From c69e86fb95da72f9c5f102e0c6447183e187c628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Sat, 11 Oct 2025 11:03:57 +0200 Subject: [PATCH] fix: workflows --- .claude.json | 303 ++++++++++++----------- .gitea/workflows/docs.pivoine.art.yaml | 10 - .gitea/workflows/sexy.pivoine.art.yaml | 10 - .init/bin/mirror_project.sh | 2 + Projects/kompose/MIGRATION_GUIDE.md | 315 ++++++++++++++++++++++++ Projects/kompose/auth/.env.new | 6 + Projects/kompose/auth/compose.yaml.new | 41 +++ Projects/kompose/secrets.env.template | 51 ++++ Projects/kompose/track/.env.new | 6 + Projects/kompose/track/compose.yaml.new | 37 +++ 10 files changed, 619 insertions(+), 162 deletions(-) create mode 100644 Projects/kompose/MIGRATION_GUIDE.md create mode 100644 Projects/kompose/auth/.env.new create mode 100644 Projects/kompose/auth/compose.yaml.new create mode 100644 Projects/kompose/secrets.env.template create mode 100644 Projects/kompose/track/.env.new create mode 100644 Projects/kompose/track/compose.yaml.new diff --git a/.claude.json b/.claude.json index fd9592d0..082a45ff 100644 --- a/.claude.json +++ b/.claude.json @@ -1,143 +1,162 @@ { - "numStartups": 5, - "installMethod": "unknown", - "autoUpdates": true, - "tipsHistory": { - "new-user-warmup": 1, - "plan-mode-for-complex-tasks": 3, - "terminal-setup": 3, - "memory-command": 4, - "theme-command": 4, - "status-line": 4, - "prompt-queue": 5, - "enter-to-steer-in-relatime": 5 - }, - "cachedStatsigGates": { - "tengu_disable_bypass_permissions_mode": false, - "tengu_use_file_checkpoints": true - }, - "firstStartTime": "2025-10-07T11:42:53.324Z", - "userID": "6dcc049650f0bd574d22530cdaefd1ad77a087fd423b1e2b211d5d5de6c73ec9", - "sonnet45MigrationComplete": true, - "cachedChangelog": "# Changelog\n\n## 2.0.9\n\n- Fix regression where bash backgrounding stopped working\n\n## 2.0.8\n\n- Update Bedrock default Sonnet model to `global.anthropic.claude-sonnet-4-5-20250929-v1:0`\n- IDE: Add drag-and-drop support for files and folders in chat\n- /context: Fix counting for thinking blocks\n- Improve message rendering for users with light themes on dark terminals\n- Remove deprecated .claude.json allowedTools, ignorePatterns, env, and todoFeatureEnabled config options (instead, configure these in your settings.json)\n\n## 2.0.5\n\n- IDE: Fix IME unintended message submission with Enter and Tab\n- IDE: Add \"Open in Terminal\" link in login screen\n- Fix unhandled OAuth expiration 401 API errors\n- SDK: Added SDKUserMessageReplay.isReplay to prevent duplicate messages\n\n## 2.0.1\n\n- Skip Sonnet 4.5 default model setting change for Bedrock and Vertex\n- Various bug fixes and presentation improvements\n\n## 2.0.0\n\n- New native VS Code extension\n- Fresh coat of paint throughout the whole app\n- /rewind a conversation to undo code changes\n- /usage command to see plan limits\n- Tab to toggle thinking (sticky across sessions)\n- Ctrl-R to search history\n- Unshipped claude config command\n- Hooks: Reduced PostToolUse 'tool_use' ids were found without 'tool_result' blocks errors\n- SDK: The Claude Code SDK is now the Claude Agent SDK\n- Add subagents dynamically with `--agents` flag\n\n## 1.0.126\n\n- Enable /context command for Bedrock and Vertex\n- Add mTLS support for HTTP-based OpenTelemetry exporters\n\n## 1.0.124\n\n- Set `CLAUDE_BASH_NO_LOGIN` environment variable to 1 or true to to skip login shell for BashTool\n- Fix Bedrock and Vertex environment variables evaluating all strings as truthy\n- No longer inform Claude of the list of allowed tools when permission is denied\n- Fixed security vulnerability in Bash tool permission checks\n- Improved VSCode extension performance for large files\n\n## 1.0.123\n\n- Bash permission rules now support output redirections when matching (e.g., `Bash(python:*)` matches `python script.py > output.txt`)\n- Fixed thinking mode triggering on negation phrases like \"don't think\"\n- Fixed rendering performance degradation during token streaming\n- Added SlashCommand tool, which enables Claude to invoke your slash commands. https://docs.claude.com/en/docs/claude-code/slash-commands#SlashCommand-tool\n- Enhanced BashTool environment snapshot logging\n- Fixed a bug where resuming a conversation in headless mode would sometimes enable thinking unnecessarily\n- Migrated --debug logging to a file, to enable easy tailing & filtering\n\n## 1.0.120\n\n- Fix input lag during typing, especially noticeable with large prompts\n- Improved VSCode extension command registry and sessions dialog user experience\n- Enhanced sessions dialog responsiveness and visual feedback\n- Fixed IDE compatibility issue by removing worktree support check\n- Fixed security vulnerability where Bash tool permission checks could be bypassed using prefix matching\n\n## 1.0.119\n\n- Fix Windows issue where process visually freezes on entering interactive mode\n- Support dynamic headers for MCP servers via headersHelper configuration\n- Fix thinking mode not working in headless sessions\n- Fix slash commands now properly update allowed tools instead of replacing them\n\n## 1.0.117\n\n- Add Ctrl-R history search to recall previous commands like bash/zsh\n- Fix input lag while typing, especially on Windows\n- Add sed command to auto-allowed commands in acceptEdits mode\n- Fix Windows PATH comparison to be case-insensitive for drive letters\n- Add permissions management hint to /add-dir output\n\n## 1.0.115\n\n- Improve thinking mode display with enhanced visual effects\n- Type /t to temporarily disable thinking mode in your prompt\n- Improve path validation for glob and grep tools\n- Show condensed output for post-tool hooks to reduce visual clutter\n- Fix visual feedback when loading state completes\n- Improve UI consistency for permission request dialogs\n\n## 1.0.113\n\n- Deprecated piped input in interactive mode\n- Move Ctrl+R keybinding for toggling transcript to Ctrl+O\n\n## 1.0.112\n\n- Transcript mode (Ctrl+R): Added the model used to generate each assistant message\n- Addressed issue where some Claude Max users were incorrectly recognized as Claude Pro users\n- Hooks: Added systemMessage support for SessionEnd hooks\n- Added `spinnerTipsEnabled` setting to disable spinner tips\n- IDE: Various improvements and bug fixes\n\n## 1.0.111\n\n- /model now validates provided model names\n- Fixed Bash tool crashes caused by malformed shell syntax parsing\n\n## 1.0.110\n\n- /terminal-setup command now supports WezTerm\n- MCP: OAuth tokens now proactively refresh before expiration\n- Fixed reliability issues with background Bash processes\n\n## 1.0.109\n\n- SDK: Added partial message streaming support via `--include-partial-messages` CLI flag\n\n## 1.0.106\n\n- Windows: Fixed path permission matching to consistently use POSIX format (e.g., `Read(//c/Users/...)`)\n\n## 1.0.97\n\n- Settings: /doctor now validates permission rule syntax and suggests corrections\n\n## 1.0.94\n\n- Vertex: add support for global endpoints for supported models\n- /memory command now allows direct editing of all imported memory files\n- SDK: Add custom tools as callbacks\n- Added /todos command to list current todo items\n\n## 1.0.93\n\n- Windows: Add alt + v shortcut for pasting images from clipboard\n- Support NO_PROXY environment variable to bypass proxy for specified hostnames and IPs\n\n## 1.0.90\n\n- Settings file changes take effect immediately - no restart required\n\n## 1.0.88\n\n- Fixed issue causing \"OAuth authentication is currently not supported\"\n- Status line input now includes `exceeds_200k_tokens`\n- Fixed incorrect usage tracking in /cost.\n- Introduced `ANTHROPIC_DEFAULT_SONNET_MODEL` and `ANTHROPIC_DEFAULT_OPUS_MODEL` for controlling model aliases opusplan, opus, and sonnet.\n- Bedrock: Updated default Sonnet model to Sonnet 4\n\n## 1.0.86\n\n- Added /context to help users self-serve debug context issues\n- SDK: Added UUID support for all SDK messages\n- SDK: Added `--replay-user-messages` to replay user messages back to stdout\n\n## 1.0.85\n\n- Status line input now includes session cost info\n- Hooks: Introduced SessionEnd hook\n\n## 1.0.84\n\n- Fix tool_use/tool_result id mismatch error when network is unstable\n- Fix Claude sometimes ignoring real-time steering when wrapping up a task\n- @-mention: Add ~/.claude/\\* files to suggestions for easier agent, output style, and slash command editing\n- Use built-in ripgrep by default; to opt out of this behavior, set USE_BUILTIN_RIPGREP=0\n\n## 1.0.83\n\n- @-mention: Support files with spaces in path\n- New shimmering spinner\n\n## 1.0.82\n\n- SDK: Add request cancellation support\n- SDK: New additionalDirectories option to search custom paths, improved slash command processing\n- Settings: Validation prevents invalid fields in .claude/settings.json files\n- MCP: Improve tool name consistency\n- Bash: Fix crash when Claude tries to automatically read large files\n\n## 1.0.81\n\n- Released output styles, including new built-in educational output styles \"Explanatory\" and \"Learning\". Docs: https://docs.claude.com/en/docs/claude-code/output-styles\n- Agents: Fix custom agent loading when agent files are unparsable\n\n## 1.0.80\n\n- UI improvements: Fix text contrast for custom subagent colors and spinner rendering issues\n\n## 1.0.77\n\n- Bash tool: Fix heredoc and multiline string escaping, improve stderr redirection handling\n- SDK: Add session support and permission denial tracking\n- Fix token limit errors in conversation summarization\n- Opus Plan Mode: New setting in `/model` to run Opus only in plan mode, Sonnet otherwise\n\n## 1.0.73\n\n- MCP: Support multiple config files with `--mcp-config file1.json file2.json`\n- MCP: Press Esc to cancel OAuth authentication flows\n- Bash: Improved command validation and reduced false security warnings\n- UI: Enhanced spinner animations and status line visual hierarchy\n- Linux: Added support for Alpine and musl-based distributions (requires separate ripgrep installation)\n\n## 1.0.72\n\n- Ask permissions: have Claude Code always ask for confirmation to use specific tools with /permissions\n\n## 1.0.71\n\n- Background commands: (Ctrl-b) to run any Bash command in the background so Claude can keep working (great for dev servers, tailing logs, etc.)