ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-03 08:53:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(protection): implement multi-layered protection for feature_list.json

Browse Source 
Introduces a comprehensive strategy to safeguard the feature_list.json file from accidental modifications. Key enhancements include:

1. **Prompt-Level Warnings**: Added explicit warnings in agent prompts to prevent direct modifications.
2. **Dedicated MCP Tool**: Implemented the UpdateFeatureStatus tool for safe feature updates.
3. **File-Level Validation & Auto-Backup**: Added validation checks and automatic backups before modifications to prevent data loss.
4. **Tool Access Control**: Restricted agent access to critical tools, ensuring only the designated MCP tool can modify the feature list.

This update significantly reduces the risk of catastrophic data loss and ensures a robust feature management process.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
This commit is contained in:
Cody Seibert
2025-12-09 19:47:10 -05:00
parent 7cee3bbd9f
commit ac5b562f7a
15 changed files with 855 additions and 370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/electron/agent-service.js
View File

@@ -441,13 +441,28 @@ class AgentService {
return `You are an AI assistant helping users build software. You are part of the Automaker application,
which is designed to help developers plan, design, and implement software projects autonomously.
**🚨 CRITICAL FILE PROTECTION 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on .automaker/feature_list.json
- Use the Edit tool on .automaker/feature_list.json
- Use any Bash command that writes to .automaker/feature_list.json
- Attempt to read and rewrite .automaker/feature_list.json
**CATASTROPHIC CONSEQUENCES:**
Directly modifying .automaker/feature_list.json can erase all project features permanently.
This file is managed by specialized tools only. NEVER touch it directly.
Your role is to:
- Help users define their project requirements and specifications
- Ask clarifying questions to better understand their needs
- Suggest technical approaches and architectures
- Guide them through the development process
- Be conversational and helpful
- Write, edit, and modify code files as requested
- Write, edit, and modify code files as requested (EXCEPT .automaker/feature_list.json)
- Execute commands and tests
- Search and analyze the codebase
@@ -459,10 +474,10 @@ When discussing projects, help users think through:
- Testing strategies
You have full access to the codebase and can:
- Read files to understand existing code
- Write new files
- Edit existing files
- Run bash commands
- Read files to understand existing code (including .automaker/feature_list.json for viewing only)
- Write new files (NEVER .automaker/feature_list.json)
- Edit existing files (NEVER .automaker/feature_list.json)
- Run bash commands (but never commands that modify .automaker/feature_list.json)
- Search for code patterns
- Execute tests and builds

55
app/electron/services/feature-loader.js
View File

@@ -38,7 +38,51 @@ class FeatureLoader {
* @param {string} [summary] - Optional summary of what was done
*/
async updateFeatureStatus(featureId, status, projectPath, summary) {
const featuresPath = path.join(
projectPath,
".automaker",
"feature_list.json"
);
// 🛡️ SAFETY: Create backup before any modification
const backupPath = path.join(
projectPath,
".automaker",
"feature_list.backup.json"
);
try {
const originalContent = await fs.readFile(featuresPath, "utf-8");
await fs.writeFile(backupPath, originalContent, "utf-8");
console.log(`[FeatureLoader] Created backup at ${backupPath}`);
} catch (error) {
console.warn(`[FeatureLoader] Could not create backup: ${error.message}`);
}
const features = await this.loadFeatures(projectPath);
// 🛡️ VALIDATION: Ensure we loaded features successfully
if (!Array.isArray(features)) {
throw new Error("CRITICAL: features is not an array - aborting to prevent data loss");
}
if (features.length === 0) {
console.warn(`[FeatureLoader] WARNING: Feature list is empty. This may indicate corruption.`);
// Try to restore from backup
try {
const backupContent = await fs.readFile(backupPath, "utf-8");
const backupFeatures = JSON.parse(backupContent);
if (Array.isArray(backupFeatures) && backupFeatures.length > 0) {
console.log(`[FeatureLoader] Restored ${backupFeatures.length} features from backup`);
// Use backup features instead
features.length = 0;
features.push(...backupFeatures);
}
} catch (backupError) {
console.error(`[FeatureLoader] Could not restore from backup: ${backupError.message}`);
}
}
const feature = features.find((f) => f.id === featureId);
if (!feature) {
@@ -55,11 +99,6 @@ class FeatureLoader {
}
// Save back to file
const featuresPath = path.join(
projectPath,
".automaker",
"feature_list.json"
);
const toSave = features.map((f) => {
const featureData = {
id: f.id,
@@ -87,8 +126,14 @@ class FeatureLoader {
return featureData;
});
// 🛡️ FINAL VALIDATION: Ensure we're not writing an empty array
if (!Array.isArray(toSave) || toSave.length === 0) {
throw new Error("CRITICAL: Attempted to save empty feature list - aborting to prevent data loss");
}
await fs.writeFile(featuresPath, JSON.stringify(toSave, null, 2), "utf-8");
console.log(`[FeatureLoader] Updated feature ${featureId}: status=${status}${summary ? `, summary="${summary}"` : ""}`);
console.log(`[FeatureLoader] Successfully saved ${toSave.length} features to feature_list.json`);
}
/**

