commandmate 0.3.0 → 0.3.2

package/dist/server/server.js

@@ -39,6 +39,7 @@ const worktrees_1 = require("./src/lib/worktrees");
 const db_instance_1 = require("./src/lib/db-instance");
 const response_poller_1 = require("./src/lib/response-poller");
 const auto_yes_manager_1 = require("./src/lib/auto-yes-manager");
+const schedule_manager_1 = require("./src/lib/schedule-manager");
 const db_migrations_1 = require("./src/lib/db-migrations");
 const env_1 = require("./src/lib/env");
 const db_repository_1 = require("./src/lib/db-repository");
@@ -227,6 +228,8 @@ app.prepare().then(() => {
         console.log(`> WebSocket server ready`);
         // Initialize worktrees after server starts
         await initializeWorktrees();
+        // [S3-010] Initialize schedule manager AFTER worktrees are ready
+        (0, schedule_manager_1.initScheduleManager)();
     });
     // Graceful shutdown with timeout
     let isShuttingDown = false;
@@ -241,6 +244,8 @@ app.prepare().then(() => {
         (0, response_poller_1.stopAllPolling)();
         // Issue #138: Stop all auto-yes pollers
         (0, auto_yes_manager_1.stopAllAutoYesPolling)();
+        // Issue #294: Stop all scheduled executions (SIGKILL fire-and-forget)
+        (0, schedule_manager_1.stopAllSchedules)();
         // Close WebSocket connections immediately (don't wait)
         (0, ws_server_1.closeWebSocket)();
         // Force exit after 3 seconds if graceful shutdown fails

package/dist/server/src/config/cmate-constants.js

@@ -0,0 +1,79 @@
+"use strict";
+/**
+ * CMATE.md Shared Constants
+ * Issue #294: Constants shared between server-side parser and client-side validator
+ *
+ * This module has NO Node.js dependencies (no 'fs'), so it can be safely
+ * imported from both server and client code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_SCHEDULE_ENTRIES = exports.MAX_CRON_EXPRESSION_LENGTH = exports.NAME_PATTERN = exports.CONTROL_CHAR_PATTERN = exports.CMATE_FILENAME = void 0;
+exports.sanitizeContent = sanitizeContent;
+exports.isValidCronExpression = isValidCronExpression;
+// =============================================================================
+// File
+// =============================================================================
+/** CMATE.md filename */
+exports.CMATE_FILENAME = 'CMATE.md';
+// =============================================================================
+// Sanitization
+// =============================================================================
+/**
+ * Unicode control character regex for sanitization.
+ * Matches: C0 control chars (except \t \n \r), C1 control chars,
+ * zero-width characters, directional control characters.
+ *
+ * NOTE: No /g flag on the export — callers must use String.replace(pattern, '')
+ * with /g or String.replaceAll() to avoid lastIndex state issues.
+ *
+ * [S4-002] Strips potentially dangerous Unicode control characters
+ */
+exports.CONTROL_CHAR_PATTERN = 
+// eslint-disable-next-line no-control-regex
+/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F\x80-\x9F\u200B-\u200F\u2028-\u202F\uFEFF]/;
+/**
+ * Remove Unicode control characters from a string.
+ * Preserves tabs (\t), newlines (\n), and carriage returns (\r).
+ *
+ * @param content - Raw string to sanitize
+ * @returns Sanitized string with control characters removed
+ */
+function sanitizeContent(content) {
+    // Use RegExp constructor with /g to avoid lastIndex state on the shared pattern
+    return content.replace(new RegExp(exports.CONTROL_CHAR_PATTERN.source, 'g'), '');
+}
+// =============================================================================
+// Name Validation
+// =============================================================================
+/**
+ * Name validation pattern.
+ * Allows: ASCII word chars, Japanese chars (CJK, Hiragana, Katakana, Symbols),
+ * spaces, and hyphens. Length: 1-100 characters.
+ *
+ * [S4-011] Prevents injection through name field
+ */
+exports.NAME_PATTERN = /^[\w\u3000-\u303F\u3040-\u309F\u30A0-\u30FF\u4E00-\u9FFF\uF900-\uFAFF\s-]{1,100}$/;
+// =============================================================================
+// Limits
+// =============================================================================
+/** Maximum cron expression length */
+exports.MAX_CRON_EXPRESSION_LENGTH = 100;
+/** Maximum number of schedule entries per worktree */
+exports.MAX_SCHEDULE_ENTRIES = 100;
+// =============================================================================
+// Cron Validation
+// =============================================================================
+/**
+ * Validate a cron expression.
+ * Checks length and basic format (5-6 fields separated by spaces).
+ *
+ * @param expression - Cron expression to validate
+ * @returns true if the expression appears valid
+ */
+function isValidCronExpression(expression) {
+    if (expression.length > exports.MAX_CRON_EXPRESSION_LENGTH) {
+        return false;
+    }
+    const parts = expression.trim().split(/\s+/);
+    return parts.length >= 5 && parts.length <= 6;
+}

