Replace the comment-only list with a Linear-style unified timeline that
interleaves field changes and comments chronologically.
Backend:
- activity_listeners.go: records field changes (status, assignee, description,
task completed/failed) to activity_log table on domain events
- Timeline API: GET /api/issues/{id}/timeline merges activity_log + comments
sorted by created_at
- Comment reply: parent_id column + handler support for threading
Frontend:
- Unified timeline replaces comment list: activity entries as compact muted
lines, comments as Card components with reply threading
- Filter toggle (All / Comments / Activity)
- Reply UI: inline editor under comments with Cancel/Reply buttons
- Real-time sync for activity:created + comment events
- 10 new Go tests, all passing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove commenter/mentioned/manual reason labels — users only need to see
who created and who is assigned. Other reasons add noise without value.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Consistent with subscriber:added handler. Prevents removing a member subscriber
when an agent with the same UUID is unsubscribed (or vice versa).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When subscribing, both the optimistic setSubscribers and the WS subscriber:added
event could add the same entry. Now both paths check for existing entries using
(user_id + user_type) composite key before appending.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Members array from workspace store can contain duplicate user_ids (e.g. user
added to workspace twice). Filter by unique user_id before rendering to prevent
React duplicate key warnings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: backend hardcoded UserType="member" in subscribe/unsubscribe handlers,
so unsubscribing an agent actually tried to delete a member record (no-op), and
the WS event broadcast wrong user_type causing other subscribers' UI to break.
- Backend: accept optional user_type in subscribe/unsubscribe request body
- Frontend: pass userType through API client to backend
- Fixes: clicking agent checkbox no longer affects member subscriptions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix duplicate React key by using composite key (type-id) for avatars and command items
- Add Agents section to subscriber Command popover (members + agents both selectable)
- Fix subscriber matching to use both user_type and user_id (prevents cross-type collisions)
- Add max-h-64 to CommandList to prevent overflow
- toggleSubscriber now accepts userType parameter for proper agent support
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Backend: subscribe/unsubscribe API now accepts optional user_id to manage other users
- Frontend: replace manual avatar stacking with shadcn AvatarGroup component
- Frontend: replace disabled-checkbox Popover with Command+Popover combo (Linear-style)
- Search/filter workspace members
- Click to toggle subscription (checkbox)
- Shows reason badge (Assignee, Creator, etc.) for auto-subscribed users
- Clean up duplicate status_change type (keep only status_changed)
- All tests pass (Go + TypeScript)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add new_comment, unassigned, assignee_changed, priority_changed, status_changed
to InboxItemType and typeLabels so inbox renders proper labels instead of raw
type strings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add comment explaining subscriber→notification listener registration order in main.go
- Add issue_status field to notifySubscribers and notifyDirect (fixes missing StatusIcon in inbox)
- Backfill existing commenters as subscribers in migration 016
- Add TODO comment for @mention duplicate notification prevention (deferred until @mention feature is enabled)
- Add context.Background() usage note for future bus-level timeout improvements
- Add toast error feedback on subscribe/unsubscribe failure
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace inbox_listeners.go with a subscriber-driven notification system:
- Add issue_subscriber table with auto-subscribe on create/assign/comment
- New subscriber_listeners.go: maintains subscriber data on domain events
- New notification_listeners.go: notifySubscribers (fanout to all subscribers
minus actor) and notifyDirect (targeted, punches through unsubscribe)
- Subscriber API: list/subscribe/unsubscribe endpoints
- Frontend: subscribers section in issue detail sidebar with real-time sync
- Frontend: inbox notification grouping by (issue_id, type, actor_id)
- Remove createInboxForIssueCreator from task.go (unified through event bus)
- 21 new Go tests, all passing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Runtime page: add ResizablePanelGroup with persistent layout, fix scroll
- Agents page: replace hand-rolled dropdowns with shadcn Popover/DropdownMenu,
remove redundant wrapper div, fix header height to h-12
