Platform-specific implementations:
- macOS: Uses 'expect' command (unchanged, working)
- Windows: Uses node-pty for PTY support
Also fixes 'which' vs 'where' for checking Claude CLI availability.
Replace Unix-only 'expect' command with node-pty library which works
on Windows, macOS, and Linux. Also fixes 'which' command to use 'where'
on Windows for checking if Claude CLI is available.
Adds a Claude usage tracking feature that displays session, weekly, and Sonnet usage stats. Uses the Claude CLI's /usage command to fetch data (no API key required).
Features:
- Usage popover in board header showing session, weekly, and Sonnet limits
- Progress bars with color-coded status (green/orange/red)
- Auto-refresh with configurable interval
- Caching of usage data with stale indicator
- Settings section for refresh interval configuration
Server:
- ClaudeUsageService: Executes Claude CLI via PTY (expect) to fetch usage
- New /api/claude/usage endpoint
UI:
- ClaudeUsagePopover component with usage cards
- ClaudeUsageSection in settings for configuration
- Integration with app store for persistence
This commit introduces several improvements to the security and file handling mechanisms across the application. Key changes include:
- Updated the Dockerfile to pin the GitHub CLI version for reproducible builds.
- Refactored the secure file system operations to ensure consistent path validation and type handling.
- Removed legacy path management functions and streamlined the allowed paths logic in the security module.
- Enhanced route handlers to validate path parameters against the ALLOWED_ROOT_DIRECTORY, improving security against unauthorized access.
- Updated the settings service to focus solely on the Anthropic API key, removing references to Google and OpenAI keys.
These changes aim to enhance security, maintainability, and clarity in the codebase.
Tests: All unit tests passing.
Changes:
- Removed specific compiled file patterns from .gitignore to simplify ignore rules.
- Modified error handling in feature-loader.ts to rethrow errors instead of keeping original paths, preventing potential broken references.
- Added ".js" extensions to import statements in types package for ESM compliance.
Benefits:
✅ Cleaner .gitignore for better maintainability
✅ Improved error handling logic in feature-loader
✅ Consistent import paths for ESM compatibility
All tests passing.
This commit replaces direct file system operations with a secure file system adapter to enhance security by enforcing path validation. The changes include:
- Replaced `fs` imports with `secureFs` in various services and utilities.
- Updated file operations in `agent-service`, `auto-mode-service`, `feature-loader`, and `settings-service` to use the secure file system methods.
- Ensured that all file I/O operations are validated against the ALLOWED_ROOT_DIRECTORY.
This refactor aims to prevent unauthorized file access and improve overall security posture.
Tests: All unit tests passing.
🤖 Generated with Claude Code
This commit addresses all "Should Fix" items from the PR review:
1. Security Documentation (platform package)
- Added comprehensive inline documentation in security.ts explaining
why path validation is disabled
- Added Security Model section to platform README.md
- Documented rationale, implications, and future re-enabling steps
2. Model Resolver Tests
- Created comprehensive test suite (34 tests, 100% coverage)
- Added vitest configuration with strict coverage thresholds
- Tests cover: alias resolution, full model strings, priority handling,
edge cases, and integration scenarios
- Updated package.json with test scripts and vitest dependency
3. Feature Loader Logging Migration
- Replaced all console.log/warn/error calls with @automaker/utils logger
- Consistent with rest of codebase logging pattern
- Updated corresponding tests to match new logger format
4. Module Format Consistency
- Verified all packages use consistent module formats (ESM)
- No changes needed
All tests passing (632 tests across 31 test files).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Removed all references to OPENAI_API_KEY and GOOGLE_API_KEY since only
Claude (Anthropic) provider is implemented. These were placeholder references
for future providers that don't exist yet.
