- Add drag-to-resize sidebar with localStorage persistence
- Rewrite issue detail page with Tiptap rich text editor, due date picker, acceptance criteria
- Redesign create-issue modal with pill-based property toolbar and expand/collapse
- Consolidate @multica/sdk and @multica/types into apps/web/shared/
- Simplify auth: remove verification codes, PATs, email service (dev-only login)
- Add 401 unauthorized handler to redirect expired sessions to login
- Fix due date format to send full RFC3339 timestamps
- Increase description editor debounce to 1500ms
- Remove arbitrary Tailwind values in create-issue modal
- Renumber migrations (inbox_actor 012→009), remove unused migrations
- UI polish across agents, settings, inbox, knowledge-base pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add email verification login flow with 401 auto-redirect
Replace the old OAuth-based login with email verification codes:
- Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service
- Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode
- SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login
- Fix login button staying disabled due to global isLoading state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup
- VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010)
- onUnauthorized: skip redirect if already on /login to prevent infinite loops
- SendCode: best-effort cleanup of expired verification codes older than 1 hour
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add master verification code for non-production environments
Allow code "888888" to bypass email verification in non-production
environments to simplify development and testing workflows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add personal access tokens for CLI and API authentication
Add full-stack PAT support: users create tokens in Settings, CLI authenticates
via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware
extended to accept both JWTs and PATs (distinguished by `mul_` prefix).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolve conflicts:
- CLAUDE.md: merge feature-based frontend docs from main with comprehensive
architecture docs from HEAD
- Makefile: merge .PHONY targets from both branches
- settings/page.tsx: keep Context field using main's Label component
- auth-context.test.tsx: accept main's deletion (moved to features/auth/)
- cmd/daemon/daemon.go: accept HEAD's deletion (moved to internal/daemon/)
- daemon/client.go: port requestError type and isWorkspaceNotFoundError from
main's old daemon into the new internal/daemon package
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove tab system entirely (tab-store, tab-bar, tab-link)
- Split monolithic AuthContext into zustand auth + workspace stores
- Move issue components/config to features/issues/
- Move WebSocket provider to features/realtime/
- Move api.ts to shared/
- Migrate all consumers from useAuth() to direct store imports
- Simplify sidebar: replace hand-built dropdown with shadcn DropdownMenu,
replace custom layout wrapper with SidebarInset
- Remove unused @multica/store and @multica/hooks dependencies
- Add @/ path alias and zustand dependency
- Update CLAUDE.md with feature-based architecture conventions
Net change: +293 / -2435 lines
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add success/warning/info semantic design tokens to globals.css
- Replace all raw HTML elements (input, select, textarea, button, label)
with shadcn components (Input, Select, Textarea, Button, Label, Dialog)
across settings, issues, agents, inbox, knowledge-base, and pair pages
- Replace all hardcoded Tailwind colors with design tokens
(text-red-500 → text-destructive, text-green-600 → text-success, etc.)
- Extract shared ActorAvatar component to packages/ui/components/common
- Update status and priority configs to use semantic tokens
- Update CLAUDE.md with component organization guidelines
- Fix login page tests to use label-based queries
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix kanban board columns not adapting to available width (w-64 → flex-1)
- Fix workspace name not updating in sidebar after save in settings
- Fix comments leaking across issues when navigating between issue details
- Fix duplicate issue appearing on create (race between callback and WebSocket)
- Add real-time WebSocket listeners for agents and inbox pages
- Add `make check` one-click verification pipeline (typecheck + tests + E2E)
- Add E2E test fixtures for self-contained test data setup/teardown
- Add settings E2E test and updateWorkspace unit test
- Make `make start/setup` reuse existing PostgreSQL if already running
- Update CLAUDE.md with AI agent verification loop and E2E test patterns
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add idempotent seed tool with duplicate detection for agents/issues/comments
- Add migration CLI supporting up/down with schema_migrations tracking
- Add Makefile targets: make setup (first-time), make start, make stop
- Update .gitignore for test artifacts and compiled binaries
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
web_search and data tools authenticate via auth.json (sid + deviceId).
