catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-11 02:33:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Issue Queue: issue-exec-20260106-160325 (#52)

Browse Source 
* feat(security): Secure dashboard server by default

## Solution Summary
- Solution-ID: SOL-DSC-002-1
- Issue-ID: DSC-002

## Tasks Completed
- [T1] JWT token manager (24h expiry, persisted secret/token)
- [T2] API auth middleware + localhost token endpoint
- [T3] Default bind 127.0.0.1, add --host with warning
- [T4] Localhost-only CORS with credentials + Vary
- [T5] SECURITY.md documentation + README link

## Verification
- npm run build
- npm test -- ccw/tests/token-manager.test.ts ccw/tests/middleware.test.ts ccw/tests/server-auth.integration.test.ts ccw/tests/server.test.ts ccw/tests/cors.test.ts

* fix(security): Prevent command injection in Windows spawn()

## Solution Summary
- **Solution-ID**: SOL-DSC-001-1
- **Issue-ID**: DSC-001
- **Risk/Impact/Complexity**: high/high/medium

## Tasks Completed
- [T1] Create Windows shell escape utility
- [T2] Escape cli-executor spawn() args on Windows
- [T3] Add command injection regression tests

## Files Modified
- ccw/src/utils/shell-escape.ts
- ccw/src/tools/cli-executor.ts
- ccw/tests/shell-escape.test.ts
- ccw/tests/security/command-injection.test.ts

## Verification
- npm run build
- npm test -- ccw/tests/shell-escape.test.ts ccw/tests/security/command-injection.test.ts

* fix(security): Harden path validation (DSC-005)

## Solution Summary
- Solution-ID: SOL-DSC-005-1
- Issue-ID: DSC-005

## Tasks Completed
- T1: Refactor path validation to pre-resolution checking
- T2: Implement allowlist-based path validation
- T3: Add path validation to API routes
- T4: Add path security regression tests

## Files Modified
- ccw/src/utils/path-resolver.ts
- ccw/src/utils/path-validator.ts
- ccw/src/core/routes/graph-routes.ts
- ccw/src/core/routes/files-routes.ts
- ccw/src/core/routes/skills-routes.ts
- ccw/tests/path-resolver.test.ts
- ccw/tests/graph-routes.test.ts
- ccw/tests/files-routes.test.ts
- ccw/tests/skills-routes.test.ts
- ccw/tests/security/path-traversal.test.ts

## Verification
- npm run build
- npm test -- path-resolver.test.ts
- npm test -- path-validator.test.ts
- npm test -- graph-routes.test.ts
- npm test -- files-routes.test.ts
- npm test -- skills-routes.test.ts
- npm test -- ccw/tests/security/path-traversal.test.ts

* fix(security): Prevent credential leakage (DSC-004)

## Solution Summary
- Solution-ID: SOL-DSC-004-1
- Issue-ID: DSC-004

## Tasks Completed
- T1: Create credential handling security tests
- T2: Add log sanitization tests
- T3: Add env var leakage prevention tests
- T4: Add secure storage tests

## Files Modified
- ccw/src/config/litellm-api-config-manager.ts
- ccw/src/core/routes/litellm-api-routes.ts
- ccw/tests/security/credential-handling.test.ts

## Verification
- npm run build
- node --experimental-strip-types --test ccw/tests/security/credential-handling.test.ts

* test(ranking): expand normalize_weights edge case coverage (ISS-1766920108814-0)

## Solution Summary
- Solution-ID: SOL-20251228113607
- Issue-ID: ISS-1766920108814-0

## Tasks Completed
- T1: Fix NaN and invalid total handling in normalize_weights
- T2: Add unit tests for NaN edge cases in normalize_weights

## Files Modified
- codex-lens/tests/test_rrf_fusion.py

## Verification
- python -m pytest codex-lens/tests/test_rrf_fusion.py::TestNormalizeBM25Score -v
- python -m pytest codex-lens/tests/test_rrf_fusion.py -v -k normalize
- python -m pytest codex-lens/tests/test_rrf_fusion.py::TestReciprocalRankFusion::test_weight_normalization codex-lens/tests/test_cli_hybrid_search.py::TestCLIHybridSearch::test_weights_normalization -v

* feat(security): Add CSRF protection and tighten CORS (DSC-006)

## Solution Summary
- Solution-ID: SOL-DSC-006-1
- Issue-ID: DSC-006
- Risk/Impact/Complexity: high/high/medium

## Tasks Completed
- T1: Create CSRF token generation system
- T2: Add CSRF token endpoints
- T3: Implement CSRF validation middleware
- T4: Restrict CORS to trusted origins
- T5: Add CSRF security tests

## Files Modified
- ccw/src/core/auth/csrf-manager.ts
- ccw/src/core/auth/csrf-middleware.ts
- ccw/src/core/routes/auth-routes.ts
- ccw/src/core/server.ts
- ccw/tests/csrf-manager.test.ts
- ccw/tests/auth-routes.test.ts
- ccw/tests/csrf-middleware.test.ts
- ccw/tests/security/csrf.test.ts

