Implement PTY session persistence with 30-minute timeout for shell reconnection. Sessions are now keyed by project path and session ID, preserving terminal state across UI disconnections with buffered output replay.
Refactor Shell component to use refs for stable prop access, removing unnecessary isActive prop and improving WebSocket connection lifecycle management. Replace conditional rendering with early returns in MainContent for better performance.
Add directory handling in git operations: support discarding, diffing, and viewing directories in untracked files. Prevent errors when staging or generating commit messages for directories.
Extract LoginModal into reusable component for Claude and Cursor CLI authentication. Add minimal mode to StandaloneShell for embedded use cases. Update Settings to use new LoginModal component.
Improve terminal dimensions handling by passing client-provided cols and rows to PTY spawn. Add comprehensive logging for session lifecycle and API operations.
Add new project creation wizard component with improved user experience
and better input field interactions. Integrate projects API routes on
the backend to support CRUD operations for project management.
Changes include:
- Add ProjectCreationWizard component with step-by-step project setup
- Improve input hint visibility to hide when user starts typing
- Refactor project creation state management in Sidebar component
- Add ReactDOM import for portal-based wizard rendering
The wizard provides a more intuitive onboarding experience for users
creating new projects, while the enhanced input hints reduce visual
clutter during active typing.
Add global settings integration and persistent user preferences for
the code editor. Settings are now stored in localStorage and persist
across sessions.
Changes:
- Add theme, word wrap, minimap, line numbers, and font size settings
- Load editor preferences from localStorage on initialization
- Expose global openSettings function for cross-component access
- Add settingsInitialTab state to control which settings tab opens
- Pass initialTab prop to Settings component for navigation
This improves UX by remembering user preferences and allows other
components to open settings to specific tabs programmatically.
Enhance the robustness of GitHub URL parsing and branch name
generation with better regex patterns and edge case handling.
Changes:
- Update GitHub URL regex to use non-greedy matching and anchored
.git suffix detection for more precise parsing
- Replace string-based .git removal with regex-based end anchor
- Add comprehensive validation for empty branch names with fallback
- Implement proper length calculation accounting for timestamp suffix
- Add final regex validation to ensure branch names meet safety
requirements
- Improve edge case handling for hyphens after truncation
- Add deterministic fallback for invalid branch name patterns
These changes prevent potential parsing errors with malformed URLs
and ensure generated branch names always meet Git naming conventions.
Added createBranch and createPR options to the agent API endpoint, enabling automatic branch creation and pull request generation after successful agent task completion. Branch names are auto-generated from the agent message, and PR titles/descriptions are auto-generated from commit messages. This streamlines CI/CD workflows by eliminating manual Git operations after agent runs.
Add merge view and minimap extensions to CodeMirror for enhanced code
editing capabilities. Increase Express JSON and URL-encoded payload
limits from default (100kb) to 50mb to support larger file operations
and git diffs.
Implement comprehensive API key management functionality including
generation, validation, and CRUD operations.
Changes:
- Add API key database schema and operations (create, validate, delete,
toggle)
- Generating a commit message will now work properly with claude sdk and cursor cli and return a suggested commit message
- Implement crypto-based key generation with 'ck_' prefix
- Add session ID tracking in claude-sdk.js and cursor-cli.js
- Update database layer with API key validation and last_used tracking
- Support multi-user API key management with user association
This enables secure programmatic access to the agent service
* feat: Add token budget tracking and multiple improvements
## Features
- **Token Budget Visualization**: Added real-time token usage tracking with pie chart display showing percentage used (blue < 50%, orange < 75%, red ≥ 75%)
- **Show Thinking Toggle**: Added quick settings option to show/hide reasoning sections in messages
- **Cache Clearing Utility**: Added `/clear-cache.html` page for clearing service workers, caches, and storage
## Improvements
- **Package Upgrades**: Migrated from deprecated `xterm` to `@xterm/*` scoped packages
- **Testing Setup**: Added Playwright for end-to-end testing
- **Build Optimization**: Implemented code splitting for React, CodeMirror, and XTerm vendors to improve initial load time
- **Deployment Scripts**: Added `scripts/start.sh` and `scripts/stop.sh` for cleaner server management with automatic port conflict resolution
- **Vite Update**: Upgraded Vite from 7.0.5 to 7.1.8
## Bug Fixes
- Fixed static file serving to properly handle routes vs assets
- Fixed session state reset to preserve token budget on initial load
- Updated default Vite dev server port to 5173 (Vite's standard)
## Technical Details
- Token budget is parsed from Claude CLI `modelUsage` field in result messages
- Budget updates are sent via WebSocket as `token-budget` events
- Calculation includes input, output, cache read, and cache creation tokens
- Token budget state persists during active sessions but resets on session switch
* feat: Add session processing state persistence
Fixes issue where "Thinking..." banner and stop button disappear when
switching between sessions. Users can now navigate freely while Claude
is processing without losing the ability to monitor or stop the session.
