awesome-slash 2.4.4 → 2.5.1

package/plugins/deslop-around/lib/utils/deprecation.js

@@ -0,0 +1,37 @@
+/**
+ * Deprecation Warning Utility
+ * Centralized utility for handling deprecation warnings across the codebase
+ *
+ * @author Avi Fenesh
+ * @license MIT
+ */
+
+// Track which functions have already shown deprecation warnings (once per function)
+const _deprecationWarned = new Set();
+
+/**
+ * Show deprecation warning for sync functions (once per function name)
+ * @param {string} funcName - Name of the deprecated sync function
+ * @param {string} asyncAlt - Name of the async alternative
+ */
+function warnDeprecation(funcName, asyncAlt) {
+  if (_deprecationWarned.has(funcName)) return;
+  _deprecationWarned.add(funcName);
+  console.warn(
+    `DEPRECATED: ${funcName}() is synchronous and blocks the event loop. ` +
+    `Use ${asyncAlt}() instead. Will be removed in v3.0.0.`
+  );
+}
+
+/**
+ * Reset deprecation warnings (for testing only)
+ * @private
+ */
+function _resetDeprecationWarnings() {
+  _deprecationWarned.clear();
+}
+
+module.exports = {
+  warnDeprecation,
+  _resetDeprecationWarnings
+};

package/plugins/deslop-around/lib/utils/shell-escape.js

@@ -0,0 +1,88 @@
+/**
+ * Shell Escaping Utilities
+ * Centralized string escaping functions for safe shell command construction
+ *
+ * @module lib/utils/shell-escape
+ * @author Avi Fenesh
+ * @license MIT
+ */
+
+/**
+ * Escape shell special characters for safe command interpolation
+ * Handles all dangerous shell metacharacters including command injection vectors
+ * Optimized: uses single regex test instead of multiple .includes() calls
+ * @param {string} str - String to escape
+ * @returns {string} Escaped string safe for shell use
+ * @throws {Error} If string contains null bytes or newlines
+ */
+function escapeShell(str) {
+  if (typeof str !== 'string') return '';
+
+  // Reject null bytes and newlines which could be used for injection
+  // Optimized: single regex test instead of 3 separate .includes() scans
+  // Use \x00 instead of \0 for better portability across JS engines
+  if (/[\x00\n\r]/.test(str)) {
+    throw new Error('Input contains invalid characters (null bytes or newlines)');
+  }
+
+  // Escape all shell metacharacters: " $ ` \ ! ; | & > < ( ) { } [ ] * ? ~ # ' space tab
+  return str.replace(/["\$`\\!;|&><(){}[\]*?~#'\s]/g, '\\$&');
+}
+
+/**
+ * Escape single quotes for shell (replace ' with '\''
+ * Use this for strings that will be wrapped in single quotes
+ * @param {string} str - String to escape
+ * @returns {string} Escaped string safe for single-quoted shell use
+ */
+function escapeSingleQuotes(str) {
+  if (typeof str !== 'string') return '';
+  return str.replace(/'/g, "'\\''");
+}
+
+/**
+ * Validate and sanitize file extension
+ * Removes all non-alphanumeric characters
+ * @param {string} ext - Extension to validate
+ * @returns {string} Safe extension (alphanumeric only), defaults to 'ts' if empty
+ */
+function sanitizeExtension(ext) {
+  if (typeof ext !== 'string') return 'ts';
+  const safe = ext.replace(/[^a-zA-Z0-9]/g, '');
+  return safe || 'ts';
+}
+
+/**
+ * Escape a string for use in a double-quoted shell context
+ * More permissive than escapeShell but still safe
+ * @param {string} str - String to escape
+ * @returns {string} Escaped string safe for double-quoted shell use
+ */
+function escapeDoubleQuotes(str) {
+  if (typeof str !== 'string') return '';
+
+  // In double quotes, we need to escape: $ ` " \ and newlines
+  return str.replace(/[$`"\\\n]/g, '\\$&');
+}
+
+/**
+ * Quote a string for safe shell use
+ * Wraps in single quotes and escapes any embedded single quotes
+ * This is often safer than escapeShell for complex strings
+ * @param {string} str - String to quote
+ * @returns {string} Safely quoted string
+ */
+function quoteShell(str) {
+  if (typeof str !== 'string') return "''";
+
+  // Wrap in single quotes and escape any embedded single quotes
+  return "'" + str.replace(/'/g, "'\\''") + "'";
+}
+
+module.exports = {
+  escapeShell,
+  escapeSingleQuotes,
+  sanitizeExtension,
+  escapeDoubleQuotes,
+  quoteShell
+};

