* fix(copilot): correct tool.execution_complete event handling
The CopilotProvider was using incorrect event type and data structure
for tool execution completion events from the @github/copilot-sdk,
causing tool call outputs to be empty.
Changes:
- Update event type from 'tool.execution_end' to 'tool.execution_complete'
- Fix data structure to use nested result.content instead of flat result
- Fix error structure to use error.message instead of flat error
- Add success field to match SDK event structure
- Add tests for empty and missing result handling
This aligns with the official @github/copilot-sdk v0.1.16 types
defined in session-events.d.ts.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* test(copilot): add edge case test for error with code field
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* refactor(copilot): improve error handling and code quality
Code review improvements:
- Extract magic string '[ERROR]' to TOOL_ERROR_PREFIX constant
- Add null-safe error handling with direct error variable assignment
- Include error codes in error messages for better debugging
- Add JSDoc documentation for tool.execution_complete handler
- Update tests to verify error codes are displayed
- Add missing tool_use_id assertion in error test
These changes improve:
- Code maintainability (no magic strings)
- Debugging experience (error codes now visible)
- Type safety (explicit null checks)
- Test coverage (verify error code formatting)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Changes from fix/bug-fixes-1-0
* test(copilot): add edge case test for error with code field
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Changes from fix/bug-fixes-1-0
* fix: Handle detached HEAD state in worktree discovery and recovery
* fix: Remove unused isDevServerStarting prop and md: breakpoint classes
* fix: Add missing dependency and sanitize persisted cache data
* feat: Ensure NODE_ENV is set to test in vitest configs
* feat: Configure Playwright to run only E2E tests
* fix: Improve PR tracking and dev server lifecycle management
* feat: Add settings-based defaults for planning mode, model config, and custom providers. Fixes#816
* feat: Add worktree and branch selector to graph view
* fix: Add timeout and error handling for worktree HEAD ref resolution
* fix: use absolute icon path and place icon outside asar on Linux
The hicolor icon theme index only lists sizes up to 512x512, so an icon
installed only at 1024x1024 is invisible to GNOME/KDE's theme resolver,
causing both the app launcher and taskbar to show a generic icon.
Additionally, BrowserWindow.icon cannot be read by the window manager
when the file is inside app.asar.
- extraResources: copy logo_larger.png to resources/ (outside asar) so
it lands at /opt/Automaker/resources/logo_larger.png on install
- linux.desktop.Icon: set to the absolute resources path, bypassing the
hicolor theme lookup and its size constraints entirely
- icon-manager.ts: on Linux production use process.resourcesPath so
BrowserWindow receives a real filesystem path the WM can read directly
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: use linux.desktop.entry for custom desktop Icon field
electron-builder v26 rejects arbitrary keys in linux.desktop — the
correct schema wraps custom .desktop overrides inside desktop.entry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: set desktop name on Linux so taskbar uses the correct app icon
Without app.setDesktopName(), the window manager cannot associate the
running Electron process with automaker.desktop. GNOME/KDE fall back to
_NET_WM_ICON which defaults to Electron's own bundled icon.
Calling app.setDesktopName('automaker.desktop') before any window is
created sets the _GTK_APPLICATION_ID hint and XDG app_id so the WM
picks up the desktop entry's Icon for the taskbar.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix: memory and context views mobile friendly (#818)
* Changes from fix/memory-and-context-mobile-friendly
* fix: Improve file extension detection and add path traversal protection
* refactor: Extract file extension utilities and add path traversal guards
Code review improvements:
- Extract isMarkdownFilename and isImageFilename to shared image-utils.ts
- Remove duplicated code from context-view.tsx and memory-view.tsx
- Add path traversal guard for context fixture utilities (matching memory)
- Add 7 new tests for context fixture path traversal protection
- Total 61 tests pass
Addresses code review feedback from PR #813
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: Add e2e tests for profiles crud and board background persistence
* Update apps/ui/playwright.config.ts
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: Add robust test navigation handling and file filtering
* fix: Format NODE_OPTIONS configuration on single line
* test: Update profiles and board background persistence tests
* test: Replace iPhone 13 Pro with Pixel 5 for mobile test consistency
* Update apps/ui/src/components/views/context-view.tsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore: Remove test project directory
* feat: Filter context files by type and improve mobile menu visibility
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: Improve test reliability and localhost handling
* chore: Use explicit TEST_USE_EXTERNAL_BACKEND env var for server cleanup
* feat: Add E2E/CI mock mode for provider factory and auth verification
* feat: Add remoteBranch parameter to pull and rebase operations
* chore: Enhance E2E testing setup with worker isolation and auth state management
- Updated .gitignore to include worker-specific test fixtures.
