npm - commandmate - Versions diffs - 0.1.12 → 0.2.0 - Mend

commandmate 0.1.12 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/dist/server/src/lib/cli-patterns.js CHANGED Viewed

@@ -28,8 +28,9 @@ exports.CLAUDE_THINKING_PATTERN = new RegExp(`[${exports.CLAUDE_SPINNER_CHARS.jo
 /**
  * Codex thinking pattern
  * Matches activity indicators like "• Planning", "• Searching", etc.
+ * T1.1: Extended to include "Ran" and "Deciding"
  */
-exports.CODEX_THINKING_PATTERN = /•\s*(Planning|Searching|Exploring|Running|Thinking|Working|Reading|Writing|Analyzing)/m;
+exports.CODEX_THINKING_PATTERN = /•\s*(Planning|Searching|Exploring|Running|Thinking|Working|Reading|Writing|Analyzing|Ran|Deciding)/m;
 /**
  * Claude prompt pattern (waiting for input)
  * Supports both legacy '>' and new '❯' (U+276F) prompt characters
@@ -46,8 +47,9 @@ exports.CLAUDE_PROMPT_PATTERN = /^[>❯](\s*$|\s+\S)/m;
 exports.CLAUDE_SEPARATOR_PATTERN = /^─{10,}$/m;
 /**
  * Codex prompt pattern
+ * T1.2: Improved to detect empty prompts as well
  */
-exports.CODEX_PROMPT_PATTERN = /^›\s+.+/m;
+exports.CODEX_PROMPT_PATTERN = /^›\s*/m;
 /**
  * Codex separator pattern
  */
@@ -114,6 +116,11 @@ function getCliToolPatterns(cliToolId) {
                     /^\s*for shortcuts$/, // Shortcuts hint
                     /╭─+╮/, // Box drawing (top)
                     /╰─+╯/, // Box drawing (bottom)
+                    // T1.3: Additional skip patterns for Codex
+                    /•\s*Ran\s+/, // Command execution lines
+                    /^\s*└/, // Tree output (completion indicator)
+                    /^\s*│/, // Continuation lines
+                    /\(.*esc to interrupt\)/, // Interrupt hint
                 ],
             };
         case 'gemini':

package/dist/server/src/lib/cli-tools/base.js CHANGED Viewed

@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BaseCLITool = void 0;
 const child_process_1 = require("child_process");
 const util_1 = require("util");
+const validation_1 = require("./validation");
 const tmux_1 = require("../tmux");
 const execAsync = (0, util_1.promisify)(child_process_1.exec);
 /**
@@ -31,11 +32,16 @@ class BaseCLITool {
      * Generate session name for a worktree
      * Format: mcbd-{cli_tool_id}-{worktree_id}
      *
+     * T2.3: Added validation to prevent command injection (MF4-001)
+     *
      * @param worktreeId - Worktree ID
      * @returns Session name
+     * @throws Error if the resulting session name is invalid
      */
     getSessionName(worktreeId) {
-        return `mcbd-${this.id}-${worktreeId}`;
+        const sessionName = `mcbd-${this.id}-${worktreeId}`;
+        (0, validation_1.validateSessionName)(sessionName);
+        return sessionName;
     }
     /**
      * Interrupt processing by sending Escape key

package/dist/server/src/lib/cli-tools/codex.js CHANGED Viewed

@@ -10,6 +10,12 @@ const tmux_1 = require("../tmux");
 const child_process_1 = require("child_process");
 const util_1 = require("util");
 const execAsync = (0, util_1.promisify)(child_process_1.exec);
+/**
+ * Codex initialization timing constants
+ * T2.6: Extracted as constants for maintainability
+ */
+const CODEX_INIT_WAIT_MS = 3000; // Wait for Codex to start
+const CODEX_MODEL_SELECT_WAIT_MS = 200; // Wait between model selection keystrokes
 /**
  * Codex CLI tool implementation
  * Manages Codex sessions using tmux
@@ -59,11 +65,17 @@ class CodexTool extends base_1.BaseCLITool {
             // Start Codex CLI in interactive mode
             await (0, tmux_1.sendKeys)(sessionName, 'codex', true);
             // Wait for Codex to initialize (and potentially show update notification)
-            await new Promise((resolve) => setTimeout(resolve, 3000));
+            await new Promise((resolve) => setTimeout(resolve, CODEX_INIT_WAIT_MS));
             // Auto-skip update notification if present (select option 2: Skip)
             await (0, tmux_1.sendKeys)(sessionName, '2', true);
             // Wait a moment for the selection to process
-            await new Promise((resolve) => setTimeout(resolve, 500));
+            await new Promise((resolve) => setTimeout(resolve, CODEX_MODEL_SELECT_WAIT_MS));
+            // T2.6: Skip model selection dialog by sending Down arrow + Enter
+            // This selects the default model and proceeds to the prompt
+            await execAsync(`tmux send-keys -t "${sessionName}" Down`);
+            await new Promise((resolve) => setTimeout(resolve, CODEX_MODEL_SELECT_WAIT_MS));
+            await execAsync(`tmux send-keys -t "${sessionName}" Enter`);
+            await new Promise((resolve) => setTimeout(resolve, CODEX_MODEL_SELECT_WAIT_MS));
             console.log(`✓ Started Codex session: ${sessionName}`);
         }
         catch (error) {

