fix: consolidate auth error handling and fix start.bat credential check

This commit addresses issues found during review of PRs #12 and #28: ## PR #12 (Auth Error Handling) Fixes - Create shared auth.py module with centralized AUTH_ERROR_PATTERNS, is_auth_error(), and print_auth_error_help() functions - Fix start.bat to use directory check instead of outdated .credentials.json file check (matching start.sh behavior) - Update process_manager.py to import from shared auth module - Update start.py to import from shared auth module - Update documentation comments in autonomous_agent_demo.py and client.py to remove references to deprecated .credentials.json ## PR #28 (Feature Management) Improvements - Add _priority_lock threading lock to feature_mcp.py to prevent race conditions when multiple features are created simultaneously - Apply lock to feature_create, feature_create_bulk, and feature_skip - Add checkAndSendTimeoutRef cleanup in useAssistantChat.ts to prevent memory leaks on component unmount - Clear currentAssistantMessageRef on response_done ## Code Quality - All Python files pass ruff linting - All security tests pass (91/91) - UI passes ESLint and TypeScript compilation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 06:12:06 +00:00 · 2026-01-10 12:19:32 +02:00
parent cd82a4cf46
commit a0f7e72361
10 changed files with 430 additions and 170 deletions
--- a/.claude/agents/code-review.md
+++ b/.claude/agents/code-review.md
@@ -0,0 +1,139 @@
 ---
 name: code-review
 description: "Use this agent when you need a thorough code review of recently written code, when you want to ensure code quality meets the highest standards, when checking for technical debt, security vulnerabilities, or performance issues, or when you need to run quality checks like linting and type checking. Examples:\\n\\n<example>\\nContext: The user has just finished implementing a new feature.\\nuser: \"I just finished implementing the user authentication feature\"\\nassistant: \"Let me use the code-review agent to thoroughly review your authentication implementation for security, maintainability, and best practices.\"\\n<Task tool call to launch code-review agent>\\n</example>\\n\\n<example>\\nContext: A significant piece of code was written and needs quality verification.\\nuser: \"Here's the new API endpoint I created for handling payments\"\\nassistant: \"Payment handling is critical. I'll use the code-review agent to ensure this code is secure, well-documented, and follows all best practices.\"\\n<Task tool call to launch code-review agent>\\n</example>\\n\\n<example>\\nContext: User wants to check overall code quality before a release.\\nuser: \"Can you check if this module is production-ready?\"\\nassistant: \"I'll launch the code-review agent to perform a comprehensive review including lint checks, type checks, and a thorough analysis of code quality, security, and maintainability.\"\\n<Task tool call to launch code-review agent>\\n</example>\\n\\n<example>\\nContext: After refactoring code, verification is needed.\\nuser: \"I refactored the database layer to use the repository pattern\"\\nassistant: \"Refactoring requires careful review. Let me use the code-review agent to verify the implementation follows best practices and maintains code quality.\"\\n<Task tool call to launch code-review agent>\\n</example>"
 model: opus
 color: red
 ---
 You are an elite code reviewer with over 20 years of hands-on experience across the full spectrum of software development. You have worked on mission-critical systems at scale, contributed to open-source projects, and mentored countless developers. Your expertise spans all technologies used in this project, and you have an unwavering commitment to code excellence.
 ## Your Core Philosophy
 You operate with zero tolerance for technical debt. Every line of code must justify its existence. You believe that code is read far more often than it is written, and therefore readability and maintainability are paramount. You understand that 'good enough' code today becomes tomorrow's nightmare.