- Modified e2e-tests.yml to implement test sharding for improved CI performance.
- Refactored global setup to authenticate once and save session state for reuse across tests.
- Introduced worker-isolated fixture paths to prevent conflicts during parallel test execution.
- Improved test navigation and loading handling for better reliability.
- Updated various test files to utilize new auth state management and fixture paths.
* fix: Update Playwright configuration and improve test reliability
- Increased the number of workers in Playwright configuration for better parallelism in CI environments.
- Enhanced the board background persistence test to ensure dropdown stability by waiting for the list to populate before interaction, improving test reliability.
* chore: Simplify E2E test configuration and enhance mock implementations
- Updated e2e-tests.yml to run tests in a single shard for streamlined CI execution.
- Enhanced unit tests for worktree list handling by introducing a mock for execGitCommand, improving test reliability and coverage.
- Refactored setup functions to better manage command mocks for git operations in tests.
- Improved error handling in mkdirSafe function to account for undefined stats in certain environments.
* refactor: Improve test configurations and enhance error handling
- Updated Playwright configuration to clear VITE_SERVER_URL, ensuring the frontend uses the Vite proxy and preventing cookie domain mismatches.
- Enhanced MergeRebaseDialog logic to normalize selectedBranch for better handling of various ref formats.
- Improved global setup with a more robust backend health check, throwing an error if the backend is not healthy after retries.
- Refactored project creation tests to handle file existence checks more reliably.
- Added error handling for missing E2E source fixtures to guide setup process.
- Enhanced memory navigation to handle sandbox dialog visibility more effectively.
* refactor: Enhance Git command execution and improve test configurations
- Updated Git command execution to merge environment paths correctly, ensuring proper command execution context.
- Refactored the Git initialization process to handle errors more gracefully and ensure user configuration is set before creating the initial commit.
- Improved test configurations by updating Playwright test identifiers for better clarity and consistency across different project states.
- Enhanced cleanup functions in tests to handle directory removal more robustly, preventing errors during test execution.
* fix: Resolve React hooks errors from duplicate instances in dependency tree
* style: Format alias configuration for improved readability
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: DhanushSantosh <dhanushsantoshs05@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- .gitignore: add missing trailing newline
- Dockerfile: remove misleading || echo fallback in Playwright install
- index.ts: truncate long paths from beginning instead of end in warning box
- verify-claude-auth.ts: use effectiveAuthMethod to prevent undefined authType
- agent-context-parser.ts: handle claude-opus alias as Opus 4.6
- thinking-level-selector.tsx: improve model prop documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Enhanced getClaudeAuthIndicators() to return detailed check information
including file paths checked and specific error details for debugging
- Added debug logging to server startup credential detection for easier
troubleshooting in Docker environments
- Show paths that were checked in the warning message to help users debug
mount issues
- Added support for CLAUDE_CODE_OAUTH_TOKEN environment variable
- Return authType in verify-claude-auth response to distinguish between
OAuth and CLI authentication methods
- Updated UI to show specific success messages for Claude Code subscription
vs generic CLI auth
- Added Docker troubleshooting tips to sandbox risk dialog
