diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl index b21aa05e..4561ebd0 100644 --- a/.beads/issues.jsonl +++ b/.beads/issues.jsonl @@ -4,6 +4,7 @@ {"id":"bd-0io","title":"Sync should cleanup snapshot files after completion","description":"## Problem\n`bd sync` leaves orphaned merge artifact files (beads.base.jsonl, beads.left.jsonl) after completion, causing:\n1. Doctor warnings about 'Multiple JSONL files found'\n2. Confusion during debugging\n3. Potential stale data issues on next sync\n\n## Root Cause\n`SnapshotManager` creates these files for 3-way merge deletion tracking but `Cleanup()` is never called after sync completes (success or failure).\n\n## Fix\nCall `SnapshotManager.Cleanup()` at end of successful sync:\n\n```go\n// sync.go after successful validation\nsm := NewSnapshotManager(jsonlPath)\nsm.Cleanup()\n```\n\n## Files\n- cmd/bd/sync.go (add cleanup call)\n- cmd/bd/snapshot_manager.go (Cleanup method exists at line 188)","status":"closed","priority":1,"issue_type":"bug","created_at":"2025-11-28T17:06:20.881183-08:00","updated_at":"2025-11-28T21:53:44.37689-08:00","closed_at":"2025-11-28T21:53:44.37689-08:00"} {"id":"bd-0v4","title":"Short tests taking 13+ minutes (performance regression)","description":"","status":"closed","priority":0,"issue_type":"bug","created_at":"2025-11-27T00:54:03.350344-08:00","updated_at":"2025-11-27T13:23:19.376658-08:00","closed_at":"2025-11-27T01:36:06.684059-08:00"} {"id":"bd-1pj6","title":"Proposal: Custom status states via config","description":"Proposal to add 'custom status states' via `bd config`.\nUsers could define an optional issue status enum (e.g., awaiting_review, review_in_progress) in the config.\nThis would enable multi-step pipelines to process issues where each step correlates to a specific status.\n\nExamples:\n- awaiting_verification\n- awaiting_docs\n- awaiting_testing\n","status":"open","priority":3,"issue_type":"feature","created_at":"2025-11-20T18:55:48.670499-05:00","updated_at":"2025-11-20T18:55:48.670499-05:00"} +{"id":"bd-1u4","title":"Fix gosec lint warnings in doctor.go, main.go, and fix subdirectory","description":"CI lint job failing with 4 gosec warnings:\n- cmd/bd/doctor.go:664 (G304: file inclusion via variable)\n- cmd/bd/doctor/fix/database_config.go:166 (G304: file inclusion via variable) \n- cmd/bd/doctor/fix/untracked.go:61 (G204: subprocess launched with variable)\n- cmd/bd/main.go:645 (G304: file inclusion via variable)\n\nEither suppress with `// #nosec` if false positives, or refactor to validate paths properly.","status":"open","priority":2,"issue_type":"task","created_at":"2025-11-29T00:43:07.393406783-07:00","updated_at":"2025-11-29T00:43:07.393406783-07:00"} {"id":"bd-2em","title":"Expand checkHooksQuick to verify all hook versions","description":"Currently checkHooksQuick only checks post-merge hook version. Should also check pre-commit, pre-push, and post-checkout for completeness. Keep it lightweight but catch more outdated hooks.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-11-25T19:27:47.432243-08:00","updated_at":"2025-11-25T19:50:21.378464-08:00","closed_at":"2025-11-25T19:50:21.378464-08:00"} {"id":"bd-39o","title":"Rename last_import_hash metadata key to jsonl_content_hash","description":"The metadata key 'last_import_hash' is misleading because it's updated on both import AND export (sync.go:614, import.go:320).\n\nBetter names:\n- jsonl_content_hash (more accurate)\n- last_sync_hash (clearer intent)\n\nThis is a breaking change requiring migration of existing metadata values.","status":"open","priority":2,"issue_type":"task","created_at":"2025-11-20T21:31:07.568739-05:00","updated_at":"2025-11-20T21:31:07.568739-05:00"} {"id":"bd-3gc","title":"Audit remaining cmd/bd files for error handling consistency","description":"Extend ERROR_HANDLING_AUDIT.md to cover: daemon_sync.go, update.go, list.go, show.go, close.go, reopen.go, dep.go, label.go, comments.go, delete.go, compact.go, config.go, validate.go and other high-usage command files","status":"open","priority":3,"issue_type":"task","created_at":"2025-11-24T00:28:55.890991-08:00","updated_at":"2025-11-24T00:28:55.890991-08:00"} diff --git a/_working_on_.md b/_working_on_.md new file mode 100644 index 00000000..6f8de97b --- /dev/null +++ b/_working_on_.md @@ -0,0 +1,57 @@ +I created a new worktree branch and was