@vibe80/vibe80 0.2.0 → 0.2.2

package/client/src/hooks/useChatSocket.js

@@ -47,7 +47,6 @@ export default function useChatSocket({
   maybeNotify,
   normalizeAttachments,
   loadRepoLastCommit,
-  loadBranches,
   loadWorktreeLastCommit,
   openAiLoginRequest,
   setOpenAiLoginRequest,
@@ -264,12 +263,14 @@ export default function useChatSocket({
                 id: payload.itemId,
                 role: "assistant",
                 text: payload.delta,
+                isStreaming: true,
               });
               return next;
             }
 
             const updated = { ...next[existingIndex] };
             updated.text += payload.delta;
+            updated.isStreaming = true;
             next[existingIndex] = updated;
             return next;
           });
@@ -294,6 +295,7 @@ export default function useChatSocket({
                 id: payload.itemId,
                 role: "assistant",
                 text: payload.text,
+                isStreaming: false,
               });
               return next;
             }
@@ -301,6 +303,7 @@ export default function useChatSocket({
             next[existingIndex] = {
               ...next[existingIndex],
               text: payload.text,
+              isStreaming: false,
             };
             return next;
           });
@@ -366,9 +369,6 @@ export default function useChatSocket({
           });
           if (payload.request === "run" || payload.request === "git") {
             void loadRepoLastCommit();
-            if (typeof loadBranches === "function") {
-              void loadBranches();
-            }
           }
         }
 
@@ -823,9 +823,6 @@ export default function useChatSocket({
             });
           if (payload.request === "run" || payload.request === "git") {
             void loadWorktreeLastCommit(wtId);
-            if (typeof loadBranches === "function" && wtId === "main") {
-              void loadBranches();
-            }
           }
           }
 
@@ -924,12 +921,14 @@ export default function useChatSocket({
                     id: payload.itemId,
                     role: "assistant",
                     text: payload.delta || "",
+                    isStreaming: true,
                   });
                 } else {
                   messages[existingIdx] = {
                     ...messages[existingIdx],
                     text:
                       (messages[existingIdx].text || "") + (payload.delta || ""),
+                    isStreaming: true,
                   };
                 }
               } else {
@@ -938,11 +937,13 @@ export default function useChatSocket({
                     id: payload.itemId,
                     role: "assistant",
                     text: payload.text || "",
+                    isStreaming: false,
                   });
                 } else {
                   messages[existingIdx] = {
                     ...messages[existingIdx],
                     text: payload.text || "",
+                    isStreaming: false,
                   };
                 }
               }

package/client/src/hooks/useRepoBranchesModels.js

@@ -23,12 +23,14 @@ export default function useRepoBranchesModels({
   const [branchError, setBranchError] = useState("");
   const initialBranchRef = useRef("");
 
-  const loadBranches = useCallback(async () => {
+  const loadBranches = useCallback(async ({ background = false } = {}) => {
     if (!attachmentSessionId) {
       return;
     }
-    setBranchLoading(true);
-    setBranchError("");
+    if (!background) {
+      setBranchLoading(true);
+      setBranchError("");
+    }
     try {
       const response = await apiFetch(
         `/api/v1/sessions/${encodeURIComponent(
@@ -46,9 +48,13 @@ export default function useRepoBranchesModels({
         setDefaultBranch(payload.current);
       }
     } catch (error) {
-      setBranchError(error.message || t("Unable to load branches."));
+      if (!background) {
+        setBranchError(error.message || t("Unable to load branches."));
+      }
     } finally {
-      setBranchLoading(false);
+      if (!background) {
+        setBranchLoading(false);
+      }
     }
   }, [attachmentSessionId, apiFetch, t]);
 