- Added comprehensive unit tests for OAuth credential detection scenarios
Closes#721🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add GitHub Copilot SDK provider integration
Adds comprehensive GitHub Copilot SDK provider support including:
- CopilotProvider class with CLI detection and OAuth authentication check
- Copilot models definition with GPT-4o, Claude, and o1/o3 series models
- Settings UI integration with provider tab, model configuration, and navigation
- Onboarding flow integration with Copilot setup step
- Model selector integration for all phase-specific model dropdowns
- Persistence of enabled models and default model settings via API sync
- Server route for Copilot CLI status endpoint
https://claude.ai/code/session_01D26w7ZyEzP4H6Dor3ttk9d
* chore: update package-lock.json
https://claude.ai/code/session_01D26w7ZyEzP4H6Dor3ttk9d
* refactor: rename Copilot SDK to Copilot CLI and use GitHub icon
- Update all references from "GitHub Copilot SDK" to "GitHub Copilot CLI"
- Change install command from @github/copilot-sdk to @github/copilot
- Update CopilotIcon to use official GitHub Octocat logo
- Update error codes and comments throughout codebase
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: update Copilot model definitions and add dynamic model discovery
- Update COPILOT_MODEL_MAP with correct models from CLI (claude-sonnet-4.5,
claude-haiku-4.5, claude-opus-4.5, claude-sonnet-4, gpt-5.x series, gpt-4.1,
gemini-3-pro-preview)
- Change default Copilot model to copilot-claude-sonnet-4.5
- Add model caching methods to CopilotProvider (hasCachedModels,
clearModelCache, refreshModels)
- Add API routes for dynamic model discovery:
- GET /api/setup/copilot/models
- POST /api/setup/copilot/models/refresh
- POST /api/setup/copilot/cache/clear
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: use @github/copilot-sdk instead of direct CLI calls
- Install @github/copilot-sdk package for proper SDK integration
- Rewrite CopilotProvider to use SDK's CopilotClient API
- Use client.createSession() for session management
- Handle SDK events (assistant.message, tool.execution_*, session.idle)
- Auto-approve permissions for autonomous agent operation
- Remove incorrect CLI flags (--mode, --output-format)
- Update default model to claude-sonnet-4.5
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add Copilot and Gemini model support to model resolver
- Import isCopilotModel and isGeminiModel from types
- Add explicit checks for copilot- and gemini- prefixed models
- Pass through Copilot/Gemini models unchanged to their providers
- Update resolver documentation to list all supported providers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: pass working directory to Copilot SDK and reduce event noise
- Create CopilotClient per execution with correct cwd from options.cwd
- This ensures the CLI operates in the correct project directory, not the
server's current directory
- Skip assistant.message_delta events (they create excessive noise)
- Only yield the final assistant.message event which has complete content
- Clean up client on completion and error paths
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: simplify Copilot SDK execution with sendAndWait
- Use sendAndWait() instead of manual event polling for more reliable
execution
- Disable streaming (streaming: false) to simplify response handling
- Increase timeout to 10 minutes for agentic operations
- Still capture tool execution events for UI display
- Add more debug logging for troubleshooting
- This should fix the "invalid_request_body" error on subsequent calls
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: allow Copilot model IDs with claude-, gemini-, gpt- prefixes
Copilot's bare model IDs legitimately contain prefixes like claude-,
gemini-, gpt- because those are the actual model names from the
Copilot CLI (e.g., claude-sonnet-4.5, gemini-3-pro-preview, gpt-5.1).