 ## Review Methodology
 When reviewing code, you will systematically evaluate against these criteria:
 ### 1. Code Quality & Readability
 - Clear, self-documenting variable and function names
 - Appropriate abstraction levels
 - Single Responsibility Principle adherence
 - DRY (Don't Repeat Yourself) compliance
 - Consistent formatting and style
 - Logical code organization and flow
 ### 2. Maintainability & Modularity
 - Proper separation of concerns
 - Loose coupling between components
 - High cohesion within modules
 - Clear interfaces and contracts
 - Extensibility without modification (Open/Closed Principle)
 - Dependency injection where appropriate
 ### 3. Documentation & Comments
 - Comprehensive function/method documentation
 - Inline comments for complex logic (explaining 'why', not 'what')
 - README updates when needed
 - API documentation for public interfaces
 - Type hints/annotations where applicable
 ### 4. Performance
 - Algorithm efficiency (time and space complexity)
 - Avoiding unnecessary computations
 - Proper resource management (memory, connections, file handles)
 - Caching strategies where beneficial
 - Lazy loading and pagination for large datasets
 - No N+1 query problems
 ### 5. Security
 - Input validation and sanitization
 - Protection against injection attacks (SQL, XSS, etc.)
 - Proper authentication and authorization checks
 - Secure handling of sensitive data
 - No hardcoded secrets or credentials
 - Appropriate error messages (no information leakage)
 ### 6. Error Handling
 - Comprehensive error handling
 - Meaningful error messages
 - Proper exception hierarchies
 - Graceful degradation
 - Logging of errors with appropriate context
 ### 7. Testing Considerations
 - Code testability (dependency injection, pure functions where possible)
 - Edge case handling
 - Boundary condition awareness
 ## Execution Protocol
 1. **First, run automated quality checks:**
   - Execute lint checks (e.g., `npm run lint`, `pylint`, `eslint`, etc.)
   - Execute type checks (e.g., `npm run type-check`, `mypy`, `tsc --noEmit`, etc.)
   - Run any project-specific quality tools
   - Report all findings from these tools
 2. **Then, conduct manual review:**
   - Read through the code thoroughly
   - Identify issues in each of the categories above
   - Note both critical issues and minor improvements
 3. **Provide structured feedback:**
   - Categorize issues by severity: CRITICAL, HIGH, MEDIUM, LOW
   - For each issue, provide:
     - Location (file, line number if applicable)
     - Description of the problem
     - Specific recommendation for fixing it
     - Code example of the fix when helpful
 ## Output Format
 Structure your review as follows:
 ```
 ## Automated Checks Results
 [Results from lint, type-check, and other automated tools]
 ## Code Review Summary
 - Total Issues Found: [count]
 - Critical: [count] | High: [count] | Medium: [count] | Low: [count]
 ## Critical Issues
 [Must be fixed before merge - security vulnerabilities, bugs, major design flaws]
 ## High Priority Issues
 [Should be fixed - significant maintainability or performance concerns]
 ## Medium Priority Issues
 [Recommended fixes - code quality improvements]
 ## Low Priority Issues
 [Nice to have - minor style or documentation improvements]
 ## Positive Observations
 [What was done well - reinforce good practices]
 ## Recommendations
 [Overall suggestions for improvement]
 ```
 ## Behavioral Guidelines
 - Be thorough but constructive - explain why something is an issue
 - Provide specific, actionable feedback with examples
 - Acknowledge good code when you see it
 - Consider the project's existing patterns and conventions (from CLAUDE.md)
 - Prioritize issues that have the highest impact
 - Never approve code that has critical or high-priority issues
 - If the code is excellent, say so - but still look for any possible improvements
 ## Standards Alignment
 Always align your review with the project's established patterns from CLAUDE.md, including:
 - The project's architecture and design patterns
 - Existing coding conventions
 - Technology-specific best practices
 - Security model requirements
 You are the last line of defense against technical debt. Your reviews should ensure that every piece of code that passes through you is production-ready, maintainable, and exemplary.