package/plugins/next-task/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "next-task",
-  "version": "2.3.1",
+  "version": "2.5.1",
   "description": "Master workflow orchestrator with autonomous task-to-production automation, quality gates, and multi-agent review",
   "author": {
     "name": "Avi Fenesh",

package/plugins/next-task/agents/delivery-validator.md

@@ -43,9 +43,9 @@ NO human in the loop - either pass validation or fail and return to implementati
 ```javascript
 const workflowState = require('${CLAUDE_PLUGIN_ROOT}/lib/state/workflow-state.js');
 
-const state = workflowState.readState();
+const state = workflowState.readFlow();
 const task = state.task;
-const reviewResults = state.phases.history.find(p => p.phase === 'review-loop')?.result;
+const reviewResults = state.reviewResult;
 ```
 
 ## Phase 2: Validation Checks

package/plugins/next-task/agents/implementation-agent.md

@@ -45,14 +45,13 @@ Before implementation:
 
 ```javascript
 const workflowState = require('${CLAUDE_PLUGIN_ROOT}/lib/state/workflow-state.js');
-const state = workflowState.readState();
+const state = workflowState.readFlow();
 
-const planPhase = state.phases.history.find(p => p.phase === 'planning');
-if (!planPhase?.result?.planApproved) {
+if (!state.plan?.approved) {
   throw new Error('Plan not approved - cannot proceed with implementation');
 }
 
-const plan = planPhase.result.plan;
+const plan = state.plan;
 console.log(`Implementing: ${plan.title}`);
 console.log(`Steps: ${plan.steps.length}`);
 ```

package/plugins/next-task/agents/planning-agent.md

@@ -1,12 +1,26 @@
 ---
 name: planning-agent
-description: Design detailed implementation plans for tasks. Use this agent after exploration to create a comprehensive, step-by-step plan for user approval.
-tools: Read, Glob, Grep, Bash(git:*), Task, EnterPlanMode
+description: Design detailed implementation plans for tasks. Create comprehensive step-by-step plans and output as structured JSON. The orchestrator will handle presenting the plan to the user for approval. This agent is invoked after exploration to create implementation plans.
+tools: Read, Glob, Grep, Bash(git:*), Task
 model: opus
 ---
 
 # Planning Agent
 
+**YOUR ROLE**: Create a detailed implementation plan and return it as structured output.
+
+**NOT YOUR ROLE**: Entering plan mode or getting user approval. The orchestrator handles that.
+
+**Flow**:
+1. You create the plan
+2. You output the plan as structured JSON at the end
+3. You return (agent completes)
+4. Orchestrator receives your plan
+5. Orchestrator enters plan mode and presents it to user
+6. User approves/rejects via the orchestrator
+
+**Output Format**: JSON structure that is context-efficient and easy to parse.
+
 You create detailed, well-reasoned implementation plans for tasks.
 This requires deep understanding of the codebase and careful architectural thinking.
 
@@ -21,10 +35,10 @@ Before planning, you should have:
 
 ```javascript
 const workflowState = require('${CLAUDE_PLUGIN_ROOT}/lib/state/workflow-state.js');
-const state = workflowState.readState();
+const state = workflowState.readFlow();
 
 const task = state.task;
-const explorationResults = state.phases.history.find(p => p.phase === 'exploration')?.result;
+const explorationResults = state.exploration;
 
 console.log(`Planning for: #${task.id} - ${task.title}`);
 console.log(`Key files identified: ${explorationResults?.keyFiles?.join(', ')}`);
@@ -161,29 +175,73 @@ Provide honest assessment:
 **Reasoning**: [Why this confidence level]
 ```
 
-## Phase 7: Enter Plan Mode
+## Phase 7: Output Structured Plan
 
-Use EnterPlanMode to get user approval:
+**CRITICAL**: Output your plan as JSON for the orchestrator to parse.
 
 ```javascript
-// Enter plan mode for formal approval
-EnterPlanMode();
-
-// Write plan to plan file
-// Wait for user approval via ExitPlanMode
+const plan = {
+  task: {
+    id: task.id,
+    title: task.title
+  },
+  overview: "2-3 sentence summary of the approach",
+  architecture: "Why this approach over alternatives",
+  steps: [
+    {
+      title: "First logical unit of work",
+      goal: "What this step achieves",
+      files: [
+        { path: "path/to/file.ts", changes: "What changes" }
+      ],
+      details: [
+        "Specific change 1",
+        "Specific change 2"
+      ],
+      risks: ["What could go wrong"]
+    },
+    {
+      title: "Add Tests",
+      goal: "Ensure code quality",
+      files: [
+        { path: "tests/feature.test.ts", changes: "Unit tests" }
+      ],
+      details: [
+        "Happy path test",
+        "Edge case test",
+        "Error handling test"
+      ]
+    }
+  ],
+  critical: {
+    highRisk: ["File/function - Why it's risky"],
+    needsReview: ["Area - Why"],
+    performance: ["If applicable"],
+    security: ["If applicable"]
+  },
+  complexity: {
+    overall: "Low|Medium|High",
+    confidence: "High|Medium|Low",
+    reasoning: "Why this confidence level"
+  }
+};
+
+// Output as JSON for orchestrator
+console.log("\n=== PLAN_START ===");
+console.log(JSON.stringify(plan, null, 2));
+console.log("=== PLAN_END ===\n");
 ```
 