package/dist/server/src/lib/cli-tools/manager.js CHANGED Viewed

@@ -8,6 +8,8 @@ exports.CLIToolManager = void 0;
 const claude_1 = require("./claude");
 const codex_1 = require("./codex");
 const gemini_1 = require("./gemini");
+const response_poller_1 = require("../response-poller");
+const claude_poller_1 = require("../claude-poller");
 /**
  * CLI Tool Manager (Singleton)
  * Provides centralized access to all CLI tools
@@ -139,5 +141,30 @@ class CLIToolManager {
         const allInfo = await this.getAllToolsInfo();
         return allInfo.filter(info => info.installed);
     }
+    /**
+     * Stop pollers for a specific worktree and CLI tool
+     * T2.4: Abstraction for poller stopping (MF1-001 DIP compliance)
+     *
+     * This method abstracts the poller stopping logic so API layer
+     * doesn't need to know about specific poller implementations.
+     *
+     * @param worktreeId - Worktree ID
+     * @param cliToolId - CLI tool ID
+     *
+     * @example
+     * ```typescript
+     * const manager = CLIToolManager.getInstance();
+     * manager.stopPollers('my-worktree', 'claude');
+     * ```
+     */
+    stopPollers(worktreeId, cliToolId) {
+        // Stop response-poller for all tools
+        (0, response_poller_1.stopPolling)(worktreeId, cliToolId);
+        // claude-poller is Claude-specific
+        if (cliToolId === 'claude') {
+            (0, claude_poller_1.stopPolling)(worktreeId);
+        }
+        // Future: Add other tool-specific pollers here if needed
+    }
 }
 exports.CLIToolManager = CLIToolManager;

package/dist/server/src/lib/cli-tools/types.js CHANGED Viewed

@@ -3,3 +3,10 @@
  * Type definitions and interfaces for CLI tools
  */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLI_TOOL_IDS = void 0;
+/**
+ * CLI Tool IDs constant array
+ * T2.1: Single source of truth for CLI tool IDs
+ * CLIToolType is derived from this constant (DRY principle)
+ */
+exports.CLI_TOOL_IDS = ['claude', 'codex', 'gemini'];

package/dist/server/src/lib/cli-tools/validation.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+/**
+ * Session name validation module
+ * Issue #4: T2.2 - Security validation for session names (MF4-001)
+ *
+ * This module provides validation functions to prevent command injection
+ * attacks through session names used in tmux commands.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SESSION_NAME_PATTERN = void 0;
+exports.validateSessionName = validateSessionName;
+/**
+ * Session name pattern
+ * Only allows alphanumeric characters, underscores, and hyphens
+ * This prevents command injection through shell special characters
+ *
+ * Pattern breakdown:
+ * - ^ : Start of string
+ * - [a-zA-Z0-9_-] : Allowed characters (alphanumeric, underscore, hyphen)
+ * - + : One or more characters (empty strings not allowed)
+ * - $ : End of string
+ */
+exports.SESSION_NAME_PATTERN = /^[a-zA-Z0-9_-]+$/;
+/**
+ * Validate session name format
+ * Throws an error if the session name contains invalid characters
+ *
+ * @param sessionName - Session name to validate
+ * @throws Error if session name is invalid
+ *
+ * @example
+ * ```typescript
+ * validateSessionName('mcbd-claude-test'); // OK
+ * validateSessionName('test;rm -rf'); // Throws Error
+ * ```
+ */
+function validateSessionName(sessionName) {
+    if (!exports.SESSION_NAME_PATTERN.test(sessionName)) {
+        throw new Error(`Invalid session name format: ${sessionName}`);
+    }
+}

package/dist/server/src/lib/db.js CHANGED Viewed

@@ -19,6 +19,7 @@ exports.getMessages = getMessages;
 exports.getLastUserMessage = getLastUserMessage;
 exports.getLastMessage = getLastMessage;
 exports.deleteAllMessages = deleteAllMessages;
+exports.deleteMessagesByCliTool = deleteMessagesByCliTool;
 exports.getSessionState = getSessionState;
 exports.updateSessionState = updateSessionState;
 exports.setInProgressMessageId = setInProgressMessageId;
@@ -458,6 +459,28 @@ function deleteAllMessages(db, worktreeId) {
     stmt.run(worktreeId);
     console.log(`[deleteAllMessages] Deleted all messages for worktree: ${worktreeId}`);
 }
+/**
+ * Delete messages for a specific CLI tool in a worktree
+ * Issue #4: T4.2 - Individual CLI tool session termination (MF3-001)
+ *
+ * Used when killing only a specific CLI tool's session to clear its message history
+ * while preserving messages from other CLI tools.
+ * Note: Log files are preserved for historical reference
+ *
+ * @param db - Database instance
+ * @param worktreeId - Worktree ID
+ * @param cliTool - CLI tool ID to delete messages for
+ * @returns Number of deleted messages
+ */
+function deleteMessagesByCliTool(db, worktreeId, cliTool) {
+    const stmt = db.prepare(`
+    DELETE FROM chat_messages
+    WHERE worktree_id = ? AND cli_tool_id = ?
+  `);
+    const result = stmt.run(worktreeId, cliTool);
+    console.log(`[deleteMessagesByCliTool] Deleted ${result.changes} messages for worktree: ${worktreeId}, cliTool: ${cliTool}`);
+    return result.changes;
+}
 /**
  * Get session state for a worktree
  */

