@stylusnexus/work-plan 2026.6.10 → 2026.6.11

package/skills/work-plan/tests/test_rename_track.py

@@ -0,0 +1,351 @@
+"""Tests for the rename-track command (issue #174).
+
+Covers:
+- Renames a private track → file moved (write new, unlink old), frontmatter
+  rewritten with track=new_slug + bumped last_touched, rc 0.
+- old@repo / --repo disambiguation flows through find_track_by_name.
+- Invalid new slug → rc 2, no move.
+- new_slug == old slug → rc 2, no move.
+- Target already exists (same repo/tier) → rc 2, no move.
+- Unknown old slug → rc 1, no move.
+- Public repo, no token → needs_confirm JSON, no move, rc 0; token ==
+  make_token(repo, new_slug). Valid token → renames.
+- Shared track: --commit stages old+new and commits; without --commit prints
+  the 'commit to share' hint and makes no git calls; git failure is non-fatal.
+- Cross-references: sibling depends_on warned by default; --fix-refs rewrites
+  them.
+- "rename-track" in SUBCOMMANDS and DESCRIPTIONS.
+"""
+import io
+import json
+import subprocess
+import sys
+import unittest
+from contextlib import redirect_stdout
+from pathlib import Path
+from unittest.mock import patch, MagicMock
+
+SKILL_ROOT = Path(__file__).resolve().parents[1]
+sys.path.insert(0, str(SKILL_ROOT))
+
+from commands import rename_track
+from lib.tracks import Track, AmbiguousTrackError
+from lib.write_guard import make_token
+import work_plan
+
+
+NOTES_ROOT = "/tmp/fake-notes"
+CLONE_ROOT = "/tmp/fake-clone"
+
+
+def _cfg():
+    return {
+        "notes_root": NOTES_ROOT,
+        "repos": {"myrepo": {"github": "org/myrepo", "local": None}},
+    }
+
+
+def _track(name, *, repo="org/myrepo", folder="myrepo", tier="private",
+           path=None, depends_on=None, meta=None):
+    """Build a Track with frontmatter for use as a discover_tracks() return."""
+    base_meta = {
+        "track": name,
+        "status": "active",
+        "github": {"repo": repo, "issues": [], "branches": []},
+        "depends_on": depends_on or [],
+        "last_touched": "2026-01-01T00:00",
+    }
+    if meta:
+        base_meta.update(meta)
+    if path is None:
+        root = CLONE_ROOT + "/.work-plan" if tier == "shared" else NOTES_ROOT + "/" + folder
+        path = f"{root}/{name}.md"
+    return Track(
+        path=Path(path),
+        name=name,
+        has_frontmatter=True,
+        needs_init=False,
+        needs_filing=False,
+        repo=repo,
+        folder=folder,
+        meta=base_meta,
+        body=f"# {name}\n",
+        tier=tier,
+    )
+
+
+def _drive(args, *, tracks=None, vis="PRIVATE", new_path_exists=False):
+    """Run rename_track.run(args) with all external I/O mocked."""
+    if tracks is None:
+        tracks = [_track("old-feature")]
+
+    def _path_exists(self):
+        if self.suffix == ".md":
+            return new_path_exists
+        return True
+
+    with patch("commands.rename_track.load_config", return_value=_cfg()), \
+         patch("commands.rename_track.discover_tracks", return_value=tracks), \
+         patch("commands.rename_track.write_file") as mw, \
+         patch("lib.write_guard.repo_visibility", return_value=vis), \
+         patch("pathlib.Path.exists", _path_exists), \
+         patch("pathlib.Path.unlink") as munlink:
+        buf = io.StringIO()
+        with redirect_stdout(buf):
+            rc = rename_track.run(args)
+    return rc, mw, munlink, buf.getvalue()
+
+
+class RenameTrackTest(unittest.TestCase):
+
+    # -- registry --------------------------------------------------------
+    def test_registered_in_subcommands(self):
+        self.assertIn("rename-track", work_plan.SUBCOMMANDS)
+
+    def test_appears_in_descriptions(self):
+        names = [e[0] for e in work_plan.DESCRIPTIONS]
+        self.assertIn("rename-track", names)
+
+    # -- happy path ------------------------------------------------------
+    def test_private_rename_moves_file_and_rewrites_frontmatter(self):
+        rc, mw, munlink, out = _drive(["old-feature", "new-feature"])
+        self.assertEqual(rc, 0)
+        munlink.assert_called_once()
+        mw.assert_called_once()
+        meta = mw.call_args[0][1]
+        self.assertEqual(meta["track"], "new-feature")
+        # write_file targets the new path
+        self.assertTrue(str(mw.call_args[0][0]).endswith("new-feature.md"))
+        self.assertIn("Renamed track", out)
+
+    def test_last_touched_is_bumped(self):
+        rc, mw, munlink, out = _drive(["old-feature", "new-feature"])
+        self.assertEqual(rc, 0)
+        meta = mw.call_args[0][1]
+        self.assertNotEqual(meta["last_touched"], "2026-01-01T00:00")
+
+    def test_rename_uses_same_directory(self):
+        """The new file lands in the same dir as the old (rename, not relocate)."""
