* feat: introduce notification system and claude notifications
* fix(sw): prevent caching of API requests and WebSocket upgrades
* default to false for webpush notifications and translations for the button
* fix: notifications orchestrator and add a notification when first enabled
* fix: remove unused state update and dependency in settings controller hook
* fix: show notifications settings tab
* fix: add notifications for response completion for all providers
* feat: show session name in notification and don't reload tab on clicking
--- the notification
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Haileyesus <something@gmail.com>
* fix(security): prevent shell injection in WebSocket handler and harden auth
- Replace hardcoded JWT secret with auto-generated per-installation secret
- Add database validation to WebSocket authentication
- Add token expiration (7d) with auto-refresh
- Validate projectPath and sessionId in shell handler
- Use cwd instead of shell string interpolation for project paths
- Add CORS exposedHeaders for token refresh
* fix: small fix on languages
Implement comprehensive API key management functionality including
generation, validation, and CRUD operations.
Changes:
- Add API key database schema and operations (create, validate, delete,
toggle)
- Generating a commit message will now work properly with claude sdk and cursor cli and return a suggested commit message
- Implement crypto-based key generation with 'ck_' prefix
- Add session ID tracking in claude-sdk.js and cursor-cli.js
- Update database layer with API key validation and last_used tracking
- Support multi-user API key management with user association
This enables secure programmatic access to the agent service
