* Changes from feature/worktree-view-customization
* Feature: Git sync, set-tracking, and push divergence handling (#796)
* Add quick-add feature with improved workflows (#802)
* Changes from feature/quick-add
* feat: Clarify system prompt and improve error handling across services. Address PR Feedback
* feat: Improve PR description parsing and refactor event handling
* feat: Add context options to pipeline orchestrator initialization
* fix: Deduplicate React and handle CJS interop for use-sync-external-store
Resolve "Cannot read properties of null (reading 'useState')" errors by
deduplicating React/react-dom and ensuring use-sync-external-store is
bundled together with React to prevent CJS packages from resolving to
different React instances.
* Changes from feature/worktree-view-customization
* refactor: Remove unused worktree swap and highlight props
* refactor: Consolidate feature completion logic and improve thinking level defaults
* feat: Increase max turn limit to 10000
- Update DEFAULT_MAX_TURNS from 1000 to 10000 in settings-helpers.ts and agent-executor.ts
- Update MAX_ALLOWED_TURNS from 2000 to 10000 in settings-helpers.ts
- Update UI clamping logic from 2000 to 10000 in app-store.ts
- Update fallback values from 1000 to 10000 in use-settings-sync.ts
- Update default value from 1000 to 10000 in DEFAULT_GLOBAL_SETTINGS
- Update documentation to reflect new range: 1-10000
Allows agents to perform up to 10000 turns for complex feature execution.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: Add model resolution, improve session handling, and enhance UI stability
* refactor: Remove unused sync and tracking branch props from worktree components
* feat: Add PR number update functionality to worktrees. Address pr feedback
* feat: Optimize Gemini CLI startup and add tool result tracking
* refactor: Improve error handling and simplify worktree task cleanup
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
- Modified tests to navigate directly to the dashboard instead of the welcome view, ensuring a smoother project selection process.
- Updated project name verification to check against the sidebar button instead of multiple elements.
- Added logic to expand the sidebar if collapsed, improving visibility for project names during tests.
- Adjusted test assertions to reflect changes in the UI structure, including the introduction of the dashboard view.
- Added a new function `waitForSplashScreenToDisappear` to manage splash screen visibility, ensuring it does not block user interactions.
- Integrated splash screen checks in various navigation functions and interaction methods to enhance user experience by waiting for the splash screen to disappear before proceeding.
- Updated test setup to disable the splash screen during tests for consistent testing behavior.
- Added deterministic API key and environment variables in e2e-tests.yml to ensure consistent test behavior.
- Refactored CodexProvider tests to improve type safety and mock handling, ensuring reliable test execution.
- Updated provider-factory tests to mock installation detection for CodexProvider, enhancing test isolation.
- Adjusted Playwright configuration to conditionally use external backend, improving flexibility in test environments.
- Enhanced kill-test-servers script to handle external server scenarios, ensuring proper cleanup of test processes.
These changes improve the reliability and maintainability of the testing framework, leading to a more stable development experience.
- Added `dev:test` script to package.json for streamlined testing without file watching.
- Introduced `kill-test-servers` script to ensure no existing servers are running on test ports before executing tests.
- Enhanced Playwright configuration to use mock agent for tests, ensuring consistent API responses and disabling rate limiting.
- Updated various test files to include authentication steps and handle login screens, improving reliability and reducing flakiness in tests.
- Added `global-setup` for e2e tests to ensure proper initialization before test execution.
- Added `authenticateForTests` utility to streamline API key authentication in tests, using a fallback for local testing.
- Updated context image test to include authentication step before navigation, ensuring proper session handling.
- Increased timeout for context view visibility to accommodate slower server responses.
- Introduced a test API key in the Playwright configuration for consistent testing environments.
- Changed instances of `waitForLoadState('networkidle')` to `waitForLoadState('load')` across multiple test files and utility functions to improve test reliability in applications with persistent connections.
- Added documentation to the e2e testing guide explaining the rationale behind using 'load' state instead of 'networkidle' to prevent timeouts and flaky tests.
- Added a mock for the `loadContextFiles` function to return an empty context by default, improving test reliability.
- Updated the agent-service test suite to ensure proper initialization of the `AgentService` with mocked dependencies.
These changes aim to enhance the test coverage and stability of the agent-service functionality.
This commit consolidates directory security from two environment variables
(WORKSPACE_DIR, ALLOWED_PROJECT_DIRS) into a single ALLOWED_ROOT_DIRECTORY variable
while maintaining backward compatibility.
Changes:
- Re-enabled path validation in security.ts (was previously disabled)
- Implemented isPathAllowed() to check ALLOWED_ROOT_DIRECTORY with DATA_DIR exception
- Added backward compatibility for legacy ALLOWED_PROJECT_DIRS and WORKSPACE_DIR
- Implemented path traversal protection via isPathWithinDirectory() helper
- Added PathNotAllowedError custom exception for security violations
- Updated all FS route endpoints to validate paths and return 403 on violation
- Updated template clone endpoint to validate project paths
- Updated workspace config endpoints to use ALLOWED_ROOT_DIRECTORY
- Fixed stat() response property access bug in project-init.ts
- Updated security tests to expect actual validation behavior
Security improvements:
- Path validation now enforced at all layers (routes, project init, agent services)
- appData directory (DATA_DIR) always allowed for settings/credentials
- Backward compatible with existing ALLOWED_PROJECT_DIRS/WORKSPACE_DIR configurations
- Protection against path traversal attacks
Backend test results: 654/654 passing ✅🤖 Generated with Claude Code
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
The index route (/) now shows WelcomeView instead of auto-redirecting
to board view. Updated test utilities to navigate directly to the
correct routes:
- navigateToBoard -> /board
- navigateToContext -> /context
- navigateToSpec -> /spec
- navigateToAgent -> /agent
- navigateToSettings -> /settings
- waitForBoardView -> navigates to /board first
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
