@aaronshaf/ger 0.1.0

package/src/utils/formatters.ts

@@ -0,0 +1,85 @@
+import type { ChangeInfo } from '@/schemas/gerrit'
+
+export const formatDate = (dateStr: string): string => {
+  const date = new Date(dateStr)
+  const now = new Date()
+
+  // Check if today
+  if (date.toDateString() === now.toDateString()) {
+    return date.toLocaleTimeString('en-US', {
+      hour: 'numeric',
+      minute: '2-digit',
+      hour12: true,
+    })
+  }
+
+  // Check if this year
+  if (date.getFullYear() === now.getFullYear()) {
+    return date.toLocaleDateString('en-US', {
+      month: 'short',
+      day: '2-digit',
+    })
+  }
+
+  // Otherwise show full date
+  return date.toLocaleDateString('en-US', {
+    month: 'short',
+    day: '2-digit',
+    year: 'numeric',
+  })
+}
+
+export const getStatusIndicator = (change: ChangeInfo): string => {
+  const indicators: string[] = []
+
+  // Check for labels only if they exist
+  if (change.labels) {
+    // Check for Code-Review
+    if (change.labels['Code-Review']) {
+      const cr = change.labels['Code-Review']
+      if (cr.approved || cr.value === 2) {
+        indicators.push(`${colors.green}✓${colors.reset}`)
+      } else if (cr.rejected || cr.value === -2) {
+        indicators.push(`${colors.red}✗${colors.reset}`)
+      } else if (cr.recommended || cr.value === 1) {
+        indicators.push(`${colors.cyan}↑${colors.reset}`)
+      } else if (cr.disliked || cr.value === -1) {
+        indicators.push(`${colors.yellow}↓${colors.reset}`)
+      }
+    }
+
+    // Check for Verified
+    if (change.labels.Verified) {
+      const v = change.labels.Verified
+      if (v.approved || v.value === 1) {
+        indicators.push(`${colors.green}✓${colors.reset}`)
+      } else if (v.rejected || v.value === -1) {
+        indicators.push(`${colors.red}✗${colors.reset}`)
+      }
+    }
+  }
+
+  // Check if submittable (regardless of labels)
+  if (change.submittable) {
+    indicators.push('🚀')
+  }
+
+  // Check if WIP (regardless of labels)
+  if (change.work_in_progress) {
+    indicators.push('🚧')
+  }
+
+  return indicators.length > 0 ? indicators.join('  ') : '' // Double space for proper alignment
+}
+
+export const colors = {
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  red: '\x1b[31m',
+  blue: '\x1b[34m',
+  cyan: '\x1b[36m',
+  gray: '\x1b[90m',
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+}

package/src/utils/message-filters.ts

@@ -0,0 +1,26 @@
+import type { MessageInfo } from '@/schemas/gerrit'
+
+/**
+ * Filters out automated messages and empty messages, keeping meaningful review activity
+ */
+export const filterMeaningfulMessages = (messages: readonly MessageInfo[]): MessageInfo[] => {
+  return messages.filter((msg) => {
+    // Keep messages that have content beyond automated tags
+    if (!msg.message || msg.message.trim().length === 0) return false
+
+    // Skip some automated messages but keep build/review status messages
+    if (msg.tag === 'autogenerated:gerrit:newPatchSet') return false
+    if (msg.tag === 'autogenerated:gerrit:merged') return false
+
+    return true
+  })
+}
+
+/**
+ * Sorts messages by date with newest first
+ */
+export const sortMessagesByDate = (messages: readonly MessageInfo[]): MessageInfo[] => {
+  return [...messages].sort((a, b) => {
+    return new Date(b.date).getTime() - new Date(a.date).getTime()
+  })
+}

