Implement Phase 1 of the file editor & chat UI redesign:
- CodeMirror 6 integration with syntax highlighting
- Multi-file tab support with dirty state tracking
- Custom dark theme matching GitHub's color scheme
- Keyboard shortcuts (Ctrl+S to save, Ctrl+W to close tab)
- Mobile-responsive design with proper touch targets
- Fallback to basic textarea if CodeMirror fails to load
Technical details:
- Import map for ESM modules from node_modules
- Language support for JS, Python, HTML, CSS, JSON, Markdown
- Auto-initialization on DOM ready
- Global window.fileEditor instance for integration
- Serve node_modules at /claude/node_modules for import map
Files added:
- public/claude-ide/components/file-editor.js (main component)
- public/claude-ide/components/file-editor.css (responsive styles)
Files modified:
- public/claude-ide/index.html (import map, script tags)
- public/claude-ide/ide.js (updated loadFile function)
- server.js (serve node_modules for CodeMirror)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The WebSocket closes immediately with code 1006 due to nginx/proxy
issues. This implementation completely bypasses WebSocket for
terminal output by using HTTP polling instead.
Architecture:
- Server buffers PTY output in memory (outputBuffer array)
- Frontend polls every 100ms via GET /terminals/:id/output?since=N
- Output entries have monotonically increasing index
- Old output is automatically cleaned up after 5 minutes
- Commands sent via HTTP POST (already implemented)
Changes:
- terminal-service.js: Added bufferOutput(), getTerminalOutput()
- terminal.js: Added startPolling(), stopPolling(), sendTerminalResize()
- server.js: Added GET /terminals/:id/output and POST /terminals/:id/resize
- No WebSocket needed for output display (keeps legacy compatibility)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The WebSocket send mechanism fails with close code 1006 when client
tries to send data to server. Server never receives the message,
indicating a network/proxy layer issue that couldn't be fixed through
code changes or nginx configuration.
Solution: Bypass WebSocket send entirely by using HTTP POST to send
commands directly to the PTY.
Changes:
- Added sendTerminalInput() method to terminal-service.js that writes
directly to PTY, bypassing WebSocket
- Added POST endpoint /claude/api/terminals/:id/input to server.js
- Modified launchCommand() in terminal.js to use fetch() with HTTP
POST instead of WebSocket.send()
The WebSocket receive direction still works (server→client for output
display), only send direction (client→server for commands) is bypassed.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add Express trust proxy setting and improve session cookie configuration
to work properly behind nginx reverse proxy.
Changes:
- Add app.set('trust proxy', 1) before session middleware
- Update session cookie with sameSite: 'lax' and httpOnly: true
- Add explicit cookie name: 'connect.sid'
This works together with nginx location blocks to route /api/projects
and /api/recycle-bin requests to the Obsidian Web Interface (port 3010)
instead of the generic Next.js backend (port 8080).
Fixes "Failed to load on projects" error on production domain.
See AUTHENTICATION_FIX_REPORT.md for full details.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Modified session creation endpoint to accept and store projectId:
- Accept optional projectId parameter in POST /claude/api/claude/sessions
- Validate projectId exists and is not deleted before assignment
- Store projectId in both session metadata and database
- Update project's lastActivity timestamp when session is created
- Also updated duplicate endpoint to preserve projectId from source session
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add GET /projects route in server.js with authentication check
- Serve projects.html when authenticated, redirect to login otherwise
- Add navigation header to both landing page and projects page
- Include Sessions, Projects navigation links with active state styling
- Add logout button to navigation header
- Style navigation with dark theme matching existing design
- Make navigation responsive for mobile devices
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added GET /api/projects/suggestions endpoint that provides intelligent
project suggestions based on session context. The endpoint:
- Takes sessionId as a required query parameter
- Retrieves session from in-memory or historical sessions
- Calculates scores for each project using multiple criteria:
* Directory match (90 points): session workingDir === project path
* Subdirectory match (50 points): session workingDir starts with project path
* Used today (20 points): project lastActivity < 1 day ago
* Used this week (10 points): project lastActivity < 7 days ago
* Name similarity (15 points): overlap between session dir name and project name
- Returns top 3 scored suggestions with reasons
- Also returns all projects sorted alphabetically
- Filters out projects with zero scores from suggestions
- Handles missing sessions with appropriate error responses
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix route path from /api/sessions/:id/move to /claude/api/claude/sessions/:id/move
- Fix race condition by fetching session once and storing isActiveSession flag
- Add database persistence for active session metadata changes
- Ensures consistency between in-memory and database state
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add sessions table to database with projectId and deletedAt columns
- Create POST /api/sessions/:id/move endpoint to reassign sessions
- Update DELETE /api/projects/:id to cascade soft-delete to sessions
- Support moving sessions between projects or to unassigned state
- Handle both active (in-memory) and historical sessions
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed code quality issues from Task 2 review:
1. Added ID validation in PUT endpoint:
- Validates req.params.id is a valid positive integer
- Returns 400 for invalid IDs (non-numeric, negative, zero, decimals)
- Prevents SQL injection attempts
2. Added path validation in POST and PUT endpoints:
- Validates projectPath is absolute path
- Normalizes and resolves paths
- Detects and blocks path traversal attempts (e.g., ../../../etc)
- Returns 400 for invalid paths
3. Fixed UNIQUE constraint in database schema:
- Removed UNIQUE constraint from name column
- Allows creating projects with same name as deleted projects
- Application-level duplicate checking remains for active projects
- Added table migration to drop and recreate schema
Files modified:
- server.js: Added validateProjectId() and validateProjectPath() helpers
- services/database.js: Removed UNIQUE constraint, added migration
All validation tested and working correctly.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added three new API endpoints for managing projects using SQLite:
- GET /api/projects - Lists all active projects (deletedAt IS NULL)
* Sorts by lastActivity DESC
* Returns id, name, description, icon, color, path, sessionCount, createdAt, lastActivity
- POST /api/projects - Creates new project
* Required fields: name, path
* Optional fields: description, icon (default '📁'), color (default '#4a9eff')
* Validates required fields and checks for duplicate names
* Returns 201 status on success
- PUT /api/projects/:id - Updates existing project
* Allows updating: name, description, icon, color, path
* Only updates projects where deletedAt IS NULL
* Returns 404 if project not found
* Validates duplicate names on name change
All endpoints use synchronous better-sqlite3 API with parameterized queries.
SessionCount set to 0 for now (will be implemented in Task 3).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Full IDE with terminal integration using xterm.js
- Session management with local and web sessions
- HTML preview functionality
- Multi-terminal support with session picker
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
·