gsd-pi 2.5.0 → 2.6.0

package/src/resources/extensions/gsd/tests/git-service.test.ts

@@ -7,6 +7,7 @@ import {
   inferCommitType,
   GitServiceImpl,
   RUNTIME_EXCLUSION_PATHS,
+  VALID_BRANCH_NAME,
   runGit,
   type GitPreferences,
   type CommitOptions,
@@ -452,6 +453,49 @@ async function main(): Promise<void> {
     rmSync(repo, { recursive: true, force: true });
   }
 
+  // ─── GitServiceImpl: autoCommit with extraExclusions ───────────────────
+
+  console.log("\n=== GitServiceImpl: autoCommit with extraExclusions ===");
+
+  {
+    const repo = initTempRepo();
+    const svc = new GitServiceImpl(repo);
+
+    // Create both a .gsd/ planning file and a regular source file
+    createFile(repo, ".gsd/milestones/M001/M001-ROADMAP.md", "- [x] S01");
+    createFile(repo, "src/feature.ts", "export const y = 2;");
+
+    // Auto-commit with .gsd/ excluded (simulates pre-switch)
+    const msg = svc.autoCommit("pre-switch", "main", [".gsd/"]);
+    assertEq(msg, "chore(main): auto-commit after pre-switch", "pre-switch autoCommit with .gsd/ exclusion commits");
+
+    // Verify .gsd/ file was NOT committed
+    const show = run("git show --stat HEAD", repo);
+    assert(!show.includes("ROADMAP"), ".gsd/ files excluded from pre-switch auto-commit");
+    assert(show.includes("feature.ts"), "non-.gsd/ files included in pre-switch auto-commit");
+
+    rmSync(repo, { recursive: true, force: true });
+  }
+
+  // ─── GitServiceImpl: autoCommit extraExclusions — only .gsd/ dirty ────
+
+  console.log("\n=== GitServiceImpl: autoCommit extraExclusions — only .gsd/ dirty ===");
+
+  {
+    const repo = initTempRepo();
+    const svc = new GitServiceImpl(repo);
+
+    // Create only .gsd/ planning files
+    createFile(repo, ".gsd/milestones/M001/M001-ROADMAP.md", "- [x] S01");
+    createFile(repo, ".gsd/STATE.md", "state content");
+
+    // Auto-commit with .gsd/ excluded — nothing else to commit
+    const result = svc.autoCommit("pre-switch", "main", [".gsd/"]);
+    assertEq(result, null, "autoCommit returns null when only .gsd/ files are dirty and excluded");
+
+    rmSync(repo, { recursive: true, force: true });
+  }
+
   // ─── GitServiceImpl: commit returns null when nothing staged ───────────
 
   console.log("\n=== GitServiceImpl: commit empty ===");
@@ -1230,6 +1274,68 @@ async function main(): Promise<void> {
     rmSync(repo, { recursive: true, force: true });
   }
 
