Extract improvements from PR #318:
1. Set default user ID in no-auth mode for auth middleware
- Ensures consistent behavior when authentication is disabled
- Prevents potential issues with undefined user IDs
2. Convert to type-only imports in push notification service
- Use TypeScript type imports for better tree shaking
- Remove .js extensions from imports for consistency
- Minor logging improvement for service worker registration
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Ensure bash, zsh, and fish spawn as login shells to read config files
- Add -i and -l flags for bash/zsh, --interactive and --login for fish
- Avoid duplicate flags if already present
- Add user feedback when starting shells in login mode
Fixes#251
fix: prevent file browser flashing and reduce log verbosity
- Split visibility and session change handling to avoid redundant directory loads
- Only reload directory when component becomes visible or session changes while visible
- Change directory browse success log from info to debug level to reduce noise
- Fixes issue where file browser would flash/reload unnecessarily on prop changes
```
- Add titleInjectionInProgress flag to prevent concurrent injections
- Update lastWriteTimestamp immediately before enqueueing to prevent quiet period violations
- Clear pendingTitleToInject only after successful write completion
- Compare titles before clearing to avoid losing newer updates
- Stop injection timer only when no pending titles remain
- Use try-finally to ensure in-progress flag is always cleared
This prevents both lost title updates and quiet period violations that could
occur when titles were cleared prematurely or timestamps updated too late.
- Modified initLogger() to return early if already initialized
- Removed explicit false parameter in server.ts to preserve debug mode from CLI
- Fixes test failure where log file was being deleted after first write
- Change periodic activity update interval from 500ms to 1000ms
- Ensure all title updates go through debouncer (including session name changes)
- Prevents excessive terminal updates while maintaining responsiveness
- Fix menu bar button highlighting using state instead of highlight()
- Extract process name from command path for cleaner display
- Show session name next to command with dash separator
- Fix corner radius on new session dialog
- Make Create button darker green for better visibility
- Update editing to properly handle session names
- Remove stdin handler cleanup that was contradicting the comment
- Remove unused stdinHandler and stdinDataListener from PtySession interface
- Stdin is handled via IPC socket, not process.stdin listeners
- Add stdin cleanup handlers for process.stdin listeners
- Implement event listener tracking to prevent memory leaks
- Add lazy watcher initialization for session.json monitoring
- Add explicit isExternalTerminal flag for better terminal detection
- Optimize activity file writing to only write on state changes
- Track last written activity state to avoid unnecessary disk I/O
- Fix timer management in setupSessionJsonWatcher to properly assign timer before setTimeout
- Improve IPC socket error handling to throw error instead of silently returning
- Socket path length validation now fails fast with clear error message
- Validate session ID format to prevent injection attacks
- Sanitize title input: limit to 256 chars, filter control characters
- Prevent potential security issues with malformed session titles
- Integrated SafePTYWriter and PTYStreamAnalyzer from PR #171 to prevent terminal corruption
- Fixed stdin listener duplication bug - stdin is now handled via IPC socket only
- Fixed IPC socket handler to properly handle both stdin data and control commands using framed message protocol
- Updated socket paths from 'i.sock' to unified 'ipc.sock'
- Added comprehensive tests for SafePTYWriter and PTYStreamAnalyzer
- Removed global process.stdin listeners to prevent duplication across sessions
- Remove controlPipePath and controlWatcher from types
- Remove setupControlPipe method entirely
- Update sendControlMessage to use socket-based IPC
- Remove control pipe cleanup code
- Keep stdin forwarding memory leak fix
The control pipe system was replaced by socket-based IPC in main.
This commit removes the old control pipe code that was accidentally
reintroduced during the rebase.
- Fix memory leak where stdin listeners were never removed
- Store stdin listener reference for proper cleanup
- Add missing controlPipePath property to session types
- Update session manager to include controlPipePath in paths
- Each session now properly tracks and cleans up its stdin listener
This fixes both the CI failures and the reported bug where input
was duplicated across all forwardToStdout sessions.
- Update session.sessionJsonDebounceTimer when creating new timers
- Clear timer reference after callback execution
- Remove incorrect initial null assignment
- Fixes memory leak where timers continued after session cleanup
The bug occurred because the timer ID was only stored in a local variable,
preventing proper cleanup during session termination.
