Commit Graph

61 Commits

  • fix: make saveAliases atomic on Unix by skipping unnecessary unlink before rename
    On Unix/macOS, rename(2) atomically replaces the destination file.
    The previous code ran unlinkSync before renameSync on all platforms,
    creating an unnecessary non-atomic window where a crash could lose
    data. Now the delete-before-rename is gated behind process.platform
    === 'win32', where rename cannot overwrite an existing file.
  • fix: correct box() off-by-one width calculation in skill-create-output
    The box() helper produced lines that were width+1 characters instead of
    the requested width. Adjusted all three formulas (top border, middle
    content, bottom border) by -1 each. Added 4 tests verifying box width
    accuracy across instincts(), analysisResults(), and nextSteps() output.
  • fix: header subtitle width mismatch in skill-create-output; add 9 tests (Round 34)
    - Fix subtitle padding 55→59 so line 94 matches 64-char border width
    - Add 4 header width alignment tests (skill-create-output)
    - Add 3 getExecCommand non-string args tests (package-manager)
    - Add 2 detectFromPackageJson non-string type tests (package-manager)
  • test: add 10 tests for birthtime fallback, stdin error, alias rollback (Round 33)
    Cover createdTime/birthtime fallback in session-manager, readStdinJson
    error event settled-flag guard in utils, renameAlias rollback on naming
    conflict in session-aliases, and saveAliases backup preservation on
    serialization failure. Total: 713 tests.
  • test: add 17 tests for validators, hooks, and edge cases (Round 32)
    Coverage improvements:
    - validate-agents: empty frontmatter block, no-content frontmatter,
      partial frontmatter, mixed valid/invalid agents
    - validate-rules: directory with .md name (stat.isFile check),
      deeply nested subdirectory rules
    - validate-commands: 3-agent workflow chain, broken middle agent
    - post-edit-typecheck: spaces in paths, shell metacharacters, .tsx
    - check-console-log: git failure passthrough, large stdin
    - post-edit-console-warn: console.error only, null tool_input
    - session-end: empty transcript, whitespace-only transcript
    
    Total tests: 686 → 703
  • fix: reject flags passed as package manager names in setup-package-manager CLI
    When --global or --project was followed by another flag (e.g., --global --project),
    the flag was treated as a package manager name. Added pmName.startsWith('-') check
    to both handlers. Added 20 tests across 4 test files covering argument validation,
    ensureDir error propagation, runCommand stderr handling, and saveAliases failure paths.
  • fix: use local-time Date constructor in session-manager to prevent timezone day shift
    new Date('YYYY-MM-DD') creates UTC midnight, which in negative UTC offset
    timezones (e.g., Hawaii) causes getDate() to return the previous day.
    Replaced with new Date(year, month - 1, day) for correct local-time behavior.
    