@@ -110,7 +116,7 @@ export default function useRepoBranchesModels({
     initialBranchRef.current = "";
     setDefaultBranch("");
     setProviderModelState({});
-    loadBranches();
+    loadBranches({ background: true });
   }, [attachmentSessionId, loadBranches]);
 
   useEffect(() => {

package/client/src/hooks/useWorktreeCloseConfirm.js

@@ -1,4 +1,4 @@
-import { useCallback } from "react";
+import { useCallback, useState } from "react";
 
 export default function useWorktreeCloseConfirm({
   closeConfirm,
@@ -7,6 +7,8 @@ export default function useWorktreeCloseConfirm({
   activeWorktreeIdRef,
   closeWorktree,
 }) {
+  const [closeConfirmDeleting, setCloseConfirmDeleting] = useState(false);
+
   const openCloseConfirm = useCallback(
     (worktreeId) => {
       if (!worktreeId || worktreeId === "main") {
@@ -18,21 +20,30 @@ export default function useWorktreeCloseConfirm({
   );
 
   const closeCloseConfirm = useCallback(() => {
+    if (closeConfirmDeleting) {
+      return;
+    }
     setCloseConfirm(null);
-  }, [setCloseConfirm]);
+  }, [closeConfirmDeleting, setCloseConfirm]);
 
   const handleConfirmDelete = useCallback(async () => {
-    if (!closeConfirm?.worktreeId) {
+    if (!closeConfirm?.worktreeId || closeConfirmDeleting) {
       return;
     }
-    if (activeWorktreeIdRef.current === closeConfirm.worktreeId) {
-      setActiveWorktreeId("main");
+    setCloseConfirmDeleting(true);
+    try {
+      if (activeWorktreeIdRef.current === closeConfirm.worktreeId) {
+        setActiveWorktreeId("main");
+      }
+      await closeWorktree(closeConfirm.worktreeId);
+      setCloseConfirm(null);
+    } finally {
+      setCloseConfirmDeleting(false);
     }
-    await closeWorktree(closeConfirm.worktreeId);
-    setCloseConfirm(null);
   }, [
     activeWorktreeIdRef,
     closeConfirm,
+    closeConfirmDeleting,
     closeWorktree,
     setActiveWorktreeId,
     setCloseConfirm,
@@ -42,5 +53,6 @@ export default function useWorktreeCloseConfirm({
     openCloseConfirm,
     closeCloseConfirm,
     handleConfirmDelete,
+    closeConfirmDeleting,
   };
 }

package/client/src/hooks/useWorktrees.js

@@ -249,7 +249,7 @@ export default function useWorktrees({
     }) => {
       if (!attachmentSessionId) {
         showToast?.(t("Session not found."), "error");
-        return;
+        return false;
       }
       try {
         const response = await apiFetch(
@@ -313,11 +313,13 @@ export default function useWorktrees({
         }));
         setActiveWorktreeId(payload.worktreeId);
         void requestWorktreesList();
+        return true;
       } catch (error) {
         showToast?.(
           error.message || t("Failed to create parallel request."),
           "error"
         );
+        return false;
       }
     },
     [

package/client/src/index.css

@@ -633,14 +633,21 @@ textarea {
 
 .session-item {
   display: flex;
-  justify-content: space-between;
-  align-items: center;
-  gap: 12px;
+  flex-direction: column;
+  gap: 10px;
   padding: 10px 12px;
   border-radius: 12px;
   background: rgba(20, 19, 17, 0.05);
 }
 
+.session-item-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 12px;
+  width: 100%;
+}
+
 .session-item-meta {
   display: flex;
   flex-direction: column;
@@ -669,6 +676,15 @@ textarea {
   cursor: pointer;
 }
 
+.session-list-icon-button {
+  width: 36px;
+  height: 36px;
+  padding: 0;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+}
+
 .session-list-button.is-danger {
   background: #e05a4f;
 }
@@ -684,6 +700,13 @@ textarea {
   align-items: center;
 }
 
