fix: resolve 5 HIGH priority code review issues#1
Closed
ZRainbow1275 wants to merge 11 commits into
Closed
Conversation
DevHub is a Windows-native Electron desktop application for managing npm projects and monitoring AI coding assistants (Codex, Claude Code, Gemini CLI). Core features: - Project management with one-click start/stop and real-time logs - AI tool detection with completion notifications - System monitoring (processes, ports, windows) - Soviet Constructivist design language Security: - Sandboxed renderer with CSP headers - IPC rate limiting on all channels - Centralized input validation with assertion functions - Structured error returns (ServiceResult<T>) - Independent ErrorBoundary per monitor view Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…fixes Security (P0): - Add PROTECTED_PROCESSES list (csrss, lsass, svchost, explorer, etc.) - Clean DEV_PROCESS_PATTERNS (remove powershell.exe, cmd.exe) - Add AuditLogger for kill/release operations - Add DESTRUCTIVE rate limit tier (5/min) - Tighten zombie detection heuristics Functionality (P1): - Fix CPU metrics: replace hardcoded 0 with PowerShell Get-CimInstance sampling - Add project auto-discovery on first launch with AutoDiscoveryDialog - Fix AI tool detection: Claude Code regex, Cursor empty-pattern handling - Add port-project linking via PID matching - WindowManager fallback mechanism for C# compilation failures Theme System (P2): - Multi-theme CSS: constructivism (default), modern-light, warm-light - Add useTheme hook with localStorage persistence - Add theme selector in SettingsDialog with visual previews Layout & UX (P2): - ResizeHandle: draggable project panel (280-400px) - useWindowSize: responsive breakpoint hook - StatusBar: responsive truncation - Sidebar: persistent collapse state Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…measurement, UI overflow - Add requestSingleInstanceLock to prevent duplicate windows - Add UTF-8 encoding to all PowerShell commands (fixes garbled window titles) - Inline Add-Type C# code in each PowerShell call (fixes window operations) - Fix CPU measurement PowerShell syntax (@() array literal) - Remove truncate from StatCard values (fixes "0...." display) - Add mobile font breakpoint for HeroStats - Tighten DEV_PROCESS_PATTERNS (remove database processes) - Add manual project discovery button in ProjectList - Fix CSS color-mix for opacity modifiers with CSS variables - Fix theme validation to accept actual theme names - Initialize theme on app startup via useTheme hook Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- HIGH-5: Add timeout:15000 to all execFileAsync calls in WindowManager.ts - HIGH-6: PortScanner normalizeState returns null for unknown TCP states instead of LISTENING - HIGH-7: Increase ProjectWatcher chokidar polling interval from 5s to 30s - HIGH-8: Fix race condition in WindowView.tsx with scanVersionRef guard - HIGH-9: Extract type guard functions in useTheme.ts replacing nested assertions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bug 1 - Stale notifications: ToolMonitor.checkTools() failed silently without updating previousStatus, causing false running→stopped transitions on recovery. Added previousStatus reset on failure, 30s dedup window in ToolMonitor, cross-system dedup via NotificationService dedupKey, and fixed before-quit ordering (toolMonitor.stop() before processManager.stopAll()). Bug 2 - onDetected crash: useProjects.ts accessed window.devhub.projects.watcher.onDetected without optional chaining. Added defensive guards and marked watcher as optional in global.d.ts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix ToolMonitor previousStatus reset logic when process list fetch fails to prevent stale completion notifications (HIGH severity) - Fix ProcessManager.test.ts mock configuration for child_process module to properly expose spawn and other exports for ESM compatibility - Update test expectations to match actual emitStatus() parameter passing (statusCallback receives projectId, status, and optional pid) - All linting, type checking, and 254 unit tests now pass - Verified: ESLint, TypeScript strict mode, and Vitest suite all passing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… report - emitStatus now only passes pid when defined, fixing argument count mismatch that caused test assertion failures - Remove CODE_REVIEW_FINDINGS.md (contained false positive CRITICAL findings) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pre-existing development state including phase2 enhancements, topology view, AI progress timeline, decoration components, and various UI improvements. Committing as checkpoint before applying Round 3 parallel agent implementation patches. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Review: 5 parallel agents audited ~100 source files against prompts/0411 specs. Found 42 issues (1 CRITICAL, 14 HIGH, 22 MEDIUM, 5 LOW). Fixed 35. CRITICAL: - Create missing splash.html + splash-preload.js for startup splash screen HIGH fixes: - Add Error Boundary wrapping for ProcessGroupCard, PortCard, WindowCard - Fix BackgroundScannerManager timer not stopped after max retries (IPC spam) - Fix PortScanner.checkPort() using scanAll() instead of incremental query - Fix scannerStore initialize() failure stuck in 'loading' state - Fix portStore missing cache-first pattern (no result writeback) - Fix notification release-port action dead loop (no renderer listener) - Fix splash progress stages 4/5/6 lost due to registration order - Add 'unknown' to ProcessStatusType union MEDIUM fixes: - Fix NotificationService.notifyTaskError() using wrong notification type - Fix AITaskTracker confirmation window only checking idle+cpu - Fix AIAliasManager PID persistence causing cross-restart false matches - Fix AI_TASK_GET_ALL returning same data as GET_ACTIVE - Fix stopTracking(pid) parameter ignored by handler - Fix ProcessDetailPanel defensive rendering (ports, descendants, memPercent) - Fix WindowView rect access without optional chaining - Fix InitializationScreen hardcoded near-black color - Fix useLogs memory leak (missing unsubscribe cleanup) - Fix useProjects useMemo depending on unstable function reference - Add per-theme --radius-sm/md/lg/xl CSS variables - Add Layer 2-7 tokens for dark/light themes Small fixes (10): - Add LAYOUT_PRESETS to windowStore - Add aliasStore auto-hydration on startup - Align tailwind.config.js screens to custom breakpoints - Fix formatMetric missing return path - Implement saveLayoutOnExit in mainWindow close handler - Fix scannerHandlers WeakSet blocking reconnection - Fix security.ts venv detection inconsistency - Add JSDoc to distinguish AITaskStatistics from TaskStatistics - Add IPC validation TODO comments (zod not in deps) - Verify CompactProcessRow cpu.toFixed NaN guard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
WindowManager.ts— 为所有execFileAsync调用添加timeout: 15000,防止 PowerShell 子进程挂起PortScanner.ts—normalizeState返回PortState | null,未知 TCP 状态返回null而非默认LISTENING,避免误报ProjectWatcher.ts— 将 chokidar polling interval 从 5s 提升至 30s,降低大目录 CPU 开销WindowView.tsx— 引入scanVersionRef+latestShowSystemRef解决showSystemWindows切换时的竞态条件useTheme.ts— 提取isLegacySettings类型守卫和extractThemeValue辅助函数,替换嵌套类型断言Changed Files
src/main/services/WindowManager.tsexecFileAsync添加timeout: 15000src/main/services/PortScanner.tsnormalizeState返回PortState | nullsrc/main/services/PortScanner.test.tssrc/main/services/ProjectWatcher.tssrc/renderer/components/monitor/WindowView.tsxsrc/renderer/hooks/useTheme.tsVerification
tsc --noEmit): 零错误Test plan
🤖 Generated with Claude Code