Update all project dependencies to their latest versions while keeping
Tailwind CSS at v3.4.17 to avoid breaking changes.
Notable updates:
- Express: 4.19.2 → 5.1.0 (major version upgrade)
- Chalk: 4.1.2 → 5.4.1 (major version upgrade to ESM)
- CodeMirror packages: Updated to latest v6 versions
- TypeScript types: Updated to latest versions
- Development tools: Biome, Playwright, Puppeteer, etc.
All code quality checks pass successfully after the updates.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Extract improvements from PR #318:
1. Set default user ID in no-auth mode for auth middleware
- Ensures consistent behavior when authentication is disabled
- Prevents potential issues with undefined user IDs
2. Convert to type-only imports in push notification service
- Use TypeScript type imports for better tree shaking
- Remove .js extensions from imports for consistency
- Minor logging improvement for service worker registration
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Enable arrow key navigation (up/down/left/right) through sessions
- Press Enter to open selected session
- Add visual feedback for keyboard-selected sessions
- Fix global event listener conflict by scoping to component
- Make session-list focusable with proper focus indicators
- Pass selected state to session-card for visual highlighting
Adopts PR #322 with improvements based on review feedback
- Remove non-null assertion in favor of proper null check
- Add z-index comments for clarity in modal overlays
- Remove unused Z_INDEX imports after switching to comments
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add stopPropagation to Browse button click handler in session-create-form
- Add debug logging to track state changes
- Match the pattern used in session-header for consistency
- Swap file picker and settings buttons in session header (settings now at the end)
- Disable all button transitions in session view with body.in-session-view
- Disable modal backdrop fade-in animation (0.3s) in session view
- Fix file browser briefly showing then going dark by preventing event bubbling
- Add stopPropagation to file browser button click to prevent duplicate modals
The session detail page should now have zero animations when toggling sidebar
or opening modals.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove animate-fade-in class from compact mode session list items
- Prevent sessions-showing/hiding animation classes when in session detail view
- Disable View Transitions API for navigating back from session detail view
- Add body.in-session-view class to disable all animations in session view
- Remove transition-all duration-200 from compact session list items
- Disable grid transitions when in session view
This eliminates all staggered animations and transitions that were causing
the perceived 1-2 second delay when toggling the sidebar in session detail view.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Make inline-edit pencil always visible on touch devices with CSS media query
- Remove terminal resize animation (transition: all 0.3s ease-out)
- Remove magic wand AI button that was confusing users
- Reorganize touch device layout: close button left of time
- Disable View Transitions API for session navigation
- Add CSS overrides to disable all button transitions in session view
- Fix TypeScript errors by adding missing handleDeleteSession method
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add check for session detail view in handleCreateSession()
- Add check for session detail view in handleCreateModalClose()
- Modal now appears/disappears instantly in session detail view
- Animation preserved in grid view where it works properly
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove duplicate screen share button from sidebar
- Remove file browser button from sidebar
- Remove file picker/upload button from session header
- Move settings/notification icon from sidebar to session header (next to file browser)
- Disable sidebar slide animations to prevent terminal resize issues
- Simplify sidebar to only show Create Session button and User menu
- Settings button is now in session detail view for better context
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove tablet-specific renderTabletLayout() method
- Remove deviceType property from terminal-quick-keys component
- Remove tablet-specific CSS classes (.tablet-layout, .compact)
- Simplify code to use the same 3-row keyboard for all mobile devices
- Provides consistent experience across iPhone and iPad
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace user agent detection with capability-based detection
- Support any touch device (iPad, Android, Surface, etc.)
- Add smart detection for hybrid devices (touch + trackpad)
- Add user preference support (auto/always/never)
- Add keyboard mode toggle button in mobile controls
- Fix landscape mode detection on all touch devices
- Use hardware capabilities instead of brittle UA strings
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Pass isMobile instead of isPhone to setupMobileFeatures and setupEventListeners
- Tablets need VirtualKeyboard API, Visual Viewport API, and touch event listeners
- Only the keyboard layout should differ between phones and tablets, not core mobile features
- Detect device type (phone vs tablet) based on screen size
- Show custom keyboard on iPads with optimized compact layout
- Portrait mode: 2 rows with essential terminal keys
- Landscape mode: Single row with most important keys
- Properly handle device rotation and window resizing
- Add TypeScript declarations for window.__deviceType
Fixes#223
The magic wand feature now uses emphatic language to ensure AI assistants
use the 'vt title' command instead of injecting terminal escape sequences.
This prevents Claude from being "too smart" and bypassing our title filtering.
Fixes#248
- Ensure bash, zsh, and fish spawn as login shells to read config files
- Add -i and -l flags for bash/zsh, --interactive and --login for fish
- Avoid duplicate flags if already present
- Add user feedback when starting shells in login mode
Fixes#251
fix: prevent file browser flashing and reduce log verbosity
- Split visibility and session change handling to avoid redundant directory loads
- Only reload directory when component becomes visible or session changes while visible
- Change directory browse success log from info to debug level to reduce noise
- Fixes issue where file browser would flash/reload unnecessarily on prop changes
```
- Add focus management check in lifecycle keyboard handler
- Skip keyboard capture when overlays/modals are displayed
- Add debug logging for session name change events
- Prevents keyboard conflicts with form inputs in overlays
- Add titleInjectionInProgress flag to prevent concurrent injections
- Update lastWriteTimestamp immediately before enqueueing to prevent quiet period violations
- Clear pendingTitleToInject only after successful write completion
- Compare titles before clearing to avoid losing newer updates
- Stop injection timer only when no pending titles remain
- Use try-finally to ensure in-progress flag is always cleared
This prevents both lost title updates and quiet period violations that could
occur when titles were cleared prematurely or timestamps updated too late.
