- Added a mock for the `loadContextFiles` function to return an empty context by default, improving test reliability.
- Updated the agent-service test suite to ensure proper initialization of the `AgentService` with mocked dependencies.
These changes aim to enhance the test coverage and stability of the agent-service functionality.
- Implemented path validation against ALLOWED_ROOT_DIRECTORY to prevent arbitrary file reads and prompt injection attacks.
- Added error handling for file reading, including specific responses for forbidden paths and file not found scenarios.
- Updated the description generation logic to truncate large files and provide structured prompts for analysis.
- Enhanced logging for better traceability of file access and errors.
These changes aim to improve the security and reliability of the file description functionality.
- Added functionality to collect and kill all terminal sessions on the server before clearing terminal state to prevent orphaned processes.
- Implemented cleanup of terminal sessions during page unload using sendBeacon for reliable delivery.
- Refactored terminal state clearing logic to ensure server sessions are terminated before switching projects.
- Improved handling of search decorations to prevent visual artifacts during terminal disposal and content restoration.
- Added an `afterEach` hook to clean up after tests in `claude-usage-service.test.ts`.
- Updated the mock for `onExit` to include an exit callback, ensuring proper handling of process termination.
- Modified the `fetchUsageData` test to await the promise resolution, preventing unhandled promise rejections.
These changes improve the reliability and robustness of the unit tests for the ClaudeUsageService.
- Updated ESLint configuration to include support for `.mjs` and `.cjs` file types, adding necessary global variables for Node.js and browser environments.
- Introduced a new `vite-env.d.ts` file to define environment variables for Vite, improving type safety.
- Refactored error handling in `file-browser-dialog.tsx`, `description-image-dropzone.tsx`, and `feature-image-upload.tsx` to omit error parameters, simplifying the catch blocks.
- Removed unused bug report button functionality from the sidebar, streamlining the component structure.
- Adjusted various components to improve code readability and maintainability, including updates to type imports and component props.
These changes aim to enhance the development experience by improving linting support and simplifying error handling across components.
- Updated the project creation logic to write a detailed app_spec.txt file in XML format, including project name, overview, technology stack, core capabilities, and implemented features.
- Improved handling for projects created from templates and custom repositories, ensuring relevant information is captured in the app_spec.txt.
- Enhanced user feedback with success messages upon project creation, improving overall user experience.
These changes aim to provide a clearer project structure and facilitate better integration with AI analysis tools.
- Updated type imports for `icon` and `content` in the `WikiSection` interface to use `ElementType` and `ReactNode` for better clarity and type safety.
- Expanded the content description in the WikiView to include shared libraries and updated technology stack details.
- Revised the directory structure representation for clarity and completeness, reflecting the current organization of the codebase.
- Adjusted file paths in the feature list for better accuracy and organization.
These changes aim to improve the documentation and type safety within the WikiView component, enhancing developer experience and understanding of the project structure.
- Implemented spatial navigation between terminal panes using directional shortcuts (Ctrl+Alt+Arrow keys).
- Improved session handling by ensuring stale sessions are automatically removed when the server indicates they are invalid.
- Added customizable keyboard shortcuts for terminal actions and enhanced search functionality with dedicated highlighting colors.
- Updated terminal themes to include search highlighting colors for better visibility during searches.
- Refactored terminal layout saving logic to prevent incomplete state saves during project restoration.
- Extracted new components: ProjectSelectorWithOptions, SidebarFooter, TrashDialog, and OnboardingDialog to improve code organization and reusability.
- Introduced new hooks: useProjectCreation, useSetupDialog, and useTrashDialog for better state management and modularity.
- Updated sidebar.tsx to utilize the new components and hooks, reducing complexity and improving maintainability.
- Enhanced project creation and setup processes with dedicated dialogs and streamlined user interactions.
This refactor aims to enhance the user experience and maintainability of the sidebar by modularizing functionality and improving the overall structure.
