS-BEDROCK-SUPPORT-PLAN.md: Implementation planTests
tests/test_auth_bedrock.py: 9 tests covering:How It Works
CLAUDE_CODE_USE_BEDROCK=1in environmentAWS_REGION(required)AWS_ACCESS_KEY_ID+AWS_SECRET_ACCESS_KEYAWS_ROLE_ARNWhen Bedrock is enabled, OAuth token is not required. The Claude SDK uses Bedrock as the backend instead of Anthropic's API.
Testing
Screenshots
The Bedrock settings panel appears in Settings when the feature is enabled, allowing users to configure their AWS region and credentials.
Summary by CodeRabbit
New Features
Documentation
Tests
Chores
✏️ Tip: You can customize this high-level summary in your review settings.