package/dist/server/src/config/schedule-config.js

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * Schedule Execution Configuration Constants
+ * Issue #294: Centralized constants for schedule-related API routes
+ *
+ * Eliminates duplication of validation constants and UUID validation
+ * across schedules/route.ts, schedules/[scheduleId]/route.ts,
+ * and execution-logs/[logId]/route.ts.
+ *
+ * [S4-014] UUID v4 format validation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UUID_V4_PATTERN = exports.DEFAULT_PERMISSIONS = exports.CODEX_SANDBOXES = exports.CLAUDE_PERMISSIONS = exports.MAX_SCHEDULE_CRON_LENGTH = exports.MAX_SCHEDULE_MESSAGE_LENGTH = exports.MAX_SCHEDULE_NAME_LENGTH = void 0;
+exports.isValidUuidV4 = isValidUuidV4;
+// =============================================================================
+// Validation Constants
+// =============================================================================
+/** Maximum schedule name length */
+exports.MAX_SCHEDULE_NAME_LENGTH = 100;
+/** Maximum message length for schedule execution */
+exports.MAX_SCHEDULE_MESSAGE_LENGTH = 10000;
+/** Maximum cron expression length */
+exports.MAX_SCHEDULE_CRON_LENGTH = 100;
+// =============================================================================
+// Permission Constants
+// =============================================================================
+/** Allowed permission values for claude CLI (--permission-mode) */
+exports.CLAUDE_PERMISSIONS = ['default', 'acceptEdits', 'plan', 'dontAsk', 'bypassPermissions'];
+/** Allowed sandbox values for codex CLI (--sandbox) */
+exports.CODEX_SANDBOXES = ['read-only', 'workspace-write', 'danger-full-access'];
+/** Default permission per CLI tool */
+exports.DEFAULT_PERMISSIONS = {
+    claude: 'acceptEdits',
+    codex: 'workspace-write',
+};
+// =============================================================================
+// UUID Validation
+// =============================================================================
+/**
+ * UUID v4 validation pattern.
+ * Matches standard UUID v4 format: xxxxxxxx-xxxx-4xxx-[89ab]xxx-xxxxxxxxxxxx
+ *
+ * [S4-014] Used to validate schedule IDs and execution log IDs
+ */
+exports.UUID_V4_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+/**
+ * Validate that a string is a valid UUID v4 format.
+ *
+ * @param id - String to validate
+ * @returns true if the string matches UUID v4 format
+ */
+function isValidUuidV4(id) {
+    return exports.UUID_V4_PATTERN.test(id);
+}

