beads

Author SHA1 Message Date

Author	SHA1	Message	Date
Steve Yegge	74f384444b	test: Add security and error handling tests for lint warnings Added comprehensive tests to address gosec and errcheck linter warnings: 1. bd-yxy (P0): Command injection prevention tests for git rm in merge command - Added merge_security_test.go with tests for shell metacharacters - Verified exec.Command safely passes arguments (no shell interpretation) - Added #nosec G204 comment explaining why code is safe 2. bd-nbc (P1): Security tests for file path validation in clean command - Added clean_security_test.go with path traversal tests - Verified filepath.Join safely constructs paths within .beads directory - Added #nosec G304 comment documenting safety guarantees 3. bd-lln (P2): Tests for performFlush error handling in FlushManager - Added tests documenting that performFlush intentionally returns nil - Errors are handled internally by flushToJSONLWithState - Tests verify graceful degradation when store is inactive 4. bd-gra (P2): Error handling test for cmd.Help() in search command - Added search_test.go documenting Help() error handling - Help() errors intentionally ignored (already in error path, will exit anyway) - Added #nosec G104 comment explaining rationale All new tests pass. The linter warnings are false positives or intentional design decisions, now documented with tests and #nosec comments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-21 19:30:48 -05:00
Steve Yegge	e8355c26f0	Add 'bd clean' command to remove temporary merge artifacts This command cleans up temporary files created during git merges by reading patterns directly from .beads/.gitignore (Merge artifacts section). Files removed: - 3-way merge snapshots (beads.base.jsonl, beads.left.jsonl, beads.right.jsonl) - Merge metadata (.meta.json) - Git merge driver temp files (.json[0-9], *.jsonl[0-9]) Files preserved: - beads.jsonl (source of truth) - beads.db (SQLite database) - metadata.json, config.yaml - All daemon files Usage: bd clean # Clean up temporary files bd clean --dry-run # Preview what would be deleted Implementation: - Reads patterns from .beads/.gitignore instead of hardcoding them - No --force flag needed - just runs by default - Only cleans truly temporary merge artifacts, never the database Also: - Restored beads.jsonl to 538 issues from commit `6cd3a32` - Set issue-prefix to "bd" in config.yaml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-20 20:21:37 -05:00

Steve Yegge

74f384444b

test: Add security and error handling tests for lint warnings

Added comprehensive tests to address gosec and errcheck linter warnings:

1. bd-yxy (P0): Command injection prevention tests for git rm in merge command
   - Added merge_security_test.go with tests for shell metacharacters
   - Verified exec.Command safely passes arguments (no shell interpretation)
   - Added #nosec G204 comment explaining why code is safe

2. bd-nbc (P1): Security tests for file path validation in clean command
   - Added clean_security_test.go with path traversal tests
   - Verified filepath.Join safely constructs paths within .beads directory
   - Added #nosec G304 comment documenting safety guarantees

3. bd-lln (P2): Tests for performFlush error handling in FlushManager
   - Added tests documenting that performFlush intentionally returns nil
   - Errors are handled internally by flushToJSONLWithState
   - Tests verify graceful degradation when store is inactive

4. bd-gra (P2): Error handling test for cmd.Help() in search command
   - Added search_test.go documenting Help() error handling
   - Help() errors intentionally ignored (already in error path, will exit anyway)
   - Added #nosec G104 comment explaining rationale

All new tests pass. The linter warnings are false positives or intentional
design decisions, now documented with tests and #nosec comments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-21 19:30:48 -05:00

Steve Yegge

e8355c26f0

Add 'bd clean' command to remove temporary merge artifacts

This command cleans up temporary files created during git merges by reading
patterns directly from .beads/.gitignore (Merge artifacts section).

Files removed:
- 3-way merge snapshots (beads.base.jsonl, beads.left.jsonl, beads.right.jsonl)
- Merge metadata (*.meta.json)
- Git merge driver temp files (*.json[0-9], *.jsonl[0-9])

Files preserved:
- beads.jsonl (source of truth)
- beads.db (SQLite database)
- metadata.json, config.yaml
- All daemon files

Usage:
  bd clean           # Clean up temporary files
  bd clean --dry-run # Preview what would be deleted

Implementation:
- Reads patterns from .beads/.gitignore instead of hardcoding them
- No --force flag needed - just runs by default
- Only cleans truly temporary merge artifacts, never the database

Also:
- Restored beads.jsonl to 538 issues from commit 6cd3a32
- Set issue-prefix to "bd" in config.yaml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-20 20:21:37 -05:00

2 Commits