fix(web): preserve project terminal history

[skulidropek]

Summary

• Preserve browser project terminal history by configuring tmux with history-limit 50000 before the first pane is created.
• Enable tmux mouse mode for project terminals so wheel scroll moves through terminal history instead of shell command history.
• Keep auth terminals conservative and continue suppressing focus reporting bytes that can corrupt TUIs.
• Add explicit xterm scrollback: 50000 and regression tests for terminal query suppression and tmux attach command rendering.
• Keep CI green by removing a duplicated app test that violated the app/lib boundary and by aligning shared Grok auth args with the app implementation.

Fixes #317

Screenshots

Web terminal with PR/CI status:

Project terminal at latest output before scrolling:

Same project terminal after mouse-wheel scrolling up to older preserved output:

Validation

• rtk bun run lint:effect
• rtk bun run lint
• rtk bun run check
• rtk bun run test
• rtk proxy git diff --check
• GitHub Actions on a07145e: 19 passed, 0 failed

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 04557ad8-e5fc-480f-b126-6833975d0948

📥 Commits

Reviewing files that changed from the base of the PR and between 3e2dad8 and 06e8f7c.

📒 Files selected for processing (1)

• packages/lib/src/usecases/auth-grok-oauth.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Runtime volumes + SSH)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

🔇 Additional comments (5)

packages/lib/src/usecases/auth-grok-oauth.ts (5)

9-13: LGTM!

---

56-77: LGTM!

---

79-87: LGTM!

---

122-136: LGTM!

---

147-149: LGTM!

---

📝 Walkthrough

Summary by CodeRabbit

Примечания к выпуску

• Новые функции

  • Добавлена поддержка отслеживания мыши в терминале с возможностью настройки.
  • Реализована аутентификация через device-code flow для Grok вместо браузерного OAuth.
  • Добавлены параметры конфигурации для подавления терминальных запросов.

• Улучшения

  • Улучшено управление сеансами tmux: теперь переиспользуются существующие сеансы с автоматической настройкой истории и параметров.

• Тесты

  • Расширены проверки поведения терминала и аутентификации.

Walkthrough

PR добавляет ограничение истории терминала (history-limit) в tmux, включает поддержку мыши, реализует опциональное подавление mouse tracking в зависимости от контекста сессии, и переводит Grok аутентификацию с OAuth на device-auth flow с выделенным обработчиком терминальной сессии.

Changes

Конфигурация терминальной сессии с историей и управлением мышью

Layer / File(s)	Summary
Tmux attach script с history-limit и mouse support packages/api/src/services/terminal-sessions.ts, packages/api/tests/terminal-sessions.test.ts	Скрипт tmux инициализирует сервер, устанавливает глобально и для сессии history-limit 50000, включает mouse on перед attach. Тесты проверяют наличие этих компонент и их последовательность.
Query suppression options с условным mouse tracking packages/app/src/web/terminal-query-suppression.ts, packages/app/tests/docker-git/terminal-query-suppression.test.ts	Новый тип TerminalQuerySuppressionOptions с флагом allowMouseTracking разделяет mouse-tracking режимы от focus-reporting и условно подавляет их в зависимости от параметра. Тесты проверяют условное подавление при allowMouseTracking: true.
Runtime options инициализация packages/app/src/web/terminal-panel-runtime-core.ts	createTerminalRuntime расширена параметром options с полем querySuppression, переданным в installTerminalQuerySuppression при инициализации.
Browser-aware mouse tracking в session mounting packages/app/src/web/terminal-panel-runtime.ts	shouldAllowTerminalMouseTracking предикат включает mouse tracking для сессий с browserProjectId. mountTerminalSession передаёт это решение в createTerminalRuntime через querySuppression.allowMouseTracking.
Grok terminal session attachment helper packages/app/src/docker-git/program-auth.ts	Новый attachGrokTerminalSession helper валидирует сессию и делегирует вызов attachTerminalSession с заголовком "GrokOauth" и вычисленным websocket путём. Импорты расширены типами ApiTerminalSession и ошибок. handleGrokLoginCommand упрощена использованием helper.
Grok device-auth flow packages/lib/src/usecases/auth-grok-oauth.ts	Авторизация переведена с OAuth browser на device-code headless flow. buildDockerGrokAuthArgs добавляет флаг --device-auth. printDeviceAuthInstructions заменяет OAuth инструкции, направляя на device code копирование и verification URL открытие.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ProverCoderAI/docker-git#309: Оба PR модифицируют renderTmuxAttachCommand в packages/api/src/services/terminal-sessions.ts и соответствующие тесты для изменения сборки tmux attach скрипта.