package/dist/server/src/lib/env.js CHANGED Viewed

@@ -22,7 +22,6 @@ exports.getDatabasePathWithDeprecationWarning = getDatabasePathWithDeprecationWa
 exports.getLogConfig = getLogConfig;
 exports.getEnv = getEnv;
 exports.validateEnv = validateEnv;
-exports.isAuthRequired = isAuthRequired;
 const path_1 = __importDefault(require("path"));
 const db_path_resolver_1 = require("./db-path-resolver");
 // ============================================================
@@ -37,7 +36,6 @@ exports.ENV_MAPPING = {
     CM_ROOT_DIR: 'MCBD_ROOT_DIR',
     CM_PORT: 'MCBD_PORT',
     CM_BIND: 'MCBD_BIND',
-    CM_AUTH_TOKEN: 'MCBD_AUTH_TOKEN',
     CM_LOG_LEVEL: 'MCBD_LOG_LEVEL',
     CM_LOG_FORMAT: 'MCBD_LOG_FORMAT',
     CM_LOG_DIR: 'MCBD_LOG_DIR',
@@ -160,7 +158,6 @@ function getEnv() {
     const rootDir = getEnvByKey('CM_ROOT_DIR') || process.cwd();
     const port = parseInt(getEnvByKey('CM_PORT') || '3000', 10);
     const bind = getEnvByKey('CM_BIND') || '127.0.0.1';
-    const authToken = getEnvByKey('CM_AUTH_TOKEN');
     // Issue #135: DB path resolution with proper fallback chain
     // Priority: CM_DB_PATH > DATABASE_PATH (deprecated) > getDefaultDbPath()
     const databasePath = getEnvByKey('CM_DB_PATH')
@@ -176,10 +173,6 @@ function getEnv() {
     if (bind !== '127.0.0.1' && bind !== '0.0.0.0' && bind !== 'localhost') {
         throw new Error(`Invalid CM_BIND: ${bind}. Must be '127.0.0.1', '0.0.0.0', or 'localhost'.`);
     }
-    // Require auth token for public binding
-    if (bind === '0.0.0.0' && !authToken) {
-        throw new Error('CM_AUTH_TOKEN (or MCBD_AUTH_TOKEN) is required when CM_BIND=0.0.0.0');
-    }
     // Issue #135: Validate DB path for security (SEC-001)
     let validatedDbPath;
     try {
@@ -195,7 +188,6 @@ function getEnv() {
         CM_ROOT_DIR: path_1.default.resolve(rootDir),
         CM_PORT: port,
         CM_BIND: bind,
-        CM_AUTH_TOKEN: authToken,
         CM_DB_PATH: validatedDbPath,
     };
 }
@@ -217,12 +209,3 @@ function validateEnv() {
         return { valid: false, errors };
     }
 }
-/**
- * Check if authentication is required based on bind address
- *
- * @returns True if authentication is required
- */
-function isAuthRequired() {
-    const env = getEnv();
-    return env.CM_BIND === '0.0.0.0';
-}

package/dist/server/src/lib/logger.js CHANGED Viewed

@@ -35,10 +35,6 @@ const SENSITIVE_PATTERNS = [
     { pattern: /(password|passwd|pwd)[=:]\s*\S+/gi, replacement: '$1=[REDACTED]' },
     // Token/secret related
     { pattern: /(token|secret|api_key|apikey|auth)[=:]\s*\S+/gi, replacement: '$1=[REDACTED]' },
-    // CM_AUTH_TOKEN (new name - Issue #76)
-    { pattern: /CM_AUTH_TOKEN=\S+/gi, replacement: 'CM_AUTH_TOKEN=[REDACTED]' },
-    // MCBD_AUTH_TOKEN (legacy name)
-    { pattern: /MCBD_AUTH_TOKEN=\S+/gi, replacement: 'MCBD_AUTH_TOKEN=[REDACTED]' },
     // Authorization header
     { pattern: /Authorization:\s*\S+/gi, replacement: 'Authorization: [REDACTED]' },
     // SSH key

