feat: Claude session profiles + light UI mode

main.js

@@ -11,6 +11,7 @@ const { assertPathAllowed, addAllowedRoot } = require('./path-guard');
 const { buildClaudeCmd } = require('./claude-cmd');
 const { isSafeExternalUrl } = require('./url-guard');
 const branding = require('./branding');
+const profilesModule = require('./profiles');
 
 // Sync IPC for the preload to fetch the brand-strings snapshot at load
 // time. ipcMain.on handles sendSync via event.returnValue.
@@ -1120,6 +1121,21 @@ ipcMain.handle('open-terminal', async (_event, sessionId, projectPath, isNew, se
         ptyEnv.CLAUDE_CODE_SSE_PORT = String(mcpServer.port);
       }
 
+      // Apply Claude profile env (per-session profileId → fall back to global default).
+      // Profile values override base env. Refs like "$DEEPSEEK_API_KEY" resolve against
+      // the host process env; unresolved refs are dropped (not passed through literally).
+      try {
+        const profile = profilesModule.pickProfileForSession(sessionOptions?.profileId);
+        if (profile) {
+          const resolved = profilesModule.resolveEnv(profile.env);
+          Object.assign(ptyEnv, resolved);
+          const dropped = Object.keys(profile.env).filter(k => !(k in resolved));
+          log.info(`[profiles] Applied "${profile.name}" (${profile.id}): ${Object.keys(resolved).length} var(s)${dropped.length ? `, ${dropped.length} unresolved ref(s) dropped: ${dropped.join(',')}` : ''}`);
+        }
+      } catch (err) {
+        log.error(`[profiles] Failed to apply profile: ${err.message}`);
+      }
+
       // Schedule cleanup of the system-prompt temp file once the shell has
       // had time to $(cat ...) it into the command line. Also unlink on
       // session exit and app quit as belt-and-braces.
@@ -1451,6 +1467,7 @@ app.whenReady().then(() => {
   }
 
   scheduleIpc.init(log, runScheduleCommand);
+  profilesModule.init(log);
   startScheduler(log, runScheduleCommand);
 
   // Re-index search if FTS table was recreated (e.g. tokenizer config change)

preload.js

@@ -42,6 +42,14 @@ contextBridge.exposeInMainWorld('api', {
   runScheduleNow: (filePath) => ipcRenderer.invoke('run-schedule-now', filePath),
   getShellProfiles: () => ipcRenderer.invoke('get-shell-profiles'),
 
+  // Claude profiles (env-var bundles applied at session spawn)
+  profiles: {
+    list: () => ipcRenderer.invoke('profiles:list'),
+    save: (profile) => ipcRenderer.invoke('profiles:save', profile),
+    delete: (id) => ipcRenderer.invoke('profiles:delete', id),
+    setDefault: (id) => ipcRenderer.invoke('profiles:set-default', id),
+  },
+
   browseFolder: () => ipcRenderer.invoke('browse-folder'),
   addProject: (projectPath) => ipcRenderer.invoke('add-project', projectPath),
   removeProject: (projectPath) => ipcRenderer.invoke('remove-project', projectPath),

profiles.js

@@ -0,0 +1,183 @@
+// profiles.js — Claude session profiles: per-profile env var overrides
+//
+// A profile is a named bundle of environment variables that get merged into
+// a session's pty env at spawn time. Values can be either:
+//   - literal strings (e.g. "https://api.deepseek.com/anthropic")
+//   - references to system environment variables: "$DEEPSEEK_API_KEY"
+//     or "${DEEPSEEK_API_KEY}". Unresolved refs are dropped (not passed
+//     through as the literal string), so secrets never leak into the
+//     command line if the host env var is missing.
+//
+// Persistence: <userData>/profiles.json. Plain JSON (no encryption) since
+// values are either literals or *references*; actual secrets stay in the
+// host process env. Atomic write via tmp+rename.
+
+const fs = require('fs');
+const path = require('path');
+
+const ENV_NAME_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
+const ENV_REF_RE = /^\$(?:\{([A-Za-z_][A-Za-z0-9_]*)\}|([A-Za-z_][A-Za-z0-9_]*))$/;
+const ID_RE = /^[A-Za-z0-9_-]{1,64}$/;
+const MAX_PROFILES = 32;
+const MAX_ENV_VARS = 64;
+const MAX_VALUE_LEN = 4096;
+
+let _profilesPathOverride = null;
+
+function setProfilesPathForTesting(p) { _profilesPathOverride = p; }
+
+function profilesPath() {
+  if (_profilesPathOverride) return _profilesPathOverride;
+  const { app } = require('electron');
+  return path.join(app.getPath('userData'), 'profiles.json');
+}
+
+function isPlainObject(o) {
+  return o !== null && typeof o === 'object' && !Array.isArray(o);
+}
+
+function isValidProfile(p) {
+  if (!isPlainObject(p)) return false;
+  if (typeof p.id !== 'string' || !ID_RE.test(p.id)) return false;
+  if (typeof p.name !== 'string' || !p.name.trim() || p.name.length > 100) return false;
+  if (!isPlainObject(p.env)) return false;
+  const keys = Object.keys(p.env);
+  if (keys.length > MAX_ENV_VARS) return false;
+  for (const k of keys) {
+    if (!ENV_NAME_RE.test(k)) return false;
+    const v = p.env[k];
+    if (typeof v !== 'string' || v.length > MAX_VALUE_LEN) return false;
+  }
+  return true;
+}
+
+function emptyState() { return { profiles: [], defaultProfileId: null }; }
+
+function loadProfiles() {
+  try {
+    const raw = fs.readFileSync(profilesPath(), 'utf8');
+    const data = JSON.parse(raw);
+    if (!isPlainObject(data)) return emptyState();
+    const profiles = Array.isArray(data.profiles)
+      ? data.profiles.filter(isValidProfile).slice(0, MAX_PROFILES)
+      : [];
+    const defaultProfileId = (typeof data.defaultProfileId === 'string'
+      && profiles.find(p => p.id === data.defaultProfileId))
+      ? data.defaultProfileId
+      : null;
+    return { profiles, defaultProfileId };
+  } catch {
+    return emptyState();
+  }
+}
+
+function saveProfiles(state) {
+  const target = profilesPath();
+  fs.mkdirSync(path.dirname(target), { recursive: true });
+  const tmp = target + '.tmp';
+  fs.writeFileSync(tmp, JSON.stringify(state, null, 2));
+  fs.renameSync(tmp, target);
+}
+
+// Resolve a profile's env map: substitute $VAR / ${VAR} references against
+// processEnv (defaults to process.env). Unresolved refs are DROPPED, not
+// passed through as the literal "$VAR" string.
+function resolveEnv(envMap, processEnv) {
+  const env = processEnv || process.env;
+  const out = {};
+  if (!isPlainObject(envMap)) return out;
+  for (const [k, v] of Object.entries(envMap)) {
+    if (typeof v !== 'string') continue;
+    const m = ENV_REF_RE.exec(v);
+    if (m) {
+      const refName = m[1] || m[2];
+      const resolved = env[refName];
+      if (typeof resolved === 'string' && resolved.length > 0) {
+        out[k] = resolved;
+      }
+      // unresolved → skip
+    } else {
+      out[k] = v;
+    }
+  }
+  return out;
+}
+
+function getProfileById(id) {
+  if (typeof id !== 'string' || !id) return null;
+  const { profiles } = loadProfiles();
+  return profiles.find(p => p.id === id) || null;
+}
+
+function getDefaultProfile() {
+  const { profiles, defaultProfileId } = loadProfiles();
+  if (!defaultProfileId) return null;
+  return profiles.find(p => p.id === defaultProfileId) || null;
+}
+
+// Pick the profile to apply for a session given a per-session profileId
+// (which may be undefined, meaning "use default", or the literal string
+// "none", meaning "no profile — pass-through").
+function pickProfileForSession(profileId) {
+  if (profileId === 'none') return null;
+  if (profileId) return getProfileById(profileId);
+  return getDefaultProfile();
+}
+
+function init(log) {
+  const { ipcMain } = require('electron');
+
+  ipcMain.handle('profiles:list', () => loadProfiles());
+
+  ipcMain.handle('profiles:save', (_e, profile) => {
+    if (!isValidProfile(profile)) return { ok: false, error: 'invalid profile' };
+    const state = loadProfiles();
+    const idx = state.profiles.findIndex(p => p.id === profile.id);
+    if (idx >= 0) {
+      state.profiles[idx] = profile;
+    } else {
+      if (state.profiles.length >= MAX_PROFILES) {
+        return { ok: false, error: `max ${MAX_PROFILES} profiles` };
+      }
+      state.profiles.push(profile);
+    }
+    saveProfiles(state);
+    if (log) log.info(`[profiles] Saved profile "${profile.name}" (${profile.id})`);
+    return { ok: true };
+  });
+
+  ipcMain.handle('profiles:delete', (_e, id) => {
+    if (typeof id !== 'string' || !ID_RE.test(id)) return { ok: false, error: 'invalid id' };
+    const state = loadProfiles();
+    const before = state.profiles.length;
+    state.profiles = state.profiles.filter(p => p.id !== id);
+    if (state.defaultProfileId === id) state.defaultProfileId = null;
+    saveProfiles(state);
+    if (log) log.info(`[profiles] Deleted profile ${id} (${before - state.profiles.length} removed)`);
+    return { ok: true };
+  });
+
+  ipcMain.handle('profiles:set-default', (_e, id) => {
+    const state = loadProfiles();
+    if (id && (typeof id !== 'string' || !state.profiles.find(p => p.id === id))) {
+      return { ok: false, error: 'unknown profile' };
+    }
+    state.defaultProfileId = id || null;
+    saveProfiles(state);
+    return { ok: true };
+  });
+}
+
+module.exports = {
+  init,
+  loadProfiles,
+  saveProfiles,
+  resolveEnv,
+  getProfileById,
+  getDefaultProfile,
+  pickProfileForSession,
+  isValidProfile,
+  setProfilesPathForTesting,
+  ENV_REF_RE,
+  ENV_NAME_RE,
+};

public/app.js

@@ -1,3 +1,10 @@
+// Apply persisted light UI mode (toggled in Global Settings → "Light UI mode")
+try {
+  if (localStorage.getItem('lightUiMode') === '1') {
+    document.body.classList.add('theme-light');
+  }
+} catch {}
+
 const statusBarInfo = document.getElementById('status-bar-info');
 const statusBarActivity = document.getElementById('status-bar-activity');
 const terminalsEl = document.getElementById('terminals');

public/dialogs.js

@@ -76,10 +76,14 @@ async function launchScheduleCreator(project) {
   pollActiveSessions();
 }
 
-function showNewSessionPopover(project, anchorEl) {
+async function showNewSessionPopover(project, anchorEl) {
   // Remove any existing popover
   document.querySelectorAll('.new-session-popover').forEach(el => el.remove());
 
+  // Load profiles so we can offer per-profile launch entries.
+  let profilesData = { profiles: [], defaultProfileId: null };
+  try { profilesData = await window.api.profiles.list(); } catch {}
+
   const popover = document.createElement('div');
   popover.className = 'new-session-popover';
 
@@ -99,6 +103,51 @@ function showNewSessionPopover(project, anchorEl) {
   termBtn.onclick = () => { popover.remove(); launchTerminalSession(project); };
 
   popover.appendChild(claudeBtn);
+
+  // Per-profile launch entries — one button per saved profile.
+  // Default profile shows "(default)" suffix; clicking launches with that profile.
+  // If no profiles exist, this section is empty.
+  if (profilesData.profiles.length > 0) {
+    const sep = document.createElement('div');
+    sep.className = 'popover-separator';
+    sep.textContent = 'Profiles';
+    popover.appendChild(sep);
+    for (const profile of profilesData.profiles) {
+      const isDefault = profile.id === profilesData.defaultProfileId;
+      const profBtn = document.createElement('button');
+      profBtn.className = 'popover-option popover-option-profile';
+      // Static SVG icon assigned via innerHTML; profile.name is appended as text
+      // (createTextNode), which is XSS-safe regardless of name content.
+      profBtn.innerHTML = '<svg class="popover-option-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="8" r="4"/><path d="M4 21v-2a4 4 0 014-4h8a4 4 0 014 4v2"/></svg> ';
+      profBtn.appendChild(document.createTextNode(profile.name));
+      if (isDefault) {
+        const tag = document.createElement('span');
+        tag.className = 'popover-default-tag';
+        tag.textContent = 'default';
+        profBtn.appendChild(document.createTextNode(' '));
+        profBtn.appendChild(tag);
+      }
+      profBtn.onclick = async () => {
+        popover.remove();
+        const opts = await resolveDefaultSessionOptions(project);
+        opts.profileId = profile.id;
+        launchNewSession(project, opts);
+      };
+      popover.appendChild(profBtn);
+    }
+  }
+
+  // Manage profiles entry
+  const manageBtn = document.createElement('button');
+  manageBtn.className = 'popover-option popover-option-manage';
+  manageBtn.innerHTML = `<svg class="popover-option-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 00.33 1.82l.06.06a2 2 0 11-2.83 2.83l-.06-.06a1.65 1.65 0 00-1.82-.33 1.65 1.65 0 00-1 1.51V21a2 2 0 01-4 0v-.09a1.65 1.65 0 00-1-1.51 1.65 1.65 0 00-1.82.33l-.06.06a2 2 0 11-2.83-2.83l.06-.06a1.65 1.65 0 00.33-1.82 1.65 1.65 0 00-1.51-1H3a2 2 0 010-4h.09a1.65 1.65 0 001.51-1 1.65 1.65 0 00-.33-1.82l-.06-.06a2 2 0 112.83-2.83l.06.06a1.65 1.65 0 001.82.33h0a1.65 1.65 0 001-1.51V3a2 2 0 014 0v.09a1.65 1.65 0 001 1.51h0a1.65 1.65 0 001.82-.33l.06-.06a2 2 0 112.83 2.83l-.06.06a1.65 1.65 0 00-.33 1.82v0a1.65 1.65 0 001.51 1H21a2 2 0 010 4h-.09a1.65 1.65 0 00-1.51 1z"/></svg> Manage profiles…`;
+  manageBtn.onclick = () => { popover.remove(); window.showProfilesManager && window.showProfilesManager(); };
+  popover.appendChild(manageBtn);
+
+  const sep2 = document.createElement('div');
+  sep2.className = 'popover-separator';
+  popover.appendChild(sep2);
+
   popover.appendChild(claudeOptsBtn);
   popover.appendChild(termBtn);
 
@@ -171,6 +220,8 @@ async function launchTerminalSession(project) {
 
 async function showNewSessionDialog(project) {
   const effective = await window.api.getEffectiveSettings(project.projectPath);
+  let profilesData = { profiles: [], defaultProfileId: null };
+  try { profilesData = await window.api.profiles.list(); } catch {}
 
   const overlay = document.createElement('div');
   overlay.className = 'new-session-overlay';
@@ -180,6 +231,8 @@ async function showNewSessionDialog(project) {
 
   let selectedMode = effective.permissionMode || null;
   let dangerousSkip = effective.dangerouslySkipPermissions || false;
+  // Default profile selection: '' = "use global default" (whatever is set), 'none' = no profile.
+  let selectedProfileId = '';
 
   const modes = [
     { value: null, label: 'Default', desc: 'Prompt for all actions' },
@@ -203,6 +256,21 @@ async function showNewSessionDialog(project) {
       <div class="settings-label">Permission Mode</div>
       <div class="permission-grid" id="nsd-mode-grid">${renderModeGrid()}</div>
     </div>
+    <div class="settings-field">
+      <div class="settings-field-info">
+        <span class="settings-label">Profile</span>
+        <div class="settings-description">Override env vars (e.g. ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN) at spawn</div>
+      </div>
+      <div class="settings-field-control">
+        <select class="settings-input" id="nsd-profile" style="width:200px">
+          <option value="">${profilesData.defaultProfileId
+            ? 'Default (' + escapeHtml((profilesData.profiles.find(p => p.id === profilesData.defaultProfileId) || {}).name || '') + ')'
+            : 'Default (none)'}</option>
+          <option value="none">No profile (pass-through)</option>
+          ${profilesData.profiles.map(p => `<option value="${escapeHtml(p.id)}">${escapeHtml(p.name)}</option>`).join('')}
+        </select>
+      </div>
+    </div>
     <div class="settings-field">
       <div class="settings-field-info">
         <span class="settings-label">Worktree</span>
@@ -287,6 +355,8 @@ async function showNewSessionDialog(project) {
     if (preLaunch) options.preLaunchCmd = preLaunch;
     options.addDirs = dialog.querySelector('#nsd-add-dirs').value.trim();
     if (effective.mcpEmulation === false) options.mcpEmulation = false;
+    const profileSel = dialog.querySelector('#nsd-profile').value;
+    if (profileSel) options.profileId = profileSel;  // '' means use default; otherwise either 'none' or a profile id
     close();
     launchNewSession(project, options);
   }

public/index.html

@@ -111,6 +111,7 @@
   <script src="viewer-panel.js"></script>
   <script src="file-panel.js"></script>
   <script src="settings-panel.js"></script>
+  <script src="profiles-panel.js"></script>
   <script src="utils.js"></script>
   <script src="terminal-themes.js"></script>
   <script src="terminal-manager.js"></script>