Replace Unix-only 'expect' command with node-pty library which works
on Windows, macOS, and Linux. Also fixes 'which' command to use 'where'
on Windows for checking if Claude CLI is available.
Adds a Claude usage tracking feature that displays session, weekly, and Sonnet usage stats. Uses the Claude CLI's /usage command to fetch data (no API key required).
Features:
- Usage popover in board header showing session, weekly, and Sonnet limits
- Progress bars with color-coded status (green/orange/red)
- Auto-refresh with configurable interval
- Caching of usage data with stale indicator
- Settings section for refresh interval configuration
Server:
- ClaudeUsageService: Executes Claude CLI via PTY (expect) to fetch usage
- New /api/claude/usage endpoint
UI:
- ClaudeUsagePopover component with usage cards
- ClaudeUsageSection in settings for configuration
- Integration with app store for persistence
This commit introduces several improvements to the security and file handling mechanisms across the application. Key changes include:
- Updated the Dockerfile to pin the GitHub CLI version for reproducible builds.
- Refactored the secure file system operations to ensure consistent path validation and type handling.
- Removed legacy path management functions and streamlined the allowed paths logic in the security module.
- Enhanced route handlers to validate path parameters against the ALLOWED_ROOT_DIRECTORY, improving security against unauthorized access.
- Updated the settings service to focus solely on the Anthropic API key, removing references to Google and OpenAI keys.
These changes aim to enhance security, maintainability, and clarity in the codebase.
Tests: All unit tests passing.
This commit refactors the handling of ALLOWED_ROOT_DIRECTORY by removing legacy support for ALLOWED_PROJECT_DIRS and simplifying the security logic. Key changes include:
- Removed deprecated ALLOWED_PROJECT_DIRS references from .env.example and security.ts.
- Updated initAllowedPaths() to focus solely on ALLOWED_ROOT_DIRECTORY and DATA_DIR.
- Enhanced logging for ALLOWED_ROOT_DIRECTORY configuration status.
- Adjusted route handlers to utilize the new workspace directory logic.
- Introduced a centralized storage module for localStorage operations to improve consistency and error handling.
These changes aim to enhance security and maintainability by consolidating directory management into a single variable.
Tests: All unit tests passing.
This commit replaces direct file system operations with a secure file system adapter to enhance security by enforcing path validation. The changes include:
- Replaced `fs` imports with `secureFs` in various services and utilities.
- Updated file operations in `agent-service`, `auto-mode-service`, `feature-loader`, and `settings-service` to use the secure file system methods.
- Ensured that all file I/O operations are validated against the ALLOWED_ROOT_DIRECTORY.
This refactor aims to prevent unauthorized file access and improve overall security posture.
Tests: All unit tests passing.
🤖 Generated with Claude Code
This fixes a critical security issue where path parameters from client requests
were not validated against ALLOWED_ROOT_DIRECTORY, allowing attackers to access
files and directories outside the configured root directory.
Changes:
- Add validatePath() checks to 29 route handlers that accept path parameters
- Validate paths in agent routes (workingDirectory, imagePaths)
- Validate paths in feature routes (projectPath)
- Validate paths in worktree routes (projectPath, worktreePath)
- Validate paths in git routes (projectPath, filePath)
- Validate paths in auto-mode routes (projectPath, worktreePath)
- Validate paths in settings/suggestions routes (projectPath)
- Return 403 Forbidden for paths outside ALLOWED_ROOT_DIRECTORY
- Maintain backward compatibility (unrestricted when env var not set)
Security Impact:
- Prevents directory traversal attacks
- Prevents unauthorized file access
- Prevents arbitrary code execution via unvalidated paths
All validation follows the existing pattern in fs routes and session creation,
using the validatePath() function from lib/security.ts which checks against
both ALLOWED_ROOT_DIRECTORY and DATA_DIR (appData).
Tests: All 653 unit tests passing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Removed all references to OPENAI_API_KEY and GOOGLE_API_KEY since only
Claude (Anthropic) provider is implemented. These were placeholder references
for future providers that don't exist yet.
Changes:
- Removed OPENAI_API_KEY and GOOGLE_API_KEY from docker-compose.yml
- Removed from .env and .env.example files
- Updated setup/routes/store-api-key.ts to only support anthropic
- Updated setup/routes/delete-api-key.ts to only support anthropic
- Updated setup/routes/api-keys.ts to only return anthropic key status
- Updated models/routes/providers.ts to only list anthropic provider
- Updated auto-mode-service.ts error message to only reference ANTHROPIC_API_KEY
Backend test results: 653/653 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Removed all references to WORKSPACE_DIR environment variable to simplify
configuration. The system now uses exclusively ALLOWED_ROOT_DIRECTORY
for controlling the root directory where projects can be accessed.