    Added 15 tests: session-manager datetime verification and edge cases (7),
    package-manager getCommandPattern special characters (4), and
    validators model/skill-reference validation (4). Tests: 651 → 666.
  • fix: add cwd to prettier hook, consistent process.exit(0), and stdout pass-through
    - post-edit-format.js: add cwd based on file directory so npx resolves
      correct local prettier binary
    - post-edit-typecheck.js, post-edit-format.js: replace console.log(data)
      with process.stdout.write(data) to avoid trailing newline corruption
    - Add process.exit(0) to 4 hooks for consistent termination
      (check-console-log, post-edit-console-warn, post-edit-format,
      post-edit-typecheck)
    - run-all.js: switch from execSync to spawnSync so stderr is visible
      on the success path (hook warnings were silently discarded)
    - Add 21 tests: cwd verification, process.exit(0) checks, exact
      stdout pass-through, extension edge cases, exclusion pattern
      matching, threshold boundary values (630 → 651)
  • test: add 22 tests for readStdinJson, evaluate-session config, and suggest-compact hook
    - utils.test.js: 5 tests for readStdinJson maxSize truncation, whitespace-only stdin, trailing whitespace, and BOM prefix handling
    - evaluate-session.test.js: 4 tests for config file parsing, assistant-only transcripts, malformed JSON lines, and empty stdin
    - suggest-compact.test.js: 13 new tests covering counter file creation/increment, threshold suggestion, interval suggestion, env var handling, corrupted/empty counter files, and session isolation
  • test: add 15 tests for session-manager and session-aliases edge cases
    Cover 30-day month validation (Sep/Nov 31 rejection), getSessionStats
    path heuristic with multiline content, combined date+search+pagination
    in getAllSessions, ambiguous prefix matching in getSessionById, unclosed
    code fence in parseSessionMetadata, empty checklist item behavior,
    reserved name case sensitivity (LIST/Help/Set), negative limit in
    listAliases, and undefined title in setAlias.
  • fix: exact byte pass-through in post-edit-console-warn, add 7 tests
    Replace console.log(data) with process.stdout.write(data) in both
    pass-through paths to prevent appending a trailing newline that
    corrupts the hook output. Add 7 tests covering exact byte fidelity,
    malformed JSON, missing file_path, non-existent files, exclusion
    patterns in check-console-log, non-git repo handling, and empty stdin.
  • fix: consistent periodic interval spacing in suggest-compact, add 10 tests
    - suggest-compact.js: count % 25 → (count - threshold) % 25 for consistent
      spacing regardless of threshold value
    - Update existing periodic interval test to match corrected behavior
    - 10 new tests: interval fix regression (non-25-divisible threshold, false
      suggestion prevention), corrupted counter file, 1M boundary, malformed
      JSON pass-through, non-TS extension pass-through, empty sessions dir,
      blank template skip
  • fix: nullish coalescing in evaluate-session config, narrow pre-compact glob, add 11 tests
    - evaluate-session.js: || 10 → ?? 10 for min_session_length (0 is valid)
    - pre-compact.js: *.tmp → *-session.tmp to match only session files
    - 11 new tests: config loading (min=0, null, custom path, invalid JSON),
      session-end update path (timestamp, template replace, preserve content),
      pre-compact glob specificity, extractSessionSummary edge cases
  • fix: reject empty/invalid array commands in hooks validator, add 19 tests
    validate-hooks.js: Empty arrays [] and arrays with non-string elements
    (e.g., [123, null]) passed command validation due to JS truthiness of
    empty arrays (![] === false). Added explicit length and element type
    checks.
    
    19 new tests covering: non-array event type values, null/string matcher
    entries, string/number top-level data, empty string/array commands,
    non-string array elements, non-string type field, non-number timeout,
    timeout boundary (0), unwrapped hooks format, legacy format error paths,
    empty agent directory, whitespace-only command files, valid skill refs,
    mixed valid/invalid rules and skills.
  • fix: sanitize getExecCommand args, escape regex in getCommandPattern, clean up readStdinJson timeout, add 10 tests
    Validate args parameter in getExecCommand() against SAFE_ARGS_REGEX to
    prevent command injection when returned string is passed to a shell.
    Escape regex metacharacters in getCommandPattern() generic action branch
    to prevent malformed patterns and unintended matching. Clean up stdin
    listeners in readStdinJson() timeout path to prevent process hanging.
  • fix: eliminate command injection in hooks, fix pass-through newline corruption, add 8 tests
    Replace shell: true with npx.cmd on Windows in post-edit-format.js and
    post-edit-typecheck.js to prevent command injection via crafted file paths.
    Replace console.log(data) with process.stdout.write(data) in
    check-console-log.js to avoid appending extra newlines to pass-through data.
  • fix: clamp getAllSessions pagination params, add cleanupAliases success field, add 10 tests
    - session-manager: clamp offset/limit to safe non-negative integers to
      prevent negative offset counting from end and NaN returning empty results
    - session-aliases: add success field to cleanupAliases return value for
      API contract consistency with setAlias/deleteAlias/renameAlias
  • fix: reject whitespace-only command/field values in CI validators, add 10 tests
    validate-hooks.js: whitespace-only command strings now fail validation
    validate-agents.js: whitespace-only model/tools values now fail validation
  • fix: clamp progressBar to prevent RangeError on overflow, add 10 tests
    progressBar() in skill-create-output.js could crash with RangeError when
    percent > 100 because repeat() received a negative count. Fixed by
    clamping filled to [0, width].
    
