npm - codiedev - Versions diffs - 0.7.3 → 0.7.4 - Mend

codiedev 0.7.3 → 0.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/commands/reverseTicket.js +32 -11
package/package.json +1 -1

package/dist/commands/reverseTicket.js CHANGED Viewed

@@ -36,6 +36,7 @@ function parseArgs(args) {
     let base;
     let forcedKey;
     let noTruncate = false;
+    let dirty = false;
     for (let i = 0; i < args.length; i++) {
         const a = args[i];
         if ((a === "--with" || a === "-w") && i + 1 < args.length) {
@@ -53,17 +54,20 @@ function parseArgs(args) {
         else if (a === "--full") {
             noTruncate = true;
         }
+        else if (a === "--dirty") {
+            dirty = true;
+        }
         else if (!a.startsWith("--") && !prUrl) {
             prUrl = a;
         }
     }
-    return { prUrl, base, forcedKey, noTruncate };
+    return { prUrl, base, forcedKey, noTruncate, dirty };
 }
 async function runReverseTicket(args) {
-    const { prUrl, base, forcedKey, noTruncate } = parseArgs(args);
+    const { prUrl, base, forcedKey, noTruncate, dirty } = parseArgs(args);
     // No PR URL → branch mode (mid-session, no PR exists yet).
     if (!prUrl) {
-        return runBranchMode({ explicitBase: base, forcedKey });
+        return runBranchMode({ explicitBase: base, forcedKey, dirty });
     }
     const parsed = parsePrUrl(prUrl);
     if (!parsed) {
@@ -237,22 +241,38 @@ async function runBranchMode(opts) {
         }
     };
     const shQuote = (s) => `'${s.replace(/'/g, "'\\''")}'`;
-    // Capture all work relative to the base ref: committed + uncommitted-tracked
-    // + new untracked. Matches "ticket my current changes" intent.
-    const trackedRaw = git(`diff --name-only ${baseSha}`);
+    // Default scope is committed-only — files and content reachable from HEAD,
+    // not from the working tree. Without `HEAD` as the second arg, `git diff
+    // <ref>` compares <ref> to the working tree, which silently rolls in
+    // uncommitted modifications and (via ls-files --others) untracked leftovers
+    // from prior branches. That produced audit-grade leaks where a one-commit
+    // copy-button branch generated a draft describing an unrelated auth rebrand
+    // that was sitting dirty in the working tree.
+    //
+    // --dirty re-enables the old behavior for the "ticket my current WIP"
+    // intent — explicit opt-in, since the user is asserting the dirty state is
+    // theirs and on-topic.
+    const includeDirty = opts.dirty === true;
+    const trackedRaw = git(`diff --name-only ${baseSha}${includeDirty ? "" : " HEAD"}`);
     const trackedFiles = trackedRaw ? trackedRaw.split("\n").filter(Boolean) : [];
-    const untrackedRaw = safeGit(() => git("ls-files --others --exclude-standard"));
+    const untrackedRaw = includeDirty
+        ? safeGit(() => git("ls-files --others --exclude-standard"))
+        : undefined;
     const untrackedFiles = untrackedRaw
         ? untrackedRaw.split("\n").filter(Boolean)
         : [];
     const filesChanged = Array.from(new Set([...trackedFiles, ...untrackedFiles]));
     if (filesChanged.length === 0) {
-        console.error(`No changes detected between ${baseRef} and your working tree on ${branch}.`);
+        const scope = includeDirty ? "your working tree" : "HEAD";
+        console.error(`No changes detected between ${baseRef} and ${scope} on ${branch}.`);
+        if (!includeDirty) {
+            console.error("Pass --dirty to also include uncommitted + untracked changes.");
+        }
         process.exit(1);
     }
     let stat = "";
     try {
-        const trackedStat = git(`diff --stat=200 ${baseSha}`);
+        const trackedStat = git(`diff --stat=200 ${baseSha}${includeDirty ? "" : " HEAD"}`);
         const untrackedStatLines = untrackedFiles.map((f) => {
             const wc = shellTolerant(`wc -l < ${shQuote(f)}`);
             const n = parseInt(wc.split(/\s+/)[0] || "0", 10) || 0;
@@ -269,9 +289,10 @@ async function runBranchMode(opts) {
     let diff = "";
     try {
         const sourceTracked = trackedFiles.filter((f) => !isNoise(f));
+        const headRef = includeDirty ? "" : " HEAD";
         const trackedDiff = sourceTracked.length > 0
-            ? git(`diff ${baseSha} -- ${sourceTracked.map(shQuote).join(" ")}`)
-            : git(`diff ${baseSha}`);
+            ? git(`diff ${baseSha}${headRef} -- ${sourceTracked.map(shQuote).join(" ")}`)
+            : git(`diff ${baseSha}${headRef}`);
         const sourceUntracked = untrackedFiles.filter((f) => !isNoise(f));
         const untrackedDiffs = sourceUntracked.map((f) => shellTolerant(`git diff --no-index --no-color -- /dev/null ${shQuote(f)}`));
         diff = [trackedDiff, ...untrackedDiffs]

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codiedev",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "description": "Connect Claude Code, Codex, Cursor, or VS Code Copilot to CodieDev for org-wide session capture and artifact collaboration",
   "bin": {
     "codiedev": "./dist/cli.js",