package/dist/server/src/lib/prompt-detector.js CHANGED Viewed

@@ -147,14 +147,84 @@ const TEXT_INPUT_PATTERNS = [
     /custom/i,
     /differently/i,
 ];
+/**
+ * Pattern for ❯ (U+276F) indicator lines used by Claude CLI to mark the default selection.
+ * Used in Pass 1 (existence check) and Pass 2 (option collection) of the 2-pass detection.
+ * Anchored at both ends -- ReDoS safe (S4-001).
+ */
+const DEFAULT_OPTION_PATTERN = /^\s*\u276F\s*(\d+)\.\s*(.+)$/;
+/**
+ * Pattern for normal option lines (no ❯ indicator, just leading whitespace + number).
+ * Only applied in Pass 2 when ❯ indicator existence is confirmed by Pass 1.
+ * Anchored at both ends -- ReDoS safe (S4-001).
+ */
+const NORMAL_OPTION_PATTERN = /^\s*(\d+)\.\s*(.+)$/;
+/**
+ * Defensive check: protection against future unknown false positive patterns.
+ * Note: The actual false positive pattern in Issue #161 ("1. Create file\n2. Run tests")
+ * IS consecutive from 1, so this validation alone does not prevent it.
+ * The primary defense layers are: Layer 1 (thinking check in caller) + Layer 2 (2-pass
+ * cursor detection). This function provides Layer 3 defense against future unknown
+ * patterns with scattered/non-consecutive numbering.
+ *
+ * [S3-010] This validation assumes Claude CLI always uses consecutive numbering
+ * starting from 1. If in the future Claude CLI is observed to filter choices and
+ * output non-consecutive numbers (e.g., 1, 2, 4), consider relaxing this validation
+ * (e.g., only check starts-from-1, remove consecutive requirement).
+ */
+function isConsecutiveFromOne(numbers) {
+    if (numbers.length === 0)
+        return false;
+    if (numbers[0] !== 1)
+        return false;
+    for (let i = 1; i < numbers.length; i++) {
+        if (numbers[i] !== numbers[i - 1] + 1)
+            return false;
+    }
+    return true;
+}
+/**
+ * Continuation line detection for multiline option text wrapping.
+ * Detects lines that are part of a previous option's text, wrapped due to terminal width.
+ *
+ * Called within detectMultipleChoicePrompt() Pass 2 reverse scan, only when
+ * options.length > 0 (at least one option already detected):
+ *   const rawLine = lines[i];       // Original line with indentation preserved
+ *   const line = lines[i].trim();   // Trimmed line
+ *   if (options.length > 0 && line && !line.match(/^[-─]+$/)) {
+ *     if (isContinuationLine(rawLine, line)) { continue; }
+ *   }
+ *
+ * Each condition's responsibility:
+ *   - hasLeadingSpaces: Indented non-option line (label text wrapping with indentation)
+ *   - isShortFragment: Short fragment (< 5 chars, e.g., filename tail)
+ *   - isPathContinuation: Path string continuation (Issue #181)
+ *
+ * @param rawLine - Original line with indentation preserved (lines[i])
+ * @param line - Trimmed line (lines[i].trim())
+ * @returns true if the line should be treated as a continuation of a previous option
+ */
+function isContinuationLine(rawLine, line) {
+    // Indented non-option line
+    const hasLeadingSpaces = rawLine.match(/^\s{2,}[^\d]/) && !rawLine.match(/^\s*\d+\./);
+    // Short fragment (< 5 chars, excluding question-ending lines)
+    const isShortFragment = line.length < 5 && !line.endsWith('?');
+    // Path string continuation: lines starting with / or ~, or alphanumeric-only fragments (2+ chars)
+    const isPathContinuation = /^[\/~]/.test(line) || (line.length >= 2 && /^[a-zA-Z0-9_-]+$/.test(line));
+    return !!(hasLeadingSpaces) || isShortFragment || isPathContinuation;
+}
 /**
  * Detect multiple choice prompts (numbered list with ❯ indicator)
  *
- * This function scans the output from bottom to top looking for numbered options
- * with a selection indicator (❯). It requires at least 2 options and a default
- * indicator to be considered a valid prompt.
+ * Uses a 2-pass detection approach (Issue #161):
+ * - Pass 1: Scan 50-line window for ❯ indicator lines (defaultOptionPattern).
+ *   If no ❯ lines found, immediately return isPrompt: false.
+ * - Pass 2: Only if ❯ was found, re-scan collecting options using both
+ *   defaultOptionPattern (isDefault=true) and normalOptionPattern (isDefault=false).
+ *
+ * This prevents normal numbered lists from being accumulated in the options array.
  *
- * Example:
+ * Example of valid prompt:
  * Do you want to proceed?
  * ❯ 1. Yes
  *   2. No
@@ -165,36 +235,56 @@ const TEXT_INPUT_PATTERNS = [
  */
 function detectMultipleChoicePrompt(output) {
     const lines = output.split('\n');
-    // Look for lines that match the pattern: [optional leading spaces] [❯ or spaces] [number]. [text]
-    // Note: ANSI codes sometimes cause spaces to be lost after stripping, so we use \s* instead of \s+
-    const optionPattern = /^\s*([❯ ]\s*)?(\d+)\.\s*(.+)$/;
+    // Calculate scan window: last 50 lines
+    const scanStart = Math.max(0, lines.length - 50);
+    // ==========================================================================
+    // Pass 1: Check for ❯ indicator existence in scan window
+    // If no ❯ lines found, there is no multiple_choice prompt.
+    // ==========================================================================
+    let hasDefaultLine = false;
+    for (let i = scanStart; i < lines.length; i++) {
+        const line = lines[i].trim();
+        if (DEFAULT_OPTION_PATTERN.test(line)) {
+            hasDefaultLine = true;
+            break;
+        }
+    }
+    if (!hasDefaultLine) {
+        return {
+            isPrompt: false,
+            cleanContent: output.trim(),
+        };
+    }
+    // ==========================================================================
+    // Pass 2: Collect options (only executed when ❯ was found in Pass 1)
+    // Scan from end to find options, using both patterns.
+    // ==========================================================================
     const options = [];
     let questionEndIndex = -1;
-    let firstOptionIndex = -1;
-    // Scan from the end to find options
-    // Increased from 20 to 50 to handle multi-line wrapped options
-    for (let i = lines.length - 1; i >= 0 && i >= lines.length - 50; i--) {
+    for (let i = lines.length - 1; i >= scanStart; i--) {
         const line = lines[i].trim();
-        const rawLine = lines[i]; // Keep original indentation for checking
-        const match = line.match(optionPattern);
-        if (match) {
-            const hasDefault = Boolean(match[1] && match[1].includes('❯'));
-            const number = parseInt(match[2], 10);
-            const label = match[3].trim();
-            // Insert at beginning since we're scanning backwards
-            options.unshift({ number, label, isDefault: hasDefault });
-            if (firstOptionIndex === -1) {
-                firstOptionIndex = i;
-            }
+        // Try DEFAULT_OPTION_PATTERN first (❯ indicator)
+        const defaultMatch = line.match(DEFAULT_OPTION_PATTERN);
+        if (defaultMatch) {
+            const number = parseInt(defaultMatch[1], 10);
+            const label = defaultMatch[2].trim();
+            options.unshift({ number, label, isDefault: true });
+            continue;
         }
-        else if (options.length > 0 && line && !line.match(/^[-─]+$/)) {
-            // Check if this is a continuation line (indented line between options)
-            // Continuation lines typically start with spaces (like "  work/github...")
-            // Also treat very short lines (< 5 chars) as potential word-wrap fragments
-            const hasLeadingSpaces = rawLine.match(/^\s{2,}[^\d]/) && !rawLine.match(/^\s*\d+\./);
-            const isShortFragment = line.length < 5 && !line.endsWith('?');
-            const isContinuationLine = hasLeadingSpaces || isShortFragment;
-            if (isContinuationLine) {
+        // Try NORMAL_OPTION_PATTERN (no ❯ indicator)
+        const normalMatch = line.match(NORMAL_OPTION_PATTERN);
+        if (normalMatch) {
+            const number = parseInt(normalMatch[1], 10);
+            const label = normalMatch[2].trim();
+            options.unshift({ number, label, isDefault: false });
+            continue;
+        }
+        // Non-option line handling
+        if (options.length > 0 && line && !line.match(/^[-─]+$/)) {
+            // Check if this is a continuation line (indented line between options,
+            // or path/filename fragments from terminal width wrapping - Issue #181)
+            const rawLine = lines[i]; // Original line with indentation preserved
+            if (isContinuationLine(rawLine, line)) {
                 // Skip continuation lines and continue scanning for more options
                 continue;
             }
@@ -203,7 +293,15 @@ function detectMultipleChoicePrompt(output) {
             break;
         }
     }
-    // Must have at least 2 options AND at least one with ❯ indicator to be considered a prompt
+    // Layer 3: Consecutive number validation (defensive measure)
+    const optionNumbers = options.map(opt => opt.number);
+    if (!isConsecutiveFromOne(optionNumbers)) {
+        return {
+            isPrompt: false,
+            cleanContent: output.trim(),
+        };
+    }
+    // Layer 4: Must have at least 2 options AND at least one with ❯ indicator
     const hasDefaultIndicator = options.some(opt => opt.isDefault);
     if (options.length < 2 || !hasDefaultIndicator) {
         return {

