Critical fixes:
- Lock file TOCTOU race condition: Use atomic O_CREAT|O_EXCL for lock creation
- PID reuse vulnerability on Windows: Store PID:CREATE_TIME in lock file to
detect when a different process has reused the same PID
- WAL mode on network drives: Detect network paths (UNC, mapped drives, NFS,
CIFS) and fall back to DELETE journal mode to prevent corruption
High priority fixes:
- JSON migration now preserves dependencies field during legacy migration
- Process tree termination on Windows: Use psutil to kill child processes
recursively to prevent orphaned browser instances
- Retry backoff jitter: Add random 30% jitter to prevent synchronized retries
under high contention with 5 concurrent agents
Files changed:
- server/services/process_manager.py: Atomic lock creation, PID+create_time
- api/database.py: Network filesystem detection for WAL mode fallback
- api/migration.py: Add dependencies field to JSON migration
- parallel_orchestrator.py: _kill_process_tree helper function
- mcp_server/feature_mcp.py: Add jitter to exponential backoff
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete the defense-in-depth approach from PR #53 by adding explicit
in_progress=False to all remaining feature creation locations. This
ensures consistency with the MCP server pattern and prevents potential
NULL values in the in_progress field.
Changes:
- server/routers/features.py: Add in_progress=False to create_feature()
and create_features_bulk() endpoints
- server/services/expand_chat_session.py: Add in_progress=False to
_create_features_bulk() in the expand chat session
- api/migration.py: Add in_progress field handling in JSON migration,
reading from source data with False as default
This follows up on PR #53 which added nullable=False constraints and
fixed existing NULL values, but only updated the MCP server creation
paths. Now all 6 feature creation locations explicitly set both
passes=False and in_progress=False.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add CI workflow with Python (ruff lint, security tests) and UI (ESLint, TypeScript, build) jobs
- Add ruff, mypy, pytest to requirements.txt
- Add pyproject.toml with ruff configuration
- Fix import sorting across Python files (ruff --fix)
- Fix test_security.py expectations to match actual security policy
- Remove invalid 'eof' command from ALLOWED_COMMANDS
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
