* Add platform-specific installation steps for Node.js and Python, update `package-lock.json` dependencies * Implement comprehensive GitLab API integration, including handlers for issues, merge requests, releases, and OAuth. * Integrate GitLab issues UI components and store logic with state management and hooks. * Expand GitLab integration: add support for task metadata, issue handling, enhanced API methods, and mocks adjustments. * feat: add GitLab settings UI panel and merge requests components Add the final pieces of the GitLab integration: - GitLabIntegration.tsx: Full settings panel with instance URL, OAuth/token auth, project selection, branch selector, and auto-sync toggle - gitlab-merge-requests/: Complete MR UI components (list, item, create dialog) - Updated SectionRouter, AppSettings, useProjectSettings to integrate GitLab settings section This completes the GitLab integration with full parity to GitHub. * fix: address GitLab integration code review issues - Add keyboard accessibility to IssueListItem and InvestigationDialog - Fix filterState sync in gitlab-store loadGitLabIssues - Add type validation for milestone state in issue-handlers - Update README with GitLab/Linear integration docs * refactor: use console.debug instead of console.warn for debug logging * fix: address additional code review issues - Add close button for error state in InvestigationDialog - Use !== undefined checks in MR updates to allow clearing fields - Read actual timestamps from metadata.json for existing specs * fix: clarify IPC success semantics and fix markdown formatting - Add comment explaining transport vs operation success distinction - Fix MD031 violations in README details sections * fix: use projectStore lookup in GitLab handlers and add sidebar entry - All GitLab IPC handlers now correctly lookup project from projectStore using projectId string (like GitHub handlers do) - Add GitLab Issues to sidebar navigation menu - Wire up GitLabIssues component in App.tsx * refactor: use const and helper for GitLab env keys (DRY/KISS) * docs: add TODO for GitLab MR UI integration * fix(gitlab): improve input validation and documentation - Document glab CLI OAuth authentication path in .env.example - Reduce recommended PAT scopes to minimal required (api only) - Add state parameter validation for merge request queries - Add debug logging for unknown milestone states * fix(gitlab): resolve black screen freeze on task launch - Convert sync file I/O to async in spec-utils.ts (fs/promises) - Add 30s timeout to gitlabFetch with AbortController - Fix preload API naming: getIssueNotes -> getGitLabIssueNotes * fix: use explicit locale for date formatting in GitLab spec-utils * fix(gitlab): persist gitlabEnabled toggle state - Add GITLAB_ENABLED env variable to persist disabled state - Update env-handlers to read/write GITLAB_ENABLED flag - Update getGitLabConfig to respect GITLAB_ENABLED=false - Prevents GitLab from auto-enabling when token exists * refactor(gitlab): convert getGitLabConfig to async - Replace sync fs calls (existsSync, readFileSync) with async equivalents - Add fileExists helper using fs/promises.access - Update all 12 callers to await getGitLabConfig - Prevents main process freeze during file I/O * fix(tasks): prevent deleted tasks from reappearing on tab change Main project specs directory is now the source of truth for task existence. Worktree tasks are only included if the spec also exists in main project. This prevents deleted tasks from "coming back" when worktrees aren't cleaned up. * fix: defensive null handling in MR transformer and use console.debug for routine logs - Add null/undefined checks in transformMergeRequest for author, assignees, labels - Use explicit undefined checks for optional MR creation options - Change console.warn to console.debug for worktree task loading * feat(i18n): add GitLab integration translations - Create gitlab.json locale files for EN and FR with 100+ translations - Register gitlab namespace in i18n configuration - Add gitlab section to projectSections in settings translations - Update all GitLab components to use useTranslation: - GitLabIssues.tsx - EmptyStates.tsx - IssueListHeader.tsx - IssueDetail.tsx - InvestigationDialog.tsx - GitLabIntegration.tsx (including all sub-components) * feat: add GitLab Merge Requests view with sidebar integration - Introduced `GitLabMergeRequests` component in `App.tsx` for displaying merge requests. - Added `gitlab-merge-requests` view type with sidebar navigation and shortcut "M". - Updated `i18n` for EN/FR to include translations for the new view. - Removed outdated TODOs from `gitlab-merge-requests` module, marking it as fully integrated. * fix(gitlab): address code review feedback from PR #254 Security fixes: - Replace execSync with execFileSync to prevent command injection - Escape regex characters in hostname to prevent ReDoS - Add safe type assertion for GitLab API responses - Validate milestones array before assignment Bug fixes: - Get issue count from X-Total header instead of array length - Fix race condition in MR creation (await fetchMergeRequests) - Remove unused hasCheckedRef variable - Add null checks for assignees and author fields Accessibility fixes: - Add accessible title to GitLab SVG icon - Add focus:opacity-100 to investigate button for keyboard users - Add aria-label to investigate button Code quality: - Fix missing ComponentType import in types - Use useCallback for fetchMergeRequests * feat(gitlab): add MR review infrastructure (handlers, hooks, store, API) Add foundation for GitLab Merge Request reviews: - Add MR review handlers (review, merge, assign, approve, cancel) - Add useGitLabMRs hook with full review state management - Add Zustand store for MR review state persistence - Add IPC channels for MR review operations - Add types for MR review (findings, results, progress) - Add preload API methods for renderer access - Fix layout to use w-1/2 for consistency with GitHub PRs - Update browser mocks for new API methods This is the infrastructure layer. UI components and Python runners will be added in follow-up commits. * feat(gitlab): add MR review UI, AutoFix, and Triage handlers - Add MRDetail component with full review functionality - Add ReviewFindings, FindingItem, FindingsSummary components - Add severity-config and useFindingSelection hook for GitLab - Update GitLabMergeRequests to use new useGitLabMRs hook - Add AutoFix handlers and Preload API for GitLab - Add Triage handlers and Preload API for GitLab - Add i18n translations for MR review (EN/FR) - Add types for AutoFix and Triage operations * feat(gitlab): add Python MR review runner Add GitLab automation runner for MR review functionality: - Create runners/gitlab/ directory structure - Add models.py with MRReviewFinding, MRReviewResult, MRContext - Add glab_client.py for GitLab API operations - Add services/mr_review_engine.py with review logic - Add orchestrator.py to coordinate review workflow - Add runner.py CLI entry point (review-mr, followup-review-mr) - Fix handler to use GitLab runner path instead of GitHub The runner supports: - Code review using Claude - Multi-file diff analysis - Finding severity and category classification - Follow-up reviews to track resolved/new issues - JSON result storage in .auto-claude/gitlab/mr/ * fix(gitlab): wire ipc api and rebase merge * fix(gitlab): clean warnings and harden config * fix(ui): unblock workspace modal typecheck * Harden GitLab config sanitization * Format GitLab runner code * style(gitlab): format Python runner files * fix(frontend): prevent false stuck detection for ai_review tasks Tasks in ai_review status were incorrectly showing "Task Appears Stuck" in the detail modal. This happened because the isRunning check included ai_review status, triggering stuck detection when no process was found. However, ai_review means "all subtasks completed, awaiting QA" - no build process is expected to be running. This aligns the detail modal logic with TaskCard which correctly only checks for in_progress status. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(beta-release): use tag-based versioning instead of modifying package.json Previously the beta-release workflow committed version changes to package.json on the develop branch, which caused two issues: 1. Permission errors (github-actions[bot] denied push access) 2. Beta versions polluted develop, making merges to main unclean Now the workflow creates only a git tag and injects the version at build time using electron-builder's --config.extraMetadata.version flag. This keeps package.json at the next stable version and avoids any commits to develop. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ollama): add packaged app path resolution for Ollama detector script The Ollama detection was failing in packaged builds because the Python script path resolution only checked development paths. In packaged apps, __dirname points to the app bundle, and the relative path "../../../backend" doesn't resolve correctly. Added process.resourcesPath for packaged builds (checked first via app.isPackaged) which correctly locates the backend scripts in the Resources folder. Also added DEBUG-only logging to help troubleshoot script location issues. Closes #129 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(paths): remove legacy auto-claude path fallbacks Replace all legacy 'auto-claude/' source path detection with 'apps/backend'. Services now validate paths using runners/spec_runner.py as the marker instead of requirements.txt, ensuring only valid backend directories match. - Remove legacy fallback paths from all getAutoBuildSourcePath() implementations - Add startup validation in index.ts to skip invalid saved paths - Update project-initializer to detect apps/backend for local dev projects - Standardize path detection across all services 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(frontend): address PR review feedback from Auto Claude and bots Fixes from PR #300 reviews: CRITICAL: - path-resolver.ts: Update marker from requirements.txt to runners/spec_runner.py for consistent backend detection across all files HIGH: - useTaskDetail.ts: Restore stuck task detection for ai_review status (CHANGELOG documents this feature) - TerminalGrid.tsx: Include legacy terminals without projectPath (prevents hiding terminals after upgrade) - memory-handlers.ts: Add packaged app path in OLLAMA_PULL_MODEL handler (fixes production builds) MEDIUM: - OAuthStep.tsx: Stricter profile slug sanitization (only allow alphanumeric and dashes) - project-store.ts: Fix regex to not truncate at # in code blocks (uses \n#{1,6}\s to match valid markdown headings only) - memory-service.ts: Add backend structure validation with spec_runner.py marker - subprocess-spawn.test.ts: Update test to use new marker pattern 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(frontend): validate empty profile slug after sanitization Add validation to prevent empty config directory path when profile name contains only special characters (e.g., "!!!"). Shows user-friendly error message requiring at least one letter or number. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: update package-lock Minor dependency update. * auto-claude: subtask-1-2 - Verify macOS build process bundles all dependencies Updated checkDepsInstalled() to verify BOTH claude_agent_sdk AND dotenv are importable. Previously, only claude_agent_sdk was checked, which could cause the app to skip reinstalling dependencies if some packages were missing (like python-dotenv). Fixes: #359 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: add z-10 to dialog close button to fix click handling (#379) The close button in DialogContent was missing z-index, causing it to be covered by content elements with relative positioning or overflow properties. This prevented clicks from reaching the button in modals like TaskCreationWizard. Added z-10 to match the pattern used in FullScreenDialogContent. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ui): show add project modal instead of opening file explorer directly The "+" button in the project tab bar was bypassing the AddProjectModal and directly opening a file explorer. Now it correctly shows the modal which gives users the choice between "Open Existing Project" and "Create New Project" with the full creation form flow. * feat(agent): add project setting to include CLAUDE.md in agent context Agents now read the project's CLAUDE.md file and include its instructions in the system prompt. This allows per-project customization of agent behavior. - Add useClaudeMd toggle to ProjectSettings (default: ON) - Pass USE_CLAUDE_MD env var from frontend to backend - Backend loads CLAUDE.md content when setting is enabled - Add i18n translations for EN and FR * refactor(python-env-manager): enhance dependency checks in checkDepsInstalled() Updated the checkDepsInstalled() method to verify all necessary dependencies for the backend, including claude_agent_sdk, dotenv, google.generativeai, and optional Graphiti dependencies for Python 3.12+. This change ensures users have all required packages installed, preventing broken functionality. Increased timeout for dependency checks to improve reliability. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(terminal): allow project switching shortcuts when terminal focused xterm.js was capturing all keyboard events when a terminal had focus, preventing Cmd/Ctrl+1-9 and Cmd/Ctrl+Tab shortcuts from reaching the window-level handlers in ProjectTabBar. Uses attachCustomKeyEventHandler to let these specific key combinations bubble up to the global handlers for project tab switching. * feat(deps): bundle Python packages at build time for instant app launch Eliminates runtime pip install failures that were causing user adoption issues. Python dependencies are now installed during build and bundled with the app. Changes: - Extended download-python.cjs to install packages and strip unnecessary files - Added site-packages to electron-builder extraResources - Updated PythonEnvManager to detect and use bundled packages via PYTHONPATH - Updated all spawn calls in agent files to include pythonEnv - Added python-runtime/** to eslint ignores The app now starts instantly without requiring pip install on first launch. Dev mode continues to work with venv-based setup as before. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(ui): add responsive terminal title width based on terminal count Terminal names now dynamically adjust their max-width based on how many terminals are displayed. With fewer terminals, titles can be wider (up to 256px with 1-2 terminals), and with more terminals they become narrower (down to 96px with 10-12 terminals) to ensure all header elements fit properly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ui): remove broken terminal buttons from task review The "Open Terminal" and "Open Project in Terminal" buttons in WorkspaceStatus and StagedSuccessMessage were creating PTY processes in the backend but not updating the Zustand store, causing terminals to not appear in the TerminalGrid UI. Instead of fixing the sync issue, removed the buttons entirely since users should use their preferred IDE or terminal application. Closes #99 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(ollama): add qwen3 embedding models with global download progress Add qwen3-embedding:4b (recommended/balanced), :8b (highest quality), and :0.6b (fastest) as new local embedding model options in both backend and frontend. Models display with visible badges indicating their purpose. Key changes: - Use Ollama HTTP API for downloads with proper NDJSON progress streaming - Create global download store (Zustand) to track downloads across app - Add floating GlobalDownloadIndicator that persists when navigating away - Fix model installation detection to match exact version tags (not base name) - Add indeterminate progress bar animation while waiting for events 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(startup): auto-migrate stale autoBuildPath from old project structure When the project moved from /auto-claude to /apps/backend structure, some developers' settings files retained the old path causing startup warnings. The app now auto-detects this pattern and migrates the setting on startup, saving the corrected path back to settings.json. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(agents): add phase-aware MCP server configuration and MCP Overview UI Implements phase-aware tool and MCP server configuration to reduce context window bloat and improve agent startup performance. Each agent phase now gets only the MCP servers and tools it needs. Key changes: - Add AGENT_CONFIGS registry in models.py as single source of truth - Add simple_client.py factory for utility operations (commit, merge, etc.) - Migrate 11 direct SDK clients to use factory pattern - Add get_required_mcp_servers() for dynamic server selection - Add Flutter/Dart support to command registry - Add MCP Overview sidebar tab showing servers/tools per agent phase - Fix followup_reviewer to use user's thinking level settings - Consolidate THINKING_BUDGET_MAP to phase_config.py (remove duplicate) MCP servers are now loaded conditionally: - Spec phases: minimal (no MCP for most) - Build phases: context7 + graphiti + auto-claude - QA phases: + electron OR puppeteer (based on project type) - Utility phases: minimal or none 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(devtools): comprehensive IDE/terminal detection and configuration Expand SupportedIDE type from 7 to 62+ options covering VS Code ecosystem, AI-powered editors (Cursor, Windsurf, Zed, PearAI, Kiro), JetBrains suite, classic editors (Vim, Neovim, Emacs), platform-specific IDEs, and cloud IDEs. Expand SupportedTerminal type from 7 to 37+ options including GPU-accelerated terminals (Alacritty, Kitty, WezTerm), macOS/Windows/Linux native terminals, and modern options (Warp, Ghostty, Rio). Add smart platform-native detection: - macOS: Uses Spotlight (mdfind) for fast app discovery - Windows: Queries registry via PowerShell - Linux: Parses .desktop files from standard locations UI improvements: - Add DevToolsStep to onboarding wizard for initial configuration - Add DevToolsSettings component for settings page - Alphabetically sort IDE/terminal dropdowns for easy scanning - Show detection status (checkmark) for installed tools 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(github): expand AI bot detection patterns for PR reviews The PR review was only detecting 1 bot comment when there were actually 8 (CodeRabbit + GitHub Advanced Security). Expanded AI_BOT_PATTERNS from 22 to 62 patterns covering: - AI Code Review: Greptile, Sourcery, Qodo variants - AI Assistants: Copilot SWE Agent, Sweep AI, Bito, Codeium, Devin - GitHub Native: Dependabot, Merge Queue, Advanced Security - Code Quality: DeepSource, CodeClimate, CodeFactor, Codacy - Security: Snyk, GitGuardian, Semgrep - Coverage: Codecov, Coveralls - Automation: Renovate, Mergify, Imgbot, Allstar, Percy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address PR review security issues and code quality Fixes multiple security vulnerabilities and code quality issues identified in PR #388 code review: Security fixes: - Fix command injection in Terminal.app/iTerm2 AppleScript by escaping paths - Fix command injection in Windows cmd.exe terminal launch using spawn() - Fix command injection in Linux xterm fallback with proper escaping - Fix command injection in custom IDE/terminal paths using execFileAsync() - Add path traversal validation after environment variable expansion - Fix file system race condition in settings migration by re-reading file - Use SystemRoot env var for Windows tar path instead of hardcoded C:\Windows Code quality fixes: - Remove unused electron_mcp_enabled variable in client.py - Remove unused json and timezone imports in test_ollama_embedding_memory.py - Remove unused useTranslation import and t variable in AgentTools.tsx - Fix Windows process kill to use platform-specific termination - Add 10-second timeout to macOS Spotlight app detection - Dynamically detect Python version in venv instead of hardcoding 3.12 - Fix README download links (version was repeated 3 times) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(reliability): add error recovery for file writes and process tracking Addresses remaining medium-priority issues from PR #388 review: 1. Background file writes (worktree-handlers.ts): - Add retry logic with exponential backoff (3 attempts) - Add write verification by reading back the file - Log warnings if main plan write fails after retries 2. Venv process tracking (python-env-manager.ts): - Track spawned processes in activeProcesses Set - Add 2-minute timeout for hung venv creation - Add cleanup() method to kill orphaned processes - Register cleanup on app 'will-quit' event 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(cleanup): remove unused function and fix race condition - Remove unused escapeWindowsCmdPath function (replaced by spawn with args) - Fix race condition in settings migration by removing existsSync check and catching read errors atomically 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard app.on for test environments The app.on('will-quit') handler fails in test environments where the Electron app module is mocked without the 'on' method. Add a guard to check if app.on is a function before calling it. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(codeql): address remaining security alerts and code quality issues Fixes 4 CodeQL alerts from PR #388: 1. Clear-text logging (HIGH): Change "password hashing" to "credential hashing" in test discovery dict to avoid false positive 2. File system race condition (HIGH): Simplify settings migration in index.ts to use existing settings object instead of re-reading file (TOCTOU fix) 3. File system race condition (HIGH): Use EAFP pattern in worktree-handlers.ts - Remove existsSync check before read/write - Handle ENOENT in catch block instead 4. Unused import (NOTE): Use importlib.util.find_spec() instead of try/import to check claude_agent_sdk availability in batch_validator.