Conversation
• Enhanced tab navigation to support Cmd+1-9 and Cmd+0 shortcuts 🎯 • Added draft indicator (pencil icon) for unsent messages in tabs ✏️ • Removed verbose console logging from process manager and IPC handlers 🧹 • Added interrupt button to ThinkingStatusPill for stopping AI responses 🛑 • Fixed list styling in markdown rendering with proper indentation 📝 • Improved tab scrolling behavior to center active tab in view 🎯 • Added confetti playground with customizable particle effects and settings 🎊 • Fixed share menu positioning in achievement card to prevent overflow 📐 • Updated keyboard shortcuts to prevent conflicts with system commands ⌨️
• Added onSend prop to PromptComposerModal to actually send messages (Cmd+Enter or Send button) • Added token count estimation (~4 chars/token) displayed alongside character count in footer • Improved header spacing for keyboard shortcut hint readability • Disabled Send button when input is empty • Optimized TerminalOutput by moving prose styles to container level (memoized) Claude ID: 37fedb7c-fa1a-45d4-bb0e-5e607b9076bc Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
• Simplified input mode toggle button styling in InputArea • Enhanced LogViewer keyboard navigation with Opt+Up/Down for page scrolling • Added refresh spinner feedback in ProcessMonitor with auto-expand on load • Fixed TabBar to only scroll on tab navigation, not when closing tabs Claude ID: 1426ed68-c48a-4fd3-834f-33e16f851794 Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
• Fixed tab input clearing - empty strings now persist when switching away • Fixed named session resume - properly loads messages from closed sessions • Improved draft indicator visibility - pencil icon now uses warning color • Enhanced tab scrolling - uses requestAnimationFrame for reliable behavior • Added starred parameter to named session selection callback Claude ID: 1426ed68-c48a-4fd3-834f-33e16f851794 Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
Use manual scroll calculation instead of scrollIntoView for more predictable centering. Active tab is now centered on every tab change using offsetLeft calculation relative to container width.
• Added debug action to manually release queued execution items 🐛 • Implemented queue processing for stuck items in execution pipeline 🚀 • Enhanced confetti animation with playground-style burst patterns 🎉 • Optimized markdown rendering with tighter line height spacing 📐 • Improved prose styles with better margin control and consistency ✨ • Added visual feedback for queue status in quick actions modal 📊 • Streamlined confetti colors for more cohesive celebration effects 🌈 • Fixed paragraph spacing in markdown with explicit margin rules 📝 • Removed redundant confetti waves for cleaner animation performance ⚡ • Enhanced list item rendering with better nested structure support 📋
- Rename Scratchpad.tsx to AutoRun.tsx - Update component names: Scratchpad → AutoRun, ScratchpadInner → AutoRunInner - Update interface name: ScratchpadProps → AutoRunProps - Update import in RightPanel.tsx to use AutoRun - Delete old Scratchpad.tsx file Part of Phase 1.1 for Auto Run overhaul.