+        rc, mw, munlink, out = _drive(["old-feature", "new-feature"])
+        self.assertEqual(rc, 0)
+        # write_file targets the new path in the original's directory; the old
+        # file is then unlinked (write-new-then-remove-old, no data-loss window).
+        # Compare via Path (not str) so the assertion holds on Windows, where
+        # str(Path("/tmp/x")) uses backslashes.
+        write_target = Path(mw.call_args[0][0])
+        self.assertEqual(write_target, Path(NOTES_ROOT) / "myrepo" / "new-feature.md")
+        munlink.assert_called_once()
+
+    # -- validation ------------------------------------------------------
+    def test_invalid_new_slug_rc2(self):
+        rc, mw, munlink, out = _drive(["old-feature", "New_Feature"])
+        self.assertEqual(rc, 2)
+        munlink.assert_not_called()
+        mw.assert_not_called()
+
+    def test_same_slug_rc2(self):
+        rc, mw, munlink, out = _drive(["old-feature", "old-feature"])
+        self.assertEqual(rc, 2)
+        munlink.assert_not_called()
+
+    def test_target_exists_rc2(self):
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "taken"], new_path_exists=True
+        )
+        self.assertEqual(rc, 2)
+        munlink.assert_not_called()
+        mw.assert_not_called()
+
+    def test_unknown_old_slug_rc1(self):
+        rc, mw, munlink, out = _drive(["does-not-exist", "new-feature"])
+        self.assertEqual(rc, 1)
+        munlink.assert_not_called()
+
+    def test_missing_positionals_rc2(self):
+        rc, mw, munlink, out = _drive(["only-one"])
+        self.assertEqual(rc, 2)
+        munlink.assert_not_called()
+
+    def test_ambiguous_old_slug_rc1(self):
+        with patch("commands.rename_track.load_config", return_value=_cfg()), \
+             patch("commands.rename_track.discover_tracks", return_value=[]), \
+             patch("commands.rename_track.find_track_by_name",
+                   side_effect=AmbiguousTrackError("old-feature", [])), \
+             patch("commands.rename_track.write_file") as mw:
+            buf = io.StringIO()
+            with redirect_stdout(buf):
+                rc = rename_track.run(["old-feature", "new-feature"])
+        self.assertEqual(rc, 1)
+        mw.assert_not_called()
+
+    # -- public-repo confirm gate ---------------------------------------
+    def test_public_no_token_needs_confirm(self):
+        rc, mw, munlink, out = _drive(["old-feature", "new-feature"], vis="PUBLIC")
+        self.assertEqual(rc, 0)
+        munlink.assert_not_called()
+        mw.assert_not_called()
+        data = json.loads(out.strip())
+        self.assertTrue(data["needs_confirm"])
+        self.assertEqual(data["token"], make_token("org/myrepo", "new-feature"))
+
+    def test_public_valid_token_renames(self):
+        tok = make_token("org/myrepo", "new-feature")
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "new-feature", f"--confirm={tok}"], vis="PUBLIC"
+        )
+        self.assertEqual(rc, 0)
+        munlink.assert_called_once()
+        mw.assert_called_once()
+
+    def test_public_wrong_token_blocked(self):
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "new-feature", "--confirm=nope"], vis="PUBLIC"
+        )
+        self.assertEqual(rc, 0)
+        munlink.assert_not_called()
+
+    # -- disambiguation --------------------------------------------------
+    def test_repo_qualifier_passed_to_finder(self):
+        tracks = [_track("old-feature")]
+        with patch("commands.rename_track.load_config", return_value=_cfg()), \
+             patch("commands.rename_track.discover_tracks", return_value=tracks), \
+             patch("commands.rename_track.find_track_by_name",
+                   return_value=tracks[0]) as mfind, \
+             patch("commands.rename_track.write_file"), \
+             patch("lib.write_guard.repo_visibility", return_value="PRIVATE"), \
+             patch("pathlib.Path.exists", lambda self: not str(self).endswith(".md")), \
+             patch("pathlib.Path.unlink"):
+            buf = io.StringIO()
+            with redirect_stdout(buf):
+                rename_track.run(["old-feature@myrepo", "new-feature"])
+        self.assertEqual(mfind.call_args.kwargs.get("repo"), "myrepo")
+
+    # -- cross-references ------------------------------------------------
+    def test_dependents_warned_by_default(self):
+        tracks = [
+            _track("old-feature"),
+            _track("sibling", depends_on=["old-feature"]),
+        ]
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "new-feature"], tracks=tracks
+        )
+        self.assertEqual(rc, 0)
+        self.assertIn("depend on 'old-feature'", out)
+        self.assertIn("--fix-refs", out)
+        # Only the renamed track was written, not the sibling.
