Conversation
pedramamini
commented
Nov 28, 2025
pedramamini
commented
- MAESTRO: Fix token tracking to use modelUsage for accurate context window
- MAESTRO: Disable scratchpad Run button when AI agent is thinking
- MAESTRO: Reduce scratchpad preview font size from default to 13px
- MAESTRO: Add multi-select filtering to system logs viewer
- MAESTRO: Preserve keyboard position in Claude session list after viewing details
- MAESTRO: Add naming and renaming functionality to Claude session list
- MAESTRO: Display real-time active processes in System Processes view
- MAESTRO: Hide queued AI messages from CLI terminal view
- MAESTRO: Remove search capability from Git log viewer
- MAESTRO: Include vibe themes in Tab key theme cycling
- MAESTRO: Add expand/collapse toggle for truncated queued messages
- MAESTRO: Change Pedurple theme accent color from gold to bright pink
- MAESTRO: Apply scrollbar-thin styling to main panel Virtuoso component
- MAESTRO: Use spacebar instead of left arrow to collapse folders in sidebar
- MAESTRO: Ignore leading emojis when alphabetizing sessions in left sidebar
- MAESTRO: Add hover overlay to collapsed group folder indicators
- MAESTRO: Add collapsed indicator palette to bookmarks group in sidebar
- MAESTRO: Add detailed TTS logging for debugging speak functionality
- MAESTRO: Add image paste and preview support to scratchpad
- MAESTRO: Move copy/delete buttons side-by-side on CLI terminal commands
- MAESTRO: Fix bullet rendering in markdown previews
- MAESTRO: Add tab completion for shell command input
- MAESTRO: Add splash screen with logo and progress bar during app startup
- MAESTRO: Preserve AI context when command is interrupted
- MAESTRO: Unify bookmark/star terminology to use stars consistently
- MAESTRO: Fix session renaming to persist in Claude session list view
- MAESTRO: Reset activeClaudeSessionId when opening Claude sessions browser
- MAESTRO: Display session name in recent sessions overlay
- MAESTRO: Fix Git overlay borders to match other overlays
- MAESTRO: Improve overlay UX with timeout delays and invisible bridges
- MAESTRO: Add delete capability for AI message-response pairs
- MAESTRO: Show leading bookmark icon only for bookmarked sessions
- MAESTRO: Enable CMD+SHIFT+[] to cycle within bookmarks folder when open
- MAESTRO: Fix Git log viewer search functionality
- MAESTRO: Add search functionality to scratchpad
- MAESTRO: Add template variables dropdown to Auto Runner prompt
- MAESTRO: Improve AI commands settings with scrollable preview and larger edit view
- MAESTRO: Persist recent Claude sessions per Maestro session
…ndow The Claude Code CLI JSON output has two different token count sections: - `usage`: Shows billable/new tokens only (excludes cache hits) - `modelUsage`: Contains per-model breakdown with actual context tokens Previously, we were reading from `usage.input_tokens` which showed only new tokens (e.g., 2 tokens) instead of the full context (e.g., 3,241 tokens). This fix aggregates token counts from modelUsage to properly track: - Total input tokens in context (including cache reads) - Total output tokens - Cache read and creation tokens - Context window size from each model The fix applies to both batch mode JSON parsing and stream-json mode. Falls back to top-level usage if modelUsage isn't available for backwards compatibility with older CLI versions.
The Run button in the scratchpad panel is now greyed out when the session state is 'busy' or 'connecting', preventing users from starting batch runs while the agent may be making changes.
Changed the log level filter from single-select to multi-select toggle behavior: - Each level button (debug, info, warn, error, toast) now toggles on/off independently - The "ALL" button toggles all levels on or off - All levels are selected by default when opening the log viewer
…ing details When pressing Escape to return from session details to list view: - Focus is restored to search input for continued keyboard navigation - Selected item scroll position is maintained - selectedIndex is preserved so arrow key navigation resumes from the same position This allows users to browse sessions with Enter, examine details, press Escape, and continue navigating down the list without losing their place.
Added inline editing for session names in the Claude session browser: - Sessions can be named/renamed from the list view via pencil icon on hover - Sessions can be named/renamed from the details view header - Existing session names display with tag icon and edit button - Sessions without names show an add name button on hover - Names are persisted via the updateSessionName IPC API - Enter saves, Escape cancels, blur also saves
- Add process:getActiveProcesses IPC handler to expose ProcessManager's running processes - Update preload.ts to expose getActiveProcesses API method - Rewrite ProcessMonitor to fetch and display actual running processes from ProcessManager - Parse process session IDs to match them to their Maestro sessions (handles -ai, -terminal, -batch suffixes) - Show batch mode processes when auto-runner is active - Add refresh button and 2-second polling for real-time updates - Show active process count badge on sessions and in header
Added condition to only show queued messages section when inputMode is 'ai', preventing AI queued messages from appearing on the CLI terminal side.