package/dist/server/src/lib/ws-server.js CHANGED Viewed

@@ -27,7 +27,18 @@ const rooms = new Map();
  * ```
  */
 function setupWebSocket(server) {
-    wss = new ws_1.WebSocketServer({ server });
+    wss = new ws_1.WebSocketServer({ noServer: true });
+    // Handle upgrade requests - only accept app WebSocket connections, not Next.js HMR
+    server.on('upgrade', (request, socket, head) => {
+        const pathname = request.url || '/';
+        // Let Next.js handle its own HMR WebSocket connections
+        if (pathname.startsWith('/_next/')) {
+            return;
+        }
+        wss.handleUpgrade(request, socket, head, (ws) => {
+            wss.emit('connection', ws, request);
+        });
+    });
     // Handle WebSocket server errors (e.g., invalid frames from clients)
     wss.on('error', (error) => {
         console.error('[WS Server] Error:', error.message);

package/dist/server/src/types/sidebar.js CHANGED Viewed

@@ -5,43 +5,22 @@
  * Types for sidebar components and branch status display
  */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveCliStatus = deriveCliStatus;
 exports.calculateHasUnread = calculateHasUnread;
 exports.toBranchItem = toBranchItem;
 /**
- * Determine branch status from Worktree data
- *
- * Status priority:
- * - waiting: Claude asked a yes/no prompt, waiting for user's answer (green dot)
- * - running: Claude is actively processing user's request (spinner)
- * - ready: Session running, waiting for user's new message (green dot)
- * - idle: Session not running (gray dot)
+ * Derive BranchStatus from per-CLI tool session status flags.
+ * Shared by sidebar (toBranchItem) and WorktreeDetailRefactored tab dots.
  */
-function determineBranchStatus(worktree) {
-    // Check CLI-specific status first
-    const claudeStatus = worktree.sessionStatusByCli?.claude;
-    if (claudeStatus) {
-        if (claudeStatus.isWaitingForResponse) {
-            return 'waiting';
-        }
-        if (claudeStatus.isProcessing) {
-            return 'running';
-        }
-        // Session running but not processing = ready (waiting for user to type new message)
-        if (claudeStatus.isRunning) {
-            return 'ready';
-        }
-    }
-    // Fall back to legacy status fields
-    if (worktree.isWaitingForResponse) {
+function deriveCliStatus(toolStatus) {
+    if (!toolStatus)
+        return 'idle';
+    if (toolStatus.isWaitingForResponse)
         return 'waiting';
-    }
-    if (worktree.isProcessing) {
+    if (toolStatus.isProcessing)
         return 'running';
-    }
-    // Session running but not processing = ready
-    if (worktree.isSessionRunning) {
+    if (toolStatus.isRunning)
         return 'ready';
-    }
     return 'idle';
 }
 /**
@@ -74,7 +53,9 @@ function calculateHasUnread(worktree) {
  * @returns SidebarBranchItem for sidebar display
  */
 function toBranchItem(worktree) {
-    const status = determineBranchStatus(worktree);
+    // Issue #4: Sidebar no longer shows per-CLI session status.
+    // Status is always 'idle' since detailed status is shown in WorktreeDetail.
+    const status = 'idle';
     // Use new hasUnread logic based on lastAssistantMessageAt and lastViewedAt
     const hasUnread = calculateHasUnread(worktree);
     return {
@@ -85,5 +66,9 @@ function toBranchItem(worktree) {
         hasUnread,
         lastActivity: worktree.updatedAt,
         description: worktree.description,
+        cliStatus: {
+            claude: deriveCliStatus(worktree.sessionStatusByCli?.claude),
+            codex: deriveCliStatus(worktree.sessionStatusByCli?.codex),
+        },
     };
 }

package/dist/server/src/types/slash-commands.js CHANGED Viewed

@@ -3,6 +3,8 @@
  * Slash Command Types
  *
  * Type definitions for slash commands loaded from .claude/commands/*.md
+ *
+ * Issue #4: Added cliTools field for CLI tool-specific command filtering
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.COMMAND_CATEGORIES = exports.CATEGORY_LABELS = void 0;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "commandmate",
-  "version": "0.1.12",
+  "version": "0.2.0",
   "description": "Git worktree management with Claude CLI and tmux sessions",
   "repository": {
     "type": "git",

package/.next/server/chunks/1318.js DELETED Viewed

@@ -1,29 +0,0 @@