The generic validateBareModelId function was incorrectly rejecting
these valid model IDs. Now we only check that the copilot- prefix
has been stripped by the ProviderFactory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: enable real-time streaming of tool events for Copilot
- Switch back to streaming mode (streaming: true) for real-time events
- Use async queue pattern to bridge SDK callbacks to async generator
- Events are now yielded as they happen, not batched at the end
- Tool calls (Read, Write, Edit, Bash, TodoWrite, etc.) show in real-time
- Better progress visibility during agentic operations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: expand Copilot tool name and input normalization
Tool name mapping additions:
- view → Read (Copilot's file viewing tool)
- create_file → Write
- replace, patch → Edit
- run_shell_command, terminal → Bash
- search_file_content → Grep
- list_directory → Ls
- google_web_search → WebSearch
- report_intent → ReportIntent (Copilot-specific planning)
- think, plan → Think, Plan
Input normalization improvements:
- Read/Write/Edit: Map file, filename, filePath → file_path
- Bash: Map cmd, script → command
- Grep: Map query, search, regex → pattern
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: convert git+ssh to git+https in package-lock.json
The @electron/node-gyp dependency was resolved with a git+ssh URL
which fails in CI environments without SSH keys. Convert to HTTPS.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address code review feedback for Copilot SDK provider
- Add guard for non-text prompts (vision not yet supported)
- Clear runtime model cache on fetch failure
- Fix race condition in async queue error handling
- Import CopilotAuthStatus from shared types
- Fix comment mismatch for default model constant
- Add auth-copilot and deauth-copilot routes
- Extract shared tool normalization utilities
- Create base model configuration UI component
- Add comprehensive unit tests for CopilotProvider
- Replace magic strings with constants
- Add debug logging for cleanup errors
* fix: address CodeRabbit review nitpicks
- Fix test mocks to include --version check for CLI detection
- Add aria-label for accessibility on refresh button
- Ensure default model checkbox always appears checked/enabled
* fix: address CodeRabbit review feedback
- Fix test mocks by creating fresh provider instances after mock setup
- Extract COPILOT_DISCONNECTED_MARKER_FILE constant to common.ts
- Add AUTONOMOUS MODE comment explaining auto-approval of permissions
- Improve tool-normalization with union types and null guards
- Handle 'canceled' (American spelling) status in todo normalization
* refactor: extract copilot connection logic to service and fix test mocks
- Create copilot-connection-service.ts with connect/disconnect logic
- Update auth-copilot and deauth-copilot routes to use service
- Fix test mocks for CLI detection:
- Mock fs.existsSync for CLI path validation
- Mock which/where command for CLI path detection
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add Gemini CLI provider for AI model execution
- Add GeminiProvider class extending CliProvider for Gemini CLI integration
- Add Gemini models (Gemini 3 Pro/Flash Preview, 2.5 Pro/Flash/Flash-Lite)
- Add gemini-models.ts with model definitions and types
- Update ModelProvider type to include 'gemini'
- Add isGeminiModel() to provider-utils.ts for model detection
- Register Gemini provider in provider-factory with priority 4
- Add Gemini setup detection routes (status, auth, deauth)
- Add GeminiCliStatus to setup store for UI state management
- Add Gemini to PROVIDER_ICON_COMPONENTS for UI icon display
- Add GEMINI_MODELS to model-display for dropdown population
- Support thinking levels: off, low, medium, high
Based on https://github.com/google-gemini/gemini-cli
* chore: update package-lock.json
* feat(ui): add Gemini provider to settings and setup wizard
- Add GeminiCliStatus component for CLI detection display
- Add GeminiSettingsTab component for global settings
- Update provider-tabs.tsx to include Gemini as 5th tab
- Update providers-setup-step.tsx with Gemini provider detection
- Add useGeminiCliStatus hook for querying CLI status
- Add getGeminiStatus, authGemini, deauthGemini to HTTP API client
- Add gemini query key for React Query
- Fix GeminiModelId type to not double-prefix model IDs
* feat(ui): add Gemini to settings sidebar navigation
- Add 'gemini-provider' to SettingsViewId type
- Add GeminiIcon and gemini-provider to navigation config
- Add gemini-provider to NAV_ID_TO_PROVIDER mapping
- Add gemini-provider case in settings-view switch
- Export GeminiSettingsTab from providers index
This fixes the missing Gemini entry in the AI Providers sidebar menu.