- Change RightPanelTab type union in types/index.ts - Update tab array in RightPanel.tsx - Update shortcut ID from goToScratchpad to goToAutoRun - Update quick action ID and label in QuickActionsModal.tsx - Update keyboard handler reference in App.tsx
Phase 1.2 of Scratchpad → Auto Run migration: - Remove scratchPadContent field from Session interface - Remove scratchPadCursorPosition, scratchPadEditScrollPos, scratchPadPreviewScrollPos, and scratchPadMode fields - Remove ScratchPadMode type (no longer needed) - Update all usages in App.tsx, RightPanel.tsx, useSessionManager.ts, and useBatchProcessor.ts with TODO placeholders - Content will be stored in files instead of session state once IPC handlers are implemented in Phase 1.3
Add six new fields to support the Auto Run panel's file-based document runner: - autoRunFolderPath: persisted folder path for Runner Docs - autoRunSelectedFile: currently selected markdown filename - autoRunMode: current editing mode (edit/preview) - autoRunEditScrollPos: scroll position in edit mode - autoRunPreviewScrollPos: scroll position in preview mode - autoRunCursorPosition: cursor position in edit mode
Add IPC handler and preload API to list markdown documents in a folder: - Handler filters for .md files, excludes hidden files - Returns filenames without .md extension, sorted alphabetically - Exposed via window.maestro.autorun.listDocs() API
Implements the autorun:readDoc handler that reads markdown documents from the Auto Run folder. Includes security measures: - Filename sanitization to prevent directory traversal attacks - Path validation to ensure file is within the folder path - Automatic .md extension handling
…ad API
Added three new IPC handlers for Auto Run image management:
- autorun:saveImage: Saves base64 images to {folder}/images/{docName}-{timestamp}.{ext}
- autorun:deleteImage: Safely deletes images with path traversal protection
- autorun:listImages: Lists images for a document by prefix matching
Also expanded preload.ts to expose the complete autorun API:
- readDoc, writeDoc (previously added but not exposed)
- saveImage, deleteImage, listImages (new)
All handlers include:
- Input sanitization and validation
- Directory traversal protection
- Image extension whitelisting
- Proper error handling and logging
…ation Create modal component for first-time Auto Run setup with: - Explanation text describing Auto Run functionality - Folder selection via native dialog (Cmd+O shortcut) - Feature list with Markdown Documents, Checkbox Tasks, Batch Execution - Cancel/Continue buttons with proper focus management - Layer stack integration with AUTORUN_SETUP priority (710)
… Run setup - Import AutoRunSetupModal component - Add autoRunSetupModalOpen state for modal visibility - Create handleSetActiveRightTab to intercept autorun tab switch - Show setup modal when switching to autorun tab with no folder configured - Add handleAutoRunFolderSelected callback to save folder path to session - Update keyboard shortcuts to use handleSetActiveRightTab - Pass handleSetActiveRightTab to RightPanel for tab click handling - Render AutoRunSetupModal when open
… logic Implements Phase 3.1-3.2 of the Auto Run overhaul: - Create AutoRunDocumentSelector.tsx with dropdown, refresh, and change folder - Update AutoRun.tsx props to support external document/mode state - Update RightPanel.tsx to pass new Auto Run props - Add App.tsx state and handlers for document list, content, loading - Add effect to load documents when session or folder changes
- Add UndoState interface and MAX_UNDO_HISTORY constant (50 entries) - Create undoHistoryRef and redoHistoryRef Maps keyed by document filename - Implement pushUndoState function with debounced snapshot scheduling - Implement handleUndo (Cmd+Z) and handleRedo (Cmd+Shift+Z) functions - Push undo state before programmatic content changes: - Cmd+L checkbox insertion - Enter key list continuation - Image paste/upload - Image/attachment removal - Clear pending undo snapshot on document switch - History persists across edit/preview mode toggles - Per-document history (each document has separate undo/redo stacks)
- Update handlePaste to use autorun:saveImage API with {docName}-{timestamp}.{ext} format
- Update handleFileSelect to save images similarly using the new API
- Update AttachmentImage component to load images from relative paths within folderPath
- Update handleRemoveAttachment and deleteLightboxImage to use autorun:deleteImage API
- Update image list loading to use autorun:listImages API
- Images are now saved to {folder}/images/ subdirectory with relative markdown paths
This completes Phase 3.5 of the Auto Run overhaul, transitioning from
session-based attachment storage to file-system-based image storage that
persists with the Auto Run documents.
Extends the BatchRunState interface with new fields to support: - Multi-document batch processing (documents array, currentDocumentIndex) - Per-document task progress (currentDocTasksTotal, currentDocTasksCompleted) - Overall progress across all documents (totalTasksAcrossAllDocs, completedTasksAcrossAllDocs) - Loop mode for continuous processing (loopEnabled, loopIteration) - File-based document storage (folderPath) Legacy fields are preserved for backwards compatibility during migration. Updates DEFAULT_BATCH_STATE and setBatchRunStates calls in useBatchProcessor.ts.
