erne-universal 0.10.2 → 0.10.4

package/dashboard/server.js

@@ -431,8 +431,13 @@ function handleContextApi(req, res, urlPath, body) {
   }
 
   try {
-    // POST /api/context/execute — sandbox execution
+    // POST /api/context/execute — sandbox execution (env-gated)
     if (urlPath === '/api/context/execute' && req.method === 'POST') {
+      if (process.env.ERNE_ALLOW_EXECUTE !== 'true') {
+        res.writeHead(403, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'Execute endpoint disabled. Set ERNE_ALLOW_EXECUTE=true to enable.' }));
+        return;
+      }
       const { command, original_tool, timeout = 30000 } = JSON.parse(body);
       const cwd = process.env.ERNE_PROJECT_DIR || process.cwd();
       execFile('sh', ['-c', command], { cwd, timeout, maxBuffer: 1024 * 1024 }, (err, stdout, stderr) => {
@@ -601,8 +606,23 @@ const server = http.createServer(async (req, res) => {
   const urlPath = req.url.split('?')[0];
   if (urlPath.startsWith('/api/context/')) {
     let body = '';
-    req.on('data', chunk => body += chunk);
-    req.on('end', () => handleContextApi(req, res, urlPath, body));
+    let bodyBytes = 0;
+    req.on('data', chunk => {
+      bodyBytes += chunk.length;
+      if (bodyBytes > MAX_PAYLOAD_BYTES) {
+        req.destroy();
+        return;
+      }
+      body += chunk;
+    });
+    req.on('end', () => {
+      if (bodyBytes > MAX_PAYLOAD_BYTES) {
+        res.writeHead(413, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'Payload too large' }));
+        return;
+      }
+      handleContextApi(req, res, urlPath, body);
+    });
     return;
   }
 

package/lib/audit-cli.js

@@ -295,7 +295,7 @@ function postDashboardEvent(data) {
 
     const req = http.request({
       hostname: 'localhost',
-      port: 3333,
+      port: parseInt(process.env.ERNE_DASHBOARD_PORT || '3333', 10),
       path: '/api/events',
       method: 'POST',
       headers: {

package/lib/dashboard.js

@@ -96,14 +96,14 @@ async function ensureHooksConfigured() {
           event: 'PreToolUse',
           pattern: 'Agent',
           script: 'dashboard-event.js',
-          command: 'node scripts/hooks/run-with-flags.js dashboard-event.js',
+          command: 'node node_modules/erne-universal/scripts/hooks/run-with-flags.js dashboard-event.js',
           profiles: ['minimal', 'standard', 'strict'],
         },
         {
           event: 'PostToolUse',
           pattern: 'Agent',
           script: 'dashboard-event.js',
-          command: 'node scripts/hooks/run-with-flags.js dashboard-event.js',
+          command: 'node node_modules/erne-universal/scripts/hooks/run-with-flags.js dashboard-event.js',
           profiles: ['minimal', 'standard', 'strict'],
         }
       );
@@ -112,7 +112,7 @@ async function ensureHooksConfigured() {
       const dashboardHook = {
         pattern: 'Agent',
         script: 'dashboard-event.js',
-        command: 'node scripts/hooks/run-with-flags.js dashboard-event.js',
+        command: 'node node_modules/erne-universal/scripts/hooks/run-with-flags.js dashboard-event.js',
         profiles: ['minimal', 'standard', 'strict'],
       };
       if (!data.PreToolUse) data.PreToolUse = [];
@@ -157,7 +157,7 @@ async function dashboard() {
 
   // Ensure ws dependency is installed
   const dashboardDir = path.resolve(__dirname, '..', 'dashboard');
-  if (!fs.existsSync(path.join(dashboardDir, 'node_modules', 'ws'))) {
+  if (!fs.existsSync(path.join(dashboardDir, 'node_modules', 'better-sqlite3'))) {
     console.log('  Installing dashboard dependencies...');
     require('child_process').execSync('npm install --production', { cwd: dashboardDir, stdio: 'ignore' });
   }

package/lib/doctor.js

@@ -146,7 +146,6 @@ async function autoFix(cwd, findings) {
       } catch {
         // tsconfig.json may contain comments (JSON5) — skip auto-fix
         fixes.push('Skipped strict mode: tsconfig.json contains comments (edit manually)');
-        return fixes;
       }
       // If tsconfig extends a base config, the base likely already sets strict
       if (tsconfig.extends) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "erne-universal",
-  "version": "0.10.2",
+  "version": "0.10.4",
   "description": "Complete AI coding agent harness for React Native and Expo development",
   "keywords": [
     "react-native",
@@ -45,7 +45,6 @@
     "docs/commands.md",
     "docs/hooks-profiles.md",
     "docs/creating-skills.md",
-    "docs/assets/",
     "install.sh",
     "CLAUDE.md",
     "AGENTS.md",
@@ -60,7 +59,7 @@
     "node": ">=18"
   },
   "scripts": {
-    "test": "node --test tests/*.test.js tests/hooks/*.test.js tests/context/*.test.js tests/worker/*.test.js",
+    "test": "node --test tests/*.test.js tests/hooks/*.test.js tests/worker/*.test.js",
     "lint": "eslint lib/ scripts/ bin/",
     "lint:agents": "node scripts/lint-agents.js",
     "lint:content": "node scripts/lint-content.js",

