M3-T1: GitHub Issue Polling & Auto-Claim Service (vibe-kanban)

.beads/issues/claude-auth-cors-fix.md

@@ -0,0 +1,139 @@
+---
+title: 'Fix: Claude CLI authentication detection + CORS configuration'
+status: done
+priority: high
+category: Infrastructure
+labels: [bug, authentication, cors, claude-cli]
+created: 2025-12-25T21:20:00Z
+updated: 2025-12-25T21:20:00Z
+---
+
+## Summary
+
+Fixed Claude CLI authentication detection and CORS configuration issues that prevented the DevFlow UI from recognizing authenticated Claude CLI installations.
+
+## Problems Fixed
+
+### 1. Authentication Detection Bug
+
+**Issue**: Server did not support Claude CLI 2.x credential format
+
+**Details**:
+
+- Claude CLI 2.x stores OAuth tokens in a nested structure: `claudeAiOauth.accessToken`
+- Old code only checked for root-level `oauth_token` or `access_token` fields
+- Result: Authenticated users appeared as "Not Installed"
+
+**Files Modified**:
+
+- `apps/server/src/routes/setup/get-claude-status.ts:158`
+
+**Fix Applied**:
+
+```typescript
+// Before (broken):
+if (credentials.oauth_token || credentials.access_token)
+
+// After (fixed):
+if (credentials.claudeAiOauth?.accessToken || credentials.oauth_token || credentials.access_token)
+```
+
+### 2. CORS Configuration Issue
+
+**Issue**: UI could not communicate with backend API due to incorrect CORS origin
+
+**Details**:
+
+- UI runs on `http://localhost:3007`
+- Server only allowed CORS from `http://localhost:3008`
+- Result: Browser blocked all API requests with CORS errors
+
+**Files Modified**:
+
+- `apps/server/src/index.ts:15,58-60` - Added path import and dotenv configuration
+- `.env` (created) - Set `CORS_ORIGIN=http://localhost:3007`
+
+**Fix Applied**:
+
+```typescript
+// Added import
+import path from 'path';
+
+// Updated dotenv loading
+const projectRoot = process.env.INIT_CWD || process.cwd();
+dotenv.config({ path: path.join(projectRoot, '.env') });
+dotenv.config(); // Fallback to default behavior
+```
+
+## Changes
+
+### Modified Files
+
+1. **apps/server/src/routes/setup/get-claude-status.ts**
+   - Line 158: Added support for `claudeAiOauth?.accessToken`
+   - Maintains backward compatibility with old credential format
+
+2. **apps/server/src/index.ts**
+   - Line 15: Added `import path from 'path'`
+   - Lines 58-60: Load .env from project root for CORS configuration
+
+### Created Files
+
+1. **.env** (project root)
+
+   ```
+   CORS_ORIGIN=http://localhost:3007
+   ```
+
+   - Not committed to git (in .gitignore)
+   - Required for web mode development
+
+2. **docs/fixes/claude-authentication-cors-fix.md**
+   - Comprehensive documentation
+   - Troubleshooting steps
+   - Deployment notes
+
+## Results
+
+### Before Fix
+
+```
+Claude CLI: Not Installed ❌
+API Key: Not Set ❌
+Browser Console: CORS errors ❌
+```
+
+### After Fix
+
+```
+Claude CLI: Verified ✅ (version 2.0.76)
+Authentication Method: OAuth Token ✅
+Path: /home/oxtsotsi/.local/bin/claude ✅
+Browser Console: No errors ✅
+```
+
+## Verification Steps
+
+1. Check Claude CLI version: `claude --version` → should show 2.0.76
+2. Verify credentials: `cat ~/.claude/.credentials.json` → should show `claudeAiOauth`
+3. Check server logs: Should see `[CORS] ✓ Origin set to: http://localhost:3007`
+4. Check browser console: Should see successful API calls, no CORS errors
+5. Check UI Settings: Should show "Verified" status for Claude CLI
+
+## Deployment Notes
+
+For developers experiencing similar issues:
+
+1. Ensure `.env` file exists in project root with `CORS_ORIGIN=http://localhost:3007`
+2. Restart server after changes: `npm run dev:server`
+3. Hard refresh browser: `Ctrl+Shift+R` (Windows/Linux) or `Cmd+Shift+R` (Mac)
+4. Check server logs for CORS configuration confirmation
+
+## Related Documentation
+
+See `docs/fixes/claude-authentication-cors-fix.md` for detailed technical documentation, including:
+
+- Root cause analysis
+- Code examples
+- Troubleshooting guide
+- Future improvement suggestions