+        self.assertEqual(mw.call_count, 1)
+
+    def test_fix_refs_rewrites_dependents(self):
+        tracks = [
+            _track("old-feature"),
+            _track("sibling", depends_on=["old-feature", "other"]),
+        ]
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "new-feature", "--fix-refs"], tracks=tracks
+        )
+        self.assertEqual(rc, 0)
+        # Renamed track + the one sibling rewritten.
+        self.assertEqual(mw.call_count, 2)
+        sibling_write = [c for c in mw.call_args_list
+                         if str(c[0][0]).endswith("sibling.md")][0]
+        self.assertEqual(sibling_write[0][1]["depends_on"], ["new-feature", "other"])
+
+    def test_dependents_in_other_repo_ignored(self):
+        tracks = [
+            _track("old-feature"),
+            _track("sibling", repo="org/elsewhere", folder="elsewhere",
+                   depends_on=["old-feature"]),
+        ]
+        rc, mw, munlink, out = _drive(
+            ["old-feature", "new-feature", "--fix-refs"], tracks=tracks
+        )
+        self.assertEqual(rc, 0)
+        # Different repo → not a referrer; only the renamed track written.
+        self.assertEqual(mw.call_count, 1)
+
+
+# ---------------------------------------------------------------------------
+# Shared-track --commit behavior
+# ---------------------------------------------------------------------------
+
+class RenameTrackCommitTest(unittest.TestCase):
+
+    def _drive_shared(self, args, *, git_returncode=0):
+        track = _track("old-feature", tier="shared")
+
+        def _path_exists(self):
+            s = str(self)
+            if s == f"{CLONE_ROOT}/.git":
+                return True
+            if s == CLONE_ROOT:
+                return True
+            if self.suffix == ".md":
+                return False
+            return True
+
+        def _is_dir(self):
+            return not str(self).endswith(".md")
+
+        git_results = [
+            MagicMock(returncode=0, stdout="main\n", stderr=""),  # rev-parse
+            MagicMock(returncode=git_returncode, stdout="", stderr="err"),  # add
+            MagicMock(returncode=git_returncode, stdout="", stderr=""),  # commit
+        ]
+        idx = {"n": 0}
+
+        def _git_run(cmd, **kwargs):
+            i = idx["n"]
+            idx["n"] += 1
+            if git_returncode != 0 and i > 0:
+                raise subprocess.CalledProcessError(git_returncode, cmd, stderr="err")
+            return git_results[min(i, len(git_results) - 1)]
+
+        with patch("commands.rename_track.load_config", return_value=_cfg()), \
+             patch("commands.rename_track.discover_tracks", return_value=[track]), \
+             patch("commands.rename_track.write_file") as mw, \
+             patch("lib.write_guard.repo_visibility", return_value="PRIVATE"), \
+             patch("pathlib.Path.exists", _path_exists), \
+             patch("pathlib.Path.is_dir", _is_dir), \
+             patch("pathlib.Path.unlink"), \
+             patch("commands.rename_track.subprocess.run", side_effect=_git_run) as msub:
+            buf = io.StringIO()
+            with redirect_stdout(buf):
+                rc = rename_track.run(args)
+        return rc, mw, msub, buf.getvalue()
+
+    def test_commit_stages_old_and_new_then_commits(self):
+        rc, mw, msub, out = self._drive_shared(
+            ["old-feature", "new-feature", "--commit"]
+        )
+        self.assertEqual(rc, 0)
+        git_cmds = [c[0][0] for c in msub.call_args_list]
+        add_calls = [c for c in git_cmds if "add" in c]
+        commit_calls = [c for c in git_cmds if "commit" in c]
+        self.assertEqual(len(add_calls), 1)
+        self.assertEqual(len(commit_calls), 1)
+        # Path-scoped: stages exactly two .md paths (old + new), never ".".
+        add_argv = add_calls[0]
+        self.assertNotIn(".", add_argv)
+        md_args = [a for a in add_argv if a.endswith(".md")]
+        self.assertEqual(len(md_args), 2)
+        # Commit message names both slugs.
+        msg = commit_calls[0][commit_calls[0].index("-m") + 1]
+        self.assertIn("old-feature", msg)
+        self.assertIn("new-feature", msg)
+
+    def test_no_commit_flag_prints_hint_no_git(self):
+        rc, mw, msub, out = self._drive_shared(["old-feature", "new-feature"])
+        self.assertEqual(rc, 0)
+        msub.assert_not_called()
+        self.assertIn("commit + push to share", out)
+
+    def test_commit_git_failure_non_fatal(self):
+        rc, mw, msub, out = self._drive_shared(
+            ["old-feature", "new-feature", "--commit"], git_returncode=1
+        )
+        self.assertEqual(rc, 0)
+        self.assertIn("⚠", out)
+
+
+if __name__ == "__main__":
+    unittest.main()