package/scripts/hooks/dashboard-event.js

@@ -25,6 +25,7 @@ const AGENT_KEYWORDS = [
   'architect', 'code-reviewer', 'tdd-guide', 'performance-profiler',
   'native-bridge-builder', 'expo-config-resolver', 'ui-designer', 'upgrade-assistant',
   'senior-developer', 'feature-builder', 'pipeline-orchestrator', 'visual-debugger',
+  'documentation-generator',
 ];
 
 function detectAgent(text) {

package/worker/interpolate.js

@@ -27,11 +27,13 @@ function sanitizeTitle(title) {
  * Build standard template variables from a ticket and agent name.
  */
 function buildTaskVars(ticket, agent) {
-  const id = ticket && ticket.id ? String(ticket.id) : '';
+  const rawId = ticket && ticket.id ? String(ticket.id) : '';
+  const id = rawId.replace(/[`'$\\]/g, '').replace(/[\r\n]+/g, ' ').trim();
   const rawTitle = ticket && ticket.title ? String(ticket.title) : '';
   const title = sanitizeTitle(rawTitle);
   const provider = ticket && ticket.provider ? String(ticket.provider) : '';
-  const url = ticket && ticket.url ? String(ticket.url) : '';
+  const rawUrl = ticket && ticket.url ? String(ticket.url) : '';
+  const url = rawUrl.replace(/[`'$\\]/g, '').replace(/[\r\n]+/g, ' ').trim();
 
   const branchId = id.replace(/[^a-zA-Z0-9-]/g, '-').toLowerCase();
   const branch = `${agent || 'worker'}/task-${branchId}`;

package/worker/pipeline.js

@@ -11,6 +11,7 @@ const { selfReview } = require('./self-reviewer');
 const { runTests } = require('./test-verifier');
 const { calculateHealthDelta } = require('./health-delta');
 const { publishDashboardEvent } = require('./dashboard-events');
+const { calculateConfidence } = require('./confidence-scorer');
 
 /**
  * Execute the full per-ticket pipeline.
@@ -89,6 +90,7 @@ async function executePipeline({ ticket, config, provider, auditData, stackInfo,
       passed: testResults.passed,
     });
 
+    let testsFailing = false;
     if (!testResults.passed) {
       // Auto-fix attempt: feed test errors back to Claude and retry once
       logger.info('Tests failed — attempting auto-fix');
@@ -108,10 +110,13 @@ async function executePipeline({ ticket, config, provider, auditData, stackInfo,
           autoFixAttempt: true,
         });
       }
+      if (!testResults.passed) {
+        testsFailing = true;
+        logger.warn('Tests still failing after auto-fix attempt');
+      }
     }
 
     // 5g. Health delta
-    const { calculateConfidence } = require('./confidence-scorer');
     const confidenceResult = calculateConfidence(ticket, auditData, context);
     const healthDelta = calculateHealthDelta({
       testResults,
@@ -137,13 +142,14 @@ async function executePipeline({ ticket, config, provider, auditData, stackInfo,
       }
     }
 
-    // 5i. Return success
+    // 5i. Return success (PR is still created even if tests fail per spec)
     return {
       success: true,
-      output: execResult.output,
+      output: testsFailing ? `[TESTS FAILING] ${execResult.output}` : execResult.output,
       agent,
       confidence: confidenceResult,
       testResults,
+      testsFailing,
       healthDelta,
       selfReview: reviewResult,
     };

package/worker/worktree.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const { execSync } = require('child_process');
+const { execFileSync } = require('child_process');
 const path = require('path');
 const os = require('os');
 
@@ -13,7 +13,7 @@ function createWorktree(repoPath, branch, logger) {
 
   try {
     // Try creating a new branch from main
-    execSync(`git worktree add -b ${branch} ${worktreePath} main`, {
+    execFileSync('git', ['worktree', 'add', '-b', branch, worktreePath, 'main'], {
       cwd: repoPath,
       stdio: 'pipe',
     });
@@ -21,7 +21,7 @@ function createWorktree(repoPath, branch, logger) {
   } catch {
     // Branch may already exist — try attaching to existing branch
     try {
-      execSync(`git worktree add ${worktreePath} ${branch}`, {
+      execFileSync('git', ['worktree', 'add', worktreePath, branch], {
         cwd: repoPath,
         stdio: 'pipe',
       });
@@ -40,7 +40,7 @@ function createWorktree(repoPath, branch, logger) {
  */
 function removeWorktree(repoPath, worktreePath, logger) {
   try {
-    execSync(`git worktree remove --force ${worktreePath}`, {
+    execFileSync('git', ['worktree', 'remove', '--force', worktreePath], {
       cwd: repoPath,
       stdio: 'pipe',
     });