* feat(ui): add Gemini model configuration in settings
- Create GeminiModelConfiguration component for model selection
- Add enabledGeminiModels and geminiDefaultModel state to app-store
- Add setEnabledGeminiModels, setGeminiDefaultModel, toggleGeminiModel actions
- Update GeminiSettingsTab to show model configuration when CLI is installed
- Import GeminiModelId and getAllGeminiModelIds from types
This adds the ability to configure which Gemini models are available
in the feature modal, similar to other providers like Codex and OpenCode.
* feat(ui): add Gemini models to all model dropdowns
- Add GEMINI_MODELS to model-constants.ts for UI dropdowns
- Add Gemini to ALL_MODELS array used throughout the app
- Add GeminiIcon to PROFILE_ICONS mapping
- Fix GEMINI_MODELS in model-display.ts to use correct model IDs
- Update getModelDisplayName to handle Gemini models correctly
Gemini models now appear in all model selection dropdowns including
Model Defaults, Feature Defaults, and feature card settings.
* fix(gemini): fix CLI integration and event handling
- Fix model ID prefix handling: strip gemini- prefix in agent-service,
add it back in buildCliArgs for CLI invocation
- Fix event normalization to match actual Gemini CLI output format:
- type: 'init' (not 'system')
- type: 'message' with role (not 'assistant')
- tool_name/tool_id/parameters/output field names
- Add --sandbox false and --approval-mode yolo for faster execution
- Remove thinking level selector from UI (Gemini CLI doesn't support it)
- Update auth status to show errors properly
* test: update provider-factory tests for Gemini provider
- Add GeminiProvider import and spy mock
- Update expected provider count from 4 to 5
- Add test for GeminiProvider inclusion
- Add gemini key to checkAllProviders test
* fix(gemini): address PR review feedback
- Fix npm package name from @anthropic-ai/gemini-cli to @google/gemini-cli
- Fix comments in gemini-provider.ts to match actual CLI output format
- Convert sync fs operations to async using fs/promises
* fix(settings): add Gemini and Codex settings to sync
Add enabledGeminiModels, geminiDefaultModel, enabledCodexModels, and
codexDefaultModel to SETTINGS_FIELDS_TO_SYNC for persistence across sessions.
* fix(gemini): address additional PR review feedback
- Use 'Speed' badge for non-thinking Gemini models (consistency)
- Fix installCommand mapping in gemini-settings-tab.tsx
- Add hasEnvApiKey to GeminiCliStatus interface for API parity
- Clarify GeminiThinkingLevel comment (CLI doesn't support --thinking-level)
* fix(settings): restore Codex and Gemini settings from server
Add sanitization and restoration logic for enabledCodexModels,
codexDefaultModel, enabledGeminiModels, and geminiDefaultModel
in refreshSettingsFromServer() to match the fields in SETTINGS_FIELDS_TO_SYNC.
* feat(gemini): normalize tool names and fix workspace restrictions
- Add tool name mapping to normalize Gemini CLI tool names to standard
names (e.g., write_todos -> TodoWrite, read_file -> Read)
- Add normalizeGeminiToolInput to convert write_todos format to TodoWrite
format (description -> content, handle cancelled status)
- Pass --include-directories with cwd to fix workspace restriction errors
when Gemini CLI has a different cached workspace from previous sessions
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Add OpenAI API key storage to store-api-key handler
- Include Google/OpenAI key status in credentials API responses
- Add unified ModelId type for Claude, Codex, Cursor, OpenCode, and dynamic providers
- Update PhaseModelEntry to support all provider model types
- Replace busy-wait loop in refreshModels with Promise-based approach
- Remove duplicate error logging in opencode-models.ts handlers
- Fix multi-slash parsing in provider-icon.tsx (only handle exactly one slash)
- Use dynamic icon resolution for selected OpenCode model in trigger
- Fix misleading comment about merge precedence (static takes precedence)
- Add enabledOpencodeModels and opencodeDefaultModel to settings sync
- Add clarifying comments about session-only dynamic model settings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update isOpencodeModel() to detect dynamic models with provider/model format
(e.g., github-copilot/gpt-4o, google/gemini-2.5-pro, zai-coding-plan/glm-4.7)
- Update resolveModelString() to recognize and pass through OpenCode models
- Update enhance route to route OpenCode models to OpenCode provider
- Fix OpenCode CLI command format: use --format json (not stream-json)
- Remove unsupported -q and - flags from CLI arguments
- Update normalizeEvent() to handle actual OpenCode JSON event format