+.session-config-actions {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+  margin-top: 10px;
+}
+
 .toast-container {
   position: fixed;
   right: 24px;

package/client/src/locales/en.json

@@ -33,5 +33,16 @@
   "Annotations": "Annotations",
   "Only sent with the next message.": "Only sent with the next message.",
   "No annotations yet.": "No annotations yet.",
-  "Write annotation...": "Write annotation..."
+  "Write annotation...": "Write annotation...",
+  "Configure session": "Configurer la session",
+  "Keep current credentials": "Conserver les identifiants actuels",
+  "Session name": "Nom de la session",
+  "Session name is required.": "Le nom de session est requis.",
+  "Session updated.": "Session mise a jour.",
+  "Failed to update session.": "Echec de la mise a jour de la session.",
+  "Private SSH key is required.": "La cle SSH privee est requise.",
+  "Validate": "Valider",
+  "Keep unchanged": "Conserver tel quel",
+  "Update & Resume": "Mettre a jour et reprendre",
+  "Updating...": "Mise a jour..."
 }

package/client/src/locales/fr.json

@@ -317,5 +317,16 @@
   "{{count}} item(s)": "{{count}} élément(s)",
   "{{count}} KB": "{{count}} Ko",
   "{{count}} lines": "{{count}} lignes",
-  "{{count}} MB": "{{count}} Mo"
+  "{{count}} MB": "{{count}} Mo",
+  "Configure session": "Configurer la session",
+  "Keep current credentials": "Conserver les identifiants actuels",
+  "Session name": "Nom de la session",
+  "Session name is required.": "Le nom de session est requis.",
+  "Session updated.": "Session mise a jour.",
+  "Failed to update session.": "Echec de la mise a jour de la session.",
+  "Private SSH key is required.": "La cle SSH privee est requise.",
+  "Validate": "Valider",
+  "Keep unchanged": "Conserver tel quel",
+  "Update & Resume": "Mettre a jour et reprendre",
+  "Updating...": "Mise a jour..."
 }

package/docs/api/openapi.json

@@ -3057,7 +3057,7 @@
           "attachments": {
             "type": "array",
             "items": {
-              "$ref": "#/components/schemas/Attachment"
+              "$ref": "#/components/schemas/AttachmentRef"
             }
           }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe80/vibe80",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "private": false,
   "workspaces": [
     "server",
@@ -31,6 +31,7 @@
     "prepack": "npm --workspace client run build"
   },
   "dependencies": {
+    "commander": "^12.1.0",
     "concurrently": "^8.2.2",
     "docker-names": "^1.2.1",
     "express": "^4.19.2",

package/server/scripts/rotate-workspace-secret.js

@@ -13,7 +13,7 @@ const printUsage = () => {
       "  node server/scripts/rotate-workspace-secret.js --workspace-id <workspaceId> [--workspace-secret <secret>] [--json]",
       "",
       "Requirements:",
-      "  - SERVER env vars must be set (e.g. STORAGE_BACKEND, DEPLOYMENT_MODE, etc.)",
+      "  - SERVER env vars must be set (e.g. VIBE80_STORAGE_BACKEND, VIBE80_DEPLOYMENT_MODE, etc.)",
     ].join("\n")
   );
 };

package/server/src/claudeClient.js

@@ -2,13 +2,13 @@ import { spawn } from "child_process";
 import { EventEmitter } from "events";
 import crypto from "crypto";
 import path from "path";
-import { SYSTEM_PROMPT } from "./config.js";
+import { VIBE80_SYSTEM_PROMPT } from "./config.js";
 import { createProviderLogger } from "./providerLogger.js";
 import { buildSandboxArgs, getWorkspaceHome, runAsCommand } from "./runAs.js";
 
 const RUN_AS_HELPER = process.env.VIBE80_RUN_AS_HELPER || "/usr/local/bin/vibe80-run-as";
 const SUDO_PATH = process.env.VIBE80_SUDO_PATH || "sudo";
-const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+const isMonoUser = process.env.VIBE80_DEPLOYMENT_MODE === "mono_user";
 
 const createTurnId = () =>
   typeof crypto.randomUUID === "function"
@@ -62,7 +62,7 @@ export class ClaudeCliClient extends EventEmitter {
       sessionId: this.sessionId,
       worktreeId: this.worktreeId,
     });
-    this.systemPrompt = SYSTEM_PROMPT;
+    this.systemPrompt = VIBE80_SYSTEM_PROMPT;
     this.activeProcess = null;
   }
 

