Phase 1 of systematic debugging: Gather evidence
Added detailed logging to trace the complete command flow:
- launchCommand: Shows when called, terminalId, command, WebSocket state
- waitForTerminalReady: Shows waiting period and ready state
- handleTerminalMessage: Shows all messages from backend with details
- WebSocket message content logged before sending
Also fixed duplicate 'ready' message (removed line 113-116).
Now when user creates "Claude Code CLI" terminal, console will show:
1. launchCommand called with terminalId and command
2. Waiting for terminal ready
3. Ready message received (or timeout)
4. Command sent to WebSocket
5. All backend messages logged
This will reveal exactly where the flow breaks.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Critical fix: The frontend was waiting for a 'ready' message that the
backend never sent, causing commands to timeout.
Root Cause:
Frontend connectTerminal() waits for 'ready' message from backend
before resolving, but backend never sent this message. Result: Frontend
timed out after 5 seconds waiting for ready state, and commands were
never sent.
Fix:
Send 'ready' message immediately when WebSocket connection is established.
This signals to frontend that PTY is initialized and ready to receive input.
Flow Now:
1. Frontend creates terminal UI
2. Frontend initializes xterm.js
3. Frontend connects WebSocket
4. Backend receives connection, sends 'ready' message
5. Frontend receives 'ready', sets ready=true, resolves promise
6. Frontend sends claude --dangerously-skip-permissions command
7. Command executes successfully
Resolves: "still getting empty terminal"
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add sessions table to database with projectId and deletedAt columns
- Create POST /api/sessions/:id/move endpoint to reassign sessions
- Update DELETE /api/projects/:id to cascade soft-delete to sessions
- Support moving sessions between projects or to unassigned state
- Handle both active (in-memory) and historical sessions
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed code quality issues from Task 2 review:
1. Added ID validation in PUT endpoint:
- Validates req.params.id is a valid positive integer
- Returns 400 for invalid IDs (non-numeric, negative, zero, decimals)
- Prevents SQL injection attempts
2. Added path validation in POST and PUT endpoints:
- Validates projectPath is absolute path
- Normalizes and resolves paths
- Detects and blocks path traversal attempts (e.g., ../../../etc)
- Returns 400 for invalid paths
3. Fixed UNIQUE constraint in database schema:
- Removed UNIQUE constraint from name column
- Allows creating projects with same name as deleted projects
- Application-level duplicate checking remains for active projects
- Added table migration to drop and recreate schema
Files modified:
- server.js: Added validateProjectId() and validateProjectPath() helpers
- services/database.js: Removed UNIQUE constraint, added migration
All validation tested and working correctly.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Install better-sqlite3 package for persistent storage
- Create database service with projects table schema
- Add indexes on deletedAt and name for efficient queries
- Support soft-delete with deletedAt timestamp
- Export database instance for use in server.js
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Full IDE with terminal integration using xterm.js
- Session management with local and web sessions
- HTML preview functionality
- Multi-terminal support with session picker
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
·