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): run tests on all Python versions, not just 3.13 The `Run tests` step had `if: matrix.python-version != '3.12'` which skipped regular test execution for Python 3.12. Now tests run on both 3.12 and 3.13, with coverage reporting still only on 3.12. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(codeql): address remaining false positives with proper patterns 1. test_ollama_embedding_memory.py: Add lgtm suppression for test query string containing "authentication" - not actual credentials 2. index.ts: Remove existsSync check, use EAFP pattern (try/catch with ENOENT handling) to eliminate TOCTOU between file existence check and read/write operations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): add sleep to cache invalidation test for CI stability The test_cache_invalidation_on_file_creation test was failing on Python 3.13 in CI due to file system timing issues. Adding a small delay after file creation ensures the mtime change is detected. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(codeql): avoid authentication keyword in test query string CodeQL flags "authentication" as sensitive data. Changed to "auth" to avoid the false positive while preserving test functionality. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(codeql): remove all auth-related terms from test data CodeQL was flagging OAuth/JWT/token terms as sensitive data being logged. Changed test data to use neutral terms like API, middleware, notifications while preserving the test's semantic search functionality. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(github): fetch PR reviews in followup review to capture Cursor/CodeRabbit feedback Follow-up reviews were missing reviews from AI tools like Cursor and CodeRabbit because the code only fetched comments (inline + issue), not formal PR reviews. GitHub distinguishes between: - Reviews: formal submissions via /pulls/{pr}/reviews endpoint - Review comments: inline comments on files - Issue comments: general PR discussion Added get_reviews_since() to fetch formal reviews, updated FollowupContextGatherer to include them, and added a dedicated section in the AI prompt so the followup reviewer considers findings from other AI tools. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(github): handle timezone-naive datetime in get_reviews_since The reviewed_at timestamp can be offset-naive while GitHub API returns offset-aware timestamps, causing comparison to fail with: "can't compare offset-naive and offset-aware datetimes" Added explicit timezone handling to ensure both timestamps are timezone-aware (defaulting to UTC) before comparison. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(release): separate stable and beta download sections in README The previous regex patterns in the release workflow only matched stable versions (X.Y.Z) and failed to update README for beta releases like 2.7.2-beta.10. This caused stale version information in download links. Changes: - Split README download section into Stable Release and Beta Release - Added HTML comment markers for reliable section targeting - Replaced fragile sed commands with Python script for cross-platform regex - Workflow now detects release type and updates only the appropriate section - Fixed semver pattern to require dot in prerelease (beta.10) to avoid matching platform suffixes (win32, darwin) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(review): address Cursor and CodeRabbit review feedback Fixes from code reviews: **Cursor (HIGH priority):** - Remove write permissions from qa_reviewer agent - reviewers should only read code and run tests, not modify files. qa_fixer still has write access. **Cursor (MEDIUM priority):** - Add model fallback default in orchestrator_reviewer.py to match followup_reviewer.py pattern **CodeRabbit:** - Add missing shelf and aqueduct framework entries to FRAMEWORK_COMMANDS - Add i18n translations for GlobalDownloadIndicator (downloads section) - Fix accessibility: convert clickable div to button with proper aria attrs - Add SafeLink component for ReactMarkdown to prevent phishing attacks via malicious links in AI-generated content Also updates test to verify qa_reviewer is read-only (plus Bash). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tools): only allow auto-claude tools when MCP server is available Previously, auto-claude tools were added to the allowed tools list unconditionally based on agent config, even if the SDK wasn't available or the MCP server wasn't running. This could cause confusing errors. Now auto-claude tools are only added when: 1. The agent requires "auto-claude" in its mcp_servers 2. is_tools_available() returns True (SDK is available) This ensures tools and MCP servers are always in sync. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(cross-platform): add Windows support for Python paths and CLI detection This fixes several cross-platform compatibility issues that broke the app on Windows: **subprocess-runner.ts:** - getPythonPath() now returns Scripts/python.exe on Windows, bin/python on Unix - validateGitHubModule() now uses `where gh` on Windows instead of `which gh` - Added platform-specific install instructions (winget/brew/URL) - venvPath check now uses getPythonPath() instead of hardcoded Unix path **python-env-manager.ts:** - Fixed Windows site-packages path (Lib/site-packages, not Lib/python3.x/site-packages) - Windows venv structure doesn't have python version subfolder **generator.ts:** - Fixed PATH split to use path.delimiter instead of hardcoded ':' These issues were causing GitHub automation, Python environment detection, and dependency loading to fail on Windows systems. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): increase sleep time for reliable mtime detection on CI The cache invalidation tests were failing intermittently on CI with Python 3.13 because some filesystems have 1-second mtime resolution. The previous 0.1s sleep was not sufficient to guarantee a different mtime between file writes. Changes: - Increase sleep from 0.1s to 1.0s in both cache invalidation tests - Compute hash before first call to ensure consistency - Add clearer comments explaining the timing requirements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(ci): replace DCO with one-time CLA for contributions Migrates from per-commit DCO sign-off to a one-time Contributor License Agreement (CLA) using CLA Assistant GitHub Action. Why: - DCO required sign-off on every commit, causing 99% of PRs to fail checks - CLA is one-time: contributors sign once and it applies to all future PRs - CLA grants licensing flexibility for potential future enterprise options while keeping the project open source under AGPL-3.0 - Contributors retain full copyright ownership of their contributions Changes: - Add CLA.md (Apache ICLA-style agreement) - Add .github/workflows/cla.yml (CLA enforcement via GitHub Action) - Update pr-status-gate.yml to require CLA check instead of DCO - Update CONTRIBUTING.md with CLA signing instructions - Remove .github/workflows/quality-dco.yml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(worktree): respect task-level branch override when creating worktrees The execution handlers were only reading `project.settings.mainBranch` for determining which branch to create worktrees from, ignoring the task-level override stored in `task.metadata.baseBranch`. This fix ensures the branch selection priority