-"use strict";exports.id=1318,exports.ids=[1318],exports.modules={61318:(e,t,r)=>{r.d(t,{v:()=>_});var o=r(61282),s=r(92048),a=r(55315),i=r.n(a);class n{constructor(){}static getInstance(){return n.instance||(n.instance=new n),n.instance}normalize(e){let t=e.match(/^ssh:\/\/git@([^:\/]+)(:\d+)?\/(.+?)(\.git)?$/);if(t)return`https://${t[1]}/${t[3]}`.toLowerCase().replace(/\/$/,"");let r=e.match(/^git@([^:]+):(.+?)(\.git)?$/);return r?`https://${r[1]}/${r[2]}`.toLowerCase().replace(/\/$/,""):e.replace(/\.git\/?$/,"").replace(/\/$/,"").toLowerCase()}isSameRepository(e,t){return this.normalize(e)===this.normalize(t)}extractRepoName(e){let t=e.match(/^ssh:\/\/git@[^\/]+\/(.+?)(\.git)?$/);if(t){let e=t[1].split("/");return e[e.length-1]}let r=e.match(/:(.+?)(\.git)?$/);if(r&&e.startsWith("git@")){let e=r[1].split("/");return e[e.length-1]}let o=e.match(/\/([^\/]+?)(\.git)?$/);return o?o[1]:""}getUrlType(e){return e.startsWith("https://")?"https":e.startsWith("git@")||e.startsWith("ssh://")?"ssh":null}validate(e){if(!e||"string"!=typeof e||""===e.trim())return{valid:!1,error:"EMPTY_URL"};let t=e.trim();return t.startsWith("https://")?/^https:\/\/[^\/]+\/[^\/]+\/[^\/]+(\.git)?$/.test(t)?{valid:!0}:{valid:!1,error:"INVALID_URL_FORMAT"}:t.startsWith("git@")?/^git@[^:]+:.+\/.+(\.git)?$/.test(t)?{valid:!0}:{valid:!1,error:"INVALID_URL_FORMAT"}:t.startsWith("ssh://")&&/^ssh:\/\/git@[^\/]+(:\d+)?\/[^\/]+\/.+(\.git)?$/.test(t)?{valid:!0}:{valid:!1,error:"INVALID_URL_FORMAT"}}}var l=r(57440),c=r(84770);function d(e){return{id:e.id,cloneUrl:e.clone_url,normalizedCloneUrl:e.normalized_clone_url,targetPath:e.target_path,repositoryId:e.repository_id||void 0,status:e.status,pid:e.pid||void 0,progress:e.progress,errorCategory:e.error_category||void 0,errorCode:e.error_code||void 0,errorMessage:e.error_message||void 0,startedAt:e.started_at?new Date(e.started_at):void 0,completedAt:e.completed_at?new Date(e.completed_at):void 0,createdAt:new Date(e.created_at)}}function u(e,t){let r=e.prepare(`
-    SELECT * FROM clone_jobs
-    WHERE id = ?
-  `).get(t);return r?d(r):null}function g(e,t,r){let o=[],s=[];void 0!==r.status&&(o.push("status = ?"),s.push(r.status)),void 0!==r.pid&&(o.push("pid = ?"),s.push(r.pid)),void 0!==r.progress&&(o.push("progress = ?"),s.push(r.progress)),void 0!==r.repositoryId&&(o.push("repository_id = ?"),s.push(r.repositoryId)),void 0!==r.errorCategory&&(o.push("error_category = ?"),s.push(r.errorCategory)),void 0!==r.errorCode&&(o.push("error_code = ?"),s.push(r.errorCode)),void 0!==r.errorMessage&&(o.push("error_message = ?"),s.push(r.errorMessage)),void 0!==r.startedAt&&(o.push("started_at = ?"),s.push(r.startedAt.getTime())),void 0!==r.completedAt&&(o.push("completed_at = ?"),s.push(r.completedAt.getTime())),0!==o.length&&(s.push(t),e.prepare(`
-    UPDATE clone_jobs
-    SET ${o.join(", ")}
-    WHERE id = ?
-  `).run(...s))}var h=r(67722);class p extends Error{constructor(e){super(e.message),this.name="CloneManagerError",this.category=e.category,this.code=e.code,this.recoverable=e.recoverable,this.suggestedAction=e.suggestedAction}}let m={EMPTY_URL:{category:"validation",code:"EMPTY_URL",message:"Clone URL is required",recoverable:!0,suggestedAction:"Please enter a valid git clone URL"},INVALID_URL_FORMAT:{category:"validation",code:"INVALID_URL_FORMAT",message:"Invalid URL format. Please use HTTPS or SSH URL.",recoverable:!0,suggestedAction:"Enter a valid URL like https://github.com/owner/repo or git@github.com:owner/repo"},DUPLICATE_CLONE_URL:{category:"validation",code:"DUPLICATE_CLONE_URL",message:"This repository is already registered",recoverable:!1,suggestedAction:"Use the existing repository instead"},CLONE_IN_PROGRESS:{category:"validation",code:"CLONE_IN_PROGRESS",message:"A clone operation is already in progress for this URL",recoverable:!1,suggestedAction:"Wait for the current clone to complete"},DIRECTORY_EXISTS:{category:"filesystem",code:"DIRECTORY_EXISTS",message:"Target directory already exists",recoverable:!0,suggestedAction:"Choose a different directory or remove the existing one"},INVALID_TARGET_PATH:{category:"validation",code:"INVALID_TARGET_PATH",message:"Target path is invalid or outside allowed directory",recoverable:!0,suggestedAction:"Use a path within the configured base directory"},AUTH_FAILED:{category:"auth",code:"AUTH_FAILED",message:"Authentication failed",recoverable:!0,suggestedAction:"Check your credentials or SSH keys"},NETWORK_ERROR:{category:"network",code:"NETWORK_ERROR",message:"Network error occurred",recoverable:!0,suggestedAction:"Check your internet connection and try again"},GIT_ERROR:{category:"git",code:"GIT_ERROR",message:"Git command failed",recoverable:!1,suggestedAction:"Check the error message for details"},CLONE_TIMEOUT:{category:"network",code:"CLONE_TIMEOUT",message:"Clone operation timed out",recoverable:!0,suggestedAction:"Try again or clone a smaller repository"}};class _{constructor(e,t={}){this.db=e,this.urlNormalizer=n.getInstance(),this.config={basePath:t.basePath||process.env.WORKTREE_BASE_PATH||"/tmp/repos",timeout:t.timeout||6e5},this.activeProcesses=new Map}validateCloneRequest(e){let t=this.urlNormalizer.validate(e);return t.valid?