\n- Customizable status line: add your terminal prompt to Claude Code with /statusline\n\n## 1.0.70\n\n- Performance: Optimized message rendering for better performance with large contexts\n- Windows: Fixed native file search, ripgrep, and subagent functionality\n- Added support for @-mentions in slash command arguments\n\n## 1.0.69\n\n- Upgraded Opus to version 4.1\n\n## 1.0.68\n\n- Fix incorrect model names being used for certain commands like `/pr-comments`\n- Windows: improve permissions checks for allow / deny tools and project trust. This may create a new project entry in `.claude.json` - manually merge the history field if desired.\n- Windows: improve sub-process spawning to eliminate \"No such file or directory\" when running commands like pnpm\n- Enhanced /doctor command with CLAUDE.md and MCP tool context for self-serve debugging\n- SDK: Added canUseTool callback support for tool confirmation\n- Added `disableAllHooks` setting\n- Improved file suggestions performance in large repos\n\n## 1.0.65\n\n- IDE: Fixed connection stability issues and error handling for diagnostics\n- Windows: Fixed shell environment setup for users without .bashrc files\n\n## 1.0.64\n\n- Agents: Added model customization support - you can now specify which model an agent should use\n- Agents: Fixed unintended access to the recursive agent tool\n- Hooks: Added systemMessage field to hook JSON output for displaying warnings and context\n- SDK: Fixed user input tracking across multi-turn conversations\n- Added hidden files to file search and @-mention suggestions\n\n## 1.0.63\n\n- Windows: Fixed file search, @agent mentions, and custom slash commands functionality\n\n## 1.0.62\n\n- Added @-mention support with typeahead for custom agents. @ to invoke it\n- Hooks: Added SessionStart hook for new session initialization\n- /add-dir command now supports typeahead for directory paths\n- Improved network connectivity check reliability\n\n## 1.0.61\n\n- Transcript mode (Ctrl+R): Changed Esc to exit transcript mode rather than interrupt\n- Settings: Added `--settings` flag to load settings from a JSON file\n- Settings: Fixed resolution of settings files paths that are symlinks\n- OTEL: Fixed reporting of wrong organization after authentication changes\n- Slash commands: Fixed permissions checking for allowed-tools with Bash\n- IDE: Added support for pasting images in VSCode MacOS using ⌘+V\n- IDE: Added `CLAUDE_CODE_AUTO_CONNECT_IDE=false` for disabling IDE auto-connection\n- Added `CLAUDE_CODE_SHELL_PREFIX` for wrapping Claude and user-provided shell commands run by Claude Code\n\n## 1.0.60\n\n- You can now create custom subagents for specialized tasks! Run /agents to get started\n\n## 1.0.59\n\n- SDK: Added tool confirmation support with canUseTool callback\n- SDK: Allow specifying env for spawned process\n- Hooks: Exposed PermissionDecision to hooks (including \"ask\")\n- Hooks: UserPromptSubmit now supports additionalContext in advanced JSON output\n- Fixed issue where some Max users that specified Opus would still see fallback to Sonnet\n\n## 1.0.58\n\n- Added support for reading PDFs\n- MCP: Improved server health status display in 'claude mcp list'\n- Hooks: Added CLAUDE_PROJECT_DIR env var for hook commands\n\n## 1.0.57\n\n- Added support for specifying a model in slash commands\n- Improved permission messages to help Claude understand allowed tools\n- Fix: Remove trailing newlines from bash output in terminal wrapping\n\n## 1.0.56\n\n- Windows: Enabled shift+tab for mode switching on versions of Node.js that support terminal VT mode\n- Fixes for WSL IDE detection\n- Fix an issue causing awsRefreshHelper changes to .aws directory not to be picked up\n\n## 1.0.55\n\n- Clarified knowledge cutoff for Opus 4 and Sonnet 4 models\n- Windows: fixed Ctrl+Z crash\n- SDK: Added ability to capture error logging\n- Add --system-prompt-file option to override system prompt in print mode\n\n## 1.0.54\n\n- Hooks: Added UserPromptSubmit hook and the current working directory to hook inputs\n- Custom slash commands: Added argument-hint to frontmatter\n- Windows: OAuth uses port 45454 and properly constructs browser URL\n- Windows: mode switching now uses alt + m, and plan mode renders properly\n- Shell: Switch to in-memory shell snapshot to fix file-related errors\n\n## 1.0.53\n\n- Updated @-mention file truncation from 100 lines to 2000 lines\n- Add helper script settings for AWS token refresh: awsAuthRefresh (for foreground operations like aws sso login) and awsCredentialExport (for background operation with STS-like response).\n\n## 1.0.52\n\n- Added support for MCP server instructions\n\n## 1.0.51\n\n- Added support for native Windows (requires Git for Windows)\n- Added support for Bedrock API keys through environment variable AWS_BEARER_TOKEN_BEDROCK\n- Settings: /doctor can now help you identify and fix invalid setting files\n- `--append-system-prompt` can now be used in interactive mode, not just --print/-p.\n- Increased auto-compact warning threshold from 60% to 80%\n- Fixed an issue with handling user directories with spaces for shell snapshots\n- OTEL resource now includes os.type, os.version, host.arch, and wsl.version (if running on Windows Subsystem for Linux)\n- Custom slash commands: Fixed user-level commands in subdirectories\n- Plan mode: Fixed issue where rejected plan from sub-task would get discarded\n\n## 1.0.48\n\n- Fixed a bug in v1.0.45 where the app would sometimes freeze on launch\n- Added progress messages to Bash tool based on the last 5 lines of command output\n- Added expanding variables support for MCP server configuration\n- Moved shell snapshots from /tmp to ~/.claude for more reliable Bash tool calls\n- Improved IDE extension path handling when Claude Code runs in WSL\n- Hooks: Added a PreCompact hook\n- Vim mode: Added c, f/F, t/T\n\n## 1.0.45\n\n- Redesigned Search (Grep) tool with new tool input parameters and features\n- Disabled IDE diffs for notebook files, fixing \"Timeout waiting after 1000ms\" error\n- Fixed config file corruption issue by enforcing atomic writes\n- Updated prompt input undo to Ctrl+\\_ to avoid breaking existing Ctrl+U behavior, matching zsh's undo shortcut\n- Stop Hooks: Fixed transcript path after /clear and fixed triggering when loop ends with tool call\n- Custom slash commands: Restored namespacing in command names based on subdirectories. For example, .claude/commands/frontend/component.md is now /frontend:component, not /component.\n\n## 1.0.44\n\n- New /export command lets you quickly export a conversation for sharing\n- MCP: resource_link tool results are now supported\n- MCP: tool annotations and tool titles now display in /mcp view\n- Changed Ctrl+Z to suspend Claude Code. Resume by running `fg`. Prompt input undo is now Ctrl+U.\n\n## 1.0.43\n\n- Fixed a bug where the theme selector was saving excessively\n- Hooks: Added EPIPE system error handling\n\n## 1.0.42\n\n- Added tilde (`~`) expansion support to `/add-dir` command\n\n## 1.0.41\n\n- Hooks: Split Stop hook triggering into Stop and SubagentStop\n- Hooks: Enabled optional timeout configuration for each command\n- Hooks: Added \"hook_event_name\" to hook input\n- Fixed a bug where MCP tools would display twice in tool list\n- New tool parameters JSON for Bash tool in `tool_decision` event\n\n## 1.0.40\n\n- Fixed a bug causing API connection errors with UNABLE_TO_GET_ISSUER_CERT_LOCALLY if `NODE_EXTRA_CA_CERTS` was set\n\n## 1.0.39\n\n- New Active Time metric in OpenTelemetry logging\n\n## 1.0.38\n\n- Released hooks. Special thanks to community input in https://github.com/anthropics/claude-code/issues/712. Docs: https://docs.claude.com/en/docs/claude-code/hooks\n\n## 1.0.37\n\n- Remove ability to set `Proxy-Authorization` header via ANTHROPIC_AUTH_TOKEN or apiKeyHelper\n\n## 1.0.36\n\n- Web search now takes today's date into context\n- Fixed a bug where stdio MCP servers were not terminating properly on exit\n\n## 1.0.35\n\n- Added support for MCP OAuth Authorization Server discovery\n\n## 1.0.34\n\n- Fixed a memory leak causing a MaxListenersExceededWarning message to appear\n\n## 1.0.33\n\n- Improved logging functionality with session ID support\n- Added prompt input undo functionality (Ctrl+Z and vim 'u' command)\n- Improvements to plan mode\n\n## 1.0.32\n\n- Updated loopback config for litellm\n- Added forceLoginMethod setting to bypass login selection screen\n\n## 1.0.31\n\n- Fixed a bug where ~/.claude.json would get reset when file contained invalid JSON\n\n## 1.0.30\n\n- Custom slash commands: Run bash output, @-mention files, enable thinking with thinking keywords\n- Improved file path autocomplete with filename matching\n- Added timestamps in Ctrl-r mode and fixed Ctrl-c handling\n- Enhanced jq regex support for complex filters with pipes and select\n\n## 1.0.29\n\n- Improved CJK character support in cursor navigation and rendering\n\n## 1.0.28\n\n- Slash commands: Fix selector display during history navigation\n- Resizes images before upload to prevent API size limit errors\n- Added XDG_CONFIG_HOME support to configuration directory\n- Performance optimizations for memory usage\n- New attributes (terminal.type, language) in OpenTelemetry logging\n\n## 1.0.27\n\n- Streamable HTTP MCP servers are now supported\n- Remote MCP servers (SSE and HTTP) now support OAuth\n- MCP resources can now be @-mentioned\n- /resume slash command to switch conversations within Claude Code\n\n## 1.0.25\n\n- Slash commands: moved \"project\" and \"user\" prefixes to descriptions\n- Slash commands: improved reliability for command discovery\n- Improved support for Ghostty\n- Improved web search reliability\n\n## 1.0.24\n\n- Improved /mcp output\n- Fixed a bug where settings arrays got overwritten instead of merged\n\n## 1.0.23\n\n- Released TypeScript SDK: import @anthropic-ai/claude-code to get started\n- Released Python SDK: pip install claude-code-sdk to get started\n\n## 1.0.22\n\n- SDK: Renamed `total_cost` to `total_cost_usd`\n\n## 1.0.21\n\n- Improved