- Modified initLogger() to return early if already initialized
- Removed explicit false parameter in server.ts to preserve debug mode from CLI
- Fixes test failure where log file was being deleted after first write
- Change periodic activity update interval from 500ms to 1000ms
- Ensure all title updates go through debouncer (including session name changes)
- Prevents excessive terminal updates while maintaining responsiveness
- Fix menu bar button highlighting using state instead of highlight()
- Extract process name from command path for cleaner display
- Show session name next to command with dash separator
- Fix corner radius on new session dialog
- Make Create button darker green for better visibility
- Update editing to properly handle session names
- Implement modern color scheme with cyan/teal primary colors
- Redesign sidebar with card-based sessions and enhanced status indicators
- Create unified header design with gradient backgrounds
- Add JetBrains Mono font and improve typography throughout
- Implement smooth micro-interactions and animations
- Enhance terminal area with better focus states and loading overlays
- Update all buttons and inputs with consistent hover/focus effects
- Remove stdin handler cleanup that was contradicting the comment
- Remove unused stdinHandler and stdinDataListener from PtySession interface
- Stdin is handled via IPC socket, not process.stdin listeners
- Add stdin cleanup handlers for process.stdin listeners
- Implement event listener tracking to prevent memory leaks
- Add lazy watcher initialization for session.json monitoring
- Add explicit isExternalTerminal flag for better terminal detection
- Optimize activity file writing to only write on state changes
- Track last written activity state to avoid unnecessary disk I/O
- Fix timer management in setupSessionJsonWatcher to properly assign timer before setTimeout
- Improve IPC socket error handling to throw error instead of silently returning
- Socket path length validation now fails fast with clear error message
- Display activity status (e.g., 'Browsing', 'Considering') below each session
- Show status inline with working directory path, separated by dot
- Match visual style from web frontend with orange status text
- Add compact path display with ~ for home directory
- Remove unused imports to clean up test files
- Use shorter session IDs to avoid path length issues
- Adjust timing in tests for better reliability
- Improve test descriptions and assertions
- Validate session ID format to prevent injection attacks
- Sanitize title input: limit to 256 chars, filter control characters
- Prevent potential security issues with malformed session titles
- Placed file browser button between notification and create session buttons
- Matches the layout of the full header for better consistency
- Maintains same styling and functionality as main page
- Integrated SafePTYWriter and PTYStreamAnalyzer from PR #171 to prevent terminal corruption
- Fixed stdin listener duplication bug - stdin is now handled via IPC socket only
- Fixed IPC socket handler to properly handle both stdin data and control commands using framed message protocol
- Updated socket paths from 'i.sock' to unified 'ipc.sock'
- Added comprehensive tests for SafePTYWriter and PTYStreamAnalyzer
- Removed global process.stdin listeners to prevent duplication across sessions
- Remove controlPipePath and controlWatcher from types
- Remove setupControlPipe method entirely
- Update sendControlMessage to use socket-based IPC
- Remove control pipe cleanup code
- Keep stdin forwarding memory leak fix
The control pipe system was replaced by socket-based IPC in main.
This commit removes the old control pipe code that was accidentally
reintroduced during the rebase.
- Fix memory leak where stdin listeners were never removed
- Store stdin listener reference for proper cleanup
- Add missing controlPipePath property to session types
- Update session manager to include controlPipePath in paths
- Each session now properly tracks and cleans up its stdin listener
This fixes both the CI failures and the reported bug where input
was duplicated across all forwardToStdout sessions.
- Update session.sessionJsonDebounceTimer when creating new timers
- Clear timer reference after callback execution
- Remove incorrect initial null assignment
- Fixes memory leak where timers continued after session cleanup
The bug occurred because the timer ID was only stored in a local variable,
preventing proper cleanup during session termination.
- Add --update-title flag to fwd.ts for cleaner session title updates
- Replace complex bash/jq/python/sed logic with single fwd.ts call
- Leverage existing SessionManager for type-safe JSON handling
- Improve error handling and messaging
- Reorganize vt script to locate app path before processing commands
This eliminates the fragile bash JSON manipulation in favor of a
robust TypeScript implementation that reuses existing infrastructure.
- Fix command injection vulnerability by using jq --arg for safe parameter passing
- Add Python fallback for systems without jq for safe JSON manipulation
- Improve sed fallback with proper escaping (last resort)
- Add debouncing (100ms) to file watcher to prevent rapid updates
- Add error handling for file watcher failures
- Clean up debounce timer on session cleanup
- Fix issue where lastSessionName wasn't properly tracked
Security fix prevents arbitrary command execution through malicious title strings.
Debouncing prevents performance issues from rapid file changes.
- Add error handling for 'vt title' when used outside a session
- Create unit tests for session.json watcher in PtyManager
- Add integration tests for vt title command with edge cases
- Test all 4 title modes (none, filter, static, dynamic)
- Test special characters, concurrent updates, and error scenarios
- Ensure proper cleanup of file watchers on session exit
- Add 'vt title' command that updates session names from within terminal sessions
- Implement file watcher in PtyManager to detect session.json changes
- Integrate title updates with all 4 title modes (none, filter, static, dynamic)
- Updates terminal titles in real-time when session name changes
- Works by directly editing session.json using the VIBETUNNEL_SESSION_ID env var
This allows users to easily set descriptive names for their terminal sessions,
making it easier to manage multiple VibeTunnel windows.