{valid:!0,normalizedUrl:this.urlNormalizer.normalize(e),repoName:this.urlNormalizer.extractRepoName(e)}:{valid:!1,error:m[t.error||"INVALID_URL_FORMAT"]}}checkDuplicateRepository(e){return function(e,t){let r=e.prepare(`
-    SELECT * FROM repositories
-    WHERE normalized_clone_url = ?
-  `).get(t);return r?{id:r.id,name:r.name,path:r.path,enabled:1===r.enabled,cloneUrl:r.clone_url||void 0,normalizedCloneUrl:r.normalized_clone_url||void 0,cloneSource:r.clone_source,isEnvManaged:1===r.is_env_managed,createdAt:new Date(r.created_at),updatedAt:new Date(r.updated_at)}:null}(this.db,e)}checkActiveCloneJob(e){return function(e,t){let r=e.prepare(`
-    SELECT * FROM clone_jobs
-    WHERE normalized_clone_url = ?
-      AND status IN ('pending', 'running')
-    ORDER BY created_at DESC
-    LIMIT 1
-  `).get(t);return r?d(r):null}(this.db,e)}createCloneJob(e){return function(e,t){let r=(0,c.randomUUID)(),o=Date.now();return e.prepare(`
-    INSERT INTO clone_jobs (
-      id, clone_url, normalized_clone_url, target_path,
-      status, progress, created_at
-    )
-    VALUES (?, ?, ?, ?, 'pending', 0, ?)
-  `).run(r,t.cloneUrl,t.normalizedCloneUrl,t.targetPath,o),{id:r,cloneUrl:t.cloneUrl,normalizedCloneUrl:t.normalizedCloneUrl,targetPath:t.targetPath,status:"pending",progress:0,createdAt:new Date(o)}}(this.db,e)}getTargetPath(e){return i().join(this.config.basePath,e)}async startCloneJob(e,t){let r=this.validateCloneRequest(e);if(!r.valid)return{success:!1,error:r.error};let o=r.normalizedUrl,a=r.repoName,i=this.checkDuplicateRepository(o);if(i)return{success:!1,error:{...m.DUPLICATE_CLONE_URL,message:`This repository is already registered as "${i.name}"`}};let n=this.checkActiveCloneJob(o);if(n)return{success:!1,jobId:n.id,error:m.CLONE_IN_PROGRESS};let c=t||this.getTargetPath(a);if(t&&!(0,l.j)(t,this.config.basePath))return{success:!1,error:{...m.INVALID_TARGET_PATH,message:`Target path must be within ${this.config.basePath}`}};if((0,s.existsSync)(c))return{success:!1,error:{...m.DIRECTORY_EXISTS,message:`Target directory already exists: ${c}`}};let d=this.createCloneJob({cloneUrl:e,normalizedCloneUrl:o,targetPath:c});return this.executeClone(d.id,e,c).catch(e=>{console.error(`[CloneManager] Clone failed for job ${d.id}:`,e)}),{success:!0,jobId:d.id}}async executeClone(e,t,r){g(this.db,e,{status:"running",startedAt:new Date});let a=i().dirname(r);return(0,s.existsSync)(a)||(0,s.mkdirSync)(a,{recursive:!0}),new Promise((s,a)=>{let i=(0,o.spawn)("git",["clone","--progress",t,r],{stdio:["ignore","pipe","pipe"]});this.activeProcesses.set(e,i),i.pid&&g(this.db,e,{pid:i.pid});let n="";i.stderr?.on("data",t=>{n+=t.toString();let r=this.parseGitProgress(t.toString());null!==r&&g(this.db,e,{progress:r})});let l=setTimeout(()=>{i.kill("SIGTERM"),g(this.db,e,{status:"failed",errorCategory:"network",errorCode:"CLONE_TIMEOUT",errorMessage:"Clone operation timed out",completedAt:new Date}),this.activeProcesses.delete(e),a(new p(m.CLONE_TIMEOUT))},this.config.timeout);i.on("close",async o=>{if(clearTimeout(l),this.activeProcesses.delete(e),0===o)await this.onCloneSuccess(e,t,r),s();else{let t=this.parseGitError(n,o);g(this.db,e,{status:"failed",errorCategory:t.category,errorCode:t.code,errorMessage:t.message,completedAt:new Date}),a(new p(t))}}),i.on("error",t=>{clearTimeout(l),this.activeProcesses.delete(e);let r={category:"system",code:"SPAWN_ERROR",message:`Failed to spawn git process: ${t.message}`,recoverable:!1,suggestedAction:"Ensure git is installed and available in PATH"};g(this.db,e,{status:"failed",errorCategory:r.category,errorCode:r.code,errorMessage:r.message,completedAt:new Date}),a(new p(r))})})}async onCloneSuccess(e,t,r){let o=u(this.db,e);if(!o)return;let s=this.urlNormalizer.getUrlType(t),a=function(e,t){let r=(0,c.randomUUID)(),o=Date.now();return e.prepare(`
-    INSERT INTO repositories (
-      id, name, path, enabled, clone_url, normalized_clone_url,