… list UI - Add BatchDocumentEntry and BatchRunConfig interfaces to types - Redesign BatchRunnerModal with document list section showing: - Draggable document rows with grip handles - Per-document task count badges - Total task count across all selected documents - Remove button for documents (when multiple selected) - Add "+ Add Docs" button that opens document selector sub-modal - Implement document selector modal with: - Checkbox selection for all available documents - Task count display per document - Cancel/Add buttons with selection count - Implement HTML5 drag-and-drop for document reordering - Update onGo callback to pass BatchRunConfig instead of just prompt
- Add loopEnabled state to track loop mode toggle - Add Loop toggle button that appears when multiple documents exist - Add curved arrow SVG indicator showing the loop will return to first doc - Update handleGo to pass loopEnabled in BatchRunConfig
…atchRunnerModal - Add reset toggle button for each document in the batch run list - Add reset indicator (↻) shown when reset-on-completion is enabled - Add duplicate button (+) that appears only for reset-enabled docs - Implement duplicate insertion logic (inserts copy after original) - Duplicates inherit the reset-on-completion setting from original - Remove button now shown for duplicates or when multiple docs exist
…support Update the batch run progress section to use new multi-document fields: - Show document progress (e.g., "Document 2 of 5: FEATURE-PLAN") - Show task progress within current document - Show loop iteration count when loop mode is active - Use totalTasksAcrossAllDocs/completedTasksAcrossAllDocs for overall progress - Maintain backwards compatibility with legacy fields for single-doc runs
…-on-completion Phase 4.6 complete - rewrote useBatchProcessor to support: - Accept BatchRunConfig with documents array, prompt, and loopEnabled - Process documents sequentially, skipping docs with 0 tasks - Reset-on-completion: uncheck all tasks when doc finishes - Loop mode: continue cycling through docs until all tasks done - Safe exit conditions to prevent infinite loops - Per-document and overall progress tracking Also updated: - App.tsx: handleStartBatchRun now accepts BatchRunConfig and folderPath - BatchRunnerModal: removed deprecated scratchpadContent prop - Added uncheckAllTasks helper function for reset-on-completion
…onfiguration storage Added two new TypeScript interfaces to support the Playbooks feature: - PlaybookDocumentEntry: Stores document filename and reset-on-completion setting - Playbook: Stores saved batch run configurations with name, documents, loop setting, and prompt
…uration persistence
- Add playbooks:list, playbooks:create, playbooks:update, playbooks:delete IPC handlers
- Store playbooks per-session in userData/playbooks/{sessionId}.json
- Expose playbooks API via preload bridge with full TypeScript types
- Support CRUD operations for saved batch run configurations (documents, loop mode, prompts)
- Add playbooks, loadedPlaybook, and loadingPlaybooks state variables - Add useEffect to load playbooks from storage on mount via IPC - Add useMemo to compute isPlaybookModified by comparing current configuration (documents, loopEnabled, prompt) against loaded playbook - Add sessionId prop for per-session playbook storage - Pass sessionId to BatchRunnerModal from App.tsx
- Change goToAutoRun shortcut from Meta+Shift+s to Meta+Shift+1 - Update AutoRunnerHelpModal to replace remaining Scratchpad terminology: - "Scratchpad" -> "Auto Run documents" - "scratchpad" -> "Auto Run panel" - "scratchpad file" -> "Auto Run document file"
