mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-22 04:38:24 +08:00
7ca04d8ef0
* fix(gstack-paths): guard CLAUDE_PLUGIN_DATA against cross-plugin contamination (#1569) gstack-paths previously trusted CLAUDE_PLUGIN_DATA as a fallback for GSTACK_STATE_ROOT whenever GSTACK_HOME was unset. When another plugin (e.g. Codex) persists its own CLAUDE_PLUGIN_DATA into the session env via CLAUDE_ENV_FILE, gstack picked it up and wrote checkpoints, analytics, and learnings into that plugin's directory. Anyone with the Codex plugin installed alongside gstack hit this silently. Fix: guard the CLAUDE_PLUGIN_DATA branch so it only fires when CLAUDE_PLUGIN_ROOT confirms we're running as the gstack plugin (path contains "gstack"). Skill installs fall through to \$HOME/.gstack. Contributed by @ElliotDrel via #1570. Closes #1569. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(gbrain-sync): sourceLocalPath handles wrapped {sources:[...]} shape from gbrain v0.20+ gbrain v0.20+ changed `gbrain sources list --json` to return {sources: [...]} instead of a flat array. sourceLocalPath crashed upstream with `list.find is not a function` on every /sync-gbrain invocation against modern gbrain. Accept both shapes for forward/backward compat, matching probeSource/sourcePageCount in lib/gbrain-sources.ts. Contributed by @jakehann11 via #1571. Closes #1567. Supersedes #1564 (@tonyjzhou, same fix, different shape — credit retained). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(brain-context-load): probe gbrain via execFile, not shell builtin (#1559) gbrainAvailable() used `execFileSync("command", ["-v", "gbrain"])`, which fails in any environment where the `command` builtin isn't on the spawned process's PATH (most non-interactive shells). The probe then reported gbrain as missing even when it was installed, and context-load silently skipped vector/list queries. Fix: probe `gbrain --version` directly with a 500ms timeout (matching the rest of the file's MCP_TIMEOUT_MS). Same semantics, works everywhere execFile works. Contributed by @jbetala7 via #1560. Closes #1559. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(gbrain-doctor): pin schema_version:2 doctor parse path (#1418) Adds an exec-path regression test that runs a fake gbrain shim emitting the v0.25+ doctor JSON shape (schema_version: 2, status: "warnings", exit 1 for health_score < 100, no top-level `engine` field). Confirms freshDetectEngineTier recovers stdout from the non-zero exit and falls back to GBRAIN_HOME/config.json for the engine label. The pre-existing test for #1415 only stripped gbrain from PATH; this test exercises the actual doctor parse path, closing the gap that codex's plan review flagged. Also documents the schema_version separation in lib/gbrain-local-status.ts: the local CacheEntry stays at version 1, distinct from the doctor-output schema_version which we accept across versions in gstack-memory-helpers. Closes #1418 (credit @mvanhorn for surfacing the doctor + schema_v2 collapse). The fix landed pre-emptively in v1.29.x; this commit pins it with a stronger test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(memory-ingest): pin put_page regression + scrub stale name from --help and comments (#1346) #1346 reported that gstack-memory-ingest still called the renamed gbrain put_page subcommand on gbrain v0.18+. The actual code migrated to `gbrain put` and later to batch `gbrain import <dir>` before this report landed — only documentation lag remained. This commit: - Updates the --help string ("Skip gbrain put calls (still updates state file)") so user-facing docs match the shipped subcommand - Updates two inline comments that still referenced the old name - Adds test/memory-ingest-no-put_page.test.ts: a regression pin that strips comments from bin/gstack-memory-ingest.ts and fails the build if "put_page" appears in any active code or string literal, plus a sanity check that the file still calls a supported gbrain page-write verb (put or import) Closes #1346. Reporter @kylma-code surfaced the doc lag; the original code migration credit is on the v1.27.x wave. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(resolvers): rewrite all gbrain put_page instructions to canonical put <slug> scripts/resolvers/gbrain.ts emitted user-facing copy-paste instructions using the renamed `gbrain put_page` subcommand across 10 skills (office-hours, investigate, plan-ceo-review, retro, plan-eng-review, ship, cso, design-consultation, fallback, entity-stub). Every gstack user copying those snippets hit "unknown command: put_page" on gbrain v0.18+. This commit: - Rewrites all 10 instruction templates to use `gbrain put <slug> --content "$(cat <<EOF...EOF)"` with title/tags moved into YAML frontmatter inside --content, matching the v0.18+ subcommand shape - Updates README.md and USING_GBRAIN_WITH_GSTACK.md "common commands" table to reference `gbrain put` and `gbrain get` - Adds test/resolvers-gbrain-put-rewrite.test.ts pinning two invariants: (a) resolver source ships only canonical instructions, (b) every tracked SKILL.md file is free of `gbrain put_page` CHANGELOG entries are deliberately left untouched (historical record). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(build): extract package.json build to scripts/build.sh for Windows Bun compat (#1538, #1537, #1530, #1457, #1561) Bun's Windows shell parser rejects multiple constructs the inline package.json build chain used: brace groups `{ cmd; }`, subshells with redirection `( git ... ) > path/.version`, and (in Bun 1.3.x) subshells near redirections in general. Every Windows install + every auto-upgrade since v1.34.2.0 has failed on `bun run build`. Extracts the build chain to scripts/build.sh and the .version writes to scripts/write-version-files.sh. POSIX-portable, no Bun shell parsing involved. Also adds Windows-specific bun.exe handling for non-ASCII PATHs (a separate Windows footgun where Bun's --compile fails when the binary lives under a path with non-ASCII chars). Updates test/build-script-shell-compat.test.ts to assert the new shape: no subshells with redirections anywhere in the build chain, and build delegates to scripts/build.sh which delegates .version writes. Contributed by @Charlie-El via #1544. Supersedes #1531 (@scarson, fixed in build helper), #1480 (@mikepsinn, partial overlap), #1460 (@realcarsonterry, brace-group fix subsumed) — credit retained. Closes #1538, #1537, #1530, #1457, #1561. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(windows): .exe glob in .gitignore + .exe extension resolution in find-browse (#1554) bun build --compile on Windows appends .exe to the output filename, producing browse.exe instead of browse. find-browse's existsSync probe only checked the bare path and returned null on Windows even when the binary was correctly built. .gitignore similarly only excluded the bare bin/gstack-global-discover path, leaving the .exe variant tracked. This commit: - .gitignore: changes `bin/gstack-global-discover` → `bin/gstack-global-discover*` so the Windows .exe variant is ignored - browse/src/find-browse.ts: adds isExecutable + findExecutable helpers that fall back to .exe/.cmd/.bat probing on Windows, mirroring the same helper already in make-pdf/src/browseClient.ts and pdftotext.ts Contributed by @Mike-E-Log via #1554. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci(windows): add fresh-install E2E gate that runs bun run build on windows-latest Adds .github/workflows/windows-setup-e2e.yml as the gate that catches Bun shell-parser regressions in the build chain before they reach users. Triggers on PRs touching package.json, scripts/build.sh, scripts/write-version-files.sh, setup, browse cli/find-browse, or gstack-paths. What it verifies: 1. bun run build completes on Windows (the previously-broken path that #1538/#1537/#1530/#1457/#1561 reported) 2. All compiled binaries land on disk (browse.exe, find-browse.exe, design.exe, gstack-global-discover.exe) 3. find-browse resolves to the .exe variant on Windows (regression gate for #1554) 4. gstack-paths returns non-empty GSTACK_STATE_ROOT/PLAN_ROOT/TMP_ROOT on Windows (regression gate for #1570) Complements the existing windows-free-tests.yml (curated unit subset); this new workflow exercises the install path itself. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(codex): move diff scope into prompt instead of --base (Codex CLI 0.130+ argv conflict) (#1209) Codex CLI ≥ 0.130.0 rejects passing a custom prompt and --base together (mutually exclusive at argv level). Every /codex review, /review, and /ship structured Codex review call ended with an argv error before the model ran. Fix: scope the diff in prompt text using "Run git diff origin/<base>...HEAD 2>/dev/null || git diff <base>...HEAD" instead of `--base <base>`. Preserves the filesystem boundary instruction across all invocations and keeps Codex's review prompt tuning. Touches: - codex/SKILL.md.tmpl + regenerated codex/SKILL.md - scripts/resolvers/review.ts + regenerated review/SKILL.md, ship/SKILL.md - test/gen-skill-docs.test.ts: new regression that fails if any of the five known files still contain the prompt+--base shape - test/skill-validation.test.ts: corresponding negative + positive pin on the rendered SKILL.md files Contributed by @jbetala7 via #1209. Closes #1479. Supersedes #1527 (@mvanhorn — same intent, different patch shape, CONFLICTING) and #1449 (@Gujiassh — broader refactor, CONFLICTING). Credit retained in CHANGELOG. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(review): diff from git merge-base, not git diff origin/<base> (#1492) git diff origin/<base> shows everything since the common ancestor in both directions — it includes commits that landed on origin/<base> after this branch was created as deletions. That made /review and /ship's pre-landing structured review report inflated diff totals and flagged "removed" code that was actually still present in the working tree. Fix: compute DIFF_BASE via git merge-base origin/<base> HEAD and diff the working tree against that point. Same coverage of uncommitted edits, no phantom deletions from out-of-order base advancement. Applies to /review's Step 1 (diff existence check), Step 3 (get the diff), the build-on-intent scope-creep check, the structured review DIFF_INS/DIFF_DEL stats, and the Claude adversarial subagent prompt. Same change flows into ship/SKILL.md via the shared resolver. Touches: - review/SKILL.md.tmpl + regenerated review/SKILL.md, ship/SKILL.md - scripts/resolvers/review.ts - scripts/resolvers/review-army.ts Contributed by @mvanhorn via #1492. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(codex): pin filesystem-boundary preservation across all codex review surfaces (#1503, #1522) #1503 reported that the bare codex review --base path stripped the filesystem boundary instruction, letting Codex spend tokens reading .claude/skills/ and agents/. #1522 proposed adding a skill-path detector that switched to the custom-instructions route when the diff touched skill files. After C10 (#1209) restructured codex review to always carry the boundary in the prompt (the prompt+--base argv conflict forced the restructure), the skill-path detector becomes redundant — every default call already preserves the boundary. This commit pins the post-#1209 invariant with a test that fails the build if any future refactor strips the boundary from codex/SKILL.md, review/SKILL.md, or ship/SKILL.md. Closes #1503 by regression test. #1522 (@genisis0x) is superseded by #1209 (the prompt rewrite covers its safety concern); credit retained in CHANGELOG. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(skills): use command -v instead of which for codex detection (#1197) `which` is not on PATH in every shell — some Windows shells, BusyBox- only containers, and minimal CI images all fail when skills probe codex availability via `which codex`. `command -v` is a POSIX builtin and always available where the skill is running. Touched: - codex/SKILL.md.tmpl: CODEX_BIN=$(command -v codex || echo "") - scripts/resolvers/review.ts and scripts/resolvers/design.ts: 3 + 3 sites each rewritten to `command -v codex >/dev/null 2>&1` - Regenerated all 10 affected SKILL.md files (codex, review, ship, design-consultation, design-review, office-hours, plan-ceo-review, plan-design-review, plan-devex-review, plan-eng-review) - test/skill-validation.test.ts: updated pin + defensive regression test that fails if `which codex` returns to codex/SKILL.md - test/skill-e2e-plan.test.ts: updated summary regex Contributed by @mvanhorn via #1197. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(codex): surface non-zero exits so wrappers stop reading as silent stalls (#1467, #1327) When codex exits non-zero (parse errors, arg-shape breaks, model API errors that propagate as non-zero status), the calling agent previously saw an empty output and burned 30-60 minutes misdiagnosing as a silent model/API stall. The hang-detection block only caught exit 124 (the timeout-wrapper signal). Adds elif blocks in all four codex invocation sites (Review default, Challenge, Consult new-session, Consult resume) that: - Echo "[codex exit N] <stderr first line>" to stdout - Indent the first 20 stderr lines for inline context - Log codex_nonzero_exit telemetry tagged with the call site Contributed by @genisis0x via #1467. Closes #1327. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(design): disclose OpenAI key source + warn on cwd .env match (#1278, closes #1248) The design binary previously called process.env.OPENAI_API_KEY without checking where the key came from. If a user ran $D inside someone else's project that had OPENAI_API_KEY in its .env, the resulting generation billed that project's account. Silent and irreversible. Fix: resolveApiKeyInfo() returns both the key and its source. When the env-var path matches an OPENAI_API_KEY entry in the current directory's .env, .env.<NODE_ENV>, or .env.local file, we set a warning. requireApiKey() prints "Using OpenAI key from <source>" plus the warning before the run — never the key itself. Adds 6 unit tests covering: config-vs-env precedence, env-only (no match), env+cwd .env match, quoted/exported values, value-mismatch (no false positive), and the no-leak invariant for requireApiKey stderr output. Contributed by @jbetala7 via #1278. Closes #1248. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(browse): guard full-page screenshots against Anthropic vision API >2000px brick (#1214) Full-page screenshots of tall pages routinely exceeded 2000px on the longest dimension, silently bricking the agent's session: the resulting base64 reached the Anthropic vision API which rejected the oversized image, leaving the agent burning turns on a useless blob with no stderr trace from the browse side. Adds browse/src/screenshot-size-guard.ts as a shared helper: - guardScreenshotBuffer(buf) → downscales in-memory if max(w,h) > 2000 - guardScreenshotPath(path) → file-mode variant that rewrites in place - Aspect ratio preserved via sharp's resize fit:inside - Stderr diagnostic on any downscale so callers can see when it fired - Lazy sharp import so non-screenshot paths pay no startup cost Wires the guard into all three full-page callsites codex review flagged: - browse/src/snapshot.ts: annotated + heatmap fullPage captures - browse/src/meta-commands.ts: screenshot command (path + base64 fullPage modes) plus the responsive 3-viewport sweep - browse/src/write-commands.ts: prettyscreenshot fullPage path Covers seven unit cases (pass-through, downscale, aspect ratio, exactly-2000px edge, file-mode rewrite) plus a static invariant test that fails the build if any of the three callsites stops importing the guard. Closes #1214. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(security): add Node sidecar entry for L4 prompt-injection classifier (#1370) The L4 TestSavant classifier in browse/src/security-classifier.ts can't be imported into the compiled browse server (onnxruntime-node dlopen fails from Bun's compile extract dir per CLAUDE.md). The agent that used to host it (sidebar-agent.ts) was removed when the PTY proved out — leaving the classifier file shipped but with zero callers. Exactly the gap codex flagged in #1370. Adds browse/src/security-sidecar-entry.ts: a Node script that runs the classifier as a subprocess of the browse server. It reads NDJSON requests from stdin and writes id-correlated NDJSON responses to stdout, supporting: - op: "scan-page-content" — full L4 classifier scan - op: "ping" — liveness probe for the client's health check - op: "status" — classifier readiness (used by /pty-inject-scan to surface l4 { available: bool } in its response) Plus browse/src/find-security-sidecar.ts: a resolver that locates node + the bundled JS entry (browse/dist/security-sidecar.js, built in a follow-up package.json change) or falls back to the dev TS entry. Returns null cleanly when node isn't on PATH so the calling endpoint can degrade per D7 (extension WARN + user confirm). C17 of the security-stack wave. C18 adds the IPC client + lifecycle management; C19 wires the endpoint; C20 routes the extension through it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(security): sidecar IPC client with lifecycle + circuit breaker (#1370) Adds browse/src/security-sidecar-client.ts to manage the Node L4 classifier subprocess from the compiled browse server: - Lazy spawn on first scan; reuses the same process across requests - Id-correlated request/response via NDJSON over stdio - 5s default per-scan timeout; 64KB payload cap (short-circuits before spawn so oversized requests don't waste a process) - 3-in-10-minutes respawn cap → trips circuit breaker; subsequent scans throw immediately so the /pty-inject-scan endpoint can surface l4 { available: false } to the extension and degrade to WARN+confirm - process.on('exit') sends SIGTERM to the child for clean teardown - isSidecarAvailable() lets the endpoint probe before scan calls so the response shape reflects degraded mode honestly Unit tests cover the payload cap, the availability probe, and the breaker-doesn't-crash invariant under repeated rejected calls. C18 of the security-stack wave. C19 adds POST /pty-inject-scan; C20 routes the extension through it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(security): add POST /pty-inject-scan endpoint for pre-PTY-inject scans (#1370) The sidebar's gstackInjectToTerminal callers (toolbar Cleanup, Inspector "Send to Code") were piping page-derived text directly into the live claude PTY with ZERO classifier processing — the gap codex flagged in #1370. The documented sidebar security stack had a hole the size of every Cleanup-button click. Adds POST /pty-inject-scan to browse/src/server.ts: - Local-only binding (NOT in TUNNEL_PATHS — tunnel attempts get the general 404 path; never reaches the scan logic) - Root-token auth via existing validateAuth() — 401 on unauth - 64KB request cap → 413 + payload-too-large body - 5s scan timeout via sidecar client - URL-blocklist forced to BLOCK in PTY context (page-derived REPL input is higher-risk than ordinary tool output) - L4 ML classifier via the sidecar when available; degrades to WARN per D7 when sidecar is unavailable - Response goes through JSON.stringify(..., sanitizeReplacer) per v1.38.0.0 Unicode-egress hardening - Imports only from security-sidecar-client.ts, never directly from security-classifier.ts (which would brick the compiled Bun binary) Seven static-invariant tests pin the POST verb, auth gate, 64KB cap, tunnel-listener exclusion, sanitizeReplacer wrapping, l4 availability shape, and the no-direct-classifier-import rule. C19 of the security-stack wave. C20 routes the extension through it; C21 adds the invariant AST check. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(extension): route gstackInjectToTerminal through /pty-inject-scan (#1370) Closes the documented-vs-shipped gap codex flagged in #1370. The sidebar's two PTY-injection call sites (Inspector "Send to Code" and toolbar Cleanup) now pre-scan via the new /pty-inject-scan endpoint before writing to the live claude REPL. Adds window.gstackScanForPTYInject(text, origin) to extension/sidepanel-terminal.js: - Async, returns { allow, verdict, reasons, l4 } - POST to /pty-inject-scan with the existing root-token auth - WARN+confirm on scan failure (network down, sidecar absent, etc.) rather than silent PASS — D7 honest-degradation gstackInjectToTerminal stays synchronous, returns boolean. Per D6: keeping the inject sync means existing `const ok = ...?.()` callers don't break, and the invariant test in test/extension-pty-inject-invariant.test.ts can statically pin that every call goes through the scan first. extension/sidepanel.js call sites updated: - inspectorSendBtn click → await scan, BLOCK drops + WARN prompts via window.confirm, PASS injects silently - runCleanup() → same flow. Static cleanup prompt always PASSes but still routes through scan to honor the invariant. C20 of the security-stack wave. C21 adds the static invariant test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(security): invariant — extension PTY inject must be scan-gated (#1370) Static-analysis invariant test that fails the build if any extension/*.js path calls window.gstackInjectToTerminal without a preceding window.gstackScanForPTYInject in the same enclosing function. Closes the documented-vs-shipped gap codex demanded a machine check on. Rules: - Rule 1: any file that calls inject must also reference scan - Rule 2: in the enclosing function (function declaration, arrow, async (), event handler), a scan call must appear before the inject call by source position - Exemption: sidepanel-terminal.js (the file that DEFINES the inject function) is exempt from Rule 2 since the definition is not a call Plus two structural checks: - sidepanel-terminal.js defines both the inject and scan functions - inject stays SYNCHRONOUS (no `async` modifier) per D6 — async would silently break the `const ok = ...?.()` pattern at every caller C21 of the security-stack wave. The sidecar architecture (#1370) is complete: server-side L1-L3 + L4-via-sidecar (C17+C18+C19), extension pre-scan wiring (C20), and now the regression gate (C21). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(browse): opt-in extended stealth mode with 6 detection-vector patches (#1112) Rebases @garrytan's PR #1112 (Apr 2026, abandoned) onto the current browse/src/stealth.ts contract. The existing minimal "codex narrowed" stealth (webdriver-mask + AutomationControlled launch arg) stays the default. PR #1112's six additional patches are added behind an opt-in GSTACK_STEALTH=extended env flag. Extended-mode patches (applied AFTER the default mask, in order): 1. delete navigator.webdriver from prototype (not just the getter — detectors check `"webdriver" in navigator`) 2. WebGL renderer spoof to Apple M1 Pro (SwiftShader was the #1 software-GPU tell in containers) 3. navigator.plugins returns a PluginArray-prototype-passing array with MimeType objects and namedItem() 4. window.chrome populated with chrome.app, chrome.runtime, chrome.loadTimes(), chrome.csi() with realistic shapes 5. navigator.mediaDevices backfilled when headless drops it 6. CDP cdc_*-prefixed window globals cleared Why opt-in: the default mode's contract is fingerprint CONSISTENCY, which protects against detectors that flag spoofing mismatch. Extended mode actively lies about the environment; sites that reflect on these properties can break. Users who hit detection in default mode can flip GSTACK_STEALTH=extended for SannySoft 100% pass-rate. Twenty unit tests pin the env-flag semantics, all six patches' code presence, and the applyStealth wiring order. Live SannySoft pass-rate verification stays in the periodic-tier E2E suite. Contributed by @garrytan via #1112 (rebased — original PR opened before the codex-narrowed minimum landed; rebase preserves the narrowed default while adding the SannySoft-passing path as opt-in). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(fixtures): regenerate ship-SKILL.md golden baselines after C10-C13 + C16 templates Updates the three ship-SKILL.md golden baselines (claude, codex, factory hosts) to match the new shape produced by: - C10 #1209 codex argv (prompt + diff scope, no --base) - C11 #1492 merge-base diff (DIFF_BASE= preamble) - C13 #1197 command -v for codex detection - C12 + boundary preservation per regen-enforcing test Per CLAUDE.md SKILL.md workflow: edit the .tmpl, run gen:skill-docs, commit the regenerated outputs together. Goldens are part of the regen contract — without this commit, test/host-config.test.ts' golden-baseline checks fail with the diff codex review surfaced. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): v1.41.0.0 — Daegu wave (24 bisect commits, 14 user-facing fixes) Bumps VERSION 1.40.0.0 → 1.41.0.0. CHANGELOG entry follows the release-summary format in CLAUDE.md: two-line headline, lead paragraph, "The numbers that matter" table, "What this means for builders" closer, then itemized Added/Changed/Fixed/For contributors with inline credit to every PR author and original issue reporter. Scale-aware bump per CLAUDE.md: 24 commits, ~6000 LOC net, substantial new capability across security (PTY sidecar wiring), install (Windows build chain), compat (gbrain 0.18-0.35, Codex CLI 0.130+), and quality (screenshot guard, design key disclosure, extended stealth opt-in). MINOR is the right call. Closes for users: #1567, #1559, #1569, #1346, #1418, #1538, #1537, #1530, #1457, #1561, #1554, #1479, #1503, #1248, #1214, #1370, #1327, #1193 pattern, #1152 pattern. Credit retained inline. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(find-browse): resolve source-checkout layout <git-root>/browse/dist/browse[.exe] windows-setup-e2e.yml runs `bun browse/src/find-browse.ts` against a freshly-built repo where binaries land at browse/dist/browse.exe (no .claude/skills/gstack/ install layout). The previous markers chain only matched .codex/.agents/.claude prefixed paths, so find-browse exited "not found" even when the binary was present. Adds a source-checkout fallback after the marker scan: if no installed layout resolves but <git-root>/browse/dist/browse[.exe] exists, return that. Three real callers hit this path: - gstack repo dev workflow before `./setup` runs - windows-setup-e2e.yml CI (the breakage that surfaced this) - make-pdf consumers running from a sibling source checkout Smoke-verified: a fresh git repo with browse/dist/browse on disk now resolves through the source-checkout branch (was returning null before this commit). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): bump v1.41.0.0 → v1.42.0.0 to clear queue collision with #1574 The version-gate workflow flagged a collision: PR #1574 (garrytan/colombo-v3) already claims v1.41.0.0, and #1592 (fix/audit-critical-high-bugs) claims v1.41.1.0. Per CLAUDE.md's workspace-aware ship rule, queue-advancing past a claimed version within the same bump level is permitted — MINOR work landing on top of a queued MINOR still reads as MINOR relative to main. Util's suggested next slot is v1.42.0.0; taking it. CHANGELOG entry header bumped + dated 2026-05-19; entry body unchanged (same wave content, same credit list). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
866 lines
38 KiB
TypeScript
866 lines
38 KiB
TypeScript
/**
|
|
* Unit tests for bin/gstack-gbrain-sync.ts (Lane B).
|
|
*
|
|
* Tests CLI surface (modes + flags + help). Stage internals (gbrain import,
|
|
* memory ingest, brain-sync push) shell out to external binaries and are
|
|
* exercised by Lane F E2E tests; here we verify orchestration + dry-run
|
|
* preview + state file lifecycle + flag composition.
|
|
*/
|
|
|
|
import { describe, it, expect, beforeEach, afterEach } from "bun:test";
|
|
import { mkdtempSync, writeFileSync, readFileSync, existsSync, rmSync, mkdirSync, chmodSync } from "fs";
|
|
import { tmpdir } from "os";
|
|
import { join } from "path";
|
|
import { spawnSync } from "child_process";
|
|
|
|
import {
|
|
derivePathOnlyHashLegacyId,
|
|
planHostnameFoldMigration,
|
|
sourceLocalPath,
|
|
_resetGbrainSupportsRenameCache,
|
|
} from "../bin/gstack-gbrain-sync";
|
|
|
|
const SCRIPT = join(import.meta.dir, "..", "bin", "gstack-gbrain-sync.ts");
|
|
|
|
function makeTestHome(): string {
|
|
return mkdtempSync(join(tmpdir(), "gstack-gbrain-sync-"));
|
|
}
|
|
|
|
function runScript(args: string[], env: Record<string, string> = {}): { stdout: string; stderr: string; exitCode: number } {
|
|
const result = spawnSync("bun", [SCRIPT, ...args], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
env: { ...process.env, ...env },
|
|
});
|
|
return {
|
|
stdout: result.stdout || "",
|
|
stderr: result.stderr || "",
|
|
exitCode: result.status ?? 1,
|
|
};
|
|
}
|
|
|
|
describe("gstack-gbrain-sync CLI", () => {
|
|
it("--help exits 0 with usage text", () => {
|
|
const r = runScript(["--help"]);
|
|
expect(r.exitCode).toBe(0);
|
|
expect(r.stderr).toContain("Usage: gstack-gbrain-sync");
|
|
expect(r.stderr).toContain("--incremental");
|
|
expect(r.stderr).toContain("--full");
|
|
expect(r.stderr).toContain("--dry-run");
|
|
});
|
|
|
|
it("rejects unknown flag", () => {
|
|
const r = runScript(["--bogus"]);
|
|
expect(r.exitCode).toBe(1);
|
|
expect(r.stderr).toContain("Unknown argument: --bogus");
|
|
});
|
|
|
|
it("uses the shared local gbrain status classifier instead of shelling through command -v", () => {
|
|
const source = readFileSync(SCRIPT, "utf-8");
|
|
|
|
expect(source).not.toContain('command -v gbrain');
|
|
expect(source).toContain("localEngineStatus");
|
|
});
|
|
|
|
it("--dry-run with --code-only reports the code import preview only", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run", "--code-only", "--quiet"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
// Code stage now uses native code surface: sources add + sync --strategy code
|
|
// (NOT gbrain import — that's the markdown-only path that was rejected post-codex).
|
|
expect(r.stdout).toContain("would: gbrain sources add");
|
|
expect(r.stdout).toContain("gbrain sync --strategy code");
|
|
expect(r.stdout).not.toContain("gbrain import");
|
|
// memory + brain-sync stages should not appear
|
|
expect(r.stdout).not.toContain("gstack-memory-ingest --probe");
|
|
expect(r.stdout).not.toContain("gstack-brain-sync --discover-new");
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("--dry-run with all stages shows previews for all three", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
expect(r.stdout).toContain("would: gbrain sources add");
|
|
expect(r.stdout).toContain("gbrain sync --strategy code");
|
|
expect(r.stdout).toContain("would: gstack-memory-ingest");
|
|
expect(r.stdout).toContain("would: gstack-brain-sync");
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("--no-code skips the code import stage", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run", "--no-code"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
expect(r.stdout).not.toContain("would: gbrain sources add");
|
|
expect(r.stdout).toContain("would: gstack-memory-ingest");
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("dry-run derives a stable source id from the canonical git remote", () => {
|
|
// The source id pattern is `gstack-code-<canonicalized-remote>`. For this
|
|
// repo (github.com/garrytan/gstack), the slug should appear in the dry-run
|
|
// preview line. We don't pin the exact slug — just verify the prefix +
|
|
// that the preview command would target a source with id gstack-code-*.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run", "--code-only", "--quiet"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
expect(r.stdout).toMatch(/gbrain sources add gstack-code-[a-z0-9-]+/);
|
|
expect(r.stdout).toMatch(/gbrain sync --strategy code --source gstack-code-[a-z0-9-]+/);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("derived source ids are gbrain-valid (≤32 chars, alnum + interior hyphens, no dots) for any remote", () => {
|
|
// gbrain enforces source ids to be 1-32 lowercase alnum chars with optional interior
|
|
// hyphens. Pre-fix, the slug came from canonicalizeRemote() with only `/` and
|
|
// whitespace stripped — leaving dots from hostnames (`github.com`) and no length cap.