Features:
- Processing state tracked in processingSessions Set (App.jsx)
- Backend session status queries via check-session-status WebSocket message
- UI state (banner + stop button) restored when returning to processing sessions
- Works after page reload by querying backend's authoritative process maps
- Proper cleanup when sessions complete in background
Backend Changes:
- Added sessionId to claude-complete, cursor-result, session-aborted messages
- Exported isClaudeSessionActive, isCursorSessionActive helper functions
- Exported getActiveClaudeSessions, getActiveCursorSessions for status queries
- Added check-session-status and get-active-sessions WebSocket handlers
Frontend Changes:
- processingSessions state tracking in App.jsx
- onSessionProcessing/onSessionNotProcessing callbacks
- Session status check on session load and switch
- Completion handlers only update UI if message is for current session
- Always clean up processing state regardless of which session is active
* feat: Make context window size configurable via environment variables
Removes hardcoded 160k token limit and makes it configurable through
environment variables. This allows easier adjustment for different
Claude models or use cases.
Changes:
- Added CONTEXT_WINDOW env var for backend (default: 160000)
- Added VITE_CONTEXT_WINDOW env var for frontend (default: 160000)
- Updated .env.example with documentation
- Replaced hardcoded values in token usage calculations
- Replaced hardcoded values in pie chart display
Why 160k? Claude Code reserves ~40k tokens for auto-compact feature,
leaving 160k available for actual usage from the 200k context window.
* fix: Decode HTML entities in chat message display
HTML entities like < and > were showing as-is instead of being
decoded to < and > characters. Added decodeHtmlEntities helper function
to properly display angle brackets and other special characters.
Applied to:
- Regular message content
- Streaming content deltas
- Session history loading
- Both string and array content types
* refactor: Align package.json with main branch standards
- Revert to main branch's package.json scripts structure
- Remove custom scripts/start.sh and scripts/stop.sh
- Update xterm dependencies to scoped @xterm packages (required for code compatibility)
- Replace xterm with @xterm/xterm
- Replace xterm-addon-fit with @xterm/addon-fit
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: Replace CLI implementation with Claude Agents SDK
This commit completes the migration to the Claude Agents SDK, removing the legacy CLI-based implementation and making the SDK the exclusive integration method.
Changes:
- Remove claude-cli.js legacy implementation
- Add claude-sdk.js with full SDK integration
- Remove CLAUDE_USE_SDK feature flag (SDK is now always used)
- Update server/index.js to use SDK functions directly
- Add .serena/ to .gitignore for AI assistant cache
Benefits:
- Better performance (no child process overhead)
- Native session management with interrupt support
- Cleaner codebase without CLI/SDK branching
- Full feature parity with previous CLI implementation
- Maintains compatibility with Cursor integration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update server/claude-sdk.js
Whoops. This is correct.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update server/index.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Left my test code in, but that's fixed.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: Prevent stale token-usage data from updating state on session switch
- Add AbortController to cancel in-flight token-usage requests when session/project changes
- Capture session/project IDs before fetch and verify they match before updating state
- Handle AbortError gracefully without logging as error
- Prevents race condition where old session data overwrites current session's token budget
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update src/components/TokenUsagePie.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* feat: Implement slash command menu with fixed positioning and dark mode support
- Add CommandMenu component with grouped command display
- Implement command routes for listing, loading, and executing commands
- Add command parser utility for argument and file processing
- Fix menu positioning using fixed positioning relative to viewport
- Add dark mode support with proper text contrast
- Preserve metadata badge colors in dark mode
- Support built-in, project, and user-level commands
- Add keyboard navigation and selection
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update server/index.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update server/utils/commandParser.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update server/routes/commands.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update src/components/ChatInterface.jsx
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update server/index.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update server/utils/commandParser.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: Add responsive width constraints to CommandMenu
- Use min() function to cap width at viewport - 32px
- Add maxWidth constraint for better mobile support
- Update package-lock.json with new dependencies
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Security and stability improvements for command execution and file operations
Security Fixes:
- Replace blocking fs.existsSync/readFileSync with async fs.promises.readFile in token usage endpoint
- Implement comprehensive command injection protection using shell-quote parser
- Validate commands against exact allowlist matches (no dangerous prefix matching)
- Detect and block shell operators (&&, ||, |, ;, etc.) and metacharacters
- Execute commands with execFile (shell: false) to prevent shell interpretation
- Add argument validation to reject dangerous characters
Bug Fixes:
- Remove premature handleCommandSelect call from selectCommand to prevent double-counting usage
- Add block scoping to 'session-aborted' switch case to prevent variable conflicts
- Fix case fall-through by properly scoping const declarations with braces
Technical Details:
- server/index.js: Replace sync file ops with await fsPromises.readFile()
- server/utils/commandParser.js: Complete security overhaul with shell-quote integration
- src/components/ChatInterface.jsx: Command selection now only inserts text, execution happens on send
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Wrap orphaned token-usage endpoint code in proper async handler
- Fixed syntax error caused by orphaned code at lines 1097-1114
- Added proper app.get endpoint definition for token-usage API
- Wrapped code in async (req, res) handler with authentication middleware
- Preserves all security features (async file reads, path validation)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* security: Add path traversal protection to file operation endpoints
- Constrain file reads to project root directory
- Constrain binary file serving to project root
- Constrain file writes to project root
- Use extractProjectDirectory to get actual project path
- Validate resolved paths start with normalized project root
- Prevent authenticated users from accessing files outside their projects
Fixes path traversal vulnerability in:
- GET /api/projects/:projectName/file (read endpoint)
- GET /api/projects/:projectName/files/content (binary serve endpoint)
- PUT /api/projects/:projectName/file (save endpoint)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Use WebSocket.OPEN constant instead of instance properties
- Import WebSocket from 'ws' library
- Change all instances from client.OPEN/ws.OPEN to WebSocket.OPEN
- Fixed 4 occurrences: lines 111, 784, 831, 868
- Ensures correct WebSocket state checking using library constant
Addresses CodeRabbit security review feedback.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Improve token usage tracking and fix race conditions
- Use cumulative tokens from SDK instead of per-request tokens for accurate session totals
- Add configurable context window budget via CONTEXT_WINDOW env var (default 160000)
- Fix race condition where stale token usage data could overwrite current session data
- Replace polling with one-time fetch on session load + post-message update
- Add comprehensive debug logging for token budget flow
- Show token percentage on all screen sizes (remove sm:inline hiding)
- Add .mcp.json to .gitignore
- Add ARCHITECTURE.md and slash-command-tasks.md documentation
Technical improvements:
- Token budget now fetched after message completion instead of WebSocket
- Removed interval polling that could conflict with WebSocket updates
- Added session/project validation before updating state
- Improved input placeholder to wrap on small screens
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Improve CommandMenu positioning for mobile devices
- Add responsive positioning logic that detects mobile screens (< 640px)
- On mobile: Position menu from bottom (80px above input) with full width
- On desktop: Use calculated top position with boundary checks
- Ensure menu stays within viewport on all screen sizes
- Use Math.max/min to prevent menu from going off-screen
- Apply consistent positioning to both empty and populated menu states
Technical changes:
- Add getMenuPosition() function to calculate responsive styles
- Mobile: bottom-anchored, full-width with 16px margins
- Desktop: top-anchored with viewport boundary constraints
- Spread menuPosition styles into both menu render cases
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Add click-outside detection and improve CommandMenu positioning
- Add useEffect hook to detect clicks outside the menu and close it
- Fix mobile positioning to use calculated position from textarea instead of hardcoded bottom value
- Ensure menu appears just above the input on mobile with proper spacing
- Keep full-width layout on mobile screens (< 640px)
- Maintain viewport boundary checks on both mobile and desktop
Technical changes:
- Add mousedown event listener to document when menu is open
- Check if click target is outside menuRef and call onClose
- Remove hardcoded `bottom: '80px'` in favor of calculated `top` position
- Use Math.max to ensure menu stays at least 16px from top edge
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* debug: Add console logging and improve mobile positioning logic
- Add console logs to debug positioning and rendering
- Improve mobile positioning with better space calculations
- Check if there's enough space above textarea before positioning
- Position from top of viewport if insufficient space above input
- Ensure menu stays within visible viewport boundaries
Debugging additions:
- Log isOpen, commandsLength, position, and menuPosition
- Log mobile positioning calculations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Use bottom positioning for CommandMenu on mobile
- Change mobile positioning from top-based to bottom-based (90px from bottom)
- This ensures menu always appears just above input, regardless of keyboard state
- Add maxHeight: '50vh' to prevent menu from taking up too much space
- Remove complex position calculations that didn't work well with mobile keyboard
- Remove debug console.log statements
- Menu now correctly appears above input on all mobile screen sizes
Technical changes:
- Mobile: Use fixed bottom positioning instead of calculated top
- Desktop: Continue using top positioning for consistency
- Simplified positioning logic for better maintainability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Filter Invalid API key messages from session titles
API error messages were appearing as session titles because they come
from assistant messages with isApiErrorMessage flag, but the filter
only checked user messages. Updated assistant message handling to:
- Skip messages with isApiErrorMessage: true flag
- Filter messages starting with "Invalid API key"
Also improved session title logic to prefer last user message over
last assistant message for better context.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Fix Temporal Dead Zone error by reordering function declarations
Reordered function declarations in ChatInterface.jsx to resolve ReferenceError
where executeCommand tried to call handleBuiltInCommand and handleCustomCommand
before they were initialized.