Added comprehensive keyboard shortcuts documentation including: - Panel navigation shortcuts (including new ⌘⇧1 for Auto Run) - Session management shortcuts - Tab management shortcuts (AI mode) - Mode & focus shortcuts - Git & system shortcuts - Quick access shortcuts
Document the complete Auto Run system architecture including: - Component architecture table (AutoRun, BatchRunnerModal, Playbook modals) - Data types (BatchDocumentEntry, WorktreeConfig, BatchRunConfig, BatchRunState, Playbook) - Session fields for Auto Run state persistence - IPC handlers for document and playbook operations - Git worktree integration for parallel work isolation - Execution flow from setup through batch processing - Write queue integration behavior
- Replace 'Scratchpad' feature with 'Auto Run' in features list - Update keyboard shortcut from Cmd+Shift+S to Cmd+Shift+1 - Rewrite Automatic Runner section as Auto Run with new features: - Multi-document batch runs - Playbooks for saved configurations - Git worktree support for parallel work - Loop mode and reset-on-completion - Auto-save and undo/redo - Image support with relative paths
…mentation Rewrote the Auto Run help modal content to comprehensively document all new Auto Run features including: - Setting up a Runner Docs folder - Document format (markdown with checkboxes) - Creating tasks with quick insert shortcut - Image attachments workflow - Running single and multiple documents - Reset on completion feature - Loop mode for continuous workflows - Playbooks for saving/loading configurations - Git worktree for parallel work - History tracking and read-only mode - Stopping gracefully - All keyboard shortcuts (Cmd+Shift+1, Cmd+E, Cmd+L, Cmd+Z/Shift+Z) The new help guide covers 15 sections with icons and formatted examples.
Add Shift+number symbol mapping to isShortcut function. When Shift is pressed with a number key, the browser reports the symbol character (e.g., '!' for Shift+1) rather than the number. This mapping allows shortcuts like Cmd+Shift+1 to work correctly on US keyboard layouts.
When an existing worktree is detected and the branch matches (no mismatch), now shows an informational message displaying the current branch name. Previously, branch info was only shown in warning states (branch mismatch or different repo error). This helps users confirm which branch is currently checked out in their selected worktree path, even when everything is in order.
- Added onPRResult callback prop to useBatchProcessor hook - On PR creation success: show success toast with PR URL - On PR creation failure: show warning toast (not error) with error message - PR creation failures don't fail the auto-run itself - Updated App.tsx to pass onPRResult callback and display toasts
The playbooks:create IPC handler was not including worktreeSettings when building the newPlaybook object. This fix: - Adds worktreeSettings to the type definition in playbooks:create handler - Explicitly copies worktreeSettings if provided when creating new playbook - Adds worktreeSettings to the type definition in playbooks:update handler - Updates preload.ts types to include worktreeSettings for both create/update This ensures that when users save a playbook with worktree settings (branch name template and createPROnCompletion preference), those settings are properly persisted and restored when the playbook is loaded.
When a folder is configured but contains no markdown documents, the Auto Run panel now displays a helpful empty state with a "No Documents Found" message that explains the situation and provides buttons to either refresh the document list or change the selected folder.