package/skills/work-plan/tests/test_repo_filter.py

@@ -15,23 +15,23 @@ class FilterTracksByRepoTest(unittest.TestCase):
     def setUp(self):
         self.cfg = {
             "notes_root": str(FIXTURES),
-            "repos": {"critforge": {"github": "stylusnexus/CritForge", "local": None}},
+            "repos": {"myproject": {"github": "your-org/myproject", "local": None}},
         }
         self.tracks = discover_tracks(self.cfg)
 
     def test_matches_folder_key(self):
-        scoped = filter_tracks_by_repo(self.tracks, "critforge")
+        scoped = filter_tracks_by_repo(self.tracks, "myproject")
         names = {t.name for t in scoped}
         self.assertIn("example", names)
         self.assertNotIn("loose_at_root", names)
 
     def test_matches_github_slug(self):
-        scoped = filter_tracks_by_repo(self.tracks, "stylusnexus/CritForge")
+        scoped = filter_tracks_by_repo(self.tracks, "your-org/myproject")
         names = {t.name for t in scoped}
         self.assertIn("example", names)
 
     def test_case_insensitive(self):
-        scoped = filter_tracks_by_repo(self.tracks, "CRITFORGE")
+        scoped = filter_tracks_by_repo(self.tracks, "MYPROJECT")
         names = {t.name for t in scoped}
         self.assertIn("example", names)
 