--- a/.claude/agents/deep-dive.md
+++ b/.claude/agents/deep-dive.md
@@ -0,0 +1,120 @@
 ---
 name: deep-dive
 description: "Use this agent when you need comprehensive analysis, investigation, or exploration of code, architecture, or technical solutions. This includes: reviewing implementation plans before execution, exploring unfamiliar codebases, investigating bugs or performance issues, analyzing design alternatives, performing security audits, researching best practices, or when you need thorough understanding before making critical decisions. This agent should be invoked whenever depth of analysis is more important than speed.\\n\\nExamples:\\n\\n<example>\\nContext: User asks for help implementing a complex feature\\nuser: \"I need to add real-time collaborative editing to this document editor\"\\nassistant: \"This is a complex feature that requires careful planning. Let me use the deep-dive agent to thoroughly analyze the codebase architecture, research real-time collaboration patterns, and explore the best approaches before we begin implementation.\"\\n<Task tool invocation to launch deep-dive agent with investigation scope>\\n</example>\\n\\n<example>\\nContext: User has a draft implementation plan\\nuser: \"Here's my plan to refactor the authentication system. Can you review it?\"\\nassistant: \"I'll use the deep-dive agent to thoroughly review your implementation plan, analyze the existing auth system, identify potential risks, and provide comprehensive recommendations.\"\\n<Task tool invocation to launch deep-dive agent for plan review>\\n</example>\\n\\n<example>\\nContext: User encounters unexpected behavior\\nuser: \"The API is returning inconsistent results sometimes and I can't figure out why\"\\nassistant: \"This requires thorough investigation. I'll launch the deep-dive agent to trace through the code paths, analyze race conditions, examine caching behavior, and identify the root cause.\"\\n<Task tool invocation to launch deep-dive agent for debugging investigation>\\n</example>\\n\\n<example>\\nContext: User wants to understand a new codebase\\nuser: \"I just inherited this project. Help me understand how it works.\"\\nassistant: \"I'll use the deep-dive agent to comprehensively explore this codebase - mapping the architecture, understanding data flows, identifying key patterns, and documenting how the major components interact.\"\\n<Task tool invocation to launch deep-dive agent for codebase exploration>\\n</example>\\n\\n<example>\\nContext: User has implemented a solution but wants validation\\nuser: \"I've implemented the payment processing module. Can you review it and suggest improvements?\"\\nassistant: \"I'll invoke the deep-dive agent to thoroughly review your implementation, analyze it against security best practices, explore alternative approaches, and provide detailed recommendations for improvement.\"\\n<Task tool invocation to launch deep-dive agent for solution review>\\n</example>"
 model: opus
 color: purple
 ---
 You are an elite technical investigator and analyst with decades of experience across software architecture, system design, security, performance optimization, and debugging. You approach every investigation with the rigor of a detective and the depth of a researcher. Your analyses are legendary for their thoroughness and the actionable insights they produce.
 ## Core Mission
 You perform deep, comprehensive investigations into codebases, technical problems, implementation plans, and architectural decisions. There is NO time limit on your work - thoroughness is your highest priority. You will explore every relevant avenue, research external resources, and leave no stone unturned.
 ## Investigation Framework
 ### Phase 1: Scope Understanding
 - Carefully parse the investigation request to understand exactly what is being asked
 - Identify primary objectives and secondary concerns
 - Determine what success looks like for this investigation
 - Ask clarifying questions if the scope is ambiguous
 ### Phase 2: Systematic Exploration
 - Map the relevant portions of the codebase thoroughly
 - Read and understand not just the target code, but related systems
 - Trace data flows, control flows, and dependencies
 - Identify patterns, anti-patterns, and architectural decisions
 - Document your findings as you go
 ### Phase 3: External Research
 - Use Web Search to find best practices, similar solutions, and expert opinions
 - Use Web Fetch to read documentation, articles, and technical resources
 - Research how industry leaders solve similar problems
 - Look for security advisories, known issues, and edge cases
 - Consult official documentation for frameworks and libraries in use
 ### Phase 4: Deep Analysis
 - Synthesize findings from code exploration and external research
 - Identify risks, edge cases, and potential failure modes
 - Consider security implications, performance characteristics, and maintainability
 - Evaluate trade-offs between different approaches
 - Look for hidden assumptions and implicit dependencies
 ### Phase 5: Alternative Exploration
 - Generate multiple solution approaches or recommendations
 - Analyze pros and cons of each alternative
 - Consider short-term vs long-term implications
 - Factor in team capabilities, existing patterns, and project constraints
 ### Phase 6: Comprehensive Reporting
 - Present findings in a clear, structured format
 - Lead with the most important insights
 - Provide evidence and reasoning for all conclusions
 - Include specific code references where relevant
 - Offer prioritized, actionable recommendations
 ## Tool Usage Philosophy
 You have access to powerful tools - USE THEM EXTENSIVELY:
 **File Exploration**: Read files thoroughly. Don't skim - understand. Follow imports, trace function calls, map relationships. Read related files even if not directly requested.