stopped even before getting started. Beads is not happy with this setup. I don't know why. + + +``` +main on  main [$] via 🐹 v1.25.4 +❯ git worktree add ../fix-ci -b fix-ci +Preparing worktree (new branch 'fix-ci') +HEAD is now at 4ef5a28a bd sync: 2025-11-28 22:17:18 +🔗 Importing beads issues from JSONL... +✓ Beads issues imported successfully + +main on  main [$] via 🐹 v1.25.4 +❯ cd ../fix-ci/ + +fix-ci on  fix-ci [$] via 🐹 v1.25.4 +❯ bd doctor + +Diagnostics + ├ Installation: .beads/ directory found + ├ Git Hooks: All recommended hooks installed + │ Installed: post-merge, pre-push, pre-commit + ├ Database: Unable to read database version ✗ + │ Storage: SQLite + ├ Schema Compatibility: All required tables and columns present + ├ Issue IDs: hash-based ✓ + ├ CLI Version: 0.26.0 (latest) + ├ Database Files: Single database file + ├ JSONL Files: Using issues.jsonl + ├ JSONL Config: Using issues.jsonl + ├ Database Config: Configuration matches existing files + ├ Daemon Health: No daemon running (will auto-start on next command) + ├ DB-JSONL Sync: Database and JSONL are in sync + ├ Permissions: All permissions OK + ├ Dependency Cycles: No circular dependencies detected + ├ Claude Integration: Hooks installed (CLI mode) + │ Plugin not detected - install for slash commands + ├ bd in PATH: 'bd' command available + ├ Documentation bd prime: Documentation references match installed features + │ Files: AGENTS.md + ├ Agent Documentation: Documentation found: AGENTS.md + ├ Documentation: No legacy beads slash commands detected + ├ Gitignore: Up to date + ├ Git Merge Driver: Correctly configured + │ bd merge %A %O %A %B + ├ Metadata Version Tracking: Version tracking active (version: 0.26.0) + ├ Sync Branch Config: sync.branch not configured ⚠ + │ Current branch: fix-ci + ├ Deletions Manifest: Present (2474 entries) + └ Untracked Files: All .beads/*.jsonl files are tracked + +✗ Error: Unable to read database version + Fix: Database may be corrupted. Try 'bd migrate' + +⚠ Warning: sync.branch not configured + Fix: Run 'bd doctor --fix' to auto-configure to 'fix-ci', or manually: bd config set sync.branch + +``` diff --git a/cmd/bd/doctor.go b/cmd/bd/doctor.go index 380522ca..3b177b3f 100644 --- a/cmd/bd/doctor.go +++ b/cmd/bd/doctor.go @@ -661,6 +661,7 @@ func checkDatabaseVersion(path string) doctorCheck { // Check config.yaml for no-db: true configPath := filepath.Join(beadsDir, "config.yaml") isNoDbMode := false + // #nosec G304 -- configPath is constructed from beadsDir which is in .beads/ if configData, err := os.ReadFile(configPath); err == nil { // Simple check for no-db: true in config.yaml isNoDbMode = strings.Contains(string(configData), "no-db: true") diff --git a/cmd/bd/doctor/fix/database_config.go b/cmd/bd/doctor/fix/database_config.go index 83e1a70d..2c8bc539 100644 --- a/cmd/bd/doctor/fix/database_config.go +++ b/cmd/bd/doctor/fix/database_config.go @@ -163,6 +163,7 @@ func LegacyJSONLConfig(path string) error { // Update .gitattributes if it references beads.jsonl gitattrsPath := filepath.Join(path, ".gitattributes") + // #nosec G304 -- gitattrsPath is constructed from path which is the git root if content, err := os.ReadFile(gitattrsPath); err == nil { if strings.Contains(string(content), ".beads/beads.jsonl") { newContent := strings.ReplaceAll(string(content), ".beads/beads.jsonl", ".beads/issues.jsonl") diff --git a/cmd/bd/doctor/fix/untracked.go b/cmd/bd/doctor/fix/untracked.go index a4e95a4b..1e8305c8 100644 --- a/cmd/bd/doctor/fix/untracked.go +++ b/cmd/bd/doctor/fix/untracked.go @@ -58,6 +58,7 @@ func UntrackedJSONL(path string) error { continue } + // #nosec G204 -- file is validated against a whitelist of JSONL files addCmd := exec.Command("git", "add", file) addCmd.Dir = path if err := addCmd.Run(); err != nil { diff --git a/cmd/bd/main.go b/cmd/bd/main.go index fcbadd14..a87251dc 100644 --- a/cmd/bd/main.go +++ b/cmd/bd/main.go @@ -642,6 +642,7 @@ func handleFreshCloneError(err error, beadsDir string) bool { if info, statErr := os.Stat(candidate); statErr == nil && !info.IsDir() { jsonlPath = candidate // Count lines (approximately = issue count) + // #nosec G304 -- candidate is constructed from beadsDir which is .beads/ if data, readErr := os.ReadFile(candidate); readErr == nil { for _, line := range strings.Split(string(data), "\n") { if strings.TrimSpace(line) != "" {