is: 1. Task-level override (task.metadata.baseBranch) - if user selected a specific branch for this task in the Git Options 2. Project default (project.settings.mainBranch) - fallback to project settings if no task-level override Fixed in three code paths: - TASK_START handler (line 121) - TASK_UPDATE_STATUS auto-start logic (line 488) - TASK_RECOVER_STUCK auto-restart logic (line 765) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gitlab): address security and quality review findings - Add prompt injection protection with content delimiters in MR review - Add HTTPS protocol validation in URL sanitization - Add rate limit (429) handling with exponential backoff in API client - Make rebase timeout configurable via GITLAB_REBASE_TIMEOUT_MS env var - Improve exception handling with specific error types in orchestrator - Add unit tests for spec-utils and autofix-handlers sanitization Signed-off-by: Mitsu13Ion <50143759+Mitsu13Ion@users.noreply.github.com> * fix(gitlab): additional security and code quality fixes Security fixes: - Replace execSync with execFileSync in utils.ts to prevent command injection - Replace execSync with execFileSync in oauth-handlers.ts for git/glab commands - Fix error handler returning success:true in listGitLabGroups Code quality: - Use semantic <button> element instead of div[role=button] in InvestigationDialog - Use project.settings.mainBranch for release ref fallback instead of hardcoded 'main' * feat(debug): add always-on logging for production builds Implement persistent application logging using electron-log that works in packaged builds (DMG, EXE, AppImage), not just development mode. This allows users to capture bugs on first occurrence without needing to reproduce issues with debug mode enabled. Features: - Always-on file logging (10MB max, auto-rotation) - Enhanced logging for beta/alpha/rc versions - Debug settings UI with "Open Logs Folder" and "Copy Debug Info" - System info collection for bug reports - Cross-platform log paths (macOS, Windows, Linux) - Comprehensive test suite (29 tests) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gitlab): remove unused GITLAB_MR_GET_DIFF handler The handler was registered but never exposed in GitLabAPI and never used anywhere. This is dead code cleanup. * fix(i18n): use translation keys for integration section strings Replace hardcoded English strings in SectionRouter.tsx with i18n keys for Linear, GitHub, GitLab, and Memory integration sections. Added translation keys to both en/settings.json and fr/settings.json: - projectSections.*.integrationTitle - projectSections.*.integrationDescription - projectSections.*.syncDescription * fix(gitlab): add missing onOpenSettings prop to GitLabMergeRequests Maintain parity with GitHubPRs by passing the onOpenSettings callback that opens the GitLab settings section in the settings dialog. * fix(gitlab): add max length check to sanitizeProjectRef Add defense-in-depth limit of 1024 characters to sanitizeProjectRef, rejecting excessively long inputs. Mirrors sanitizeToken's approach. GitLab limits project paths to 255 chars, but using 1024 as a conservative upper bound for safety. * fix(gitlab): add type annotation to MRReviewEngine.progress_callback Add proper type annotation for progress_callback parameter and attribute: - Import Callable from typing - Annotate parameter as Callable[[ProgressCallback], None] | None - Add class-level attribute annotation for type checker clarity * fix(gitlab): reject URLs with embedded credentials in sanitizeIssueUrl Add security check to reject URLs containing username or password (userinfo) in sanitizeIssueUrl. This prevents credential leakage through crafted URLs. Updated both implementations: - autofix-handlers.ts - spec-utils.ts Updated tests to expect empty string for credential-containing URLs. * feat(gitlab): implement GITLAB_MR_GET_DIFF for GitHub feature parity Add the missing MR diff fetching capability to match GitHub's GITHUB_PR_GET_DIFF functionality. - Add GITLAB_MR_GET_DIFF constant to IPC channels - Implement handler in mr-review-handlers.ts - Expose getGitLabMRDiff method in GitLabAPI interface This closes the feature parity gap between GitHub (11 PR handlers) and GitLab (now 9 MR handlers). * fix(gitlab): improve error messages in MR review handlers Update sendError calls to: - Include mrIid in error payload (matching listener type) - Use descriptive error message format with MR number - Use String(error) fallback for non-Error objects Ensures UI receives readable messages like: 'Follow-up review failed for MR #123: connection timeout' * refactor(gitlab): move inline json import to module level Move 'import json' from inside _parse_review_result to module-level imports. This avoids repeated import overhead on every function call. * fix(gitlab): handle HTTP-date format in Retry-After header The Retry-After header can be either integer seconds or HTTP-date. The previous code called int() directly which would raise ValueError for HTTP-date values. Now handles both formats: 1. Try parsing as integer seconds 2. If that fails, try parsing as HTTP-date and compute delta 3. Fall back to exponential backoff (2**attempt) if parsing fails Ensures wait_time is always a valid integer >= 1. * fix(gitlab): import Callable from collections.abc Fix UP035 linting error - import Callable from collections.abc instead of typing module. * fix(gitlab): address PR review security and quality issues Security fixes: - Add path traversal validation in autofix-handlers.ts - Add runtime validation for issueIid parameter - Add endpoint validation whitelist in glab_client.py - Prevent token exposure in debug logs with redaction - Use atomic file writes to prevent race conditions Quality improvements: - Narrow exception catching to ImportError only in Python imports - Improve error handling in mr_review_engine.py JSON parsing - Add IPC listener cleanup function to prevent memory leaks - Add ErrorBoundary component for graceful error handling in MRDetail * style(gitlab): apply ruff formatting to Python files * fix(gitlab): address PR review findings and add comprehensive tests Security & Quality Fixes: - Add explicit JSON decode error handling in glab_client.py - Fix race condition in atomic file write using crypto.randomUUID() - Add user content sanitization in MR review engine (null bytes, control chars) - Add HTTPS validation for self-hosted GitLab instance URLs - Change unknown milestone state logging from debug to warning level - Standardize debug logging checks with clarifying comments - Document 'locked' MR state handling Test Coverage (90 new tests): - oauth-handlers.test.ts: project validation, URL parsing, token redaction - issue-handlers.test.ts: issue transformation, milestone state handling - merge-request-handlers.test.ts: MR transformation, state validation - mr-review-handlers.test.ts: review parsing, finding formatting * style(gitlab): apply ruff formatting to mr_review_engine.py --------- Signed-off-by: Mitsu13Ion <50143759+Mitsu13Ion@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: AndyMik90 <andre@mikalsenutvikling.no> Co-authored-by: Andy <119136210+AndyMik90@users.noreply.github.com> Co-authored-by: Alex <63423455+AlexMadera@users.noreply.github.com>
21 KiB
Contributing to Auto Claude
Thank you for your interest in contributing to Auto Claude! This document provides guidelines and instructions for contributing to the project.
