@logickernel/agileflow 0.14.1 → 0.15.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logickernel/agileflow",
-  "version": "0.14.1",
+  "version": "0.15.0",
   "description": "Automatic semantic versioning and changelog generation based on conventional commits",
   "main": "src/index.js",
   "bin": {
@@ -14,9 +14,12 @@
     "README.md"
   ],
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
+    "test": "jest",
     "prepack": "chmod +x bin/agileflow"
   },
+  "jest": {
+    "testEnvironment": "node"
+  },
   "keywords": [
     "semantic-versioning",
     "conventional-commits",
@@ -37,5 +40,8 @@
     "url": "git@code.logickernel.com:kernel/agileflow.git"
   },
   "author": "Víctor Valle <victor.valle@logickernel.com>",
-  "license": "ISC"
+  "license": "ISC",
+  "devDependencies": {
+    "jest": "^30.2.0"
+  }
 }

package/src/git-push.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const { execSync } = require('child_process');
+const crypto = require('crypto');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
@@ -17,7 +18,7 @@ async function pushTag(tagName, message, quiet = false) {
   const safeTag = String(tagName).replace(/"/g, '\\"');
   
   // Write message to a temp file to avoid shell escaping issues with special characters
-  const tempFile = path.join(os.tmpdir(), `agileflow-tag-${Date.now()}.txt`);
+  const tempFile = path.join(os.tmpdir(), `agileflow-tag-${crypto.randomBytes(8).toString('hex')}.txt`);
   try {
     fs.writeFileSync(tempFile, message, 'utf8');
     

package/src/github-push.js

@@ -64,10 +64,15 @@ function makeRequest({ method, path, accessToken, body }) {
       },
     };
     
+    const MAX_RESPONSE_BYTES = 1024 * 1024; // 1 MB
     const req = https.request(options, (res) => {
       let data = '';
-      
+
       res.on('data', (chunk) => {
+        if (data.length + chunk.length > MAX_RESPONSE_BYTES) {
+          req.destroy(new Error('GitHub API response exceeded size limit'));
+          return;
+        }
         data += chunk;
       });
       

package/src/gitlab-push.js

@@ -34,10 +34,15 @@ function createTagViaAPI(tagName, message, projectPath, serverHost, accessToken,
       },
     };
     
+    const MAX_RESPONSE_BYTES = 1024 * 1024; // 1 MB
     const req = https.request(options, (res) => {
       let data = '';
-      
+
       res.on('data', (chunk) => {
+        if (data.length + chunk.length > MAX_RESPONSE_BYTES) {
+          req.destroy(new Error('GitLab API response exceeded size limit'));
+          return;
+        }
         data += chunk;
       });
       

package/src/utils.js

@@ -1,7 +1,6 @@
 'use strict';
 
 const { execSync } = require('child_process');
-const fs = require('fs');
 
 /**
  * Executes a shell command and returns the output.
@@ -44,8 +43,10 @@ function run(command, options = {}) {
  * @throws {Error} If the current directory is not a git repository
  */
 function ensureGitRepo() {
-  if (!fs.existsSync('.git')) {
-    throw new Error('Current directory is not a git repository (missing .git directory).');
+  try {
+    runWithOutput('git rev-parse --is-inside-work-tree');
+  } catch {
+    throw new Error('Current directory is not a git repository.');
   }
 }
 
@@ -105,16 +106,28 @@ function fetchTags() {
 }
 
 /**
- * Gets all tags pointing to a specific commit.
- * @param {string} commitSha - The commit SHA to check for tags
- * @returns {Array<string>} Array of tag names, empty array if none
+ * Builds a map of commit SHA → tag names for all tags in the repository.
+ * Uses a single git call instead of one per commit.
+ * @returns {Map<string, string[]>}
  */
-function getTagsForCommit(commitSha) {
+function buildTagMap() {
   try {
-    const output = runWithOutput(`git tag --points-at ${commitSha}`).trim();
-    return output ? output.split('\n').map(t => t.trim()).filter(Boolean) : [];
+    const output = runWithOutput('git tag --format=%(refname:short)|%(*objectname)|%(objectname)').trim();
+    if (!output) return new Map();
+    const map = new Map();
+    for (const line of output.split('\n')) {
+      const [name, deref, obj] = line.split('|');
+      // Annotated tags dereference to the commit via %(*objectname);
+      // lightweight tags point directly via %(objectname).
+      const sha = (deref || obj || '').trim();
+      const tagName = (name || '').trim();
+      if (!sha || !tagName) continue;
+      if (!map.has(sha)) map.set(sha, []);
+      map.get(sha).push(tagName);
+    }
+    return map;
   } catch {
-    return [];
+    return new Map();
   }
 }
 