@@ -39,13 +39,13 @@ class FilterTracksByRepoTest(unittest.TestCase):
         self.assertEqual(filter_tracks_by_repo(self.tracks, "nonexistent"), [])
 
     def test_excludes_loose_filing_track(self):
-        scoped = filter_tracks_by_repo(self.tracks, "critforge")
+        scoped = filter_tracks_by_repo(self.tracks, "myproject")
         for t in scoped:
             self.assertFalse(t.needs_filing)
 
     def test_track_folder_field_populated(self):
         ex = next(t for t in self.tracks if t.name == "example")
-        self.assertEqual(ex.folder, "critforge")
+        self.assertEqual(ex.folder, "myproject")
 
 
 if __name__ == "__main__":

package/skills/work-plan/tests/test_security_cli_hardening.py

@@ -0,0 +1,142 @@
+"""Security hardening regression tests for the CLI (#191, #192, #194, #195, #196).
+
+Covers the guards added in the security-hardening pass:
+- parse_flags honours a `--` end-of-options separator (#194)
+- git_state.is_safe_ref rejects dash-led revs; commits_ahead/branch_exists
+  refuse to pass them to git (#192)
+- write_file refuses to write through a symlink (#195)
+- init refuses to write outside notes_root; new_track rejects an unsafe folder
+  segment (#195)
+- discover_tracks skips dash-led track filenames (#194)
+
+The yq-injection fix (#191) and its env-passing are covered in
+test_set_notes_root / test_init_repo.
+"""
+import io
+import os
+import sys
+import tempfile
+import unittest
+from contextlib import redirect_stdout
+from pathlib import Path
+from unittest import mock
+
+SKILL_ROOT = Path(__file__).resolve().parents[1]
+sys.path.insert(0, str(SKILL_ROOT))
+
+from lib.prompts import parse_flags
+from lib import git_state, frontmatter, tracks
+from commands import init as init_cmd
+from commands import new_track as new_track_cmd
+
+
+class ParseFlagsEndOfOptionsTest(unittest.TestCase):
+    def test_double_dash_makes_following_args_positional(self):
+        flags, positional = parse_flags(["--repo=x", "--", "--repo", "foo"], {"--repo"})
+        self.assertEqual(flags, {"--repo": "x"})
+        # Everything after `--` is positional, even the flag-looking `--repo`.
+        self.assertEqual(positional, ["--repo", "foo"])
+
+    def test_double_dash_itself_is_consumed(self):
+        flags, positional = parse_flags(["set", "--", "mytrack"], {"--all"})
+        self.assertEqual(positional, ["set", "mytrack"])
+
+    def test_no_double_dash_unchanged(self):
+        flags, positional = parse_flags(["track", "--all"], {"--all"})
+        self.assertEqual(flags, {"--all": True})
+        self.assertEqual(positional, ["track"])
+
+
+class IsSafeRefTest(unittest.TestCase):
+    def test_rejects_dash_led_and_empty(self):
+        for bad in ["--output=/tmp/x", "-rf", "--upload-pack=evil", ""]:
+            self.assertFalse(git_state.is_safe_ref(bad), bad)
+
+    def test_accepts_normal_refs(self):
+        for ok in ["main", "origin/main", "feat/123-x", "v1.2.3", "HEAD"]:
+            self.assertTrue(git_state.is_safe_ref(ok), ok)
+
+
+class GitRefGuardTest(unittest.TestCase):
+    def test_commits_ahead_refuses_dash_led_branch_without_calling_git(self):
+        with mock.patch("lib.git_state.subprocess.run") as msub, \
+             mock.patch("lib.git_state.Path.exists", return_value=True):
+            out = git_state.commits_ahead("--output=/tmp/poc", "main", Path("/repo"))
+        self.assertEqual(out, 0)
+        msub.assert_not_called()  # never reached git
+
+    def test_commits_ahead_refuses_dash_led_base(self):
