@logickernel/agileflow 0.14.0 → 0.15.0

package/README.md

@@ -165,12 +165,13 @@ After 1.0.0, AgileFlow continues automatic versioning with standard semantic ver
 
 AgileFlow analyzes commits since the last version tag to determine the appropriate version bump:
 
-| Commit Type | Example | 0.x.x | 1.0.0+ |
-|-------------|---------|-------|--------|
-| Breaking change | `feat!: redesign API` | **Minor** (0.1.0 → 0.2.0) | **Major** (1.0.0 → 2.0.0) |
-| Feature | `feat: add login` | **Minor** | **Minor** |
-| Fix | `fix: resolve crash` | **Patch** | **Patch** |
-| Everything else | `docs: update README` | No bump | No bump |
+| Commit Type | Example | Changelog | 0.x.x | 1.0.0+ |
+|-------------|---------|-----------|-------|--------|
+| Breaking change | `feat!: redesign API` | Add entry | **Minor** (0.1.0 → 0.2.0) | **Major** (1.0.0 → 2.0.0) |
+| Feature | `feat: add login` | Add entry | **Minor** | **Minor** |
+| Fix | `fix: resolve crash` | Add entry | **Patch** | **Patch** |
+| Chore | `chore: update dependencies` | **No** entry | No bump | No bump |
+| Everything else | `docs: update README` | Add entry | No bump | No bump |
 
 ---
 

package/docs/configuration.md

@@ -74,23 +74,21 @@ jobs:
       - name: Create version tag
         env:
           AGILEFLOW_TOKEN: ${{ secrets.AGILEFLOW_TOKEN }}
-        run: npx @logickernel/agileflow github
+        run: agileflow github
 ```
 
 ### GitLab CI
 
 ```yaml
 agileflow:
-  stage: version
-  image: node:20-alpine
+  image: node:20
   script:
-    - VERSION=$(npx @logickernel/agileflow gitlab --quiet)
-    - echo "VERSION=$VERSION" >> version.env
-  artifacts:
-    reports:
-      dotenv: version.env
-  only:
-    - main
+    - npm install -g @logickernel/agileflow
+    - agileflow gitlab
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+  tags:
+    - agileflow
 ```
 
 ---

package/docs/conventional-commits.md

@@ -39,10 +39,10 @@ flowchart TD
   A -- "no" --> B{Does it fix functionality?}
 
   B -- "yes" --> X[fix:]
-  B -- "no" --> C{Is it work in progress?}
+  B -- "no" --> C{Is it worth an entry in the changelog?}
 
-  C -- "yes" --> W[wip:]
-  C -- "no" --> D[Choose best: docs, ci, style, chore, etc.]
+  C -- "yes" --> W[Choose best: docs, ci, style, etc.]
+  C -- "no" --> D[chore:]
 
   W --> E{Is it a breaking change?}
   F --> E
@@ -221,7 +221,17 @@ feat: add user authentication
 feat: added user authentication
 ```
 
