Skip to content

fix: Windows compatibility, PATH handling, and SSH execution improvements#268

Merged
pedramamini merged 5 commits into0.15.0-rcfrom
0.15.0-rc-win-fixes-tests
Jan 31, 2026
Merged

fix: Windows compatibility, PATH handling, and SSH execution improvements#268
pedramamini merged 5 commits into0.15.0-rcfrom
0.15.0-rc-win-fixes-tests

Conversation

@pedramamini
Copy link
Copy Markdown
Collaborator

@pedramamini pedramamini commented Jan 31, 2026

Summary

This PR contains Windows compatibility fixes, PATH handling improvements, and SSH execution enhancements for the 0.15.0 release.

Changes

  • PATH Expansion: Consolidated PATH building logic into shared utilities (buildExpandedPath, buildExpandedEnv)
  • CLI Storage: Fixed path handling to use native path.join instead of path.posix.join for Windows compatibility
  • Shell Escaping: Added proper shell argument escaping utility for cmd.exe and PowerShell
  • Stream JSON Format: Fixed Claude Code stream-json input format to use correct type: 'user' structure
  • SSH Remote Execution: Improved SSH remote execution with here-document support for large prompts
  • Test Platform Awareness: Updated tests to be platform-aware for cross-platform compatibility
  • Type Fixes: Corrected ToolType usage and added explicit typing for state management

Testing

  • All TypeScript type checks pass
  • Shell escaping utility includes comprehensive test coverage
  • Platform-specific tests updated for cross-platform compatibility

chr1syy and others added 5 commits January 31, 2026 18:06
@chr1syy @pedramamini
fix: resolve Windows test failures for cross-platform compatibility
795c37c 
- Fix locale formatting issues in AgentSessionsModal and AgentPromptComposerModal tests
- Update path normalization in stats-db tests for Windows compatibility
- Correct mock signatures in AutoRun and agent-spawner tests
- Make agent detection tests platform-aware (powershell.exe vs bash)
- Fix PATH expansion test to handle platform-specific delimiters
- Ensure consistent 'en-US' locale usage across components and tests

All tests now pass on both Windows and Unix systems.
@chr1syy @pedramamini
fix: Windows PATH issues and SSH remote execution improvements
5656366 
- Fix Windows agent execution by using buildExpandedEnv for proper PATH expansion
- Add PowerShell support for SSH commands to handle long command lines (32K+ chars)
- Implement here document support for large OpenCode prompts over SSH
- Add raw stdin prompt sending for agents without stream-json support
- Restrict inline wizard to Claude, Claude Code, and Codex (OpenCode incompatible)
- Improve argument escaping for both cmd.exe and PowerShell shells
- Update tsconfig.main.json to include shared files for proper compilation
- Enhance agent path resolution for packaged Electron applications
- Add read-only mode for OpenCode in wizard conversations
- Update tests and UI components for better SSH remote configuration
@pedramamini
fix: address PR review issues for Windows compatibility
cbc7729 
- Fix CLI storage path handling: use path.join instead of path.posix.join
  for proper Windows path construction on local filesystem operations

- Fix streamJsonBuilder format: restore correct Claude Code stream-json
  format with type: 'user' and nested message structure (was incorrectly
  changed to type: 'user_message' which causes Claude CLI errors)

- Add shellEscape utility: create proper shell argument escaping module
  with documentation and comprehensive tests for cmd.exe and PowerShell

- Refactor ChildProcessSpawner: use new shellEscape utility instead of
  inline escaping logic for better maintainability

- Fix type errors: correct ToolType usage (remove invalid 'claude' value)
  and add explicit Record<string, AgentSshRemoteConfig> typing
@pedramamini
feat: add in-graph markdown preview for Document Graph
37e55bd 
Add a new preview panel that opens within the Document Graph view when
pressing Enter on a focused node. This allows exploring markdown files
without leaving the graph view.

Changes:
- Enter key now opens in-graph preview panel (double-click to recenter)
- Preview panel slides in from the right with full markdown rendering
- Escape closes the preview and returns focus to the graph for navigation
- Preview content is focusable for keyboard scrolling
- Updated Help panel to reflect new keyboard shortcuts
@pedramamini
## CHANGES
3f5fc40 
- Added IPC/API to fetch earliest recorded stats timestamp instantly 🧭
- Stats DB now computes earliest date across key tracking tables accurately 🧠
- Settings modal displays “since YYYY-MM-DD” alongside stats database size 📅
@pedramamini pedramamini merged commit 7d30875 into 0.15.0-rc Jan 31, 2026
3 checks passed
@claude
Copy link
Copy Markdown

claude bot commented Jan 31, 2026

Pull Request Review: Windows Compatibility and SSH Execution Improvements

This is a comprehensive PR addressing Windows compatibility, PATH handling, and SSH remote execution improvements. Changes span 67 files with 1,588 additions and 683 deletions.

Strengths

1. Excellent Shell Escaping Implementation

The new shellEscape.ts module is well-designed with comprehensive test coverage (140 lines), clear documentation with Microsoft references, and proper separation of cmd.exe vs PowerShell escaping logic.

2. Critical Bug Fixes

  • CLI Storage Path: Changed from path.posix.join to path.join for Windows compatibility (fixes history storage)
  • Stream JSON Format: Correctly restores Claude Code stream-json format with type: user

3. Comprehensive Test Platform Awareness

All tests properly updated to be platform-aware using path.delimiter, path.normalize(), and platform-specific expectations.

Critical Issues

1. Remaining Bug in storage.ts:440

The legacy history write path STILL uses path.posix.join instead of path.join:

const filePath = path.posix.join(getConfigDir(), 'maestro-history.json'); // ❌ Should be path.join

This needs to be fixed before merge.

2. Security: Shell Escaping Edge Cases

In ChildProcessSpawner.ts:184, escapeArgsForShell escapes each argument individually, but when spawning with shell: true, arguments are concatenated which could lead to shell injection vulnerabilities.

Recommendation: Add security testing for arguments containing shell metacharacters like &, |, ;, etc.

3. Type Safety Issue (process.ts:43-44)

Using Record<string, any> defeats TypeScript type safety. Should define proper AgentConfig interface.

Important Issues

4. Console.log in Production Code

ChildProcessSpawner.ts:331-337 uses direct console.log instead of the logger. Should use logger.debug for consistency.

5. Large Prompt Logging Security

Windows logging could expose sensitive information in prompts. Consider adding verbose flag and redacting sensitive patterns (API keys, tokens).

Recommendations Summary

Critical (Must Fix Before Merge):

  1. Fix path.posix.join on line 440 of storage.ts
  2. Review shell escaping for injection vulnerabilities
  3. Replace any type with proper interfaces

Important (Should Fix):
4. Replace console.log with logger calls
5. Add tests for DocumentGraph preview feature
6. Review SSH here-document implementation for security

Nice to Have:
7. Add CHANGELOG entry for 0.15.0
8. Consider caching expanded PATH
9. Extract magic numbers to constants

Conclusion

This is high-quality work with excellent shell escaping implementation and comprehensive test coverage. The main concerns are the remaining path.posix.join bug, potential shell injection vectors, and type safety.

Recommendation: Request changes to address critical issues above, then approve after fixes. The work is solid and moves Maestro toward better Windows support.

Great work overall!

Reviewed using repository CLAUDE.md for context and conventions.

@pedramamini pedramamini deleted the 0.15.0-rc-win-fixes-tests branch February 7, 2026 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pedramamini @chr1syy