    New tests:
    - progressBar edge cases: 0%, 100%, and >100% confidence
    - Empty patterns/instincts arrays
    - post-edit-format: null tool_input, missing file_path, prettier failure
    - setup-package-manager: --detect output completeness, current marker
  • fix: clamp suggest-compact counter overflow, add 9 boundary tests
    Counter file could contain huge values (e.g. 999999999999) that pass
    Number.isFinite() but cause unbounded growth. Added range clamp to
    reject values outside [1, 1000000].
    
    New tests cover:
    - Counter overflow reset (huge number, negative number)
    - COMPACT_THRESHOLD zero fallback
    - session-end empty sections (no tools/files omits headers)
    - session-end slice boundaries (10 messages, 20 tools, 30 files)
    - post-edit-console-warn 5-match limit
    - post-edit-console-warn ignores console.warn/error/debug
  • fix: greedy regex in validate-commands captures all refs per line, add 18 tests
    The command cross-reference regex /^.*`\/(...)`.*$/gm only captured the
    LAST command ref per line due to greedy .* consuming earlier refs.
    Replaced with line-by-line processing using non-anchored regex to
    capture ALL command references.
    
    New tests:
    - 4 validate-commands multi-ref-per-line tests (regression)
    - 8 evaluate-session threshold boundary tests (new file)
    - 6 session-aliases edge case tests (cleanup, rename, path matching)
  • fix: calendar-accurate date validation in parseSessionFilename, add 22 tests
    - Fix parseSessionFilename to reject impossible dates (Feb 31, Apr 31,
      Feb 29 non-leap) using Date constructor month/day roundtrip check
    - Add 6 session-manager tests for calendar date validation edge cases
    - Add 3 session-manager tests for code blocks/special chars in getSessionStats
    - Add 10 package-manager tests for PM-specific command formats (getRunCommand
      and getExecCommand for pnpm, yarn, bun, npm)
    - Add 3 integration tests for session-end transcript parsing (mixed JSONL
      formats, malformed lines, nested user messages)
  • test: add 7 package-manager priority and source detection tests
    - Test valid project-config detection (.claude/package-manager.json)
    - Test priority order: project-config > package.json > lock-file
    - Test package.json > lock-file priority
    - Test default fallback to npm
    - Test setPreferredPackageManager success case
    - Test getCommandPattern for test and build actions
  • fix: box alignment in test runner, update metadata counts, add 18 tests
    - Fix run-all.js box alignment (hardcoded spaces 1 char short, now using dynamic padEnd)
    - Update .opencode/index.ts metadata (12→13 agents, 24→31 commands, 16→37 skills)
    - Add commandExists edge case tests (empty, spaces, path separators, metacharacters)
    - Add findFiles edge case tests (? wildcard, mtime sorting, maxAge filtering)
    - Add ensureDir race condition and return value tests
    - Add runCommand output trimming and failure tests
    - Add pre-compact session annotation and compaction log timestamp tests
    - Add check-console-log invalid JSON handling test
    - Add replaceInFile capture group test
    - Add readStdinJson Promise type check
  • fix: typecheck hook false positives, add 11 session-manager tests
    - Fix post-edit-typecheck.js error filtering: use relative/absolute path
      matching instead of basename, preventing false positives when multiple
      files share the same name (e.g., src/utils.ts vs tests/utils.ts)
    - Add writeSessionContent tests (create, overwrite, invalid path)
    - Add appendSessionContent test (append to existing file)
    - Add deleteSession tests (delete existing, non-existent)
    - Add sessionExists tests (file, non-existent, directory)
    - Add getSessionStats empty content edge case
    - Add post-edit-typecheck stdout passthrough test
    - Total: 391 → 402 tests, all passing
  • fix: grepFile global regex lastIndex bug, add 12 tests
    Fix grepFile() silently skipping matches when called with /g flag regex.
    The global flag makes .test() stateful, causing alternating match/miss
    on consecutive matching lines. Strip g flag since per-line testing
    doesn't need global state.
    
