* refactor: streamline profile management and enhance usage monitoring - Consolidated profile management logic to improve clarity and maintainability. - Enhanced usage monitoring to support both OAuth and API profiles, ensuring accurate data retrieval. - Updated error handling for API requests to provide better feedback and prevent silent failures. - Improved test coverage for profile detection and usage monitoring functionalities. These changes aim to optimize the user experience by ensuring that profile-related data is handled consistently and that usage metrics are accurately reported across different authentication methods. * fix(tests): update tests for new auth badge display behavior - Update AuthStatusIndicator tests to expect "Claude Code"/"API Key" badge labels instead of provider names (Anthropic, z.ai, ZHIPU AI) - Fix usage-monitor tests that relied on console.warn calls (now uses debugLog) - Add missing mock Response headers to prevent TypeError in fetch tests - Convert dynamic require to static import in claude-profile-manager Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Address PR review findings for account swapping - Add `persistenceFailed` flag to EnsureValidTokenResult for callers to detect when token refresh succeeded but keychain write failed - Add collision detection to profile migration to handle cases where two profile names sanitize to the same directory name - Change hardcoded 'default' to 'unknown' in updateTaskSession when no profile assignment exists, and add optional profileInfo parameter Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: Resolve CodeQL security alerts - Fix TOCTOU race condition in profile migration by using 'wx' flag for atomic file creation instead of existsSync check - Remove unused imports: DEFAULT_CLAUDE_CONFIG_DIR, BrowserWindow, IPC_CHANNELS, User The medium severity alerts for "Network data written to file" and "File data in outbound network request" are expected behavior for credential management and API authentication respectively. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(linux): Add Secret Service support for credential storage Linux credentials now use the Secret Service API (gnome-keyring/kwallet) via the `secret-tool` CLI, matching how macOS uses Keychain and Windows uses Credential Manager. Implementation: - getCredentialsFromLinuxSecretService: Retrieve tokens from Secret Service - getFullCredentialsFromLinuxSecretService: Retrieve full OAuth credentials - updateLinuxSecretServiceCredentials: Store refreshed tokens - Automatic fallback to .credentials.json file if Secret Service unavailable The `secret-tool` command is part of libsecret-tools package, commonly available on most Linux desktop distributions. This provides secure credential storage instead of plaintext file storage. Credentials are stored with: - Label: "Claude Code-credentials" - Attribute: application=claude-code (or claude-code-{hash} for profiles) Fixes security gap where Linux used file storage while macOS and Windows used proper secure credential stores. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: Add guidelines against providing time estimates in development Introduced a critical section in the development guidelines emphasizing the avoidance of time estimates for tasks. This change highlights the misleading nature of traditional time predictions in AI-assisted development and encourages a focus on actionable steps and priority-based ordering instead. Examples of incorrect and correct approaches are provided for clarity. * fix: address PR review findings for account swapping MEDIUM severity fixes: - Implement getBestProfileForTask handler with actual profile selection logic - Refactor credential-utils.ts to eliminate code duplication with shared helpers - Fix PowerShell escaping vulnerabilities with proper character escaping - Use base64 encoding for JSON data passed to PowerShell scripts - Add warning that returned token may be revoked after server-side refresh failure - Document side effect in getBestAvailableProfileEnv function LOW severity fixes: - Reduce token fingerprint logging from 12+4 to 4+2 chars - Document >= threshold as intentional (proactive switching before limits) - Move writeFileSync import to top of file with other fs imports - Remove unnecessary existsSync checks (mkdirSync recursive is idempotent) - Add homedir to top-level imports from 'os' - Add comment noting acceptable TOCTOU race window in profile-storage.ts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: clear credential cache after platform credential updates Add clearCredentialCache() calls to all platform-specific update functions to prevent stale cached tokens from being returned after successful updates: - updateMacOSKeychainCredentials - updateLinuxSecretServiceCredentials - updateLinuxFileCredentials - updateWindowsCredentialManagerCredentials This ensures callers always get fresh credential values after token refresh, rather than waiting for the 5-minute cache TTL to expire. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: handle persistenceFailed flag in token refresh calls When token refresh succeeds but fails to persist to keychain, the user needs to be notified to re-authenticate. Previously, the persistenceFailed flag was ignored, which could lead to authentication errors on app restart. Now all three call sites for ensureValidToken/reactiveTokenRefresh properly: - Check the persistenceFailed flag - Add the profile to needsReauthProfiles set when persistence fails - Log a warning about the persistence failure - Clear from needsReauthProfiles only when both refresh AND persistence succeed Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: enhance credential management and re-authentication flow - Updated macOS keychain handling to ensure existing credentials are deleted before adding new ones, preventing stale tokens. - Integrated credential checks in profile authentication to verify token presence in the keychain, improving user experience by flagging profiles needing re-authentication. - Enhanced the UsageIndicator component to provide clearer messaging for re-authentication requirements, improving user feedback. - Added new localization strings for re-authentication prompts in both English and French. This update addresses critical issues with credential persistence and user notifications, ensuring a smoother authentication experience across platforms. * fix(auth): prevent false auth failures from file names in logs Change auth failure pattern from \s* to \s+ to require at least one whitespace character between "auth" and "failure/error/failed". This fixes false positives where log lines like "[ParallelOrchestrator] Reading AuthFailureModal.tsx" were incorrectly triggering auth failure modals. The pattern matched "AuthFailure" (zero whitespace) even though the OAuth token was valid. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(auth): use imported homedir instead of inline require Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Auto Claude
Autonomous multi-agent coding framework that plans, builds, and validates software for you.
