Follow-up to PR #89 - apply the same popen_kwargs pattern with
stdin=DEVNULL and CREATE_NO_WINDOW to _spawn_testing_agent() and
_run_initializer() for consistent Windows behavior.
Also fixes typo: _kill_process_tree -> kill_process_tree
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add the ability to reset a project to its initial state with two options:
- Quick Reset: Clears features.db, assistant.db, and settings files while
preserving app spec and prompts
- Full Reset: Deletes everything including prompts directory, triggering
the setup wizard for project reconfiguration
Backend changes:
- Add POST /{name}/reset endpoint to projects router with full_reset query param
- Validate agent lock file to prevent reset while agent is running (409 Conflict)
- Dispose database engines before deleting files to release Windows file locks
- Add engine caching to api/database.py for better connection management
- Add dispose_engine() functions to both database modules
- Delete WAL mode journal files (*.db-wal, *.db-shm) during reset
Frontend changes:
- Add ResetProjectModal component with toggle between Quick/Full reset modes
- Add ProjectSetupRequired component shown when has_spec is false
- Add resetProject API function and useResetProject React Query hook
- Integrate reset button in header (disabled when agent running)
- Add 'R' keyboard shortcut to open reset modal
- Show ProjectSetupRequired when project needs setup after full reset
This implements the feature from PR #4 directly on master to avoid merge
conflicts.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add debug logging when shlex fallback extraction is used, capturing
both successful extractions and failures for security auditing
- Add test case for docker nested quotes that trigger fallback parser
- Remove redundant comment about re import (already at module level)
Follow-up improvements from PR #127 code review:
- Enables tracking of malformed command patterns in production logs
- Verifies fallback parser handles the exact docker exec case reported
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add `default_concurrency` column to the projects table in the registry
database, allowing each project to remember its preferred concurrency
setting (1-5 agents). The value persists across page refreshes and
app restarts.
Backend changes:
- Add `default_concurrency` column to Project model in registry.py
- Add database migration for existing databases (ALTER TABLE)
- Add get/set_project_concurrency() CRUD functions
- Add ProjectSettingsUpdate schema with validation
- Add PATCH /{name}/settings endpoint in projects router
- Include default_concurrency in ProjectSummary/ProjectDetail responses
Frontend changes:
- Add default_concurrency to ProjectSummary TypeScript interface
- Add ProjectSettingsUpdate type and updateProjectSettings API function
- Add useUpdateProjectSettings React Query mutation hook
- Update AgentControl to accept defaultConcurrency prop
- Sync local state when project changes via useEffect
- Debounce slider changes (500ms) before saving to backend
- Pass defaultConcurrency from selectedProjectData in App.tsx
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create shared `isSubmitEnter()` utility in `ui/src/lib/keyboard.ts`
for IME-aware Enter key handling across all input components
- Extract magic number 48 to named constant `COLLAPSED_DEBUG_PANEL_CLEARANCE`
with explanatory comment (40px panel header + 8px margin)
- Update 5 components to use the new utility:
- AssistantChat.tsx
- ExpandProjectChat.tsx
- SpecCreationChat.tsx
- FolderBrowser.tsx
- TerminalTabs.tsx
This follows up on PR #121 which added IME composition checks. The
refactoring centralizes the logic for easier maintenance and documents
the padding value that prevents Kanban cards from being cut off when
the debug panel is collapsed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add sticky positioning and glassmorphism effect to the top navigation:
- sticky top-0 z-50 for fixed positioning above content
- bg-card/80 for 80% opacity background
- backdrop-blur-md for frosted glass effect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Change CSS import from bare module specifier to url() syntax to fix
Vite/Tailwind CSS resolution issues on some systems.
- Changed `@import "tw-animate-css"` to `@import url("tw-animate-css")`
- The url() wrapper ensures proper package resolution across platforms
- Fixes "Can't resolve 'tw-animate-css'" build error
The bare import syntax failed because Vite's CSS processing didn't
properly resolve the package exports. Using url() bypasses this issue
while still correctly resolving the npm package from node_modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add security controls to the EXTRA_READ_PATHS feature (PR #126) to prevent
path traversal attacks and accidental exposure of sensitive directories.
Changes:
- Add EXTRA_READ_PATHS_BLOCKLIST constant blocking credential directories
(.ssh, .aws, .azure, .kube, .gnupg, .docker, .npmrc, .pypirc, .netrc)
- Create get_extra_read_paths() function with comprehensive validation:
- Path canonicalization via Path.resolve() to prevent .. traversal
- Validates paths are absolute (rejects relative paths)
- Validates paths exist and are directories
- Blocks paths that are/contain sensitive directories
- Blocks paths that would expose sensitive dirs (e.g., home dir)
- Update create_client() to use validated getter function
- Improve logging to show validated paths instead of raw input
- Document security controls in CLAUDE.md under Security Model section
Security considerations:
- Addresses path traversal risk similar to CVE-2025-54794
- Prevents accidental exposure of SSH keys, cloud credentials, etc.
- All validation happens before permissions are granted to the agent
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace hardcoded violet/purple colors in OrchestratorStatusCard with
standard primary color CSS variables to ensure proper theming across
all theme variants (light/dark mode, Twitter, Claude, Neo Brutalism,
Aurora, Retro Arcade).