+  // ─── VALID_BRANCH_NAME regex ──────────────────────────────────────────
+
+  console.log("\n=== VALID_BRANCH_NAME regex ===");
+
+  {
+    // Valid branch names
+    assert(VALID_BRANCH_NAME.test("main"), "VALID_BRANCH_NAME accepts 'main'");
+    assert(VALID_BRANCH_NAME.test("master"), "VALID_BRANCH_NAME accepts 'master'");
+    assert(VALID_BRANCH_NAME.test("develop"), "VALID_BRANCH_NAME accepts 'develop'");
+    assert(VALID_BRANCH_NAME.test("feature/foo"), "VALID_BRANCH_NAME accepts 'feature/foo'");
+    assert(VALID_BRANCH_NAME.test("release-1.0"), "VALID_BRANCH_NAME accepts 'release-1.0'");
+    assert(VALID_BRANCH_NAME.test("my_branch"), "VALID_BRANCH_NAME accepts 'my_branch'");
+    assert(VALID_BRANCH_NAME.test("v2.0.1"), "VALID_BRANCH_NAME accepts 'v2.0.1'");
+
+    // Invalid / injection attempts
+    assert(!VALID_BRANCH_NAME.test("main; rm -rf /"), "VALID_BRANCH_NAME rejects shell injection");
+    assert(!VALID_BRANCH_NAME.test("main && echo pwned"), "VALID_BRANCH_NAME rejects && injection");
+    assert(!VALID_BRANCH_NAME.test(""), "VALID_BRANCH_NAME rejects empty string");
+    assert(!VALID_BRANCH_NAME.test("branch name"), "VALID_BRANCH_NAME rejects spaces");
+    assert(!VALID_BRANCH_NAME.test("branch`cmd`"), "VALID_BRANCH_NAME rejects backticks");
+    assert(!VALID_BRANCH_NAME.test("branch$(cmd)"), "VALID_BRANCH_NAME rejects $() subshell");
+  }
+
+  // ─── getMainBranch: configured main_branch preference ──────────────────
+
+  console.log("\n=== getMainBranch: configured main_branch ===");
+
+  {
+    const repo = initBranchTestRepo();
+    const svc = new GitServiceImpl(repo, { main_branch: "trunk" });
+
+    assertEq(svc.getMainBranch(), "trunk", "getMainBranch returns configured main_branch preference");
+
+    rmSync(repo, { recursive: true, force: true });
+  }
+
+  // ─── getMainBranch: falls back to auto-detection when not set ──────────
+
+  console.log("\n=== getMainBranch: fallback to auto-detection ===");
+
+  {
+    const repo = initBranchTestRepo();
+    const svc = new GitServiceImpl(repo, {});
+
+    assertEq(svc.getMainBranch(), "main", "getMainBranch falls back to auto-detection when main_branch not set");
+
+    rmSync(repo, { recursive: true, force: true });
+  }
+
+  // ─── getMainBranch: ignores invalid branch names ───────────────────────
+
+  console.log("\n=== getMainBranch: ignores invalid branch name ===");
+
+  {
+    const repo = initBranchTestRepo();
+    const svc = new GitServiceImpl(repo, { main_branch: "main; rm -rf /" });
+
+    assertEq(svc.getMainBranch(), "main", "getMainBranch ignores invalid branch name and falls back to auto-detection");
+
+    rmSync(repo, { recursive: true, force: true });
+  }
+
   // ─── PreMergeCheckResult type export compile check ─────────────────────
 
   console.log("\n=== PreMergeCheckResult type export ===");