…ents - Added isMissing field to BatchDocumentEntry interface for tracking documents that no longer exist in the Auto Run folder - Updated handleLoadPlaybook to detect and mark missing documents when loading a playbook - Added visual indicators in the document list: - Missing documents show strikethrough name with "MISSING" badge - Red-tinted background for missing document rows - Disabled drag handle for missing documents - Remove button available for easy cleanup - Added warning banner when playbook has missing documents - Updated Total Summary to exclude missing documents from count - Updated "Go" button to be disabled when all documents are missing - Filter out missing documents when starting batch execution
Pull Request Review: Auto Run OverhaulSummaryThis is a comprehensive feature overhaul transforming the "Scratchpad" into a powerful "Auto Run" system with file-based document management, multi-document batch processing, playbook support, and Git worktree integration. The PR adds ~6k lines and touches 35 files across main/renderer processes. Overall Assessment: Strong implementation with minor concerns 🎯 StrengthsArchitecture & Design
Features
|
PR Review: Autorun OverhaulOverviewThis is a substantial feature addition that transforms the simple scratchpad into a sophisticated document runner with multi-file support, playbooks, and git worktree integration. The implementation is generally well-architected and follows the project's conventions outlined in CLAUDE.md. Summary Statistics:
✅ Strengths1. Security - Excellent Path SanitizationThe IPC handlers demonstrate proper security practices:
Example (src/main/index.ts:3519-3522): const sanitizedFilename = path.basename(filename);
if (sanitizedFilename \!== filename || filename.includes('..')) {
return { success: false, content: '', error: 'Invalid filename' };
}2. Architecture - Well-Structured and Documented
3. Error Handling - Defensive Programming
4. Loop Protection - Infinite Loop PreventionThe batch processor has multiple safeguards against infinite loops:
|
- Add lastActivityAt timestamps to tab switcher for better session sorting - Filter "All Named" sessions to current project only (projectRoot-scoped) - Add relative time formatting (e.g., "5m ago", "2h ago") in tab switcher - Change slash command behavior: Tab/Enter now fills text instead of executing - Allow slash commands to be queued when agent is busy (like regular messages) - Add projectRoot field to Session for stable Claude session storage path - Fix markdown list indentation and positioning - Add GitHub Actions workflow for auto-assigning issues/PRs to pedramamini - Update CLAUDE.md with projectRoot field documentation Claude ID: 747fc9d0-a5a2-441d-bc0a-8cd3d579a004 Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
PR Review: Auto Run OverhaulThis is a substantial feature addition that transforms the Scratchpad into a sophisticated Auto Run system with Git worktree integration, playbooks, and multi-document batch processing. Overall, the implementation is well-structured with strong security practices. Here are my findings: ✅ Strengths1. Excellent Security Practices
2. Well-Structured Architecture
3. Robust Error Handling
4. Good UX Design
|
- Fix cloudflared not being found when running from /Applications by using expanded PATH (includes /opt/homebrew/bin, /usr/local/bin, etc.) in cliDetection.ts, matching how agent-detector.ts handles binary detection - Cache and use full cloudflared path in tunnel-manager.ts to ensure the binary is found when spawning the tunnel process - Add debugging logs for process exit events to help diagnose thinking pill issues (App.tsx) - Add hint about Cmd+/ shortcut in settings modal shortcuts section - Add Cmd+U shortcut hint to tab filter tooltip Claude ID: 110ec97f-d876-4fb9-b577-ee7a7cd4f9e5 Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
Pull Request Review: Auto Run OverhaulOverviewThis is a substantial and well-architected feature addition that transforms the scratchpad into a file-system-based document runner with multi-document batch processing, playbooks, and Git worktree support. The PR adds ~6,400 lines across 42 files with excellent documentation and adherence to the project's security patterns. Strengths1. Excellent Security Practices ✅
2. Robust Error Handling ✅
3. Well-Designed Architecture ✅
4. Git Worktree Integration ✅
5. Excellent Documentation ✅