.claude/commands/update-app.md

@@ -0,0 +1,149 @@
+---
+name: update-app
+description: Update dependencies, fix deprecations and warnings
+---
+
+# Dependency Update & Deprecation Fix
+
+## Step 1: Check for Updates
+
+```bash
+npm outdated
+```
+
+Review the output for outdated packages, especially those with higher major/minor versions available.
+
+## Step 2: Update Dependencies
+
+```bash
+# Update all dependencies
+npm update
+
+# Fix security vulnerabilities
+npm audit fix
+
+# If audit fix can't resolve automatically, run:
+npm audit fix --force
+```
+
+## Step 3: Check for Deprecations & Warnings
+
+Run a clean install and check for warnings:
+
+```bash
+rm -rf node_modules package-lock.json
+npm install
+```
+
+**Read ALL output carefully.** Look for:
+- Deprecation warnings (e.g., "package X is deprecated")
+- Security vulnerabilities
+- Peer dependency warnings
+- Breaking changes
+- Unresolved dependencies
+
+## Step 4: Fix Issues
+
+For each warning/deprecation found:
+
+1. **Research the recommended replacement or fix**
+   - Check the package's documentation
+   - Look for migration guides
+   - Review GitHub issues/PRs
+
+2. **Update code/dependencies accordingly**
+   - Update deprecated packages to replacements
+   - Refactor code using deprecated APIs
+   - Update peer dependency versions
+
+3. **Re-run installation**
+   ```bash
+   npm install
+   ```
+
+4. **Verify no warnings remain**
+   - Run `npm install` again
+   - Ensure ZERO warnings/errors
+
+## Step 5: Rebuild Packages
+
+Since this is a workspace monorepo, rebuild shared packages:
+
+```bash
+npm run build:packages
+```
+
+## Step 6: Run Quality Checks
+
+```bash
+# Lint all code
+npm run lint
+
+# Typecheck server
+npx tsc -p apps/server/tsconfig.json --noEmit
+
+# Run tests
+npm run test:all
+
+# Format code
+npm run format
+```
+
+**Fix ALL errors before continuing.**
+
+## Step 7: Verify Lockfile
+
+Ensure lockfile is properly formatted (no git+ssh URLs):
+
+```bash
+npm run lint:lockfile
+```
+
+If this fails, run:
+```bash
+npm run fix:lockfile
+```
+
+## Step 8: Verify Clean Install
+
+Ensure a fresh install works with ZERO warnings:
+
+```bash
+# Complete clean slate
+rm -rf node_modules package-lock.json
+rm -rf apps/*/node_modules libs/*/node_modules
+
+# Clean install
+npm install
+
+# Rebuild packages
+npm run build:packages
+
+# Verify success
+npm run lint
+npm run test:all
+```
+
+## Step 9: Confirm All Workspaces Build
+
+```bash
+# Build server
+npm run build:server
+
+# Build UI
+npm run build
+
+# Build Electron (if applicable)
+npm run build:electron:dir
+```
+
+## Summary
+
+After completing all steps:
+- ✅ All dependencies updated
+- ⚠️ ZERO deprecation warnings
+- 🛡️ All security vulnerabilities addressed
+- 🔒 Lockfile properly formatted
+- ✅ All tests passing
+- 📦 All workspaces build successfully
+- 🎨 Code properly formatted

.claude/plans/cheeky-puzzling-dusk.md

@@ -0,0 +1,108 @@
+# Fix Claude Authentication Detection + CORS Configuration
+
+## Issues Found
+
+### 1. ✅ FIXED: Authentication Detection Bug
+
+**Status**: Fixed in [get-claude-status.ts:158](apps/server/src/routes/setup/get-claude-status.ts#L158)
+
+The credential detection code now supports the new Claude CLI 2.x credentials format:
+
+- Old format: `oauth_token` or `access_token` at root level
+- New format: `claudeAiOauth.accessToken` (nested structure)
+
+### 2. ❌ BLOCKER: CORS Configuration
+
+**Status**: **NEEDS FIX**
+
+**Problem**: The UI runs on `http://localhost:3007` but the server only allows CORS from `http://localhost:3008`.
+
+**Error from browser console**:
+
+```
+Access to fetch at 'http://localhost:3008/api/health' from origin 'http://localhost:3007'
+has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value
+'http://localhost:3008' that is not equal to the supplied origin.
+```
+
+**Root Cause**: In [index.ts:105-106](apps/server/src/index.ts#L105-L106), when `CORS_ORIGIN` is not set, it defaults to `http://localhost:3008` instead of `http://localhost:3007` where the UI actually runs.
+
+## Solution
+
+### Fix CORS Configuration
+
+**Option 1: Update .env file (Recommended)**
+Add to `.env`:
+
+```
+CORS_ORIGIN=http://localhost:3007
+```
+
+**Option 2: Update default in code**
+Change [index.ts:106](apps/server/src/index.ts#L106) to default to port 3007:
+
+```typescript
+return 'http://localhost:3007';
+```
+
+**Option 3: Use wildcard for development**
+Set in `.env`:
+
+```
+CORS_ORIGIN=*
+```
+
+### Testing Plan
+
+1. Apply CORS fix (add `CORS_ORIGIN=http://localhost:3007` to `.env`)
+2. Restart the server:
+   ```bash
+   pkill -f "tsx watch"
+   npm run dev:server
+   ```
+3. Refresh the browser (Ctrl+Shift+R or Cmd+Shift+R)
+4. Check browser console - should see:
+   - ✅ `[HttpApiClient] WebSocket connected`
+   - ✅ No CORS errors
+   - ✅ API calls succeeding
+5. Navigate to Settings > Claude Setup - should see:
+   - ✅ **Claude CLI**: "Verified" (green badge)
+   - ✅ Shows CLI version: "2.0.76"
+   - ✅ Shows authentication method
+
+## Files to Modify
+
+1. **Create `.env` file** in project root with:
+   ```
+   CORS_ORIGIN=http://localhost:3007
+   ```
+
+OR
+
+2. **Edit `apps/server/src/index.ts`** line 106 to change default
+
+## Verification
+
+After fix, browser console should show:
+
+```
+[Claude Setup] Starting status check...
+[Claude Setup] Raw status result: {
+  success: true,
+  status: 'installed',
+  installed: true,
+  version: '2.0.76',
+  auth: {
+    authenticated: true,
+    method: 'oauth_token',
+    hasCredentialsFile: true,
+    ...
+  }
+}
+```
+
+And UI should display:
+
+- **Claude CLI**: ✅ Verified (green badge)
+- **Version**: 2.0.76
+- **Authentication Method**: OAuth Token