Changes:
- Card background: bg-primary/10 with border-primary/30
- Maestro title and state text: text-primary
- Activity button: text-primary hover:bg-primary/10
- Events border and timestamps: use primary color variants
Also includes:
- Enhanced review-pr command with vision alignment checks
- CLAUDE.md improvements: prerequisites, testing section, React 19 update
- Simplified parallel mode documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Allow agents to read files from directories outside the project folder
via the EXTRA_READ_PATHS environment variable.
Changes:
- Add EXTRA_READ_PATHS_VAR constant in client.py
- Parse comma-separated paths and add Read/Glob/Grep permissions
- Log configured extra read paths on agent startup
- Document the feature in .env.example
Usage:
EXTRA_READ_PATHS=/path/to/docs,/path/to/libs
Security: External paths are read-only (no Write/Edit permissions)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace direct-DB feature creation with MCP tool path. The expand
session now configures the feature MCP server and allows
feature_create_bulk tool calls, matching how AssistantChatSession
already works. Removes duplicated _create_features_bulk() method
and <features_to_create> regex parsing.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add visited set to BFS algorithm to handle circular dependencies gracefully.
Previously, cycles in the dependency graph caused the orchestrator to hang
at 100% CPU indefinitely during startup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace warm off-white with cool blue-gray concrete tone
- More corporate and industrial aesthetic
- Sidebar background adjusted to match
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change primary color to deep navy #000e4e
- Replace teal accent with gray monochrome scale
- Add warm off-white background
- Enhance card shadows for modern depth (2026 UI trend)
- Update chart colors to navy-gray gradient scale
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a new "Business" theme designed for corporate/professional use cases.
The theme features a sophisticated navy and gray color palette that conveys
trust and professionalism while maintaining excellent readability.
Key characteristics:
- Deep navy primary color for trust and professionalism
- Off-white/charcoal backgrounds (avoiding harsh pure white/black)
- Teal accent for CTAs and highlights
- Soft, professional shadows
- System fonts for native feel
- High contrast ratios (WCAG AA compliant)
Files changed:
- globals.css: Added .theme-business light and dark mode variables
- useTheme.ts: Added 'business' to ThemeId and THEMES array
- ThemeSelector.tsx: Added business theme class handling
The comment said "excluding test files" but the grep commands didn't
actually exclude them. Added common test file exclusion patterns.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add isComposing check to prevent Enter key from submitting messages
while Japanese (or other) IME input is in progress.
Affected components:
- AssistantChat
- ExpandProjectChat
- SpecCreationChat
- FolderBrowser
- TerminalTabs
Added 'text' language identifier to all fenced code blocks in the
Infrastructure Feature Descriptions section to satisfy MD040.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Addresses reviewer feedback:
1. Windows Compatibility: Added Windows alternative using netstat/taskkill
2. Safer Process Killing: Changed from `pkill -f "node"` to port-based
killing (`lsof -ti :$PORT`) to avoid killing unrelated Node processes
like VS Code, Claude Code, or other development tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed grep for "new Map()/new Set()" to search all of src/
- Previously only searched src/lib/, src/store/, src/data/
- Now consistent with other grep patterns that search entire src/
- Applied to both coding_prompt and initializer_prompt templates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changes:
- Replace pkill -f "node" with port-based killing (lsof -ti :PORT)
- Safer: only kills dev server, not VS Code/Claude Code/other Node apps
- More specific: targets exact port instead of all Node processes
- Add Windows alternative commands (commented, for reference)
- Use ${PORT:-3000} variable instead of hardcoded port 3000
- Update health check and API verification to use PORT variable
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a comprehensive theme system allowing users to switch between three
distinct visual themes, each supporting both light and dark modes:
- Twitter (default): Clean blue design with soft shadows
- Claude: Warm beige/cream tones with orange primary accents
- Neo Brutalism: Bold colors, hard shadows, 0px border radius
New files:
- ui/src/hooks/useTheme.ts: Theme state management hook with localStorage
persistence for both theme selection and dark mode preference
- ui/src/components/ThemeSelector.tsx: Header dropdown with hover preview
and color swatches for quick theme switching
Modified files:
- ui/src/styles/globals.css: Added CSS custom properties for Claude and
Neo Brutalism themes with light/dark variants, shadow variables
integrated into @theme inline block
- ui/src/App.tsx: Integrated useTheme hook and ThemeSelector component
- ui/src/components/SettingsModal.tsx: Added theme selection UI with
preview swatches and dark mode toggle
- ui/index.html: Added DM Sans and Space Mono fonts for Neo Brutalism
Features:
- Independent theme and dark mode controls
- Smooth CSS transitions when switching themes
- Theme-specific shadow styles (soft vs hard)
- Theme-specific fonts and border radius
- Persisted preferences in localStorage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove translate-x/translate-y CSS selectors that broke layout utilities
(AssistantPanel slide animation, DebugLogViewer resize handle)
- Add browser validation to get_playwright_browser() with warning for
invalid values (matches get_playwright_headless() behavior)
- Remove phantom SQLite documentation from CUSTOM_UPDATES.md that
described features not present in PR #93
- Update checklist and revert instructions to match actual changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check for 'not found' message (server response) in addition to '404'
- Only clear stored conversation ID on actual 404 errors
- Prevent unnecessary retries for deleted conversations
- Don't clear conversation on transient network errors
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When a stored conversation ID no longer exists (e.g., database was reset
or conversation was deleted), the UI would repeatedly try to fetch it,
causing endless 404 errors in the console.
This fix:
- Stops retrying on 404 errors (conversation doesn't exist)
- Automatically clears the stored conversation ID from localStorage
when a 404 is received, allowing the user to start fresh
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