-## Phase 8: Update State
+## Phase 8: Complete
 
-After approval:
+Mark completion:
 
 ```javascript
-workflowState.completePhase({
-  planApproved: true,
-  stepsCount: plan.steps.length,
-  estimatedComplexity: plan.complexity,
-  criticalPaths: plan.criticalPaths
-});
+console.log(`✓ Plan created with ${plan.steps.length} steps`);
+console.log(`✓ Complexity: ${plan.complexity.overall}`);
+console.log(`✓ Returning to orchestrator for user approval`);
+
+// Agent completes here - orchestrator will parse the JSON output
 ```
 
 ## Output Format

package/plugins/next-task/agents/review-orchestrator.md

@@ -13,75 +13,10 @@ and iterate until all critical and high-severity issues are resolved.
 ## Configuration
 
 ```javascript
-const MAX_ITERATIONS = 3;  // From policy.maxReviewIterations
+// No max iterations - review until approved
 const workflowState = require('${CLAUDE_PLUGIN_ROOT}/lib/state/workflow-state.js');
 ```
 
-## ⚠️ MANDATORY STATE UPDATES
-
-```
-╔══════════════════════════════════════════════════════════════════════════╗
-║              YOU MUST UPDATE STATE AFTER EACH ITERATION                   ║
-╠══════════════════════════════════════════════════════════════════════════╣
-║                                                                          ║
-║  After EACH review iteration, update:                                    ║
-║                                                                          ║
-║  1. .claude/workflow-status.json (in worktree):                          ║
-║     - Current iteration number                                           ║
-║     - Issues found/fixed counts                                          ║
-║     - lastActivityAt timestamp                                           ║
-║                                                                          ║
-║  2. .claude/tasks.json (in main repo):                                   ║
-║     - lastActivityAt timestamp                                           ║
-║     - currentStep: 'review-iteration-N'                                  ║
-║                                                                          ║
-║  FAILURE TO UPDATE = RESUME WILL FAIL                                    ║
-║                                                                          ║
-╚══════════════════════════════════════════════════════════════════════════╝
-```
-
-### State Update After Each Iteration
-
-```javascript
-function updateStateAfterIteration(iteration, findings) {
-  const fs = require('fs');
-
-  // 1. Update worktree status
-  const statusPath = '.claude/workflow-status.json';
-  const status = JSON.parse(fs.readFileSync(statusPath, 'utf8'));
-
-  status.steps.push({
-    step: `review-iteration-${iteration}`,
-    status: 'completed',
-    completedAt: new Date().toISOString(),
-    result: {
-      issuesFound: findings.totals.critical + findings.totals.high,
-      issuesFixed: findings.issuesFixed || 0
-    }
-  });
-
-  status.workflow.lastActivityAt = new Date().toISOString();
-  status.agents.reviewIterations = iteration;
-  status.agents.issuesFound = (status.agents.issuesFound || 0) + findings.totals.critical + findings.totals.high;
-
-  fs.writeFileSync(statusPath, JSON.stringify(status, null, 2));
-  console.log(`✓ Updated workflow-status.json: review-iteration-${iteration}`);
-
-  // 2. Update main repo tasks.json
-  if (status.git?.mainRepoPath) {
-    const mainTasksPath = status.git.mainRepoPath + '/.claude/tasks.json';
-    if (fs.existsSync(mainTasksPath)) {
-      const registry = JSON.parse(fs.readFileSync(mainTasksPath, 'utf8'));
-      const idx = registry.tasks.findIndex(t => t.id === status.task.id);
-      if (idx >= 0) {
-        registry.tasks[idx].lastActivityAt = new Date().toISOString();
-        registry.tasks[idx].currentStep = `review-iteration-${iteration}`;
-        fs.writeFileSync(mainTasksPath, JSON.stringify(registry, null, 2));
-      }
-    }
-  }
-}
-```
 