-      clone_source, is_env_managed, created_at, updated_at
-    )
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `).run(r,t.name,t.path,!1!==t.enabled?1:0,t.cloneUrl||null,t.normalizedCloneUrl||null,t.cloneSource,t.isEnvManaged?1:0,o,o),{id:r,name:t.name,path:t.path,enabled:!1!==t.enabled,cloneUrl:t.cloneUrl,normalizedCloneUrl:t.normalizedCloneUrl,cloneSource:t.cloneSource,isEnvManaged:t.isEnvManaged||!1,createdAt:new Date(o),updatedAt:new Date(o)}}(this.db,{name:i().basename(r),path:r,cloneUrl:t,normalizedCloneUrl:o.normalizedCloneUrl,cloneSource:s||"https"});try{let e=await (0,h.e9)(r);e.length>0&&((0,h.h2)(this.db,e),console.log(`[CloneManager] Registered ${e.length} worktree(s) for ${r}`))}catch(e){console.error(`[CloneManager] Failed to scan worktrees for ${r}:`,e)}g(this.db,e,{status:"completed",progress:100,repositoryId:a.id,completedAt:new Date})}parseGitProgress(e){let t=e.match(/(?:Receiving objects|Resolving deltas|Cloning into[^:]*?):\s*(\d+)%/);if(t){let e=parseInt(t[1],10);return isNaN(e)?null:e}return null}parseGitError(e,t){let r=e.toLowerCase(),o=e.substring(0,200);return["authentication failed","permission denied","could not read from remote repository"].some(e=>r.includes(e))?{...m.AUTH_FAILED,message:`Authentication failed: ${o}`}:["could not resolve host","connection refused","network is unreachable"].some(e=>r.includes(e))?{...m.NETWORK_ERROR,message:`Network error: ${o}`}:{...m.GIT_ERROR,message:`Git clone failed (exit code ${t}): ${o}`}}getCloneJobStatus(e){let t=u(this.db,e);if(!t)return null;let r={jobId:t.id,status:t.status,progress:t.progress,repositoryId:t.repositoryId};return"failed"===t.status&&t.errorCode&&(r.error={category:t.errorCategory||"system",code:t.errorCode,message:t.errorMessage||"Unknown error"}),r}cancelCloneJob(e){let t=this.activeProcesses.get(e);if(t)return t.kill("SIGTERM"),this.activeProcesses.delete(e),g(this.db,e,{status:"cancelled",completedAt:new Date}),!0;let r=u(this.db,e);return!!r&&"pending"===r.status&&(g(this.db,e,{status:"cancelled",completedAt:new Date}),!0)}}},57440:(e,t,r)=>{r.d(t,{j:()=>a});var o=r(55315),s=r.n(o);function a(e,t){if(!e||""===e.trim()||e.includes("\0"))return!1;let r=e;try{r=decodeURIComponent(e)}catch{r=e}if(r.includes("\0"))return!1;let o=s().resolve(t),a=s().resolve(t,r),i=s().relative(o,a);return!(i.startsWith("..")||s().isAbsolute(i))}},67722:(e,t,r)=>{r.d(t,{Lj:()=>u,a$:()=>c,e9:()=>d,h2:()=>g});var o=r(61282),s=r(21764),a=r(55315),i=r.n(a),n=r(75748),l=r(93346);function c(){let e=process.env.WORKTREE_REPOS;if(e&&e.trim())return e.split(",").map(e=>e.trim()).filter(e=>e.length>0);let t=(0,l.Hb)("CM_ROOT_DIR");return t&&t.trim()?[t.trim()]:[]}async function d(e){let t=(0,s.promisify)(o.exec);try{let{stdout:r}=await t("git worktree list",{cwd:e}),o=function(e){if(!e||""===e.trim())return[];let t=e.trim().split("\n"),r=[];for(let e of t){let t=e.trim();if(!t)continue;let o=t.match(/^(.+?)\s+([a-z0-9]+)\s+(?:\[(.+?)\]|\(detached HEAD\))/);if(o){let[,e,t,s]=o;r.push({path:e.trim(),branch:s||`detached-${t}`,commit:t})}}return r}(r),s=i().resolve(e),a=i().basename(s);return o.map(e=>({id:function(e,t){if(!e)return"";let r=e=>e.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/-+/g,"-").replace(/^-|-$/g,""),o=r(e);if(t){let e=r(t);return`${e}-${o}`}return o}(e.branch,a),name:e.branch,path:i().resolve(e.path),repositoryPath:s,repositoryName:a})).filter(e=>["/etc","/root","/sys","/proc","/dev","/boot","/bin","/sbin","/usr/bin","/usr/sbin"].some(t=>e.path.startsWith(t))?(console.warn(`Skipping potentially unsafe worktree path: ${e.path}`),!1):!(e.path.includes("\0")||e.path.includes(".."))||(console.warn(`Skipping path with potentially malicious characters: ${e.path}`),!1))}catch(r){let e=r instanceof Error?r.message:String(r),t=r.code;if(e?.includes("not a git repository")||128===t)return[];throw r}}async function u(e){let t=[];for(let r of e)try{console.log(`Scanning repository: ${r}`);let e=await d(r);t.push(...e),console.log(`  Found ${e.length} worktree(s)`)}catch(e){console.error(`Error scanning repository ${r}:`,e)}return t}function g(e,t){if(0===t.length)return;let r=new Map;for(let e of t){let t=e.repositoryPath||"";r.has(t)||r.set(t,[]),r.get(t).push(e)}for(let[t,o]of r){if(!t)continue;let r=(0,n.Pv)(e,t),s=new Set(o.map(e=>e.id)),a=r.filter(e=>!s.has(e));if(a.length>0){let r=(0,n.pM)(e,a);console.log(`Removed ${r.deletedCount} deleted worktree(s) from ${t}`)}for(let t of o)(0,n.ly)(e,t)}}}};