Open
Conversation
- Introduced CODEBASE_ANALYSIS.md detailing project overview, directory structure, tech stack, entry points, and data schema. - This document serves as an authoritative reference for future development and structural inquiries.
- Introduced CLAUDE.md to provide comprehensive guidance for the Chatbox Community Edition project. - Document includes project overview, common commands for development, building, testing, and code quality, as well as architecture details and key documentation references.
… guidelines and resources - Added skills and references for optimizing React Native applications, including performance metrics, bundle analysis, and memory management. - Introduced new files for analyzing app and JS bundle sizes, avoiding barrel exports, and implementing code splitting. - Created a skills-lock.json to manage the new skills and their sources. - Enhanced documentation for onboarding and security guardrails related to performance optimizations.
- Added a new skill for converting Stitch designs into modular React components. - Included essential files such as package.json, README.md, and SKILL.md for documentation and usage instructions. - Implemented validation scripts and a fetch script for high-reliability data retrieval. - Established a style guide and architecture checklist to ensure code quality and consistency. - Introduced example components and a comprehensive API reference for effective integration.
…inciples - Introduced a new skill focused on Node.js best practices, covering framework selection, async patterns, security, and architecture. - Added SKILL.md with comprehensive guidelines and decision-making principles for effective Node.js development. - Updated skills-lock.json to include the new skill source and computed hash.
…js backend services - Added a new skill focused on building production-ready Node.js backend services using Express and Fastify. - Included comprehensive documentation in SKILL.md covering middleware patterns, error handling, authentication, and database integration. - Introduced advanced patterns and references for dependency injection, caching, and API response formatting. - Updated skills-lock.json to include the new skill source and computed hash.
…ystems - Introduced a new skill focused on building real-time communication systems using WebSockets and Socket.IO. - Added comprehensive documentation in SKILL.md covering core workflows, reference guides, code examples, and constraints. - Included references for alternatives, patterns, protocol, scaling, and security related to WebSocket implementations. - Updated skills-lock.json to include the new skill source and computed hash.
… review best practices - Added a new skill focused on PostgreSQL-specific code review, covering best practices, anti-patterns, and quality standards. - Included comprehensive documentation in SKILL.md detailing review areas such as JSONB operations, schema design, and security features. - Updated skills-lock.json to include the new skill source and computed hash.
…ion techniques - Introduced a new skill focused on PostgreSQL optimization, covering advanced features, performance tuning, and best practices. - Added comprehensive documentation in SKILL.md detailing JSONB operations, array types, window functions, and indexing strategies. - Updated skills-lock.json to include the new skill source and computed hash.
…y infrastructure - Added a comprehensive skill for operating Railway infrastructure, covering project creation, service provisioning, environment management, and troubleshooting. - Included detailed documentation in SKILL.md outlining the Railway resource model, URL parsing, preflight checks, common operations, and execution rules. - Introduced references for MongoDB, MySQL, PostgreSQL, Redis analysis, and configuration management. - Updated skills-lock.json to include the new skill source and computed hash.
…op applications - Added a comprehensive skill for developing applications using Electron, covering architecture, IPC communication, BrowserWindow management, and security best practices. - Included detailed documentation in SKILL.md outlining usage scenarios, example code, and best practices for Electron development. - Introduced new API references for app and BrowserWindow modules, along with examples for installation and packaging. - Updated skills-lock.json to include the new skill source and computed hash.
…umentation - Updated the Electron skill to focus on automating desktop applications using agent-browser via Chrome DevTools Protocol. - Revised SKILL.md to include new usage scenarios, detailed automation workflows, and examples for various Electron applications. - Removed outdated API references and examples to streamline documentation. - Updated skills-lock.json to reflect changes in the skill source and computed hash.
…er implementation - Introduced a new skill for implementing Prisma ORM v7 driver adapters, including detailed architecture and interface definitions. - Added comprehensive documentation in SKILL.md covering implementation steps, required interfaces, and transaction lifecycle protocols. - Updated skills-lock.json to include the new skill source and computed hash.
… adapter references - Introduced a new skill for upgrading from Prisma ORM v6 to v7, including a detailed migration guide in SKILL.md covering breaking changes, upgrade steps, and important notes. - Added references for driver adapters, environment variable management, and ESM/CommonJS support. - Updated skills-lock.json to include the new skill source and computed hash. - Included additional documentation for handling specific scenarios like Prisma Accelerate and configuration management.
…and management - Added a new skill for Prisma Postgres, providing comprehensive guidance on setup, management, and integration across various workflows. - Included detailed documentation in SKILL.md covering CLI provisioning, Management API usage, and programmatic integration. - Created references for console operations, create-db CLI commands, and Management API SDK usage. - Updated skills-lock.json to include the new skill source and computed hash.