Issues & Concerns🔴 Critical: Potential Infinite LoopLocation: src/renderer/hooks/useBatchProcessor.ts:366-595 The main processing loop can potentially run forever. While there is a safety check at line 580, if the checkbox regex fails to match certain formats, tasks might appear to exist but never get processed. Recommendation: Add a maximum iteration limit as a safety net. 🟡 Medium: Race Condition in Auto-SaveThe component uses a 5-second debounce for auto-save, but rapid document switching could cause the wrong content to be saved to the wrong document. Recommendation: Clear the debounce timer when switching documents and add document ID validation before saving. 🟡 Medium: Missing Input Validation for Git Branch NamesNo validation for invalid branch name characters. Git branches cannot contain spaces, certain special characters, or start with a dash. 🟡 Medium: Worktree Cleanup Not ImplementedWhen a worktree is created but Auto Run is stopped or fails, there is no mechanism to clean up the worktree. 🟢 Minor: Regex Edge CasesThe unchecked regex requires at least one character after the checkbox, so empty checkboxes like - [ ] won't match. Change .+ to .* in the regex. 🟢 Minor: Image Cache Never ClearedThe image cache grows indefinitely, which could consume significant memory in long-running sessions. Test Coverage Concerns❌ No Tests Included: This is a large feature with complex logic, but no test files were added. Recommendation: Add tests for path traversal attacks, checkbox regex matching, loop termination conditions, worktree state validation, and playbook CRUD operations. Final VerdictOverall Assessment: 🟢 Approve with Minor Concerns This is a high-quality, production-ready feature with excellent security practices, thorough documentation, and thoughtful architecture. Score Breakdown
Recommendation: Merge after addressing the infinite loop protection and auto-save race condition. The missing tests can be added in a follow-up PR if time is a constraint. Great work! This is a substantial improvement to Maestro's automation capabilities. |
…k actions - Add Enter key support for queued message removal confirmation dialog - Add kill process capability to System Process Monitor with confirmation - Add toggle markdown rendering option to Cmd+K Quick Actions menu Claude ID: d504ac29-93b3-46e9-8929-9be234bbcf07 Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
Pull Request ReviewThis is a massive and impressive PR that transforms the "Scratchpad" feature into a comprehensive "Auto Run" system with file-based document management, multi-document batch processing, playbooks, and Git worktree support. With 8,075 additions across 47 files, this is effectively a major feature release. 🎯 Overall AssessmentCode Quality: 8.5/10 - Well-structured, follows established patterns, excellent security practices ✅ Strengths1. Excellent Security PracticesThe file operation handlers demonstrate strong security awareness:
Example from const sanitizedFilename = path.basename(filename);
if (sanitizedFilename \!== filename || filename.includes('..')) {
return { success: false, content: '', error: 'Invalid filename' };
}
const resolvedPath = path.resolve(filePath);
const resolvedFolder = path.resolve(folderPath);
if (\!resolvedPath.startsWith(resolvedFolder)) {
return { success: false, error: 'Invalid file path' };
}2. Well-Designed Architecture
3. Comprehensive Feature Implementation
4. Documentation
|
Pull Request Review - Auto Run Feature OverhaulOverviewThis is a substantial PR (8,086 additions across 40+ commits) that transforms the Scratchpad feature into a comprehensive Auto Run system with file-system-based document management, multi-document batch processing, playbooks, and Git worktree integration. The implementation is generally solid with good security practices, but there are several areas that need attention. Critical Security Issues1. Path Traversal Vulnerability in Playbook StorageLocation: src/main/index.ts:3811-3819 The sessionId parameter is not sanitized before being used in a file path. A malicious session ID could write to arbitrary locations. Fix: Sanitize the sessionId with path.basename() and character filtering. 2. Missing Input Validation in Image ExtensionLocation: src/main/index.ts:3666-3677 The extension parameter is validated against a whitelist, but there is no length check. Recommendation: Add length validation (max 10 chars). 3. Incomplete Path Validation in autorun:deleteImageLocation: src/main/index.ts:3714-3724 While this checks for .. after normalization, path normalization on Windows may not catch all traversal attempts. Also, symbolic links could bypass this check. Recommendation: Use fs.realpath() to resolve the actual path and verify it is within the expected directory. High Priority Issues4. Race Condition in Worktree SetupLocation: src/main/index.ts:1223-1301 The git:worktreeSetup handler checks if a path exists, then later creates a worktree. This is susceptible to TOCTOU (time-of-check-time-of-use) race conditions. Recommendation: Add file locking or retry logic with exponential backoff. 5. Missing Error Handling for Concurrent Document AccessLocation: src/renderer/hooks/useBatchProcessor.ts Multiple batch runs could attempt to modify the same document simultaneously. There is no file locking mechanism. Recommendation: Add a lock file mechanism or detect concurrent modifications by checking file modification timestamps. 6. Unbounded Undo History Memory UsageLocation: src/renderer/components/AutoRun.tsx:70-71 MAX_UNDO_HISTORY = 50. Each undo state stores the full document content. For large documents (1MB), 50 entries = 50MB per document. Recommendation: Implement diff-based undo or add total size limits. Code Quality Issues7. Inconsistent Error HandlingSome IPC handlers return structured errors, while others throw exceptions. This makes error handling on the renderer side unpredictable. Recommendation: Standardize on the structured error response pattern. 8. Hardcoded require() in Handler FunctionLocation: src/main/index.ts:1189 The path module is already imported at the top. This local require is redundant. 9. Missing Validation on Playbook NameLocation: src/main/index.ts:3852-3867 The playbook name is never validated. Extremely long names could cause UI issues. Recommendation: Add max length (100 chars) and whitespace validation. 10. Potential Memory Leak in Image CacheLocation: src/renderer/components/AutoRun.tsx:62 The imageCache Map grows indefinitely and never clears. Images stored as base64 can be very large. Recommendation: Implement LRU cache with size limits. Performance Considerations11. Inefficient Document Task CountingEvery time the batch runner modal renders, it may re-count tasks for all documents. Recommendation: Cache task counts and invalidate only when documents change. 12. UI Blocking in Worktree ValidationLocation: src/main/index.ts:1150-1151 The UI may appear frozen during validation. Consider adding loading states. Positive Aspects
Minor Issues
Recommendations SummaryMust Fix Before Merge:
Should Fix: Nice to Have: Test Coverage SuggestionsThis PR would benefit from:
Overall, this is an impressive feature addition with solid architecture. The main concerns are the security issues around path handling, which should be addressed before merging. Once those are fixed, this will be a great addition to Maestro. Great work on the extensive feature set! |
…vements
- Add recursive subfolder scanning with tree display in document selector
- Add folder selector in Create Document modal for creating docs in subfolders
- Add loop max control (infinity/max toggle with slider, max 25 iterations)
- Update info panel: document progress bars, "Loop X of Y" display
- Re-scan documents at start of each loop for fresh task counts
- Improve slider UX (larger infinity symbol, wider slider)
Claude ID: {{CLAUDE_SESSION_ID}}
Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
Pull Request ReviewThis is an impressive and comprehensive PR that implements a complete Auto Run system overhaul. The changes are well-structured and follow the project's conventions. Here's my detailed review: 🎯 Overall AssessmentScope: 47 files, 8,348 additions ✅ Strengths1. Excellent Security PracticesThe Auto Run IPC handlers demonstrate robust security measures:
2. Comprehensive Error Handling
3. Well-Structured Architecture
4. Documentation
|
| Area | Status | Notes |
|---|---|---|
| Path Traversal | ✅ Excellent | Multiple layers of protection |
| Command Injection | ✅ Excellent | Uses execFileNoThrow correctly |
| Input Validation | Missing content size limits | |
| Error Exposure | ✅ Acceptable | No sensitive data in errors |
| Access Control | ✅ Good | Desktop app context appropriate |
🎯 Final Recommendations
Must Fix Before Merge:
- Remove
const path = require('path')on line 1189 (shadows import) - Add content size validation to
autorun:writeDoc - Remove debug logging or ensure it's production-safe
Should Fix Soon:
- Consider refactoring
BatchRunnerModalstate management withuseReducer - Add serialization/locking for worktree operations
- Add depth limit to recursive directory scanning
Nice to Have:
- Extract magic numbers to named constants
- Add comprehensive test coverage for security scenarios
- Improve type safety (replace
any[]with proper types)
🏆 Conclusion
This is a well-crafted PR that demonstrates:
- Strong security awareness
- Thorough error handling
- Excellent documentation
- Consistent coding patterns
The Auto Run feature is production-ready with minor fixes. The architecture is solid and extensible for future enhancements.
Recommendation: ✅ Approve with minor changes
Great work on this comprehensive feature! The attention to security details is particularly commendable. 🎉
When sending a slash command (e.g., /commit) while the session was idle,
the command would appear both as a sent message AND in the QUEUED section.
This happened because the code was adding the item to executionQueue and
immediately processing it, but the queue item wasn't removed until exit.
The fix simply doesn't add to the queue when processing immediately since
the item isn't actually queued - it's being executed right away.
Claude ID: {{CLAUDE_SESSION_ID}}
Maestro ID: b9bc0d08-5be2-4fdf-93cd-5618a8d53b35
Code Review: Auto Run OverhaulThis is a substantial and well-architected feature addition that transforms the scratchpad into a powerful file-based document runner. Overall, the implementation is solid with good attention to detail. Architecture & DesignStrengths:
Documentation:
Potential Issues1. Error Handling in Git Worktree OperationsLocation: src/main/index.ts:1224-1430 The worktree setup has comprehensive validation, but path resolution could fail on malformed paths. Recommendation: Add try-catch around path operations and validate that paths are within expected bounds to prevent directory traversal issues. 2. Race Condition in Batch ProcessingLocation: useBatchProcessor.ts:446-470 When re-reading documents after task completion, there is a potential race if the file is modified externally. Recommendation: Consider adding file watch timestamps or checksums to detect external modifications and warn the user. 3. Console Logging ProliferationIssue: 374 console.log/warn/error statements across the codebase While debugging statements are helpful during development, production code should use the logger system. Recommendation: Replace console statements with the existing logger system, especially in main process handlers. 4. Memory Leak Risk in Image CacheLocation: AutoRun.tsx:64 The image cache grows unbounded and stores base64 strings in memory. With many images, this could cause memory issues. Recommendation: Implement cache eviction (LRU) or size limits, especially for long-running sessions. Security Considerations1. Path Traversal Prevention - CRITICALLocation: src/main/index.ts:1356-1370 The autorun file operations need validation to ensure files are within the specified folder. User input is used directly in file paths without bounds checking. Recommendation: Add validation before file operations to prevent directory traversal attacks. 2. Command Injection in Branch NamesLocation: BatchRunnerModal.tsx:179 User-provided branch names are passed to git commands. While execFileNoThrow provides protection, branch names should still be validated. Recommendation: Add branch name validation (alphanumeric, hyphens, underscores only). Performance Considerations1. Sequential Document ProcessingLocation: useBatchProcessor.ts:381-559 Documents are processed strictly sequentially, even when worktrees are used. Consideration: With worktrees enabling true isolation, consider offering parallel document processing as an advanced option. 2. Task Count RecalculationLocation: useBatchProcessor.ts:314-317 Initial total task calculation reads all documents sequentially and could be parallelized with Promise.all(). 3. Unnecessary Re-rendersLocation: BatchRunnerModal.tsx:106-200 Many state variables without memoization could cause unnecessary re-renders in a complex modal. Recommendation: Consider using useMemo for derived values and useCallback for event handlers. Test CoverageObservation: The PR adds 8351 lines with significant complexity, but no test files are visible. Recommendations:
Code Quality1. TODOs in Production CodeFound in src/renderer/App.tsx:3735 and src/renderer/hooks/useSessionManager.ts:261 Recommendation: Resolve TODOs before merging or create tracked issues. 2. Magic NumbersConstants like MAX_UNDO_HISTORY should be extracted to a constants file for easier configuration. 3. Type SafetyUse proper TypeScript types throughout (found theme: any in BatchRunnerModal.tsx:87). What Works Well
Summary
Recommendations for MergeMust Fix Before Merge:
Should Fix Before Merge: Nice to Have (Can defer to follow-up PRs): Final ThoughtsThis is high-quality work that adds significant value to Maestro. The architecture is sound, the feature is well-designed, and the documentation is excellent. The main concerns are around security validation, testing, and production-ready error handling. With the critical path traversal validation and TODO resolution, this would be ready to merge. Great job on the worktree integration - that is a sophisticated solution to enable true parallelization! |
1 participant
No description provided.