- Moved handleBuiltInCommand before executeCommand (now at line 1441)
- Moved handleCustomCommand before executeCommand (now at line 1533)
- executeCommand now at line 1564, after its dependencies
This fixes the "cannot access uninitialized variable" error that was preventing
the chat interface from loading.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Improve session handling, message routing, and mobile UX
Session Handling:
- Fix new session message routing by allowing messages through when currentSessionId is null
- Improve claude-complete event handling to update UI state for new sessions
- Add session loading ref to prevent duplicate scroll triggers during session switches
- Add extensive debug logging in claude-sdk.js to track session lifecycle
Mobile UX:
- Only close sidebar on mobile when switching between different projects
- Keep sidebar open when clicking sessions within the same project
- Add project context to session objects for better tracking
Command Execution:
- Auto-submit commands to Claude for processing after selection
- Set command content in input and programmatically submit form
Scroll Behavior:
- Fix scroll behavior during session loading with isLoadingSessionRef
- Prevent double-scroll effect when switching sessions
- Ensure smooth scroll to bottom after messages fully render
Message Filtering:
- Update global message types to include 'claude-complete'
- Allow messages through for new sessions (when currentSessionId is null)
- Improve session-specific message filtering logic
Dependencies:
- Update @esbuild/darwin-arm64 to direct dependency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Improve session handling, message routing, and mobile UX
- Remove stale Playwright debug files (.playwright-mcp/)
- Clean up slash-command-fix-progress.md tracking file
- Improve session switching stability in ClaudeStatus component
- Fix message routing to ensure responses go to correct session
- Enhance mobile UX for CommandMenu with better positioning
- Stabilize sidebar session management
- Fix Temporal Dead Zone errors in ChatInterface
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Filter sessions containing Task Master subtask JSON from session list
- Change filtering from startsWith to includes for {"subtasks": pattern
- Apply filtering in parseJsonlSessions (line 781) for JSONL parsing
- Apply filtering in getSessions (line 630) before returning to API
- Fix inconsistent filter logic - use OR pattern for both user and assistant messages
- Add filtering for "CRITICAL: You MUST respond with ONLY a JSON" messages
- Prevents Task Master JSON responses from appearing as session titles in sidebar
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Filter JSON response sessions from session list
- Change session filtering to use general pattern `startsWith('{ "')`
- Catches all Task Master JSON responses (subtasks, complexity analysis, tasks)
- Apply filter in both parseJsonlSessions() and getSessions() functions
- Prevents JSON responses from appearing as session titles in UI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update websocket.js
* Update projects.js
* Update CommandMenu.jsx
---------
Co-authored-by: viper151 <simosmik@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Updated ClaudeStatus component to accept a provider prop for better flexibility.
- Added CursorLogo component for displaying cursor sessions.
- Modified MainContent to conditionally display session names based on provider.
- Updated Shell component to show session names and summaries based on provider.
- Enhanced Sidebar to handle both Claude and Cursor sessions, including sorting and displaying session icons.
- Introduced new ToolsSettings functionality to manage tools for both Claude and Cursor, including allowed and disallowed commands.
- Implemented fetching and saving of Cursor-specific settings and commands.
- Added UI elements for managing Cursor tools, including permission settings and command lists.
