- Fix route path from /api/sessions/:id/move to /claude/api/claude/sessions/:id/move
- Fix race condition by fetching session once and storing isActiveSession flag
- Add database persistence for active session metadata changes
- Ensures consistency between in-memory and database state
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add sessions table to database with projectId and deletedAt columns
- Create POST /api/sessions/:id/move endpoint to reassign sessions
- Update DELETE /api/projects/:id to cascade soft-delete to sessions
- Support moving sessions between projects or to unassigned state
- Handle both active (in-memory) and historical sessions
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed code quality issues from Task 2 review:
1. Added ID validation in PUT endpoint:
- Validates req.params.id is a valid positive integer
- Returns 400 for invalid IDs (non-numeric, negative, zero, decimals)
- Prevents SQL injection attempts
2. Added path validation in POST and PUT endpoints:
- Validates projectPath is absolute path
- Normalizes and resolves paths
- Detects and blocks path traversal attempts (e.g., ../../../etc)
- Returns 400 for invalid paths
3. Fixed UNIQUE constraint in database schema:
- Removed UNIQUE constraint from name column
- Allows creating projects with same name as deleted projects
- Application-level duplicate checking remains for active projects
- Added table migration to drop and recreate schema
Files modified:
- server.js: Added validateProjectId() and validateProjectPath() helpers
- services/database.js: Removed UNIQUE constraint, added migration
All validation tested and working correctly.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added three new API endpoints for managing projects using SQLite:
- GET /api/projects - Lists all active projects (deletedAt IS NULL)
* Sorts by lastActivity DESC
* Returns id, name, description, icon, color, path, sessionCount, createdAt, lastActivity
- POST /api/projects - Creates new project
* Required fields: name, path
* Optional fields: description, icon (default '📁'), color (default '#4a9eff')
* Validates required fields and checks for duplicate names
* Returns 201 status on success
- PUT /api/projects/:id - Updates existing project
* Allows updating: name, description, icon, color, path
* Only updates projects where deletedAt IS NULL
* Returns 404 if project not found
* Validates duplicate names on name change
All endpoints use synchronous better-sqlite3 API with parameterized queries.
SessionCount set to 0 for now (will be implemented in Task 3).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Install better-sqlite3 package for persistent storage
- Create database service with projects table schema
- Add indexes on deletedAt and name for efficient queries
- Support soft-delete with deletedAt timestamp
- Export database instance for use in server.js
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Full IDE with terminal integration using xterm.js
- Session management with local and web sessions
- HTML preview functionality
- Multi-terminal support with session picker
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
·