+        with mock.patch("lib.git_state.subprocess.run") as msub, \
+             mock.patch("lib.git_state.Path.exists", return_value=True):
+            out = git_state.commits_ahead("main", "--all", Path("/repo"))
+        self.assertEqual(out, 0)
+        msub.assert_not_called()
+
+    def test_branch_exists_refuses_dash_led(self):
+        with mock.patch("lib.git_state.subprocess.run") as msub, \
+             mock.patch("lib.git_state.Path.exists", return_value=True):
+            self.assertFalse(git_state.branch_exists("--verbose", Path("/repo")))
+        msub.assert_not_called()
+
+
+class WriteFileSymlinkGuardTest(unittest.TestCase):
+    def test_refuses_to_write_through_symlink(self):
+        with tempfile.TemporaryDirectory() as d:
+            target = Path(d) / "outside.md"
+            target.write_text("original\n", encoding="utf-8")
+            link = Path(d) / "track.md"
+            link.symlink_to(target)
+            with self.assertRaises(ValueError):
+                frontmatter.write_file(link, {"track": "x"}, "body")
+            # Target must be untouched.
+            self.assertEqual(target.read_text(encoding="utf-8"), "original\n")
+
+    def test_normal_write_still_works(self):
+        with tempfile.TemporaryDirectory() as d:
+            p = Path(d) / "track.md"
+            frontmatter.write_file(p, {}, "hello\n")
+            self.assertEqual(p.read_text(encoding="utf-8"), "hello\n")
+
+
+class InitContainmentTest(unittest.TestCase):
+    def test_refuses_path_outside_notes_root(self):
+        with tempfile.TemporaryDirectory() as notes, tempfile.TemporaryDirectory() as outside:
+            target = Path(outside) / "victim.md"
+            target.write_text("do not clobber\n", encoding="utf-8")
+            cfg = {"notes_root": notes, "repos": {}}
+            with mock.patch("commands.init.load_config", return_value=cfg):
+                buf = io.StringIO()
+                with redirect_stdout(buf):
+                    rc = init_cmd.run([str(target)])
+            self.assertEqual(rc, 1)
+            self.assertIn("not inside notes_root", buf.getvalue())
+            # File left untouched (no frontmatter prepended).
+            self.assertEqual(target.read_text(encoding="utf-8"), "do not clobber\n")
+
+
+class NewTrackFolderGuardTest(unittest.TestCase):
+    def test_rejects_dotdot_folder_segment(self):
+        cfg = {"notes_root": "/tmp/does-not-matter", "repos": {}}
+        # new-track <repo> <slug>; repo arg "x/.." derives folder ".." → reject.
+        with mock.patch("commands.new_track.load_config", return_value=cfg):
+            buf = io.StringIO()
+            with redirect_stdout(buf):
+                rc = new_track_cmd.run(["x/..", "myslug"])
+        self.assertEqual(rc, 2)
+        self.assertIn("safe notes folder", buf.getvalue())
+
+
+class DiscoverTracksDashLedTest(unittest.TestCase):
+    def test_dash_led_md_file_is_not_a_track(self):
+        with tempfile.TemporaryDirectory() as notes:
+            root = Path(notes)
+            (root / "good.md").write_text("---\ntrack: good\nstatus: active\n---\nbody\n", encoding="utf-8")
+            (root / "--repo.md").write_text("---\ntrack: x\nstatus: active\n---\nbody\n", encoding="utf-8")
+            cfg = {"notes_root": notes, "repos": {}}
+            found = {t.name for t in tracks.discover_tracks(cfg)}
+        self.assertIn("good", found)
+        self.assertNotIn("--repo", found)
+
+
+if __name__ == "__main__":
+    unittest.main()