-5. Add Meaningful Scopes when applicable
+5. Use Chore for *work in progress*
+
+```bash
+# ✅ Use chore so an entry is not added to the changelog
+chore: add framework for form validation
+
+# ❌ Used something else that will add a meaningless entry to the changelog
+refactor: add framework for form validation
+```
+
+6. Add Meaningful Scopes when applicable
 
 ```bash
 # ✅ Helpful scope

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logickernel/agileflow",
-  "version": "0.14.0",
+  "version": "0.15.0",
   "description": "Automatic semantic versioning and changelog generation based on conventional commits",
   "main": "src/index.js",
   "bin": {
@@ -14,9 +14,12 @@
     "README.md"
   ],
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
+    "test": "jest",
     "prepack": "chmod +x bin/agileflow"
   },
+  "jest": {
+    "testEnvironment": "node"
+  },
   "keywords": [
     "semantic-versioning",
     "conventional-commits",
@@ -24,6 +27,7 @@
     "versioning",
     "git",
     "ci-cd",
+    "github",
     "gitlab",
     "automation",
     "release-management"
@@ -36,5 +40,8 @@
     "url": "git@code.logickernel.com:kernel/agileflow.git"
   },
   "author": "Víctor Valle <victor.valle@logickernel.com>",
-  "license": "ISC"
+  "license": "ISC",
+  "devDependencies": {
+    "jest": "^30.2.0"
+  }
 }

package/src/git-push.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const { execSync } = require('child_process');
+const crypto = require('crypto');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
@@ -10,13 +11,14 @@ const os = require('os');
  * Uses native git commands - requires git credentials to be configured.
  * @param {string} tagName - The tag name (e.g., "v1.2.3")
  * @param {string} message - The tag message (changelog)
+ * @param {boolean} quiet - If true, suppress success message
  * @returns {Promise<void>}
  */
-async function pushTag(tagName, message) {
+async function pushTag(tagName, message, quiet = false) {
   const safeTag = String(tagName).replace(/"/g, '\\"');
   
   // Write message to a temp file to avoid shell escaping issues with special characters
-  const tempFile = path.join(os.tmpdir(), `agileflow-tag-${Date.now()}.txt`);
+  const tempFile = path.join(os.tmpdir(), `agileflow-tag-${crypto.randomBytes(8).toString('hex')}.txt`);
   try {
     fs.writeFileSync(tempFile, message, 'utf8');
     
@@ -25,6 +27,10 @@ async function pushTag(tagName, message) {
     
     // Push to origin
     execSync(`git push origin "${safeTag}"`, { stdio: 'pipe' });
+    
+    if (!quiet) {
+      console.log(`Tag ${tagName} created and pushed successfully.`);
+    }
   } finally {
     // Clean up temp file
     try {

package/src/github-push.js

@@ -64,10 +64,15 @@ function makeRequest({ method, path, accessToken, body }) {
       },
     };
     
+    const MAX_RESPONSE_BYTES = 1024 * 1024; // 1 MB
     const req = https.request(options, (res) => {
       let data = '';
-      
+
       res.on('data', (chunk) => {
+        if (data.length + chunk.length > MAX_RESPONSE_BYTES) {
+          req.destroy(new Error('GitHub API response exceeded size limit'));
+          return;
+        }
         data += chunk;
       });
       
@@ -122,9 +127,10 @@ function makeRequest({ method, path, accessToken, body }) {
  * Uses GITHUB_REPOSITORY and GITHUB_SHA from GitHub Actions environment.
  * @param {string} tagName - The tag name
  * @param {string} message - The tag message
+ * @param {boolean} quiet - If true, suppress success message
  * @returns {Promise<void>}
  */
-async function pushTag(tagName, message) {
+async function pushTag(tagName, message, quiet = false) {
   const accessToken = process.env.AGILEFLOW_TOKEN;
   const repository = process.env.GITHUB_REPOSITORY;
   const commitSha = process.env.GITHUB_SHA;
@@ -148,6 +154,10 @@ async function pushTag(tagName, message) {
   }
   
   await createTagViaAPI(tagName, message || tagName, repository, accessToken, commitSha);
+  
+  if (!quiet) {
+    console.log(`Tag ${tagName} created and pushed successfully.`);
+  }
 }
 
 module.exports = {

package/src/gitlab-push.js

@@ -34,10 +34,15 @@ function createTagViaAPI(tagName, message, projectPath, serverHost, accessToken,
       },
     };
     
+    const MAX_RESPONSE_BYTES = 1024 * 1024; // 1 MB
     const req = https.request(options, (res) => {
       let data = '';
-      
+
       res.on('data', (chunk) => {
+        if (data.length + chunk.length > MAX_RESPONSE_BYTES) {
+          req.destroy(new Error('GitLab API response exceeded size limit'));
+          return;
+        }
         data += chunk;
       });
       

package/src/index.js

@@ -125,11 +125,7 @@ async function handlePushCommand(pushType, options) {
     console.log(`\nCreating tag ${info.newVersion}...`);
   }
   
-  await pushModule.pushTag(info.newVersion, tagMessage);
-  
-  if (!options.quiet) {
-    console.log(`Tag ${info.newVersion} created and pushed successfully.`);
-  }
+  await pushModule.pushTag(info.newVersion, tagMessage, options.quiet);
 }
 
 async function main() {

