Skip to content

fix: consolidate shellEscape to canonical lib/shell.ts#126

Open
TerminalGravity wants to merge 5 commits intomainfrom
fix/consistent-shell-escape
Open

fix: consolidate shellEscape to canonical lib/shell.ts#126
TerminalGravity wants to merge 5 commits intomainfrom
fix/consistent-shell-escape

Conversation

@TerminalGravity
Copy link
Collaborator

@TerminalGravity TerminalGravity commented Mar 5, 2026

Problem

Two tool files had their own local shellEscape implementations instead of using the canonical one from lib/shell.ts:

  • enrich-agent-task.ts — stripped non-alphanumeric chars (weak, could mangle legitimate paths with spaces)
  • scope-work.ts — duplicated single-quote escaping logic

This inconsistency is a latent bug: the stripping approach silently corrupts paths containing spaces or special characters.

Fix

  • Import shellEscape from ../lib/shell.js in both files
  • Renamed the old strip-based function to sanitizePattern() in enrich-agent-task.ts (still used for grep pattern safety, distinct from path quoting)
  • Switched grep arguments from string interpolation inside quotes to proper shellEscape() calls
  • Removed duplicate shellEscape definition from scope-work.ts

Build clean, all 43 tests pass.

Closes #110

@TerminalGravity
docs: add TROUBLESHOOTING.md for common setup and runtime issues
44fb936 
Covers LanceDB native binary failures, CLAUDE_PROJECT_DIR config,
vector search not returning results, MCP handshake debugging,
and performance tips. Links from README nav bar.
@TerminalGravity
add .preflight/ example configs with annotated YAML and setup guide
02dd646 
- examples/.preflight/config.yml: profile, related projects, thresholds, embeddings
- examples/.preflight/triage.yml: strictness, always_check/skip/cross-service keywords
- examples/.preflight/README.md: setup instructions and env var fallback reference
- README.md: link to examples from Configuration Reference section
@TerminalGravity
docs: add concrete usage examples for key tools in README
814b247
@TerminalGravity
fix: add shell() helper and fix shell syntax in run() calls across 12…
b0c30ea 
… tool files

Adds src/lib/shell.ts with shell() (uses execSync with shell) and
shellEscape() for safe interpolation. Migrates all tool files that
were passing shell syntax (pipes, redirects, ||, &&) to run()
(which uses execFileSync without shell) to use shell() instead.

Simple git commands converted to array args where possible.

Fixes #110
@TerminalGravity
fix: use canonical shellEscape from lib/shell.ts in enrich-agent-task…
c7297f9 
… and scope-work

- enrich-agent-task.ts had a weak shellEscape that stripped chars instead of
  quoting, which could mangle paths with spaces. Now uses shellEscape() from
  lib/shell.ts for proper single-quote wrapping, and a separate
  sanitizePattern() for grep pattern sanitization.
- scope-work.ts had a duplicate shellEscape definition. Replaced with import
  from lib/shell.ts for consistency.
- Also switched from string interpolation inside quotes to shellEscape() calls
  for grep arguments, preventing potential injection if sanitization is bypassed.

Closes #110 (all files now use shell() or proper escaping).
TerminalGravity
TerminalGravity commented Mar 6, 2026
View reviewed changes
Copy link
Collaborator Author

@TerminalGravity TerminalGravity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the right direction — single canonical shell escape in lib/shell.ts. However, there are now 5 open PRs all addressing shell syntax (#119, #120, #123, #124, #125, #126). Recommend:

  1. Pick this one (#126) as the canonical fix since it consolidates properly
  2. Close #119, #123, #124, #125 as superseded
  3. Make sure #120's specific file fixes are captured here

Otherwise we'll end up with merge conflicts across all of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Widespread shell syntax in run() calls after execFileSync migration

1 participant

@TerminalGravity