package/skills/work-plan/tests/test_set_notes_root.py

@@ -103,8 +103,12 @@ class SetNotesRootTest(unittest.TestCase):
         # raw POSIX input string.
         expected = str(Path("/some/new/path").expanduser().resolve())
         expr = yq_args[2]
-        self.assertIn(".notes_root", expr)
-        self.assertIn(expected, expr)
+        # Hardened (#191): the path travels as an OPAQUE env value via strenv(),
+        # never interpolated into the yq expression — so a path containing `"`
+        # or yq operators can't break out and rewrite arbitrary config keys.
+        self.assertEqual(expr, ".notes_root = strenv(WP_NEW_ROOT)")
+        self.assertNotIn(expected, expr)
+        self.assertEqual(msub.call_args.kwargs["env"]["WP_NEW_ROOT"], expected)
 
         # mkdir must have been called (creates the dir)
         mmkdir.assert_called_once()

package/skills/work-plan/tests/test_status_table.py

@@ -10,6 +10,7 @@ from lib.status_table import (
     find_status_table, update_row_status, ISSUE_NUM_RE,
     render_issue_row, append_rows, sync_missing_rows,
     find_canonical_status_tables, CANONICAL_MARKER,
+    render_canonical_table, strip_canonical_block, insert_canonical_block,
 )
 
 FIXTURES = Path(__file__).parent / "fixtures"
@@ -60,6 +61,66 @@ class RenderIssueRowTest(unittest.TestCase):
         row = render_issue_row(487, "fix the thing", "@alice", "🔲 Open")
         self.assertEqual(row, "| #487 | fix the thing | @alice | 🔲 Open |")
 
+    def test_milestone_arg_adds_fifth_column(self):
+        row = render_issue_row(487, "fix", "@alice", "🔲 Open", milestone="v0.4.0")
+        self.assertEqual(row, "| #487 | fix | v0.4.0 | @alice | 🔲 Open |")
+
+    def test_empty_milestone_still_renders_column(self):
+        # "" is distinct from None: the column is present but blank.
+        row = render_issue_row(487, "fix", "@alice", "🔲 Open", milestone="")
+        self.assertEqual(row, "| #487 | fix |  | @alice | 🔲 Open |")
+
+
+class RenderCanonicalTableTest(unittest.TestCase):
+    def _gh(self, num, title, state="OPEN", milestone=None):
+        d = {"number": num, "title": title, "state": state, "assignees": []}
+        if milestone:
+            d["milestone"] = {"title": milestone}
+        return d
+
+    def test_single_milestone_renders_one_table_no_divider(self):
+        by = {1: self._gh(1, "a"), 2: self._gh(2, "b")}
+        md = render_canonical_table([1, 2], by)
+        self.assertIn("| # | Title | Milestone | Assignee | Status |", md)
+        self.assertNotIn("| | | | | |", md)  # no divider when one group
+
+    def test_active_milestone_first_with_divider(self):
+        by = {
+            10: self._gh(10, "near", milestone="v0.4.0 — MVP"),
+            20: self._gh(20, "far", milestone="v2.0.0 — Post-Launch"),
+            30: self._gh(30, "none"),
+        }
+        md = render_canonical_table([10, 20, 30], by, milestone_alignment="v2.0.0")
+        # Active milestone (v2.0.0 → #20) precedes v0.4.0 (#10) precedes none (#30).
+        self.assertLess(md.index("#20"), md.index("#10"))
+        self.assertLess(md.index("#10"), md.index("#30"))
+        # Divider rows separate the three groups (2 dividers).
+        self.assertEqual(md.count("| | | | | |"), 2)
+        self.assertIn("| #20 | far | v2.0.0 |", md)
+
+    def test_strip_and_insert_round_trip(self):
+        by = {1: self._gh(1, "a")}
+        table = render_canonical_table([1], by)
+        body = insert_canonical_block("## Notes\n\nkeep\n", table)
+        self.assertTrue(body.startswith("## Issues (canonical)"))
+        self.assertIn("## Notes\n\nkeep", body)
+        # Stripping removes the canonical block, leaving the narrative.
+        stripped = strip_canonical_block(body)
+        self.assertNotIn(CANONICAL_MARKER, stripped)
+        self.assertIn("## Notes", stripped)
+
+    def test_insert_replace_swaps_existing_block(self):
+        by1 = {1: self._gh(1, "a")}
+        body = insert_canonical_block("## Notes\n", render_canonical_table([1], by1))
+        by2 = {2: self._gh(2, "b")}
+        body2 = insert_canonical_block(body, render_canonical_table([2], by2),
+                                       replace=True)
+        # Old table gone, new table present, narrative preserved, exactly one block.
+        self.assertNotIn("#1", body2)
+        self.assertIn("#2", body2)
+        self.assertEqual(body2.count(CANONICAL_MARKER), 1)
+        self.assertIn("## Notes", body2)
+
 
