feat: add autosaving

[ypatel2022]

Summary

Adds optional editor autosave with a configurable delay, plus safer save/discard behavior so pending autosaves do not overwrite discarded or deleted changes.

Screenshots

Testing

• pnpm lint
• pnpm typecheck
• pnpm test
• pnpm build
• Added or updated high-quality tests that would catch regressions, or explained why tests were not needed

AI Review Report

• Scope reviewed: editor autosave, autosave settings UI/persistence, discard/delete coordination, and the editor
  • stale in-memory editor buffers across tab/worktree switches
  • persistence/defaulting/migration of new settings
  • path handling for external file mutations
  • cross-platform behavior for macOS, Linux, and Windows
• What I changed or verified as a result:
  • Verified the new settings defaults and persistence coverage for editorAutoSave and editorAutoSaveDelayMs.
  • Verified autosave quiesce behavior for discard/delete flows and confirmed destructive actions now wait for
    pending saves before proceeding.
  • Verified the new external-file matching uses joinPath/relative-path matching rather than hardcoded separators.
  • Ran:
    • pnpm vitest run src/main/persistence.test.ts src/renderer/src/components/editor/editor-autosave.test.ts
    • pnpm vitest run src/renderer/src/components/terminal-pane/terminal-link-handlers.test.ts src/renderer/src/
      lib/path.test.ts
    • pnpm run typecheck:web
    • pnpm run typecheck:node
  • All of the above passed.
  • No additional review-driven code changes were made in this pass beyond flagging the hidden-listener regression.

Cross-platform confirmation

Yes — the review explicitly checked cross-platform compatibility for macOS, Linux, and Windows, including:

• shortcuts: reviewed Cmd vs Ctrl handling and confirmed the flagged issue affects both platform families
• labels: no new platform-specific shortcut labels were introduced by this PR
• paths: verified the new logic uses path helpers instead of assuming / or \
• shell behavior: no shell-launch/runtime shell logic was changed by this PR
• Electron-specific platform differences: reviewed the touched discard/delete flows and did not find new Electron
  platform misuse in the changed code

Net: the PR looks solid on persistence, path handling, and save/discard coordination.

Security Audit

Basic security review for this PR focused on the new autosave path, settings persistence, and discard/delete
coordination.

• Input handling: reviewed the new editorAutoSave and editorAutoSaveDelayMs settings. The delay is clamped in the
  settings UI and normalized again at the autosave write site, so missing, hand-edited, NaN, or out-of-range values
  fall back to a safe bounded delay instead of becoming immediate-save behavior.

• Command execution: no new shell, subprocess, or arbitrary command execution was introduced. The PR only uses existing
  renderer-to-main IPC for file writes, deletes, git discard, and settings persistence.

• Path handling: reviewed file mutation paths for autosave, discard, and delete flows. The new matching logic uses
  existing absolute filePath values plus joinPath/worktree-relative matching rather than hardcoded separators, so no
  new macOS/Linux/Windows path portability risk was introduced in this change.

• IPC surface: no new privileged IPC endpoints were added. The PR reuses existing window.api.settings,
  window.api.fs.writeFile, window.api.fs.deletePath, and window.api.git.discard flows. The main risk reviewed here was
  write ordering: pending autosaves could previously land after discard/delete. The new quiesce flow addresses that
  race before destructive mutations proceed.

• Auth/secrets: no auth, token, credential, or secret-handling code was added or modified.

• Dependencies: no new dependencies were added as part of this PR. There is an unrelated local package.json
  modification in the worktree, but it was not part of the autosave feature/security review.

  Fixes Enable auto-saving for file editing #216