Extract logo, header, actions, and navigation into separate components:
- AutomakerLogo: SVG logo with collapsed/expanded states
- SidebarHeader: Logo section with bug report button
- ProjectActions: New/Open/Trash action buttons
- SidebarNavigation: Navigation items with active states
Reduces sidebar.tsx from 1551 to 1442 lines (-109 lines)
Improves code organization and component reusability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Introduced new hooks: useRunningAgents, useTrashOperations, useProjectPicker, useSpecRegeneration, and useNavigation for improved state management and functionality.
- Created CollapseToggleButton component for sidebar collapse functionality, enhancing UI responsiveness.
- Refactored sidebar.tsx to utilize the new hooks and components, improving code organization and maintainability.
- Updated sidebar structure to streamline project selection and navigation processes.
This refactor aims to enhance user experience and maintainability by modularizing functionality and improving the sidebar's responsiveness.
This commit updates various modules to utilize the secure file system operations from the secureFs module instead of the native fs module. Key changes include:
- Replaced fs imports with secureFs in multiple route handlers and services to enhance security and consistency in file operations.
- Added centralized validation for working directories in the sdk-options module to ensure all AI model invocations are secure.
These changes aim to improve the security and maintainability of file handling across the application.
This commit introduces several performance improvements across the UI components:
- Updated the Button component to enhance hover animations by grouping styles for better GPU efficiency.
- Adjusted the interval timing in the BoardView and WorktreePanel components from 1 second to 3 and 5 seconds respectively, reducing CPU/GPU usage.
- Replaced the continuous gradient rotation animation with a subtle pulse effect in global CSS to further optimize rendering performance.
These changes aim to improve the overall responsiveness and efficiency of the UI components.
- Show 'N/A' and dim card when percentage is NaN/invalid
- Use gray progress bar for invalid values
- Rename opusWeekly* properties to sonnetWeekly* to match server types
- Added validation for terminal input to ensure it is a string and limited to 1MB to prevent memory issues.
- Implemented checks for terminal resize dimensions to ensure they are positive integers within specified bounds.
- Updated keyboard shortcuts for terminal actions to use Alt key combinations instead of Ctrl+Shift for better accessibility.
- Changed the token generation method to use slice instead of substr for better readability.
- Enhanced maxSessions validation in the settings update handler to check for undefined values and ensure the input is a number before processing.
- Added validation to ensure maxSessions is an integer before processing the request.
- Responds with a 400 status and an error message if the input is not a valid integer.
- Updated the maximum terminal session limit from 500 to 1000 to accommodate more concurrent sessions.
- Enhanced path handling in the editor and HTTP API client to normalize file paths for both Unix and Windows systems, ensuring consistent URL encoding.
Adds a Claude usage tracking feature that displays session, weekly, and Sonnet usage stats. Uses the Claude CLI's /usage command to fetch data (no API key required).
Features:
- Usage popover in board header showing session, weekly, and Sonnet limits
- Progress bars with color-coded status (green/orange/red)
- Auto-refresh with configurable interval
- Caching of usage data with stale indicator
- Settings section for refresh interval configuration
Server:
- ClaudeUsageService: Executes Claude CLI via PTY (expect) to fetch usage
- New /api/claude/usage endpoint
UI:
- ClaudeUsagePopover component with usage cards
- ClaudeUsageSection in settings for configuration
- Integration with app store for persistence
- Refactored session limit checks in terminal settings to use constants for minimum and maximum session values.
- Enhanced terminal layout saving mechanism with debouncing to prevent excessive writes during rapid changes.
- Updated error messages to reflect new session limit constants.
- Added new endpoints for terminal settings: GET and PUT /settings to retrieve and update terminal configurations.
- Implemented session limit checks during session creation, returning a 429 status when the limit is reached.
- Introduced a new TerminalSection in settings view for customizing terminal appearance and behavior, including font family, default font size, line height, and screen reader mode.
- Added support for new terminal features such as search functionality and improved error handling with a TerminalErrorBoundary component.
- Updated terminal layout persistence to include session IDs for reconnection and enhanced terminal state management.
- Introduced new keyboard shortcuts for terminal actions, including creating new terminal tabs.