    Add first-ever tests for evaluate-session.js (5 tests: short session,
    long session, missing transcript, malformed stdin, env var fallback)
    and suggest-compact.js (5 tests: counter increment, threshold trigger,
    periodic suggestions, below-threshold silence, invalid threshold).
  • test: add tsconfig depth limit and cleanupAliases exception tests
    - post-edit-typecheck: verify 25-level-deep directory completes without
      hanging (tests the max depth=20 walk-up guard)
    - cleanupAliases: document behavior when sessionExists callback throws
      (propagates to caller, which is acceptable)
  • test: add coverage for Claude Code JSONL format and assistant tool blocks
    Tests the new transcript parsing from PR #215:
    - entry.message.content format (string and array content)
    - tool_use blocks nested in assistant message content arrays
    - Verifies file paths and tool names extracted from both formats
  • fix: add missing validation in renameAlias, add 6 tests
    renameAlias was missing length (>128), reserved name, and empty string
    validation that setAlias enforced. This inconsistency allowed renaming
    aliases to reserved names like 'list' or 'delete'.
    
    Also adds tests for:
    - renameAlias empty string, reserved name, and length limit
    - validate-skills whitespace-only SKILL.md rejection
    - validate-rules whitespace-only file and recursive subdirectory scan
  • fix: use valid model name in colon-in-values frontmatter test
    The test was using 'claude-sonnet-4-5-20250929' which isn't in VALID_MODELS
    (haiku/sonnet/opus). Use 'sonnet' with a description field containing
    colons to properly test colon handling in frontmatter values.
  • fix: add input validation, date range checks, and security hardening
    - validate-agents.js: reject invalid model names in agent frontmatter
    - package-manager.js: validate script/binary names against shell injection
    - session-manager.js: reject impossible month/day values in filenames
    - utils.js: support options.all for replaceInFile string patterns
    - strategic-compact/SKILL.md: fix hook matcher syntax and script reference
    - install.sh: warn when overwriting existing rule customizations
    - Add 24 new tests covering all validation and edge cases
  • test: add 6 tests for command validation and session content verification
    - validate-commands: creates: line skipping, valid cross-refs, unclosed
      code blocks, valid workflow diagrams
    - session-end: backtick escaping in session files, tools/files in output
  • fix: use execFileSync with input option for Windows-compatible stdin tests
    Windows cmd.exe treats single quotes literally, so `echo '...' | node -e '...'`
    fails. Switched to execFileSync with the `input` option to pipe stdin data
    directly without shell quoting issues.
  • test: add regression tests for empty frontmatter field rejection
    Add 2 tests verifying validate-agents correctly rejects agents with
    empty model and empty tools values in YAML frontmatter.
  • fix: box() off-by-one alignment, add 5 tests for readStdinJson and box alignment
    - skill-create-output.js: fix top border being 1 char narrower than
      middle/bottom lines (width - title - 5 → width - title - 4)
    - Add box alignment regression test verifying all lines have equal width
    - Add 4 readStdinJson tests via subprocess (valid JSON, invalid JSON,
      empty stdin, nested objects) — last untested exported utility function
    - All 338 tests passing
  • fix: remove unused imports in test files (ESLint)
    - validators.test.js: remove unused execSync (only execFileSync used)
    - skill-create-output.test.js: remove unused path module
  • fix: add word boundary to dev server hook regex, fix box() crash, add 27 tests
    - hooks.json: add \b word boundary anchors to dev server blocking regex
      to prevent false positives matching "npm run develop", "npm run devtools" etc.
    - skill-create-output.js: guard box() horizontal repeat with Math.max(0, ...)
      to prevent RangeError when title exceeds container width
    - Add 13 tests for setup-package-manager.js CLI argument parsing
    - Add 14 tests for skill-create-output.js SkillCreateOutput class
    - All 333 tests passing
  • fix: set USERPROFILE in tests for Windows os.homedir() compatibility
    On Windows, os.homedir() uses USERPROFILE env var instead of HOME.
    Tests that override HOME to a temp dir must also set USERPROFILE for
    the session-manager, session-aliases, and session-start hook tests
    to find files in the correct directory.
  • fix: capture stderr in typecheck hook, add 13 tests for session-end and utils
    - post-edit-typecheck.js: capture both stdout and stderr from tsc
    - hooks.test.js: 7 extractSessionSummary tests (JSONL parsing, array content,
      malformed lines, empty transcript, long message truncation, env var fallback)
    - utils.test.js: 6 tests (replaceInFile g-flag behavior, string replace,
      capture groups, writeFile overwrite, unicode content)
    