package/src/utils/shell-safety.ts

@@ -0,0 +1,117 @@
+import { Effect } from 'effect'
+
+/**
+ * Safely sanitizes URLs to prevent shell injection attacks
+ * Only allows HTTPS URLs with valid characters
+ */
+export const sanitizeUrl = (url: string): Effect.Effect<string, Error> =>
+  Effect.try({
+    try: () => {
+      const parsed = new URL(url)
+
+      // Only allow https protocol
+      if (parsed.protocol !== 'https:') {
+        throw new Error(`Invalid protocol: ${parsed.protocol}. Only HTTPS is allowed.`)
+      }
+
+      // Check for suspicious characters that could be shell injection
+      const dangerousChars = /[;&|`$(){}[\]\\'"<>]/
+      if (dangerousChars.test(url)) {
+        throw new Error('URL contains potentially dangerous characters')
+      }
+
+      // Validate hostname format
+      if (!parsed.hostname || parsed.hostname.length === 0) {
+        throw new Error('Invalid hostname')
+      }
+
+      // Return the sanitized URL
+      return parsed.toString()
+    },
+    catch: (error) =>
+      new Error(`Invalid URL format: ${error instanceof Error ? error.message : 'Unknown error'}`),
+  })
+
+/**
+ * Synchronous URL sanitization for non-Effect contexts
+ * Throws error if URL is invalid or unsafe
+ */
+export const sanitizeUrlSync = (url: string): string => {
+  try {
+    const parsed = new URL(url)
+
+    // Only allow https protocol
+    if (parsed.protocol !== 'https:') {
+      throw new Error(`Invalid protocol: ${parsed.protocol}. Only HTTPS is allowed.`)
+    }
+
+    // Check for suspicious characters that could be shell injection
+    const dangerousChars = /[;&|`$(){}[\]\\'"<>]/
+    if (dangerousChars.test(url)) {
+      throw new Error('URL contains potentially dangerous characters')
+    }
+
+    // Validate hostname format
+    if (!parsed.hostname || parsed.hostname.length === 0) {
+      throw new Error('Invalid hostname')
+    }
+
+    return parsed.toString()
+  } catch (error) {
+    throw new Error(
+      `Invalid URL format: ${error instanceof Error ? error.message : 'Unknown error'}`,
+    )
+  }
+}
+
+/**
+ * Gets the appropriate command to open URLs based on platform
+ */
+export const getOpenCommand = (): string => {
+  switch (process.platform) {
+    case 'darwin':
+      return 'open'
+    case 'win32':
+      return 'start'
+    default:
+      return 'xdg-open'
+  }
+}
+
+/**
+ * Safely sanitizes content for inclusion in XML CDATA sections
+ * Prevents XXE attacks and CDATA injection
+ */
+export const sanitizeCDATA = (content: string): string => {
+  if (typeof content !== 'string') {
+    throw new Error('Content must be a string')
+  }
+
+  // Replace CDATA end sequences to prevent CDATA injection
+  let sanitized = content.replace(/]]>/g, ']]&gt;')
+
+  // Replace null bytes which can cause issues in XML processing
+  sanitized = sanitized.replace(/\0/g, '')
+
+  // Replace control characters except for allowed ones (tab \x09, newline \x0A, carriage return \x0D)
+  sanitized = sanitized.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '')
+
+  return sanitized
+}
+
+/**
+ * Safely escapes content for XML element values
+ * Escapes XML special characters
+ */
+export const escapeXML = (content: string): string => {
+  if (typeof content !== 'string') {
+    throw new Error('Content must be a string')
+  }
+
+  return content
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&apos;')
+}

package/src/utils/status-indicators.ts

@@ -0,0 +1,100 @@
+import type { ChangeInfo } from '@/schemas/gerrit'
+
+/**
+ * Status indicator configuration
+ */
+export interface StatusIndicatorConfig {
+  approved: string
+  rejected: string
+  recommended: string
+  disliked: string
+  verified: string
+  failed: string
+  empty: string
+}
+
+/**
+ * Default status indicators using emoji
+ */
+export const DEFAULT_STATUS_INDICATORS: StatusIndicatorConfig = {
+  approved: '✓',
+  rejected: '✗',
+  recommended: '↑',
+  disliked: '↓',
+  verified: '✓',
+  failed: '✗',
+  empty: '  ',
+}
+
+/**
+ * Gets status indicators for a change based on its labels
+ */
+export const getStatusIndicators = (
+  change: ChangeInfo,
+  config: StatusIndicatorConfig = DEFAULT_STATUS_INDICATORS,
+): string[] => {
+  const indicators: string[] = []
+
+  // Check Code-Review label
+  if (change.labels?.['Code-Review']) {
+    const cr = change.labels['Code-Review']
+    if (cr.approved || cr.value === 2) {
+      indicators.push(config.approved)
+    } else if (cr.rejected || cr.value === -2) {
+      indicators.push(config.rejected)
+    } else if (cr.recommended || cr.value === 1) {
+      indicators.push(config.recommended)
+    } else if (cr.disliked || cr.value === -1) {
+      indicators.push(config.disliked)
+    }
+  }
+
+  // Check Verified label
+  if (change.labels?.['Verified']) {
+    const v = change.labels.Verified
+    if (v.approved || v.value === 1) {
+      // Only add verified indicator if not already approved
+      if (!indicators.includes(config.approved)) {
+        indicators.push(config.verified)
+      }
+    } else if (v.rejected || v.value === -1) {
+      indicators.push(config.failed)
+    }
+  }
+
+  return indicators
+}
+
+/**
+ * Gets a formatted status string with consistent padding
+ */
+export const getStatusString = (
+  change: ChangeInfo,
+  config: StatusIndicatorConfig = DEFAULT_STATUS_INDICATORS,
+  padding = 8,
+): string => {
+  const indicators = getStatusIndicators(change, config)
+  const statusStr = indicators.length > 0 ? indicators.join(' ') : config.empty
+  return statusStr.padEnd(padding, ' ')
+}
+
+/**
+ * Gets label value with proper type safety
+ */
+export const getLabelValue = (labelInfo: unknown): number => {
+  return typeof labelInfo === 'object' &&
+    labelInfo !== null &&
+    'value' in labelInfo &&
+    typeof labelInfo.value === 'number'
+    ? labelInfo.value
+    : 0
+}
+
+/**
+ * Gets label color based on value
+ */
+export const getLabelColor = (value: number): 'green' | 'red' | 'yellow' => {
+  if (value > 0) return 'green'
+  if (value < 0) return 'red'
+  return 'yellow'
+}