## Verification
- npm run build
- node --experimental-strip-types --test ccw/tests/csrf-manager.test.ts
- node --experimental-strip-types --test ccw/tests/auth-routes.test.ts
- node --experimental-strip-types --test ccw/tests/csrf-middleware.test.ts
- node --experimental-strip-types --test ccw/tests/cors.test.ts
- node --experimental-strip-types --test ccw/tests/security/csrf.test.ts

* fix(cli-executor): prevent stale SIGKILL timeouts

## Solution Summary

- Solution-ID: SOL-DSC-007-1

- Issue-ID: DSC-007

- Risk/Impact/Complexity: low/low/low

## Tasks Completed

- [T1] Store timeout handle in killCurrentCliProcess

## Files Modified

- ccw/src/tools/cli-executor.ts

- ccw/tests/cli-executor-kill.test.ts

## Verification

- node --experimental-strip-types --test ccw/tests/cli-executor-kill.test.ts

* fix(cli-executor): enhance merge validation guards

## Solution Summary

- Solution-ID: SOL-DSC-008-1

- Issue-ID: DSC-008

- Risk/Impact/Complexity: low/low/low

## Tasks Completed

- [T1] Enhance sourceConversations array validation

## Files Modified

- ccw/src/tools/cli-executor.ts

- ccw/tests/cli-executor-merge-validation.test.ts

## Verification

- node --experimental-strip-types --test ccw/tests/cli-executor-merge-validation.test.ts

* refactor(core): remove @ts-nocheck from core routes

## Solution Summary
- Solution-ID: SOL-DSC-003-1
- Issue-ID: DSC-003
- Queue-ID: QUE-20260106-164500
- Item-ID: S-9

## Tasks Completed
- T1: Create shared RouteContext type definition
- T2: Remove @ts-nocheck from small route files
- T3: Remove @ts-nocheck from medium route files
- T4: Remove @ts-nocheck from large route files
- T5: Remove @ts-nocheck from remaining core files

## Files Modified
- ccw/src/core/dashboard-generator-patch.ts
- ccw/src/core/dashboard-generator.ts
- ccw/src/core/routes/ccw-routes.ts
- ccw/src/core/routes/claude-routes.ts
- ccw/src/core/routes/cli-routes.ts
- ccw/src/core/routes/codexlens-routes.ts
- ccw/src/core/routes/discovery-routes.ts
- ccw/src/core/routes/files-routes.ts
- ccw/src/core/routes/graph-routes.ts
- ccw/src/core/routes/help-routes.ts
- ccw/src/core/routes/hooks-routes.ts
- ccw/src/core/routes/issue-routes.ts
- ccw/src/core/routes/litellm-api-routes.ts
- ccw/src/core/routes/litellm-routes.ts
- ccw/src/core/routes/mcp-routes.ts
- ccw/src/core/routes/mcp-routes.ts.backup
- ccw/src/core/routes/mcp-templates-db.ts
- ccw/src/core/routes/nav-status-routes.ts
- ccw/src/core/routes/rules-routes.ts
- ccw/src/core/routes/session-routes.ts
- ccw/src/core/routes/skills-routes.ts
- ccw/src/core/routes/status-routes.ts
- ccw/src/core/routes/system-routes.ts
- ccw/src/core/routes/types.ts
- ccw/src/core/server.ts
- ccw/src/core/websocket.ts

## Verification
- npm run build
- npm test

* refactor: split cli-executor and codexlens routes into modules

## Solution Summary
- Solution-ID: SOL-DSC-012-1
- Issue-ID: DSC-012
- Risk/Impact/Complexity: medium/medium/high

## Tasks Completed
- [T1] Extract execution orchestration from cli-executor.ts (Refactor ccw/src/tools)
- [T2] Extract route handlers from codexlens-routes.ts (Refactor ccw/src/core/routes)
- [T3] Extract prompt concatenation logic from cli-executor (Refactor ccw/src/tools)
- [T4] Document refactored module architecture (Docs)

## Files Modified
- ccw/src/tools/cli-executor.ts
- ccw/src/tools/cli-executor-core.ts
- ccw/src/tools/cli-executor-utils.ts
- ccw/src/tools/cli-executor-state.ts
- ccw/src/tools/cli-prompt-builder.ts
- ccw/src/tools/README.md
- ccw/src/core/routes/codexlens-routes.ts
- ccw/src/core/routes/codexlens/config-handlers.ts
- ccw/src/core/routes/codexlens/index-handlers.ts
- ccw/src/core/routes/codexlens/semantic-handlers.ts
- ccw/src/core/routes/codexlens/watcher-handlers.ts
- ccw/src/core/routes/codexlens/utils.ts
- ccw/src/core/routes/codexlens/README.md

## Verification
- npm run build
- npm test

* test(issue): Add comprehensive issue command tests

## Solution Summary
- **Solution-ID**: SOL-DSC-009-1
- **Issue-ID**: DSC-009
- **Risk/Impact/Complexity**: low/high/medium