@@ -126,12 +139,12 @@ function getTagsForCommit(commitSha) {
 function parseConventionalCommit(message) {
   if (!message) return null;
   const subject = message.split('\n')[0].trim();
-  const match = subject.match(/^(\w+)(!)?(?:\(([^)]+)\))?:\s+(.+)$/);
+  const match = subject.match(/^(\w+)(?:\(([^)]+)\))?(!)?:\s+(.+)$/);
   if (!match) return null;
   return {
     type: match[1].toLowerCase(),
-    breaking: Boolean(match[2]),
-    scope: match[3] ? String(match[3]).trim() : '',
+    breaking: Boolean(match[3]),
+    scope: match[2] ? String(match[2]).trim() : '',
     description: String(match[4]).trim(),
   };
 }
@@ -154,7 +167,15 @@ function expandCommitInfo(commits) {
     return { latestVersion: null, commits };
   }
   
-  const latestVersion = commits[taggedIndex].tags.find(tag => SEMVER_PATTERN.test(tag));
+  const latestVersion = commits[taggedIndex].tags
+    .filter(tag => SEMVER_PATTERN.test(tag))
+    .sort((a, b) => {
+      const pa = parseVersion(a);
+      const pb = parseVersion(b);
+      if (pb.major !== pa.major) return pb.major - pa.major;
+      if (pb.minor !== pa.minor) return pb.minor - pa.minor;
+      return pb.patch - pa.patch;
+    })[0];
   // Exclude the tagged commit itself - only return commits since the tag
   return {
     latestVersion,
@@ -382,28 +403,29 @@ function calculateNextVersionAndChangelog(expandedInfo) {
  * @returns {Array<{hash: string, datetime: string, author: string, message: string, tags: Array<string>}>}
  */
 function getAllBranchCommits(branch) {
-  // Try to resolve the branch (may be a local branch or remote branch like origin/main)
-  let branchRef = branch;
+  // Resolve the branch to a SHA to avoid shell injection when the branch
+  // name originates from a CI environment variable.
+  let resolvedSha;
   try {
-    runWithOutput(`git rev-parse --verify ${branch}`);
+    resolvedSha = runWithOutput(`git rev-parse --verify -- ${branch}`).trim();
   } catch {
     // Try with origin/ prefix (common in CI environments where local branch doesn't exist)
     try {
-      runWithOutput(`git rev-parse --verify origin/${branch}`);
-      branchRef = `origin/${branch}`;
+      resolvedSha = runWithOutput(`git rev-parse --verify -- origin/${branch}`).trim();
     } catch {
       return [];
     }
   }
-  
+
+  const tagMap = buildTagMap();
   const RS = '\x1E';
   const COMMIT_SEP = `${RS}${RS}`;
-  
+
   try {
-    const logCmd = `git log --format=%H${RS}%ai${RS}%an${RS}%B${COMMIT_SEP} ${branchRef}`;
+    const logCmd = `git log --format=%H${RS}%ai${RS}%an${RS}%B${COMMIT_SEP} ${resolvedSha}`;
     const output = runWithOutput(logCmd).trim();
     if (!output) return [];
-    
+
     return output
       .split(COMMIT_SEP)
       .filter(block => block.trim())
@@ -416,7 +438,7 @@ function getAllBranchCommits(branch) {
           datetime: parts[1].trim(),
           author: parts[2].trim(),
           message: parts.slice(3).join(RS).trim(),
-          tags: getTagsForCommit(hash),
+          tags: tagMap.get(hash) || [],
         };
       })
       .filter(Boolean);