editing of files with tab-based indentation\n- Fix for tool_use without matching tool_result errors\n- Fixed a bug where stdio MCP server processes would linger after quitting Claude Code\n\n## 1.0.18\n\n- Added --add-dir CLI argument for specifying additional working directories\n- Added streaming input support without require -p flag\n- Improved startup performance and session storage performance\n- Added CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR environment variable to freeze working directory for bash commands\n- Added detailed MCP server tools display (/mcp)\n- MCP authentication and permission improvements\n- Added auto-reconnection for MCP SSE connections on disconnect\n- Fixed issue where pasted content was lost when dialogs appeared\n\n## 1.0.17\n\n- We now emit messages from sub-tasks in -p mode (look for the parent_tool_use_id property)\n- Fixed crashes when the VS Code diff tool is invoked multiple times quickly\n- MCP server list UI improvements\n- Update Claude Code process title to display \"claude\" instead of \"node\"\n\n## 1.0.11\n\n- Claude Code can now also be used with a Claude Pro subscription\n- Added /upgrade for smoother switching to Claude Max plans\n- Improved UI for authentication from API keys and Bedrock/Vertex/external auth tokens\n- Improved shell configuration error handling\n- Improved todo list handling during compaction\n\n## 1.0.10\n\n- Added markdown table support\n- Improved streaming performance\n\n## 1.0.8\n\n- Fixed Vertex AI region fallback when using CLOUD_ML_REGION\n- Increased default otel interval from 1s -> 5s\n- Fixed edge cases where MCP_TIMEOUT and MCP_TOOL_TIMEOUT weren't being respected\n- Fixed a regression where search tools unnecessarily asked for permissions\n- Added support for triggering thinking non-English languages\n- Improved compacting UI\n\n## 1.0.7\n\n- Renamed /allowed-tools -> /permissions\n- Migrated allowedTools and ignorePatterns from .claude.json -> settings.json\n- Deprecated claude config commands in favor of editing settings.json\n- Fixed a bug where --dangerously-skip-permissions sometimes didn't work in --print mode\n- Improved error handling for /install-github-app\n- Bugfixes, UI polish, and tool reliability improvements\n\n## 1.0.6\n\n- Improved edit reliability for tab-indented files\n- Respect CLAUDE_CONFIG_DIR everywhere\n- Reduced unnecessary tool permission prompts\n- Added support for symlinks in @file typeahead\n- Bugfixes, UI polish, and tool reliability improvements\n\n## 1.0.4\n\n- Fixed a bug where MCP tool errors weren't being parsed correctly\n\n## 1.0.1\n\n- Added `DISABLE_INTERLEAVED_THINKING` to give users the option to opt out of interleaved thinking.\n- Improved model references to show provider-specific names (Sonnet 3.7 for Bedrock, Sonnet 4 for Console)\n- Updated documentation links and OAuth process descriptions\n\n## 1.0.0\n\n- Claude Code is now generally available\n- Introducing Sonnet 4 and Opus 4 models\n\n## 0.2.125\n\n- Breaking change: Bedrock ARN passed to `ANTHROPIC_MODEL` or `ANTHROPIC_SMALL_FAST_MODEL` should no longer contain an escaped slash (specify `/` instead of `%2F`)\n- Removed `DEBUG=true` in favor of `ANTHROPIC_LOG=debug`, to log all requests\n\n## 0.2.117\n\n- Breaking change: --print JSON output now returns nested message objects, for forwards-compatibility as we introduce new metadata fields\n- Introduced settings.cleanupPeriodDays\n- Introduced CLAUDE_CODE_API_KEY_HELPER_TTL_MS env var\n- Introduced --debug mode\n\n## 0.2.108\n\n- You can now send messages to Claude while it works to steer Claude in real-time\n- Introduced BASH_DEFAULT_TIMEOUT_MS and BASH_MAX_TIMEOUT_MS env vars\n- Fixed a bug where thinking was not working in -p mode\n- Fixed a regression in /cost reporting\n- Deprecated MCP wizard interface in favor of other MCP commands\n- Lots of other bugfixes and improvements\n\n## 0.2.107\n\n- CLAUDE.md files can now import other files. Add @path/to/file.md to ./CLAUDE.md to load additional files on launch\n\n## 0.2.106\n\n- MCP SSE server configs can now specify custom headers\n- Fixed a bug where MCP permission prompt didn't always show correctly\n\n## 0.2.105\n\n- Claude can now search the web\n- Moved system & account status to /status\n- Added word movement keybindings for Vim\n- Improved latency for startup, todo tool, and file edits\n\n## 0.2.102\n\n- Improved thinking triggering reliability\n- Improved @mention reliability for images and folders\n- You can now paste multiple large chunks into one prompt\n\n## 0.2.100\n\n- Fixed a crash caused by a stack overflow error\n- Made db storage optional; missing db support disables --continue and --resume\n\n## 0.2.98\n\n- Fixed an issue where auto-compact was running twice\n\n## 0.2.96\n\n- Claude Code can now also be used with a Claude Max subscription (https://claude.ai/upgrade)\n\n## 0.2.93\n\n- Resume conversations from where you left off from with \"claude --continue\" and \"claude --resume\"\n- Claude now has access to a Todo list that helps it stay on track and be more organized\n\n## 0.2.82\n\n- Added support for --disallowedTools\n- Renamed tools for consistency: LSTool -> LS, View -> Read, etc.\n\n## 0.2.75\n\n- Hit Enter to queue up additional messages while Claude is working\n- Drag in or copy/paste image files directly into the prompt\n- @-mention files to directly add them to context\n- Run one-off MCP servers with `claude --mcp-config `\n- Improved performance for filename auto-complete\n\n## 0.2.74\n\n- Added support for refreshing dynamically generated API keys (via apiKeyHelper), with a 5 minute TTL\n- Task tool can now perform writes and run bash commands\n\n## 0.2.72\n\n- Updated spinner to indicate tokens loaded and tool usage\n\n## 0.2.70\n\n- Network commands like curl are now available for Claude to use\n- Claude can now run multiple web queries in parallel\n- Pressing ESC once immediately interrupts Claude in Auto-accept mode\n\n## 0.2.69\n\n- Fixed UI glitches with improved Select component behavior\n- Enhanced terminal output display with better text truncation logic\n\n## 0.2.67\n\n- Shared project permission rules can be saved in .claude/settings.json\n\n## 0.2.66\n\n- Print mode (-p) now supports streaming output via --output-format=stream-json\n- Fixed issue where pasting could trigger memory or bash mode unexpectedly\n\n## 0.2.63\n\n- Fixed an issue where MCP tools were loaded twice, which caused tool call errors\n\n## 0.2.61\n\n- Navigate menus with vim-style keys (j/k) or bash/emacs shortcuts (Ctrl+n/p) for faster interaction\n- Enhanced image detection for more reliable clipboard paste functionality\n- Fixed an issue where ESC key could crash the conversation history selector\n\n## 0.2.59\n\n- Copy+paste images directly into your prompt\n- Improved progress indicators for bash and fetch tools\n- Bugfixes for non-interactive mode (-p)\n\n## 0.2.54\n\n- Quickly add to Memory by starting your message with '#'\n- Press ctrl+r to see full output for long tool results\n- Added support for MCP SSE transport\n\n## 0.2.53\n\n- New web fetch tool lets Claude view URLs that you paste in\n- Fixed a bug with JPEG detection\n\n## 0.2.50\n\n- New MCP \"project\" scope now allows you to add MCP servers to .mcp.json files and commit them to your repository\n\n## 0.2.49\n\n- Previous MCP server scopes have been renamed: previous \"project\" scope is now \"local\" and \"global\" scope is now \"user\"\n\n## 0.2.47\n\n- Press Tab to auto-complete file and folder names\n- Press Shift + Tab to toggle auto-accept for file edits\n- Automatic conversation compaction for infinite conversation length (toggle with /config)\n\n## 0.2.44\n\n- Ask Claude to make a plan with thinking mode: just say 'think' or 'think harder' or even 'ultrathink'\n\n## 0.2.41\n\n- MCP server startup timeout can now be configured via MCP_TIMEOUT environment variable\n- MCP server startup no longer blocks the app from starting up\n\n## 0.2.37\n\n- New /release-notes command lets you view release notes at any time\n- `claude config add/remove` commands now accept multiple values separated by commas or spaces\n\n## 0.2.36\n\n- Import MCP servers from Claude Desktop with `claude mcp add-from-claude-desktop`\n- Add MCP servers as JSON strings with `claude mcp add-json `\n\n## 0.2.34\n\n- Vim bindings for text input - enable with /vim or /config\n\n## 0.2.32\n\n- Interactive MCP setup wizard: Run \"claude mcp add\" to add MCP servers with a step-by-step interface\n- Fix for some PersistentShell issues\n\n## 0.2.31\n\n- Custom slash commands: Markdown files in .claude/commands/ directories now appear as custom slash commands to insert prompts into your conversation\n- MCP debug mode: Run with --mcp-debug flag to get more information about MCP server errors\n\n## 0.2.30\n\n- Added ANSI color theme for better terminal compatibility\n- Fixed issue where slash command arguments weren't being sent properly\n- (Mac-only) API keys are now stored in macOS Keychain\n\n## 0.2.26\n\n- New /approved-tools command for managing tool permissions\n- Word-level diff display for improved code readability\n- Fuzzy matching for slash commands\n\n## 0.2.21\n\n- Fuzzy matching for /commands\n", - "changelogLastFetched": 1759837425916, - "oauthAccount": { - "accountUuid": "b934c163-216b-46ec-bb38-15cf1217535b", - "emailAddress": "1hundredhz@gmail.com", - "organizationUuid": "f474a499-f0bc-4bbb-9fca-5fcf55d8d86f", - "displayName": "Valknar", - "organizationBillingType": "stripe_subscription", - "organizationRole": "admin", - "workspaceRole": null, - "organizationName": "1hundredhz@gmail.com's Organization" - }, - "claudeCodeFirstTokenDate": "2025-10-07T11:43:24.567449Z", - "hasCompletedOnboarding": true, - "lastOnboardingVersion": "2.0.9", - "projects": { - "/home/valknar/Apps/claude-desktop-debian": { - "allowedTools": [], - "history": [ - { - "display": "/exit", - "pastedContents": {} - }, - { - "display": "/init ", - "pastedContents": {} - }, - { - "display": "/exit", - "pastedContents": {} - } - ], - "mcpContextUris": [], - "mcpServers": {}, - "enabledMcpjsonServers": [], - "disabledMcpjsonServers": [], - "hasTrustDialogAccepted": true, - "ignorePatterns": [], - "projectOnboardingSeenCount": 