- Introduced a comprehensive skill for Prisma CLI, covering commands for database management, migrations, and seeding. - Added detailed documentation in SKILL.md, including usage patterns, command options, and best practices. - Created references for individual commands such as `db execute`, `db pull`, `db push`, and `migrate` operations. - Updated skills-lock.json to include the new skill source and computed hash.
…prehensive documentation - Introduced a new skill for Prisma Client API, detailing model queries, filters, operators, and client methods. - Added extensive documentation in SKILL.md, covering when to apply the skill, rule categories, quick references, and examples for CRUD operations. - Created references for client methods, query options, filters, and transactions to enhance usability. - Updated skills-lock.json to include the new skill source and computed hash.
…h various database providers - Introduced a comprehensive skill for setting up Prisma with multiple database providers including PostgreSQL, MySQL, SQLite, MongoDB, CockroachDB, SQL Server, and Prisma Postgres. - Added detailed documentation in SKILL.md covering setup instructions, configuration files, environment variables, and common issues for each database. - Created references for each database provider to enhance usability and streamline the setup process. - Updated skills-lock.json to include the new skill source and computed hash.
…ge platform - Introduced a comprehensive README.md detailing the ChatBridge platform, its features, architecture, quick start guide, and plugin development instructions. - Added a technical specification (SPEC.md) outlining the architecture, tech stack, plugin protocol, message protocol, and security measures for the ChatBridge system. - Both documents aim to provide clear guidance for developers and users interacting with the ChatBridge platform.
… and testing guidelines - Updated CLAUDE.md to reflect the new ChatBridge project overview and architecture, replacing references to Chatbox with ChatBridge. - Added comprehensive code style rules for TypeScript and React, ensuring consistency across the codebase. - Introduced security guidelines covering secrets management, iframe sandboxing, and postMessage validation to enhance application security. - Established testing rules emphasizing the importance of rigorous testing for plugin integration and API endpoints, along with a structured testing directory. - Created additional documentation files for code style, security, and testing to support developers in maintaining high standards.
…and clarify resource references - Revised CLAUDE.md to include updated paths for documentation files related to the ChatBridge project. - Enhanced clarity on the authoritative nature of CODEBASE_ANALYSIS.md and SPEC.md, emphasizing their importance for developers. - Added new documentation files for project requirements and guidelines, improving overall resource organization.
- Introduced a new documentation file, IMPLEMENTATION_PLAN.md, detailing the build sequence, key decisions, and critical path for the ChatBridge project. - Outlined milestones for backend and frontend development, including specific goals, time estimates, and required files for each phase. - Provided a full turn-by-turn flow of user interactions with the ChatBridge system, enhancing clarity on the application's operational structure.
- Introduced a new documentation file, INTERVIEW_QA.md, capturing key questions and answers from the design interview conducted on 2026-04-02. - Documented critical decisions regarding build order, WebSocket integration, multi-tool synchronization, iframe placement, and LLM pipeline management. - This comprehensive Q&A serves as a reference for understanding the rationale behind implementation choices and design considerations for the ChatBridge project.
- Enhanced the IMPLEMENTATION_PLAN.md with a detailed day-by-day schedule, including milestones and deliverables for the development phases. - Added a fallback plan outlining potential cuts and alternative deliverables based on project progress. - Specified the LLM provider as Anthropic Claude Sonnet 4.6, detailing its integration and usage across the application. - Updated key decisions regarding build order and history persistence, improving clarity on the project's operational structure.
…ChatBridge - Revised CLAUDE.md to reflect the transition from OpenAI to Anthropic Claude Sonnet 4.6, including updates to the tech stack and API key references. - Updated prompts.md to specify Anthropic API calls and their handling in the backend. - Enhanced security.md to replace OpenAI API key references with Anthropic API key guidelines. - Modified testing.md to reflect changes in mocking strategy for the Anthropic Claude API. - Adjusted README.md and SPEC.md to clarify the integration of Anthropic Claude and its implications for the ChatBridge platform.
…g details for ChatBridge - Introduced a new session log documenting the architecture interview conducted on 2026-04-02, highlighting key decisions and implementation strategies. - Created `IMPLEMENTATION_PLAN.md` outlining a detailed build plan with milestones, schedules, and a dependency graph. - Added `INTERVIEW_QA.md` capturing verbatim Q&A from the interview, including decision summaries. - Updated multiple documentation files to reflect the transition from OpenAI to Anthropic Claude, ensuring consistency across the project. - Documented troubleshooting issues encountered during the session and their resolutions.