## Tasks Completed
- [T1] Create issue command test file structure: Create isolated test harness
- [T2] Add JSONL read/write operation tests: Verify JSONL correctness and errors
- [T3] Add issue lifecycle tests: Verify status transitions and timestamps
- [T4] Add solution binding tests: Verify binding flows and error cases
- [T5] Add queue formation tests: Verify queue creation, IDs, and DAG behavior
- [T6] Add queue execution tests: Verify next/done/retry and status sync

## Files Modified
- ccw/src/commands/issue.ts
- ccw/tests/issue-command.test.ts

## Verification
- node --experimental-strip-types --test ccw/tests/issue-command.test.ts

* test(routes): Add integration tests for route modules

## Solution Summary
- Solution-ID: SOL-DSC-010-1
- Issue-ID: DSC-010
- Queue-ID: QUE-20260106-164500

## Tasks Completed
- [T1] Add tests for ccw-routes.ts
- [T2] Add tests for files-routes.ts
- [T3] Add tests for claude-routes.ts (includes Windows path fix for create)
- [T4] Add tests for issue-routes.ts
- [T5] Add tests for help-routes.ts (avoid hanging watchers)
- [T6] Add tests for nav-status-routes.ts
- [T7] Add tests for hooks/graph/rules/skills/litellm-api routes

## Files Modified
- ccw/src/core/routes/claude-routes.ts
- ccw/src/core/routes/help-routes.ts
- ccw/tests/integration/ccw-routes.test.ts
- ccw/tests/integration/claude-routes.test.ts
- ccw/tests/integration/files-routes.test.ts
- ccw/tests/integration/issue-routes.test.ts
- ccw/tests/integration/help-routes.test.ts
- ccw/tests/integration/nav-status-routes.test.ts
- ccw/tests/integration/hooks-routes.test.ts
- ccw/tests/integration/graph-routes.test.ts
- ccw/tests/integration/rules-routes.test.ts
- ccw/tests/integration/skills-routes.test.ts
- ccw/tests/integration/litellm-api-routes.test.ts

## Verification
- node --experimental-strip-types --test ccw/tests/integration/ccw-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/files-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/claude-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/issue-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/help-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/nav-status-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/hooks-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/graph-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/rules-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/skills-routes.test.ts
- node --experimental-strip-types --test ccw/tests/integration/litellm-api-routes.test.ts

* refactor(core): Switch cache and lite scanning to async fs

## Solution Summary
- Solution-ID: SOL-DSC-013-1
- Issue-ID: DSC-013
- Queue-ID: QUE-20260106-164500

## Tasks Completed
- [T1] Convert cache-manager.ts to async file operations
- [T2] Convert lite-scanner.ts to async file operations
- [T3] Update cache-manager call sites to await async API
- [T4] Update lite-scanner call sites to await async API

## Files Modified
- ccw/src/core/cache-manager.ts
- ccw/src/core/lite-scanner.ts
- ccw/src/core/data-aggregator.ts

## Verification
- npm run build
- npm test

* fix(exec): Add timeout protection for execSync

## Solution Summary
- Solution-ID: SOL-DSC-014-1
- Issue-ID: DSC-014
- Queue-ID: QUE-20260106-164500

## Tasks Completed
- [T1] Add timeout to execSync calls in python-utils.ts
- [T2] Add timeout to execSync calls in detect-changed-modules.ts
- [T3] Add timeout to execSync calls in claude-freshness.ts
- [T4] Add timeout to execSync calls in issue.ts
- [T5] Consolidate execSync timeout constants and audit coverage

## Files Modified
- ccw/src/utils/exec-constants.ts
- ccw/src/utils/python-utils.ts
- ccw/src/tools/detect-changed-modules.ts
- ccw/src/core/claude-freshness.ts
- ccw/src/commands/issue.ts
- ccw/src/tools/smart-search.ts
- ccw/src/tools/codex-lens.ts
- ccw/src/core/routes/codexlens/config-handlers.ts

## Verification
- npm run build
- npm test
- node --experimental-strip-types --test ccw/tests/issue-command.test.ts

* feat(cli): Add progress spinner with elapsed time for long-running operations

## Solution Summary
- Solution-ID: SOL-DSC-015-1
- Issue-ID: DSC-015
- Queue-Item: S-15
- Risk/Impact/Complexity: low/medium/low

## Tasks Completed
- [T1] Add progress spinner to CLI execution: Update ccw/src/commands/cli.ts

## Files Modified
- ccw/src/commands/cli.ts
- ccw/tests/cli-command.test.ts

## Verification
- node --experimental-strip-types --test ccw/tests/cli-command.test.ts
- node --experimental-strip-types --test ccw/tests/cli-executor-kill.test.ts
- node --experimental-strip-types --test ccw/tests/cli-executor-merge-validation.test.ts

* fix(cli): Move full output hint immediately after truncation notice

## Solution Summary
- Solution-ID: SOL-DSC-016-1
- Issue-ID: DSC-016
- Queue-Item: S-16
- Risk/Impact/Complexity: low/high/low

## Tasks Completed
- [T1] Relocate output hint after truncation: Update ccw/src/commands/cli.ts

## Files Modified
- ccw/src/commands/cli.ts
- ccw/tests/cli-command.test.ts

## Verification
- npm run build
- node --experimental-strip-types --test ccw/tests/cli-command.test.ts

* feat(cli): Add confirmation prompts for destructive operations

## Solution Summary
- Solution-ID: SOL-DSC-017-1
- Issue-ID: DSC-017
- Queue-Item: S-17
- Risk/Impact/Complexity: low/high/low

## Tasks Completed
- [T1] Add confirmation to storage clean operations: Update ccw/src/commands/cli.ts
- [T2] Add confirmation to issue queue delete: Update ccw/src/commands/issue.ts

## Files Modified
- ccw/src/commands/cli.ts
- ccw/src/commands/issue.ts
- ccw/tests/cli-command.test.ts
- ccw/tests/issue-command.test.ts

## Verification
- npm run build
- node --experimental-strip-types --test ccw/tests/cli-command.test.ts
- node --experimental-strip-types --test ccw/tests/issue-command.test.ts

* feat(cli): Improve multi-line prompt guidance

## Solution Summary
- Solution-ID: SOL-DSC-018-1
- Issue-ID: DSC-018
- Queue-Item: S-18
- Risk/Impact/Complexity: low/medium/low

## Tasks Completed
- [T1] Update CLI help to emphasize --file option: Update ccw/src/commands/cli.ts
- [T2] Add inline hint for multi-line detection: Update ccw/src/commands/cli.ts

## Files Modified
- ccw/src/commands/cli.ts
- ccw/tests/cli-command.test.ts

## Verification
- npm run build
- node --experimental-strip-types --test ccw/tests/cli-command.test.ts

---------

Co-authored-by: catlog22 <catlog22@github.com>
This commit is contained in:
catlog22
2026-01-07 22:35:46 +08:00
committed by GitHub
parent fae2f7e279
commit 09d99abee6
100 changed files with 14300 additions and 6456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
ccw/src/commands/cli.ts
View File

@@ -5,6 +5,7 @@
import chalk from 'chalk';
import http from 'http';
import inquirer from 'inquirer';
import {
cliExecutorTool,
getCliToolsStatus,
@@ -26,6 +27,7 @@ import {
getStorageLocationInstructions
} from '../tools/storage-manager.js';
import { getHistoryStore } from '../tools/cli-history-store.js';
import { createSpinner } from '../utils/ui.js';
// Dashboard notification settings
const DASHBOARD_PORT = process.env.CCW_PORT || 3456;
@@ -280,12 +282,17 @@ async function cleanStorage(options: StorageOptions): Promise<void> {
}
if (!force) {
console.log(chalk.bold.yellow('\n Warning: This will delete ALL CCW storage:'));
console.log(` Location: ${stats.rootPath}`);
console.log(` Projects: ${stats.projectCount}`);
console.log(` Size: ${formatBytes(stats.totalSize)}`);
console.log(chalk.gray('\n Use --force to confirm deletion.\n'));
return;
const { proceed } = await inquirer.prompt([{
type: 'confirm',
name: 'proceed',
message: `Delete ALL CCW storage? This will remove ${stats.projectCount} projects (${formatBytes(stats.totalSize)}). This action cannot be undone.`,
default: false
}]);
if (!proceed) {
console.log(chalk.yellow('\n Storage clean cancelled.\n'));
return;
}
}
console.log(chalk.bold.cyan('\n Cleaning all storage...\n'));
@@ -554,6 +561,11 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
} else if (optionPrompt) {
// Use --prompt/-p option (preferred for multi-line)
finalPrompt = optionPrompt;
const promptLineCount = optionPrompt.split(/\r?\n/).length;
if (promptLineCount > 3) {
console.log(chalk.dim(' 💡 Tip: Use --file option to avoid shell escaping issues with multi-line prompts'));
console.log(chalk.dim(' Example: ccw cli -f prompt.txt --tool gemini'));
}
} else {
// Fall back to positional argument
finalPrompt = positionalPrompt;
@@ -705,7 +717,6 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
}
const nativeMode = noNative ? ' (prompt-concat)' : '';
const idInfo = id ? ` [${id}]` : '';
console.log(chalk.cyan(`\n Executing ${tool} (${mode} mode${resumeInfo}${nativeMode})${idInfo}...\n`));
// Show merge details
if (isMerge) {
@@ -719,11 +730,31 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
// Generate execution ID for streaming (use custom ID or timestamp-based)
const executionId = id || `${Date.now()}-${tool}`;
const startTime = Date.now();
const spinnerBaseText = `Executing ${tool} (${mode} mode${resumeInfo}${nativeMode})${idInfo}...`;
console.log();
const spinner = stream ? null : createSpinner(` ${spinnerBaseText}`).start();
const elapsedInterval = spinner
? setInterval(() => {
const elapsedSeconds = Math.floor((Date.now() - startTime) / 1000);
spinner.text = ` ${spinnerBaseText} (${elapsedSeconds}s elapsed)`;
}, 1000)
: null;
elapsedInterval?.unref?.();
if (!spinner) {
console.log(chalk.cyan(` ${spinnerBaseText}\n`));
}
// Handle process interruption (SIGINT/SIGTERM) to notify dashboard
const handleInterrupt = (signal: string) => {
const duration = Date.now() - startTime;
console.log(chalk.yellow(`\n Interrupted by ${signal}`));
if (elapsedInterval) clearInterval(elapsedInterval);
if (spinner) {
spinner.warn(`Interrupted by ${signal} (${Math.floor(duration / 1000)}s elapsed)`);
} else {
console.log(chalk.yellow(`\n Interrupted by ${signal}`));
}
// Kill child process (gemini/codex/qwen CLI) if running
killCurrentCliProcess();
@@ -790,6 +821,19 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
stream: !!stream // stream=true → streaming enabled (no cache), stream=false → cache output (default)
}, onOutput); // Always pass onOutput for real-time dashboard streaming
if (elapsedInterval) clearInterval(elapsedInterval);
if (spinner) {
const durationSeconds = (result.execution.duration_ms / 1000).toFixed(1);
const turnInfo = result.success && result.conversation.turn_count > 1
? ` (turn ${result.conversation.turn_count})`
: '';
if (result.success) {
spinner.succeed(`Completed in ${durationSeconds}s${turnInfo}`);
} else {
spinner.fail(`Failed after ${durationSeconds}s`);
}
}
// If not streaming (default), print output now
// Prefer parsedOutput (from stream parser) over raw stdout for better formatting
if (!stream) {
@@ -802,10 +846,12 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
// Print summary with execution ID and turn info
console.log();
if (result.success) {
const turnInfo = result.conversation.turn_count > 1
? ` (turn ${result.conversation.turn_count})`
: '';
console.log(chalk.green(` ✓ Completed in ${(result.execution.duration_ms / 1000).toFixed(1)}s${turnInfo}`));
if (!spinner) {
const turnInfo = result.conversation.turn_count > 1
? ` (turn ${result.conversation.turn_count})`
: '';
console.log(chalk.green(` ✓ Completed in ${(result.execution.duration_ms / 1000).toFixed(1)}s${turnInfo}`));
}
console.log(chalk.gray(` ID: ${result.execution.id}`));
if (isMerge && !id) {
// Merge without custom ID: updated all source conversations
@@ -844,7 +890,9 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
// Delay to allow HTTP request to complete
setTimeout(() => process.exit(0), 150);
} else {
console.log(chalk.red(` ✗ Failed (${result.execution.status})`));
if (!spinner) {
console.log(chalk.red(` ✗ Failed (${result.execution.status})`));
}
console.log(chalk.gray(` ID: ${result.execution.id}`));
