npm - npm-cli-gh-issue-preparator - Versions diffs - 1.2.0 → 1.3.0 - Mend

npm-cli-gh-issue-preparator 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,15 @@
+# [1.3.0](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/compare/v1.2.0...v1.3.0) (2026-01-12)
+### Bug Fixes
+* prevent command injection in xfce4-terminal spawn ([0a4e008](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/commit/0a4e008749b293cd1f1d311ad08adfc9f37033c3))
+### Features
+* **src:** create CopilotRepository ([c79ed81](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/commit/c79ed8127342a5aa58fc2f83b10334bbb0fc6a0d)), closes [#38](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/issues/38)
 # [1.2.0](https://github.com/HiromiShikata/npm-cli-gh-issue-preparator/compare/v1.1.0...v1.2.0) (2026-01-12)

package/bin/adapter/repositories/Xfce4TerminalCopilotRepository.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Xfce4TerminalCopilotRepository = void 0;
+const child_process_1 = require("child_process");
+class Xfce4TerminalCopilotRepository {
+    escapeForSingleQuotes(str) {
+        return str.replace(/'/g, "'\\''");
+    }
+    run(prompt, model, processTitle) {
+        const escapedPrompt = this.escapeForSingleQuotes(prompt);
+        const escapedTitle = this.escapeForSingleQuotes(processTitle);
+        const innerCommand = `copilot --model ${model} --allow-all-tools -p '${escapedPrompt}'`;
+        const escapedInnerCommand = this.escapeForSingleQuotes(innerCommand);
+        const title = `gh-issue-preparator: ${escapedTitle}`;
+        const child = (0, child_process_1.spawn)('xfce4-terminal', ['-T', title, '-e', `bash -c '${escapedInnerCommand}'`], {
+            detached: true,
+            stdio: 'ignore',
+        });
+        child.on('error', () => {
+            // Intentionally empty - fire-and-forget behavior
+            // Errors are silently ignored as this is a background terminal spawn
+        });
+        child.unref();
+    }
+}
+exports.Xfce4TerminalCopilotRepository = Xfce4TerminalCopilotRepository;
+//# sourceMappingURL=Xfce4TerminalCopilotRepository.js.map

package/bin/adapter/repositories/Xfce4TerminalCopilotRepository.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Xfce4TerminalCopilotRepository.js","sourceRoot":"","sources":["../../../src/adapter/repositories/Xfce4TerminalCopilotRepository.ts"],"names":[],"mappings":";;;AACA,iDAAsC;AAEtC,MAAa,8BAA8B;IACjC,qBAAqB,CAAC,GAAW;QACvC,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,GAAG,CAAC,MAAc,EAAE,KAAmB,EAAE,YAAoB;QAC3D,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,mBAAmB,KAAK,0BAA0B,aAAa,GAAG,CAAC;QACxF,MAAM,mBAAmB,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,wBAAwB,YAAY,EAAE,CAAC;QAErD,MAAM,KAAK,GAAG,IAAA,qBAAK,EACjB,gBAAgB,EAChB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,mBAAmB,GAAG,CAAC,EACvD;YACE,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,QAAQ;SAChB,CACF,CAAC;QAEF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,iDAAiD;YACjD,qEAAqE;QACvE,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;CACF;AA5BD,wEA4BC"}

package/bin/domain/usecases/adapter-interfaces/CopilotRepository.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=CopilotRepository.js.map

package/bin/domain/usecases/adapter-interfaces/CopilotRepository.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"CopilotRepository.js","sourceRoot":"","sources":["../../../../src/domain/usecases/adapter-interfaces/CopilotRepository.ts"],"names":[],"mappings":""}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "npm-cli-gh-issue-preparator",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "",
   "main": "bin/index.js",
   "scripts": {

package/src/adapter/repositories/Xfce4TerminalCopilotRepository.test.ts ADDED Viewed