package/src/utils/url-parser.test.ts

@@ -0,0 +1,123 @@
+import { describe, expect, test } from 'bun:test'
+import { extractChangeNumber, isValidChangeId } from './url-parser'
+
+describe('extractChangeNumber', () => {
+  test('extracts change number from standard Gerrit URL', () => {
+    const url = 'https://gerrit.example.com/c/my-project/+/384571'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('extracts change number from URL with trailing slash', () => {
+    const url = 'https://gerrit.example.com/c/my-project/+/384571/'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('extracts change number from URL with patchset', () => {
+    const url = 'https://gerrit.example.com/c/my-project/+/384571/2'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('extracts change number from hash-based URL', () => {
+    const url = 'https://gerrit.example.com/#/c/my-project/+/384571/'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('extracts change number from simplified URL format', () => {
+    const url = 'https://gerrit.example.com/c/+/384571'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('extracts change number from hash-based simplified URL', () => {
+    const url = 'https://gerrit.example.com/#/c/+/384571'
+    expect(extractChangeNumber(url)).toBe('384571')
+  })
+
+  test('returns plain change number as-is', () => {
+    expect(extractChangeNumber('384571')).toBe('384571')
+  })
+
+  test('returns Change-Id format as-is', () => {
+    const changeId = 'Iabcdef1234567890abcdef1234567890abcdef12'
+    expect(extractChangeNumber(changeId)).toBe(changeId)
+  })
+
+  test('returns original input for invalid URLs', () => {
+    const invalidUrl = 'https://gerrit.example.com/invalid/path'
+    expect(extractChangeNumber(invalidUrl)).toBe(invalidUrl)
+  })
+
+  test('handles malformed URLs gracefully', () => {
+    const malformed = 'not-a-url-at-all'
+    expect(extractChangeNumber(malformed)).toBe(malformed)
+  })
+
+  test('handles http:// URLs', () => {
+    const httpUrl = 'http://gerrit.example.com/c/project/+/123456'
+    expect(extractChangeNumber(httpUrl)).toBe('123456')
+  })
+
+  test('handles malformed https URLs that throw in URL constructor', () => {
+    const malformed = 'https://[invalid-url'
+    expect(extractChangeNumber(malformed)).toBe(malformed)
+  })
+
+  test('handles empty string', () => {
+    expect(extractChangeNumber('')).toBe('')
+  })
+
+  test('handles whitespace', () => {
+    expect(extractChangeNumber('  384571  ')).toBe('384571')
+  })
+})
+
+describe('isValidChangeId', () => {
+  test('validates numeric change IDs', () => {
+    expect(isValidChangeId('384571')).toBe(true)
+    expect(isValidChangeId('1')).toBe(true)
+    expect(isValidChangeId('999999')).toBe(true)
+  })
+
+  test('rejects zero and negative numbers', () => {
+    expect(isValidChangeId('0')).toBe(false)
+    expect(isValidChangeId('-1')).toBe(false)
+  })
+
+  test('validates Change-Id format', () => {
+    const validChangeId = 'Iabcdef1234567890abcdef1234567890abcdef12'
+    expect(isValidChangeId(validChangeId)).toBe(true)
+  })
+
+  test('rejects invalid Change-Id format', () => {
+    // Only reject if it doesn't follow the strict Change-Id format when it starts with 'I' and is long
+    expect(isValidChangeId('abcdef1234567890abcdef1234567890abcdef12')).toBe(true) // valid topic name
+    expect(isValidChangeId('Iabc')).toBe(true) // could be a valid topic or branch name
+  })
+
+  test('validates other identifier formats', () => {
+    expect(isValidChangeId('topic-branch')).toBe(true)
+    expect(isValidChangeId('feature/new-thing')).toBe(true)
+  })
+
+  test('rejects empty and whitespace-only strings', () => {
+    expect(isValidChangeId('')).toBe(false)
+    expect(isValidChangeId('   ')).toBe(false)
+    expect(isValidChangeId('has spaces')).toBe(false)
+  })
+
+  test('handles exact Change-Id format validation', () => {
+    // Valid Change-Id: starts with 'I' and exactly 40 hex chars
+    expect(isValidChangeId('I1234567890abcdef1234567890abcdef12345678')).toBe(true)
+
+    // Invalid: wrong length
+    expect(isValidChangeId('I123')).toBe(true) // this is treated as a valid topic name
+    expect(isValidChangeId('I1234567890abcdef1234567890abcdef123456789')).toBe(true) // too long, treated as topic
+
+    // Invalid: non-hex characters
+    expect(isValidChangeId('I1234567890abcdef1234567890abcdef1234567g')).toBe(true) // treated as topic name
+  })
+
+  test('rejects strings starting with dash', () => {
+    expect(isValidChangeId('-123')).toBe(false)
+    expect(isValidChangeId('-abc')).toBe(false)
+  })
+})