- Skills page: widen create dialog to sm:max-w-md, stabilize tab height
- Settings: use variant="destructive" on AlertDialogAction instead of hardcoded className
- Issues list view: rewrite with base-ui Accordion grouped by status,
show all statuses (including empty), add per-group create button,
persist expand/collapse state, apply sort settings
- Issues header: show filtered issue count next to New Issue button
- Extract shared sortIssues utility from board-column for reuse
- Remove redundant StatusIcon from ListRow (already grouped by status)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace simple text buttons with macOS-style window preview cards for
Light/Dark/System theme selection, using pure CSS miniature window mockups.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add inline pickers on board cards for priority, assignee, and due date
- Add custom trigger prop to PriorityPicker, AssigneePicker, DueDatePicker for styling control
- Replace due date quick options with Calendar-based DueDatePicker in issue detail sidebar
- Use PickerWrapper to stop event propagation from pickers to Link/drag handlers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Redesign card layout: priority label, description line, subtle shadow, configurable properties
- Wider columns (280px) with rounded background, count badge, and card spacing
- Add SortableContext for within-column drag reordering with fractional position indexing
- Fix collision detection to prefer card targets over column droppables for reliable down-drag
- Add hidden columns panel on right side with show/hide toggle
- Consolidate header into Filter popover (status + priority) and Display popover (ordering + card properties)
- Auto-switch to manual sort when cards are dragged to preserve drag ordering
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Redesign the skill detail panel to use a directory tree + file viewer
layout, similar to a file browser. SKILL.md and supporting files are
shown in a collapsible tree on the left; selecting a file renders its
content on the right with markdown preview (including YAML frontmatter
parsing) and an edit toggle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the subtle inline badge with two always-visible source cards
that show URL formats for ClawHub and Skills.sh, highlighting the
detected source as the user types. Import button now shows
source-specific loading text.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: decouple task lifecycle from issue status, add daemon health server
- Remove automatic issue status changes from StartTask (in_progress),
CompleteTask (in_review), and FailTask (blocked) in task service.
Issue status is now fully managed by the agent via `multica issue status`.
- Update agent prompt and meta skill to instruct agents to manage issue
status themselves (in_progress → done/in_review/blocked).
- Add daemon health HTTP server on 127.0.0.1:19514 with /health endpoint
exposing pid, uptime, agents, and workspaces. Fail fast if port is taken
(another daemon already running).
- Update `multica status` to check both server and daemon health.
- Add Save button to repos section in workspace settings UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor(daemon): simplify prompt, fix runtime config path, improve task error logging
- Slim down BuildPrompt to a minimal hint; detailed workflow now lives in CLAUDE.md/AGENTS.md
- Write CLAUDE.md to workDir root instead of .claude/CLAUDE.md
- Fix git-exclude pattern (.claude → CLAUDE.md)
- Decouple task queue reconciliation from issue status changes (agents manage status via CLI)
- Add diagnostic logging when CompleteTask/FailTask fail due to unexpected task state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(task): use task_completed/task_failed inbox notification types
FailTask was sending "agent_blocked" which conflates agent crash with
issue-level blocked status. Align notification types with the new
decoupled model: task_completed and task_failed. Update frontend types
and labels accordingly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a Repositories section to workspace settings where admins can
add/remove GitHub repo URLs with descriptions. Agents use these repos
to clone and work on code.
- Add WorkspaceRepo type and export from shared/types
- Update API client updateWorkspace to accept repos
- Add repos section in workspace-tab.tsx with add/remove UI
- Fix test helpers to include repos field
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove the frontend-only knowledge base page, sidebar nav entry, and
unused BookOpen import. Fix setup-worktree to always generate unique
ports via init-worktree-env.sh instead of skipping when .env.worktree
already exists with default ports.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously the entire view was replaced with "No matching issues" text.