package/server/src/codexClient.js

@@ -1,13 +1,13 @@
 import { spawn } from "child_process";
 import { EventEmitter } from "events";
 import path from "path";
-import { SYSTEM_PROMPT } from "./config.js";
+import { VIBE80_SYSTEM_PROMPT } from "./config.js";
 import { createProviderLogger } from "./providerLogger.js";
 import { buildSandboxArgs, getWorkspaceHome } from "./runAs.js";
 
 const RUN_AS_HELPER = process.env.VIBE80_RUN_AS_HELPER || "/usr/local/bin/vibe80-run-as";
 const SUDO_PATH = process.env.VIBE80_SUDO_PATH || "sudo";
-const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+const isMonoUser = process.env.VIBE80_DEPLOYMENT_MODE === "mono_user";
 
 export class CodexAppServerClient extends EventEmitter {
   constructor({
@@ -430,7 +430,7 @@ export class CodexAppServerClient extends EventEmitter {
         "sandbox_workspace_write.network_access": Boolean(this.internetAccess),
         "web_search": this.internetAccess ? "live" : "disabled"
       },
-      baseInstructions: SYSTEM_PROMPT,
+      baseInstructions: VIBE80_SYSTEM_PROMPT,
       sandbox: sandboxMode,
       approvalPolicy: "never"
     };

package/server/src/config.js

@@ -4,8 +4,8 @@ import { fileURLToPath } from "url";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const SYSTEM_PROMPT =
-  process.env.SYSTEM_PROMPT ||
+export const VIBE80_SYSTEM_PROMPT =
+  process.env.VIBE80_SYSTEM_PROMPT ||
   "output markdown format for inline generated text;" +
   "Reference files using relative paths when possible; " +
   "When proposing possible next steps, use: " +
@@ -18,10 +18,10 @@ export const SYSTEM_PROMPT =
   "Use <!-- vibe80:task <short_task_description> --> to notify the user about what you are doing;" +
   "Use <!-- vibe80:fileref <filepath> --> to reference any file in the current repository";
 
-export const DEFAULT_GIT_AUTHOR_NAME =
-  process.env.DEFAULT_GIT_AUTHOR_NAME || "Vibe80 agent";
-export const DEFAULT_GIT_AUTHOR_EMAIL =
-  process.env.DEFAULT_GIT_AUTHOR_EMAIL || "vibe80@example.org";
+export const VIBE80_DEFAULT_GIT_AUTHOR_NAME =
+  process.env.VIBE80_DEFAULT_GIT_AUTHOR_NAME || "Vibe80 agent";
+export const VIBE80_DEFAULT_GIT_AUTHOR_EMAIL =
+  process.env.VIBE80_DEFAULT_GIT_AUTHOR_EMAIL || "vibe80@example.org";
 
 export const GIT_HOOKS_DIR = process.env.VIBE80_GIT_HOOKS_DIR
   || path.resolve(__dirname, "../../git_hooks");