3, - "hasClaudeMdExternalIncludesApproved": false, - "hasClaudeMdExternalIncludesWarningShown": false, - "exampleFiles": [ - "README.md", - "build.sh", - "build-deb.sh", - "main-push.yml", - "ci.yml" - ], - "lastTotalWebSearchRequests": 0, - "exampleFilesGeneratedAt": 1759837462041, - "lastCost": 0.27125489999999997, - "lastAPIDuration": 86796, - "lastToolDuration": 2804, - "lastDuration": 148331, - "lastLinesAdded": 0, - "lastLinesRemoved": 0, - "lastTotalInputTokens": 13094, - "lastTotalOutputTokens": 3784, - "lastTotalCacheCreationInputTokens": 38232, - "lastTotalCacheReadInputTokens": 128385, - "lastSessionId": "d293b4aa-0953-452e-8605-265b430280be" - }, - "/home/valknar": { - "allowedTools": [], - "history": [ - { - "display": "Create a new", - "pastedContents": {} - }, - { - "display": "/exit", - "pastedContents": {} - }, - { - "display": "/init ", - "pastedContents": {} - } - ], - "mcpContextUris": [], - "mcpServers": { - "filesystem": { - "type": "stdio", - "command": "pnpm", - "args": ["mcp-server-filesystem", "repos/compose"], - "env": {} - } - }, - "enabledMcpjsonServers": [], - "disabledMcpjsonServers": [], - "hasTrustDialogAccepted": true, - "ignorePatterns": [], - "projectOnboardingSeenCount": 1, - "hasClaudeMdExternalIncludesApproved": false, - "hasClaudeMdExternalIncludesWarningShown": false, - "exampleFiles": [], - "hasCompletedProjectOnboarding": true, - "lastTotalWebSearchRequests": 0, - "lastCost": 0.024666849999999997, - "lastAPIDuration": 8342, - "lastToolDuration": 0, - "lastDuration": 550590, - "lastLinesAdded": 0, - "lastLinesRemoved": 0, - "lastTotalInputTokens": 598, - "lastTotalOutputTokens": 98, - "lastTotalCacheCreationInputTokens": 5375, - "lastTotalCacheReadInputTokens": 11518, - "lastSessionId": "6f2214bc-384e-45bf-83c9-28390933589e" - } - }, - "hasOpusPlanDefault": false, - "lastReleaseNotesSeen": "2.0.9", - "s1mAccessCache": { - "f474a499-f0bc-4bbb-9fca-5fcf55d8d86f": { - "hasAccess": false, - "hasAccessNotAsDefault": false, - "timestamp": 1759837453920 - } - }, - "isQualifiedForDataSharing": false, - "fallbackAvailableWarningThreshold": 0.5 -} + "numStartups": 6, + "installMethod": "global", + "autoUpdates": true, + "tipsHistory": { + "new-user-warmup": 1, + "plan-mode-for-complex-tasks": 3, + "terminal-setup": 3, + "memory-command": 4, + "theme-command": 4, + "status-line": 4, + "prompt-queue": 5, + "enter-to-steer-in-relatime": 5, + "shift-enter": 6, + "todo-list": 6 + }, + "cachedStatsigGates": { + "tengu_disable_bypass_permissions_mode": false, + "tengu_use_file_checkpoints": true + }, + "firstStartTime": "2025-10-07T11:42:53.324Z", + "userID": "6dcc049650f0bd574d22530cdaefd1ad77a087fd423b1e2b211d5d5de6c73ec9", + "sonnet45MigrationComplete": true, + "cachedChangelog": "# Changelog\n\n## 2.0.9\n\n- Fix regression where bash backgrounding stopped working\n\n## 2.0.8\n\n- Update Bedrock default Sonnet model to `global.anthropic.claude-sonnet-4-5-20250929-v1:0`\n- IDE: Add drag-and-drop support for files and folders in chat\n- /context: Fix counting for thinking blocks\n- Improve message rendering for users with light themes on dark terminals\n- Remove deprecated .claude.json allowedTools, ignorePatterns, env, and todoFeatureEnabled config options (instead, configure these in your settings.json)\n\n## 2.0.5\n\n- IDE: Fix IME unintended message submission with Enter and Tab\n- IDE: Add \"Open in Terminal\" link in login screen\n- Fix unhandled OAuth expiration 401 API errors\n- SDK: Added SDKUserMessageReplay.isReplay to prevent duplicate messages\n\n## 2.0.1\n\n- Skip Sonnet 4.5 default model setting change for Bedrock and Vertex\n- Various bug fixes and presentation improvements\n\n## 2.0.0\n\n- New native VS Code extension\n- Fresh coat of paint throughout the whole app\n- /rewind a conversation to undo code changes\n- /usage command to see plan limits\n- Tab to toggle thinking (sticky across sessions)\n- Ctrl-R to search history\n- Unshipped claude config command\n- Hooks: Reduced PostToolUse 'tool_use' ids were found without 'tool_result' blocks errors\n- SDK: The Claude Code SDK is now the Claude Agent SDK\n- Add subagents dynamically with `--agents` flag\n\n## 1.0.126\n\n- Enable /context command for Bedrock and Vertex\n- Add mTLS support for HTTP-based OpenTelemetry exporters\n\n## 1.0.124\n\n- Set `CLAUDE_BASH_NO_LOGIN` environment variable to 1 or true to to skip login shell for BashTool\n- Fix Bedrock and Vertex environment variables evaluating all strings as truthy\n- No longer inform Claude of the list of allowed tools when permission is denied\n- Fixed security vulnerability in Bash tool permission checks\n- Improved VSCode extension performance for large files\n\n## 1.0.123\n\n- Bash permission rules now support output redirections when matching (e.g., `Bash(python:*)` matches `python script.py > output.txt`)\n- Fixed thinking mode triggering on negation phrases like \"don't think\"\n- Fixed rendering performance degradation during token streaming\n- Added SlashCommand tool, which enables Claude to invoke your slash commands. https://docs.claude.com/en/docs/claude-code/slash-commands#SlashCommand-tool\n- Enhanced BashTool environment snapshot logging\n- Fixed a bug where resuming a conversation in headless mode would sometimes enable thinking unnecessarily\n- Migrated --debug logging to a file, to enable easy tailing & filtering\n\n## 1.0.120\n\n- Fix input lag during typing, especially noticeable with large prompts\n- Improved VSCode extension command registry and sessions dialog user experience\n- Enhanced sessions dialog responsiveness and visual feedback\n- Fixed IDE compatibility issue by removing worktree support check\n- Fixed security vulnerability where Bash tool permission checks could be bypassed using prefix matching\n\n## 1.0.119\n\n- Fix Windows issue where process visually freezes on entering interactive mode\n- Support dynamic headers for MCP servers via headersHelper configuration\n- Fix thinking mode not working in headless sessions\n- Fix slash commands now properly update allowed tools instead of replacing them\n\n## 1.0.117\n\n- Add Ctrl-R history search to recall previous commands like bash/zsh\n- Fix input lag while typing, especially on Windows\n- Add sed command to auto-allowed commands in acceptEdits mode\n- Fix Windows PATH comparison to be case-insensitive for drive letters\n- Add permissions management hint to /add-dir output\n\n## 1.0.115\n\n- Improve thinking mode display with enhanced visual effects\n- Type /t to temporarily disable thinking mode in your prompt\n- Improve path validation for glob and grep tools\n- Show condensed output for post-tool hooks to reduce visual clutter\n- Fix visual feedback when loading state completes\n- Improve UI consistency for permission request dialogs\n\n## 1.0.113\n\n- Deprecated piped input in interactive mode\n- Move Ctrl+R keybinding for toggling transcript to Ctrl+O\n\n## 1.0.112\n\n- Transcript mode (Ctrl+R): Added the model used to generate each assistant message\n- Addressed issue where some Claude Max users were incorrectly recognized as Claude Pro users\n- Hooks: Added systemMessage support for SessionEnd hooks\n- Added `spinnerTipsEnabled` setting to disable spinner tips\n- IDE: Various improvements and bug fixes\n\n## 1.0.111\n\n- /model now validates provided model names\n- Fixed Bash tool crashes caused by malformed shell syntax parsing\n\n## 1.0.110\n\n- /terminal-setup command now supports WezTerm\n- MCP: OAuth tokens now proactively refresh before expiration\n- Fixed reliability issues with background Bash processes\n\n## 1.0.109\n\n- SDK: Added partial message streaming support via `--include-partial-messages` CLI flag\n\n## 1.0.106\n\n- Windows: Fixed path permission matching to consistently use POSIX format (e.g., `Read(//c/Users/...)`)\n\n## 1.0.97\n\n- Settings: /doctor now validates permission rule syntax and suggests corrections\n\n## 1.0.94\n\n- Vertex: add support for global endpoints for supported models\n- /memory command now allows direct editing of all imported memory files\n- SDK: Add custom tools as callbacks\n- Added /todos command to list current todo items\n\n## 1.0.93\n\n- Windows: Add alt + v shortcut for pasting images from clipboard\n- Support NO_PROXY environment variable to bypass proxy for specified hostnames and IPs\n\n## 1.0.90\n\n- Settings file changes take effect immediately - no restart required\n\n## 1.0.88\n\n- Fixed issue causing \"OAuth authentication is currently not supported\"\n- Status line input now includes `exceeds_200k_tokens`\n- Fixed incorrect usage tracking in /cost.\n- Introduced `ANTHROPIC_DEFAULT_SONNET_MODEL` and `ANTHROPIC_DEFAULT_OPUS_MODEL` for controlling model aliases opusplan, opus, and sonnet.\n- Bedrock: Updated default Sonnet model to Sonnet 4\n\n## 1.0.86\n\n- Added /context to help users self-serve debug context issues\n- SDK: Added UUID support for all SDK messages\n- SDK: Added `--replay-user-messages` to replay user messages back to stdout\n\n## 1.0.85\n\n- Status line input now includes session cost info\n- Hooks: Introduced SessionEnd hook\n\n## 1.0.84\n\n- Fix tool_use/tool_result id mismatch error when network is unstable\n- Fix Claude sometimes ignoring real-time steering when wrapping up a task\n- @-mention: Add ~/.claude/\\* files to suggestions for easier agent, output style, and slash command editing\n- Use built-in ripgrep by default; to opt out of this behavior, set USE_BUILTIN_RIPGREP=0\n\n## 1.0.83\n\n- @-mention: Support files with spaces in path\n- New shimmering spinner\n\n## 1.0.82\n\n- SDK: Add request cancellation support\n- SDK: New additionalDirectories option to search custom paths, improved slash command processing\n- Settings: Validation prevents invalid fields in .claude/settings.json files\n- MCP: Improve tool name consistency\n- Bash: Fix crash when Claude tries to automatically read large files\n\n## 1.0.81\n\n- Released output styles, including new built-in educational output styles \"Explanatory\" and \"Learning\". Docs: https://docs.claude.com/en/docs/claude-code/output-styles\n- Agents: Fix custom agent loading when agent files are unparsable\n\n## 1.0.80\n\n- UI improvements: Fix text contrast for custom subagent colors and spinner rendering issues\n\n## 1.0.77\n\n- Bash tool: Fix heredoc and multiline string escaping, improve stderr redirection handling\n- SDK: Add session support and permission denial tracking\n- Fix token limit errors in conversation summarization\n- Opus Plan Mode: New setting in `/model` to run Opus only in plan mode, Sonnet otherwise\n\n## 1.0.73\n\n- MCP: Support multiple config files with `--mcp-config file1.json file2.json`\n- MCP: Press Esc to cancel OAuth authentication flows\n- Bash: Improved command validation and reduced false security warnings\n- UI: Enhanced spinner animations and status line visual hierarchy\n- Linux: Added support for Alpine and musl-based distributions (requires separate ripgrep installation)\n\n## 1.0.72\n\n- Ask permissions: have Claude Code always ask for confirmation to use specific tools with /permissions\n\n## 1.0.71\n\n- Background commands: (Ctrl-b) to run any Bash command in the background so Claude can keep working (great for dev servers, tailing logs, etc.)