package/src/utils.js

@@ -1,7 +1,6 @@
 'use strict';
 
 const { execSync } = require('child_process');
-const fs = require('fs');
 
 /**
  * Executes a shell command and returns the output.
@@ -44,8 +43,10 @@ function run(command, options = {}) {
  * @throws {Error} If the current directory is not a git repository
  */
 function ensureGitRepo() {
-  if (!fs.existsSync('.git')) {
-    throw new Error('Current directory is not a git repository (missing .git directory).');
+  try {
+    runWithOutput('git rev-parse --is-inside-work-tree');
+  } catch {
+    throw new Error('Current directory is not a git repository.');
   }
 }
 
@@ -105,16 +106,28 @@ function fetchTags() {
 }
 
 /**
- * Gets all tags pointing to a specific commit.
- * @param {string} commitSha - The commit SHA to check for tags
- * @returns {Array<string>} Array of tag names, empty array if none
+ * Builds a map of commit SHA → tag names for all tags in the repository.
+ * Uses a single git call instead of one per commit.
+ * @returns {Map<string, string[]>}
  */
-function getTagsForCommit(commitSha) {
+function buildTagMap() {
   try {
-    const output = runWithOutput(`git tag --points-at ${commitSha}`).trim();
-    return output ? output.split('\n').map(t => t.trim()).filter(Boolean) : [];
+    const output = runWithOutput('git tag --format=%(refname:short)|%(*objectname)|%(objectname)').trim();
+    if (!output) return new Map();
+    const map = new Map();
+    for (const line of output.split('\n')) {
+      const [name, deref, obj] = line.split('|');
+      // Annotated tags dereference to the commit via %(*objectname);
+      // lightweight tags point directly via %(objectname).
+      const sha = (deref || obj || '').trim();
+      const tagName = (name || '').trim();
+      if (!sha || !tagName) continue;
+      if (!map.has(sha)) map.set(sha, []);
+      map.get(sha).push(tagName);
+    }
+    return map;
   } catch {
-    return [];
+    return new Map();
   }
 }
 
@@ -126,12 +139,12 @@ function getTagsForCommit(commitSha) {
 function parseConventionalCommit(message) {
   if (!message) return null;
   const subject = message.split('\n')[0].trim();
-  const match = subject.match(/^(\w+)(!)?(?:\(([^)]+)\))?:\s+(.+)$/);
+  const match = subject.match(/^(\w+)(?:\(([^)]+)\))?(!)?:\s+(.+)$/);
   if (!match) return null;
   return {
     type: match[1].toLowerCase(),
-    breaking: Boolean(match[2]),
-    scope: match[3] ? String(match[3]).trim() : '',
+    breaking: Boolean(match[3]),
+    scope: match[2] ? String(match[2]).trim() : '',
     description: String(match[4]).trim(),
   };
 }
@@ -154,7 +167,15 @@ function expandCommitInfo(commits) {
     return { latestVersion: null, commits };
   }
   
-  const latestVersion = commits[taggedIndex].tags.find(tag => SEMVER_PATTERN.test(tag));
+  const latestVersion = commits[taggedIndex].tags
+    .filter(tag => SEMVER_PATTERN.test(tag))
+    .sort((a, b) => {
+      const pa = parseVersion(a);
+      const pb = parseVersion(b);
+      if (pb.major !== pa.major) return pb.major - pa.major;
+      if (pb.minor !== pa.minor) return pb.minor - pa.minor;
+      return pb.patch - pa.patch;
+    })[0];
   // Exclude the tagged commit itself - only return commits since the tag
   return {
     latestVersion,
@@ -382,28 +403,29 @@ function calculateNextVersionAndChangelog(expandedInfo) {
  * @returns {Array<{hash: string, datetime: string, author: string, message: string, tags: Array<string>}>}
  */
 function getAllBranchCommits(branch) {
-  // Try to resolve the branch (may be a local branch or remote branch like origin/main)
-  let branchRef = branch;
+  // Resolve the branch to a SHA to avoid shell injection when the branch
+  // name originates from a CI environment variable.
+  let resolvedSha;
   try {
-    runWithOutput(`git rev-parse --verify ${branch}`);
+    resolvedSha = runWithOutput(`git rev-parse --verify -- ${branch}`).trim();
   } catch {
     // Try with origin/ prefix (common in CI environments where local branch doesn't exist)
     try {
-      runWithOutput(`git rev-parse --verify origin/${branch}`);
-      branchRef = `origin/${branch}`;
+      resolvedSha = runWithOutput(`git rev-parse --verify -- origin/${branch}`).trim();
     } catch {
       return [];
     }
   }
-  
+
+  const tagMap = buildTagMap();
   const RS = '\x1E';
   const COMMIT_SEP = `${RS}${RS}`;
-  
+
   try {
-    const logCmd = `git log --format=%H${RS}%ai${RS}%an${RS}%B${COMMIT_SEP} ${branchRef}`;
+    const logCmd = `git log --format=%H${RS}%ai${RS}%an${RS}%B${COMMIT_SEP} ${resolvedSha}`;
     const output = runWithOutput(logCmd).trim();
     if (!output) return [];
-    
+
     return output
       .split(COMMIT_SEP)
       .filter(block => block.trim())
@@ -416,7 +438,7 @@ function getAllBranchCommits(branch) {
           datetime: parts[1].trim(),
           author: parts[2].trim(),
           message: parts.slice(3).join(RS).trim(),
-          tags: getTagsForCommit(hash),
+          tags: tagMap.get(hash) || [],
         };
       })
       .filter(Boolean);