- Enhanced UI with scrollbar theming for terminal components.
This commit refactors the handling of ALLOWED_ROOT_DIRECTORY by removing legacy support for ALLOWED_PROJECT_DIRS and simplifying the security logic. Key changes include:
- Removed deprecated ALLOWED_PROJECT_DIRS references from .env.example and security.ts.
- Updated initAllowedPaths() to focus solely on ALLOWED_ROOT_DIRECTORY and DATA_DIR.
- Enhanced logging for ALLOWED_ROOT_DIRECTORY configuration status.
- Adjusted route handlers to utilize the new workspace directory logic.
- Introduced a centralized storage module for localStorage operations to improve consistency and error handling.
These changes aim to enhance security and maintainability by consolidating directory management into a single variable.
Tests: All unit tests passing.
Changes:
- Introduced new npm scripts for testing all packages and running tests across the server.
- Updated GitHub Actions workflow to include a step for running package tests.
Benefits:
✅ Enhanced testing capabilities for individual packages
✅ Improved CI process with comprehensive test coverage
All tests passing.
Changes:
- Added a new package, @automaker/prompts, containing AI prompt templates for enhancing user-written task descriptions.
- Implemented four enhancement modes: improve, technical, simplify, and acceptance, each with corresponding system prompts and examples.
- Updated relevant packages to utilize the new prompts package, ensuring backward compatibility with existing imports.
- Enhanced documentation to include usage examples and integration details for the new prompts.
Benefits:
✅ Streamlined AI prompt management across the codebase
✅ Improved clarity and usability for AI-powered features
✅ Comprehensive documentation for developers
All tests passing.
Fixed outdated import in card-badges.tsx that was causing electron build
to fail in CI. Updated to use @automaker/dependency-resolver instead of
the old @/lib/dependency-resolver path.
Resolves electron build failure: "Could not load dependency-resolver"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added author information as "AutoMaker Team" to all package.json files.
- Set license to "SEE LICENSE IN LICENSE" for consistency across the project.
Removed all references to WORKSPACE_DIR environment variable to simplify
configuration. The system now uses exclusively ALLOWED_ROOT_DIRECTORY
for controlling the root directory where projects can be accessed.
Changes:
- Removed WORKSPACE_DIR from security.ts initialization
- Updated workspace/routes/directories.ts to require ALLOWED_ROOT_DIRECTORY
- Updated workspace/routes/config.ts to require ALLOWED_ROOT_DIRECTORY
- Updated apps/ui/src/main.ts to use ALLOWED_ROOT_DIRECTORY instead of WORKSPACE_DIR
- Updated .env file to reference ALLOWED_ROOT_DIRECTORY
- Removed WORKSPACE_DIR test from security.test.ts
Backend test results: 653/653 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit consolidates directory security from two environment variables
(WORKSPACE_DIR, ALLOWED_PROJECT_DIRS) into a single ALLOWED_ROOT_DIRECTORY variable
while maintaining backward compatibility.
Changes:
- Re-enabled path validation in security.ts (was previously disabled)
- Implemented isPathAllowed() to check ALLOWED_ROOT_DIRECTORY with DATA_DIR exception
- Added backward compatibility for legacy ALLOWED_PROJECT_DIRS and WORKSPACE_DIR
- Implemented path traversal protection via isPathWithinDirectory() helper
- Added PathNotAllowedError custom exception for security violations
- Updated all FS route endpoints to validate paths and return 403 on violation
- Updated template clone endpoint to validate project paths
- Updated workspace config endpoints to use ALLOWED_ROOT_DIRECTORY
- Fixed stat() response property access bug in project-init.ts
- Updated security tests to expect actual validation behavior
Security improvements:
- Path validation now enforced at all layers (routes, project init, agent services)
- appData directory (DATA_DIR) always allowed for settings/credentials
- Backward compatible with existing ALLOWED_PROJECT_DIRS/WORKSPACE_DIR configurations
- Protection against path traversal attacks
Backend test results: 654/654 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