Download
Stable Release
| Platform | Download |
|---|---|
| Windows | Auto-Claude-2.7.5-win32-x64.exe |
| macOS (Apple Silicon) | Auto-Claude-2.7.5-darwin-arm64.dmg |
| macOS (Intel) | Auto-Claude-2.7.5-darwin-x64.dmg |
| Linux | Auto-Claude-2.7.5-linux-x86_64.AppImage |
| Linux (Debian) | Auto-Claude-2.7.5-linux-amd64.deb |
| Linux (Flatpak) | Auto-Claude-2.7.5-linux-x86_64.flatpak |
Beta Release
⚠️ Beta releases may contain bugs and breaking changes. View all releases
| Platform | Download |
|---|---|
| Windows | Auto-Claude-2.7.2-beta.10-win32-x64.exe |
| macOS (Apple Silicon) | Auto-Claude-2.7.2-beta.10-darwin-arm64.dmg |
| macOS (Intel) | Auto-Claude-2.7.2-beta.10-darwin-x64.dmg |
| Linux | Auto-Claude-2.7.2-beta.10-linux-x86_64.AppImage |
| Linux (Debian) | Auto-Claude-2.7.2-beta.10-linux-amd64.deb |
| Linux (Flatpak) | Auto-Claude-2.7.2-beta.10-linux-x86_64.flatpak |
All releases include SHA256 checksums and VirusTotal scan results for security verification.
Requirements
- Claude Pro/Max subscription - Get one here
- Claude Code CLI -
npm install -g @anthropic-ai/claude-code - Git repository - Your project must be initialized as a git repo
Quick Start
- Download and install the app for your platform
- Open your project - Select a git repository folder
- Connect Claude - The app will guide you through OAuth setup
- Create a task - Describe what you want to build
- Watch it work - Agents plan, code, and validate autonomously
Features
| Feature | Description |
|---|---|
| Autonomous Tasks | Describe your goal; agents handle planning, implementation, and validation |
| Parallel Execution | Run multiple builds simultaneously with up to 12 agent terminals |
| Isolated Workspaces | All changes happen in git worktrees - your main branch stays safe |
| Self-Validating QA | Built-in quality assurance loop catches issues before you review |
| AI-Powered Merge | Automatic conflict resolution when integrating back to main |
| Memory Layer | Agents retain insights across sessions for smarter builds |
| GitHub/GitLab Integration | Import issues, investigate with AI, create merge requests |
| Linear Integration | Sync tasks with Linear for team progress tracking |
| Cross-Platform | Native desktop apps for Windows, macOS, and Linux |
| Auto-Updates | App updates automatically when new versions are released |
Interface
Kanban Board
Visual task management from planning through completion. Create tasks and monitor agent progress in real-time.
Agent Terminals
AI-powered terminals with one-click task context injection. Spawn multiple agents for parallel work.
Roadmap
AI-assisted feature planning with competitor analysis and audience targeting.
Additional Features
- Insights - Chat interface for exploring your codebase
- Ideation - Discover improvements, performance issues, and vulnerabilities
- Changelog - Generate release notes from completed tasks
Project Structure
Auto-Claude/
├── apps/
│ ├── backend/ # Python agents, specs, QA pipeline
│ └── frontend/ # Electron desktop application
├── guides/ # Additional documentation
├── tests/ # Test suite
└── scripts/ # Build utilities
CLI Usage
For headless operation, CI/CD integration, or terminal-only workflows:
cd apps/backend
# Create a spec interactively
python spec_runner.py --interactive
# Run autonomous build
python run.py --spec 001
# Review and merge
python run.py --spec 001 --review
python run.py --spec 001 --merge
See guides/CLI-USAGE.md for complete CLI documentation.
Development
Want to build from source or contribute? See CONTRIBUTING.md for complete development setup instructions.
For Linux-specific builds (Flatpak, AppImage), see guides/linux.md.
Security
Auto Claude uses a three-layer security model:
- OS Sandbox - Bash commands run in isolation
- Filesystem Restrictions - Operations limited to project directory
- Dynamic Command Allowlist - Only approved commands based on detected project stack
All releases are:
- Scanned with VirusTotal before publishing
- Include SHA256 checksums for verification
- Code-signed where applicable (macOS)
Available Scripts
| Command | Description |
|---|---|
npm run install:all |
Install backend and frontend dependencies |
npm start |
Build and run the desktop app |
npm run dev |
Run in development mode with hot reload |
npm run package |
Package for current platform |
npm run package:mac |
Package for macOS |
npm run package:win |
Package for Windows |
npm run package:linux |
Package for Linux |
npm run package:flatpak |
Package as Flatpak (see guides/linux.md) |
npm run lint |
Run linter |
npm test |
Run frontend tests |
npm run test:backend |
Run backend tests |
Contributing
We welcome contributions! Please read CONTRIBUTING.md for:
- Development setup instructions
- Code style guidelines
- Testing requirements
- Pull request process
Community
- Discord - Join our community
- Issues - Report bugs or request features
- Discussions - Ask questions
License
AGPL-3.0 - GNU Affero General Public License v3.0
Auto Claude is free to use. If you modify and distribute it, or run it as a service, your code must also be open source under AGPL-3.0.
Commercial licensing available for closed-source use cases.