44
app/electron/services/prompt-builder.js
View File

@@ -385,6 +385,28 @@ Begin by exploring the project structure.`;
getCodingPrompt() {
return `You are an AI coding agent working autonomously to implement features.
**🚨 CRITICAL FILE PROTECTION - READ THIS FIRST 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on feature_list.json
- Use the Edit tool on feature_list.json
- Use any Bash command that writes to feature_list.json (echo, sed, awk, etc.)
- Attempt to read and rewrite feature_list.json
- UNDER ANY CIRCUMSTANCES touch this file directly
**CATASTROPHIC CONSEQUENCES:**
Directly modifying feature_list.json can:
- Erase all project features permanently
- Corrupt the project state beyond recovery
- Destroy hours/days of planning work
- This is a FIREABLE OFFENSE - you will be terminated if you do this
**THE ONLY WAY to update features:**
Use the mcp__automaker-tools__UpdateFeatureStatus tool with featureId, status, and summary parameters.
Your role is to:
- Implement features exactly as specified
- Write production-quality code
@@ -455,6 +477,28 @@ Focus on one feature at a time and complete it fully before finishing. Always de
getVerificationPrompt() {
return `You are an AI implementation and verification agent focused on completing features and ensuring they work.
**🚨 CRITICAL FILE PROTECTION - READ THIS FIRST 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on feature_list.json
- Use the Edit tool on feature_list.json
- Use any Bash command that writes to feature_list.json (echo, sed, awk, etc.)
- Attempt to read and rewrite feature_list.json
- UNDER ANY CIRCUMSTANCES touch this file directly
**CATASTROPHIC CONSEQUENCES:**
Directly modifying feature_list.json can:
- Erase all project features permanently
- Corrupt the project state beyond recovery
- Destroy hours/days of planning work
- This is a FIREABLE OFFENSE - you will be terminated if you do this
**THE ONLY WAY to update features:**
Use the mcp__automaker-tools__UpdateFeatureStatus tool with featureId, status, and summary parameters.
Your role is to:
- **Continue implementing features until they are complete** - don't stop at the first failure
- Check if feature.skipTests is true - if so, skip automated testing and don't commit

56
app/package.json
View File

@@ -64,7 +64,59 @@
"files": [
"electron/**/*",
".next/**/*",
"public/**/*"
]
"public/**/*",
"!node_modules/**/*",
"node_modules/@anthropic-ai/**/*"
],
"extraResources": [
{
"from": ".env",
"to": ".env",
"filter": ["**/*"]
}
],
"mac": {
"category": "public.app-category.developer-tools",
"target": [
{
"target": "dmg",
"arch": ["x64", "arm64"]
},
{
"target": "zip",
"arch": ["x64", "arm64"]
}
],
"icon": "public/icon.png"
},
"win": {
"target": [
{
"target": "nsis",
"arch": ["x64"]
}
],
"icon": "public/icon.png"
},
"linux": {
"target": [
{
"target": "AppImage",
"arch": ["x64"]
},
{
"target": "deb",
"arch": ["x64"]
}
],
"category": "Development",
"icon": "public/icon.png"
},
"nsis": {
"oneClick": false,
"allowToChangeInstallationDirectory": true,
"createDesktopShortcut": true,
"createStartMenuShortcut": true
}
}
}