@@ -0,0 +1,143 @@
+const mockUnref = jest.fn();
+const mockOn = jest.fn();
+const mockSpawn = jest.fn(() => ({ on: mockOn, unref: mockUnref }));
+jest.mock('child_process', () => ({
+  spawn: mockSpawn,
+}));
+import { Xfce4TerminalCopilotRepository } from './Xfce4TerminalCopilotRepository';
+describe('Xfce4TerminalCopilotRepository', () => {
+  let repository: Xfce4TerminalCopilotRepository;
+  beforeEach(() => {
+    jest.clearAllMocks();
+    repository = new Xfce4TerminalCopilotRepository();
+  });
+  describe('run', () => {
+    it('should spawn xfce4-terminal with correct arguments', () => {
+      repository.run('test prompt', 'gpt-5-mini', 'test-process');
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        [
+          '-T',
+          'gh-issue-preparator: test-process',
+          '-e',
+          "bash -c 'copilot --model gpt-5-mini --allow-all-tools -p '\\''test prompt'\\'''",
+        ],
+        {
+          detached: true,
+          stdio: 'ignore',
+        },
+      );
+      expect(mockOn).toHaveBeenCalledWith('error', expect.any(Function));
+      expect(mockUnref).toHaveBeenCalled();
+    });
+    it('should escape single quotes in prompt to prevent command injection', () => {
+      repository.run(
+        "prompt with 'single quotes'",
+        'gpt-5-mini',
+        'test-process',
+      );
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        [
+          '-T',
+          'gh-issue-preparator: test-process',
+          '-e',
+          "bash -c 'copilot --model gpt-5-mini --allow-all-tools -p '\\''prompt with '\\''\\'\\'''\\''single quotes'\\''\\'\\'''\\'''\\'''",
+        ],
+        {
+          detached: true,
+          stdio: 'ignore',
+        },
+      );
+    });
+    it('should escape backticks in prompt to prevent command injection', () => {
+      repository.run('prompt with `backticks`', 'gpt-5-mini', 'test-process');
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        [
+          '-T',
+          'gh-issue-preparator: test-process',
+          '-e',
+          "bash -c 'copilot --model gpt-5-mini --allow-all-tools -p '\\''prompt with `backticks`'\\'''",
+        ],
+        {
+          detached: true,
+          stdio: 'ignore',
+        },
+      );
+    });
+    it('should escape command substitution in prompt to prevent injection', () => {
+      repository.run('prompt with $(whoami)', 'gpt-5-mini', 'test-process');
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        [
+          '-T',
+          'gh-issue-preparator: test-process',
+          '-e',
+          "bash -c 'copilot --model gpt-5-mini --allow-all-tools -p '\\''prompt with $(whoami)'\\'''",
+        ],
+        {
+          detached: true,
+          stdio: 'ignore',
+        },
+      );
+    });
+    it('should escape single quotes in processTitle', () => {
+      repository.run('prompt', 'gpt-5-mini', "title with 'quotes'");
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        [
+          '-T',
+          "gh-issue-preparator: title with '\\''quotes'\\''",
+          '-e',
+          "bash -c 'copilot --model gpt-5-mini --allow-all-tools -p '\\''prompt'\\'''",
+        ],
+        {
+          detached: true,
+          stdio: 'ignore',
+        },
+      );
+    });
+    it('should set correct window title', () => {
+      repository.run('prompt', 'gpt-5-mini', 'my-custom-title');
+      expect(mockSpawn).toHaveBeenCalledWith(
+        'xfce4-terminal',
+        expect.arrayContaining(['-T', 'gh-issue-preparator: my-custom-title']),
+        expect.any(Object),
+      );
+    });
+    it('should register error handler and silently ignore errors', () => {
+      let capturedHandler: ((error: Error) => void) | undefined;
+      mockOn.mockImplementation(
+        (event: string, handler: (error: Error) => void) => {
+          if (event === 'error') {
+            capturedHandler = handler;
+          }
+        },
+      );
+      repository.run('test', 'gpt-5-mini', 'test');
+      expect(mockOn).toHaveBeenCalledWith('error', expect.any(Function));
+      expect(capturedHandler).toBeDefined();
+      expect(() => capturedHandler?.(new Error('spawn failed'))).not.toThrow();
+    });
+  });
+});

package/src/adapter/repositories/Xfce4TerminalCopilotRepository.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { CopilotRepository } from '../../domain/usecases/adapter-interfaces/CopilotRepository';
+import { spawn } from 'child_process';
+export class Xfce4TerminalCopilotRepository implements CopilotRepository {
+  private escapeForSingleQuotes(str: string): string {
+    return str.replace(/'/g, "'\\''");
+  }
+  run(prompt: string, model: 'gpt-5-mini', processTitle: string): void {
+    const escapedPrompt = this.escapeForSingleQuotes(prompt);
+    const escapedTitle = this.escapeForSingleQuotes(processTitle);
+    const innerCommand = `copilot --model ${model} --allow-all-tools -p '${escapedPrompt}'`;
+    const escapedInnerCommand = this.escapeForSingleQuotes(innerCommand);
+    const title = `gh-issue-preparator: ${escapedTitle}`;
+    const child = spawn(
+      'xfce4-terminal',
+      ['-T', title, '-e', `bash -c '${escapedInnerCommand}'`],
+      {
+        detached: true,
+        stdio: 'ignore',
+      },
+    );
+    child.on('error', () => {
+      // Intentionally empty - fire-and-forget behavior
+      // Errors are silently ignored as this is a background terminal spawn
+    });
+    child.unref();
+  }
+}

package/src/domain/usecases/adapter-interfaces/CopilotRepository.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export interface CopilotRepository {
+  run(prompt: string, model: 'gpt-5-mini', processTitle: string): void;
+}

package/types/adapter/repositories/Xfce4TerminalCopilotRepository.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { CopilotRepository } from '../../domain/usecases/adapter-interfaces/CopilotRepository';
+export declare class Xfce4TerminalCopilotRepository implements CopilotRepository {
+    private escapeForSingleQuotes;
+    run(prompt: string, model: 'gpt-5-mini', processTitle: string): void;
+}
+//# sourceMappingURL=Xfce4TerminalCopilotRepository.d.ts.map

package/types/adapter/repositories/Xfce4TerminalCopilotRepository.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"Xfce4TerminalCopilotRepository.d.ts","sourceRoot":"","sources":["../../../src/adapter/repositories/Xfce4TerminalCopilotRepository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4DAA4D,CAAC;AAG/F,qBAAa,8BAA+B,YAAW,iBAAiB;IACtE,OAAO,CAAC,qBAAqB;IAI7B,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;CAuBrE"}

package/types/domain/usecases/adapter-interfaces/CopilotRepository.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export interface CopilotRepository {
+    run(prompt: string, model: 'gpt-5-mini', processTitle: string): void;
+}
+//# sourceMappingURL=CopilotRepository.d.ts.map

package/types/domain/usecases/adapter-interfaces/CopilotRepository.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"CopilotRepository.d.ts","sourceRoot":"","sources":["../../../../src/domain/usecases/adapter-interfaces/CopilotRepository.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CACtE"}