package/src/resources/extensions/gsd/tests/manifest-status.test.ts

@@ -0,0 +1,283 @@
+/**
+ * Tests for getManifestStatus() — the S01→S02 boundary contract.
+ *
+ * Verifies that manifest entries are correctly categorized into
+ * pending, collected, skipped, and existing arrays based on
+ * manifest status and environment presence.
+ *
+ * Uses temp directories with real .gsd/milestones/M001/ structure.
+ */
+
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdirSync, writeFileSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { getManifestStatus } from '../files.ts';
+
+function makeTempDir(prefix: string): string {
+  const dir = join(tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+/** Create the .gsd/milestones/M001/ directory structure and write a secrets manifest. */
+function writeManifest(base: string, content: string): void {
+  const mDir = join(base, '.gsd', 'milestones', 'M001');
+  mkdirSync(mDir, { recursive: true });
+  writeFileSync(join(mDir, 'M001-SECRETS.md'), content);
+}
+
+// ─── Mixed statuses ──────────────────────────────────────────────────────────
+
+test('getManifestStatus: mixed statuses — categorizes entries correctly', async () => {
+  const tmp = makeTempDir('manifest-mixed');
+  const savedVal = process.env.GSD_TEST_EXISTING_KEY_001;
+  try {
+    process.env.GSD_TEST_EXISTING_KEY_001 = 'some-value';
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### PENDING_KEY
+
+**Service:** SomeService
+**Status:** pending
+**Destination:** dotenv
+
+1. Get the key
+
+### COLLECTED_KEY
+
+**Service:** AnotherService
+**Status:** collected
+**Destination:** dotenv
+
+1. Already collected
+
+### SKIPPED_KEY
+
+**Service:** OptionalService
+**Status:** skipped
+**Destination:** dotenv
+
+1. Not needed
+
+### GSD_TEST_EXISTING_KEY_001
+
+**Service:** EnvService
+**Status:** pending
+**Destination:** dotenv
+
+1. Already in env
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null, 'should not be null');
+    assert.deepStrictEqual(result!.pending, ['PENDING_KEY']);
+    assert.deepStrictEqual(result!.collected, ['COLLECTED_KEY']);
+    assert.deepStrictEqual(result!.skipped, ['SKIPPED_KEY']);
+    assert.deepStrictEqual(result!.existing, ['GSD_TEST_EXISTING_KEY_001']);
+  } finally {
+    delete process.env.GSD_TEST_EXISTING_KEY_001;
+    if (savedVal !== undefined) process.env.GSD_TEST_EXISTING_KEY_001 = savedVal;
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── All pending ─────────────────────────────────────────────────────────────
+
+test('getManifestStatus: all pending — 3 pending entries, none in env', async () => {
+  const tmp = makeTempDir('manifest-pending');
+  try {
+    // Ensure none of these are in process.env
+    delete process.env.PEND_A;
+    delete process.env.PEND_B;
+    delete process.env.PEND_C;
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### PEND_A
+
+**Service:** A
+**Status:** pending
+**Destination:** dotenv
+
+1. Step one
+
+### PEND_B
+
+**Service:** B
+**Status:** pending
+**Destination:** dotenv
+
+1. Step one
+
+### PEND_C
+
+**Service:** C
+**Status:** pending
+**Destination:** dotenv
+
+1. Step one
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null);
+    assert.deepStrictEqual(result!.pending, ['PEND_A', 'PEND_B', 'PEND_C']);
+    assert.deepStrictEqual(result!.collected, []);
+    assert.deepStrictEqual(result!.skipped, []);
+    assert.deepStrictEqual(result!.existing, []);
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── All collected ───────────────────────────────────────────────────────────
+
+test('getManifestStatus: all collected — 2 collected entries, none in env', async () => {
+  const tmp = makeTempDir('manifest-collected');
+  try {
+    delete process.env.COLL_X;
+    delete process.env.COLL_Y;
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### COLL_X
+
+**Service:** X
+**Status:** collected
+**Destination:** dotenv
+
+1. Done
+
+### COLL_Y
+
+**Service:** Y
+**Status:** collected
+**Destination:** dotenv
+
+1. Done
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null);
+    assert.deepStrictEqual(result!.pending, []);
+    assert.deepStrictEqual(result!.collected, ['COLL_X', 'COLL_Y']);
+    assert.deepStrictEqual(result!.skipped, []);
+    assert.deepStrictEqual(result!.existing, []);
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Key in env overrides manifest status ────────────────────────────────────
+
+test('getManifestStatus: key in env overrides manifest status — collected key in env goes to existing', async () => {
+  const tmp = makeTempDir('manifest-override');
+  const savedVal = process.env.GSD_TEST_OVERRIDE_KEY;
+  try {
+    process.env.GSD_TEST_OVERRIDE_KEY = 'already-here';
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### GSD_TEST_OVERRIDE_KEY
+
+**Service:** Override
+**Status:** collected
+**Destination:** dotenv
+
+1. Was collected but now in env
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null);
+    assert.deepStrictEqual(result!.pending, []);
+    assert.deepStrictEqual(result!.collected, []);
+    assert.deepStrictEqual(result!.skipped, []);
+    assert.deepStrictEqual(result!.existing, ['GSD_TEST_OVERRIDE_KEY']);
+  } finally {
+    delete process.env.GSD_TEST_OVERRIDE_KEY;
+    if (savedVal !== undefined) process.env.GSD_TEST_OVERRIDE_KEY = savedVal;
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Missing manifest ────────────────────────────────────────────────────────
+
+test('getManifestStatus: missing manifest — returns null', async () => {
+  const tmp = makeTempDir('manifest-missing');
+  try {
+    // No .gsd directory at all
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.strictEqual(result, null);
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Empty manifest (no entries) ─────────────────────────────────────────────
+
+test('getManifestStatus: empty manifest — exists but no H3 sections', async () => {
+  const tmp = makeTempDir('manifest-empty');
+  try {
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null);
+    assert.deepStrictEqual(result!.pending, []);
+    assert.deepStrictEqual(result!.collected, []);
+    assert.deepStrictEqual(result!.skipped, []);
+    assert.deepStrictEqual(result!.existing, []);
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Env via .env file (not just process.env) ────────────────────────────────
+
+test('getManifestStatus: key in .env file counts as existing', async () => {
+  const tmp = makeTempDir('manifest-dotenv');
+  try {
+    delete process.env.DOTENV_ONLY_KEY;
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### DOTENV_ONLY_KEY
+
+**Service:** DotenvService
+**Status:** pending
+**Destination:** dotenv
+
+1. Get key
+`);
+
+    // Write a .env file at the project root with the key
+    writeFileSync(join(tmp, '.env'), 'DOTENV_ONLY_KEY=from-dotenv-file\n');
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null);
+    assert.deepStrictEqual(result!.existing, ['DOTENV_ONLY_KEY']);
+    assert.deepStrictEqual(result!.pending, []);
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});