package/server/src/index.js

@@ -85,7 +85,7 @@ const __dirname = path.dirname(__filename);
 const app = express();
 const server = http.createServer(app);
 const wss = new WebSocketServer({ noServer: true });
-const trustProxySetting = process.env.TRUST_PROXY;
+const trustProxySetting = process.env.VIBE80_TRUST_PROXY;
 if (trustProxySetting !== undefined) {
   const normalized = trustProxySetting.trim().toLowerCase();
   if (normalized === "true") {
@@ -102,7 +102,7 @@ if (trustProxySetting !== undefined) {
   }
 }
 const terminalRequested = !/^(0|false|no|off)$/i.test(
-  process.env.TERMINAL_ENABLED || ""
+  process.env.VIBE80_TERMINAL_ENABLED || ""
 );
 let pty = null;
 let terminalAvailable = false;
@@ -119,17 +119,17 @@ if (terminalRequested) {
 }
 const terminalEnabled = terminalRequested && terminalAvailable;
 const allowRunSlashCommand = !/^(0|false|no|off)$/i.test(
-  process.env.ALLOW_RUN_SLASH_COMMAND || ""
+  process.env.VIBE80_ALLOW_RUN_SLASH_COMMAND || ""
 );
 const allowGitSlashCommand = !/^(0|false|no|off)$/i.test(
-  process.env.ALLOW_GIT_SLASH_COMMAND || ""
+  process.env.VIBE80_ALLOW_GIT_SLASH_COMMAND || ""
 );
 const codexIdleTtlSeconds = Number.parseInt(
-  process.env.CODEX_IDLE_TTL_SECONDS || "300",
+  process.env.VIBE80_CODEX_IDLE_TTL_SECONDS || "300",
   10
 );
 const codexIdleGcIntervalSeconds = Number.parseInt(
-  process.env.CODEX_IDLE_GC_INTERVAL_SECONDS || "60",
+  process.env.VIBE80_CODEX_IDLE_GC_INTERVAL_SECONDS || "60",
   10
 );
 const worktreeStatusIntervalMs = 10 * 1000;
@@ -157,9 +157,9 @@ const resolveWorkspaceTokenErrorCode = (error) => {
   return "WORKSPACE_TOKEN_INVALID";
 };
 
-const deploymentMode = process.env.DEPLOYMENT_MODE || "mono_user";
+const deploymentMode = process.env.VIBE80_DEPLOYMENT_MODE || "mono_user";
 if (deploymentMode !== "mono_user" && deploymentMode !== "multi_user") {
-  console.error(`Invalid DEPLOYMENT_MODE: ${deploymentMode}. Use mono_user or multi_user.`);
+  console.error(`Invalid VIBE80_DEPLOYMENT_MODE: ${deploymentMode}. Use mono_user or multi_user.`);
   process.exit(1);
 }
 
@@ -182,8 +182,10 @@ const apiLimiter = rateLimit({
 });
 
 const authLimiter = rateLimit({
-  windowMs: 60 * 1000,
-  max: 10,
+  windowMs: 5 * 60 * 1000,
+  max: 5,
+  skipSuccessfulRequests: true,
+  requestWasSuccessful: (_req, res) => res.statusCode !== 401,
   standardHeaders: true,
   legacyHeaders: false,
 });
@@ -1508,12 +1510,12 @@ process.on("SIGINT", () => {
   void gracefulShutdown("SIGINT");
 });
 
-const port = process.env.PORT || 5179;
+const port = process.env.VIBE80_PORT || 5179;
 server.listen(port, async () => {
   console.log(`Server listening on http://localhost:${port}`);
   if (deploymentMode === "mono_user") {
     const monoAuthRecord = createMonoAuthToken("default");
-    const monoAuthOrigin = process.env.MONO_AUTH_ORIGIN || `http://127.0.0.1:${port}`;
+    const monoAuthOrigin = process.env.VIBE80_MONO_AUTH_ORIGIN || `http://127.0.0.1:${port}`;
     const monoAuthUrl = `${monoAuthOrigin.replace(/\/+$/, "")}/#mono_auth=${encodeURIComponent(
       monoAuthRecord.token
     )}`;

package/server/src/middleware/auth.js

@@ -5,20 +5,20 @@ import path from "path";
 import jwt from "jsonwebtoken";
 
 const homeDir = process.env.HOME || os.homedir();
-const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+const isMonoUser = process.env.VIBE80_DEPLOYMENT_MODE === "mono_user";
 const defaultDataDirectory = isMonoUser
   ? path.join(homeDir, ".vibe80")
   : "/var/lib/vibe80";
 const dataDirectory = process.env.VIBE80_DATA_DIRECTORY || defaultDataDirectory;
-const jwtKeyPath = process.env.JWT_KEY_PATH || path.join(dataDirectory, "jwt.key");
-const jwtIssuer = process.env.JWT_ISSUER || "vibe80";
-const jwtAudience = process.env.JWT_AUDIENCE || "workspace";
+const jwtKeyPath = process.env.VIBE80_JWT_KEY_PATH || path.join(dataDirectory, "jwt.key");
+const jwtIssuer = process.env.VIBE80_JWT_ISSUER || "vibe80";
+const jwtAudience = process.env.VIBE80_JWT_AUDIENCE || "workspace";
 const accessTokenTtlSeconds =
-  Number(process.env.ACCESS_TOKEN_TTL_SECONDS) || 60 * 60;
+  Number(process.env.VIBE80_ACCESS_TOKEN_TTL_SECONDS) || 60 * 60;
 
