@assistkick/create 1.9.0 → 1.11.0

package/templates/assistkick-product-system/packages/shared/lib/git_workflow.ts

@@ -1,63 +1,82 @@
 /**
  * GitWorkflow — handles worktree creation/cleanup, rebase, merge, branch management.
+ * Project-aware: uses workspacesDir + projectId to find the correct git repo.
  */
 
 import { join } from 'node:path';
+import { existsSync, mkdirSync } from 'node:fs';
 
 export class GitWorkflow {
-  constructor({ claudeService, projectRoot, worktreesDir, log }) {
+  constructor({ claudeService, workspacesDir, log }) {
     this.claudeService = claudeService;
-    this.projectRoot = projectRoot;
-    this.worktreesDir = worktreesDir;
+    this.workspacesDir = workspacesDir;
     this.log = log;
   }
 
+  /** Resolve the git repo root for a given project. */
+  private getProjectRoot = (projectId: string): string => {
+    return join(this.workspacesDir, projectId);
+  };
+
+  /** Resolve the worktrees directory for a given project. */
+  private getWorktreesDir = (projectId: string): string => {
+    return join(this.workspacesDir, projectId, '.worktrees');
+  };
+
   /**
    * Returns list of uncommitted changed files in the main repo, or empty array if clean.
    */
-  getDirtyFiles = async () => {
-    const result = await this.claudeService.spawnCommand('git', ['status', '--porcelain'], this.projectRoot);
+  getDirtyFiles = async (projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
+    const result = await this.claudeService.spawnCommand('git', ['status', '--porcelain'], projectRoot);
     if (!result.trim()) return [];
     return result.trim().split('\n').map(line => line.trim());
   };
 
-  createWorktree = async (featureId) => {
-    const worktreePath = join(this.worktreesDir, featureId);
+  createWorktree = async (featureId: string, projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
+    const worktreesDir = this.getWorktreesDir(projectId);
+    if (!existsSync(worktreesDir)) {
+      mkdirSync(worktreesDir, { recursive: true });
+    }
+    const worktreePath = join(worktreesDir, featureId);
     this.log('DEVELOP', `Creating worktree at ${worktreePath} (branch: feature/${featureId})`);
-    this.log('DEVELOP', `PROJECT_ROOT=${this.projectRoot}`);
+    this.log('DEVELOP', `PROJECT_ROOT=${projectRoot}`);
 
     // Remove leftover worktree from a previous failed/aborted pipeline (only if it exists)
-    const worktreeList = await this.claudeService.spawnCommand('git', ['worktree', 'list', '--porcelain'], this.projectRoot);
+    const worktreeList = await this.claudeService.spawnCommand('git', ['worktree', 'list', '--porcelain'], projectRoot);
     if (worktreeList.includes(worktreePath)) {
       this.log('DEVELOP', `Removing leftover worktree at ${worktreePath}`);
-      await this.claudeService.spawnCommand('git', ['worktree', 'remove', '--force', worktreePath], this.projectRoot).catch(() => {});
+      await this.claudeService.spawnCommand('git', ['worktree', 'remove', '--force', worktreePath], projectRoot).catch((err: any) => { this.log('DEVELOP', 'cleanup failed (non-fatal):', err.message); });
     }
     // Delete leftover branch (only if it exists)
-    const branchList = await this.claudeService.spawnCommand('git', ['branch', '--list', `feature/${featureId}`], this.projectRoot);
+    const branchList = await this.claudeService.spawnCommand('git', ['branch', '--list', `feature/${featureId}`], projectRoot);
     if (branchList.trim()) {
       this.log('DEVELOP', `Deleting leftover branch feature/${featureId}`);
-      await this.claudeService.spawnCommand('git', ['branch', '-D', `feature/${featureId}`], this.projectRoot).catch(() => {});
+      await this.claudeService.spawnCommand('git', ['branch', '-D', `feature/${featureId}`], projectRoot).catch((err: any) => { this.log('DEVELOP', 'cleanup failed (non-fatal):', err.message); });
     }
 
-    await this.claudeService.spawnCommand('git', ['worktree', 'add', worktreePath, '-b', `feature/${featureId}`], this.projectRoot);
+    await this.claudeService.spawnCommand('git', ['worktree', 'add', worktreePath, '-b', `feature/${featureId}`], projectRoot);
     this.log('DEVELOP', `Worktree created successfully`);
     return worktreePath;
   };
 