- Add dynamic model configuration UI with provider grouping
- Cache providers and models in app store for snappier navigation
- Show authenticated providers in OpenCode CLI status card
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Combined CLI disconnection markers with OpenCode support
- Added OpenCode auth/deauth routes and API methods
- Resolved merge conflicts between feature branch and upstream v0.9.0rc
- Fix Claude, Codex, and Cursor auth handlers to check if CLI is already authenticated
- Use same detection logic as each provider's internal checkAuth/codexAuthIndicators()
- For Codex: Check for API keys and auth files before requiring manual login
- For Cursor: Check for env var and credentials files before requiring manual auth
- For Claude: Check for cached auth tokens, settings, and credentials files
- If CLI is already authenticated: Just reconnect by removing disconnected marker
- If CLI needs auth: Tell user to manually run login command
- This prevents timeout errors when login commands can't run in non-interactive mode
- Added OpenCode authentication status check to the OpencodeProvider class.
- Introduced OpenCodeAuthStatus interface to manage authentication states.
- Updated detectInstallation method to include authentication status in the response.
- Created ProvidersSetupStep component to consolidate provider setup UI, including Claude, Cursor, Codex, and OpenCode.
- Refactored setup view to streamline navigation and improve user experience.
- Enhanced OpenCode CLI integration with updated installation paths and authentication checks.
This commit enhances the setup process by allowing users to configure and authenticate multiple AI providers, improving overall functionality and user experience.
- Implemented OpenCode CLI installation and authentication status check.
- Added new route for OpenCode status in setup routes.
- Updated HttpApiClient to include method for fetching OpenCode status.
- Enhanced system paths to include OpenCode's default installation directories.
This commit introduces functionality to check the installation and authentication status of the OpenCode CLI, improving integration with the overall system.
- Added a new utility for checking Codex CLI authentication status using the 'codex login status' command.
- Integrated the authentication check into the CodexProvider's installation detection and authentication methods.
- Updated Codex CLI status display in the UI to reflect authentication status and method.
- Enhanced error handling and logging for better debugging during authentication checks.
- Refactored related components to ensure consistent handling of authentication across the application.
- Introduced a new method to check Codex authentication status, allowing for better handling of API keys and OAuth tokens.
- Updated API key management to include OpenAI, enabling users to manage their keys more effectively.
- Enhanced the CodexProvider to support session ID tracking and deduplication of text blocks in assistant messages.
- Improved error handling and logging in authentication routes, providing clearer feedback to users.
These changes improve the overall user experience and security of the Codex integration, ensuring smoother authentication processes and better management of API keys.
- Added optional API keys for OpenAI and Cursor to the .env.example file.
- Implemented API key validation in CursorProvider to ensure valid keys are used.
- Introduced rate limiting in Claude and Codex authentication routes to prevent abuse.
- Created secure environment handling for authentication without modifying process.env.
- Improved error handling and logging for authentication processes, enhancing user feedback.
These changes improve the security and reliability of the authentication mechanisms across the application.
- Add getCliPath() public method to CursorProvider to avoid private field access
- Add path validation to cursor-config routes to prevent traversal attacks
- Add supportsVision field to CursorModelConfig (all false - CLI limitation)
- Consolidate duplicate types in providers/types.ts (re-export from @automaker/types)
- Add MCP servers warning log instead of error (not yet supported by Cursor CLI)
- Fix debug log type safety (replace 'as any' with proper type narrowing)
- Update docs to remove non-existent tier field, add supportsVision field
- Remove outdated TODO comment in sdk-options.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Carefully merged latest changes from main branch into the Cursor CLI integration
branch. This merge brings in important improvements and fixes while preserving
all Cursor-related functionality.