package/src/utils/url-parser.ts

@@ -0,0 +1,91 @@
+/**
+ * Utility functions for parsing Gerrit URLs and extracting change numbers
+ */
+
+/**
+ * Extracts a change number from various Gerrit URL formats
+ *
+ * Supported formats:
+ * - https://gerrit.example.com/c/project-name/+/123456
+ * - https://gerrit.example.com/c/project-name/+/123456/
+ * - https://gerrit.example.com/c/project-name/+/123456/1
+ * - https://gerrit.example.com/#/c/project-name/+/123456/
+ * - 123456 (plain change number - returned as-is)
+ *
+ * @param input - The input string (URL or change number)
+ * @returns The extracted change number as a string, or the original input if not a URL
+ */
+export const extractChangeNumber = (input: string): string => {
+  const trimmed = input.trim()
+
+  // If it's already just a number or change ID (like "123456" or "Iabcd1234..."), return as-is
+  if (!trimmed.startsWith('http://') && !trimmed.startsWith('https://')) {
+    return trimmed
+  }
+
+  // Parse URL and extract change number
+  try {
+    const url = new URL(trimmed)
+
+    // Match different Gerrit URL patterns
+    // Pattern: /c/project-name/+/123456 or /#/c/project-name/+/123456
+    const patterns = [
+      /\/c\/[^/]+\/\+\/(\d+)/, // /c/project/+/123456
+      /#\/c\/[^/]+\/\+\/(\d+)/, // /#/c/project/+/123456
+      /\/c\/\+\/(\d+)/, // /c/+/123456 (simplified format)
+      /#\/c\/\+\/(\d+)/, // /#/c/+/123456 (simplified format)
+    ]
+
+    const fullPath = url.pathname + url.hash
+
+    for (const pattern of patterns) {
+      const match = fullPath.match(pattern)
+      if (match?.[1]) {
+        return match[1]
+      }
+    }
+
+    // If no pattern matches, return the original input
+    return trimmed
+  } catch {
+    // If URL parsing fails, return the original input
+    return trimmed
+  }
+}
+
+/**
+ * Validates if a string is a valid Gerrit change identifier
+ *
+ * @param changeId - The change ID to validate
+ * @returns true if it looks like a valid change ID
+ */
+export const isValidChangeId = (changeId: string): boolean => {
+  const trimmed = changeId.trim()
+
+  if (trimmed.length === 0) {
+    return false
+  }
+
+  // Numeric change IDs (most common)
+  if (/^\d+$/.test(trimmed)) {
+    return parseInt(trimmed, 10) > 0
+  }
+
+  // Change-Id format (starts with 'I' followed by exactly 40 hex characters)
+  if (/^I[a-f0-9]{40}$/.test(trimmed)) {
+    return true
+  }
+
+  // Reject strings with whitespace
+  if (/\s/.test(trimmed)) {
+    return false
+  }
+
+  // Reject negative numbers or other invalid formats
+  if (trimmed.startsWith('-')) {
+    return false
+  }
+
+  // Topic branches or other identifiers (at least 1 character, no whitespace)
+  return trimmed.length > 0
+}