mirror of
https://github.com/glittercowboy/get-shit-done
synced 2026-04-25 17:25:23 +02:00
7b07dde150
* feat(2155): add list/status/resume subcommands and security hardening to /gsd-quick - Add SUBCMD routing (list/status/resume/run) before quick workflow delegation - LIST subcommand scans .planning/quick/ dirs, reads SUMMARY.md frontmatter status - STATUS subcommand shows plan description and current status for a slug - RESUME subcommand finds task by slug, prints context, then resumes quick workflow - Slug sanitization: only [a-z0-9-], max 60 chars, reject ".." and "/" - Directory name sanitization for display (strip non-printable + ANSI sequences) - Add security_notes section documenting all input handling guarantees * feat(2156): formalize thread status frontmatter, add list/close/status subcommands, remove heredoc injection risk - Replace heredoc (cat << 'EOF') with Write tool instruction — eliminates shell injection risk - Thread template now uses YAML frontmatter (slug, title, status, created, updated fields) - Add subcommand routing: list / list --open / list --resolved / close <slug> / status <slug> - LIST mode reads status from frontmatter, falls back to ## Status heading - CLOSE mode updates frontmatter status to resolved via frontmatter set, then commits - STATUS mode displays thread summary (title, status, goal, next steps) without spawning - RESUME mode updates status from open → in_progress via frontmatter set - Slug sanitization for close/status: only [a-z0-9-], max 60 chars, reject ".." and "/" - Add security_notes section documenting all input handling guarantees * test(2155,2156): add quick and thread session management tests - quick-session-management.test.cjs: verifies list/status/resume routing, slug sanitization, directory sanitization, frontmatter get usage, security_notes - thread-session-management.test.cjs: verifies list filters (--open/--resolved), close/status subcommands, no heredoc, frontmatter fields, Write tool usage, slug sanitization, security_notes
106 lines
3.0 KiB
JavaScript
106 lines
3.0 KiB
JavaScript
'use strict';
|
|
|
|
const { describe, test } = require('node:test');
|
|
const assert = require('node:assert/strict');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
|
|
describe('thread session management (#2156)', () => {
|
|
const threadCmd = fs.readFileSync(
|
|
path.join(__dirname, '..', 'commands', 'gsd', 'thread.md'),
|
|
'utf8'
|
|
);
|
|
|
|
test('thread command has list subcommand with status filter', () => {
|
|
assert.ok(
|
|
threadCmd.includes('list --open') || threadCmd.includes('LIST-OPEN'),
|
|
'missing list --open filter'
|
|
);
|
|
});
|
|
|
|
test('thread command has close subcommand', () => {
|
|
assert.ok(
|
|
threadCmd.includes('CLOSE') || threadCmd.includes('close <slug>'),
|
|
'missing close subcommand'
|
|
);
|
|
});
|
|
|
|
test('thread command has status subcommand', () => {
|
|
assert.ok(
|
|
threadCmd.includes('STATUS') || threadCmd.includes('status <slug>'),
|
|
'missing status subcommand'
|
|
);
|
|
});
|
|
|
|
test('thread command does not use heredoc', () => {
|
|
assert.ok(
|
|
!threadCmd.includes("<< 'EOF'") && !threadCmd.includes('<< EOF'),
|
|
'thread command still uses heredoc — injection risk'
|
|
);
|
|
});
|
|
|
|
test('thread template includes frontmatter status field', () => {
|
|
assert.ok(
|
|
threadCmd.includes('status: open') || threadCmd.includes('status:'),
|
|
'thread template missing frontmatter status field'
|
|
);
|
|
});
|
|
|
|
test('thread command has security_notes section', () => {
|
|
assert.ok(threadCmd.includes('security_notes'), 'missing security_notes section');
|
|
});
|
|
|
|
test('thread command has slug sanitization', () => {
|
|
assert.ok(
|
|
threadCmd.includes('sanitiz') || threadCmd.includes('[a-z0-9'),
|
|
'missing slug sanitization'
|
|
);
|
|
});
|
|
|
|
test('thread command uses Write tool for file creation', () => {
|
|
assert.ok(
|
|
threadCmd.includes('Write tool'),
|
|
'thread create mode should use the Write tool instead of heredoc'
|
|
);
|
|
});
|
|
|
|
test('thread command list reads frontmatter status', () => {
|
|
assert.ok(
|
|
threadCmd.includes('frontmatter get'),
|
|
'list mode should read status via frontmatter get'
|
|
);
|
|
});
|
|
|
|
test('thread command close updates status to resolved', () => {
|
|
assert.ok(
|
|
threadCmd.includes('resolved'),
|
|
'close mode should set status to resolved'
|
|
);
|
|
});
|
|
|
|
test('thread command list shows resolved filter option', () => {
|
|
assert.ok(
|
|
threadCmd.includes('list --resolved') || threadCmd.includes('LIST-RESOLVED'),
|
|
'missing list --resolved filter'
|
|
);
|
|
});
|
|
|
|
test('thread command rejects slugs with path traversal', () => {
|
|
assert.ok(
|
|
threadCmd.includes('..') && threadCmd.includes('reject'),
|
|
'missing path traversal rejection for slugs'
|
|
);
|
|
});
|
|
|
|
test('thread create uses frontmatter with slug title status created updated fields', () => {
|
|
assert.ok(
|
|
threadCmd.includes('slug:') &&
|
|
threadCmd.includes('title:') &&
|
|
threadCmd.includes('status:') &&
|
|
threadCmd.includes('created:') &&
|
|
threadCmd.includes('updated:'),
|
|
'thread template missing required frontmatter fields'
|
|
);
|
|
});
|
|
});
|