package/dist/server/src/lib/claude-executor.js

@@ -0,0 +1,147 @@
+"use strict";
+/**
+ * Claude CLI Executor
+ * Issue #294: Executes claude -p commands for scheduled executions
+ *
+ * Security:
+ * - Uses execFile (not exec) to prevent shell injection
+ * - Sanitizes environment variables via env-sanitizer.ts
+ * - Limits output size to prevent memory exhaustion
+ * - Enforces execution timeout
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ALLOWED_CLI_TOOLS = exports.MAX_MESSAGE_LENGTH = exports.EXECUTION_TIMEOUT_MS = exports.MAX_STORED_OUTPUT_SIZE = exports.MAX_OUTPUT_SIZE = void 0;
+exports.truncateOutput = truncateOutput;
+exports.buildCliArgs = buildCliArgs;
+exports.executeClaudeCommand = executeClaudeCommand;
+exports.getActiveProcesses = getActiveProcesses;
+const child_process_1 = require("child_process");
+const env_sanitizer_1 = require("./env-sanitizer");
+const cli_patterns_1 = require("./cli-patterns");
+// =============================================================================
+// Constants
+// =============================================================================
+/** Maximum output buffer size for execFile (1MB) */
+exports.MAX_OUTPUT_SIZE = 1 * 1024 * 1024;
+/** Maximum output size stored in DB (100KB) */
+exports.MAX_STORED_OUTPUT_SIZE = 100 * 1024;
+/** Execution timeout in milliseconds (5 minutes) */
+exports.EXECUTION_TIMEOUT_MS = 5 * 60 * 1000;
+/** Maximum message length sent to claude -p */
+exports.MAX_MESSAGE_LENGTH = 10000;
+/** Allowed CLI tool identifiers for scheduled execution */
+exports.ALLOWED_CLI_TOOLS = new Set(['claude', 'codex']);
+// =============================================================================
+// Executor
+// =============================================================================
+/**
+ * Truncate output to MAX_STORED_OUTPUT_SIZE bytes.
+ * Appends a truncation notice if truncated.
+ *
+ * @param output - Raw output string
+ * @returns Truncated output string
+ */
+function truncateOutput(output) {
+    if (Buffer.byteLength(output, 'utf-8') <= exports.MAX_STORED_OUTPUT_SIZE) {
+        return output;
+    }
+    // Truncate to MAX_STORED_OUTPUT_SIZE bytes
+    const buffer = Buffer.from(output, 'utf-8');
+    const truncated = buffer.subarray(0, exports.MAX_STORED_OUTPUT_SIZE).toString('utf-8');
+    return truncated + '\n\n--- Output truncated (exceeded 100KB limit) ---';
+}
+/**
+ * Build CLI arguments for non-interactive execution based on CLI tool type.
+ *
+ * - claude: -p <message> --output-format text --permission-mode <permission>
+ * - codex: exec <message> --sandbox <permission>
+ * - others: -p <message> (fallback)
+ *
+ * @param message - Prompt message
+ * @param cliToolId - CLI tool identifier
+ * @param permission - Permission mode (claude: --permission-mode, codex: --sandbox)
+ * @returns Array of CLI arguments
+ */
+function buildCliArgs(message, cliToolId, permission) {
+    switch (cliToolId) {
+        case 'codex':
+            return ['exec', message, '--sandbox', permission ?? 'workspace-write'];
+        case 'claude':
+        default:
+            return ['-p', message, '--output-format', 'text', '--permission-mode', permission ?? 'acceptEdits'];
+    }
+}
+/**
+ * Execute a CLI command in a worktree directory.
+ *
+ * @param message - Prompt message to send
+ * @param cwd - Working directory (worktree path from DB)
+ * @param cliToolId - CLI tool to use (default: 'claude')
+ * @param permission - Permission mode (claude: --permission-mode, codex: --sandbox)
+ * @returns Execution result with output and status
+ */
+async function executeClaudeCommand(message, cwd, cliToolId = 'claude', permission) {
+    // Validate cliToolId against whitelist [SEC-001]
+    if (!exports.ALLOWED_CLI_TOOLS.has(cliToolId)) {
+        return {
+            output: '',
+            exitCode: null,
+            status: 'failed',
+            error: `Invalid CLI tool: ${cliToolId}`,
+        };
+    }
+    // Validate message length
+    const truncatedMessage = message.length > exports.MAX_MESSAGE_LENGTH
+        ? message.substring(0, exports.MAX_MESSAGE_LENGTH)
+        : message;
+    const args = buildCliArgs(truncatedMessage, cliToolId, permission);
+    return new Promise((resolve) => {
+        const child = (0, child_process_1.execFile)(cliToolId, args, {
+            cwd,
+            env: (0, env_sanitizer_1.sanitizeEnvForChildProcess)(),
+            maxBuffer: exports.MAX_OUTPUT_SIZE,
+            timeout: exports.EXECUTION_TIMEOUT_MS,
+        }, (error, stdout, stderr) => {
+            if (error) {
+                const isTimeout = error.killed || error.code === 'ETIMEDOUT';
+                const rawOutput = (0, cli_patterns_1.stripAnsi)(stdout || stderr || error.message);
+                const output = truncateOutput(rawOutput);
+                resolve({
+                    output,
+                    exitCode: error.code ? parseInt(String(error.code), 10) || null : null,
+                    status: isTimeout ? 'timeout' : 'failed',
+                    error: error.message,
+                });
+                return;
+            }
+            const rawOutput = (0, cli_patterns_1.stripAnsi)(stdout || '');
+            const output = truncateOutput(rawOutput);
+            resolve({
+                output,
+                exitCode: 0,
+                status: 'completed',
+            });
+        });
+        // Close stdin immediately to prevent hanging on yes/no prompts
+        child.stdin?.end();
+        // Return the child process PID for tracking
+        if (child.pid) {
+            // Store PID in global active processes for cleanup on shutdown
+            const activeProcesses = getActiveProcesses();
+            activeProcesses.set(child.pid, child);
+            child.on('exit', () => {
+                activeProcesses.delete(child.pid);
+            });
+        }
+    });
+}
+/**
+ * Get the global active processes map.
+ * Uses globalThis for hot reload persistence.
+ */
+function getActiveProcesses() {
+    if (!globalThis.__scheduleActiveProcesses) {
+        globalThis.__scheduleActiveProcesses = new Map();
+    }
+    return globalThis.__scheduleActiveProcesses;
+}