Table of Contents
- Contributor License Agreement (CLA)
- Prerequisites
- Quick Start
- Development Setup
- Running from Source
- Pre-commit Hooks
- Code Style
- Testing
- Continuous Integration
- Git Workflow
- Pull Request Process
- Issue Reporting
- Architecture Overview
Contributor License Agreement (CLA)
All contributors must sign our Contributor License Agreement (CLA) before contributions can be accepted.
Why We Require a CLA
Auto Claude is currently licensed under AGPL-3.0. The CLA ensures the project has proper licensing flexibility should we introduce additional licensing options (such as commercial/enterprise licenses) in the future.
You retain full copyright ownership of your contributions.
How to Sign
- Open a Pull Request
- The CLA bot will automatically comment with instructions
- Comment on the PR with:
I have read the CLA Document and I hereby sign the CLA - Done - you only need to sign once, and it applies to all future contributions
Read the full CLA here: CLA.md
Prerequisites
Before contributing, ensure you have the following installed:
- Python 3.12+ - For the backend framework
- Node.js 24+ - For the Electron frontend
- npm 10+ - Package manager for the frontend (comes with Node.js)
- uv (recommended) or pip - Python package manager
- CMake - Required for building native dependencies (e.g., LadybugDB)
- Git - Version control
Installing Python 3.12
Windows:
winget install Python.Python.3.12
macOS:
brew install python@3.12
Linux (Ubuntu/Debian):
sudo apt install python3.12 python3.12-venv
Linux (Fedora):
sudo dnf install python3.12
Installing Node.js 24+
Windows:
winget install OpenJS.NodeJS.LTS
macOS:
brew install node@24
Linux (Ubuntu/Debian):
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -
sudo apt install -y nodejs
Linux (Fedora):
sudo dnf install nodejs npm
Installing CMake
Windows:
winget install Kitware.CMake
macOS:
brew install cmake
Linux (Ubuntu/Debian):
sudo apt install cmake
Linux (Fedora):
sudo dnf install cmake
Quick Start
The fastest way to get started:
# Clone the repository
git clone https://github.com/AndyMik90/Auto-Claude.git
cd Auto-Claude
# Install all dependencies (cross-platform)
npm run install:all
# Run in development mode
npm run dev
# Or build and run production
npm start
Development Setup
The project consists of two main components:
- Python Backend (
apps/backend/) - The core autonomous coding framework - Electron Frontend (
apps/frontend/) - Optional desktop UI
Python Backend
The recommended way is to use npm run install:backend, but you can also set up manually:
# Navigate to the backend directory
cd apps/backend
# Create virtual environment
# Windows:
py -3.12 -m venv .venv
.venv\Scripts\activate
# macOS/Linux:
python3.12 -m venv .venv
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Install test dependencies
pip install -r ../../tests/requirements-test.txt
# Set up environment
cp .env.example .env
# Edit .env and add your CLAUDE_CODE_OAUTH_TOKEN (get it via: claude setup-token)
Electron Frontend
# Navigate to the frontend directory
cd apps/frontend
# Install dependencies
npm install
# Start development server
npm run dev
# Build for production
npm run build
# Package for distribution
npm run package
Running from Source
If you want to run Auto Claude from source (for development or testing unreleased features), follow these steps:
Step 1: Clone and Set Up
git clone https://github.com/AndyMik90/Auto-Claude.git
cd Auto-Claude/apps/backend
# Using uv (recommended)
uv venv && uv pip install -r requirements.txt
# Or using standard Python
python3 -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
pip install -r requirements.txt
# Set up environment
cd apps/backend
cp .env.example .env
# Edit .env and add your CLAUDE_CODE_OAUTH_TOKEN (get it via: claude setup-token)
Step 2: Run the Desktop UI
cd ../frontend
# Install dependencies
npm install
# Development mode (hot reload)
npm run dev
# Or production build
npm run build && npm run start
Windows users: If installation fails with node-gyp errors, click here
Auto Claude automatically downloads prebuilt binaries for Windows. If prebuilts aren't available for your Electron version yet, you'll need Visual Studio Build Tools:
- Download Visual Studio Build Tools 2022
- Select "Desktop development with C++" workload
- In "Individual Components", add "MSVC v143 - VS 2022 C++ x64/x86 Spectre-mitigated libs"
- Restart terminal and run
npm installagain
Note: For regular usage, we recommend downloading the pre-built releases from GitHub Releases. Running from source is primarily for contributors and those testing unreleased features.
Pre-commit Hooks
We use pre-commit to run linting and formatting checks before each commit. This ensures code quality and consistency across the project.
Setup
# Install pre-commit
pip install pre-commit
# Install the git hooks (run once after cloning)
pre-commit install
What Runs on Commit
When you commit, the following checks run automatically:
| Check | Scope | Description |
|---|---|---|
| ruff | apps/backend/ |
Python linter with auto-fix |
| ruff-format | apps/backend/ |
Python code formatter |
| eslint | apps/frontend/ |
TypeScript/React linter |
| typecheck | apps/frontend/ |
TypeScript type checking |
| trailing-whitespace | All files | Removes trailing whitespace |
| end-of-file-fixer | All files | Ensures files end with newline |
| check-yaml | All files | Validates YAML syntax |
| check-added-large-files | All files | Prevents large file commits |
Running Manually
# Run all checks on all files
pre-commit run --all-files
# Run a specific hook
pre-commit run ruff --all-files
# Skip hooks temporarily (not recommended)
git commit --no-verify -m "message"
If a Check Fails
- Ruff auto-fixes: Some issues are fixed automatically. Stage the changes and commit again.