170
app/src/components/views/board-view.tsx
View File

@@ -99,6 +99,7 @@ export function BoardView() {
runningAutoTasks,
maxConcurrency,
setMaxConcurrency,
defaultSkipTests,
} = useAppStore();
const [activeFeature, setActiveFeature] = useState<Feature | null>(null);
const [editingFeature, setEditingFeature] = useState<Feature | null>(null);
@@ -331,6 +332,16 @@ export function BoardView() {
[currentProject, persistedCategories]
);
// Sync skipTests default when dialog opens
useEffect(() => {
if (showAddDialog) {
setNewFeature((prev) => ({
...prev,
skipTests: defaultSkipTests,
}));
}
}, [showAddDialog, defaultSkipTests]);
// Auto-show activity log when auto mode starts
useEffect(() => {
if (autoMode.isRunning && !showActivityLog) {
@@ -602,7 +613,7 @@ export function BoardView() {
steps: [""],
images: [],
imagePaths: [],
skipTests: false,
skipTests: defaultSkipTests,
});
setShowAddDialog(false);
};
@@ -1340,18 +1351,6 @@ export function BoardView() {
</DialogDescription>
</DialogHeader>
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label htmlFor="category">Category</Label>
<CategoryAutocomplete
value={newFeature.category}
onChange={(value) =>
setNewFeature({ ...newFeature, category: value })
}
suggestions={categorySuggestions}
placeholder="e.g., Core, UI, API"
data-testid="feature-category-input"
/>
</div>
<div className="space-y-2">
<Label htmlFor="description">Description</Label>
<DescriptionImageDropZone
@@ -1367,34 +1366,16 @@ export function BoardView() {
/>
</div>
<div className="space-y-2">
<Label>Steps</Label>
{newFeature.steps.map((step, index) => (
<Input
key={index}
placeholder={`Step ${index + 1}`}
value={step}
onChange={(e) => {
const steps = [...newFeature.steps];
steps[index] = e.target.value;
setNewFeature({ ...newFeature, steps });
}}
data-testid={`feature-step-${index}-input`}
/>
))}
<Button
variant="outline"
size="sm"
onClick={() =>
setNewFeature({
...newFeature,
steps: [...newFeature.steps, ""],
})
<Label htmlFor="category">Category (optional)</Label>
<CategoryAutocomplete
value={newFeature.category}
onChange={(value) =>
setNewFeature({ ...newFeature, category: value })
}
data-testid="add-step-button"
>
<Plus className="w-4 h-4 mr-2" />
Add Step
</Button>
suggestions={categorySuggestions}
placeholder="e.g., Core, UI, API"
data-testid="feature-category-input"
/>
</div>
<div className="flex items-center space-x-2">
<Checkbox
@@ -1416,6 +1397,38 @@ export function BoardView() {
When enabled, this feature will require manual verification
instead of automated TDD.
</p>
{newFeature.skipTests && (
<div className="space-y-2">
<Label>Verification Steps</Label>
{newFeature.steps.map((step, index) => (
<Input
key={index}
placeholder={`Verification step ${index + 1}`}
value={step}
onChange={(e) => {
const steps = [...newFeature.steps];
steps[index] = e.target.value;
setNewFeature({ ...newFeature, steps });
}}
data-testid={`feature-step-${index}-input`}
/>
))}
<Button
variant="outline"
size="sm"
onClick={() =>
setNewFeature({
...newFeature,
steps: [...newFeature.steps, ""],
})
}
data-testid="add-step-button"
>
<Plus className="w-4 h-4 mr-2" />
Add Verification Step
</Button>
</div>
)}
</div>
<DialogFooter>
<Button variant="ghost" onClick={() => setShowAddDialog(false)}>
@@ -1450,21 +1463,6 @@ export function BoardView() {
</DialogHeader>
{editingFeature && (
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label htmlFor="edit-category">Category</Label>
<CategoryAutocomplete
value={editingFeature.category}
onChange={(value) =>
setEditingFeature({
...editingFeature,
category: value,
})
}
suggestions={categorySuggestions}
placeholder="e.g., Core, UI, API"
data-testid="edit-feature-category"
/>
</div>
<div className="space-y-2">
<Label htmlFor="edit-description">Description</Label>
<Textarea
@@ -1481,32 +1479,19 @@ export function BoardView() {
/>
</div>
<div className="space-y-2">
<Label>Steps</Label>
{editingFeature.steps.map((step, index) => (
<Input
key={index}
value={step}
onChange={(e) => {
const steps = [...editingFeature.steps];
steps[index] = e.target.value;
setEditingFeature({ ...editingFeature, steps });
}}
data-testid={`edit-feature-step-${index}`}
/>
))}
<Button
variant="outline"
size="sm"
onClick={() =>
<Label htmlFor="edit-category">Category (optional)</Label>
<CategoryAutocomplete
value={editingFeature.category}
onChange={(value) =>
setEditingFeature({
...editingFeature,
steps: [...editingFeature.steps, ""],
category: value,
})
}
>
<Plus className="w-4 h-4 mr-2" />
Add Step
</Button>
suggestions={categorySuggestions}
placeholder="e.g., Core, UI, API"
data-testid="edit-feature-category"
/>
</div>
<div className="flex items-center space-x-2">
<Checkbox
@@ -1534,6 +1519,37 @@ export function BoardView() {
When enabled, this feature will require manual verification
instead of automated TDD.
</p>
{editingFeature.skipTests && (
<div className="space-y-2">
<Label>Verification Steps</Label>
{editingFeature.steps.map((step, index) => (
<Input
key={index}
value={step}
placeholder={`Verification step ${index + 1}`}
onChange={(e) => {
const steps = [...editingFeature.steps];
steps[index] = e.target.value;
setEditingFeature({ ...editingFeature, steps });
}}
data-testid={`edit-feature-step-${index}`}
/>
))}
<Button
variant="outline"
size="sm"
onClick={() =>
setEditingFeature({
...editingFeature,
steps: [...editingFeature.steps, ""],
})
}
>
<Plus className="w-4 h-4 mr-2" />
Add Verification Step
</Button>
</div>
)}
</div>
)}
<DialogFooter>