package/dist/server/src/lib/claude-session.js

@@ -136,6 +136,17 @@ exports.CLAUDE_PROMPT_POLL_INTERVAL = 200;
  * 40 is an empirical threshold with safety margin.
  */
 const MAX_SHELL_PROMPT_LENGTH = 40;
+/**
+ * Number of tail lines used for error pattern detection in isSessionHealthy()
+ *
+ * Error patterns are only searched within the last N lines of pane output,
+ * not the entire buffer. This prevents false negatives where historical
+ * (already recovered) errors in the scrollback trigger unhealthy detection.
+ *
+ * 10 lines provides sufficient window to catch recent errors while ignoring
+ * historical ones that have scrolled up.
+ */
+const HEALTH_CHECK_ERROR_TAIL_LINES = 10;
 /**
  * Cached Claude CLI path
  */
@@ -265,21 +276,31 @@ async function isSessionHealthy(sessionName) {
         if (trimmed === '') {
             return { healthy: false, reason: 'empty output' };
         }
-        // S2-F010: Error pattern detection (HealthCheckResult format)
+        // Active state detection: check for Claude prompt BEFORE error patterns.
+        // This prevents false negatives where historical (recovered) errors in
+        // the pane scrollback cause a currently-active session to be marked unhealthy.
+        if (cli_patterns_1.CLAUDE_PROMPT_PATTERN.test(trimmed)) {
+            return { healthy: true };
+        }
+        // S2-F010: Error pattern detection - limited to tail lines only.
+        // Only the last HEALTH_CHECK_ERROR_TAIL_LINES lines are searched, so
+        // historical errors that have scrolled up do not trigger false negatives.
+        const allLines = trimmed.split('\n').filter(line => line.trim() !== '');
+        const tailLines = allLines.slice(-HEALTH_CHECK_ERROR_TAIL_LINES);
+        const tailText = tailLines.join('\n');
         // MF-001: Check error patterns from cli-patterns.ts (SRP - pattern management centralized)
         for (const pattern of cli_patterns_1.CLAUDE_SESSION_ERROR_PATTERNS) {
-            if (trimmed.includes(pattern)) {
+            if (tailText.includes(pattern)) {
                 return { healthy: false, reason: `error pattern: ${pattern}` };
             }
         }
         for (const regex of cli_patterns_1.CLAUDE_SESSION_ERROR_REGEX_PATTERNS) {
-            if (regex.test(trimmed)) {
+            if (regex.test(tailText)) {
                 return { healthy: false, reason: `error pattern: ${regex.source}` };
             }
         }
         // S2-F002: Extract last line after empty line filtering
-        const lines = trimmed.split('\n').filter(line => line.trim() !== '');
-        const lastLine = lines[lines.length - 1]?.trim() ?? '';
+        const lastLine = allLines[allLines.length - 1]?.trim() ?? '';
         // F006: Line length check BEFORE SHELL_PROMPT_ENDINGS check (early return)
         if (lastLine.length >= MAX_SHELL_PROMPT_LENGTH) {
             // Long lines are not shell prompts -> treat as healthy (early return)
@@ -415,7 +436,11 @@ async function isClaudeRunning(worktreeId) {
     // MF-S3-001: Verify session health to avoid reporting broken sessions as running
     // S2-F001: await + extract .healthy to maintain boolean return type
     const result = await isSessionHealthy(sessionName);
-    return result.healthy;
+    if (!result.healthy) {
+        console.warn(`[isClaudeRunning] Session ${sessionName} unhealthy: ${result.reason}`);
+        return false;
+    }
+    return true;
 }
 /**
  * Get Claude session state