Removed the non-functional search feature from GitLogViewer: - Removed search input field and related state (searchQuery, isSearchFocused) - Removed filter logic for entries based on search query - Removed '/' keyboard shortcut for focusing search - Updated UI to display entries directly without filtering - Cleaned up unused imports (Search, X from lucide-react)
The theme picker's Tab key cycling was only including dark and light themes. Updated to cycle through dark → light → vibe → dark as expected.
Queued AI messages are truncated to 200 characters for display. This adds a Show all/Show less toggle button that allows users to view the full content of long queued messages and collapse them back down.
Updated the Pedurple vibe theme's accent color from gold (#d4af37) to hot pink (#ff69b4) so the third color in the theme palette preview displays as bright pink. Also swapped the warning color to use the previous gold accent for visual balance.
Added scrollbar-thin class to the Virtuoso component in TerminalOutput.tsx to match the beautiful scrollbar styling used in the left and right sidebars.
…debar Changed the keyboard shortcut for collapsing group folders in the left sidebar from the left arrow key to the spacebar for better ergonomics.
…debar
Added helper functions to strip leading emojis from session and group names
before comparing for alphabetical sorting. This ensures names like "🎉 My Project"
are sorted by the text portion ("My Project") rather than by the emoji's Unicode
codepoint.
Changes made to:
- SessionList.tsx: Added stripLeadingEmojis and compareSessionNames helpers
- App.tsx: Added compareNamesIgnoringEmojis for sortedSessions calculation
- useSessionManager.ts: Added same helpers for session sorting hook
When a group folder in the left sidebar is collapsed, hovering over individual session indicator dots now shows a detailed overlay with session name, state, tool type, context usage, git changes, cost, active time, and working directory - matching the behavior of the skinny sidebar mode. Clicking an indicator selects that session.
When the bookmarks section in the left sidebar is collapsed, it now shows the same indicator widget palette as other group folders. Each bookmarked session appears as a colored dot based on its state, with hover tooltips showing session details including name, state, context usage, git status, session cost, and active time.
Include text content preview, full command arguments, and execution details in system logs to help debug TTS issues. Logs now show: - Incoming request with command, text length, and text preview (up to 200 chars) - Executing command with executable, args count, and full args (text truncated to 100 chars) - Success/error states with relevant context - Changed context from 'Notification' to 'TTS' for easier filtering
- Add IPC handlers for per-session attachment storage (save, load, delete, list)
- Images stored in userData/attachments/{sessionId}/ directory
- Add paste handler that saves images and inserts markdown reference
- Add image upload button in edit mode
- Custom AttachmentImage component loads images from session storage
- Image cache to avoid repeated IPC calls
- Thumbnail preview of attached images in edit mode
- Lightbox for full-size image viewing
- Uses maestro-attachment:// protocol for referencing stored images
- Images are session-specific so no overlap between Maestro sessions
- Also fixed bullet rendering in markdown preview (added list-style-type)
Previously, the delete button was positioned at top-right and the copy button at bottom-right. For short terminal commands (single line), these positions would overlap causing the buttons to appear on top of each other. Now both buttons are placed together in the action buttons container at bottom-right, arranged side-by-side with proper spacing.
Tailwind's preflight reset removes list-style from ul/ol elements. Added explicit list styling with !important to the global CSS to restore bullet points (disc, circle, square) and numbered lists (decimal, lower-alpha, lower-roman) in prose containers.
Implements primitive tab completion for the terminal mode shell command input box with two sources of suggestions: 1. Shell command history - matches previous commands that start with the current input 2. File tree - matches files and folders in the current directory, supporting path-based completion (e.g., "cd src/comp" matches files in src/ starting with "comp") Features: - Tab key opens the completion dropdown when in terminal mode - Single match auto-completes immediately - Multiple matches show a dropdown with icons (history, folder, file) - Arrow keys navigate suggestions, Tab/Enter confirms, Escape cancels - Dropdown closes automatically when switching input modes
- Add native HTML/CSS splash screen that appears immediately on app load - Display centered Maestro logo (wand icon in purple rounded rectangle) - Show "MAESTRO" title text in JetBrains Mono font matching sidebar styling - Add animated progress bar that fills while app initializes - Preload Google Fonts to prevent Flash of Unstyled Text (FOUT) - Implement fade-out animation when React app finishes loading - Add TypeScript type declarations for splash screen global functions - Trigger splash screen hide when initial data load completes in App.tsx
Switch Claude Code from --output-format json to stream-json mode so that the session_id is captured early in the response stream rather than only at process exit. This ensures that when a user interrupts an AI command, the next command can still --resume the same Claude session, preserving all context including the interrupted partial response. Changes: - Updated agent-detector.ts to use stream-json output format with --verbose - Updated process-manager.ts to detect stream-json mode from args - Simplified image handling since base args now include stream-json output
Changed the session pill in the main panel header bar to use "Star Session"
and "Unstar Session" instead of "Bookmark Session" and "Remove Bookmark".