- ESLint errors: Fix the reported issues in your code.
- Type errors: Resolve TypeScript type issues before committing.
Code Style
Python
- Follow PEP 8 style guidelines
- Use type hints for function signatures
- Use docstrings for public functions and classes
- Keep functions focused and under 50 lines when possible
- Use meaningful variable and function names
# Good
def get_next_chunk(spec_dir: Path) -> dict | None:
"""
Find the next pending chunk in the implementation plan.
Args:
spec_dir: Path to the spec directory
Returns:
The next chunk dict or None if all chunks are complete
"""
...
# Avoid
def gnc(sd):
...
TypeScript/React
- Use TypeScript strict mode
- Follow the existing component patterns in
apps/frontend/src/ - Use functional components with hooks
- Prefer named exports over default exports
- Use the UI components from
src/renderer/components/ui/
// Good
export function TaskCard({ task, onEdit }: TaskCardProps) {
const [isEditing, setIsEditing] = useState(false);
...
}
// Avoid
export default function(props) {
...
}
General
- No trailing whitespace
- Use 2 spaces for indentation in TypeScript/JSON, 4 spaces in Python
- End files with a newline
- Keep line length under 100 characters when practical
Testing
Python Tests
# Run all tests (from repository root)
npm run test:backend
# Or manually with pytest
cd apps/backend
.venv/Scripts/pytest.exe ../tests -v # Windows
.venv/bin/pytest ../tests -v # macOS/Linux
# Run a specific test file
npm run test:backend -- tests/test_security.py -v
# Run a specific test
npm run test:backend -- tests/test_security.py::test_bash_command_validation -v
# Skip slow tests
npm run test:backend -- -m "not slow"
# Run with coverage
pytest tests/ --cov=apps/backend --cov-report=html
Test configuration is in tests/pytest.ini.
Frontend Tests
cd apps/frontend
# Run unit tests
npm test
# Run tests in watch mode
npm run test:watch
# Run with coverage
npm run test:coverage
# Run E2E tests (requires built app)
npm run build
npm run test:e2e
# Run linting
npm run lint
# Run type checking
npm run typecheck
Testing Requirements
Before submitting a PR:
- All existing tests must pass
- New features should include tests
- Bug fixes should include a regression test
- Test coverage should not decrease significantly
Continuous Integration
All pull requests and pushes to main trigger automated CI checks via GitHub Actions.
Workflows
| Workflow | Trigger | What it checks |
|---|---|---|
| CI | Push to main, PRs |
Python tests (3.11 & 3.12), Frontend tests |
| Lint | Push to main, PRs |
Ruff (Python), ESLint + TypeScript (Frontend) |
| Test on Tag | Version tags (v*) |
Full test suite before release |
PR Requirements
Before a PR can be merged:
- All CI checks must pass (green checkmarks)
- Python tests pass on both Python 3.11 and 3.12
- Frontend tests pass
- Linting passes (no ruff or eslint errors)
- TypeScript type checking passes
Running CI Checks Locally
# Python tests
cd apps/backend
source .venv/bin/activate
pytest ../../tests/ -v
# Frontend tests
cd apps/frontend
npm test
npm run lint
npm run typecheck
Git Workflow
We use a Git Flow branching strategy to manage releases and parallel development.
Branch Overview
main (stable) ← Only released, tested code (tagged versions)
│
develop ← Integration branch - all PRs merge here first
│
├── feature/xxx ← New features
├── fix/xxx ← Bug fixes
├── release/vX.Y.Z ← Release preparation
└── hotfix/xxx ← Emergency production fixes
Main Branches
| Branch | Purpose | Protected |
|---|---|---|
main |
Production-ready code. Only receives merges from release/* or hotfix/* branches. Every merge is tagged (v2.7.0, v2.8.0, etc.) |
✅ Yes |
develop |
Integration branch where all features and fixes are combined. This is the default target for all PRs. | ✅ Yes |
Supporting Branches
| Branch Type | Branch From | Merge To | Purpose |
|---|---|---|---|
feature/* |
develop |
develop |
New features and enhancements |
fix/* |
develop |
develop |
Bug fixes (non-critical) |
release/* |
develop |
main + develop |
Release preparation and final testing |
hotfix/* |
main |
main + develop |
Critical production bug fixes |
Branch Naming
Use descriptive branch names with a prefix indicating the type of change:
| Prefix | Purpose | Example |
|---|---|---|
feature/ |
New feature | feature/add-dark-mode |
fix/ |
Bug fix | fix/memory-leak-in-worker |
hotfix/ |
Urgent production fix | hotfix/critical-crash-fix |
docs/ |
Documentation | docs/update-readme |
refactor/ |
Code refactoring | refactor/simplify-auth-flow |
test/ |
Test additions/fixes | test/add-integration-tests |
chore/ |
Maintenance tasks | chore/update-dependencies |
release/ |
Release preparation | release/v2.8.0 |
hotfix/ |
Emergency fixes | hotfix/critical-auth-bug |
Where to Branch From
# For features and bug fixes - ALWAYS branch from develop
git checkout develop
git pull origin develop
git checkout -b feature/my-new-feature
# For hotfixes only - branch from main
git checkout main
git pull origin main
git checkout -b hotfix/critical-fix
Pull Request Targets
⚠️ Important: All PRs should target
develop, NOTmain!
| Your Branch Type | Target Branch |
|---|---|
feature/* |
develop |
fix/* |
develop |
docs/* |
develop |
refactor/* |
develop |
test/* |
develop |
chore/* |
develop |
hotfix/* |
main (maintainers only) |
release/* |
main (maintainers only) |
Release Process (Maintainers)
When ready to release a new version:
# 1. Create release branch from develop
git checkout develop
git pull origin develop
git checkout -b release/v2.8.0
# 2. Update version numbers, CHANGELOG, final fixes only
# No new features allowed in release branches!
# 3. Merge to main and tag
git checkout main
git merge release/v2.8.0
git tag v2.8.0
git push origin main --tags
# 4. Merge back to develop (important!)
git checkout develop
git merge release/v2.8.0
git push origin develop
# 5. Delete release branch
git branch -d release/v2.8.0
git push origin --delete release/v2.8.0
Beta Release Process (Maintainers)
Beta releases allow users to test new features before they're included in a stable release. Beta releases are published from the develop branch.