Changes:
- Removed OPENAI_API_KEY and GOOGLE_API_KEY from docker-compose.yml
- Removed from .env and .env.example files
- Updated setup/routes/store-api-key.ts to only support anthropic
- Updated setup/routes/delete-api-key.ts to only support anthropic
- Updated setup/routes/api-keys.ts to only return anthropic key status
- Updated models/routes/providers.ts to only list anthropic provider
- Updated auto-mode-service.ts error message to only reference ANTHROPIC_API_KEY
Backend test results: 653/653 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Changed import statements in settings-service.ts to use @automaker/utils and @automaker/platform for better modularity.
- Updated import in security.test.ts to reflect the new path for security.js, enhancing consistency across the codebase.
This commit consolidates directory security from two environment variables
(WORKSPACE_DIR, ALLOWED_PROJECT_DIRS) into a single ALLOWED_ROOT_DIRECTORY variable
while maintaining backward compatibility.
Changes:
- Re-enabled path validation in security.ts (was previously disabled)
- Implemented isPathAllowed() to check ALLOWED_ROOT_DIRECTORY with DATA_DIR exception
- Added backward compatibility for legacy ALLOWED_PROJECT_DIRS and WORKSPACE_DIR
- Implemented path traversal protection via isPathWithinDirectory() helper
- Added PathNotAllowedError custom exception for security violations
- Updated all FS route endpoints to validate paths and return 403 on violation
- Updated template clone endpoint to validate project paths
- Updated workspace config endpoints to use ALLOWED_ROOT_DIRECTORY
- Fixed stat() response property access bug in project-init.ts
- Updated security tests to expect actual validation behavior
Security improvements:
- Path validation now enforced at all layers (routes, project init, agent services)
- appData directory (DATA_DIR) always allowed for settings/credentials
- Backward compatible with existing ALLOWED_PROJECT_DIRS/WORKSPACE_DIR configurations
- Protection against path traversal attacks
Backend test results: 654/654 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit addresses CodeRabbit feedback from PR #186 by adding detailed
documentation to all public APIs in the settings module:
**Server-side documentation:**
- SettingsService class: 12 public methods with parameter and return types
- Settings types (settings.ts): All type aliases, interfaces, and constants
documented with usage context
- Route handlers (8 endpoints): Complete endpoint documentation with request/response
schemas
- Automaker paths utilities: All 13 path resolution functions fully documented
**Client-side documentation:**
- useSettingsMigration hook: Migration flow and state documented
- Sync functions: Three sync helpers (settings, credentials, project) with usage guidelines
- localStorage constants: Clear documentation of migration keys and cleanup strategy
All docstrings follow JSDoc format with:
- Purpose and behavior description
- Parameter documentation with types
- Return value documentation
- Usage examples where applicable
- Cross-references between related functions
This improves code maintainability, IDE autocomplete, and developer onboarding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add SettingsService to handle reading/writing global and project settings.
- Introduce API routes for managing settings, including global settings, credentials, and project-specific settings.
- Implement migration functionality to transfer settings from localStorage to file-based storage.
- Create common utilities for settings routes and integrate logging for error handling.
- Update server entry point to include new settings routes.