Now uses the same per-project storage key (starredClaudeSessions:${cwd})
as the AgentSessionsBrowser for consistency across components.
When renaming a session from the main panel's session pill, the name was only being saved to local settings (namedClaudeSessions) but not to the backend storage (claudeSessionOriginsStore). This caused renamed sessions to not show their names in the Claude session list view. Now calls window.maestro.claude.updateSessionName() to persist the name to the backend, matching the behavior of renaming from AgentSessionsBrowser.
…wser When opening the Claude sessions browser from the button, keyboard shortcut, or quick actions modal, the activeClaudeSessionId is now reset to null. This ensures the browser always opens to the list view rather than auto-jumping to a previously viewed session's details pane. The auto-jump behavior is preserved only when explicitly navigating to a specific session (e.g., from the recent sessions overlay), where activeClaudeSessionId is intentionally set before opening the browser.
- Added sessionName field to RecentClaudeSession interface - Updated onResumeClaudeSession signature to accept optional sessionName parameter - Modified AgentSessionsBrowser to pass sessionName when resuming a session - Enhanced recent sessions overlay display to show session name prominently when available, with first message as secondary info below the name
Changed border styling from separate borderColor/border properties to the shorthand border format with inline color. The previous approach of setting borderColor and then border: '1px solid' was causing white borders because the shorthand property resets the color component. Fixed in: - MainPanel.tsx (Git pill tooltip overlay) - GitDiffViewer.tsx (modal dialog) - GitStatusWidget.tsx (hover tooltip)
- Add 150ms close timeout to all hover overlays (git, context, sessions, session pill) - Add invisible bridge divs with pointer-events-auto to span the gap between triggers and overlays - Convert GitStatusWidget from CSS group-hover to JavaScript state management for better control - Add proper mouse enter/leave handlers on overlay content to maintain open state when mouse reaches it - Fix pointer-events handling so overlays stay open when mousing from trigger to dropdown This fixes the issue where overlays would vanish when trying to move the mouse to interact with them.
Pull Request ReviewOverviewThis PR introduces 37 significant features and fixes across 59 files with ~5,770 additions. The scope is very large, which increases review complexity and merge risk. Strengths
Notable implementations:
CRITICAL Issues1. Path Traversal Vulnerability in Attachments APILocation: src/main/index.ts:2339-2369 The attachments API doesn't sanitize sessionId or filename parameters. Malicious values like ../../../etc/passwd could write files outside the intended directory. Fix: Use path.basename() and reject filenames containing .. or path separators. Same issue in: attachments:load, attachments:delete, attachments:list 2. TTS Command Injection PotentialLocation: src/main/index.ts:2262-2335 User-provided command string is split and spawned without validation. Fix: Whitelist allowed commands: say, espeak, festival Performance Issues3. Global Stats Reads All Files SynchronouslyLocation: src/main/index.ts:1562-1588 Reading thousands of large JSONL files could block the main process. Recommendations:
4. Regex Performance in Global StatsLocation: src/main/index.ts:1585-1595 Running 6+ regex passes over multi-MB files is inefficient. Better: Single pass with JSON.parse per line Other Issues
Testing Recommendations
VerdictConditionally Approve - Features are valuable and mostly well-implemented, but the path traversal vulnerability MUST be fixed before merging. Before Merge
Great work on the comprehensive feature additions! |
…etion - Added BatchCompleteInfo interface to useBatchProcessor hook - Added onComplete callback prop to useBatchProcessor - Track batch start time to calculate elapsed duration - Call onComplete with session info, task counts, and timing when batch finishes - In App.tsx, pass onComplete callback that shows toast notification: - Success toast when all tasks completed - Warning toast when batch was stopped early - Info toast for partial completions - Includes group name, project name, and elapsed time
… with issue tag and image analysis instructions
Pull Request Review: Laundry List of FixesThank you for this comprehensive PR! Overall, the code quality is excellent with strong attention to security and UX. StrengthsSecurity Best Practices
Code Quality
Areas for Improvement1. TTS Command Parsing - Security Risk (Medium)src/main/index.ts:2278-2288 - The TTS command parsing uses regex on user-provided strings which could execute arbitrary code. Recommendations:
2. Global Stats Performance (Low)src/main/index.ts:1500-1665 - Reads ALL .jsonl files with regex matching on entire contents. Could block for minutes on large workspaces. Recommendations:
3. Delete Message Pair Edge Cases (Low)src/main/index.ts:1752-1849 - Fallback content matching could delete wrong pair if duplicate messages exist. Recommendations:
4. Attachment File Size Limits (Low)src/main/index.ts:2342-2376 - No validation on base64 image size before writing. Recommendation: Add max file size check (10MB) to prevent disk exhaustion. 5. Tab Completion Performance (Low)src/renderer/hooks/useTabCompletion.ts:20-43 - Recursive tree traversal on every render could lag with 10k+ files. Recommendation: Limit depth or cache more aggressively. Minor Issues
Testing Recommendations
Test Coverage NoteNo test files added for new features. Consider adding:
SummaryOverall: LGTM with minor recommendations High-quality PR with excellent security practices. Main concerns:
Great work on UX improvements! |
Pull Request Review: Laundry List of FixesThis is a substantial PR with 5,852 additions and 1,143 deletions across 60 files. The changes include numerous feature additions, bug fixes, and UX improvements. Here's my comprehensive review: 🎯 Overall AssessmentVerdict: Approve with Minor Recommendations This PR demonstrates solid engineering practices with proper security considerations, thoughtful architecture, and adherence to the project's coding conventions. The changes are well-structured and add significant value. ✅ Strengths1. Security Practices
2. Code Quality
3. Architecture
4. UX Improvements
|
Pull Request ReviewThis is a comprehensive PR with 60 files changed covering many improvements. Here's my detailed feedback: Overall Assessment ✅This is a well-structured PR with solid improvements. The code quality is generally good, but there are some security, performance, and architectural concerns to address. 🔴 Critical Issues1. Command Injection Risk in TTS (src/main/index.ts:2295-2320)The TTS implementation spawns shell commands based on user-provided input without proper validation: const fullCommand = command || 'say';
const parts = fullCommand.split(' ');
const ttsCommand = parts[0];
const ttsArgs = [...parts.slice(1), text];Risk: If Recommendation:
2. Unvalidated User Input in Attachment Filenames (src/main/index.ts:2365-2402)const filePath = path.join(attachmentsDir, finalFilename);Risk: Path traversal vulnerability if Recommendation: Add filename sanitization: const sanitizeFilename = (name: string) => {
return name.replace(/[^a-zA-Z0-9._-]/g, '_').replace(/\.\./g, '_');
};3. Missing Error Handling in Claude Session Deletion (src/main/index.ts:1750-1852)The Recommendation:
|
Pull Request Review - PR 6This is a substantial PR with 38 commits adding many improvements and features to Maestro. Overall code quality is good, but there are several areas that need attention. Strengths
Critical Issues1. Missing Input Validation (HIGH)File: src/main/index.ts Attachments API - No validation:
TTS Command - Missing allowlist validation Fix: Add filename sanitization, 10MB size limit, command allowlist 2. Race Condition (MEDIUM)File: src/main/index.ts (claude:getGlobalStats) Window could be destroyed between check and send. Multiple concurrent calls will interleave updates. Fix: Add try-catch, use debouncing/locking 3. Silent Error Handling (MEDIUM)File: src/main/index.ts (deleteMessagePair) Catches JSON parse errors silently without logging. Fix: Add proper error logging Code QualityPositive:
Improvements Needed:
PerformanceGlobal Stats Calculation:
TestingMissing tests for:
Security Summary
VerdictAPPROVE WITH CHANGES Great work on this PR! The features are well-designed and the code quality is solid. However, input validation issues must be fixed before merge. Must fix before merge:
Estimated effort: 2-4 hours |
…simplification Scratchpad lightbox enhancements: - Add navigation between images with ←/→ arrows - Add copy to clipboard and delete buttons - Support keyboard navigation (arrow keys, Delete/Backspace, ESC) - Show image counter and navigation hints Collapsed sidebar improvements: - Add menu overlay when sidebar is collapsed - Access shortcuts help, settings, logs, process monitor, and about Terminal output: - Move delivery checkmark to end of action buttons Mobile web interface simplification: - Remove command history drawer and recent command chips - Simplify layout with fixed 100dvh height - Remove input expansion behavior on small screens - Make AutoRun indicator more prominent with bold colors and larger text