 ## Phase 1: Get Changed Files
 
@@ -100,10 +35,7 @@ git diff --stat HEAD~1..HEAD 2>/dev/null || git diff --stat
 ## Phase 2: Start Review Phase
 
 ```javascript
-workflowState.startPhase('review-loop');
-workflowState.updateState({
-  phases: { currentIteration: 0 }
-});
+workflowState.setPhase('review-loop');
 ```
 
 ## Phase 3: Launch Review Agents (Parallel)
@@ -224,35 +156,10 @@ function aggregateFindings(results) {
 const findings = aggregateFindings(results);
 ```
 
-## Phase 5: Update Agent Results in State
+## Phase 5: Log Results
 
 ```javascript
-workflowState.updateState({
-  agents: {
-    lastRun: {
-      codeReviewer: {
-        status: 'completed',
-        issues: results[0].summary?.total || 0,
-        critical: results[0].summary?.critical || 0,
-        high: results[0].summary?.high || 0
-      },
-      silentFailureHunter: {
-        status: 'completed',
-        issues: results[1].summary?.total || 0,
-        critical: results[1].summary?.critical || 0,
-        high: results[1].summary?.high || 0
-      },
-      testAnalyzer: {
-        status: 'completed',
-        issues: results[2].summary?.total || 0,
-        critical: results[2].summary?.critical || 0,
-        high: results[2].summary?.high || 0
-      }
-    },
-    totalIssuesFound: findings.totals.critical + findings.totals.high +
-                      findings.totals.medium + findings.totals.low
-  }
-});
+console.log(`Found: ${findings.totals.critical} critical, ${findings.totals.high} high, ${findings.totals.medium} medium, ${findings.totals.low} low`);
 ```
 
 ## Phase 6: Report Findings
@@ -275,13 +182,14 @@ ${criticalIssues.map(i => `- **${i.file}:${i.line}** - ${i.description}`).join('
 ${highIssues.map(i => `- **${i.file}:${i.line}** - ${i.description}`).join('\n')}
 ```
 
-## Phase 7: Iteration Loop
+## Phase 7: Iteration Loop (Until Approved)
 
 ```javascript
 let iteration = 1;
 
-while (iteration <= MAX_ITERATIONS && findings.needsIteration) {
-  console.log(`\n## Review Iteration ${iteration}/${MAX_ITERATIONS}`);
+// Loop until all critical/high issues are resolved - no arbitrary limit
+while (findings.needsIteration) {
+  console.log(`\n## Review Iteration ${iteration}`);
   console.log(`Fixing ${findings.totals.critical} critical and ${findings.totals.high} high issues...`);
 
   // Fix critical issues first
@@ -322,10 +230,8 @@ Do NOT auto-fix - just report for the next iteration.`
   });
   // =========================================================
 
-  // Increment iteration in state
-  workflowState.incrementIteration({
-    fixed: findings.totals.critical + findings.totals.high
-  });
+  // Log iteration progress
+  console.log(`Iteration ${iteration} complete. Fixed ${findings.totals.critical + findings.totals.high} issues.`);
 
   // Re-run review agents on changed files
   const changedInIteration = await exec('git diff --name-only HEAD~1');
@@ -339,30 +245,23 @@ Do NOT auto-fix - just report for the next iteration.`
 ## Phase 8: Final Status
 
 ```javascript
-if (findings.totals.critical === 0 && findings.totals.high === 0) {
-  console.log("\n## ✓ Review Approved");
-  console.log("All critical and high-priority issues resolved.");
-  console.log(`Medium: ${findings.totals.medium}, Low: ${findings.totals.low} (noted in PR)`);
-
-  workflowState.completePhase({
+// When we exit the loop, all critical/high issues are resolved
+console.log("\n## ✓ Review Approved");
+console.log("All critical and high-priority issues resolved.");
+console.log(`Medium: ${findings.totals.medium}, Low: ${findings.totals.low} (noted in PR)`);
+console.log(`Completed after ${iteration - 1} iteration(s).`);
+
+// Update flow with review result
+workflowState.updateFlow({
+  reviewResult: {
     approved: true,
     iterations: iteration - 1,
     remainingIssues: {
       medium: findings.totals.medium,
       low: findings.totals.low
     }
-  });
-} else {
-  console.log("\n## ✗ Review Failed");
-  console.log(`Unable to resolve all issues after ${MAX_ITERATIONS} iterations.`);
-  console.log(`Remaining: ${findings.totals.critical} critical, ${findings.totals.high} high`);
-
-  workflowState.failPhase("Review iteration limit reached", {
-    remainingCritical: findings.totals.critical,
-    remainingHigh: findings.totals.high,
-    iterations: iteration - 1
-  });
-}
+  }
+});
 ```
 
 ## Fix Issue Helper