console.log(chalk.gray(` Duration: ${(result.execution.duration_ms / 1000).toFixed(1)}s`));
console.log(chalk.gray(` Exit Code: ${result.execution.exit_code}`));
@@ -861,6 +909,8 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
}
if (stderrLines.length > 30) {
console.log(chalk.yellow(` ... ${stderrLines.length - 30} more lines`));
console.log(chalk.cyan(` 💡 View full output: ccw cli output ${result.execution.id}`));
console.log();
}
console.log(chalk.gray(' ' + '─'.repeat(60)));
}
@@ -870,7 +920,6 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
console.log(chalk.yellow.bold(' Troubleshooting:'));
console.log(chalk.gray(` • Check if ${tool} is properly installed: ccw cli status`));
console.log(chalk.gray(` • Enable debug mode: DEBUG=true ccw cli -p "..." or set DEBUG=true && ccw cli -p "..."`));
console.log(chalk.gray(` • View full output: ccw cli output ${result.execution.id}`));
if (result.stderr?.includes('API key') || result.stderr?.includes('Authentication')) {
console.log(chalk.gray(` • Check API key configuration for ${tool}`));
}
@@ -901,6 +950,8 @@ async function execAction(positionalPrompt: string | undefined, options: CliExec
}
} catch (error) {
const err = error as Error;
if (elapsedInterval) clearInterval(elapsedInterval);
if (spinner) spinner.fail('Execution error');
console.error(chalk.red.bold(`\n ✗ Execution Error\n`));
console.error(chalk.red(` ${err.message}`));
@@ -1121,8 +1172,8 @@ export async function cliCommand(
console.log(chalk.bold.cyan('\n CCW CLI Tool Executor\n'));
console.log(' Unified interface for Gemini, Qwen, and Codex CLI tools.\n');
console.log(' Usage:');
console.log(chalk.gray(' ccw cli -p "<prompt>" --tool <tool> Execute with prompt'));
console.log(chalk.gray(' ccw cli -f prompt.txt --tool <tool> Execute from file'));
console.log(chalk.gray(' ccw cli -f prompt.txt --tool <tool> Execute from file (recommended for multi-line)'));
console.log(chalk.gray(' ccw cli -p "<prompt>" --tool <tool> Execute with prompt (single-line)'));
console.log();
console.log(' Subcommands:');
console.log(chalk.gray(' status Check CLI tools availability'));
@@ -1133,8 +1184,8 @@ export async function cliCommand(
console.log(chalk.gray(' test-parse [args] Debug CLI argument parsing'));
console.log();
console.log(' Options:');
console.log(chalk.gray(' -p, --prompt <text> Prompt text'));
console.log(chalk.gray(' -f, --file <file> Read prompt from file'));
console.log(chalk.gray(' -f, --file <file> Read prompt from file (recommended for multi-line prompts)'));
console.log(chalk.gray(' -p, --prompt <text> Prompt text (single-line)'));
console.log(chalk.gray(' --tool <tool> Tool: gemini, qwen, codex (default: gemini)'));
console.log(chalk.gray(' --mode <mode> Mode: analysis, write, auto (default: analysis)'));
console.log(chalk.gray(' -d, --debug Enable debug logging for troubleshooting'));
@@ -1146,6 +1197,27 @@ export async function cliCommand(
console.log(chalk.gray(' --cache <items> Cache: comma-separated @patterns and text'));
console.log(chalk.gray(' --inject-mode <m> Inject mode: none, full, progressive'));
console.log();
console.log(' Examples:');
console.log(chalk.gray(' ccw cli -f my-prompt.txt --tool gemini'));
console.log();
console.log(chalk.gray(' # Bash/Linux heredoc'));
console.log(chalk.gray(" ccw cli -f <(cat <<'EOF'"));
console.log(chalk.gray(' PURPOSE: Multi-line prompt'));
console.log(chalk.gray(' TASK: Example task'));
console.log(chalk.gray(' EOF'));
console.log(chalk.gray(' ) --tool gemini'));
console.log();
console.log(chalk.gray(' # PowerShell multi-line'));
console.log(chalk.gray(" @'"));
console.log(chalk.gray(' PURPOSE: Multi-line prompt'));
console.log(chalk.gray(' TASK: Example task'));
console.log(chalk.gray(" '@ | Out-File -Encoding utf8 prompt.tmp; ccw cli -f prompt.tmp --tool gemini"));
console.log();
console.log(chalk.gray(' ccw cli --resume --tool gemini'));
console.log(chalk.gray(' ccw cli -p "..." --cache "@src/**/*.ts" --tool codex'));
console.log(chalk.gray(' ccw cli -p "..." --cache "@src/**/*" --inject-mode progressive --tool gemini'));
console.log(chalk.gray(' ccw cli output <id> --final # View result with usage hint'));
console.log();
console.log(' Cache format:');
console.log(chalk.gray(' --cache "@src/**/*.ts,@CLAUDE.md" # @patterns to pack'));
console.log(chalk.gray(' --cache "@src/**/*,extra context" # patterns + text content'));
@@ -1162,14 +1234,7 @@ export async function cliCommand(
console.log(chalk.gray(' --offset <n> Start from byte offset'));
console.log(chalk.gray(' --limit <n> Limit output bytes'));
console.log();
console.log(' Examples:');
console.log(chalk.gray(' ccw cli -p "Analyze auth module" --tool gemini'));
console.log(chalk.gray(' ccw cli -f prompt.txt --tool codex --mode write'));
console.log(chalk.gray(' ccw cli -p "$(cat template.md)" --tool gemini'));
console.log(chalk.gray(' ccw cli --resume --tool gemini'));
console.log(chalk.gray(' ccw cli -p "..." --cache "@src/**/*.ts" --tool codex'));
console.log(chalk.gray(' ccw cli -p "..." --cache "@src/**/*" --inject-mode progressive --tool gemini'));
console.log(chalk.gray(' ccw cli output <id> --final # View result with usage hint'));
console.log(chalk.dim(' Tip: For complex prompts, use --file to avoid shell escaping issues'));
console.log();
}
}