 class AppendRowsTest(unittest.TestCase):
     def test_inserts_after_last_row_before_narrative(self):

package/skills/work-plan/tests/test_track_resolution.py

@@ -131,9 +131,9 @@ class FindTrackByNameTest(unittest.TestCase):
 class ParseTrackRepoArgTest(unittest.TestCase):
 
     def test_name_at_repo_splits_correctly(self):
-        name, repo = parse_track_repo_arg("foo@critforge")
+        name, repo = parse_track_repo_arg("foo@myproject")
         self.assertEqual(name, "foo")
-        self.assertEqual(repo, "critforge")
+        self.assertEqual(repo, "myproject")
 
     def test_no_at_returns_original_none(self):
         name, repo = parse_track_repo_arg("foo")

package/skills/work-plan/tests/test_tracks.py

@@ -41,7 +41,7 @@ class DiscoverTracksTest(unittest.TestCase):
     def setUp(self):
         self.cfg = {
             "notes_root": str(FIXTURES),
-            "repos": {"critforge": {"github": "stylusnexus/CritForge", "local": None}},
+            "repos": {"myproject": {"github": "your-org/myproject", "local": None}},
         }
 
     def test_active_track_discovered(self):
@@ -50,7 +50,7 @@ class DiscoverTracksTest(unittest.TestCase):
 
     def test_repo_inferred_from_folder(self):
         ex = next(t for t in discover_tracks(self.cfg) if t.name == "example")
-        self.assertEqual(ex.repo, "stylusnexus/CritForge")
+        self.assertEqual(ex.repo, "your-org/myproject")
 
     def test_no_frontmatter_flagged_needs_init(self):
         nf = next(t for t in discover_tracks(self.cfg) if t.path.name == "no_frontmatter.md")
@@ -76,7 +76,7 @@ class DiscoverArchivedTracksTest(unittest.TestCase):
     def setUp(self):
         self.cfg = {
             "notes_root": str(FIXTURES),
-            "repos": {"critforge": {"github": "stylusnexus/CritForge", "local": None}},
+            "repos": {"myproject": {"github": "your-org/myproject", "local": None}},
         }
 
     def test_finds_shipped_track_in_archive(self):
@@ -374,7 +374,7 @@ class DiscoverArchivedSharedTest(unittest.TestCase):
         """Existing notes_root archives continue to be discovered."""
         cfg = {
             "notes_root": str(FIXTURES),
-            "repos": {"critforge": {"github": "stylusnexus/CritForge", "local": None}},
+            "repos": {"myproject": {"github": "your-org/myproject", "local": None}},
         }
         archived = discover_archived_tracks(cfg)
         slugs = [a.meta.get("track") for a in archived]