package/dist/server/src/lib/cli-patterns.js

@@ -268,7 +268,7 @@ exports.CLAUDE_SESSION_ERROR_PATTERNS = [
  * SEC-SF-004: See CLAUDE_SESSION_ERROR_PATTERNS JSDoc for pattern maintenance process.
  */
 exports.CLAUDE_SESSION_ERROR_REGEX_PATTERNS = [
-    /Error:.*Claude/,
+    /^Error:.*Claude Code/,
 ];
 function buildDetectPromptOptions(cliToolId) {
     if (cliToolId === 'claude') {

package/dist/server/src/lib/cmate-parser.js

@@ -0,0 +1,240 @@
+"use strict";
+/**
+ * CMATE.md Parser
+ * Issue #294: Schedule execution feature
+ *
+ * Parses CMATE.md files (Markdown table format) from worktree root directories.
+ * Provides a generic table parser and a specialized schedule section parser.
+ *
+ * Security:
+ * - Path traversal prevention (realpath + worktree directory validation)
+ * - Unicode control character sanitization
+ * - Name validation with strict pattern matching
+ * - Cron expression validation
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MIN_CRON_INTERVAL = exports.CONTROL_CHAR_REGEX = exports.isValidCronExpression = exports.MAX_SCHEDULE_ENTRIES = exports.MAX_CRON_EXPRESSION_LENGTH = exports.NAME_PATTERN = exports.CMATE_FILENAME = void 0;
+exports.sanitizeMessageContent = sanitizeMessageContent;
+exports.validateCmatePath = validateCmatePath;
+exports.parseCmateFile = parseCmateFile;
+exports.parseSchedulesSection = parseSchedulesSection;
+exports.readCmateFile = readCmateFile;
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const schedule_config_1 = require("../config/schedule-config");
+const cmate_constants_1 = require("../config/cmate-constants");
+Object.defineProperty(exports, "CMATE_FILENAME", { enumerable: true, get: function () { return cmate_constants_1.CMATE_FILENAME; } });
+Object.defineProperty(exports, "NAME_PATTERN", { enumerable: true, get: function () { return cmate_constants_1.NAME_PATTERN; } });
+Object.defineProperty(exports, "MAX_CRON_EXPRESSION_LENGTH", { enumerable: true, get: function () { return cmate_constants_1.MAX_CRON_EXPRESSION_LENGTH; } });
+Object.defineProperty(exports, "MAX_SCHEDULE_ENTRIES", { enumerable: true, get: function () { return cmate_constants_1.MAX_SCHEDULE_ENTRIES; } });
+Object.defineProperty(exports, "isValidCronExpression", { enumerable: true, get: function () { return cmate_constants_1.isValidCronExpression; } });
+/**
+ * @deprecated Use CONTROL_CHAR_PATTERN from '../config/cmate-constants' instead.
+ * Kept for backward compatibility with existing tests.
+ */
+exports.CONTROL_CHAR_REGEX = new RegExp(cmate_constants_1.CONTROL_CHAR_PATTERN.source, 'g');
+/** Minimum cron interval pattern (every minute) */
+exports.MIN_CRON_INTERVAL = '* * * * *';
+// =============================================================================
+// Sanitization
+// =============================================================================
+/**
+ * Remove Unicode control characters from a string.
+ * Preserves tabs (\t), newlines (\n), and carriage returns (\r).
+ *
+ * @param content - Raw string to sanitize
+ * @returns Sanitized string with control characters removed
+ */
+function sanitizeMessageContent(content) {
+    return (0, cmate_constants_1.sanitizeContent)(content);
+}
+// =============================================================================
+// Path Validation
+// =============================================================================
+/**
+ * Validate that a CMATE.md file path is within the expected worktree directory.
+ * Prevents path traversal attacks by resolving symlinks and verifying containment.
+ *
+ * @param filePath - Path to CMATE.md file
+ * @param worktreeDir - Expected worktree directory
+ * @returns true if path is valid and within worktree directory
+ * @throws Error if path traversal is detected
+ */
+function validateCmatePath(filePath, worktreeDir) {