Key changes from main:
- Sandbox mode security improvements and cloud storage compatibility
- Version-based settings migrations (v2 schema)
- Port configuration centralization
- System paths utilities for CLI detection
- Enhanced error handling in HttpApiClient
- Windows MCP process cleanup fixes
- New validation and build commands
- GitHub issue templates and release process improvements
Resolved conflicts in:
- apps/server/src/routes/context/routes/describe-image.ts
(Combined Cursor provider routing with secure-fs imports)
- apps/server/src/services/auto-mode-service.ts
(Merged failure tracking with raw output logging)
- apps/server/tests/unit/services/terminal-service.test.ts
(Updated to async tests with systemPathExists mocking)
- libs/platform/src/index.ts
(Combined WSL utilities with system-paths exports)
- libs/types/src/settings.ts
(Merged DEFAULT_PHASE_MODELS with SETTINGS_VERSION constants)
All Cursor CLI integration features remain intact including:
- CursorProvider and CliProvider base class
- Phase-based model configuration
- Provider registry and factory patterns
- WSL support for Windows
- Model override UI components
- Cursor-specific settings and configurations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Introduced a restricted file system wrapper to ensure all file operations are confined to the script's directory, enhancing security.
- Updated various modules to utilize the new secure file system methods, replacing direct fs calls with validated operations.
- Enhanced path validation in the server routes and context loaders to prevent unauthorized access to the file system.
- Adjusted environment variable handling to use centralized methods for reading and writing API keys, ensuring consistent security practices.
This change improves the overall security posture of the application by enforcing strict file access controls and validating paths before any operations are performed.
Merges latest main branch changes including:
- MCP server support and configuration
- Pipeline configuration system
- Prompt customization settings
- GitHub issue comments in validation
- Auth middleware improvements
- Various UI/UX improvements
All Cursor CLI features preserved:
- Multi-provider support (Claude + Cursor)
- Model override capabilities
- Phase model configuration
- Provider tabs in settings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added new routes and handlers for managing Cursor CLI permissions, including:
- GET /api/setup/cursor-permissions: Retrieve current permissions configuration and available profiles.
- POST /api/setup/cursor-permissions/profile: Apply a predefined permission profile (global or project).
- POST /api/setup/cursor-permissions/custom: Set custom permissions for a project.
- DELETE /api/setup/cursor-permissions: Delete project-level permissions, reverting to global settings.
- GET /api/setup/cursor-permissions/example: Provide an example config file for a specified profile.
Also introduced a new service for handling Cursor CLI configuration files and updated the UI to support permissions management.
Affected files:
- Added new routes in index.ts and cursor-config.ts
- Created cursor-config-service.ts for permissions management logic
- Updated UI components to display and manage permissions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
- Add optional apiKey parameter to verifyClaudeAuth endpoint
- Backend uses provided key when available, falls back to stored key
- Frontend passes current input value to test unsaved keys
- Add input validation before testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Upgraded base and server images in Dockerfile from Node.js 20 to 22-alpine for better performance and security.
- Replaced wget with curl in the health check command for improved reliability.
- Enhanced README with detailed Docker deployment instructions, including configuration for API key and Claude CLI authentication, and examples for working with projects and GitHub CLI authentication.
This update ensures a more secure and efficient Docker setup for the application.
Use gh api user to verify authentication instead of gh auth status,
which can return non-zero even when GH_TOKEN is valid (due to stale
config file entries).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implemented new routes for managing Cursor CLI configuration, including getting current settings and updating default models.
- Created status endpoint to check Cursor CLI installation and authentication status.
- Updated HttpApiClient to include methods for interacting with the new Cursor API endpoints.
- Marked completion of the setup routes and status endpoints phase in the integration plan.
Removed all references to OPENAI_API_KEY and GOOGLE_API_KEY since only
Claude (Anthropic) provider is implemented. These were placeholder references
for future providers that don't exist yet.