-  removeWorktree = async (worktreePath) => {
-    await this.claudeService.spawnCommand('git', ['worktree', 'remove', '--force', worktreePath], this.projectRoot).catch(err => {
-      this.log('PIPELINE', `Worktree cleanup failed (non-fatal): ${err.message}`);
+  removeWorktree = async (worktreePath: string, projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
+    await this.claudeService.spawnCommand('git', ['worktree', 'remove', '--force', worktreePath], projectRoot).catch(err => {
+      this.log('PIPELINE', `Worktree cleanup failed (non-fatal):`, err.stack || err.message);
     });
   };
 
-  deleteBranch = async (featureId, force = false) => {
+  deleteBranch = async (featureId: string, projectId: string, force = false) => {
+    const projectRoot = this.getProjectRoot(projectId);
     const flag = force ? '-D' : '-d';
-    await this.claudeService.spawnCommand('git', ['branch', flag, `feature/${featureId}`], this.projectRoot).catch(err => {
-      this.log('PIPELINE', `Branch cleanup failed (non-fatal): ${err.message}`);
+    await this.claudeService.spawnCommand('git', ['branch', flag, `feature/${featureId}`], projectRoot).catch(err => {
+      this.log('PIPELINE', `Branch cleanup failed (non-fatal):`, err.stack || err.message);
     });
   };
 
-  commitChanges = async (featureId, worktreePath) => {
+  commitChanges = async (featureId: string, worktreePath: string) => {
     const statusResult = await this.claudeService.spawnCommand('git', ['status', '--porcelain'], worktreePath);
     if (statusResult.trim()) {
       this.log('PIPELINE', `Committing developer changes for ${featureId}...`);
@@ -69,41 +88,44 @@ export class GitWorkflow {
     }
   };
 
-  rebaseBranch = async (featureId, worktreePath) => {
+  rebaseBranch = async (featureId: string, worktreePath: string) => {
     this.log('PIPELINE', `Rebasing feature/${featureId} onto main...`);
     try {
       await this.claudeService.spawnCommand('git', ['rebase', 'main'], worktreePath);
       this.log('PIPELINE', `Rebase succeeded for ${featureId}`);
     } catch (rebaseErr) {
       this.log('PIPELINE', `Rebase conflict for ${featureId} — aborting and attempting merge instead`);
-      await this.claudeService.spawnCommand('git', ['rebase', '--abort'], worktreePath).catch(() => {});
+      await this.claudeService.spawnCommand('git', ['rebase', '--abort'], worktreePath).catch((err: any) => { this.log('PIPELINE', 'cleanup failed (non-fatal):', err.message); });
       try {
         await this.claudeService.spawnCommand('git', ['merge', 'main', '-m', `merge main into feature/${featureId}`], worktreePath);
         this.log('PIPELINE', `Merge main into feature/${featureId} succeeded`);
       } catch (mergeErr) {
-        this.log('PIPELINE', `WARN: Could not integrate main into ${featureId}: ${mergeErr.message}`);
+        this.log('PIPELINE', `WARN: Could not integrate main into ${featureId}:`, mergeErr.stack || mergeErr.message);
       }
     }
   };
 
-  mergeBranch = async (featureId) => {
+  mergeBranch = async (featureId: string, projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
     this.log('PIPELINE', `Merging feature/${featureId} into parent branch...`);
-    await this.claudeService.spawnCommand('git', ['merge', `feature/${featureId}`], this.projectRoot);
+    await this.claudeService.spawnCommand('git', ['merge', `feature/${featureId}`], projectRoot);
     this.log('PIPELINE', `Merge succeeded`);
   };
 
-  fixMergeConflicts = async (featureId) => {
+  fixMergeConflicts = async (featureId: string, projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
     await this.claudeService.spawnClaude(
       `There are merge conflicts after merging feature/${featureId}. Resolve all conflicts and commit.`,
-      this.projectRoot,
+      projectRoot,
       `merge-fix:${featureId}`,
     );
-    const mergedBranches = await this.claudeService.spawnCommand('git', ['branch', '--merged', 'HEAD', '--list', `feature/${featureId}`], this.projectRoot);
+    const mergedBranches = await this.claudeService.spawnCommand('git', ['branch', '--merged', 'HEAD', '--list', `feature/${featureId}`], projectRoot);
     return mergedBranches.trim().length > 0;
   };
 