+    const realFilePath = (0, fs_1.realpathSync)(filePath);
+    const realWorktreeDir = (0, fs_1.realpathSync)(worktreeDir);
+    // Ensure the file is within the worktree directory
+    if (!realFilePath.startsWith(realWorktreeDir + path_1.default.sep) &&
+        realFilePath !== path_1.default.join(realWorktreeDir, cmate_constants_1.CMATE_FILENAME)) {
+        throw new Error(`Path traversal detected: ${filePath} is not within ${worktreeDir}`);
+    }
+    return true;
+}
+// =============================================================================
+// Generic Markdown Table Parser
+// =============================================================================
+/**
+ * Parse a CMATE.md file into a generic structure.
+ * Returns a Map where keys are section names (from ## headers)
+ * and values are arrays of row data (each row is an array of cell values).
+ *
+ * [S1-010] Generic design: returns Map<string, string[][]>
+ *
+ * @param content - Raw CMATE.md file content
+ * @returns Map of section name to table rows
+ */
+function parseCmateFile(content) {
+    const result = new Map();
+    const lines = content.split('\n');
+    let currentSection = null;
+    let headerParsed = false;
+    let separatorParsed = false;
+    for (const line of lines) {
+        const trimmed = line.trim();
+        // Detect section headers (## SectionName)
+        const headerMatch = trimmed.match(/^##\s+(.+)$/);
+        if (headerMatch) {
+            currentSection = headerMatch[1].trim();
+            headerParsed = false;
+            separatorParsed = false;
+            if (!result.has(currentSection)) {
+                result.set(currentSection, []);
+            }
+            continue;
+        }
+        // Skip empty lines
+        if (!trimmed) {
+            continue;
+        }
+        // Skip non-table lines
+        if (!trimmed.startsWith('|')) {
+            continue;
+        }
+        if (!currentSection) {
+            continue;
+        }
+        // Parse table row
+        if (!headerParsed) {
+            // First row is header - skip it
+            headerParsed = true;
+            continue;
+        }
+        if (!separatorParsed) {
+            // Second row is separator (|---|---|) - skip it
+            if (trimmed.match(/^\|[\s-:|]+\|$/)) {
+                separatorParsed = true;
+                continue;
+            }
+            // If it's not a separator, treat it as data
+            separatorParsed = true;
+        }
+        // Parse data row
+        const cells = trimmed
+            .split('|')
+            .slice(1, -1) // Remove leading and trailing empty strings from split
+            .map((cell) => cell.trim());
+        if (cells.length > 0) {
+            result.get(currentSection).push(cells);
+        }
+    }
+    return result;
+}
+// =============================================================================
+// Schedule Section Parser
+// =============================================================================
+/**
+ * Parse the Schedules section of a CMATE.md file into typed ScheduleEntry objects.
+ *
+ * Expected table format:
+ * | Name | Cron | Message | CLI Tool | Enabled |
+ * |------|------|---------|----------|---------|
+ * | daily-review | 0 9 * * * | Review code changes | claude | true |
+ *
+ * Entries with invalid names, cron expressions, or missing required fields
+ * are silently skipped with a console.warn.
+ *
+ * @param rows - Raw table rows from parseCmateFile() for the Schedules section
+ * @returns Array of validated ScheduleEntry objects
+ */
+function parseSchedulesSection(rows) {
+    const entries = [];
+    for (const row of rows) {
+        if (entries.length >= cmate_constants_1.MAX_SCHEDULE_ENTRIES) {
