The branch listing logic now correctly shows remote branches (e.g., "origin/main") even if a local branch with the same base name exists, since users need remote branches as PR base targets. Also extracted duplicate state reset logic in create-pr-dialog into a reusable function.
- Updated the list-branches endpoint to accept an optional parameter for including remote branches.
- Implemented logic to fetch and deduplicate remote branches alongside local branches.
- Modified the CreatePRDialog component to utilize the updated API for branch selection, allowing users to select from both local and remote branches.
- Fix handleResolveConflicts to use origin/${worktree.branch} instead of
hardcoded origin/main for pull and resolve conflicts
- Add defaultBaseBranch prop to CreatePRDialog to use selected branch
- Fix branchCardCounts to use primary worktree branch as default
- Enable PR status and Address PR Comments for main branch tab
- Add automatic PR detection from GitHub for branches without stored metadata
This allows users working on release branches (like v0.11.0rc) to properly
pull from their branch's remote and see PR status for any branch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add 'noopener,noreferrer' parameter to all window.open() calls with
target='_blank' to prevent tabnabbing attacks. This prevents the newly
opened page from accessing window.opener, protecting against potential
security vulnerabilities.
Affected files:
- use-dev-servers.ts: Dev server URL links
- worktree-actions-dropdown.tsx: PR URL links
- create-pr-dialog.tsx: PR creation and browser fallback links
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Security fixes:
- Enhanced branch name sanitization for cross-platform filesystem safety
(handles Windows-invalid chars, reserved names, path length limits)
- Added branch name validation in pr-info.ts to prevent command injection
- Sanitized prUrl in kanban-card to only allow http/https URLs
Code quality improvements:
- Fixed placeholder issue where {owner}/{repo} was passed literally to gh api
- Replaced async forEach with Promise.all for proper async handling
- Display PR number extracted from URL in kanban cards
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added a new route for fetching PR info, allowing users to retrieve details about existing pull requests associated with worktrees.
- Updated the create PR handler to store metadata for existing PRs and handle cases where a PR already exists.
- Enhanced the UI components to display PR information, including a new button to address PR comments directly from the worktree panel.
- Improved the overall user experience by integrating PR state indicators and ensuring seamless interaction with the GitHub CLI for PR management.
Merge latest features from main including:
- PR #161 (worktree-confusion): Clarified branch handling in dialogs
- PR #160 (speckits-rebase): Planning mode functionality
Resolved conflicts:
- add-feature-dialog.tsx: Combined TanStack Router navigation with branch selection state
- worktree-integration.spec.ts: Updated tests for new worktree behavior (created at execution time)
- package-lock.json: Regenerated after merge
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