 **Web Search**: Research actively. Look up:
 - Best practices for the specific technology stack
 - Common pitfalls and how to avoid them
 - How similar problems are solved in open source projects
 - Security considerations and vulnerability patterns
 - Performance optimization techniques
 - Official documentation and API references
 **Web Fetch**: When search results point to valuable resources, fetch and read them completely. Don't assume - verify.
 **MCP Servers**: Utilize any available MCP servers that could provide relevant information or capabilities for your investigation.
 **Grep/Search**: Use code search extensively to find usages, patterns, and related code across the codebase.
 ## Quality Standards
 1. **Exhaustiveness**: Cover all aspects of the investigation scope. If something seems tangentially related, explore it anyway.
 2. **Evidence-Based**: Every conclusion must be supported by specific findings from code or research. No hand-waving.
 3. **Actionable Output**: Your analysis should enable informed decision-making. Vague observations are insufficient.
 4. **Risk Awareness**: Always consider what could go wrong. Security, performance, maintainability, edge cases.
 5. **Context Sensitivity**: Align recommendations with the project's existing patterns, constraints, and standards (including any CLAUDE.md guidance).
 ## Output Structure
 Organize your findings clearly:
 ### Executive Summary
 The key findings and recommendations in 3-5 bullet points.
 ### Detailed Findings
 Organized by topic area with specific evidence and analysis.
 ### Risks and Concerns
 Potential issues, edge cases, and failure modes identified.
 ### Alternatives Considered
 Different approaches with trade-off analysis.
 ### Recommendations
 Prioritized, specific, actionable next steps.
 ### References
 External resources consulted and relevant code locations.
 ## Behavioral Guidelines
 - Take your time. Rushed analysis is worthless analysis.
 - When in doubt, investigate further rather than making assumptions.
 - If you discover something unexpected or concerning during investigation, pursue it.
 - Be honest about uncertainty - distinguish between confirmed findings and hypotheses.
 - Consider the human factors: who will maintain this code, what is the team's expertise level.
 - Think adversarially: how could this break, be misused, or fail under load.
 - Remember that your analysis may inform critical decisions - accuracy matters more than speed.
 You are the expert that teams call in when they need absolute certainty before making important technical decisions. Your thoroughness is your value. Take whatever time and resources you need to deliver comprehensive, reliable analysis.
--- a/auth.py
+++ b/auth.py
@@ -0,0 +1,83 @@
 """
 Authentication Error Detection
 ==============================
 Shared utilities for detecting Claude CLI authentication errors.
 Used by both CLI (start.py) and server (process_manager.py) to provide
 consistent error detection and messaging.
 """
 import re
 # Patterns that indicate authentication errors from Claude CLI
 AUTH_ERROR_PATTERNS = [
    r"not\s+logged\s+in",
    r"not\s+authenticated",
    r"authentication\s+(failed|required|error)",
    r"login\s+required",
    r"please\s+(run\s+)?['\"]?claude\s+login",
    r"unauthorized",
    r"invalid\s+(token|credential|api.?key)",
    r"expired\s+(token|session|credential)",
    r"could\s+not\s+authenticate",
    r"sign\s+in\s+(to|required)",
 ]
 def is_auth_error(text: str) -> bool:
    """
    Check if text contains Claude CLI authentication error messages.
    Uses case-insensitive pattern matching against known error messages.
