001 speckit UI integration #153
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Move ii-spec submodule from project root (spec-kit/) to organized location at submodules/ii-spec/ for better project structure. This completes Phase 0 of the SpecKit UI integration feature. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add react-markdown, remark-gfm, and react-syntax-highlighter for rendering SpecKit artifacts in the UI. Verify project structure prerequisites (.specify/, specs/) are in place. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 4 implements User Story 4 - Create New Feature Workflow (P1 MVP): Workflow Modal: - Full-screen dialog with dual-pane layout (chat + document) - Workflow stepper with clickable navigation for completed steps - Real-time command output streaming with cancel support - Live artifact preview with tabs (Spec, Plan, Research, Tasks) Step Components: - ConstitutionStep: View/create project constitution - SpecifyStep: Feature description input form with validation - ClarifyStep: Clarification questions with option buttons - PlanStep: Plan generation with approve/regenerate actions - TasksStep: Task breakdown generation - ImplementStep: Task list with copy-to-clipboard for each task Supporting Features: - useWorkflowState, useExecuteCommand, useCommandOutput hooks - StaleWarningBanner for downstream artifact warnings - SkipClarifyWarningBanner for skipping clarification - Error handling with retry capability in ChatPane - Workflow button added to PlanPage header Tasks completed: T066-T096 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…rmats The constitution parser was only matching "## Principle I - Name" format but the actual constitution.md uses "### I. Name" format with optional parenthetical suffixes like "(NON-NEGOTIABLE)". Updated extractPrincipleNames() to handle: - ## Principle I - Desktop-First - ### I. Desktop-First Experience - ### II. Git Worktree Isolation (NON-NEGOTIABLE) - ## I. Desktop-First Experience This completes Phase 5 (US2 - View Constitution) by ensuring the ConstitutionSection correctly displays principle names. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add FeaturesTable component to display all previous SpecKit features - Add FeatureDetailModal with tabs for spec/plan/research/tasks artifacts - Integrate FeaturesTable into PlanPage layout below constitution section - Show artifact presence indicators with checkmarks for existing artifacts - Include Open in Editor button, loading states, and error handling Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add InitializationPrompt component with one-click SpecKit initialization - Add SubmoduleWarning dialog for uninitialized submodule detection - Integrate SpecKit sidebar button into active chat toolbar - Add submodule verification check to tRPC speckit router - Add speckitWorkflowStartStepAtom for context-aware modal opening - Wire up initialization detection in PlanPage component - Mark Phase 7 tasks T120-T131 as complete in tasks.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete Phase 9 polish tasks (T132-T151) for production-ready SpecKit UI: Performance Optimization: - T132: Add pagination to FeaturesTable (page nav, counters) - T133: Verify React.memo() on MarkdownView (already present) - T134: Add staleTime caching (30s) to DocumentPane artifacts - T135: Add debounced polling to useWorkflowState hook Accessibility: - T136: Enhanced ARIA labels on SpecKit button (aria-label, aria-pressed, aria-expanded) - T137: Document Esc key closes modal (Radix Dialog native) - T138: Add aria-labelledby/describedby to WorkflowModal - T139: Add live region announcements to WorkflowStepper Error Handling: - T140: Create SpecKitErrorBoundary, wrap PlanPage - T141: Document graceful Git error handling in state-detector - T142: Add file watcher integration to FeaturesTable - T143: Enhanced parseClarificationQuestions with robust error handling Documentation: - T144: Add comprehensive JSDoc to speckit tRPC router - T145: Add module-level docs to state-detector - T146: Verify component JSDoc (already present) - T147: Update quickstart.md with complete file reference tables Code Cleanup: - T148: Verify no TODO/FIXME comments in SpecKit code - T149: Build passes with no TypeScript errors (52.73s) - T150: Verify all imports use @/ absolute paths - T151: Validate project structure matches quickstart.md All 20 Phase 9 tasks complete. Feature ready for production. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Complete Phase 10 v2 UI refinements with the following improvements: **Global Renaming (T152-T156):** - Renamed "SpecKit" to "Spec" throughout all user-facing text - Updated icon button labels, page titles, and modal titles - Updated submodule warning dialog text - Kept internal atom names for backward compatibility (T156 skipped) **Plan Page Restructure (T157-T166):** - Refactored PlanPage into Overview and Current Branch sections - Created OverviewSection component with constitution and features list - Created CurrentBranchSection component with branch header - Added WorkflowProgressIndicator showing Spec → Plan → Tasks → Implement - Implemented tabbed interface for Specification/Plan/Tasks/Implement - Added branch detection to show CurrentBranchSection only on feature branches - Added divider between Overview and Current Branch sections **Collapsible Phases (T167-T172):** - Created PhaseSection component with Radix Collapsible UI - Refactored ImplementStep to group tasks by phase - Implemented expand/collapse toggle for each phase - Added phase number badges and completion progress bars **Copy Buttons (T173-T179):** - Added phase-level copy buttons with format: /speckit.implement [branch] Phase [N] - Updated task copy buttons with format: /speckit.implement [branch] [task-id] - Added tooltips to all copy buttons - Integrated getCurrentBranch tRPC call for dynamic branch names - Updated toast notifications with new command formats **Integration (T180-T181):** - Applied collapsible phase structure to CurrentBranchSection Implement tab - Ensured consistent copy button behavior across WorkflowModal and PlanPage **Bug Fixes:** - Fixed import errors (SpecErrorBoundary, SpecSidebar) - Fixed artifact fetching parameter (featureBranch instead of branchName) - Updated all component exports for consistency All 30 Phase 10 tasks complete (29 implemented + 1 intentionally skipped). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit fixes all P1 critical security vulnerabilities and P2 high-priority issues identified in the PR #9 review. Changes include security hardening, race condition fixes, memory leak prevention, and state management improvements. ## Security Fixes (P1) ### P1-1: Command Injection in Command Executor - Create new security-utils.ts module with validation functions - Replace buildCommandString() with buildCommandArray() for array-based args - Change spawn() to use shell: false to prevent injection - Add parseCommandArgs() to safely handle quoted strings - Whitelist environment variables in buildSafeEnvironment() ### P1-2: Command Injection via Branch Name - Add Zod validation with validateBranchName() in switchBranch procedure - Replace execSync with execFileSync using array arguments - Prevent shell metacharacters in branch names ### P1-3: Path Traversal Vulnerability - Add validatePathInProject() to detect ../ escape sequences - Apply path validation in getArtifactPath(), getConstitutionPath() - Validate feature directories in listFeatureDirectories() ## Backend Fixes (P2) ### P2-1: Cancel Execution Race Condition - Add cancelling flag and killTimer to CommandExecution interface - Delay execution cleanup until process confirmed dead - Clear kill timer in process close handler ### P2-2: Environment Variable Leakage - Implement buildSafeEnvironment() with explicit whitelist - Only pass required env vars: ANTHROPIC_API_KEY, PATH, HOME, USER, etc. ### P2-3: Submodule Status Check Logic - Change .some() to .every() for file existence check - Require ALL expected files to mark submodule as initialized ### P2-4 & P2-5: File Watcher Cleanup + Windows Path Handling - Change watchId separator from : to :: for Windows drive letters - Add WatcherEntry interface with activity timestamps - Implement periodic cleanup interval (5min timeout) - Track lastActivity on file events to identify stale watchers ## Frontend Fixes (P2) ### P2-7: Output Line Accumulation Memory Leak - Implement circular buffer with MAX_OUTPUT_LINES = 10000 - Add addOutputLine() helper to trim when threshold exceeded - Limit rawOutput string to 1MB max ### P2-8: Stale Answers in Clarify Step - Add useEffect to reset answers when questions prop changes ### P2-9: onStartImplementation Callback Not Wired - Add "Start" button to TaskItem that triggers onStart callback - Make onStart prop optional in TaskItem interface ### P2-10: isCompleted Prop Ignored - Implement conditional rendering based on isCompleted state - Show completion badge when constitution step is complete - Display read-only markdown view when completed ### P2-11 to P2-15: State Reset Issues - Reset pagination when projectPath changes (features-table) - Manage timeout cleanup properly in modal close handler (feature-detail-modal) - Reset dismissal flags when step changes or modal opens/closes (workflow-modal) - Track previous state to detect transitions properly (plan-page) - Add cleanup useEffect for timer management ## Files Changed - Created: src/main/lib/speckit/security-utils.ts - Modified: 11 files (3 backend, 8 frontend) ## Related Issues - Closes #22516 (analyze step detection - future work) - Addresses all issues from PR #9 review ## Testing - TypeScript compilation: ✅ Passing - Security tests: Pending (Phase 4) - Integration tests: Pending (Phase 4) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive automated PR review loop command that: - Monitors PR for new review comments every 10 minutes - Analyzes and prioritizes comments (P1-P4) - Enters plan mode for fix design - Implements approved fixes with parallel agents - Commits and pushes changes automatically - Loops continuously until stopped Features: - Smart comment tracking (avoid re-fixing) - Exponential backoff when no changes - Graceful error recovery - State persistence for resume capability - Configurable via env vars or inline options Safety mechanisms: - Requires user approval for each plan - Rate limiting (6 iterations/hour max) - Conflict detection before each iteration - Manual stop via Ctrl+C Usage: /pr-review-loop [pr-number] Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix file watcher premature timeout and path validation edge case identified by cubic-dev-ai in the second review iteration. ## File Watcher Fix - Remove time-based cleanup interval for file watchers - Rely on subscription cleanup callbacks instead - Prevents watchers from closing during quiet periods with active subscriptions Root cause: lastActivity tracked file changes, not subscription activity. Quiet directories were incorrectly treated as abandoned. ## Path Validation Fix - Handle empty relative path (project root) correctly - Fix contradiction between comment and implementation - validatePathInProject(root, root) now returns true as intended Root cause: Logic explicitly rejected empty paths despite comment saying valid. ## Changes - src/main/lib/trpc/routers/speckit.ts: Remove cleanup interval (~15 lines) - src/main/lib/speckit/security-utils.ts: Fix empty path check (~3 lines) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add New Feature Flow button that appears only on named feature branches (not main/master/internal/staging/dev) - Button opens workflow modal in empty state for new feature creation - Fix workflow modal height: add min-h-0 to flex containers for proper height utilization - Add branch detection utilities (BranchType, PROTECTED_BRANCHES, isNamedFeatureBranch, isProtectedBranch) - Add useBranchDetection hook for conditional button rendering - Add workflow start mode atoms for controlling modal behavior Files created: - src/renderer/features/speckit/types/branch.ts - src/renderer/features/speckit/types/workflow.ts - src/renderer/features/speckit/hooks/useBranchDetection.ts Files modified: - src/renderer/features/speckit/atoms/index.ts - src/renderer/features/speckit/types/index.ts - src/renderer/features/speckit/components/plan-page.tsx - src/renderer/features/speckit/components/workflow-modal.tsx Co-Authored-By: Claude <noreply@anthropic.com>
- Add feature specification at .specify/specs/001-speckit-ui-integration-spec.md - Update data-model.md with branch detection types appendix - Update plan.md with implementation plan phases - Update quickstart.md with bug fix implementation guide Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.