mirror of https://github.com/garrytan/gstack.git
352c0ced34
/ship Step 11 adversarial review surfaced 7 CRITICAL issues. Five fixed inline (no behavior regression, 26/26 tests still pass): bin/gstack-gbrain-source-wireup: 1. **rm -rf path validation** (was: F-c-CRITICAL 9/10). Added `safe_rm_worktree` helper that refuses any path not strictly under $HOME/, plus dangerous-path allowlist for /, /Users, $HOME root. Replaces raw `rm -rf "$WORKTREE"` calls (lines 161, 169 originally). If user sets GSTACK_BRAIN_WORKTREE="" or "/", the helper now dies cleanly instead of nuking the home dir or root. 2. **jq dependency probe** (was: F-c-CRITICAL 9/10). `check_source_state` now hard-fails with a clear message if jq is missing, instead of silently returning "absent" → re-add → die-on-duplicate. Plus trims whitespace from jq output (`tr -d '[:space:]'`) to defend against gbrain emitting `\n` for missing fields. Header comment claimed jq was a transitive dep; now we enforce it. 3. **Python heredoc warns on JSON parse failure** (was: F-c-CRITICAL 8/10). Previously `except Exception: pass` silently swallowed malformed JSON, leaving _locked_url empty and defeating the URL-lock defense. Now writes the parse error to a temp file and warns the user that the URL was not locked. Also passes the config path via env var (GBRAIN_CONFIG_PATH) instead of hardcoded `~/.gbrain/config.json`, respecting any HOME override. 4. **Multi-Mac source-id collision fix** (was: F-c-CRITICAL 9/10). When `check_source_state` returns 1 (source exists at different path), the helper used to remove + re-add. Two Macs sharing one Supabase brain would ping-pong the local_path metadata on every sync. Now: if the existing path's basename matches the local worktree's basename (likely another machine's local copy of the SAME brain repo), skip re-registration and sync against the local worktree. gbrain stores pages by content; metadata is informational. No more ping-pong. 5. **Redact DB URL from sync-failure error message** (was: F-c-CRITICAL 7/10). `gbrain sync` failures used to echo the full stderr (which can contain the postgres connection string with password) into the user's terminal and any log redirect. Now we sed-replace any `postgres://...` with `postgres://***REDACTED***` before the die() call, and only show the last 10 lines. Bonus minor fix: `die()` now uses `$1` instead of `$*` for the warn message, so the exit-code arg ($2) doesn't get appended to the warning text. Acknowledged-but-deferred: - GBRAIN_DATABASE_URL env exposure on Linux via /proc/$PID/environ. This is a Linux-only concern; gstack is Mac-targeted today and macOS restricts process env reads. Document as a follow-up if Linux support lands. - gbrain version parser brittleness if gbrain switches to "v0.18.0" prefix. Defensive only; current gbrain output matches `gbrain X.Y.Z` exactly. - bash 3.2 PIPESTATUS reliability. Tests pass on the host bash version (3.2+ via macOS); modern bash 5.x is widely available. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| chrome-cdp | ||
| dev-setup | ||
| dev-teardown | ||
| gstack-analytics | ||
| gstack-brain-consumer | ||
| gstack-brain-enqueue | ||
| gstack-brain-init | ||
| gstack-brain-reader | ||
| gstack-brain-restore | ||
| gstack-brain-sync | ||
| gstack-brain-uninstall | ||
| gstack-builder-profile | ||
| gstack-codex-probe | ||
| gstack-community-dashboard | ||
| gstack-config | ||
| gstack-developer-profile | ||
| gstack-diff-scope | ||
| gstack-extension | ||
| gstack-gbrain-detect | ||
| gstack-gbrain-install | ||
| gstack-gbrain-lib.sh | ||
| gstack-gbrain-repo-policy | ||
| gstack-gbrain-source-wireup | ||
| gstack-gbrain-supabase-provision | ||
| gstack-gbrain-supabase-verify | ||
| gstack-global-discover.ts | ||
| gstack-jsonl-merge | ||
| gstack-learnings-log | ||
| gstack-learnings-search | ||
| gstack-model-benchmark | ||
| gstack-next-version | ||
| gstack-open-url | ||
| gstack-patch-names | ||
| gstack-platform-detect | ||
| gstack-question-log | ||
| gstack-question-preference | ||
| gstack-relink | ||
| gstack-repo-mode | ||
| gstack-review-log | ||
| gstack-review-read | ||
| gstack-security-dashboard | ||
| gstack-session-update | ||
| gstack-settings-hook | ||
| gstack-slug | ||
| gstack-specialist-stats | ||
| gstack-taste-update | ||
| gstack-team-init | ||
| gstack-telemetry-log | ||
| gstack-telemetry-sync | ||
| gstack-timeline-log | ||
| gstack-timeline-read | ||
| gstack-uninstall | ||
| gstack-update-check | ||