\n- Customizable status line: add your terminal prompt to Claude Code with /statusline\n\n## 1.0.70\n\n- Performance: Optimized message rendering for better performance with large contexts\n- Windows: Fixed native file search, ripgrep, and subagent functionality\n- Added support for @-mentions in slash command arguments\n\n## 1.0.69\n\n- Upgraded Opus to version 4.1\n\n## 1.0.68\n\n- Fix incorrect model names being used for certain commands like `/pr-comments`\n- Windows: improve permissions checks for allow / deny tools and project trust. This may create a new project entry in `.claude.json` - manually merge the history field if desired.\n- Windows: improve sub-process spawning to eliminate \"No such file or directory\" when running commands like pnpm\n- Enhanced /doctor command with CLAUDE.md and MCP tool context for self-serve debugging\n- SDK: Added canUseTool callback support for tool confirmation\n- Added `disableAllHooks` setting\n- Improved file suggestions performance in large repos\n\n## 1.0.65\n\n- IDE: Fixed connection stability issues and error handling for diagnostics\n- Windows: Fixed shell environment setup for users without .bashrc files\n\n## 1.0.64\n\n- Agents: Added model customization support - you can now specify which model an agent should use\n- Agents: Fixed unintended access to the recursive agent tool\n- Hooks: Added systemMessage field to hook JSON output for displaying warnings and context\n- SDK: Fixed user input tracking across multi-turn conversations\n- Added hidden files to file search and @-mention suggestions\n\n## 1.0.63\n\n- Windows: Fixed file search, @agent mentions, and custom slash commands functionality\n\n## 1.0.62\n\n- Added @-mention support with typeahead for custom agents. @ to invoke it\n- Hooks: Added SessionStart hook for new session initialization\n- /add-dir command now supports typeahead for directory paths\n- Improved network connectivity check reliability\n\n## 1.0.61\n\n- Transcript mode (Ctrl+R): Changed Esc to exit transcript mode rather than interrupt\n- Settings: Added `--settings` flag to load settings from a JSON file\n- Settings: Fixed resolution of settings files paths that are symlinks\n- OTEL: Fixed reporting of wrong organization after authentication changes\n- Slash commands: Fixed permissions checking for allowed-tools with Bash\n- IDE: Added support for pasting images in VSCode MacOS using ⌘+V\n- IDE: Added `CLAUDE_CODE_AUTO_CONNECT_IDE=false` for disabling IDE auto-connection\n- Added `CLAUDE_CODE_SHELL_PREFIX` for wrapping Claude and user-provided shell commands run by Claude Code\n\n## 1.0.60\n\n- You can now create custom subagents for specialized tasks! Run /agents to get started\n\n## 1.0.59\n\n- SDK: Added tool confirmation support with canUseTool callback\n- SDK: Allow specifying env for spawned process\n- Hooks: Exposed PermissionDecision to hooks (including \"ask\")\n- Hooks: UserPromptSubmit now supports additionalContext in advanced JSON output\n- Fixed issue where some Max users that specified Opus would still see fallback to Sonnet\n\n## 1.0.58\n\n- Added support for reading PDFs\n- MCP: Improved server health status display in 'claude mcp list'\n- Hooks: Added CLAUDE_PROJECT_DIR env var for hook commands\n\n## 1.0.57\n\n- Added support for specifying a model in slash commands\n- Improved permission messages to help Claude understand allowed tools\n- Fix: Remove trailing newlines from bash output in terminal wrapping\n\n## 1.0.56\n\n- Windows: Enabled shift+tab for mode switching on versions of Node.js that support terminal VT mode\n- Fixes for WSL IDE detection\n- Fix an issue causing awsRefreshHelper changes to .aws directory not to be picked up\n\n## 1.0.55\n\n- Clarified knowledge cutoff for Opus 4 and Sonnet 4 models\n- Windows: fixed Ctrl+Z crash\n- SDK: Added ability to capture error logging\n- Add --system-prompt-file option to override system prompt in print mode\n\n## 1.0.54\n\n- Hooks: Added UserPromptSubmit hook and the current working directory to hook inputs\n- Custom slash commands: Added argument-hint to frontmatter\n- Windows: OAuth uses port 45454 and properly constructs browser URL\n- Windows: mode switching now uses alt + m, and plan mode renders properly\n- Shell: Switch to in-memory shell snapshot to fix file-related errors\n\n## 1.0.53\n\n- Updated @-mention file truncation from 100 lines to 2000 lines\n- Add helper script settings for AWS token refresh: awsAuthRefresh (for foreground operations like aws sso login) and awsCredentialExport (for background operation with STS-like response).\n\n## 1.0.52\n\n- Added support for MCP server instructions\n\n## 1.0.51\n\n- Added support for native Windows (requires Git for Windows)\n- Added support for Bedrock API keys through environment variable AWS_BEARER_TOKEN_BEDROCK\n- Settings: /doctor can now help you identify and fix invalid setting files\n- `--append-system-prompt` can now be used in interactive mode, not just --print/-p.\n- Increased auto-compact warning threshold from 60% to 80%\n- Fixed an issue with handling user directories with spaces for shell snapshots\n- OTEL resource now includes os.type, os.version, host.arch, and wsl.version (if running on Windows Subsystem for Linux)\n- Custom slash commands: Fixed user-level commands in subdirectories\n- Plan mode: Fixed issue where rejected plan from sub-task would get discarded\n\n## 1.0.48\n\n- Fixed a bug in v1.0.45 where the app would sometimes freeze on launch\n- Added progress messages to Bash tool based on the last 5 lines of command output\n- Added expanding variables support for MCP server configuration\n- Moved shell snapshots from /tmp to ~/.claude for more reliable Bash tool calls\n- Improved IDE extension path handling when Claude Code runs in WSL\n- Hooks: Added a PreCompact hook\n- Vim mode: Added c, f/F, t/T\n\n## 1.0.45\n\n- Redesigned Search (Grep) tool with new tool input parameters and features\n- Disabled IDE diffs for notebook files, fixing \"Timeout waiting after 1000ms\" error\n- Fixed config file corruption issue by enforcing atomic writes\n- Updated prompt input undo to Ctrl+\\_ to avoid breaking existing Ctrl+U behavior, matching zsh's undo shortcut\n- Stop Hooks: Fixed transcript path after /clear and fixed triggering when loop ends with tool call\n- Custom slash commands: Restored namespacing in command names based on subdirectories. For example, .claude/commands/frontend/component.md is now /frontend:component, not /component.\n\n## 1.0.44\n\n- New /export command lets you quickly export a conversation for sharing\n- MCP: resource_link tool results are now supported\n- MCP: tool annotations and tool titles now display in /mcp view\n- Changed Ctrl+Z to suspend Claude Code. Resume by running `fg`. Prompt input undo is now Ctrl+U.\n\n## 1.0.43\n\n- Fixed a bug where the theme selector was saving excessively\n- Hooks: Added EPIPE system error handling\n\n## 1.0.42\n\n- Added tilde (`~`) expansion support to `/add-dir` command\n\n## 1.0.41\n\n- Hooks: Split Stop hook triggering into Stop and SubagentStop\n- Hooks: Enabled optional timeout configuration for each command\n- Hooks: Added \"hook_event_name\" to hook input\n- Fixed a bug where MCP tools would display twice in tool list\n- New tool parameters JSON for Bash tool in `tool_decision` event\n\n## 1.0.40\n\n- Fixed a bug causing API connection errors with UNABLE_TO_GET_ISSUER_CERT_LOCALLY if `NODE_EXTRA_CA_CERTS` was set\n\n## 1.0.39\n\n- New Active Time metric in OpenTelemetry logging\n\n## 1.0.38\n\n- Released hooks. Special thanks to community input in https://github.com/anthropics/claude-code/issues/712. Docs: https://docs.claude.com/en/docs/claude-code/hooks\n\n## 1.0.37\n\n- Remove ability to set `Proxy-Authorization` header via ANTHROPIC_AUTH_TOKEN or apiKeyHelper\n\n## 1.0.36\n\n- Web search now takes today's date into context\n- Fixed a bug where stdio MCP servers were not terminating properly on exit\n\n## 1.0.35\n\n- Added support for MCP OAuth Authorization Server discovery\n\n## 1.0.34\n\n- Fixed a memory leak causing a MaxListenersExceededWarning message to appear\n\n## 1.0.33\n\n- Improved logging functionality with session ID support\n- Added prompt input undo functionality (Ctrl+Z and vim 'u' command)\n- Improvements to plan mode\n\n## 1.0.32\n\n- Updated loopback config for litellm\n- Added forceLoginMethod setting to bypass login selection screen\n\n## 1.0.31\n\n- Fixed a bug where ~/.claude.json would get reset when file contained invalid JSON\n\n## 1.0.30\n\n- Custom slash commands: Run bash output, @-mention files, enable thinking with thinking keywords\n- Improved file path autocomplete with filename matching\n- Added timestamps in Ctrl-r mode and fixed Ctrl-c handling\n- Enhanced jq regex support for complex filters with pipes and select\n\n## 1.0.29\n\n- Improved CJK character support in cursor navigation