    Total test count: 294 → 307
  • test: add 33 edge case tests for session-manager, session-aliases, and hooks
    - session-manager: CRLF handling, empty sections, multi-heading title, context
      extraction, notes/context detection, MB file size, uppercase ID rejection
    - session-aliases: missing timestamps sort, title search, createdAt preservation,
      whitespace-only path rejection, empty string title behavior
    - hooks: session-start isolated HOME, template vs real session injection,
      learned skills count, check-console-log passthrough
    
    Total test count: 261 → 294
  • test: add cross-reference validation tests for validate-commands
    - Add runValidatorWithDirs() helper for multi-constant overrides
    - Test broken command references (e.g., /nonexistent-cmd)
    - Test broken agent path references (e.g., agents/fake-agent.md)
    - Test fenced code block exclusion (refs inside ``` are skipped)
    - Test broken workflow agent references (e.g., planner -> ghost-agent)
    - Total tests: 261 → 287 (+26)
  • fix: broken cross-references, version sync, and enhanced command validator
    - Fix /build-and-fix → /build-fix in tdd.md, plan.md (+ cursor, zh-CN)
    - Fix non-existent explorer agent → planner in orchestrate.md (+ cursor, zh-CN, zh-TW)
    - Fix /python-test → /tdd in python-review.md (+ cursor, zh-CN)
    - Sync package.json version from 1.0.0 to 1.4.1 to match plugin.json
    - Enhance validate-commands.js with cross-reference checking:
      command refs, agent path refs, skill dir refs, workflow diagrams
    - Strip fenced code blocks before scanning to avoid false positives
    - Skip hypothetical "Creates:" lines in evolve.md examples
    - Add 46 new tests (suggest-compact, session-manager, utils, hooks)
  • fix: 3 bugs fixed, stdin encoding hardened, 37 CI validator tests added
    Bug fixes:
    - utils.js: glob-to-regex conversion now escapes all regex special chars
      (+, ^, $, |, (), {}, [], \) before converting * and ? wildcards
    - validate-hooks.js: escape sequence processing order corrected —
      \\\\ now processed before \\n and \\t to prevent double-processing
    - 6 hooks: added process.stdin.setEncoding('utf8') to prevent
      multi-byte UTF-8 character corruption at chunk boundaries
      (check-console-log, post-edit-format, post-edit-typecheck,
      post-edit-console-warn, session-end, evaluate-session)
    
