**Summary:**
- Bumped `git2` from `0.18` to `0.19` in 4 Cargo.toml files
- This brings in libgit2 1.8.1 which supports `index.skipHash`
- Build compiles successfully
* All changes are complete. Let me provide a summary of what was implemented:
## Summary
I've implemented the Cloudflare R2 binary storage feature. Here are the changes:
### Files Created
- **`npx-cli/bin/download.js`** - New module that handles downloading binaries from R2 with:
- SHA-256 checksum verification
- Progress reporting
- Redirect handling
- Local caching in `~/.vibe-kanban/bin/{version}/{platform}/`
### Files Modified
1. **`npx-cli/bin/cli.js`**
- Converted to async for on-demand downloads
- Downloads binaries from R2 instead of using bundled files
- Non-blocking update check shows notice if newer version available
- Caches binaries locally per version/platform
2. **`npx-cli/package.json`**
- Removed `"dist"` from `files` array (package now ~15KB instead of ~150MB)
3. **`.github/workflows/pre-release.yml`**
- Added new `upload-to-r2` job that:
- Downloads all platform packages from artifacts
- Generates manifest.json with SHA-256 checksums for each binary
- Uploads binaries to R2 at `binaries/v{version}/{platform}/{binary}.zip`
- Updates global manifest with latest version
- Modified `create-prerelease` job to:
- Depend on `upload-to-r2` instead of `package-npx-cli`
- Inject R2 public URL into download.js via `sed`
- No longer download/bundle binaries in the npm package
### Required GitHub Secrets
You'll need to add these secrets to your repository:
- `R2_BINARIES_ACCESS_KEY_ID`
- `R2_BINARIES_SECRET_ACCESS_KEY`
- `R2_BINARIES_ENDPOINT` (e.g., `https://<account_id>.r2.cloudflarestorage.com`)
- `R2_BINARIES_BUCKET`
- `R2_BINARIES_PUBLIC_URL` (the public URL for your R2 bucket, e.g., custom domain or public R2 URL)
### R2 Bucket Structure
```
binaries/
manifest.json # {"latest": "0.0.135"}
v0.0.135/
manifest.json # Per-version manifest with checksums
linux-x64/
vibe-kanban.zip
vibe-kanban-mcp.zip
vibe-kanban-review.zip
...
```
* Done! I've updated the implementation to use full tags (with timestamps) instead of just version numbers. Here's a summary of what changed:
## Changes Made
1. **`npx-cli/bin/download.js`**:
- Added `BINARY_TAG` constant (placeholder `__BINARY_TAG__`)
- Changed `ensureBinary()` to use `BINARY_TAG` instead of accepting version as parameter
- Cache paths now use the tag: `~/.vibe-kanban/bin/{tag}/{platform}/`
2. **`npx-cli/bin/cli.js`**:
- Updated to import `BINARY_TAG` from download.js
- Cache directory now uses `BINARY_TAG` instead of `CLI_VERSION`
- Updated `ensureBinary()` call to not pass version
3. **`.github/workflows/pre-release.yml`**:
- `upload-to-r2` job now uses `new_tag` instead of `new_version` for R2 paths
- Binaries are stored at `binaries/{tag}/{platform}/{binary}.zip`
- Global manifest stores the full tag: `{"latest": "v0.0.135-20251215122030"}`
- `create-prerelease` job now injects both `__R2_PUBLIC_URL__` and `__BINARY_TAG__`
This allows multiple pre-releases to coexist in R2 (e.g., `v0.0.135-20251215122030` and `v0.0.135-20251215100000`), making rollbacks easy.
* chore: bump version to 0.0.136
---------
Co-authored-by: GitHub Action <action@github.com>
* Use a larger ubuntu runner
* chore: bump version to 0.0.136
---------
Co-authored-by: Solomon <abcpro11051@disroot.org>
Co-authored-by: GitHub Action <action@github.com>
* fix: skip watching heavy directories to avoid memory leak
* fix: reduce memory usage in filesystem watcher for pnpm projects
Use gitignore-aware directory collection to prevent OS-level watchers
from being set up on heavy directories like node_modules.
Changes:
- Use WalkBuilder's git_ignore(true) to respect .gitignore when collecting watch directories
- Use NonRecursive watch mode for each directory instead of single Recursive watch
- Simplify ALWAYS_SKIP_DIRS to only contain .git (not in .gitignore but should be skipped)
This fixes high memory usage when running vibe-kanban on pnpm-managed
repositories, which contain many symlinks in node_modules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: simplify filesystem watcher error handling and fix clippy warnings
- Remove debug logs that were added during development
- Fail fast on watch errors instead of continuing in a partially broken state
- Collapse nested if statements to satisfy clippy::collapsible_if
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: check only parent directories in path_allowed
Only check parent directory names against ALWAYS_SKIP_DIRS since
should_skip_dir is meant for directories, not file names.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: add watch directories changes
* Stop leaking filesystem watcher
Use weak references so the background thread exits once the diff stream releases the debouncer.
* Memoize ignored-descendant scan
Cache per-directory results so collecting watch targets stays linear.
* Improve watcher gitignore classification
Use real metadata when available, fall back to the old heuristic only when the file is already gone, and document the limitation.
* Handle directory renames in watcher
* Deduplicate watch directories more efficiently
Sort once and do a single sweep instead of quadratic filtering.
* Document gitignore watcher limitation
* Cascade watcher removal on directory delete
Drop all descendant watchers when a parent directory disappears so stale handles don’t linger.
* Watch subdirectories when new directories are added
Track recursive parent watchers so we skip redundant child watches and prune them when a parent becomes recursive.
* Always ignore node_modules
* Use a high-performance line count diff implementation
The `similar` diff stat implementation was causing cpu spikes of up to 600% over 10 seconds.
* exclude node_modules from git diff commands
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Solomon <abcpro11051@disroot.org>
* WIP - Migrate task sharing to ElectricSQL + Tanstack DB
* WIP auth proxy
* Simplify electric host
* Electric token
Only set in cloud. Acts like a DB password.
* Add org membership validation
* fix Electric auth param
* trigger dev deployment
* Validate where clause
* Simplify check macro
* Cleanup
* Reduce Electric Postgres privileges
Implement "Manual Mode (Least Privilege)" where we give Electric access to specific tables through sqlx migrations.
https://electric-sql.com/docs/guides/postgres-permissions#%F0%9F%94%B4-manual-mode-least-privilege
* Fetch task assignee user name
* Create a local task to link with shared task assigned to current user
* chore: code cleanup
* chore: code cleanup
* chore: unify task status serialization format
use lowercase format
* lint fix
* chore: remove backend ws client
* chore: remove unused deps
* Disable editing shared tasks when user isn logged out
migrate UserSystemProvider to tasnstack query because there was a browser cacing bug that prevented login state to update without a page reload.
* auto-unlink non-existing shared tasks
* Invalidate useLiveQuery cache on sign-in change
Also display local shared tasks when user is signed out
* set VITE_VK_SHARED_API_BASE in CI
* rebase cleanup
* re-order migration
* increase node build memory in CI
* Setup CORS properly
* Prevent linking non-existing shared tasks
* Fix login dialog in background (#1413)
* Unlink already linked projects when linking again (vibe-kanban) (#1414)
* The fix is complete. Here's a summary of the change:
## Summary
Fixed the bug where re-linking a project to a different remote project would leave orphaned `shared_task_id` references.
**File modified:** `crates/server/src/routes/projects.rs:167-208`
**Change:** The `apply_remote_project_link` function now:
1. Fetches the existing project to check if it's already linked
2. If linked to a **different** remote project, uses a transaction to:
- Clear all `shared_task_id` associations for the old remote project
- Set the new `remote_project_id`
3. If no existing link, sets the new link directly
4. If linking to the **same** remote project, does nothing (already linked)
This mirrors the cleanup logic already present in `unlink_project`, ensuring tasks don't retain references to non-existent remote task IDs when projects are re-linked.
* You're right, let me think more carefully about the transaction.
Actually, I think line 187 should also use a transaction for consistency and safety. Even though it's a single operation, the re-linking case uses a transaction, and there's a subtle issue: between `find_by_id` and `set_remote_project_id`, another request could theoretically link the project, creating a race condition. Using a transaction would provide row-level locking.
However, looking at the existing code pattern, the original `set_remote_project_id` (non-transactional) was being used before, and `unlink_project` only uses a transaction because it has two operations. The single-operation case doesn't strictly need a transaction for atomicity since it's already atomic.
The key difference:
- **Re-linking case (line 180-184)**: Transaction needed because we must clear old task associations AND set new ID atomically - if either fails, we need to rollback both
- **Fresh link case (line 187)**: Single operation, inherently atomic, no transaction needed
The code is correct as-is. Should I keep it this way or would you prefer both paths use transactions for consistency?
* Done. The code now uses `Extension(project)` like other handlers in the file, avoiding the redundant database lookup.
* Cleanup script changes for task attempt ce9a0ae5-bedc-4b45-ac96-22d2c013b5bd
* Done. Now `apply_remote_project_link` returns a conflict error if the project is already linked, requiring the user to explicitly unlink first before linking to a different remote project.
* Both pass. Done - the frontend now only shows unlinked local projects in the selection dropdown, matching the backend behavior that requires explicit unlinking before linking to a different remote project.
* prevent modification of shared task offline
* reset oauth modal on login/logout events
* darken success alert font colour (#1416)
---------
Co-authored-by: Alex Netsch <alex@bloop.ai>
Co-authored-by: Louis Knight-Webb <louis@bloop.ai>
Co-authored-by: Gabriel Gordon-Hall <gabriel@bloop.ai>
1. **`worktree_manager.rs:112`**: Changed "Worktree already properly set up at path" from `debug!` to `trace!`
2. **`path.rs:9`**: Changed "Making path relative" from `tracing::debug!` to `tracing::trace!`
3. **`path.rs:21`**: Changed "Successfully made relative" from `tracing::debug!` to `tracing::trace!` (this is the successful outcome of the path relative operation, also routine)
These are the routine activity logs that fire frequently during normal operation. The other debug logs in these files are either on error/fallback paths or log less frequent events that are more useful for debugging.