- Add POST /features/generate-title endpoint using Claude Haiku
- Generate concise titles (5-10 words) from feature descriptions
- Display titles in kanban cards with loading state
- Add optional title field to add/edit feature dialogs
- Auto-generate titles when description provided but title empty
- Add 'Pull & Resolve Conflicts' action to worktree dropdown
- Show running agents count in board header (X / Y format)
- Update Feature interface to include title and titleGenerating fields
CRITICAL FIXES:
- Fix dependency-resolver ES module failure by reverting to CommonJS
- Removed "type": "module" from package.json
- Changed tsconfig.json module from "ESNext" to "commonjs"
- Added exports field for better module resolution
- Package now works correctly at runtime
- Fix Feature type incompatibility between server and UI
- Added FeatureImagePath interface to @automaker/types
- Made imagePaths property accept multiple formats
- Added index signature for backward compatibility
HIGH PRIORITY FIXES:
- Remove duplicate model-resolver.ts from apps/server/src/lib/
- Update sdk-options.ts to import from @automaker/model-resolver
- Use @automaker/types for CLAUDE_MODEL_MAP and DEFAULT_MODELS
- Remove duplicate session types from apps/ui/src/types/
- Deleted identical session.ts file
- Use @automaker/types for session type definitions
- Update source file Feature imports
- Fix create.ts and update.ts to import Feature from @automaker/types
- Separate Feature type import from FeatureLoader class import
MEDIUM PRIORITY FIXES:
- Remove unused imports
- Remove unused AbortError from agent-service.ts
- Remove unused MessageSquare icon from kanban-card.tsx
- Consolidate duplicate React imports in hotkey-button.tsx
- Update test file imports to use @automaker/* packages
- Update 12 test files to import from @automaker/utils
- Update 2 test files to import from @automaker/platform
- Update 1 test file to import from @automaker/model-resolver
- Update dependency-resolver.test.ts imports
- Update providers/types imports to @automaker/types
VERIFICATION:
- Server builds successfully ✓
- All 6 shared packages build correctly ✓
- Test imports updated and verified ✓
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Updated 150+ files to import from @automaker/* packages
- Server imports now use @automaker/utils, @automaker/platform, @automaker/types, @automaker/model-resolver, @automaker/dependency-resolver, @automaker/git-utils
- UI imports now use @automaker/dependency-resolver and @automaker/types
- Deleted duplicate dependency-resolver files (222 lines eliminated)
- Updated dependency-resolver to use ES modules for Vite compatibility
- Added type annotation fix in auto-mode-service.ts
- Updated feature-loader to re-export Feature type from @automaker/types
- Both server and UI builds successfully verified
Phase 1 of server refactoring complete.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Resolved conflict in apps/ui/tests/worktree-integration.spec.ts:
- Kept assertion verifying worktreePath is undefined (consistent with pattern)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated branchName assignment to use nullish coalescing, ensuring that unassigned features are correctly set to null instead of an empty string. This change improves the handling of feature states during the update process.
- Consolidated imports in session-manager.tsx for cleaner code.
- Improved state initialization formatting for better readability.
- Updated board-view.tsx to enhance feature management, including the use of refs to track running tasks and prevent unnecessary effect re-runs.
- Added affectedFeatureCount prop to DeleteWorktreeDialog for better user feedback on feature assignments.
- Refactored useBoardActions to ensure worktrees are created when features are added or updated, improving overall workflow efficiency.
Context files from .automaker/context/ (CLAUDE.md, CODE_QUALITY.md, etc.)
are now passed as system prompt instead of prepending to user prompt.
This ensures the agent follows project-specific rules like package manager
preferences (pnpm vs npm) and coding conventions.
Changes:
- Add getContextDir() utility to automaker-paths.ts
- Add loadContextFiles() method to load .md/.txt files from context dir
- Pass context as systemPrompt in executeFeature() and followUpFeature()
- Add debug logging to confirm system prompt is provided
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When executeFeatureWithContext calls executeFeature with a continuation
prompt, skip the context existence check to avoid the loop:
executeFeature -> resumeFeature -> executeFeatureWithContext -> executeFeature
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When executeFeatureWithContext calls executeFeature with a continuation
prompt, skip the context existence check to avoid the loop:
executeFeature -> resumeFeature -> executeFeatureWithContext -> executeFeature
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Refactored DialogContent component to use forwardRef for better integration with refs.
- Enhanced auto mode service by introducing an auto loop for processing features concurrently.
- Updated error handling and feature management logic to streamline operations.
- Cleaned up code formatting and improved readability across various components and services.
- Added new RadioGroup and Switch components for better UI interaction.
- Introduced BranchSelector for improved branch selection in feature dialogs.
- Updated Autocomplete and BranchAutocomplete components to handle error states.
- Refactored feature management to archive verified features instead of deleting them.
- Enhanced worktree handling by removing worktreePath from features, relying on branchName instead.
- Improved auto mode functionality by integrating branch management and worktree updates.
- Cleaned up unused code and optimized existing logic for better performance.
- Introduced TaskProgressPanel to display task execution status in the AgentOutputModal.
- Enhanced useAutoMode hook to emit events for task start, completion, and phase completion.