and rendering\n\n## 1.0.28\n\n- Slash commands: Fix selector display during history navigation\n- Resizes images before upload to prevent API size limit errors\n- Added XDG_CONFIG_HOME support to configuration directory\n- Performance optimizations for memory usage\n- New attributes (terminal.type, language) in OpenTelemetry logging\n\n## 1.0.27\n\n- Streamable HTTP MCP servers are now supported\n- Remote MCP servers (SSE and HTTP) now support OAuth\n- MCP resources can now be @-mentioned\n- /resume slash command to switch conversations within Claude Code\n\n## 1.0.25\n\n- Slash commands: moved \"project\" and \"user\" prefixes to descriptions\n- Slash commands: improved reliability for command discovery\n- Improved support for Ghostty\n- Improved web search reliability\n\n## 1.0.24\n\n- Improved /mcp output\n- Fixed a bug where settings arrays got overwritten instead of merged\n\n## 1.0.23\n\n- Released TypeScript SDK: import @anthropic-ai/claude-code to get started\n- Released Python SDK: pip install claude-code-sdk to get started\n\n## 1.0.22\n\n- SDK: Renamed `total_cost` to `total_cost_usd`\n\n## 1.0.21\n\n- Improved editing of files with tab-based indentation\n- Fix for tool_use without matching tool_result errors\n- Fixed a bug where stdio MCP server processes would linger after quitting Claude Code\n\n## 1.0.18\n\n- Added --add-dir CLI argument for specifying additional working directories\n- Added streaming input support without require -p flag\n- Improved startup performance and session storage performance\n- Added CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR environment variable to freeze working directory for bash commands\n- Added detailed MCP server tools display (/mcp)\n- MCP authentication and permission improvements\n- Added auto-reconnection for MCP SSE connections on disconnect\n- Fixed issue where pasted content was lost when dialogs appeared\n\n## 1.0.17\n\n- We now emit messages from sub-tasks in -p mode (look for the parent_tool_use_id property)\n- Fixed crashes when the VS Code diff tool is invoked multiple times quickly\n- MCP server list UI improvements\n- Update Claude Code process title to display \"claude\" instead of \"node\"\n\n## 1.0.11\n\n- Claude Code can now also be used with a Claude Pro subscription\n- Added /upgrade for smoother switching to Claude Max plans\n- Improved UI for authentication from API keys and Bedrock/Vertex/external auth tokens\n- Improved shell configuration error handling\n- Improved todo list handling during compaction\n\n## 1.0.10\n\n- Added markdown table support\n- Improved streaming performance\n\n## 1.0.8\n\n- Fixed Vertex AI region fallback when using CLOUD_ML_REGION\n- Increased default otel interval from 1s -> 5s\n- Fixed edge cases where MCP_TIMEOUT and MCP_TOOL_TIMEOUT weren't being respected\n- Fixed a regression where search tools unnecessarily asked for permissions\n- Added support for triggering thinking non-English languages\n- Improved compacting UI\n\n## 1.0.7\n\n- Renamed /allowed-tools -> /permissions\n- Migrated allowedTools and ignorePatterns from .claude.json -> settings.json\n- Deprecated claude config commands in favor of editing settings.json\n- Fixed a bug where --dangerously-skip-permissions sometimes didn't work in --print mode\n- Improved error handling for /install-github-app\n- Bugfixes, UI polish, and tool reliability improvements\n\n## 1.0.6\n\n- Improved edit reliability for tab-indented files\n- Respect CLAUDE_CONFIG_DIR everywhere\n- Reduced unnecessary tool permission prompts\n- Added support for symlinks in @file typeahead\n- Bugfixes, UI polish, and tool reliability improvements\n\n## 1.0.4\n\n- Fixed a bug where MCP tool errors weren't being parsed correctly\n\n## 1.0.1\n\n- Added `DISABLE_INTERLEAVED_THINKING` to give users the option to opt out of interleaved thinking.\n- Improved model references to show provider-specific names (Sonnet 3.7 for Bedrock, Sonnet 4 for Console)\n- Updated documentation links and OAuth process descriptions\n\n## 1.0.0\n\n- Claude Code is now generally available\n- Introducing Sonnet 4 and Opus 4 models\n\n## 0.2.125\n\n- Breaking change: Bedrock ARN passed to `ANTHROPIC_MODEL` or `ANTHROPIC_SMALL_FAST_MODEL` should no longer contain an escaped slash (specify `/` instead of `%2F`)\n- Removed `DEBUG=true` in favor of `ANTHROPIC_LOG=debug`, to log all requests\n\n## 0.2.117\n\n- Breaking change: --print JSON output now returns nested message objects, for forwards-compatibility as we introduce new metadata fields\n- Introduced settings.cleanupPeriodDays\n- Introduced CLAUDE_CODE_API_KEY_HELPER_TTL_MS env var\n- Introduced --debug mode\n\n## 0.2.108\n\n- You can now send messages to Claude while it works to steer Claude in real-time\n- Introduced BASH_DEFAULT_TIMEOUT_MS and BASH_MAX_TIMEOUT_MS env vars\n- Fixed a bug where thinking was not working in -p mode\n- Fixed a regression in /cost reporting\n- Deprecated MCP wizard interface in favor of other MCP commands\n- Lots of other bugfixes and improvements\n\n## 0.2.107\n\n- CLAUDE.md files can now import other files. Add @path/to/file.md to ./CLAUDE.md to load additional files on launch\n\n## 0.2.106\n\n- MCP SSE server configs can now specify custom headers\n- Fixed a bug where MCP permission prompt didn't always show correctly\n\n## 0.2.105\n\n- Claude can now search the web\n- Moved system & account status to /status\n- Added word movement keybindings for Vim\n- Improved latency for startup, todo tool, and file edits\n\n## 0.2.102\n\n- Improved thinking triggering reliability\n- Improved @mention reliability for images and folders\n- You can now paste multiple large chunks into one prompt\n\n## 0.2.100\n\n- Fixed a crash caused by a stack overflow error\n- Made db storage optional; missing db support disables --continue and --resume\n\n## 0.2.98\n\n- Fixed an issue where auto-compact was running twice\n\n## 0.2.96\n\n- Claude Code can now also be used with a Claude Max subscription (https://claude.ai/upgrade)\n\n## 0.2.93\n\n- Resume conversations from where you left off from with \"claude --continue\" and \"claude --resume\"\n- Claude now has access to a Todo list that helps it stay on track and be more organized\n\n## 0.2.82\n\n- Added support for --disallowedTools\n- Renamed tools for consistency: LSTool -> LS, View -> Read, etc.\n\n## 0.2.75\n\n- Hit Enter to queue up additional messages while Claude is working\n- Drag in or copy/paste image files directly into the prompt\n- @-mention files to directly add them to context\n- Run one-off MCP servers with `claude --mcp-config `\n- Improved performance for filename auto-complete\n\n## 0.2.74\n\n- Added support for refreshing dynamically generated API keys (via apiKeyHelper), with a 5 minute TTL\n- Task tool can now perform writes and run bash commands\n\n## 0.2.72\n\n- Updated spinner to indicate tokens loaded and tool usage\n\n## 0.2.70\n\n- Network commands like curl are now available for Claude to use\n- Claude can now run multiple web queries in parallel\n- Pressing ESC once immediately interrupts Claude in Auto-accept mode\n\n## 0.2.69\n\n- Fixed UI glitches with improved Select component behavior\n- Enhanced terminal output display with better text truncation logic\n\n## 0.2.67\n\n- Shared project permission rules can be saved in .claude/settings.json\n\n## 0.2.66\n\n- Print mode (-p) now supports streaming output via --output-format=stream-json\n- Fixed issue where pasting could trigger memory or bash mode unexpectedly\n\n## 0.2.63\n\n- Fixed an issue where MCP tools were loaded twice, which caused tool call errors\n\n## 0.2.61\n\n- Navigate menus with vim-style keys (j/k) or bash/emacs shortcuts (Ctrl+n/p) for faster interaction\n- Enhanced image detection for more reliable clipboard paste functionality\n- Fixed an issue where ESC key could crash the conversation history selector\n\n## 0.2.59\n\n- Copy+paste images directly into your prompt\n- Improved progress indicators for bash and fetch tools\n- Bugfixes for non-interactive mode (-p)\n\n## 0.2.54\n\n- Quickly add to Memory by starting your message with '#'\n- Press ctrl+r to see full output for long tool results\n- Added support for MCP SSE transport\n\n## 0.2.53\n\n- New web fetch tool lets Claude view URLs that you paste in\n- Fixed a bug with JPEG detection\n\n## 0.2.50\n\n- New MCP \"project\" scope now allows you to add MCP servers to .mcp.json files and commit them to your repository\n\n## 0.2.49\n\n- Previous MCP server scopes have been renamed: previous \"project\" scope is now \"local\" and \"global\" scope is now \"user\"\n\n## 0.2.47\n\n- Press Tab to auto-complete file and folder names\n- Press Shift + Tab to toggle auto-accept for file edits\n- Automatic conversation compaction for infinite conversation length (toggle with /config)\n\n## 0.2.44\n\n- Ask Claude to make a plan with thinking mode: just say 'think' or 'think harder' or even 'ultrathink'\n\n## 0.2.41\n\n- MCP server startup timeout can now be configured via MCP_TIMEOUT environment variable\n- MCP server startup no longer blocks the app from starting up\n\n## 0.2.37\n\n- New /release-notes command lets you view release notes at any time\n- `claude config add/remove` commands now accept multiple values separated by commas or spaces\n\n## 0.2.36\n\n- Import MCP servers from Claude Desktop with `claude mcp add-from-claude-desktop`\n- Add MCP servers as JSON strings with `claude mcp add-json `\n\n## 0.2.34\n\n- Vim bindings for text input - enable with /vim or /config\n\n## 0.2.32\n\n- Interactive MCP setup wizard: Run \"claude mcp add\" to add MCP servers with a step-by-step interface\n- Fix for some PersistentShell issues\n\n## 0.2.31\n\n- Custom slash commands: Markdown files in .claude/commands/ directories now appear as custom slash commands to insert prompts into your conversation\n- MCP debug mode: Run with --mcp-debug flag to get more information about MCP server errors\n\n## 0.2.30\n\n- Added ANSI color theme for better terminal compatibility\n- Fixed issue where slash command arguments weren't being sent properly\n- (Mac-only) API keys are now stored in