-  stash = async () => {
-    const stashResult = await this.claudeService.spawnCommand('git', ['stash', '--include-untracked'], this.projectRoot);
+  stash = async (projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
+    const stashResult = await this.claudeService.spawnCommand('git', ['stash', '--include-untracked'], projectRoot);
     const stashed = !stashResult.includes('No local changes to save');
     if (stashed) {
       this.log('PIPELINE', `Stashed local changes before merge`);
@@ -111,33 +133,37 @@ export class GitWorkflow {
     return stashed;
   };
 
-  unstash = async () => {
-    await this.claudeService.spawnCommand('git', ['stash', 'pop'], this.projectRoot);
+  unstash = async (projectId: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
+    await this.claudeService.spawnCommand('git', ['stash', 'pop'], projectRoot);
     this.log('PIPELINE', `Restored stashed local changes`);
   };
 
   /** Pull the default branch before creating a worktree to ensure up-to-date base. */
-  pullDefaultBranch = async (branch?: string) => {
+  pullDefaultBranch = async (projectId: string, branch?: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
     const targetBranch = branch || 'main';
     this.log('PIPELINE', `Pulling ${targetBranch} to ensure up-to-date base...`);
     try {
-      await this.claudeService.spawnCommand('git', ['pull', 'origin', targetBranch], this.projectRoot);
+      await this.claudeService.spawnCommand('git', ['pull', 'origin', targetBranch], projectRoot);
       this.log('PIPELINE', `Pull succeeded for ${targetBranch}`);
     } catch (err: any) {
-      this.log('PIPELINE', `Pull failed (non-fatal): ${err.message}`);
+      this.log('PIPELINE', `Pull failed (non-fatal):`, err.stack || err.message);
     }
   };
 
   /** Push the current branch to the remote after a successful merge. */
-  pushToRemote = async (branch?: string) => {
+  pushToRemote = async (projectId: string, branch?: string) => {
+    const projectRoot = this.getProjectRoot(projectId);
     const targetBranch = branch || 'main';
     this.log('PIPELINE', `Pushing ${targetBranch} to remote...`);
-    await this.claudeService.spawnCommand('git', ['push', 'origin', targetBranch], this.projectRoot);
+    await this.claudeService.spawnCommand('git', ['push', 'origin', targetBranch], projectRoot);
     this.log('PIPELINE', `Push succeeded for ${targetBranch}`);
   };
 
   /** Set the remote URL (used for authenticated push/pull with tokens). */
-  setRemoteUrl = async (url: string, remote = 'origin') => {
-    await this.claudeService.spawnCommand('git', ['remote', 'set-url', remote, url], this.projectRoot);
+  setRemoteUrl = async (projectId: string, url: string, remote = 'origin') => {
+    const projectRoot = this.getProjectRoot(projectId);
+    await this.claudeService.spawnCommand('git', ['remote', 'set-url', remote, url], projectRoot);
   };
 }

package/templates/assistkick-product-system/packages/shared/lib/programmable_node_executor.test.ts