- Updated AutoModeEvent type to include new task-related events.
- Implemented task parsing from generated specifications to track progress accurately.
- Improved auto mode service to handle task progress updates and emit relevant events.
- Introduced PlanApprovalDialog for reviewing and approving feature plans.
- Added state management for pending plan approvals and loading states.
- Enhanced BoardView to handle plan approval actions, including approve and reject functionalities.
- Updated KanbanCard and KanbanBoard components to include buttons for viewing and approving plans.
- Integrated plan approval logic into the auto mode service, allowing for user feedback and plan edits.
- Updated app state to manage default plan approval settings and integrate with existing feature workflows.
- Introduced a new TodoListRenderer component to display parsed todo items with status indicators and colors.
- Implemented a parseTodoContent function to extract todo items from TodoWrite JSON content.
- Enhanced LogEntryItem to conditionally render todo items when a TodoWrite entry is detected, improving log entry clarity and usability.
- Updated UI to visually differentiate between todo item statuses, enhancing user experience in task tracking.
- Introduced support for <summary> tags in log entries, allowing for better organization and parsing of summary content.
- Updated the detectEntryType function to recognize <summary> tags as a preferred format for summaries.
- Implemented summary accumulation logic to handle content between <summary> and </summary> tags.
- Modified the prompt in auto-mode service to instruct users to wrap their summaries in <summary> tags for consistency in log output.
- Added tool category icons and colors for log entries based on their metadata, improving visual differentiation.
- Implemented search functionality and filters for log entry types and tool categories, allowing users to customize their view.
- Enhanced log entry parsing to include tool-specific summaries and file paths, providing more context in the logs.
- Introduced a clear filters button to reset search and category filters, improving user experience.
- Updated the log viewer UI to accommodate new features, including a sticky header for better accessibility.
- Removed the saveOutput function from AgentOutputModal to streamline state management, ensuring local state updates without direct file writes.
- Introduced a debounced file writing mechanism in the auto-mode service to handle incremental updates to agent output, improving performance and reliability.
- Enhanced error handling during file writes to prevent execution interruptions and ensure all content is saved correctly.
- Added a new PlanningMode feature to manage default planning strategies for features.
- Updated the FeatureDefaultsSection to include a dropdown for selecting the default planning mode.
- Enhanced AddFeatureDialog and EditFeatureDialog to support planning mode selection and state management.
- Introduced PlanningModeSelector component for better user interaction with planning modes.
- Updated app state management to include default planning mode and related specifications.
- Refactored various UI components to ensure compatibility with new planning mode features.
- Modified the resumeFeature method across multiple files to accept an optional useWorktrees parameter, defaulting to false for improved control over worktree usage.
- Updated related hooks and service methods to ensure consistent handling of the new parameter.
- Enhanced server route logic to reflect the change, ensuring worktrees are only utilized when explicitly enabled.
- Introduced a new Autocomplete component for improved user experience in selecting options across various UI components.
- Refactored BranchAutocomplete and CategoryAutocomplete to utilize the new Autocomplete component, streamlining code and enhancing maintainability.
- Updated Playwright configuration to support mock agent functionality during CI/CD, allowing for simulated API interactions without real calls.
- Added comprehensive end-to-end tests for feature lifecycle, ensuring robust validation of the complete feature management process.
- Enhanced auto-mode service to support mock responses, improving testing efficiency and reliability.
- Updated the worktree creation and retrieval logic to resolve paths to absolute for improved cross-platform compatibility.
- Ensured that provided worktree paths are validated and resolved correctly, preventing issues on different operating systems.
- Refactored existing functions to consistently return absolute paths, enhancing reliability across Windows, macOS, and Linux environments.
- Added functionality to check for existing worktrees for a branch before creating a new one in the create worktree endpoint.
- Introduced a helper function to find existing worktrees by parsing the output of `git worktree list`.
- Updated the auto mode service to utilize the new worktree checking logic, improving efficiency and user experience.
- Removed redundant checks for existing worktrees to streamline the creation process.