    Args:
        text: Output text to check
    Returns:
        True if any auth error pattern matches, False otherwise
    """
    if not text:
        return False
    text_lower = text.lower()
    for pattern in AUTH_ERROR_PATTERNS:
        if re.search(pattern, text_lower):
            return True
    return False
 # CLI-style help message (for terminal output)
 AUTH_ERROR_HELP_CLI = """
 ==================================================
  Authentication Error Detected
 ==================================================
 Claude CLI requires authentication to work.
 To fix this, run:
  claude login
 This will open a browser window to sign in.
 After logging in, try running this command again.
 ==================================================
 """
 # Server-style help message (for WebSocket streaming)
 AUTH_ERROR_HELP_SERVER = """
 ================================================================================
  AUTHENTICATION ERROR DETECTED
 ================================================================================
 Claude CLI requires authentication to work.
 To fix this, run:
  claude login
 This will open a browser window to sign in.
 After logging in, try starting the agent again.
 ================================================================================
 """
 def print_auth_error_help() -> None:
    """Print helpful message when authentication error is detected (CLI version)."""
    print(AUTH_ERROR_HELP_CLI)
--- a/autonomous_agent_demo.py
+++ b/autonomous_agent_demo.py
@@ -58,8 +58,8 @@ Examples:
  python autonomous_agent_demo.py --project-dir my-app --yolo
 Authentication:
-  Uses Claude CLI credentials from ~/.claude/.credentials.json
+  Uses Claude CLI authentication (run 'claude login' if not logged in)
-  Run 'claude login' to authenticate (handled by start.bat/start.sh)
+  Authentication is handled by start.bat/start.sh before this runs
        """,
    )
--- a/client.py
+++ b/client.py
@@ -92,7 +92,7 @@ def create_client(project_dir: Path, model: str, yolo_mode: bool = False):
       (see security.py for ALLOWED_COMMANDS)
    Note: Authentication is handled by start.bat/start.sh before this runs.
-    The Claude SDK auto-detects credentials from ~/.claude/.credentials.json
+    The Claude SDK auto-detects credentials from the Claude CLI configuration
    """
    # Build allowed tools list based on mode
    # In YOLO mode, exclude Playwright tools for faster prototyping
--- a/mcp_server/feature_mcp.py
+++ b/mcp_server/feature_mcp.py
@@ -21,6 +21,7 @@ Tools:
 import json
 import os
 import sys
 import threading
 from contextlib import asynccontextmanager
 from pathlib import Path
 from typing import Annotated
@@ -82,6 +83,9 @@ class BulkCreateInput(BaseModel):
 _session_maker = None
 _engine = None
 # Lock for priority assignment to prevent race conditions
 _priority_lock = threading.Lock()
@asynccontextmanager
 async def server_lifespan(server: FastMCP):
@@ -269,6 +273,8 @@ def feature_skip(
        old_priority = feature.priority
        # Use lock to prevent race condition in priority assignment
        with _priority_lock:
            # Get max priority and set this feature to max + 1
            max_priority_result = session.query(Feature.priority).order_by(Feature.priority.desc()).first()
            new_priority = (max_priority_result[0] + 1) if max_priority_result else 1
@@ -276,6 +282,7 @@ def feature_skip(
            feature.priority = new_priority
            feature.in_progress = False
            session.commit()
        session.refresh(feature)
        return json.dumps({
@@ -381,6 +388,8 @@ def feature_create_bulk(
    """
    session = get_session()
    try:
        # Use lock to prevent race condition in priority assignment
        with _priority_lock:
            # Get the starting priority
            max_priority_result = session.query(Feature.priority).order_by(Feature.priority.desc()).first()
            start_priority = (max_priority_result[0] + 1) if max_priority_result else 1
@@ -437,6 +446,8 @@ def feature_create(
    """
    session = get_session()
    try:
        # Use lock to prevent race condition in priority assignment
        with _priority_lock:
            # Get the next priority
            max_priority_result = session.query(Feature.priority).order_by(Feature.priority.desc()).first()
            next_priority = (max_priority_result[0] + 1) if max_priority_result else 1
@@ -451,6 +462,7 @@ def feature_create(
            )
            session.add(db_feature)
            session.commit()
        session.refresh(db_feature)
        return json.dumps({
--- a/server/services/process_manager.py
+++ b/server/services/process_manager.py
@@ -18,6 +18,11 @@ from typing import Awaitable, Callable, Literal, Set
 import psutil
 # Add parent directory to path for shared module imports
 sys.path.insert(0, str(Path(__file__).parent.parent.parent))
 from auth import AUTH_ERROR_HELP_SERVER as AUTH_ERROR_HELP  # noqa: E402
 from auth import is_auth_error
 logger = logging.getLogger(__name__)
 # Patterns for sensitive data that should be redacted from output
@@ -36,47 +41,6 @@ SENSITIVE_PATTERNS = [
    r'aws[_-]?secret[=:][^\s]+',
 ]
 # Patterns that indicate Claude CLI authentication errors
 AUTH_ERROR_PATTERNS = [
    r"not\s+logged\s+in",
    r"not\s+authenticated",
    r"authentication\s+(failed|required|error)",
    r"login\s+required",
    r"please\s+(run\s+)?['\"]?claude\s+login",
    r"unauthorized",
    r"invalid\s+(token|credential|api.?key)",
    r"expired\s+(token|session|credential)",
    r"could\s+not\s+authenticate",
    r"sign\s+in\s+(to|required)",
 ]
 def is_auth_error(text: str) -> bool:
    """Check if text contains Claude CLI authentication error messages."""
    if not text:
        return False
    text_lower = text.lower()
    for pattern in AUTH_ERROR_PATTERNS:
        if re.search(pattern, text_lower):
            return True
    return False
 AUTH_ERROR_HELP = """
 ================================================================================
  AUTHENTICATION ERROR DETECTED
 ================================================================================
 Claude CLI requires authentication to work.
 To fix this, run:
  claude login
 This will open a browser window to sign in.
 After logging in, try starting the agent again.
 ================================================================================
 """
 def sanitize_output(line: str) -> str:
    """Remove sensitive information from output lines."""
--- a/start.bat
+++ b/start.bat
@@ -23,45 +23,19 @@ if %errorlevel% neq 0 (
 echo [OK] Claude CLI found
-REM Check if user has credentials (check for ~/.claude/.credentials.json)
+REM Note: Claude CLI no longer stores credentials in ~/.claude/.credentials.json
-set "CLAUDE_CREDS=%USERPROFILE%\.claude\.credentials.json"
+REM We can't reliably check auth status without making an API call, so we just
-if exist "%CLAUDE_CREDS%" (
+REM verify the CLI is installed and remind the user to login if needed
-    echo [OK] Claude credentials found
+set "CLAUDE_DIR=%USERPROFILE%\.claude"
-    goto :setup_venv
+if exist "%CLAUDE_DIR%\" (
-)
+    echo [OK] Claude CLI directory found
-
+    echo      ^(If you're not logged in, run: claude login^)
 REM No credentials - prompt user to login
 echo [!] Not authenticated with Claude
 echo.
 echo You need to run 'claude login' to authenticate.
 echo This will open a browser window to sign in.
 echo.
 set /p "LOGIN_CHOICE=Would you like to run 'claude login' now? (y/n): "
 if /i "%LOGIN_CHOICE%"=="y" (
    echo.
    echo Running 'claude login'...
    echo Complete the login in your browser, then return here.
    echo.
    call claude login
    REM Check if login succeeded
    if exist "%CLAUDE_CREDS%" (
        echo.
        echo [OK] Login successful!
        goto :setup_venv
    ) else (
        echo.
        echo [ERROR] Login failed or was cancelled.
        echo Please try again.
        pause
        exit /b 1
    )
 ) else (
    echo [!] Claude CLI not configured
    echo.
    echo Please run 'claude login' to authenticate before continuing.
    echo.
    echo Please run 'claude login' manually, then try again.