Creating a Beta Release:
- Go to Actions → Beta Release workflow in GitHub
- Click Run workflow
- Enter the beta version (e.g.,
2.8.0-beta.1) - Optionally enable dry run to test without publishing
- Click Run workflow
The workflow will:
- Validate the version format
- Update
package.jsonon develop - Create and push a tag (e.g.,
v2.8.0-beta.1) - Build installers for all platforms
- Create a GitHub pre-release
Version Format:
X.Y.Z-beta.N (e.g., 2.8.0-beta.1, 2.8.0-beta.2)
X.Y.Z-alpha.N (e.g., 2.8.0-alpha.1)
X.Y.Z-rc.N (e.g., 2.8.0-rc.1)
For Users: Users can opt into beta updates in Settings → Updates → "Beta Updates" toggle. When enabled, the app will check for and install beta versions. Users can switch back to stable at any time.
Hotfix Workflow
For urgent production fixes that can't wait for the normal release cycle:
1. Create hotfix from main
git checkout main
git pull origin main
git checkout -b hotfix/150-critical-fix
2. Fix the issue
# ... make changes ...
git commit -m "hotfix: fix critical crash on startup"
3. Open PR to main (fast-track review)
gh pr create --base main --title "hotfix: fix critical crash on startup"
4. After merge to main, sync to develop
git checkout develop
git pull origin develop
git merge main
git push origin develop
main ─────●─────●─────●─────●───── (production)
↑ ↑ ↑ ↑
develop ──●─────●─────●─────●───── (integration)
↑ ↑ ↑
feature/123 ────●
feature/124 ──────────●
hotfix/125 ─────────────────●───── (from main, merge to both)
Note: Hotfixes branch FROM
mainand merge TOmainfirst, then sync back todevelopto keep branches aligned.
Commit Messages
Write clear, concise commit messages that explain the "why" behind changes:
# Good
git commit -m "Add retry logic for failed API calls
Implements exponential backoff for transient failures.
Fixes #123"
# Avoid
git commit -m "fix stuff"
git commit -m "WIP"
Format:
<type>: <subject>
<body>
<footer>
- type: feat, fix, docs, style, refactor, test, chore
- subject: Short description (50 chars max, imperative mood)
- body: Detailed explanation if needed (wrap at 72 chars)
- footer: Reference issues, breaking changes
PR Hygiene
Rebasing:
- Rebase onto develop before opening a PR and before merge to maintain linear history
- Use
git fetch origin && git rebase origin/developto sync your branch - Use
--force-with-leasewhen force-pushing rebased branches (safer than--force) - Notify reviewers after force-pushing during active review
- Exception: Never rebase after PR is approved and others have reviewed specific commits
Commit organization:
- Squash fixup commits (typos, "oops", review feedback) into their parent commits
- Keep logically distinct changes as separate commits that could be reverted independently
- Each commit should compile and pass tests independently
- No "WIP", "fix tests", or "lint" commits in final PR - squash these
Before requesting review:
# Ensure up-to-date with develop
git fetch origin && git rebase origin/develop
# Clean up commit history (squash fixups, reword messages)
git rebase -i origin/develop
# Force push with safety check
git push --force-with-lease
# Verify everything works
npm run test:backend
cd apps/frontend && npm test && npm run lint && npm run typecheck
PR size:
- Keep PRs small (<400 lines changed ideally)
- Split large features into stacked PRs if possible
Pull Request Process
-
Fork the repository and create your branch from
develop(not main!)git checkout develop git pull origin develop git checkout -b feature/your-feature-name -
Make your changes following the code style guidelines
-
Test thoroughly:
# Python (from repository root) npm run test:backend # Frontend cd apps/frontend && npm test && npm run lint && npm run typecheck -
Update documentation if your changes affect:
- Public APIs
- Configuration options
- User-facing behavior
-
Create the Pull Request:
- Use a clear, descriptive title
- Reference any related issues
- Describe what changes you made and why
- Include screenshots for UI changes
- List any breaking changes
-
PR Title Format:
<type>: <description>Examples:
feat: Add support for custom promptsfix: Resolve memory leak in worker processdocs: Update installation instructions
-
Review Process:
- Address reviewer feedback promptly
- Keep the PR focused on a single concern
- Squash commits if requested
Issue Reporting
Bug Reports
When reporting a bug, include:
- Clear title describing the issue
- Environment details:
- OS and version
- Python version
- Node.js version (for UI issues)
- Auto Claude version
- Steps to reproduce the issue
- Expected behavior vs actual behavior
- Error messages or logs (if applicable)
- Screenshots (for UI issues)
Feature Requests
When requesting a feature:
- Describe the problem you're trying to solve
- Explain your proposed solution
- Consider alternatives you've thought about
- Provide context on your use case
Architecture Overview
Auto Claude consists of two main parts:
Python Backend (apps/backend/)
The core autonomous coding framework:
- Entry Points:
run.py(build runner),spec_runner.py(spec creator) - Agent System:
agent.py,client.py,prompts/ - Execution:
coordinator.py(parallel),worktree.py(isolation) - Memory:
memory.py(file-based),graphiti_memory.py(graph-based) - QA:
qa_loop.py,prompts/qa_*.md
Electron Frontend (apps/frontend/)
Desktop interface:
- Main Process:
src/main/- Electron main process, IPC handlers - Renderer:
src/renderer/- React UI components - Shared:
src/shared/- Types and utilities
For detailed architecture information, see CLAUDE.md.
Questions?
If you have questions about contributing, feel free to:
- Open a GitHub issue with the
questionlabel - Review existing issues and discussions
Thank you for contributing to Auto Claude!