Changes:
- Removed WORKSPACE_DIR from security.ts initialization
- Updated workspace/routes/directories.ts to require ALLOWED_ROOT_DIRECTORY
- Updated workspace/routes/config.ts to require ALLOWED_ROOT_DIRECTORY
- Updated apps/ui/src/main.ts to use ALLOWED_ROOT_DIRECTORY instead of WORKSPACE_DIR
- Updated .env file to reference ALLOWED_ROOT_DIRECTORY
- Removed WORKSPACE_DIR test from security.test.ts
Backend test results: 653/653 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit consolidates directory security from two environment variables
(WORKSPACE_DIR, ALLOWED_PROJECT_DIRS) into a single ALLOWED_ROOT_DIRECTORY variable
while maintaining backward compatibility.
Changes:
- Re-enabled path validation in security.ts (was previously disabled)
- Implemented isPathAllowed() to check ALLOWED_ROOT_DIRECTORY with DATA_DIR exception
- Added backward compatibility for legacy ALLOWED_PROJECT_DIRS and WORKSPACE_DIR
- Implemented path traversal protection via isPathWithinDirectory() helper
- Added PathNotAllowedError custom exception for security violations
- Updated all FS route endpoints to validate paths and return 403 on violation
- Updated template clone endpoint to validate project paths
- Updated workspace config endpoints to use ALLOWED_ROOT_DIRECTORY
- Fixed stat() response property access bug in project-init.ts
- Updated security tests to expect actual validation behavior
Security improvements:
- Path validation now enforced at all layers (routes, project init, agent services)
- appData directory (DATA_DIR) always allowed for settings/credentials
- Backward compatible with existing ALLOWED_PROJECT_DIRS/WORKSPACE_DIR configurations
- Protection against path traversal attacks
Backend test results: 654/654 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit addresses CodeRabbit feedback from PR #186 by adding detailed
documentation to all public APIs in the settings module:
**Server-side documentation:**
- SettingsService class: 12 public methods with parameter and return types
- Settings types (settings.ts): All type aliases, interfaces, and constants
documented with usage context
- Route handlers (8 endpoints): Complete endpoint documentation with request/response
schemas
- Automaker paths utilities: All 13 path resolution functions fully documented
**Client-side documentation:**
- useSettingsMigration hook: Migration flow and state documented
- Sync functions: Three sync helpers (settings, credentials, project) with usage guidelines
- localStorage constants: Clear documentation of migration keys and cleanup strategy
All docstrings follow JSDoc format with:
- Purpose and behavior description
- Parameter documentation with types
- Return value documentation
- Usage examples where applicable
- Cross-references between related functions
This improves code maintainability, IDE autocomplete, and developer onboarding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add comprehensive unit tests for SettingsService, covering global and project settings management, including creation, updates, and merging with defaults.
- Implement tests for handling credentials, ensuring proper masking and merging of API keys.
- Introduce tests for migration from localStorage, validating successful data transfer and error handling.
- Enhance error handling in subprocess management tests, ensuring robust timeout and output reading scenarios.
- Add SettingsService to handle reading/writing global and project settings.
- Introduce API routes for managing settings, including global settings, credentials, and project-specific settings.
- Implement migration functionality to transfer settings from localStorage to file-based storage.
- Create common utilities for settings routes and integrate logging for error handling.
- Update server entry point to include new settings routes.
- Add POST /features/generate-title endpoint using Claude Haiku
- Generate concise titles (5-10 words) from feature descriptions
- Display titles in kanban cards with loading state
- Add optional title field to add/edit feature dialogs
- Auto-generate titles when description provided but title empty
- Add 'Pull & Resolve Conflicts' action to worktree dropdown
- Show running agents count in board header (X / Y format)
- Update Feature interface to include title and titleGenerating fields
- Added tests to ensure mkdirSafe handles ELOOP and EEXIST errors gracefully.
- Implemented checks for existsSafe to return true for ELOOP errors and throw for other errors.
- Improved overall robustness of filesystem utility tests.
Security fixes:
- Enhanced branch name sanitization for cross-platform filesystem safety
(handles Windows-invalid chars, reserved names, path length limits)
- Added branch name validation in pr-info.ts to prevent command injection
- Sanitized prUrl in kanban-card to only allow http/https URLs
Code quality improvements:
- Fixed placeholder issue where {owner}/{repo} was passed literally to gh api
- Replaced async forEach with Promise.all for proper async handling
- Display PR number extracted from URL in kanban cards
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Provide Docker Compose configuration allowing users to run Automaker
in complete isolation from their host filesystem, addressing security
concerns about AI agents having direct system access.
- Added a new route for fetching PR info, allowing users to retrieve details about existing pull requests associated with worktrees.
- Updated the create PR handler to store metadata for existing PRs and handle cases where a PR already exists.
- Enhanced the UI components to display PR information, including a new button to address PR comments directly from the worktree panel.
- Improved the overall user experience by integrating PR state indicators and ensuring seamless interaction with the GitHub CLI for PR management.
- Added a function to ensure that a git repository has at least one commit before executing worktree commands. This function creates an empty initial commit with a predefined message if the repository is empty.
- Updated the create route handler to call this function, ensuring smooth operation when adding worktrees to repositories without existing commits.
- Introduced integration tests to verify the creation of the initial commit when no commits are present in the repository.