|
|
// For `github.com/<org>/<repo>`, the id was `gstack-code-github.com-<org>-<repo>`,
|
|
// which fails validation on both counts. This test exercises the derivation against
|
|
// controlled remotes by spawning the CLI in a temp git repo.
|
|
const cases = [
|
|
"https://github.com/radubach/platform.git", // dot in hostname, total > 32 with old slug
|
|
"git@github.com:garrytan/gstack.git", // SCP-style remote
|
|
"https://gitlab.example.com/team/proj.git", // multi-dot host, non-github
|
|
"https://github.com/some-very-long-org-name/some-very-long-repo-name.git", // forces hash-truncate
|
|
];
|
|
const VALID_ID = /^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/;
|
|
for (const remote of cases) {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-source-id-repo-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", remote], { cwd: repo });
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const m = (r.stdout || "").match(/gbrain sources add (\S+)/);
|
|
expect(m).not.toBeNull();
|
|
const id = m![1];
|
|
expect(id.length).toBeLessThanOrEqual(32);
|
|
expect(id).toMatch(VALID_ID);
|
|
expect(id.startsWith("gstack-code-")).toBe(true);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
}
|
|
});
|
|
|
|
it("derives a gbrain-valid source id when the cwd repo has NO origin remote", () => {
|
|
// Fallback path in deriveCodeSourceId(): no `origin` remote configured,
|
|
// so the slug comes from the repo basename. The fallback must still
|
|
// produce a gbrain-valid id (no dots, ≤32 chars, no trailing hyphen).
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-no-origin-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
// No `git remote add origin` — this is the no-remote case.
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const m = (r.stdout || "").match(/gbrain sources add (\S+)/);
|
|
expect(m).not.toBeNull();
|
|
const id = m![1];
|
|
expect(id.startsWith("gstack-code-")).toBe(true);
|
|
expect(id.length).toBeLessThanOrEqual(32);
|
|
expect(id).toMatch(/^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("derives a gbrain-valid source id when the basename sanitizes to empty", () => {
|
|
// Pathological edge: a repo whose basename is all non-alnum (e.g. "___")
|
|
// sanitizes to an empty slug. Pre-worktree-aware-fix, constrainSourceId
|
|
// returned "gstack-code-" (invalid trailing hyphen) and was patched to
|
|
// fall back to a 6-char hash of the original input. The post-spike
|
|
// redesign appends an 8-char path-hash to every id, so the basename's
|
|
// empty-after-sanitize result is no longer a problem on its own — the
|
|
// path hash carries the entropy. The id must still be gbrain-valid.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const parent = mkdtempSync(join(tmpdir(), "gstack-empty-base-"));
|
|
const repo = join(parent, "___");
|
|
mkdirSync(repo);
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
// No `origin` remote — forces the basename-fallback path.
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const m = (r.stdout || "").match(/gbrain sources add (\S+)/);
|
|
expect(m).not.toBeNull();
|
|
const id = m![1];
|
|
// gbrain validator: 1-32 lowercase alnum + interior hyphens, no leading
|
|
// or trailing hyphens.
|
|
expect(id.startsWith("gstack-code-")).toBe(true);
|
|
expect(id.length).toBeLessThanOrEqual(32);
|
|
expect(id).toMatch(/^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/);
|
|
|
|
rmSync(parent, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("derives distinct source ids for the same absolute path on different hosts", () => {
|
|
// Issue #1414: two machines with identical home-dir layouts (chezmoi-managed
|
|
// dotfiles, ansible-provisioned VMs) collide on the same source id when
|
|
// federated against a shared gbrain DB, because the pre-fix `pathHash` was
|
|
// sha1(absolute path) only — host-agnostic. Folding hostname into the hash
|
|
// key keeps them distinct. `GSTACK_HOSTNAME` env var is the test-only knob;
|
|
// production uses `os.hostname()`.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-host-collide-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/example/multihost.git"], { cwd: repo });
|
|
|
|
// Dry-run still gates the code stage on `command -v gbrain`. Drop a no-op
|
|
// shim on PATH so the stage runs (we only assert the preview line, never
|
|
// invoke gbrain itself).
|
|
const bindir = mkdtempSync(join(tmpdir(), "gstack-host-collide-bin-"));
|
|
const shim = join(bindir, "gbrain");
|
|
writeFileSync(shim, "#!/bin/sh\nexit 0\n");
|
|
chmodSync(shim, 0o755);
|
|
const PATH = `${bindir}:${process.env.PATH || ""}`;
|
|
|
|
const runAs = (host: string) =>
|
|
spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome, GSTACK_HOSTNAME: host, PATH },
|
|
});
|
|
|
|
const a = runAs("machine-a");
|
|
const b = runAs("machine-b");
|
|
expect(a.status).toBe(0);
|
|
expect(b.status).toBe(0);
|
|
const idA = (a.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
const idB = (b.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
expect(idA).toBeTruthy();
|
|
expect(idB).toBeTruthy();
|
|
expect(idA).not.toBe(idB);
|
|
// Both still gbrain-valid.
|
|
const VALID_ID = /^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/;
|
|
expect(idA!).toMatch(VALID_ID);
|
|
expect(idB!).toMatch(VALID_ID);
|
|
|
|
// Same host + same path stays stable across invocations.
|
|
const a2 = runAs("machine-a");
|
|
expect(a2.status).toBe(0);
|
|
const idA2 = (a2.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
expect(idA2).toBe(idA);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
rmSync(bindir, { recursive: true, force: true });
|
|
});
|
|
|
|
it("dry-run does NOT acquire the lock file (lock is for write paths only)", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
// Lock file should not exist after a dry-run (it's a write-only safety primitive).
|
|
const lockPath = join(gstackHome, ".sync-gbrain.lock");
|
|
expect(existsSync(lockPath)).toBe(false);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("a stale lock file (older than 5 min) is taken over, not blocking", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
// Plant a stale lock file (mtime 6 min ago).
|
|
const lockPath = join(gstackHome, ".sync-gbrain.lock");
|
|
writeFileSync(lockPath, JSON.stringify({ pid: 99999, started_at: new Date(Date.now() - 6 * 60 * 1000).toISOString() }));
|
|
const sixMinAgo = (Date.now() - 6 * 60 * 1000) / 1000;
|
|
// Set mtime explicitly via Bun's fs.utimes
|
|
const fs = require("fs");
|
|
fs.utimesSync(lockPath, sixMinAgo, sixMinAgo);
|
|
|
|
// Run with all stages disabled so we don't actually invoke anything heavy.
