Add three HTTP endpoints for OAuth login without terminal access:
- GET /oauth/authorize — generates PKCE params, redirects to
claude.com/cai/oauth/authorize with code=true and full scopes
- GET /callback — exchanges auth code for tokens via JSON POST to
platform.claude.com/v1/oauth/token, writes ~/.claude/.credentials.json
- GET /oauth/status — returns current credential state as JSON
Uses SHA-256 (sha2 crate) for PKCE code challenge. The authorize URL
targets claude.com/cai/ (not platform.claude.com) which is required
for Max/Pro subscriptions to grant user:inference scope.
Users visit http://localhost:3001/oauth/authorize in their browser
to authenticate. Matrix/WhatsApp can send this link when auth fails.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Commit e4227cf (a story creation auto-commit) erroneously deleted 175
files from master's tree, likely due to a race condition between
concurrent git operations. This commit re-adds all files from the
working directory.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Bumps server/Cargo.toml and frontend/package.json to 0.4.1
- Release script now auto-bumps both version files when run
- Changelog generation matches both "storkit:" and "story-kit:" prefixes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Generate structured changelogs from completed stories instead of raw
commit messages. Group by features, bug fixes, and refactors. Filter
out story-kit automation commits.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Test commands in run_project_tests now use wait-timeout to enforce a
600-second ceiling, preventing hung processes (e.g. Playwright with no
server) from blocking the merge pipeline indefinitely. Also disables
e2e tests in script/test until the merge workspace can run them safely.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add end-to-end encryption support to the Matrix bot using the matrix-sdk
crypto features. The bot now:
- Enables E2EE on the Matrix client with cross-signing bootstrapping
- Auto-verifies its own cross-signing identity on startup
- Handles key verification requests from other users automatically
- Sends encrypted messages in E2EE-enabled rooms
- Adds MATRIX_STORE_PATH config for persistent crypto store
Squash merge of feature/story-194_story_enable_matrix_e2ee_with_cross_signing_verification_on_bot
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add HTML formatted_body to Matrix bot messages so that markdown-style
formatting (code blocks, bold, italic, lists) renders properly in Matrix
clients. Uses the pulldown-cmark crate to convert markdown to HTML and
sets the message format to org.matrix.custom.html.
Story: 188_story_render_matrix_bot_messages_with_html_formatting
Add notify-based filesystem watcher for .story_kit/work/ that
auto-commits changes with deterministic messages and broadcasts
events over WebSocket. Push full pipeline state (Upcoming, Current,
QA, To Merge) to frontend on connect and after every watcher event.
Strip dead UI: remove ReviewPanel, GatePanel, TodoPanel,
UpcomingPanel and all associated REST polling. Replace with 4
generic StagePanel components driven by WebSocket. Simplify
AgentPanel to roster-only.
Delete all 11 workflow HTTP endpoints and 16 request/response types
from the server. Clean dead code from workflow module. MCP tools
call Rust functions directly and need none of the HTTP layer.
Net: ~4,100 lines deleted, ~400 added.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add git worktree isolation for concurrent story agents. Each agent now
runs in its own worktree with setup/teardown commands driven by
.story_kit/project.toml config. Agents stream output via SSE and support
start/stop lifecycle with Pending/Running/Completed/Failed statuses.
Backend: config.rs (TOML parsing), worktree.rs (git worktree lifecycle),
refactored agents.rs (broadcast streaming), agents_sse.rs (SSE endpoint).
Frontend: AgentPanel.tsx with Run/Stop buttons and streaming output log.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
dave
Timmy