PR Review: Laundry List of FixesThis is a comprehensive PR with 60 files changed (+6108/-1267 lines) containing 37 distinct features and fixes. Overall, the changes are well-implemented with good attention to detail. Below is a structured review covering code quality, potential issues, performance, security, and testing. ✅ StrengthsCode Quality
Architecture
|
- Change TTS to pipe text via stdin for better compatibility - Add ability to stop TTS playback mid-speech (stop button in Settings and TerminalOutput) - Add session selection sync from mobile web interface to desktop - Fix group lookup to use session.groupId instead of searching sessionIds - Add loading spinner for global stats in AboutModal - Format cost numbers with locale-aware formatting Claude ID: 6d45561a-5ae7-4043-8af1-1f6eb349af4e Maestro ID: 5a166b38-b7e9-47f0-a8ff-0113c65f2682
Code Review: Laundry List of FixesThis is an extensive PR with 60 files changed (+6,407/-1,316 lines) covering a wide range of features and improvements. Overall, the code quality is good with well-structured additions. Here's my detailed review: ✅ Strengths1. Excellent Security Practices
2. Good Architecture Decisions
3. Code Quality
|
Session cycling (Cmd+Shift+{/}) now correctly follows the visual order
of sessions as they appear in the sidebar: bookmarks section first,
then groups (alphabetically), then ungrouped sessions. Bookmarked
sessions can now be cycled through in both their bookmark position
and their regular group/ungrouped position, matching the visual layout.
Claude ID: 34a8dd77-d500-4237-b4c0-3a1606c9338a
Maestro ID: 5a166b38-b7e9-47f0-a8ff-0113c65f2682
Simplify cost display formatting in history views for better readability. Currency values are more conventionally shown with 2 decimal places. Claude ID: 34a8dd77-d500-4237-b4c0-3a1606c9338a Maestro ID: 5a166b38-b7e9-47f0-a8ff-0113c65f2682
Pull Request Review - PR #6This is a comprehensive PR with 37 commits and 6,463 additions covering numerous features and improvements. Overall, the code quality is good, but I've identified several areas requiring attention. Critical Issues1. Security: File System Path Traversal VulnerabilityLocation: src/main/index.ts:1416-1440 The attachments:save handler is vulnerable to path traversal attacks. A malicious filename like ../../.ssh/id_rsa could write files outside the intended directory. Fix Required:
2. Security: Unbounded Memory Growth in TTS Process TrackingLocation: src/main/index.ts:2281-2286 The activeTtsProcesses Map never cleans up on error events, causing memory leaks in long-running apps. Fix Required:
3. Performance: Global Stats Computation Blocks Main ThreadLocation: src/main/index.ts:1514-1679 The claude:getGlobalStats handler performs intensive synchronous regex operations on large JSONL files, blocking the event loop. Recommendations:
High Priority Issues4. Error Handling: Silent Failures in Message DeletionLocation: src/main/index.ts:1764-1866 Malformed JSONL entries are silently preserved in claude:deleteMessagePair, which may cause data corruption. Add warning logs for malformed entries. 5. Race Condition: Attachment Cache Not Thread-SafeLocation: src/renderer/components/Scratchpad.tsx:34 The global imageCache Map stores strings, not promises, allowing concurrent requests to trigger duplicate IPC calls. Cache promises instead. 6. Incomplete Cleanup: Web Server Callbacks Not UnregisteredLocation: src/main/index.ts:221-282 Multiple server.setXCallback() calls create closures but are never cleaned up on app shutdown. Medium Priority Issues
Positive Observations
Testing ChecklistBefore merging, verify:
RecommendationConditional approval pending security fixes. Issues #1 and #2 must be addressed before merge. Issue #3 should be tracked for future optimization. Overall, this is a solid feature-rich PR that significantly improves Maestro. Great work! Review by Claude Code Agent |
- Remove bullet points from markdown checkbox list items in FilePreview and Scratchpad for cleaner task list appearance - Move opacity hover transition from container to individual session indicators in collapsed bookmarks/groups palettes for better feedback Claude ID: aa1bea17-be18-4561-a1bb-56e7bf71cda2 Maestro ID: 5a166b38-b7e9-47f0-a8ff-0113c65f2682
Code Review - PR #6: Laundry List of FixesSummaryThis is a substantial PR with 6,467 additions and 1,335 deletions across 59 files. The changes introduce many valuable features including image paste support, tab completion, global Claude stats, message deletion, TTS improvements, and web server enhancements. Overall, the code quality is good with proper security practices in place. ✅ StrengthsSecurity
Code Quality
🔍 Issues & Concerns1. Performance - Global Stats Calculation
|
1 participant