 const loadJwtKey = () => {
-  if (process.env.JWT_KEY) {
-    return process.env.JWT_KEY;
+  if (process.env.VIBE80_JWT_KEY) {
+    return process.env.VIBE80_JWT_KEY;
   }
   if (fs.existsSync(jwtKeyPath)) {
     return fs.readFileSync(jwtKeyPath, "utf8").trim();

package/server/src/middleware/debug.js

@@ -1,10 +1,10 @@
 import { createDebugId, formatDebugPayload } from "../helpers.js";
 
 const debugApiWsLog = /^(1|true|yes|on)$/i.test(
-  process.env.DEBUG_API_WS_LOG || ""
+  process.env.VIBE80_DEBUG_API_WS_LOG || ""
 );
-const debugLogMaxBody = Number.isFinite(Number(process.env.DEBUG_API_WS_LOG_MAX_BODY))
-  ? Number(process.env.DEBUG_API_WS_LOG_MAX_BODY)
+const debugLogMaxBody = Number.isFinite(Number(process.env.VIBE80_DEBUG_API_WS_LOG_MAX_BODY))
+  ? Number(process.env.VIBE80_DEBUG_API_WS_LOG_MAX_BODY)
   : 2000;
 
 export { debugApiWsLog };
@@ -14,6 +14,38 @@ export const logDebug = (...args) => {
   console.log(...args);
 };
 
+const SENSITIVE_KEYS = new Set([
+  "password",
+  "privatekey",
+  "token",
+  "refreshtoken",
+  "workspaceSecret",
+  "workspacesecret",
+  "httpPassword",
+  "httppassword",
+  "sshkey",
+  "auth",
+]);
+
+const redactSensitive = (value) => {
+  if (Array.isArray(value)) {
+    return value.map((item) => redactSensitive(item));
+  }
+  if (!value || typeof value !== "object") {
+    return value;
+  }
+  const next = {};
+  Object.entries(value).forEach(([key, entry]) => {
+    const normalized = String(key || "").toLowerCase();
+    if (SENSITIVE_KEYS.has(key) || SENSITIVE_KEYS.has(normalized)) {
+      next[key] = "[REDACTED]";
+      return;
+    }
+    next[key] = redactSensitive(entry);
+  });
+  return next;
+};
+
 export const attachWebSocketDebug = (socket, req, label) => {
   if (!debugApiWsLog) return;
   const connectionId = createDebugId();
@@ -61,7 +93,7 @@ export function debugMiddleware(req, res, next) {
     method: req.method,
     url: req.originalUrl,
     query: req.query,
-    body: formatDebugPayload(req.body, debugLogMaxBody),
+    body: formatDebugPayload(redactSensitive(req.body), debugLogMaxBody),
   });
 
   let responseBody;

package/server/src/providerLogger.js

@@ -3,7 +3,7 @@ import os from "os";
 import path from "path";
 
 const isLoggingEnabled = () => {
-  const value = process.env.ACTIVATE_PROVIDER_LOG;
+  const value = process.env.VIBE80_ACTIVATE_PROVIDER_LOG;
   if (!value) {
     return false;
   }
@@ -19,7 +19,7 @@ export const createProviderLogger = ({ provider, sessionId, worktreeId }) => {
   }
   const safeWorktreeId = worktreeId || "main";
   const baseDir =
-    process.env.PROVIDER_LOG_DIRECTORY || path.join(os.homedir(), "logs");
+    process.env.VIBE80_PROVIDER_LOG_DIRECTORY || path.join(os.homedir(), "logs");
   try {
     fs.mkdirSync(baseDir, { recursive: true, mode: 0o700 });
     const filePath = path.join(