Take main's improved login page with extracted validateCliCallback
helper and cli_confirm step for existing sessions. Update import
from @multica/types to @/shared/types.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The frontend ApiClient had a non-existent `/auth/login` endpoint.
Restored the two-step `sendCode` + `verifyCode` flow matching the
backend, including OTP input UI and CLI browser login callback support.
Also restored `IF NOT EXISTS` in migration 012 to prevent failures on
databases where the column already exists.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove unused ListWorkspaces/Workspace from daemon client, add log when
default workspace is set implicitly, document token reload limitation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The renumbered 012_inbox_actor migration fails on databases where the
old 009_inbox_actor was already applied, since actor_type and actor_id
columns already exist. Use IF NOT EXISTS to handle both cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Prevent concurrent reloadWorkspaces with a dedicated mutex
- SaveCLIConfig now writes to a temp file then renames for atomicity,
preventing partial reads by the daemon's config watcher
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- `multica workspace list` — list all user workspaces from API (with
watching indicator)
- `multica watch <id>` — add workspace to daemon watch list (top-level)
- `multica unwatch <id>` — remove from watch list (top-level)
- `multica watches` — show current daemon watch list (top-level)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add `multica workspace watch/unwatch/list` CLI commands
- Daemon watches multiple workspaces from config's `watched_workspaces`
- Registers runtimes per workspace, polls all runtime IDs in round-robin
- Hot-reload: daemon detects config file changes every 5s and
adds/removes workspaces without restart
- Remove `--workspace-id` flag from daemon (workspace selection is now
purely config-driven via `multica workspace watch`)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add drag-to-resize sidebar with localStorage persistence
- Rewrite issue detail page with Tiptap rich text editor, due date picker, acceptance criteria
- Redesign create-issue modal with pill-based property toolbar and expand/collapse
- Consolidate @multica/sdk and @multica/types into apps/web/shared/
- Simplify auth: remove verification codes, PATs, email service (dev-only login)
- Add 401 unauthorized handler to redirect expired sessions to login
- Fix due date format to send full RFC3339 timestamps
- Increase description editor debounce to 1500ms
- Remove arbitrary Tailwind values in create-issue modal
- Renumber migrations (inbox_actor 012→009), remove unused migrations
- UI polish across agents, settings, inbox, knowledge-base pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The daemon now reads the auth token from ~/.multica/config.json (set by
`multica auth login`) instead of requiring a browser-based pairing flow.
If not authenticated, it logs a message and exits.
Workspace ID is auto-resolved from the user's workspaces when not
explicitly set via flag/env.
Removed: daemon.json, pairing session flow, --config-path flag,
PairingSession type, PersistedConfig, LoadWorkspaceIDFromDaemonConfig.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the browser has an existing valid session and the login page is
opened with cli_callback, show a one-click "Authorize CLI" confirmation
instead of requiring email verification again.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ReposRoot was a daemon-level config that locked all tasks to a single
git repo. Replace with RepoPath in TaskContext so the server can specify
the repo per task. When not provided, daemon falls back to directory mode.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
009_inbox_actor conflicted with 009_verification_code, causing
actor_type/actor_id columns to never be added and /api/inbox to 500.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace bare HTML with a styled card layout featuring dark/light mode
support, Multica brand icon, and auto-close behavior.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cover success response, error status codes, nil output, and workspace
header propagation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add state parameter to CLI browser login flow for CSRF protection — CLI
generates a random state, frontend passes it through, CLI verifies on
callback. Also restrict cli_callback to http: scheme only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Prevent open redirect / JWT theft by only allowing localhost/127.0.0.1
as cli_callback hostname
- URL-encode the callback URL in the login query string
- Simplify resolveAppURL to use os.Getenv directly (no phantom flag)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
`multica auth login` now opens the browser for email verification,
receives the JWT via localhost callback, and exchanges it for a PAT.
The legacy PAT-paste flow is preserved via `--token` flag.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add email verification login flow with 401 auto-redirect
Replace the old OAuth-based login with email verification codes:
- Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service
- Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode
- SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login
- Fix login button staying disabled due to global isLoading state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup
- VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010)
- onUnauthorized: skip redirect if already on /login to prevent infinite loops
- SendCode: best-effort cleanup of expired verification codes older than 1 hour
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add master verification code for non-production environments
Allow code "888888" to bypass email verification in non-production
environments to simplify development and testing workflows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add personal access tokens for CLI and API authentication
Add full-stack PAT support: users create tokens in Settings, CLI authenticates
via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware
extended to accept both JWTs and PATs (distinguished by `mul_` prefix).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update mocks for useIssueViewStore, view-store, dnd-kit, and
workspace breadcrumb. Adjust assertions for DropdownMenu-based
filters and multi-select state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add actor_type/actor_id to inbox items for proper attribution
- Extract issue detail into features/issues/components/issue-detail.tsx
- Inbox page and store updates for actor-based notifications
- Sidebar, layout, and actor-avatar refinements
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Refactor status icons to use a shared ProgressCircle SVG base with
pie-arc fill. Backlog, Todo, InProgress, InReview, Done, Cancelled,
Blocked all use the unified component.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Persist last visited path via Zustand persist, restore on login/root
- Sidebar: exact match for active state (issue detail no longer highlights Issues)
- Sidebar header: increase vertical padding
- Inbox unread count: simplified to text-xs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace raw fmt/log calls with structured slog logger (Go) and
console-based logger (TypeScript). Add request logging middleware.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The project was previously called "super-multica" but has been renamed
to "multica". Update all remaining references in docker-compose, goreleaser,
README, and local development docs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix global scrollbar overflow by removing h-svh from html element
- Add h-full overflow-hidden to html/body for proper app-like layout
- Fix default button variant: add shadow-sm and hover:bg-primary/90
- Update sidebar create-issue button to bg-background with shadow
- Add WorkspaceAvatar component and search/new-issue actions to sidebar header
- Improve theme provider with TooltipProvider wrapper
- Polish various page layouts, pickers, modals, and code block styling
- Clean up custom.css unused styles
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GoReleaser hooks execute commands directly without a shell, so `cd`
(a shell builtin) fails. The hook is unnecessary since go.mod should
already be tidy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pgxpool.New is lazy and doesn't connect immediately. Add pool.Ping()
after creation so CI environments without PostgreSQL skip cleanly
instead of failing with os.Exit(1).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rename the binary and all references from multica-cli to multica for a
cleaner command-line experience.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix actions/checkout@v6 → v4 (v6 doesn't exist)
- Add Go test step before GoReleaser to prevent shipping broken binaries
- Add license and test block to Homebrew formula
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
homebrew_casks is for macOS .app bundles; brews is the correct
GoReleaser v2 key for CLI binaries. Also read Go version from go.mod
instead of hardcoding it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
TestWebSocketIntegration was timing out because registerListeners()
was never called — events published via bus had no listeners, so
WS broadcasts never happened.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