47
app/src/components/views/settings-view.tsx
View File

@@ -31,7 +31,9 @@ import {
Minimize2,
Square,
Maximize2,
FlaskConical,
} from "lucide-react";
import { Checkbox } from "@/components/ui/checkbox";
export function SettingsView() {
const {
@@ -42,6 +44,8 @@ export function SettingsView() {
setTheme,
kanbanCardDetailLevel,
setKanbanCardDetailLevel,
defaultSkipTests,
setDefaultSkipTests,
} = useAppStore();
const [anthropicKey, setAnthropicKey] = useState(apiKeys.anthropic);
const [googleKey, setGoogleKey] = useState(apiKeys.google);
@@ -627,6 +631,49 @@ export function SettingsView() {
</div>
</div>
{/* Feature Defaults Section */}
<div className="rounded-xl border border-border bg-card backdrop-blur-md overflow-hidden">
<div className="p-6 border-b border-border">
<div className="flex items-center gap-2 mb-2">
<FlaskConical className="w-5 h-5 text-brand-500" />
<h2 className="text-lg font-semibold text-foreground">
Feature Defaults
</h2>
</div>
<p className="text-sm text-muted-foreground">
Configure default settings for new features.
</p>
</div>
<div className="p-6 space-y-4">
<div className="space-y-3">
<div className="flex items-start space-x-3">
<Checkbox
id="default-skip-tests"
checked={defaultSkipTests}
onCheckedChange={(checked) =>
setDefaultSkipTests(checked === true)
}
className="mt-0.5"
data-testid="default-skip-tests-checkbox"
/>
<div className="space-y-1">
<Label
htmlFor="default-skip-tests"
className="text-foreground cursor-pointer font-medium"
>
Skip automated testing by default
</Label>
<p className="text-xs text-muted-foreground">
When enabled, new features will default to manual
verification instead of TDD (test-driven development).
You can still override this for individual features.
</p>
</div>
</div>
</div>
</div>
</div>
{/* Save Button */}
<div className="flex items-center gap-4">
<Button

11
app/src/store/app-store.ts
View File

@@ -125,6 +125,9 @@ export interface AppState {
// Kanban Card Display Settings
kanbanCardDetailLevel: KanbanCardDetailLevel; // Level of detail shown on kanban cards
// Feature Default Settings
defaultSkipTests: boolean; // Default value for skip tests when creating new features
}
export interface AutoModeActivity {
@@ -202,6 +205,9 @@ export interface AppActions {
// Kanban Card Settings actions
setKanbanCardDetailLevel: (level: KanbanCardDetailLevel) => void;
// Feature Default Settings actions
setDefaultSkipTests: (skip: boolean) => void;
// Reset
reset: () => void;
}
@@ -227,6 +233,7 @@ const initialState: AppState = {
autoModeActivityLog: [],
maxConcurrency: 3, // Default to 3 concurrent agents
kanbanCardDetailLevel: "standard", // Default to standard detail level
defaultSkipTests: false, // Default to TDD mode (tests enabled)
};
export const useAppStore = create<AppState & AppActions>()(
@@ -469,6 +476,9 @@ export const useAppStore = create<AppState & AppActions>()(
setKanbanCardDetailLevel: (level) =>
set({ kanbanCardDetailLevel: level }),
// Feature Default Settings actions
setDefaultSkipTests: (skip) => set({ defaultSkipTests: skip }),
// Reset
reset: () => set(initialState),
}),
@@ -485,6 +495,7 @@ export const useAppStore = create<AppState & AppActions>()(
chatHistoryOpen: state.chatHistoryOpen,
maxConcurrency: state.maxConcurrency,
kanbanCardDetailLevel: state.kanbanCardDetailLevel,
defaultSkipTests: state.defaultSkipTests,
}),
}
)