feat: Add terminal profile support for tmux session management

[jellydn]

What

Add terminal profile support for running AI reviews within terminal multiplexers (tmux). Users can now configure their preferred terminal session manager, and all AI reviews will run within grouped sessions per workspace.

Why

Running AI reviews in individual VSCode terminals makes it difficult to manage multiple concurrent reviews. Terminal multiplexers like tmux provide:

• Session persistence - Reviews survive terminal closes
• Grouped management - All reviews in one workspace session
• Better visibility - Monitor multiple reviews simultaneously

How

• Added seal-code.terminalProfile config setting (default | tmux)
• Created terminalProfile.ts module with session/window management
• Implements decoupled tmux operations with shell readiness detection:
  1. Ensure session exists
  2. Create target window
  3. Wait for shell readiness (poll with timeout)
  4. Send command to window
• Graceful fallback prompt when tmux binary is unavailable
• 14 passing unit tests

User Stories Completed

• ✅ US-001: Add terminal profile configuration
• ✅ US-002: Implement tmux session management
• ✅ US-005: Handle missing multiplexer gracefully
• 🔜 US-003/004: Screen/zellij support (deferred)

Test Plan

• Unit tests pass (14 tests in terminalProfile.test.ts)
• Typecheck passes
• Lint passes
• Manual testing with tmux installed
• Manual testing with tmux missing (fallback prompt)

[changeset-bot]

⚠️ No Changeset found

Latest commit: eac56fd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ralph/terminal-profile

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @jellydn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the AI review workflow by introducing support for running AI review commands within tmux sessions. This allows users to better manage and persist their AI review processes, grouping them by workspace. The implementation includes robust tmux detection, intelligent session and window naming, and a user-friendly fallback mechanism if tmux is not installed, ensuring that the feature is both powerful and resilient.

Highlights

• Terminal Profile Configuration: Introduced a new configuration setting, seal-code.terminalProfile, allowing users to choose between 'default' (VSCode terminal) and 'tmux' for running AI reviews. This setting is documented in package.json and README.md.
• Tmux Session Management: Implemented a dedicated terminalProfile module to handle tmux integration. This includes detecting tmux availability, generating sanitized workspace-specific session names (e.g., sealcode-my-project), and constructing tmux commands to create or attach to sessions and execute AI review commands within new tmux windows.
• Graceful Fallback for Missing Tmux: Added logic to detect if tmux is installed. If tmux is selected in the configuration but not found on the system, the user is prompted with a quick pick to either 'Use Default Terminal' or 'Cancel' the operation, ensuring a smooth user experience.
• Integration into AI Review Workflow: The executeAIReview function has been updated to read the seal-code.terminalProfile setting and apply the chosen terminal execution method. If tmux is selected and available, the AI review command is wrapped and executed within a tmux session; otherwise, it defaults to the standard VSCode terminal.
• Comprehensive Unit Testing: New unit tests have been added for the terminalProfile module, covering getSessionName (including various sanitization scenarios) and buildTmuxCommand (testing command formatting and single-quote escaping), ensuring the robustness of the tmux integration.
• Documentation Updates: The AGENTS.md development guidelines have been expanded with new sections on file structure and testing, and the ralph/prd.json and ralph/progress.txt files provide detailed user stories, acceptance criteria, and implementation notes for the terminal profile feature.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new 'terminal profile' feature, allowing AI review commands to be executed within a tmux session for better management. A high-severity command injection vulnerability has been identified in the new terminalProfile.ts module, where the function for building the tmux command does not properly escape all its inputs, creating a risk of arbitrary code execution. Additionally, there's an opportunity for refactoring to improve the consistency of string sanitization for tmux names.

[gemini-code-assist]

The buildTmuxCommand function is vulnerable to command injection. It constructs a shell command by directly interpolating the sessionName and windowName parameters into the command string without proper shell escaping. While the calling code in src/commands.ts currently provides sanitized input, the function itself is inherently insecure. If this utility function is reused in the future with unsanitized input (e.g., a raw user-provided string), it could allow an attacker to execute arbitrary commands. For example, a sessionName like foo; reboot would result in the reboot command being executed. To ensure security, utility functions should be robust and not rely on the caller for sanitization.

export function buildTmuxCommand(sessionName: string, windowName: string, command: string): string {
  const escapedCommand = command.replace(/'/g, `'\''`);

  // To prevent command injection, arguments to shell commands must be escaped.
  const safeSessionName = sessionName.replace(/'/g, `'\''`);
  const safeWindowName = windowName.replace(/'/g, `'\''`);

  return `tmux new-session -A -s '${safeSessionName}' -n '${safeWindowName}' -d && tmux send-keys -t ${safeSessionName}:${safeWindowName} '${escapedCommand}' Enter && tmux attach -t '${safeSessionName}'`;
}

[gemini-code-assist]

The sanitization logic for windowName is inconsistent with the more robust logic used for sessionName in getSessionName (in src/terminalProfile.ts). This could result in poorly formatted tmux window names, for example with multiple or trailing hyphens.

To improve consistency and code reuse, I recommend extracting the sanitization logic into a new exported utility function in src/terminalProfile.ts and using it for both the session name and the window name.

Recommendation:

1. In src/terminalProfile.ts, create a new exported function like sanitizeForTmux with the logic from getSessionName.
2. Update getSessionName to use this new function.
3. In this file (src/commands.ts), import sanitizeForTmux and use it to sanitize the windowName.

For example, this line could be changed to:

const windowName = sanitizeForTmux(`${templateName ?? 'review'}-${aiTool ?? 'ai'}`);