    New tests (37):
    - CI validator test suite (tests/ci/validators.test.js):
      - validate-agents: 9 tests (real project, frontmatter parsing,
        BOM/CRLF, colons in values, missing fields, non-md skip)
      - validate-hooks: 13 tests (real project, invalid JSON, invalid
        event types, missing fields, async/timeout validation, inline JS
        syntax, array commands, legacy format)
      - validate-skills: 6 tests (real project, missing SKILL.md, empty
        files, non-directory entries)
      - validate-commands: 5 tests (real project, empty files, non-md skip)
      - validate-rules: 4 tests (real project, empty files)
    
    Total test count: 228 (up from 191)
  • fix: 2 bugs fixed, 17 tests added for hook scripts
    Bug fixes:
    - evaluate-session.js: whitespace-tolerant regex for counting user
      messages in JSONL transcripts (/"type":"user"/ → /"type"\s*:\s*"user"/)
    - session-end.js: guard against null elements in content arrays
      (c.text → (c && c.text) to prevent TypeError)
    
    New tests (17):
    - evaluate-session: whitespace JSON regression test
    - session-end: null content array elements regression test
    - post-edit-console-warn: 5 tests (warn, skip non-JS, clean files,
      missing file, stdout passthrough)
    - post-edit-format: 3 tests (empty stdin, non-JS skip, invalid JSON)
    - post-edit-typecheck: 4 tests (empty stdin, non-TS skip, missing file,
      no tsconfig)
    
    Total test count: 191 (up from 164)
  • test: add 13 tests for package-manager.js untested functions
    - setProjectPackageManager: creates config, rejects unknown PM
    - setPreferredPackageManager: rejects unknown PM
    - detectFromPackageJson: invalid JSON, unknown PM name
    - getExecCommand: without args
    - getRunCommand: build, dev, and custom scripts
    - DETECTION_PRIORITY: order verification
    - getCommandPattern: install and custom action patterns
    
    Total tests: 164 → 177
  • fix: add async/timeout to hooks schema and validate in CI
    - hooks.schema.json: add async (boolean) and timeout (number) properties
      to hookItem definition, matching fields used in hooks.json
    - validate-hooks.js: validate async and timeout types when present
    - hooks.test.js: add SessionEnd to required event types check
  • fix: 6 bugs fixed, 67 tests added for session-manager and session-aliases
    Bug fixes:
    - utils.js: prevent duplicate 'g' flag in countInFile regex construction
    - validate-agents.js: handle CRLF line endings in frontmatter parsing
    - validate-hooks.js: handle \t and \\ escape sequences in inline JS validation
    - session-aliases.js: prevent NaN in date sort when timestamps are missing
    - session-aliases.js: persist rollback on rename failure instead of silent loss
    - session-manager.js: require absolute paths in getSessionStats to prevent
      content strings ending with .tmp from being treated as file paths
    
    New tests (164 total, up from 97):
    - session-manager.test.js: 27 tests covering parseSessionFilename,
      parseSessionMetadata, getSessionStats, CRUD operations, getSessionSize,
      getSessionTitle, edge cases (null input, non-existent files, directories)
    - session-aliases.test.js: 40 tests covering loadAliases (corrupted JSON,
      invalid structure), setAlias (validation, reserved names), resolveAlias,
      listAliases (sort, search, limit), deleteAlias, renameAlias, updateAliasTitle,
      resolveSessionAlias, getAliasesForSession, cleanupAliases, atomic write
    
    Also includes hook-generated improvements:
    - utils.d.ts: document that readStdinJson never rejects
    - session-aliases.d.ts: fix updateAliasTitle type to accept null
    - package-manager.js: add try-catch to setProjectPackageManager writeFile
  • fix: handle Windows EOF error in large-input hook test
    Windows pipes raise EOF instead of EPIPE when the child process
    exits before stdin finishes flushing. Added EOF to the ignored
    error codes in runHookWithInput.