@@ -0,0 +1,173 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+import { ProgrammableNodeExecutor, DEFAULT_LIMITS } from './programmable_node_executor.js';
+
+const mockLog = (_tag: string, _msg: string) => {};
+
+describe('ProgrammableNodeExecutor', () => {
+  describe('execute', () => {
+    it('runs a simple synchronous return', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { return { greeting: "hello" }; }',
+        {},
+      );
+      assert.equal(result.success, true);
+      assert.deepEqual(result.result, { greeting: 'hello' });
+    });
+
+    it('passes context to the run function', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { return { id: context.featureId }; }',
+        { featureId: 'feat_123' },
+      );
+      assert.equal(result.success, true);
+      assert.deepEqual(result.result, { id: 'feat_123' });
+    });
+
+    it('provides access to nodeOutputs from previous nodes', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        `async function run(context) {
+          const prev = context.nodeOutputs["Validate Data"];
+          return { received: prev.status };
+        }`,
+        { nodeOutputs: { 'Validate Data': { status: 'ok' } } },
+      );
+      assert.equal(result.success, true);
+      assert.deepEqual(result.result, { received: 'ok' });
+    });
+
+    it('returns error result when run() throws', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { throw new Error("validation failed"); }',
+        {},
+      );
+      assert.equal(result.success, false);
+      assert.ok(result.error?.includes('validation failed'));
+    });
+
+    it('returns null for undefined return value', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { /* no return */ }',
+        {},
+      );
+      assert.equal(result.success, true);
+      assert.equal(result.result, null);
+    });
+
+    it('handles numeric return values', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { return 42; }',
+        {},
+      );
+      assert.equal(result.success, true);
+      assert.equal(result.result, 42);
+    });
+
+    it('handles string return values', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { return "done"; }',
+        {},
+      );
+      assert.equal(result.success, true);
+      assert.equal(result.result, 'done');
+    });
+
+    it('enforces timeout limit', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        'async function run(context) { while(true) {} }',
+        {},
+        { timeout: 100 },
+      );
+      assert.equal(result.success, false);
+      assert.ok(result.error);
+    });
+
+    it('prevents access to Node.js APIs', async () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      const result = await executor.execute(
+        `async function run(context) {
+          try { const fs = require('fs'); return { leaked: true }; }
+          catch (e) { return { blocked: true, error: e.message }; }
+        }`,
+        {},
+      );
+      assert.equal(result.success, true);
+      assert.equal((result.result as any).blocked, true);
+    });
+  });
+
+  describe('validateUrl', () => {
+    it('allows public URLs', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.doesNotThrow(() => executor.validateUrl('https://api.example.com/webhook'));
+      assert.doesNotThrow(() => executor.validateUrl('https://8.8.8.8/dns'));
+    });
+
+    it('blocks localhost', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://localhost:3000'), /SSRF/);
+      assert.throws(() => executor.validateUrl('http://LOCALHOST:8080'), /SSRF/);
+    });
+
+    it('blocks 127.0.0.0/8', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://127.0.0.1'), /SSRF/);
+      assert.throws(() => executor.validateUrl('http://127.0.0.2:9000'), /SSRF/);
+    });
+
+    it('blocks 10.0.0.0/8', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://10.0.0.1'), /SSRF/);
+      assert.throws(() => executor.validateUrl('http://10.255.255.255'), /SSRF/);
+    });
+
+    it('blocks 172.16.0.0/12', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://172.16.0.1'), /SSRF/);
+      assert.throws(() => executor.validateUrl('http://172.31.255.255'), /SSRF/);
+    });
+
+    it('blocks 192.168.0.0/16', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://192.168.1.1'), /SSRF/);
+      assert.throws(() => executor.validateUrl('http://192.168.0.100:8080'), /SSRF/);
+    });
+
+    it('blocks 169.254.0.0/16 (link-local)', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://169.254.169.254/metadata'), /SSRF/);
+    });
+
+    it('blocks IPv6 loopback', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://[::1]:3000'), /SSRF/);
+    });
+
+    it('blocks fd00::/8 (IPv6 unique local)', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('http://[fd12::1]'), /SSRF/);
+    });
+
+    it('rejects invalid URLs', () => {
+      const executor = new ProgrammableNodeExecutor({ log: mockLog });
+      assert.throws(() => executor.validateUrl('not a url'), /Invalid URL/);
+    });
+  });
+
+  describe('DEFAULT_LIMITS', () => {
+    it('has correct system-wide defaults', () => {
+      assert.equal(DEFAULT_LIMITS.timeout, 30_000);
+      assert.equal(DEFAULT_LIMITS.memory, 128);
+      assert.equal(DEFAULT_LIMITS.maxRequests, 20);
+      assert.equal(DEFAULT_LIMITS.maxResponseSize, 5 * 1024 * 1024);
+    });
+  });
+});

package/templates/assistkick-product-system/packages/shared/lib/programmable_node_executor.ts