…streaming Implements Milestone 0: thin backend with no auth middleware, no tool calls. - Express server with health endpoint and static file serving - WebSocket server (noServer mode) with JWT auth on upgrade - Anthropic messages.stream() text streaming → token events to client - Prisma schema: User, Conversation, Message - PrismaClient and Anthropic singletons - Seed script creates demo@chatbridge.app and prints test JWT Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… in Docker The production main build tried to bundle Electron deps (source-map-support, electron, etc.) which aren't available in Docker (--ignore-scripts). When CHATBOX_BUILD_PLATFORM=web, use externalizeDepsPlugin() for the main build so all node_modules are externalized. This lets electron-vite build all three targets (main/preload/renderer) without failing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…web builds externalizeDepsPlugin reads deps from package.json but source-map-support is a transitive dep not listed there. Add it to the include list so the main process build doesn't fail trying to resolve it in Docker. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ted deps externalizeDepsPlugin only externalizes packages.json dependencies, missing transitive deps like source-map-support, adm-zip, etc. For web/Docker builds, externalize all non-relative imports since the main/preload outputs aren't used — only the renderer matters. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ctly The previous approach used a Vite plugin config hook to set rollupOptions.external, but the static external array in the build config overwrote it. Moving the function directly into rollupOptions ensures it's applied for web/Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ite in Docker electron-vite always builds main+preload+renderer, but main/preload fail in Docker because Electron native deps are unavailable. Using vite directly with vite.web.config.ts builds only the renderer, which is all the web deployment needs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…pplies Without .npmrc present during install, pnpm uses default isolated node_modules. Transitive deps like katex (needed by rehype-katex) aren't accessible, breaking the vite build. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Frontend was hardcoded to localhost:3000 as the API base. In production on Railway, frontend and backend share the same origin, so use window.location.origin when served over HTTPS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tions The /api/auth/demo endpoint returned 503 "Demo not configured" because the demo@chatbridge.app user was never created in the Railway database. Add seed step to the startup command so it runs after migrations. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… process Updated the Dockerfile to use standalone Vite for building the renderer, ensuring compatibility without Electron native dependencies. Adjusted the API base URL to dynamically use window.location.origin in production, preventing localhost references. Fixed the .npmrc copying order to ensure proper dependency resolution during installation. Successfully deployed to Railway, with the frontend now loading and connecting to the backend API. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…initialize Without allow-same-origin, sandboxed iframes get an opaque null origin which prevents React apps from accessing browser APIs during initialization. The apps crash silently before sending the ready postMessage, causing the 5s timeout. Also tightens postMessage targetOrigin from wildcard to the resolved app origin. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tify OAuth redirect Spotify rejects redirect_uri values without a protocol scheme as "Unsafe". The Railway CLIENT_URL variable was set without https://, causing OAuth to fail. This adds a defensive check in code and the Railway variable has been updated. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… session log for iframe sandbox issue resolution
… creation Spotify returned 403 on playlist creation because the stored token lacked playlist-modify scopes (likely from a prior authorization with fewer scopes). - Add show_dialog=true to force fresh consent screen with all scopes - Clear stored token on 403 so re-auth gets correct scopes - Switch Spotify app to disconnected state on permission_denied Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The previous fix created an infinite loop: 403 → clear token → reconnect → 403.
The scopes are correct (consent screen confirms playlist permissions), so clearing
the token was wrong. The 403 is likely a Spotify development mode restriction.
Changes:
- Use POST /me/playlists instead of POST /users/{id}/playlists
- Create private playlists (public: false) which may work in dev mode
- Remove token-clearing on 403 to stop the reconnect loop
- Add scope logging to OAuth callback for debugging
- Don't force disconnect UI state on permission_denied
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…for playlist creation Three fixes for Spotify playlist track addition failing with 403: 1. Sequential searches with delays instead of parallel Promise.all to avoid dev mode rate limits 2. Retry addTracksToPlaylist once with 1.5s delay on 403 (propagation) 3. Return partial success (playlist created, warning) instead of failing the entire request when track addition fails 4. Reuse the access token from createPlaylist for addTracksToPlaylist to avoid redundant DB lookups and potential token refresh race conditions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Spotify dev mode consistently returns 403 on POST /playlists/{id}/tracks
with JSON body, even with correct scopes. Add two fallback strategies:
1. POST with URIs as query parameter (alternative API format)
2. PUT /playlists/{id}/tracks (replace items instead of add)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: addTracksToPlaylist was using a potentially stale access token override from createPlaylist, and batch-adding all tracks which makes 403 errors all-or-nothing. Also, playlists were created as private which may have additional restrictions in Spotify Development Mode. Changes: - Create playlists as public (avoids Dev Mode private playlist restrictions) - Always fetch fresh token from DB for track addition (no stale override) - Add tracks one at a time with 300ms delays (isolates failures) - Refresh token and retry on first 403 error - Handle 429 rate limits with retry-after header - Increase post-creation delay to 2s for Spotify propagation - Add detailed logging for each track add/fail Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds POST /api/internal/spotify/debug-add-track that tests:
1. GET /me — verify token validity
2. GET /playlists/{id} — verify playlist access/ownership
3. POST /playlists/{id}/tracks — attempt track addition with full response headers
Returns raw API responses to diagnose the persistent 403 Forbidden.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Spotify deprecated POST /playlists/{id}/tracks in favor of
POST /playlists/{id}/items as of February 2026. This was the root cause
of the persistent 403 Forbidden when adding tracks to playlists.