When SMC_DATA_DIR is set (e.g. for E2E tests), the auth file may not
exist in the custom dir. Now getLocalAuth() falls back to
~/.super-multica-dev/auth.json, which is created by pnpm dev:local
Desktop login and valid for the dev backend (api-dev.copilothub.ai).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
E2E tests now use ~/.super-multica-e2e to avoid polluting dev
(~/.super-multica-dev) or production (~/.super-multica) session data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add agent-driven E2E testing section to CLAUDE.md so all team members'
Coding Agents automatically know how to run and analyze E2E tests.
Update guide with MULTICA_API_URL requirement discovered during testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Establish "external-only mock" rule: only third-party dependencies
may be mocked in tests. Internal modules must use real implementations
with temp directories, reset functions, or dependency injection.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add rewrites in next.config.ts to proxy /api/* to api-dev.copilothub.ai
- Update docs to reflect new local dev workflow (no devd needed)
- Fix web port number in CLAUDE.md (3001 → 3000)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
`pnpm dev` now connects to dev gateway by default. Support runtime
GATEWAY_URL env var to override, so no per-worktree .env setup needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Change `multica dev` default from gateway+console+web to desktop app
- Remove console from dev command options (use embedded Hub in desktop)
- Update package.json scripts to reflect new defaults
- Update README.md and CLAUDE.md architecture documentation
The desktop app has an embedded Hub, so no separate console/gateway is
needed for local development. Gateway is now optional, only needed for
remote client access.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update README.md with new multica command examples
- Update CLAUDE.md common commands section
- Document all subcommands and their usage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(agent): improve interactive CLI with colors, spinner, and status bar
- Add colors.ts module with ANSI terminal color utilities
- Add spinner animation for tool execution feedback
- Add persistent status bar showing session/provider/model
- Apply colors to welcome banner, prompts, commands, and suggestions
- Support NO_COLOR env for accessibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(agent): correct cursor position with ANSI-colored prompts
Strip ANSI escape codes when calculating visual length of prompt
to ensure cursor is positioned correctly after colored text.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(agent): prevent duplicate input echo in interactive CLI
Lazy-initialize readline.Interface only when multiline mode is active.
This prevents readline from interfering with autocomplete's raw mode,
which was causing user input to be echoed twice.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(agent): move CLI files to dedicated cli/ directory
Reorganize CLI-related files into src/agent/cli/ for better separation:
- interactive.ts (was interactive-cli.ts)
- non-interactive.ts (was cli.ts)
- profile.ts, skills.ts, tools.ts (was *-cli.ts)
- autocomplete.ts, colors.ts, output.ts (CLI utilities)
Update all imports, package.json scripts, and build configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(agent): add auto-backgrounding to exec tool
- Add yieldMs parameter to exec tool (default 5s) - commands that don't
complete within this time automatically run in background
- Create shared process-registry.ts for unified process management
- Refactor process.ts to use shared registry
- Add --debug CLI flag for session message logging
- Signal isolation: backgrounded processes ignore abort signals
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(session): preserve tool_use/tool_result pairs during compaction
Previously, session compaction simply kept the last N messages, which
could break tool_use/tool_result pairs if the cut point fell between
them. This caused "tool_call_id is not found" errors from the API.
Now compaction finds a safe cut point that starts from either:
- A user message without tool_result
- An assistant message whose tool_use is needed by the next tool_result
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(session): use Kimi as default model for summary compaction
- Auto-detect MOONSHOT_API_KEY from environment
- Use moonshot-v1-128k (cheaper than k2-thinking)
- Fall back to tokens mode if API key not available
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add rule to never use git commit --amend
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: clarify git amend rule for immediate fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