|
|
const r = runScript(["--incremental", "--no-code", "--no-memory", "--no-brain-sync", "--quiet"], {
|
|
HOME: home,
|
|
GSTACK_HOME: gstackHome,
|
|
});
|
|
expect(r.exitCode).toBe(0);
|
|
// Lock should be cleared after the run (we took it over and released).
|
|
expect(existsSync(lockPath)).toBe(false);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("a fresh lock file (less than 5 min old) blocks a second invocation with exit 2", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
// Plant a fresh lock file (mtime now).
|
|
const lockPath = join(gstackHome, ".sync-gbrain.lock");
|
|
writeFileSync(lockPath, JSON.stringify({ pid: 99999, started_at: new Date().toISOString() }));
|
|
|
|
const r = runScript(["--incremental", "--no-code", "--no-memory", "--no-brain-sync", "--quiet"], {
|
|
HOME: home,
|
|
GSTACK_HOME: gstackHome,
|
|
});
|
|
expect(r.exitCode).toBe(2);
|
|
expect(r.stderr).toContain("another /sync-gbrain is running");
|
|
// Lock should still be there — the second invocation didn't take it over.
|
|
expect(existsSync(lockPath)).toBe(true);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("writes a state file with schema_version: 1 after a non-dry run", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
// Run with all stages disabled to avoid actually invoking gbrain/memory-ingest
|
|
const r = runScript(["--incremental", "--no-code", "--no-memory", "--no-brain-sync", "--quiet"], {
|
|
HOME: home,
|
|
GSTACK_HOME: gstackHome,
|
|
});
|
|
expect(r.exitCode).toBe(0);
|
|
|
|
const statePath = join(gstackHome, ".gbrain-sync-state.json");
|
|
expect(existsSync(statePath)).toBe(true);
|
|
const state = JSON.parse(readFileSync(statePath, "utf-8"));
|
|
expect(state.schema_version).toBe(1);
|
|
expect(state.last_writer).toBe("gstack-gbrain-sync");
|
|
expect(typeof state.last_sync).toBe("string");
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("does NOT write state file on --dry-run", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(["--dry-run"], { HOME: home, GSTACK_HOME: gstackHome });
|
|
expect(r.exitCode).toBe(0);
|
|
|
|
const statePath = join(gstackHome, ".gbrain-sync-state.json");
|
|
expect(existsSync(statePath)).toBe(false);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("records stage results in state file", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
runScript(["--incremental", "--no-code", "--no-memory", "--no-brain-sync", "--quiet"], {
|
|
HOME: home,
|
|
GSTACK_HOME: gstackHome,
|
|
});
|
|
|
|
const state = JSON.parse(readFileSync(join(gstackHome, ".gbrain-sync-state.json"), "utf-8"));
|
|
expect(Array.isArray(state.last_stages)).toBe(true);
|
|
// With all stages disabled, last_stages is empty
|
|
expect(state.last_stages.length).toBe(0);
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("brain-sync stage resolves the sibling binary, not a HOME-rooted path", () => {
|
|
// Regression for Codex M9: pre-fix the orchestrator looked up
|
|
// ~/.claude/skills/gstack/bin/gstack-brain-sync, which silently no-op'd
|
|
// on Codex installs and dev workspaces with the misleading summary
|
|
// "skipped (gstack-brain-sync not installed)". Post-fix it resolves
|
|
// a sibling via import.meta.dir and actually invokes the script.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const r = runScript(
|
|
["--incremental", "--no-code", "--no-memory", "--quiet"],
|
|
{ HOME: home, GSTACK_HOME: gstackHome },
|
|
);
|
|
|
|
// Don't assert exit code (sibling spawn may legitimately error in a
|
|
// sandboxed test). Assert only that we did NOT take the lying-skip path.
|
|
const combined = r.stdout + r.stderr;
|
|
expect(combined).not.toContain("skipped (gstack-brain-sync not installed)");
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("worktree-aware source ID: two worktrees of the same repo get DIFFERENT ids", () => {
|
|
// Conductor pattern: same origin, two different absolute paths. Pre-fix the
|
|
// ID was slug-only so both worktrees collapsed onto `gstack-code-<slug>` and
|
|
// last-sync-wins corrupted whichever the user wasn't actively syncing. The
|
|
// pathhash8 suffix makes each worktree's source independent.
|
|
const remote = "https://github.com/garrytan/gstack.git";
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
|
|
const repoA = mkdtempSync(join(tmpdir(), "gstack-worktree-a-"));
|
|
const repoB = mkdtempSync(join(tmpdir(), "gstack-worktree-b-"));
|
|
for (const repo of [repoA, repoB]) {
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", remote], { cwd: repo });
|
|
}
|
|
|
|
const idOf = (cwd: string): string => {
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const m = (r.stdout || "").match(/gbrain sources add (\S+)/);
|
|
expect(m).not.toBeNull();
|
|
return m![1];
|
|
};
|
|
|
|
const idA = idOf(repoA);
|
|
const idB = idOf(repoB);
|
|
expect(idA).not.toBe(idB);
|
|
expect(idA.startsWith("gstack-code-")).toBe(true);
|
|
expect(idB.startsWith("gstack-code-")).toBe(true);
|
|
|
|
rmSync(repoA, { recursive: true, force: true });
|
|
rmSync(repoB, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("worktree-aware source ID: same path produces the same id across runs (deterministic)", () => {
|
|
// The pathhash is derived from the absolute repo path via sha1, so
|
|
// /sync-gbrain run twice in the same worktree must converge on the same
|
|
// source id (idempotent registration depends on this).
|
|
const remote = "https://github.com/garrytan/gstack.git";
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-worktree-stable-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", remote], { cwd: repo });
|
|
|
|
const idOf = (): string => {
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const m = (r.stdout || "").match(/gbrain sources add (\S+)/);
|
|
expect(m).not.toBeNull();
|
|
return m![1];
|
|
};
|
|
expect(idOf()).toBe(idOf());
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("dry-run preview includes legacy-source removal + attach (post-codex-review hardening)", () => {
|
|
// Codex adversarial flagged: pre-pathhash `gstack-code-<slug>` sources stay
|
|
// orphaned forever after the new pathhash id ships. Dry-run preview must
|
|
// surface the legacy cleanup so the user knows it'll happen.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-legacy-cleanup-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/garrytan/gstack.git"], { cwd: repo });
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
// The dry-run preview shows what WOULD run; the live path will also
|
|
// remove the legacy source via `gbrain sources remove gstack-code-<slug>
|
|
// --confirm-destructive` when that legacy source is registered. We can't
|
|
// assert the remove step in dry-run because the orchestrator's preview
|
|
// string lists what it would do, but the legacy removal is gated on the
|
|
// legacy id being registered (which we can't probe in a sandboxed test
|
|
// without a real gbrain CLI). Instead, assert the preview still includes
|
|
// the new flow (sources add + sync + attach) at minimum.
|
|
expect(r.stdout).toMatch(/gbrain sources add gstack-code-/);
|
|
expect(r.stdout).toMatch(/gbrain sync --strategy code --source gstack-code-/);
|
|
expect(r.stdout).toMatch(/gbrain sources attach gstack-code-/);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
it("dry-run preview includes the `sources attach` step (kubectl-style CWD pin)", () => {
|
|
// Post-spike redesign: after sources add + sync, /sync-gbrain calls
|
|
// `gbrain sources attach <id>` so subsequent gbrain code-def / code-refs
|
|
// calls from anywhere under the worktree route to this source by default.