- Use /items as primary endpoint, fall back to /tracks for older apps
- Update diagnostic endpoint to test both /items and /tracks paths
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
LLMs often send trackQueries as a single comma-separated string instead of a JSON array, e.g. "Track1 Artist1, Track2 Artist2" instead of ["Track1 Artist1", "Track2 Artist2"]. This caused the entire string to be used as one search query, finding nothing. Fix in both server Zod schema and frontend App.tsx to split comma-separated strings into individual track queries. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ent timeouts Creating playlists with 10+ tracks was timing out because: - Tool result timeout was 10s (both server and frontend) - Tracks were added one at a time with 300ms delays (~8s for 10 tracks) - Track searches were sequential with 200ms delays (~12s for 10 tracks) Changes: - Increase tool result timeout to 60s (server chatHandler + frontend ChatBridgeFrame) - Batch all track additions in one Spotify API call (up to 100 per request) - Search tracks in concurrent batches of 5 instead of sequentially - Reduce post-creation delay from 2s to 500ms Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… and improving track addition logic Diagnosed and fixed issues causing Spotify playlists to be created without tracks: - Updated to use the new /items endpoint for adding tracks, as /tracks is deprecated. - Implemented logic to split comma-separated track queries into an array for proper handling. - Increased tool timeout to 60 seconds and optimized track addition by batching requests. - Enhanced error handling and logging for better diagnostics. All changes deployed and verified on Railway, resulting in successful playlist creation with tracks.
Updated .gitignore to exclude the .playwright-mcp/ directory, ensuring that Playwright-related files are not tracked in the repository.
- Added a new document outlining the plan to replace hardcoded app array in `GET /api/apps` with database queries. - Detailed steps include seeding existing apps, updating the GET endpoint to use Prisma, verifying registration and status update endpoints, and ensuring frontend compatibility. - Included migration checklist and edge case considerations for smooth transition to the new system.
- Created a new admin panel for reviewing app registrations, including a `GET /api/apps/all` endpoint to fetch all apps regardless of status. - Developed a new route component for the admin page, displaying app details in a table with actions for approving or rejecting apps. - Added routing for the admin panel and integrated a sidebar link for navigation. - Documented the K-12 trust and safety strategy, outlining sandbox isolation, data minimization, app vetting, content filtering, and runtime protections. - Added tests for the new API endpoint to ensure proper functionality and response structure.
…elds and admin panel - Introduced `authRequired` and `authProvider` fields in the `AppRegistration` model to support OAuth for third-party apps. - Updated the Prisma schema and created a migration for the new fields. - Modified the seed script to include authentication requirements for the Spotify app. - Implemented a new admin panel for reviewing app registrations, allowing admins to approve or reject apps. - Added a `GET /api/apps/all` endpoint to fetch all app registrations, regardless of status, and updated the existing `GET /api/apps` endpoint to return only approved apps. - Enhanced tests to cover new functionality, ensuring proper handling of app registration and status updates.
…tion - Created an admin panel for app review, including a new `GET /api/apps/all` endpoint to retrieve all apps regardless of status. - Developed a UI for the admin page with app details, approval/rejection functionality, and integrated sidebar navigation. - Authored a comprehensive trust & safety document outlining key safety measures and practices. - Added backend tests to ensure the functionality of the new endpoint and admin features. - Resolved various issues encountered during implementation, including database connectivity and environment configuration.
- Introduced a new plan for enabling seamless switching between multiple third-party apps within a single conversation session, preserving each app's state. - Refactored `chatBridgeStore` to support a per-app map structure, allowing for explicit app status management and an active app pointer. - Updated `controller.ts` to handle app activation logic, ensuring proper suspension and restoration of app states. - Enhanced `ChatBridgeFrame` to manage multiple iframes, rendering only the active app while maintaining internal states. - Modified tool injection logic to only include tools for the currently active app, reducing token costs and preventing calls to suspended apps. - Updated session generation logic to include a list of previously used apps for easy switching back. - Added comprehensive edge case handling to ensure robust app management during state transitions.
Contributor
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
[Please provide a detailed description of your contribution, including the main changes and their purpose]
Additional Notes
[If you have any additional comments or notes, please add them here]
Screenshots
[Optional: Include screenshots that help explain your PR]
Contributor Agreement
By submitting this Pull Request, I confirm that I have read and agree to the following terms:
Please check the box below to confirm:
[ ] I have read and agree with the above statement.