Now the board columns or list view render even when empty.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These fields were unused in practice. Removed from frontend types,
issue detail UI, backend handlers, daemon prompt/context, protocol
messages, SQL queries, and tests. DB columns retained with defaults.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adapt runtime features (usage tracking, ping, heartbeat) to main's
multi-workspace architecture. Update frontend imports from @multica/types
to @/shared/types after the package consolidation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a new "Runtimes" sidebar tab to manage local agent runtimes with three
main capabilities: runtime status overview, token usage tracking (reading
Claude Code and Codex CLI local JSONL logs via daemon), and an interactive
connection test that sends a ping through the daemon to verify end-to-end
agent CLI connectivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Support importing skills from external sources (clawhub.ai and skills.sh)
via a new POST /api/skills/import endpoint. The backend auto-detects the
source from the URL, fetches skill metadata and files, and creates the
skill in the workspace. The frontend CreateSkillDialog now has two tabs:
Create (manual) and Import (paste URL with source auto-detection badge).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The login page was changed to email+OTP but tests still expected
the old name+email+password form.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Delete packages/ui and packages/utils (zero imports from apps/web),
remove Turborepo, inline tsconfig.base.json into web's tsconfig,
and simplify root scripts to use pnpm --filter directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Take main's improved login page with extracted validateCliCallback
helper and cli_confirm step for existing sessions. Update import
from @multica/types to @/shared/types.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The frontend ApiClient had a non-existent `/auth/login` endpoint.
Restored the two-step `sendCode` + `verifyCode` flow matching the
backend, including OTP input UI and CLI browser login callback support.
Also restored `IF NOT EXISTS` in migration 012 to prevent failures on
databases where the column already exists.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add drag-to-resize sidebar with localStorage persistence
- Rewrite issue detail page with Tiptap rich text editor, due date picker, acceptance criteria
- Redesign create-issue modal with pill-based property toolbar and expand/collapse
- Consolidate @multica/sdk and @multica/types into apps/web/shared/
- Simplify auth: remove verification codes, PATs, email service (dev-only login)
- Add 401 unauthorized handler to redirect expired sessions to login
- Fix due date format to send full RFC3339 timestamps
- Increase description editor debounce to 1500ms
- Remove arbitrary Tailwind values in create-issue modal
- Renumber migrations (inbox_actor 012→009), remove unused migrations
- UI polish across agents, settings, inbox, knowledge-base pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the browser has an existing valid session and the login page is
opened with cli_callback, show a one-click "Authorize CLI" confirmation
instead of requiring email verification again.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add state parameter to CLI browser login flow for CSRF protection — CLI
generates a random state, frontend passes it through, CLI verifies on
callback. Also restrict cli_callback to http: scheme only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Prevent open redirect / JWT theft by only allowing localhost/127.0.0.1
as cli_callback hostname
- URL-encode the callback URL in the login query string
- Simplify resolveAppURL to use os.Getenv directly (no phantom flag)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
`multica auth login` now opens the browser for email verification,
receives the JWT via localhost callback, and exchanges it for a PAT.
The legacy PAT-paste flow is preserved via `--token` flag.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add email verification login flow with 401 auto-redirect
Replace the old OAuth-based login with email verification codes:
- Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service
- Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode
- SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login
- Fix login button staying disabled due to global isLoading state
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup
- VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010)
- onUnauthorized: skip redirect if already on /login to prevent infinite loops
- SendCode: best-effort cleanup of expired verification codes older than 1 hour
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add master verification code for non-production environments
Allow code "888888" to bypass email verification in non-production
environments to simplify development and testing workflows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(auth): add personal access tokens for CLI and API authentication
Add full-stack PAT support: users create tokens in Settings, CLI authenticates
via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware
extended to accept both JWTs and PATs (distinguished by `mul_` prefix).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update mocks for useIssueViewStore, view-store, dnd-kit, and
workspace breadcrumb. Adjust assertions for DropdownMenu-based
filters and multi-select state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