|
|
// The dry-run preview must surface that step so the user knows what we
|
|
// would do.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-attach-preview-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/garrytan/gstack.git"], { cwd: repo });
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
expect(r.stdout).toMatch(/gbrain sources attach gstack-code-/);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
});
|
|
|
|
// ──────────────────────────────────────────────────────────────────────────
|
|
// Hostname-fold migration (v1.40.0.0)
|
|
//
|
|
// Tests for `derivePathOnlyHashLegacyId` and `planHostnameFoldMigration`,
|
|
// which together let an existing user's pre-#1468 path-only-hash source
|
|
// transition to the new hostname-folded id without orphaning pages or
|
|
// creating a data-loss window. See bin/gstack-gbrain-sync.ts and the
|
|
// gbrain-sync-hardening plan.
|
|
// ──────────────────────────────────────────────────────────────────────────
|
|
|
|
/**
|
|
* Build a gbrain shim that responds to specific subcommands with canned
|
|
* output, then return PATH-prepend value. Lets us run helpers in-process
|
|
* (which spawn `gbrain` from PATH) without a real gbrain CLI.
|
|
*/
|
|
function makeShim(bindir: string, responses: Record<string, { stdout?: string; stderr?: string; exit?: number }>): string {
|
|
const shim = join(bindir, "gbrain");
|
|
const cases = Object.entries(responses).map(([key, r]) => {
|
|
const exit = r.exit ?? 0;
|
|
const stdout = (r.stdout || "").replace(/'/g, "'\\''");
|
|
const stderr = (r.stderr || "").replace(/'/g, "'\\''");
|
|
// Patterns with spaces MUST be double-quoted in sh case statements,
|
|
// otherwise the shell parses the second word as the start of the next
|
|
// pattern and errors out.
|
|
return ` "${key}") printf '%s' '${stdout}'; printf '%s' '${stderr}' >&2; exit ${exit} ;;`;
|
|
}).join("\n");
|
|
// Match on the full argument string, joined with literal spaces.
|
|
const script = `#!/bin/sh\nARGS="$*"\ncase "$ARGS" in\n${cases}\n *) echo "shim: no match for [$ARGS]" >&2; exit 1 ;;\nesac\n`;
|
|
writeFileSync(shim, script);
|
|
chmodSync(shim, 0o755);
|
|
return shim;
|
|
}
|
|
|
|
describe("derivePathOnlyHashLegacyId", () => {
|
|
it("returns the pre-#1468 form (path-only sha1, no hostname)", () => {
|
|
// Pure function — no subprocess. The same repoPath must yield the same
|
|
// legacy id regardless of $GSTACK_HOSTNAME, because the pre-#1468 hash
|
|
// didn't include hostname.
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-legacy-id-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/example/legacy-test.git"], { cwd: repo });
|
|
|
|
const cwd = process.cwd();
|
|
try {
|
|
process.chdir(repo);
|
|
const a = derivePathOnlyHashLegacyId(repo);
|
|
process.env.GSTACK_HOSTNAME = "machine-a";
|
|
const b = derivePathOnlyHashLegacyId(repo);
|
|
process.env.GSTACK_HOSTNAME = "machine-b";
|
|
const c = derivePathOnlyHashLegacyId(repo);
|
|
expect(a).toBe(b);
|
|
expect(b).toBe(c);
|
|
expect(a.startsWith("gstack-code-")).toBe(true);
|
|
expect(a.length).toBeLessThanOrEqual(32);
|
|
} finally {
|
|
delete process.env.GSTACK_HOSTNAME;
|
|
process.chdir(cwd);
|
|
rmSync(repo, { recursive: true, force: true });
|
|
}
|
|
});
|
|
|
|
it("produces a different id than the new hostname-folded form", () => {
|
|
// The whole point of the migration: the path-only-hash legacy id and the
|
|
// host-fold id must differ for any non-empty hostname, so the migration
|
|
// can detect + clean up the orphan.
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-legacy-id-distinct-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/example/distinct.git"], { cwd: repo });
|
|
|
|
const cwd = process.cwd();
|
|
try {
|
|
process.chdir(repo);
|
|
process.env.GSTACK_HOSTNAME = "machine-x";
|
|
const legacy = derivePathOnlyHashLegacyId(repo);
|
|
// Drive the new id through the CLI so we use the same code path users hit.
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const bindir = mkdtempSync(join(tmpdir(), "gstack-legacy-id-distinct-bin-"));
|
|
makeShim(bindir, { "--help": { stdout: "gbrain\n" } });
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome, GSTACK_HOSTNAME: "machine-x", PATH: `${bindir}:${process.env.PATH || ""}` },
|
|
});
|
|
const newId = (r.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
expect(newId).toBeTruthy();
|
|
expect(newId).not.toBe(legacy);
|
|
rmSync(home, { recursive: true, force: true });
|
|
rmSync(bindir, { recursive: true, force: true });
|
|
} finally {
|
|
delete process.env.GSTACK_HOSTNAME;
|
|
process.chdir(cwd);
|
|
rmSync(repo, { recursive: true, force: true });
|
|
}
|
|
});
|
|
});
|
|
|
|
/**
|
|
* Build an env dict that prepends `bindir` to PATH. Bun's spawnSync does NOT
|
|
* pick up runtime mutations of `process.env.PATH` — the env must be passed
|
|
* explicitly to each spawn for the override to take effect.
|
|
*/
|
|
function envWithBindir(bindir: string): NodeJS.ProcessEnv {
|
|
return { ...process.env, PATH: `${bindir}:${process.env.PATH || ""}` };
|
|
}
|
|
|
|
describe("planHostnameFoldMigration", () => {
|
|
let bindir: string;
|
|
|
|
beforeEach(() => {
|
|
bindir = mkdtempSync(join(tmpdir(), "gstack-mig-plan-bin-"));
|
|
_resetGbrainSupportsRenameCache();
|
|
});
|
|
afterEach(() => {
|
|
rmSync(bindir, { recursive: true, force: true });
|
|
_resetGbrainSupportsRenameCache();
|
|
});
|
|
|
|
it("returns ids-match when legacy == new (degenerate case)", () => {
|
|
const result = planHostnameFoldMigration("/repo/path", "gstack-code-same-abc12345", "gstack-code-same-abc12345");
|
|
expect(result).toEqual({ kind: "none", reason: "ids-match" });
|
|
});
|
|
|
|
it("returns no-legacy-source when sources list does not include the legacy id", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": { stdout: "[]" },
|
|
});
|
|
const result = planHostnameFoldMigration("/repo/path", "new-id", "legacy-id", envWithBindir(bindir));
|
|
expect(result).toEqual({ kind: "none", reason: "no-legacy-source" });
|
|
});
|
|
|
|
it("returns skipped-path-drift when old source local_path differs from current repo root", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify([{ id: "legacy-id", local_path: "/some/other/repo" }]),
|
|
},
|
|
});
|
|
const result = planHostnameFoldMigration("/repo/here", "new-id", "legacy-id", envWithBindir(bindir));
|
|
expect(result.kind).toBe("skipped-path-drift");
|
|
if (result.kind === "skipped-path-drift") {
|
|
expect(result.oldId).toBe("legacy-id");
|
|
expect(result.oldPath).toBe("/some/other/repo");
|
|
expect(result.currentPath).toBe("/repo/here");
|
|
}
|
|
});
|
|
|
|
it("returns renamed when rename is supported and exits 0", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify([{ id: "legacy-id", local_path: "/repo/here" }]),
|
|
},
|
|
"sources rename --help": {
|
|
stdout: "Usage: gbrain sources rename <old> <new>\n",
|
|
},
|
|
"sources rename legacy-id new-id": { exit: 0 },
|
|
});
|
|
const result = planHostnameFoldMigration("/repo/here", "new-id", "legacy-id", envWithBindir(bindir));
|
|
expect(result).toEqual({ kind: "renamed", oldId: "legacy-id", newId: "new-id" });
|
|
});
|
|
|
|
it("returns pending-cleanup when rename is unsupported (current gbrain 0.35.0.0)", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify([{ id: "legacy-id", local_path: "/repo/here" }]),
|
|
},
|
|
// No `sources rename --help` match → shim falls into the catch-all and exits 1.
|
|
});
|
|
const result = planHostnameFoldMigration("/repo/here", "new-id", "legacy-id", envWithBindir(bindir));
|
|
expect(result).toEqual({ kind: "pending-cleanup", oldId: "legacy-id" });
|
|
});
|
|
|
|
it("returns pending-cleanup when rename is supported but the rename call itself fails", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify([{ id: "legacy-id", local_path: "/repo/here" }]),
|
|
},
|
|
"sources rename --help": {
|
|
stdout: "Usage: gbrain sources rename <old> <new>\n",
|
|
},
|
|
"sources rename legacy-id new-id": { exit: 1, stderr: "rename failed: db locked" },
|
|
});
|
|
const result = planHostnameFoldMigration("/repo/here", "new-id", "legacy-id", envWithBindir(bindir));
|
|
expect(result).toEqual({ kind: "pending-cleanup", oldId: "legacy-id" });
|
|
});
|
|
});
|
|
|
|
describe("constrainSourceId truncation (hyphen-boundary cut)", () => {
|
|
// PR #1481 (Drummerms): the old slug.slice(-tailBudget) cut mid-word when
|
|
// the boundary fell inside a token. For a long repo like
|
|
// `drummerms-av-sow-wiz-skill-270c0001` the truncated tail used to end in
|
|
// `kill-270c0001` (from `skill`). The new tokenized cut walks hyphen
|
|
// boundaries from the right and only keeps whole tokens.
|
|
//
|
|
// Exercised via the dry-run preview (`gbrain sources add gstack-code-…`),
|
|
// since constrainSourceId is module-private.
|
|
it("never produces mid-word truncation artifacts like `kill` (from `skill`)", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-hyphen-cut-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
// Remote chosen to be long enough that constrainSourceId truncates and
|
|
// the boundary lands inside the word `skill`.
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/drummerms-av-sow-wiz/skill-270c0001.git"], { cwd: repo });
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const id = (r.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
expect(id).toBeTruthy();
|
|
// The id must not contain the mid-word fragment `kill` (left over from
|
|
// slicing inside `skill`). Tokens that survive truncation must be whole.
|
|
expect(id).not.toMatch(/(^|-)kill(-|$)/);
|
|
// Still gbrain-valid.
|
|
expect(id!.length).toBeLessThanOrEqual(32);
|
|
expect(id!).toMatch(/^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
|
|
// Closes #1357: HTTPS remotes ending in `.git` used to pass periods through
|
|
// to the source id. canonicalizeRemote strips the `.git` suffix; the
|
|
// sanitizer also strips any residual non-alnum. Test asserts the source id
|
|
// is period-free for the exact case from the issue.
|
|
it("produces a period-free source id for HTTPS remotes ending in .git (#1357)", () => {
|
|
const home = makeTestHome();
|
|
const gstackHome = join(home, ".gstack");
|
|
mkdirSync(gstackHome, { recursive: true });
|
|
const repo = mkdtempSync(join(tmpdir(), "gstack-https-period-"));
|
|
spawnSync("git", ["init", "--quiet", "-b", "main"], { cwd: repo });
|
|
spawnSync("git", ["remote", "add", "origin", "https://github.com/foo/bar.git"], { cwd: repo });
|
|
|
|
const r = spawnSync("bun", [SCRIPT, "--dry-run", "--code-only", "--quiet"], {
|
|
encoding: "utf-8",
|
|
timeout: 60000,
|
|
cwd: repo,
|
|
env: { ...process.env, HOME: home, GSTACK_HOME: gstackHome },
|
|
});
|
|
expect(r.status).toBe(0);
|
|
const id = (r.stdout || "").match(/gbrain sources add (\S+)/)?.[1];
|
|
expect(id).toBeTruthy();
|
|
expect(id).not.toContain(".");
|
|
expect(id!).toMatch(/^[a-z0-9](?:[a-z0-9-]{0,30}[a-z0-9])?$/);
|
|
|
|
rmSync(repo, { recursive: true, force: true });
|
|
rmSync(home, { recursive: true, force: true });
|
|
});
|
|
});
|
|
|
|
describe("sourceLocalPath", () => {
|
|
let bindir: string;
|
|
beforeEach(() => {
|
|
bindir = mkdtempSync(join(tmpdir(), "gstack-source-lp-bin-"));
|
|
});
|
|
afterEach(() => {
|
|
rmSync(bindir, { recursive: true, force: true });
|
|
});
|
|
|
|
it("returns local_path when the source exists", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify([
|
|
{ id: "other-source", local_path: "/x" },
|
|
{ id: "target-id", local_path: "/repo/match" },
|
|
]),
|
|
},
|
|
});
|
|
expect(sourceLocalPath("target-id", envWithBindir(bindir))).toBe("/repo/match");
|
|
});
|
|
|
|
it("returns null when the source is missing", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": { stdout: "[]" },
|
|
});
|
|
expect(sourceLocalPath("missing-id", envWithBindir(bindir))).toBeNull();
|
|
});
|
|
|
|
it("returns null when gbrain exits non-zero or returns malformed JSON", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": { exit: 2, stderr: "db unreachable" },
|
|
});
|
|
expect(sourceLocalPath("any-id", envWithBindir(bindir))).toBeNull();
|
|
});
|
|
|
|
// gbrain v0.20+ wraps the response as `{sources: [...]}`. Older versions
|
|
// returned a flat array. sourceLocalPath was returning null (or crashing
|
|
// with `list.find is not a function` upstream) because it only handled
|
|
// the flat-array shape. Pin both shapes here.
|
|
it("handles {sources: [...]} wrapped shape (gbrain v0.20+)", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": {
|
|
stdout: JSON.stringify({
|
|
sources: [
|
|
{ id: "other-source", local_path: "/x" },
|
|
{ id: "target-id", local_path: "/repo/match" },
|
|
],
|
|
}),
|
|
},
|
|
});
|
|
expect(sourceLocalPath("target-id", envWithBindir(bindir))).toBe("/repo/match");
|
|
});
|
|
|
|
it("returns null when the source is missing in the wrapped shape", () => {
|
|
makeShim(bindir, {
|
|
"sources list --json": { stdout: JSON.stringify({ sources: [] }) },
|
|
});
|
|
expect(sourceLocalPath("missing-id", envWithBindir(bindir))).toBeNull();
|
|
});
|
|
});
|