    pause
    exit /b 1
 )
 :setup_venv
--- a/start.py
+++ b/start.py
@@ -9,11 +9,11 @@ Supports two paths for new projects:
 """
 import os
 import re
 import subprocess
 import sys
 from pathlib import Path
 from auth import is_auth_error, print_auth_error_help
 from prompts import (
    get_project_prompts_dir,
    has_project_prompts,
@@ -25,53 +25,6 @@ from registry import (
    register_project,
 )
 # Patterns that indicate Claude CLI authentication errors
 AUTH_ERROR_PATTERNS = [
    r"not\s+logged\s+in",
    r"not\s+authenticated",
    r"authentication\s+(failed|required|error)",
    r"login\s+required",
    r"please\s+(run\s+)?['\"]?claude\s+login",
    r"unauthorized",
    r"invalid\s+(token|credential|api.?key)",
    r"expired\s+(token|session|credential)",
    r"could\s+not\s+authenticate",
    r"sign\s+in\s+(to|required)",
 ]
 def is_auth_error(output: str) -> bool:
    """
    Check if output contains Claude CLI authentication error messages.
    Args:
        output: Combined stdout/stderr from subprocess
    Returns:
        True if authentication error detected, False otherwise
    """
    if not output:
        return False
    output_lower = output.lower()
    for pattern in AUTH_ERROR_PATTERNS:
        if re.search(pattern, output_lower):
            return True
    return False
 def print_auth_error_help() -> None:
    """Print helpful message when authentication error is detected."""
    print("\n" + "=" * 50)
    print("  Authentication Error Detected")
    print("=" * 50)
    print("\nClaude CLI requires authentication to work.")
    print("\nTo fix this, run:")
    print("  claude login")
    print("\nThis will open a browser window to sign in.")
    print("After logging in, try running this command again.")
    print("=" * 50 + "\n")
 def check_spec_exists(project_dir: Path) -> bool:
    """
--- a/ui/src/hooks/useAssistantChat.ts
+++ b/ui/src/hooks/useAssistantChat.ts
@@ -43,6 +43,7 @@ export function useAssistantChat({
  const maxReconnectAttempts = 3;
  const pingIntervalRef = useRef<number | null>(null);
  const reconnectTimeoutRef = useRef<number | null>(null);
  const checkAndSendTimeoutRef = useRef<number | null>(null);
  // Clean up on unmount
  useEffect(() => {
@@ -53,9 +54,13 @@ export function useAssistantChat({
      if (reconnectTimeoutRef.current) {
        clearTimeout(reconnectTimeoutRef.current);
      }
      if (checkAndSendTimeoutRef.current) {
        clearTimeout(checkAndSendTimeoutRef.current);
      }
      if (wsRef.current) {
        wsRef.current.close();
      }
      currentAssistantMessageRef.current = null;
    };
  }, []);
@@ -203,6 +208,7 @@ export function useAssistantChat({
          case "response_done": {
            setIsLoading(false);
            currentAssistantMessageRef.current = null;
            // Mark current message as done streaming
            setMessages((prev) => {
@@ -251,11 +257,18 @@ export function useAssistantChat({
  const start = useCallback(
    (existingConversationId?: number | null) => {
      // Clear any pending check timeout from previous call
      if (checkAndSendTimeoutRef.current) {
        clearTimeout(checkAndSendTimeoutRef.current);
        checkAndSendTimeoutRef.current = null;
      }
      connect();
      // Wait for connection then send start message
      const checkAndSend = () => {
        if (wsRef.current?.readyState === WebSocket.OPEN) {
          checkAndSendTimeoutRef.current = null;
          setIsLoading(true);
          const payload: { type: string; conversation_id?: number } = {
            type: "start",
@@ -266,11 +279,13 @@ export function useAssistantChat({
          }
          wsRef.current.send(JSON.stringify(payload));
        } else if (wsRef.current?.readyState === WebSocket.CONNECTING) {
-          setTimeout(checkAndSend, 100);
+          checkAndSendTimeoutRef.current = window.setTimeout(checkAndSend, 100);
        } else {
          checkAndSendTimeoutRef.current = null;
        }
      };
-      setTimeout(checkAndSend, 100);
+      checkAndSendTimeoutRef.current = window.setTimeout(checkAndSend, 100);
    },
    [connect],
  );