47
ccw/src/commands/issue.ts
View File

@@ -6,8 +6,18 @@
import chalk from 'chalk';
import { execSync } from 'child_process';
import inquirer from 'inquirer';
import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, statSync } from 'fs';
import { join, resolve } from 'path';
import { EXEC_TIMEOUTS } from '../utils/exec-constants.js';
function isExecTimeoutError(error: unknown): boolean {
const err = error as { code?: unknown; errno?: unknown; message?: unknown } | null;
const code = err?.code ?? err?.errno;
if (code === 'ETIMEDOUT') return true;
const message = typeof err?.message === 'string' ? err.message : '';
return message.includes('ETIMEDOUT');
}
// Handle EPIPE errors gracefully
process.stdout.on('error', (err: NodeJS.ErrnoException) => {
@@ -262,13 +272,15 @@ function getProjectRoot(): string {
// Get the common git directory (points to main repo's .git)
const gitCommonDir = execSync('git rev-parse --git-common-dir', {
encoding: 'utf-8',
stdio: ['pipe', 'pipe', 'pipe']
stdio: ['pipe', 'pipe', 'pipe'],
timeout: EXEC_TIMEOUTS.GIT_QUICK,
}).trim();
// Get the current git directory
const gitDir = execSync('git rev-parse --git-dir', {
encoding: 'utf-8',
stdio: ['pipe', 'pipe', 'pipe']
stdio: ['pipe', 'pipe', 'pipe'],
timeout: EXEC_TIMEOUTS.GIT_QUICK,
}).trim();
// Normalize paths for comparison (Windows case insensitive)
@@ -287,7 +299,10 @@ function getProjectRoot(): string {
return mainRepoRoot;
}
}
} catch {
} catch (err: unknown) {
if (isExecTimeoutError(err)) {
console.warn(`[issue] git rev-parse timed out after ${EXEC_TIMEOUTS.GIT_QUICK}ms; falling back to filesystem detection`);
}
// Git command failed - fall through to manual detection
}
@@ -334,7 +349,7 @@ function ensureIssuesDir(): void {
// ============ Issues JSONL ============
function readIssues(): Issue[] {
export function readIssues(): Issue[] {
const path = join(getIssuesDir(), 'issues.jsonl');
if (!existsSync(path)) return [];
try {
@@ -347,7 +362,7 @@ function readIssues(): Issue[] {
}
}
function writeIssues(issues: Issue[]): void {
export function writeIssues(issues: Issue[]): void {
ensureIssuesDir();
const path = join(getIssuesDir(), 'issues.jsonl');
// Always add trailing newline for proper JSONL format
@@ -482,7 +497,7 @@ function getSolutionsPath(issueId: string): string {
return join(getIssuesDir(), 'solutions', `${issueId}.jsonl`);
}
function readSolutions(issueId: string): Solution[] {
export function readSolutions(issueId: string): Solution[] {
const path = getSolutionsPath(issueId);
if (!existsSync(path)) return [];
try {
@@ -495,7 +510,7 @@ function readSolutions(issueId: string): Solution[] {
}
}
function writeSolutions(issueId: string, solutions: Solution[]): void {
export function writeSolutions(issueId: string, solutions: Solution[]): void {
const dir = join(getIssuesDir(), 'solutions');
if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
// Always add trailing newline for proper JSONL format
@@ -596,7 +611,7 @@ function generateQueueFileId(): string {
return `QUE-${ts}`;
}
function readQueue(queueId?: string): Queue | null {
export function readQueue(queueId?: string): Queue | null {
const index = readQueueIndex();
const targetId = queueId || index.active_queue_id;
@@ -748,7 +763,7 @@ function parseFailureReason(reason: string): FailureDetail {
};
}
function writeQueue(queue: Queue): void {
export function writeQueue(queue: Queue): void {
ensureQueuesDir();
// Support both old (tasks) and new (solutions) queue format
@@ -1841,6 +1856,20 @@ async function queueAction(subAction: string | undefined, issueId: string | unde
process.exit(1);
}
if (!options.force) {
const { proceed } = await inquirer.prompt([{
type: 'confirm',
name: 'proceed',
message: `Delete queue ${queueId}? This action cannot be undone.`,
default: false
}]);
if (!proceed) {
console.log(chalk.yellow('Queue deletion cancelled'));
return;
}
}
// Remove from index
const index = readQueueIndex();
index.queues = index.queues.filter(q => q.id !== queueId);

20
ccw/src/commands/serve.ts
View File

@@ -7,6 +7,7 @@ import type { Server } from 'http';
interface ServeOptions {
port?: number;
path?: string;
host?: string;
browser?: boolean;
}
@@ -16,6 +17,7 @@ interface ServeOptions {
*/
export async function serveCommand(options: ServeOptions): Promise<void> {
const port = options.port || 3456;
const host = options.host || '127.0.0.1';
// Validate project path
let initialPath = process.cwd();
@@ -30,26 +32,34 @@ export async function serveCommand(options: ServeOptions): Promise<void> {
console.log(chalk.blue.bold('\n CCW Dashboard Server\n'));
console.log(chalk.gray(` Initial project: ${initialPath}`));
console.log(chalk.gray(` Host: ${host}`));
console.log(chalk.gray(` Port: ${port}\n`));
try {
// Start server
console.log(chalk.cyan(' Starting server...'));
const server = await startServer({ port, initialPath });
const server = await startServer({ port, host, initialPath });
const url = `http://localhost:${port}`;
console.log(chalk.green(` Server running at ${url}`));
const boundUrl = `http://${host}:${port}`;
const browserUrl = host === '0.0.0.0' || host === '::' ? `http://localhost:${port}` : boundUrl;
if (!['127.0.0.1', 'localhost', '::1'].includes(host)) {
console.log(chalk.yellow(`\n WARNING: Binding to ${host} exposes the server to network attacks.`));
console.log(chalk.yellow(' Ensure firewall is configured and never expose tokens publicly.\n'));
}
console.log(chalk.green(` Server running at ${boundUrl}`));
// Open browser
if (options.browser !== false) {
console.log(chalk.cyan(' Opening in browser...'));
try {
await launchBrowser(url);
await launchBrowser(browserUrl);
console.log(chalk.green.bold('\n Dashboard opened in browser!'));
} catch (err) {
const error = err as Error;
console.log(chalk.yellow(`\n Could not open browser: ${error.message}`));
console.log(chalk.gray(` Open manually: ${url}`));
console.log(chalk.gray(` Open manually: ${browserUrl}`));
}
}