- Updated branchName assignment to use nullish coalescing, ensuring that unassigned features are correctly set to null instead of an empty string. This change improves the handling of feature states during the update process.
- Modified test descriptions to clarify when worktrees are created during feature addition and editing.
- Updated assertions to verify that worktrees and branches are created as expected when features are added or edited.
- Enhanced test logic to ensure accurate verification of worktree existence and branch creation, reflecting recent changes in worktree management.
- Consolidated imports in session-manager.tsx for cleaner code.
- Improved state initialization formatting for better readability.
- Updated board-view.tsx to enhance feature management, including the use of refs to track running tasks and prevent unnecessary effect re-runs.
- Added affectedFeatureCount prop to DeleteWorktreeDialog for better user feedback on feature assignments.
- Refactored useBoardActions to ensure worktrees are created when features are added or updated, improving overall workflow efficiency.
Context files from .automaker/context/ (CLAUDE.md, CODE_QUALITY.md, etc.)
are now passed as system prompt instead of prepending to user prompt.
This ensures the agent follows project-specific rules like package manager
preferences (pnpm vs npm) and coding conventions.
Changes:
- Add getContextDir() utility to automaker-paths.ts
- Add loadContextFiles() method to load .md/.txt files from context dir
- Pass context as systemPrompt in executeFeature() and followUpFeature()
- Add debug logging to confirm system prompt is provided
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When executeFeatureWithContext calls executeFeature with a continuation
prompt, skip the context existence check to avoid the loop:
executeFeature -> resumeFeature -> executeFeatureWithContext -> executeFeature
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When executeFeatureWithContext calls executeFeature with a continuation
prompt, skip the context existence check to avoid the loop:
executeFeature -> resumeFeature -> executeFeatureWithContext -> executeFeature
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added comprehensive tests for the `specToXml` function, covering various scenarios including minimal specs, XML escaping, and optional sections.
- Updated tests for `getStructuredSpecPromptInstruction` and `getAppSpecFormatInstruction` to ensure they return valid instructions.
- Refactored automaker paths tests to use `path.join` for cross-platform compatibility, ensuring correct directory paths are generated.
- Cleaned up the code by removing the comment on maxTurns, which previously explained the increase from quick to standard. The value remains set to MAX_TURNS.extended.
- Introduced a TypeScript interface for structured specification output to standardize project details.
- Added a JSON schema for reliable parsing of structured output.
- Implemented XML conversion for structured specifications, ensuring comprehensive project representation.
- Updated spec generation options to include output format configuration.
- Enhanced prompt instructions for generating specifications to improve clarity and completeness.
- Enhanced instructions for generating app specifications to clarify XML output requirements.
- Updated permission mode in spec generation options to ensure read-only access.
- Improved logging to capture XML content extraction and handle potential issues with incomplete responses.
- Ensured that only valid XML is saved, avoiding conversational text from the response.
Merge latest features from main including:
- PR #161 (worktree-confusion): Clarified branch handling in dialogs
- PR #160 (speckits-rebase): Planning mode functionality
Resolved conflicts:
- add-feature-dialog.tsx: Combined TanStack Router navigation with branch selection state
- worktree-integration.spec.ts: Updated tests for new worktree behavior (created at execution time)
- package-lock.json: Regenerated after merge
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix unknown status bypassing worktree filtering in use-board-column-features.ts
- Remove unused props projectPath and onWorktreeCreated from use-board-drag-drop.ts
- Fix test expecting worktreePath during edit (worktrees created at execution time)
- Remove unused setAutoModeRunning from dependency array
- Remove unused imports (BranchAutocomplete, cn)
- Fix htmlFor accessibility issue in branch-selector.tsx
- Remove empty finally block in resume-feature.ts
- Remove duplicate setTimeout state reset in create-pr-dialog.tsx
- Consolidate duplicate state reset logic in context-view.tsx
- Simplify branch name defaulting logic in use-board-actions.ts
- Fix branchName reset to null when worktree is deleted
- Refactored DialogContent component to use forwardRef for better integration with refs.
- Enhanced auto mode service by introducing an auto loop for processing features concurrently.
- Updated error handling and feature management logic to streamline operations.
- Cleaned up code formatting and improved readability across various components and services.
- Added new RadioGroup and Switch components for better UI interaction.
- Introduced BranchSelector for improved branch selection in feature dialogs.
- Updated Autocomplete and BranchAutocomplete components to handle error states.
- Refactored feature management to archive verified features instead of deleting them.
- Enhanced worktree handling by removing worktreePath from features, relying on branchName instead.
- Improved auto mode functionality by integrating branch management and worktree updates.
- Cleaned up unused code and optimized existing logic for better performance.
- Updated MAX_TURNS to allow for more iterations in suggestion generation: quick (5 to 50), standard (20 to 100), and extended (50 to 250).
- Introduced a JSON schema for structured output in suggestions, improving the format and consistency of generated suggestions.
- Modified the generateSuggestions function to utilize structured output when available, with a fallback to text parsing for compatibility.
This enhances the suggestion generation process, allowing for more thorough exploration and better output formatting.