+            console.warn(`[cmate-parser] Maximum schedule entries (${cmate_constants_1.MAX_SCHEDULE_ENTRIES}) reached, skipping remaining`);
+            break;
+        }
+        // Minimum required columns: Name, Cron, Message
+        if (row.length < 3) {
+            console.warn('[cmate-parser] Skipping row with insufficient columns:', row);
+            continue;
+        }
+        const [name, cronExpression, message, cliToolId, enabledStr, permissionStr] = row;
+        // Validate name
+        const sanitizedName = sanitizeMessageContent(name);
+        if (!cmate_constants_1.NAME_PATTERN.test(sanitizedName)) {
+            console.warn(`[cmate-parser] Skipping entry with invalid name: "${sanitizedName}"`);
+            continue;
+        }
+        // Validate cron expression
+        if (!(0, cmate_constants_1.isValidCronExpression)(cronExpression)) {
+            console.warn(`[cmate-parser] Skipping entry "${sanitizedName}" with invalid cron: "${cronExpression}"`);
+            continue;
+        }
+        // Sanitize message
+        const sanitizedMessage = sanitizeMessageContent(message);
+        if (!sanitizedMessage) {
+            console.warn(`[cmate-parser] Skipping entry "${sanitizedName}" with empty message`);
+            continue;
+        }
+        // Parse enabled (default: true)
+        const enabled = enabledStr === undefined ||
+            enabledStr === '' ||
+            enabledStr.toLowerCase() === 'true';
+        // Parse permission with validation
+        const resolvedCliToolId = cliToolId?.trim() || 'claude';
+        const defaultPermission = schedule_config_1.DEFAULT_PERMISSIONS[resolvedCliToolId] ?? '';
+        let permission = permissionStr?.trim() || defaultPermission;
+        // Validate permission against allowed values
+        const allowedValues = resolvedCliToolId === 'codex' ? schedule_config_1.CODEX_SANDBOXES : schedule_config_1.CLAUDE_PERMISSIONS;
+        if (permission && !allowedValues.includes(permission)) {
+            console.warn(`[cmate-parser] Invalid permission "${permission}" for ${resolvedCliToolId} in entry "${sanitizedName}", using default "${defaultPermission}"`);
+            permission = defaultPermission;
+        }
+        entries.push({
+            name: sanitizedName,
+            cronExpression: cronExpression.trim(),
+            message: sanitizedMessage,
+            cliToolId: resolvedCliToolId,
+            enabled,
+            permission,
+        });
+    }
+    return entries;
+}
+/**
+ * Read and parse a CMATE.md file from a worktree directory.
+ *
+ * @param worktreeDir - Path to the worktree directory
+ * @returns Parsed CmateConfig, or null if the file doesn't exist
+ * @throws Error if path traversal is detected
+ */
+function readCmateFile(worktreeDir) {
+    const filePath = path_1.default.join(worktreeDir, cmate_constants_1.CMATE_FILENAME);
+    try {
+        // Validate path before reading
+        validateCmatePath(filePath, worktreeDir);
+        const content = (0, fs_1.readFileSync)(filePath, 'utf-8');
+        return parseCmateFile(content);
+    }
+    catch (error) {
+        if (error instanceof Error &&
+            'code' in error &&
+            error.code === 'ENOENT') {
+            return null;
+        }
+        throw error;
+    }
+}

package/dist/server/src/lib/db-instance.js

@@ -45,6 +45,9 @@ function getDbInstance() {
             fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
         }
         dbInstance = new better_sqlite3_1.default(dbPath);
+        // Issue #294: Enable foreign key enforcement BEFORE migrations
+        // This ensures ON DELETE CASCADE works correctly for all tables
+        dbInstance.pragma('foreign_keys = ON');
         (0, db_migrations_1.runMigrations)(dbInstance);
     }
     return dbInstance;