37
ccw/src/commands/stop.ts
View File

@@ -59,20 +59,47 @@ export async function stopCommand(options: StopOptions): Promise<void> {
signal: AbortSignal.timeout(2000)
}).catch(() => null);
if (healthCheck && healthCheck.ok) {
// CCW server is running - send shutdown signal
if (healthCheck) {
// CCW server is running (may require authentication) - send shutdown signal
console.log(chalk.cyan(' CCW server found, sending shutdown signal...'));
await fetch(`http://localhost:${port}/api/shutdown`, {
let token: string | undefined;
try {
const tokenResponse = await fetch(`http://localhost:${port}/api/auth/token`, {
signal: AbortSignal.timeout(2000)
});
const tokenData = await tokenResponse.json() as { token?: string };
token = tokenData.token;
} catch {
// Ignore token acquisition errors; shutdown request will fail with 401.
}
const shutdownResponse = await fetch(`http://localhost:${port}/api/shutdown`, {
method: 'POST',
headers: token ? { Authorization: `Bearer ${token}` } : undefined,
signal: AbortSignal.timeout(5000)
}).catch(() => null);
// Wait a moment for shutdown
await new Promise(resolve => setTimeout(resolve, 500));
console.log(chalk.green.bold('\n Server stopped successfully!\n'));
process.exit(0);
if (shutdownResponse && 'ok' in shutdownResponse && shutdownResponse.ok) {
console.log(chalk.green.bold('\n Server stopped successfully!\n'));
process.exit(0);
}
// Best-effort verify shutdown (may still succeed even if shutdown endpoint didn't return ok)
const postCheck = await fetch(`http://localhost:${port}/api/health`, {
signal: AbortSignal.timeout(2000)
}).catch(() => null);
if (!postCheck) {
console.log(chalk.green.bold('\n Server stopped successfully!\n'));
process.exit(0);
}
const statusHint = shutdownResponse ? `HTTP ${shutdownResponse.status}` : 'no response';
console.log(chalk.yellow(` Shutdown request did not stop server (${statusHint}).`));
}
// No CCW server responding, check if port is in use

16
ccw/src/commands/view.ts
View File

@@ -6,6 +6,7 @@ import chalk from 'chalk';
interface ViewOptions {
port?: number;
path?: string;
host?: string;
browser?: boolean;
}
@@ -30,7 +31,8 @@ async function isServerRunning(port: number): Promise<boolean> {
});
clearTimeout(timeoutId);
return response.ok;
// Authenticated APIs may return 401; any HTTP response means server is running.
return response.status > 0;
} catch {
return false;
}
@@ -44,8 +46,13 @@ async function isServerRunning(port: number): Promise<boolean> {
*/
async function switchWorkspace(port: number, path: string): Promise<SwitchWorkspaceResult> {
try {
const tokenResponse = await fetch(`http://localhost:${port}/api/auth/token`);
const tokenData = await tokenResponse.json() as { token?: string };
const token = tokenData.token;
const response = await fetch(
`http://localhost:${port}/api/switch-path?path=${encodeURIComponent(path)}`
`http://localhost:${port}/api/switch-path?path=${encodeURIComponent(path)}`,
token ? { headers: { Authorization: `Bearer ${token}` } } : undefined
);
return await response.json() as SwitchWorkspaceResult;
} catch (err) {
@@ -62,6 +69,8 @@ async function switchWorkspace(port: number, path: string): Promise<SwitchWorksp
*/
export async function viewCommand(options: ViewOptions): Promise<void> {
const port = options.port || 3456;
const host = options.host || '127.0.0.1';
const browserHost = host === '0.0.0.0' || host === '::' ? 'localhost' : host;
// Resolve workspace path
let workspacePath = process.cwd();
@@ -89,7 +98,7 @@ export async function viewCommand(options: ViewOptions): Promise<void> {
console.log(chalk.green(` Workspace switched successfully`));
// Open browser with the new path
const url = `http://localhost:${port}/?path=${encodeURIComponent(result.path!)}`;
const url = `http://${browserHost}:${port}/?path=${encodeURIComponent(result.path!)}`;
if (options.browser !== false) {
console.log(chalk.cyan(' Opening in browser...'));
@@ -113,6 +122,7 @@ export async function viewCommand(options: ViewOptions): Promise<void> {
await serveCommand({
path: workspacePath,
port: port,
host,
browser: options.browser
});
}