Changes:
- Removed OPENAI_API_KEY and GOOGLE_API_KEY from docker-compose.yml
- Removed from .env and .env.example files
- Updated setup/routes/store-api-key.ts to only support anthropic
- Updated setup/routes/delete-api-key.ts to only support anthropic
- Updated setup/routes/api-keys.ts to only return anthropic key status
- Updated models/routes/providers.ts to only list anthropic provider
- Updated auto-mode-service.ts error message to only reference ANTHROPIC_API_KEY
Backend test results: 653/653 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Updated 150+ files to import from @automaker/* packages
- Server imports now use @automaker/utils, @automaker/platform, @automaker/types, @automaker/model-resolver, @automaker/dependency-resolver, @automaker/git-utils
- UI imports now use @automaker/dependency-resolver and @automaker/types
- Deleted duplicate dependency-resolver files (222 lines eliminated)
- Updated dependency-resolver to use ES modules for Vite compatibility
- Added type annotation fix in auto-mode-service.ts
- Updated feature-loader to re-export Feature type from @automaker/types
- Both server and UI builds successfully verified
Phase 1 of server refactoring complete.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Refactored DialogContent component to use forwardRef for better integration with refs.
- Enhanced auto mode service by introducing an auto loop for processing features concurrently.
- Updated error handling and feature management logic to streamline operations.
- Cleaned up code formatting and improved readability across various components and services.
- Refactored BoardView and WorktreeSelector components for improved readability and maintainability, including consistent formatting and structure.
- Updated feature handling to ensure correct worktree assignment and reset logic when worktrees are deleted, enhancing user experience.
- Enhanced KanbanCard to display priority badges with improved styling and layout.
- Removed deprecated revert feature logic from the server and client, streamlining the codebase.
- Introduced new tests for feature lifecycle and worktree integration, ensuring robust functionality and error handling.
- Introduced a new GitHubSetupStep component for GitHub CLI configuration during the setup process.
- Updated SetupView to include the GitHub step in the setup flow, allowing users to skip or proceed based on their GitHub CLI status.
- Enhanced state management to track GitHub CLI installation and authentication status.
- Added logging for transitions between setup steps to improve user feedback.
- Updated related files to ensure cross-platform path normalization and compatibility.
Previously, the Claude CLI detection failed on Windows due to:
1. Shell command incompatibility
- Used 'which claude || where claude 2>/dev/null' which fails on Windows
- 'which' doesn't exist on Windows
- '2>/dev/null' is Unix syntax (Windows uses '2>nul')
- Now uses platform-specific commands: 'where' on Windows, 'which' on Unix
2. Missing Windows fallback paths
- Only checked Unix paths like ~/.local/bin/claude
- Added Windows-specific paths:
* %USERPROFILE%\.local\bin\claude.exe
* %APPDATA%\npm\claude.cmd
* %USERPROFILE%\.npm-global\bin\claude.cmd
3. Credentials file detection
- Only checked for 'credentials.json'
- Claude CLI on Windows uses '.credentials.json' (hidden file)
- Now checks both '.credentials.json' and 'credentials.json'
Additional improvements:
- Handle 'where' command returning multiple paths (takes first match)
- Maintains full backward compatibility with Linux and macOS
- Added error logging for failed JSON parsing in the suggestions generation route to improve debugging capabilities.
- This change ensures that any parsing errors are captured and logged, aiding in the identification of issues with AI response handling.
- Made the generation status variables private and introduced getter functions for both spec and suggestions generation states.
- Updated relevant route handlers to utilize the new getter functions, improving encapsulation and reducing direct access to shared state.
- Enhanced code maintainability by centralizing state management logic.
- Introduced a new common utility module for error handling, providing consistent methods for retrieving error messages and logging errors.
- Updated individual route modules to utilize the shared error handling functions, reducing code duplication and improving maintainability.
- Ensured all routes now log errors in a standardized format, enhancing debugging and monitoring capabilities.