@@ -0,0 +1,213 @@
+/**
+ * ProgrammableNodeExecutor — executes user-written JavaScript code inside
+ * a secure isolated-vm V8 isolate with a host-bridged fetch API.
+ *
+ * Responsibilities:
+ * 1. Create an isolated V8 context with configurable memory/CPU limits
+ * 2. Inject execution context (including nodeOutputs) as read-only data
+ * 3. Bridge a standard fetch() API from the host with SSRF protection
+ * 4. Execute user's async run(context) function and return the result
+ * 5. Enforce execution limits: timeout, memory, max HTTP requests, max response size
+ */
+
+import ivm from 'isolated-vm';
+
+// ── Types ──────────────────────────────────────────────────────────────
+
+export interface ExecutionLimits {
+  /** CPU timeout in milliseconds (default: 30000) */
+  timeout: number;
+  /** V8 isolate memory limit in MB (default: 128) */
+  memory: number;
+  /** Maximum number of HTTP requests allowed per execution (default: 20) */
+  maxRequests: number;
+  /** Maximum HTTP response body size in bytes (default: 5MB) */
+  maxResponseSize: number;
+}
+
+export interface ExecutionResult {
+  success: boolean;
+  result?: unknown;
+  error?: string;
+}
+
+interface ProgrammableNodeExecutorDeps {
+  log: (tag: string, message: string) => void;
+}
+
+// ── Constants ──────────────────────────────────────────────────────────
+
+export const DEFAULT_LIMITS: ExecutionLimits = {
+  timeout: 30_000,
+  memory: 128,
+  maxRequests: 20,
+  maxResponseSize: 5 * 1024 * 1024,
+};
+
+/**
+ * Regex patterns for blocked IP ranges (SSRF protection).
+ * Blocks: localhost, 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12,
+ * 192.168.0.0/16, 169.254.0.0/16, fd00::/8, link-local IPv6.
+ */
+const BLOCKED_HOSTNAME_PATTERNS: RegExp[] = [
+  /^localhost$/i,
+  /^127\./,
+  /^10\./,
+  /^172\.(1[6-9]|2\d|3[01])\./,
+  /^192\.168\./,
+  /^169\.254\./,
+  /^0\./,
+  /^::1$/,
+  /^fd[0-9a-f]{2}:/i,
+  /^fe80:/i,
+];
+
+// ── Executor ───────────────────────────────────────────────────────────
+
+export class ProgrammableNodeExecutor {
+  private log: ProgrammableNodeExecutorDeps['log'];
+
+  constructor({ log }: ProgrammableNodeExecutorDeps) {
+    this.log = log;
+  }
+
+  /**
+   * Execute user code inside an isolated V8 context.
+   *
+   * @param code - The user's code containing an `async function run(context) { ... }` definition.
+   * @param context - The execution context object passed to run(). Includes nodeOutputs.
+   * @param limits - Optional per-node execution limit overrides.
+   * @returns ExecutionResult with success/result or error message.
+   */
+  execute = async (
+    code: string,
+    context: Record<string, unknown>,
+    limits: Partial<ExecutionLimits> = {},
+  ): Promise<ExecutionResult> => {
+    const effectiveLimits: ExecutionLimits = { ...DEFAULT_LIMITS, ...limits };
+    const isolate = new ivm.Isolate({ memoryLimit: effectiveLimits.memory });
+
+    try {
+      const ivmContext = await isolate.createContext();
+      const jail = ivmContext.global;
+
+      // Make globalThis available inside the isolate
+      await jail.set('global', jail.derefInto());
+
+      // Inject the execution context as a deep copy
+      await jail.set(
+        '__context__',
+        new ivm.ExternalCopy(context).copyInto(),
+      );
+
+      // Set up the host-side fetch bridge
+      let requestCount = 0;
+      const fetchRef = new ivm.Reference(
+        async (url: string, optionsJson: string): Promise<ivm.Copy<unknown>> => {
+          requestCount++;
+          if (requestCount > effectiveLimits.maxRequests) {
+            throw new Error(
+              `Exceeded maximum HTTP requests (${effectiveLimits.maxRequests})`,
+            );
+          }
+
+          this.validateUrl(url);
+
+          const options = optionsJson ? JSON.parse(optionsJson) : {};
+          const response = await fetch(url, options);
+          const body = await response.text();
+
+          if (body.length > effectiveLimits.maxResponseSize) {
+            throw new Error(
+              `Response size (${body.length} bytes) exceeds limit (${effectiveLimits.maxResponseSize} bytes)`,
+            );
+          }
+
+          return new ivm.ExternalCopy({
+            ok: response.ok,
+            status: response.status,
+            statusText: response.statusText,
+            headers: Object.fromEntries(response.headers.entries()),
+            body,
+          }).copyInto();
+        },
+      );
+      await jail.set('__fetchBridge__', fetchRef);
+
+      // Install the fetch() wrapper inside the isolate.
+      // The wrapper serializes options to JSON for the host bridge,
+      // and returns a Response-like object with text() and json() methods.
+      await ivmContext.eval(`
+        globalThis.fetch = async (url, options) => {
+          const optionsJson = options ? JSON.stringify({
+            method: options.method,
+            headers: options.headers,
+            body: options.body,
+          }) : '';
+          const resp = await __fetchBridge__.apply(
+            undefined,
+            [String(url), optionsJson],
+            { result: { promise: true } }
+          );
+          return {
+            ok: resp.ok,
+            status: resp.status,
+            statusText: resp.statusText,
+            headers: resp.headers,
+            text: async () => resp.body,
+            json: async () => JSON.parse(resp.body),
+          };
+        };
+      `);
+
+      // Wrap the user code: define run(), invoke it, and serialize the result.
+      // The outer IIFE returns a JSON string because isolated-vm can only
+      // transfer primitives and ExternalCopy across the boundary.
+      const wrappedCode = `
+        (async () => {
+          ${code}
+          const __result__ = await run(__context__);
+          return JSON.stringify(__result__ === undefined ? null : __result__);
+        })()
+      `;
+
+      const module = await isolate.compileScript(wrappedCode);
+      const resultJson = await module.run(ivmContext, {
+        promise: true,
+        timeout: effectiveLimits.timeout,
+      });
+
+      const result = resultJson ? JSON.parse(resultJson as string) : null;
+      return { success: true, result };
+    } catch (err: unknown) {
+      const message = err instanceof Error ? err.message : String(err);
+      this.log('PROGRAMMABLE', `Execution error: ${message}`);
+      return { success: false, error: message };
+    } finally {
+      isolate.dispose();
+    }
+  };
+
+  /**
+   * Validate that a URL does not target a private/internal IP range.
+   * Throws if the hostname matches any blocked pattern.
+   */
+  validateUrl = (url: string): void => {
+    let parsed: URL;
+    try {
+      parsed = new URL(url);
+    } catch {
+      throw new Error(`Invalid URL: ${url}`);
+    }
+
+    // Strip brackets from IPv6 hostnames (Node.js URL parser keeps them)
+    const hostname = parsed.hostname.replace(/^\[|\]$/g, '');
+    for (const pattern of BLOCKED_HOSTNAME_PATTERNS) {
+      if (pattern.test(hostname)) {
+        throw new Error(
+          `SSRF protection: requests to ${hostname} are blocked`,
+        );
+      }
+    }
+  };
+}