macOS Keychain\n\n## 0.2.26\n\n- New /approved-tools command for managing tool permissions\n- Word-level diff display for improved code readability\n- Fuzzy matching for slash commands\n\n## 0.2.21\n\n- Fuzzy matching for /commands\n", + "changelogLastFetched": 1759837425916, + "oauthAccount": { + "accountUuid": "b934c163-216b-46ec-bb38-15cf1217535b", + "emailAddress": "1hundredhz@gmail.com", + "organizationUuid": "f474a499-f0bc-4bbb-9fca-5fcf55d8d86f", + "displayName": "Valknar", + "organizationBillingType": "stripe_subscription", + "organizationRole": "admin", + "workspaceRole": null, + "organizationName": "1hundredhz@gmail.com's Organization" + }, + "claudeCodeFirstTokenDate": "2025-10-07T11:43:24.567449Z", + "hasCompletedOnboarding": true, + "lastOnboardingVersion": "2.0.9", + "projects": { + "/home/valknar/Apps/claude-desktop-debian": { + "allowedTools": [], + "history": [ + { + "display": "/exit", + "pastedContents": {} + }, + { + "display": "/init ", + "pastedContents": {} + }, + { + "display": "/exit", + "pastedContents": {} + } + ], + "mcpContextUris": [], + "mcpServers": {}, + "enabledMcpjsonServers": [], + "disabledMcpjsonServers": [], + "hasTrustDialogAccepted": true, + "ignorePatterns": [], + "projectOnboardingSeenCount": 3, + "hasClaudeMdExternalIncludesApproved": false, + "hasClaudeMdExternalIncludesWarningShown": false, + "exampleFiles": [ + "README.md", + "build.sh", + "build-deb.sh", + "main-push.yml", + "ci.yml" + ], + "lastTotalWebSearchRequests": 0, + "exampleFilesGeneratedAt": 1759837462041, + "lastCost": 0.27125489999999997, + "lastAPIDuration": 86796, + "lastToolDuration": 2804, + "lastDuration": 148331, + "lastLinesAdded": 0, + "lastLinesRemoved": 0, + "lastTotalInputTokens": 13094, + "lastTotalOutputTokens": 3784, + "lastTotalCacheCreationInputTokens": 38232, + "lastTotalCacheReadInputTokens": 128385, + "lastSessionId": "d293b4aa-0953-452e-8605-265b430280be" + }, + "/home/valknar": { + "allowedTools": [], + "history": [ + { + "display": "/init ", + "pastedContents": {} + }, + { + "display": "Create a new", + "pastedContents": {} + }, + { + "display": "/exit", + "pastedContents": {} + }, + { + "display": "/init ", + "pastedContents": {} + } + ], + "mcpContextUris": [], + "mcpServers": { + "filesystem": { + "type": "stdio", + "command": "pnpm", + "args": [ + "mcp-server-filesystem", + "repos/compose" + ], + "env": {} + } + }, + "enabledMcpjsonServers": [], + "disabledMcpjsonServers": [], + "hasTrustDialogAccepted": true, + "ignorePatterns": [], + "projectOnboardingSeenCount": 2, + "hasClaudeMdExternalIncludesApproved": false, + "hasClaudeMdExternalIncludesWarningShown": false, + "exampleFiles": [ + "app.vue", + "AppHeader.vue", + "main.css", + "page.tsx", + "nginx.conf" + ], + "hasCompletedProjectOnboarding": true, + "lastTotalWebSearchRequests": 0, + "exampleFilesGeneratedAt": 1760172820128, + "lastCost": 0.35914274999999996, + "lastAPIDuration": 144999, + "lastToolDuration": 4097, + "lastDuration": 237951, + "lastLinesAdded": 259, + "lastLinesRemoved": 0, + "lastTotalInputTokens": 24083, + "lastTotalOutputTokens": 5221, + "lastTotalCacheCreationInputTokens": 43371, + "lastTotalCacheReadInputTokens": 291989, + "lastSessionId": "f47f6bc3-f447-49f8-b62f-e1f9beec21fe" + } + }, + "hasOpusPlanDefault": false, + "lastReleaseNotesSeen": "2.0.9", + "s1mAccessCache": { + "f474a499-f0bc-4bbb-9fca-5fcf55d8d86f": { + "hasAccess": false, + "hasAccessNotAsDefault": false, + "timestamp": 1760172817696 + } + }, + "isQualifiedForDataSharing": false, + "fallbackAvailableWarningThreshold": 0.5, + "hasIdeOnboardingBeenShown": { + "vscode": true + } +} \ No newline at end of file diff --git a/.gitea/workflows/docs.pivoine.art.yaml b/.gitea/workflows/docs.pivoine.art.yaml index 3d2f6594..2c56021d 100644 --- a/.gitea/workflows/docs.pivoine.art.yaml +++ b/.gitea/workflows/docs.pivoine.art.yaml @@ -46,13 +46,3 @@ jobs: target: /var/www/docs.pivoine.art # Set to your deployment directory (for example /public_html) strip_components: 1 # This ensures that a subdirectory is not created rm: 1 - - name: Docker compose restart - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | - cd Projects/kompose/docs - docker compose restart diff --git a/.gitea/workflows/sexy.pivoine.art.yaml b/.gitea/workflows/sexy.pivoine.art.yaml index 20c5ca86..f331a03b 100644 --- a/.gitea/workflows/sexy.pivoine.art.yaml +++ b/.gitea/workflows/sexy.pivoine.art.yaml @@ -61,13 +61,3 @@ jobs: target: /var/www/sexy.pivoine.art # Set to your deployment directory (for example /public_html) strip_components: 1 # This ensures that a subdirectory is not created rm: 1 - - name: Docker compose restart - uses: appleboy/ssh-action@v1 - with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSWORD }} - port: ${{ secrets.PORT }} - script: | - cd Projects/kompose/sexy - docker compose restart diff --git a/.init/bin/mirror_project.sh b/.init/bin/mirror_project.sh index 4bf4ea3f..5bffcc4c 100755 --- a/.init/bin/mirror_project.sh +++ b/.init/bin/mirror_project.sh @@ -10,10 +10,12 @@ rm -rf $CURRENT_PROJECT/.env $CURRENT_PROJECT/**/uploads/ $CURRENT_PROJECT/**/*. if [[ `git add -A && git diff --quiet && git diff --cached --quiet` ]]; then # Changes + echo "CHANGES in ${CURRENT_PROJECT} - Mirroring..." git commit -m "$1" git push else # No changes + echo "NO CHANGES in ${CURRENT_PROJECT} - Aborting..." git reset echo "no changes to latest posts" exit 0 diff --git a/Projects/kompose/MIGRATION_GUIDE.md b/Projects/kompose/MIGRATION_GUIDE.md new file mode 100644 index 00000000..a50fc4af --- /dev/null +++ b/Projects/kompose/MIGRATION_GUIDE.md @@ -0,0 +1,315 @@ +# Kompose Configuration Update - Migration Guide + +## Overview + +This update restructures your Kompose project to be more secure and maintainable by: + +1. **Separating sensitive data** - All secrets moved to `secrets.env` +2. **Stack-scoped variables** - Configuration variables prefixed with stack names +3. **Centralized configuration** - All variables defined in top-level `.env` +4. **Automatic secret generation** - Generate cryptographically secure secrets with one command +5. **Traefik control** - Enable/disable Traefik per service with `${STACK}_TRAEFIK_ENABLED` + +## Files Created + +### 1. `.env` (Updated) +- Contains **NON-SENSITIVE** configuration for all stacks +- Variables are scoped with stack names (e.g., `TRACK_TRAEFIK_HOST`, `AUTH_DB_NAME`) +- Committed to git + +### 2. `secrets.env.template` +- Template file for generating secrets +- Contains placeholder values: `CHANGE_ME_GENERATE_WITH_KOMPOSE` +- Committed to git as a reference + +### 3. `secrets.env` (Generated) +- Contains **ALL SENSITIVE DATA** (passwords, tokens, keys) +- Auto-generated from template with `./kompose.sh --generate-secrets` +- **NEVER committed to git** (automatically added to `.gitignore`) + +### 4. `kompose.sh` (Updated) +- Now loads both `.env` and `secrets.env` +- New `--generate-secrets` command for generating random secrets +- Automatically backs up existing `secrets.env` before regeneration + +## Migration Steps + +### Step 1: Generate Secrets + +```bash +# This will create secrets.env from the template +./kompose.sh --generate-secrets +``` + +This command will: +- Read `secrets.env.template` +- Generate cryptographically secure random values for all secrets +- Save them to `secrets.env` +- Add `secrets.env` to `.gitignore` if not already present +- Backup existing `secrets.env` if it exists + +### Step 2: Update Your Stack Files + +Each stack needs to be updated to use the new variable naming pattern: + +#### Before (track/.env): +```bash +COMPOSE_PROJECT_NAME=track +DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest +DB_NAME=umami +TRAEFIK_HOST=umami.pivoine.art +APP_PORT=3000 +APP_SECRET=changeme +``` + +#### After (track/.env): +```bash +COMPOSE_PROJECT_NAME=track +# All other variables are now in root .env and secrets.env +``` + +#### Before (track/compose.yaml): +```yaml +environment: + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME} + APP_SECRET: ${APP_SECRET} +labels: + - 'traefik.enable=true' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`$TRAEFIK_HOST`)' +``` + +#### After (track/compose.yaml): +```yaml +environment: + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${TRACK_DB_NAME} + APP_SECRET: ${TRACK_APP_SECRET} +labels: + - 'traefik.enable=${TRACK_TRAEFIK_ENABLED}' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)' +``` + +### Step 3: Update Root .env + +Add configuration for each stack in the root `.env`: + +```bash +# ------------------------------------------------------------------- +# TRACK Stack (Umami Analytics) +# ------------------------------------------------------------------- +TRACK_TRAEFIK_ENABLED=true +TRACK_TRAEFIK_HOST=umami.pivoine.art +TRACK_DB_NAME=umami +TRACK_DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest +TRACK_APP_PORT=3000 +``` + +### Step 4: Update secrets.env.template + +Add secret placeholders for each stack: + +```bash +# ------------------------------------------------------------------- +# TRACK Stack Secrets (Umami) +# ------------------------------------------------------------------- +TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +``` + +### Step 5: Regenerate Secrets (if needed) + +After updating the template, regenerate secrets: + +```bash +./kompose.sh --generate-secrets +``` + +Your old secrets will be backed up automatically. + +## Variable Naming Convention + +### Stack Configuration Variables (in root .env) +``` +{STACK_NAME}_{VARIABLE_NAME} + +Examples: +TRACK_TRAEFIK_HOST=umami.pivoine.art +TRACK_DB_NAME=umami +TRACK_DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest +AUTH_TRAEFIK_HOST=auth.pivoine.art +AUTH_DB_NAME=keycloak +``` + +### Stack Secrets (in secrets.env) +``` +{STACK_NAME}_{SECRET_NAME} + +Examples: +TRACK_APP_SECRET= +AUTH_KC_ADMIN_PASSWORD= +DB_PASSWORD= +``` + +### Shared Variables (in root .env) +``` +DB_USER=valknar +DB_HOST=postgres +DB_PORT=5432 +ADMIN_EMAIL=admin@example.com +NETWORK_NAME=kompose +``` + +## Example Stack Configurations + +### Example 1: Track Stack (Umami) + +**Root .env:** +```bash +TRACK_TRAEFIK_ENABLED=true +TRACK_TRAEFIK_HOST=umami.pivoine.art +TRACK_DB_NAME=umami +TRACK_DOCKER_IMAGE=ghcr.io/umami-software/umami:postgresql-latest +``` + +**secrets.env.template:** +```bash +TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +``` + +**track/compose.yaml:** +```yaml +services: + umami: + image: ${TRACK_DOCKER_IMAGE} + environment: + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${TRACK_DB_NAME} + APP_SECRET: ${TRACK_APP_SECRET} + labels: + - 'traefik.enable=${TRACK_TRAEFIK_ENABLED}' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)' +``` + +### Example 2: Auth Stack (Keycloak) + +**Root .env:** +```bash +AUTH_TRAEFIK_ENABLED=true +AUTH_TRAEFIK_HOST=auth.pivoine.art +AUTH_DB_NAME=keycloak +AUTH_DOCKER_IMAGE=quay.io/keycloak/keycloak:latest +``` + +**secrets.env.template:** +```bash +AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE +``` + +**auth/compose.yaml:** +```yaml +services: + keycloak: + image: ${AUTH_DOCKER_IMAGE} + environment: + KC_DB_URL: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${AUTH_DB_NAME} + KC_BOOTSTRAP_ADMIN_PASSWORD: ${AUTH_KC_ADMIN_PASSWORD} + labels: + - 'traefik.enable=${AUTH_TRAEFIK_ENABLED}' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${AUTH_TRAEFIK_HOST}`)' +``` + +## Traefik Control + +Every service now has a `${STACK}_TRAEFIK_ENABLED` variable that controls whether Traefik routes to it: + +```yaml +labels: + - 'traefik.enable=${TRACK_TRAEFIK_ENABLED}' # true or false +``` + +To disable Traefik for a stack, simply set it to `false` in the root `.env`: + +```bash +TRACK_TRAEFIK_ENABLED=false +``` + +## Secret Generation Patterns + +The `--generate-secrets` command generates different types of secrets based on variable naming: + +| Variable Pattern | Generated Secret Type | Length | Example | +|-----------------|----------------------|--------|---------| +| `*_PASSWORD` | Alphanumeric password | 32 chars | `DB_PASSWORD`, `ADMIN_PASSWORD` | +| `*_SECRET`, `*_ENCRYPTION_KEY` | Hex string | 64 chars (32 bytes) | `TRACK_APP_SECRET`, `N8N_ENCRYPTION_KEY` | +| `*_TOKEN` | Alphanumeric token | 40 chars | `GITEA_RUNNER_TOKEN` | +| `*_HASH` | Hex hash | 64 chars (32 bytes) | `PASSWORD_HASH` | +| Default | Alphanumeric | 32 chars | Any other variable | + +## Security Best Practices + +### ✅ DO: +- Keep `secrets.env` in `.gitignore` +- Use the provided `secrets.env.template` as reference +- Regenerate secrets when setting up new environments +- Use stack-scoped variable names +- Store secrets in `secrets.env` only + +### ❌ DON'T: +- Commit `secrets.env` to git +- Hard-code secrets in compose files +- Share secrets in plain text (use password managers) +- Use the same secrets across environments +- Store configuration in stack `.env` files anymore + +## Quick Reference + +### Generate secrets: +```bash +./kompose.sh --generate-secrets +``` + +### Start all stacks: +```bash +./kompose.sh "*" up -d +``` + +### View help: +```bash +./kompose.sh --help +``` + +### List stacks: +```bash +./kompose.sh --list +``` + +## Troubleshooting + +### "Secrets file not found" +Run: `./kompose.sh --generate-secrets` + +### "Variable not set" errors +Make sure you've: +1. Updated root `.env` with stack-scoped variables +2. Generated `secrets.env` +3. Updated compose files to use new variable names + +### Need to regenerate a single secret? +Edit `secrets.env` directly and replace the value, or regenerate all secrets (old secrets will be backed up). + +## Example Complete Setup + +See the `.new` files in `track/` and `auth/` directories for complete examples of the new structure. + +To apply them: +```bash +cd track +mv compose.yaml.new compose.yaml +mv .env.new .env + +cd ../auth +mv compose.yaml.new compose.yaml +mv .env.new .env +``` + +Then regenerate your secrets: +```bash +./kompose.sh --generate-secrets +``` diff --git a/Projects/kompose/auth/.env.new b/Projects/kompose/auth/.env.new new file mode 100644 index 00000000..8c0e819e --- /dev/null +++ b/Projects/kompose/auth/.env.new @@ -0,0 +1,6 @@ +# Stack identification +COMPOSE_PROJECT_NAME=auth + +# Note: All configuration variables are now in the root .env file +# with AUTH_ prefix (e.g., AUTH_TRAEFIK_HOST, AUTH_DOCKER_IMAGE, AUTH_DB_NAME) +# All secrets are in secrets.env (e.g., AUTH_KC_ADMIN_PASSWORD) diff --git a/Projects/kompose/auth/compose.yaml.new b/Projects/kompose/auth/compose.yaml.new new file mode 100644 index 00000000..7807c010 --- /dev/null +++ b/Projects/kompose/auth/compose.yaml.new @@ -0,0 +1,41 @@ +name: auth + +services: + keycloak: + image: ${AUTH_DOCKER_IMAGE} + container_name: ${COMPOSE_PROJECT_NAME}_keycloak + restart: unless-stopped + environment: + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${AUTH_DB_NAME} + KC_DB_USERNAME: ${DB_USER} + KC_DB_PASSWORD: ${DB_PASSWORD} + KC_DB_SCHEMA: public + KC_HOSTNAME: https://${AUTH_TRAEFIK_HOST} + KC_HTTP_ENABLED: true + HTTP_ADDRESS_FORWARDING: true + KC_BOOTSTRAP_ADMIN_USERNAME: admin + KC_BOOTSTRAP_ADMIN_PASSWORD: ${AUTH_KC_ADMIN_PASSWORD} + KC_PROXY: edge + KC_FEATURES: docker + command: start + networks: + - kompose_network + labels: + - 'traefik.enable=${AUTH_TRAEFIK_ENABLED}' + - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.middlewares=${COMPOSE_PROJECT_NAME}-redirect-web-secure' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${AUTH_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.entrypoints=web' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${AUTH_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.middlewares=${COMPOSE_PROJECT_NAME}-web-secure-compress' + - 'traefik.http.services.${COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8080' + - 'traefik.docker.network=${NETWORK_NAME:-kompose}' + +networks: + kompose_network: + name: ${NETWORK_NAME:-kompose} + external: true diff --git a/Projects/kompose/secrets.env.template b/Projects/kompose/secrets.env.template new file mode 100644 index 00000000..b1d10cac --- /dev/null +++ b/Projects/kompose/secrets.env.template @@ -0,0 +1,51 @@ +# =================================================================== +# KOMPOSE - Secrets Configuration +# =================================================================== +# This file contains SENSITIVE data and should NOT be committed to git. +# Add secrets.env to your .gitignore file! +# +# Generate random secrets with: ./kompose.sh --generate-secrets +# =================================================================== + +# ------------------------------------------------------------------- +# Database Passwords (Shared) +# ------------------------------------------------------------------- +DB_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# Admin Passwords +# ------------------------------------------------------------------- +ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# Email/SMTP Passwords +# ------------------------------------------------------------------- +EMAIL_SMTP_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# AUTH Stack Secrets (Keycloak) +# ------------------------------------------------------------------- +AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# TRACK Stack Secrets (Umami) +# ------------------------------------------------------------------- +# APP_SECRET for Umami (64 character hex string) +TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE + +# ------------------------------------------------------------------- +# Add more stack secrets below (scope them with stack name) +# ------------------------------------------------------------------- +# BLOG_SECRET_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE +# CHAT_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE +# DATA_DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +# CODE_GITEA_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE +# etc... + +# Example secrets from your current .env that should be scoped: +# GITEA_RUNNER_REGISTRATION_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE +# NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +# JWT_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE +# N8N_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE +# DIRECTUS_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE +# PASSWORD_HASH=CHANGE_ME_GENERATE_WITH_KOMPOSE diff --git a/Projects/kompose/track/.env.new b/Projects/kompose/track/.env.new new file mode 100644 index 00000000..6d0846f1 --- /dev/null +++ b/Projects/kompose/track/.env.new @@ -0,0 +1,6 @@ +# Stack identification +COMPOSE_PROJECT_NAME=track + +# Note: All configuration variables are now in the root .env file +# with TRACK_ prefix (e.g., TRACK_TRAEFIK_HOST, TRACK_DOCKER_IMAGE) +# All secrets are in secrets.env (e.g., TRACK_APP_SECRET) diff --git a/Projects/kompose/track/compose.yaml.new b/Projects/kompose/track/compose.yaml.new new file mode 100644 index 00000000..89c79ace --- /dev/null +++ b/Projects/kompose/track/compose.yaml.new @@ -0,0 +1,37 @@ +name: track + +services: + umami: + image: ${TRACK_DOCKER_IMAGE} + container_name: ${COMPOSE_PROJECT_NAME}_app + restart: unless-stopped + environment: + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${TRACK_DB_NAME} + DATABASE_TYPE: postgresql + APP_SECRET: ${TRACK_APP_SECRET} + networks: + - kompose_network + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:3000/api/heartbeat || exit 1"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 40s + labels: + - 'traefik.enable=${TRACK_TRAEFIK_ENABLED}' + - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.middlewares=${COMPOSE_PROJECT_NAME}-redirect-web-secure' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRACK_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.entrypoints=web' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TRACK_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' + - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.middlewares=${COMPOSE_PROJECT_NAME}-web-secure-compress' + - 'traefik.http.services.${COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=3000' + - 'traefik.docker.network=${NETWORK_NAME:-kompose}' + +networks: + kompose_network: + name: ${NETWORK_NAME:-kompose} + external: true