Add bd doctor check that warns if .beads/last-touched is tracked by git.
This file is local runtime state that should never be committed, as it
causes spurious diffs in other clones.
- CheckLastTouchedNotTracked() detects if file is git-tracked
- FixLastTouchedTracking() untracks with git rm --cached
- Comprehensive tests for all scenarios
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(doctor): add .sync.lock and sync_base.jsonl to gitignore
Problem:
- .sync.lock and sync_base.jsonl were missing from GitignoreTemplate
- Files introduced in PR #918 (pull-first sync) appeared as untracked
Solution:
- Add patterns to GitignoreTemplate with explanatory comment
- Add patterns to requiredPatterns for bd doctor validation
Impact:
- Existing users get warning via bd doctor, fix via bd doctor --fix
- New repos get correct gitignore on bd init
Fixes: GH#974
* docs(sync): fix sync_base.jsonl tracking status and add tests
Problem:
- SYNC.md incorrectly documented sync_base.jsonl as "git-tracked"
- No tests validated sync state file gitignore patterns
Solution:
- Update Files Reference table: sync_base.jsonl is "not tracked, per-machine"
- Add TestGitignoreTemplate_ContainsSyncStateFiles
- Add TestRequiredPatterns_ContainsSyncStatePatterns
Relates to: GH#974
- Add redirect to GitignoreTemplate with explanatory comment
- Add redirect to requiredPatterns for outdated gitignore detection
- Add CheckRedirectNotTracked() to detect already-tracked redirect files
- Add FixRedirectTracking() to untrack via git rm --cached
- Register check in bd doctor under Git Integration category
- Add 6 tests for the new functionality
The redirect file contains a relative path that only works in the
original worktree. When committed, it causes warnings in other clones:
"Warning: redirect target does not exist"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When bd worktree creates a worktree, it writes a .beads/redirect file
pointing back to the main repo's .beads/. If this file is accidentally
committed (e.g., via git add .), it causes "redirect target does not exist"
warnings when cloned or used in other worktrees.
Changes:
- Add 'redirect' to GitignoreTemplate to prevent future accidental commits
- Add 'redirect' to requiredPatterns so bd doctor detects outdated .gitignore
- Add CheckRedirectNotTracked() to detect already-tracked redirect files
- Add FixRedirectTracking() to untrack accidentally committed redirects
Tests: 8 new tests covering template, detection, and fix scenarios
* test(doctor): add comprehensive tests for fix and check functions
Add edge case tests, e2e tests, and improve test coverage for:
- database_test.go: database integrity and sync checks
- git_test.go: git hooks, merge driver, sync branch tests
- gitignore_test.go: gitignore validation
- prefix_test.go: ID prefix handling
- fix/fix_test.go: fix operations
- fix/e2e_test.go: end-to-end fix scenarios
- fix/fix_edge_cases_test.go: edge case handling
* docs: add testing philosophy and anti-patterns guide
- Create TESTING_PHILOSOPHY.md covering test pyramid, priority matrix,
what NOT to test, and 5 anti-patterns with code examples
- Add cross-reference from README_TESTING.md
- Document beads-specific guidance (well-covered areas vs gaps)
- Include target metrics (test-to-code ratio, execution time targets)
* chore: revert .beads/ to upstream/main state
* refactor(doctor): add category grouping and Ayu theme colors
- Add Category field to DoctorCheck for organizing checks by type
- Define category constants: Core, Git, Runtime, Data, Integration, Metadata
- Update thanks command to use shared Ayu color palette from internal/ui
- Simplify test fixtures by removing redundant test cases
* fix(doctor): prevent test fork bomb and fix test failures
- Add ErrTestBinary guard in getBdBinary() to prevent tests from
recursively executing the test binary when calling bd subcommands
- Update claude_test.go to use new check names (CLI Availability,
Prime Documentation)
- Fix syncbranch test path comparison by resolving symlinks
(/var vs /private/var on macOS)
- Fix permissions check to use exact comparison instead of bitmask
- Fix UntrackedJSONL to use git commit --only to preserve staged changes
- Fix MergeDriver edge case test by making both .git dir and config
read-only
- Add skipIfTestBinary helper for E2E tests that need real bd binary
* test(doctor): skip read-only config test in CI environments
GitHub Actions containers may have CAP_DAC_OVERRIDE or similar
capabilities that allow writing to read-only files, causing
the test to fail. Skip the test when CI=true or GITHUB_ACTIONS=true.
Windows doesn't support Unix-style file permissions, so these tests
will always fail. Skip the permission verification on Windows while
still testing the core functionality (file creation, content).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Resolves bd-ee1: Add security tests for WriteFile permissions in doctor command
Added comprehensive security tests for the FixGitignore function to verify:
- Files are created with 0600 permissions (secure, owner-only read/write)
- Existing files with insecure permissions are fixed
- Read-only files can be updated (permissions fixed first)
- File ownership is correct
- Permissions are enforced even on systems that respect umask
Also improved FixGitignore implementation to:
- Handle read-only files by fixing permissions before writing
- Explicitly set permissions after write to ensure 0600 regardless of umask
- Maintain secure permissions throughout the operation
Tests verify the gosec G306 security concern is properly addressed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