package/templates/assistkick-product-system/packages/shared/lib/validator.test.ts

@@ -0,0 +1,70 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+
+/**
+ * Re-implement the assertNotDone guard logic from validator.ts for testing.
+ * This mirrors the same decision: given a kanban row result, throw if
+ * the column is 'done', pass through otherwise.
+ */
+const checkNotDone = (
+  nodeId: string,
+  kanbanRow: { columnName: string } | null,
+): void => {
+  if (kanbanRow && kanbanRow.columnName === 'done') {
+    throw new Error(
+      `Forbidden: ${nodeId} is in the Done column. Create a new feature instead of modifying completed work.`
+    );
+  }
+};
+
+describe('assertNotDone guard logic', () => {
+  it('throws when node is in the done column', () => {
+    assert.throws(
+      () => checkNotDone('feat_001', { columnName: 'done' }),
+      {
+        message: 'Forbidden: feat_001 is in the Done column. Create a new feature instead of modifying completed work.',
+      },
+    );
+  });
+
+  it('does not throw when node is in todo column', () => {
+    assert.doesNotThrow(() => checkNotDone('feat_002', { columnName: 'todo' }));
+  });
+
+  it('does not throw when node is in in_progress column', () => {
+    assert.doesNotThrow(() => checkNotDone('feat_003', { columnName: 'in_progress' }));
+  });
+
+  it('does not throw when node is in qa column', () => {
+    assert.doesNotThrow(() => checkNotDone('feat_004', { columnName: 'qa' }));
+  });
+
+  it('does not throw when node is in backlog column', () => {
+    assert.doesNotThrow(() => checkNotDone('feat_005', { columnName: 'backlog' }));
+  });
+
+  it('does not throw when node has no kanban entry (null)', () => {
+    assert.doesNotThrow(() => checkNotDone('dec_001', null));
+  });
+
+  it('includes the node ID in the error message', () => {
+    assert.throws(
+      () => checkNotDone('epic_abc123', { columnName: 'done' }),
+      {
+        message: /epic_abc123/,
+      },
+    );
+  });
+
+  it('error message matches the exact required format', () => {
+    try {
+      checkNotDone('feat_xyz', { columnName: 'done' });
+      assert.fail('Expected an error to be thrown');
+    } catch (err) {
+      assert.equal(
+        err.message,
+        'Forbidden: feat_xyz is in the Done column. Create a new feature instead of modifying completed work.',
+      );
+    }
+  });
+});