🚥 Pre-merge checks | ✅ 7

✅ Passed checks (7 passed)

Check name	Status	Explanation
Title check	✅ Passed	Заголовок в точности соответствует главному изменению: сохранение истории проекта в веб-терминале через настройку tmux с history-limit.
Description check	✅ Passed	Описание содержит все требуемые разделы: Summary, Requirements Alignment, Verification, скриншоты и ссылку на issue #317, полностью соответствует шаблону.
Linked Issues check	✅ Passed	Изменения кода соответствуют требованиям issue #317: настройка tmux history-limit 50000, включение mouse mode, сохранение консервативного поведения для auth-терминалов, регрессионные тесты, xterm scrollback 50000.
Out of Scope Changes check	✅ Passed	Все изменения в пределах scope issue #317: терминальная история, tmux настройки, mouse tracking, query suppression и тесты. Удаление дублированного теста соответствует целям CI.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Requirements Alignment	✅ Passed	Все требования реализованы: tmux history 50000, mouse включён, mouse-tracking условно, focus подавлен, scrollback 50000, тесты добавлены, device-auth работает. Противоречий не найдено.
Security Regression	✅ Passed	No high-confidence security regressions. Shell commands properly escaped, paths validated, no credential exposure, no dangerous Docker configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch issue-317

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/api/tests/terminal-sessions.test.ts`:
- Around line 250-256: The test currently uses multiple
expect(command).toContain(...) assertions which do not enforce ordering; update
the assertions in packages/api/tests/terminal-sessions.test.ts to assert the
relative order of "history-limit 50000" and "new-session -d -s" (and any other
ordering invariants) by comparing their indices in the command string (e.g.,
using command.indexOf("history-limit 50000") < command.indexOf("new-session -d
-s")) or a single regex that enforces the sequence; modify the assertions that
reference the variable command to use index-based or regex ordering checks
instead of plain toContain so the test fails if the order is reversed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 140c18cc-7607-4468-97ac-aa921d5b4575

📥 Commits

Reviewing files that changed from the base of the PR and between e7107a6 and 25fedfe.

⛔ Files ignored due to path filters (2)

• docs/pr-screenshots/issue-317/terminal-latest-output.png is excluded by !**/*.png
• docs/pr-screenshots/issue-317/terminal-scrolled-history.png is excluded by !**/*.png

📒 Files selected for processing (11)

• packages/api/src/services/terminal-sessions.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/src/web/panel-terminal.tsx
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Clone cache)
• GitHub Check: Lint
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (OpenCode)
• GitHub Check: Test
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/api/tests/terminal-sessions.test.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/api/tests/terminal-sessions.test.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

🧠 Learnings (1)

📚 Learning: 2026-05-18T07:43:38.131Z

Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 313
File: packages/api/src/services/panel-cloudflare-tunnel.ts:123-135
Timestamp: 2026-05-18T07:43:38.131Z
Learning: In this repo’s ProverCoderAI/docker-git architecture, it is intentional for service modules under packages/api/src/services/ to call Node.js APIs directly (e.g., fs, child_process, fetch). Do not treat direct Node API usage in these service modules as a dependency-injection (DI) violation. This codebase provides the NodeContext at the program boundary (entry point) rather than injecting Context.Tag/Layer services into individual service modules; reviewers should only flag DI/context issues if the expected boundary setup is missing.

Applied to files:

• packages/api/src/services/terminal-sessions.ts

🔇 Additional comments (14)

packages/app/src/docker-git/api-client-auth.ts (1)

30-32: LGTM!

packages/app/src/docker-git/api-client.ts (1)

36-38: LGTM!

packages/app/src/docker-git/program-auth.ts (4)

4-4: LGTM!

Also applies to: 16-19, 23-23, 25-25

---

49-51: LGTM!

---

63-72: LGTM!

---

128-128: LGTM!

packages/app/src/web/app-ready-terminal-screen.tsx (2)

12-12: LGTM!

---

524-524: LGTM!

packages/app/src/web/panel-terminal.tsx (1)

14-14: LGTM!

packages/api/src/services/terminal-sessions.ts (1)

979-985: LGTM!

packages/app/src/web/terminal-query-suppression.ts (1)

3-5: LGTM!

Also applies to: 36-59, 78-96, 113-121, 123-159

packages/app/tests/docker-git/terminal-query-suppression.test.ts (1)

126-131: LGTM!

Also applies to: 225-237

packages/app/src/web/terminal-panel-runtime-core.ts (1)

33-33: LGTM!

Also applies to: 41-43, 83-97

packages/app/src/web/terminal-panel-runtime.ts (1)

171-173: LGTM!

Also applies to: 183-187, 251-251

[skulidropek]

AI Session Backup

Commit: a07145e
Status: success
Files: 3 (4.24 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/src/usecases/auth-grok-oauth.ts`:
- Line 76: The command return now includes the "--device-auth" flag (see the
returned array containing spec.image, "grok", "login", "--device-auth"), but the
file's top-of-file documentation/comments (previously describing a
browser/interactive flow) and the docblock/example around line 112 still mention
the old flow; update those comments and examples to describe the device-auth
behavior and how to complete device authentication (including any expected CLI
output and next steps), remove references to browser/interactive flow, and align
any examples or parameter descriptions to match the new "--device-auth" flag and
flow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2d5d0b97-e2da-4132-9a3e-92b8684c3553

📥 Commits

Reviewing files that changed from the base of the PR and between 25fedfe and a07145e.

📒 Files selected for processing (2)

• packages/app/tests/docker-git/core-templates.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

💤 Files with no reviewable changes (1)

• packages/app/tests/docker-git/core-templates.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Lint Effect-TS
• GitHub Check: Test
• GitHub Check: Types
• GitHub Check: Lint
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

🔇 Additional comments (1)

packages/lib/src/usecases/auth-grok-oauth.ts (1)

44-52: LGTM!

[skulidropek]

AI Session Backup

Commit: 58902d1
Status: success
Files: 3 (6.60 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[skulidropek]

AI Session Backup

Commit: 3e2dad8
Status: success
Files: 4 (8.01 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[skulidropek]

AI Session Backup

Commit: 06e8f7c
Status: success
Files: 4 (8.30 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean