fix(opencode/tools): normalize backslashes cross-platform + github-coordination branch coverage#2459
Conversation
…ation test coverage Split out of the dev-team/story-lifecycle/project-context sibling PRs per affaan-m's review: these two changes were duplicated verbatim across all three and caused mutual merge conflicts. Landing them here once lets each skill PR rebase to a skill-only diff. - format-code: split/join on path.sep missed backslashes on non-Windows hosts; explicit .replace(/\\/g, "/") closes the gap. - github-coordination: branch coverage tests for parsing, state, policy, and store modules, raising coverage to 80.0%.
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
📜 Recent review details⏰ Context from checks skipped due to timeout. (23)
🧰 Additional context used📓 Path-based instructions (13)**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)
Files:
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Files:
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Files:
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Files:
**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Files:
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Files:
**/*.{ts,tsx,js,jsx}📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)
Files:
**/*.{test,spec}.{js,ts,jsx,tsx}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
**/*.{js,ts,jsx,tsx}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
**/*.{js,ts,jsx,tsx,json,env*}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
**/*.{js,ts}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
**/*.{jsx,tsx,js,ts}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
**/*.{js,ts,env*}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
🔇 Additional comments (2)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR tightens formatter path normalization for Windows-style separators and adds new branch-coverage tests for github-coordination parsing/state, policy loading, and store behavior. ChangesWindows Path Normalization Fix
GitHub Coordination Test Coverage
Estimated code review effort: 3 (Moderate) | ~25 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Adds skills/dev-team/SKILL.md, a community skill inspired by the BMAD Method's "party mode": PM, Architect, Developer, and QA respond to the same topic in parallel, then a synthesis step names tensions explicitly instead of averaging them. Reads PROJECT-CONTEXT.md from the repo root when present, and offers to generate it when missing, folding in the closed project-context skill's (affaan-m#2310) generation workflow per affaan-m's review — that skill's premise (every agent reads the file) wasn't implemented anywhere, so the capability now lives directly in the one skill that actually reads it. Rebuilt on current upstream/main as a skill-only diff: the shared format-code.ts Windows fix and github-coordination branch-coverage tests that were previously bundled here (and duplicated across the story-lifecycle and project-context sibling PRs) now live in affaan-m#2459.
|
| Filename | Overview |
|---|---|
| .opencode/tools/format-code.ts | Replaces split/join path normalisation with a regex replace to also handle backslashes passed on Linux CI — clean, minimal change. |
| tests/opencode-tools.test.js | Adds one test case that passes a Windows-style backslash path on Linux CI and asserts forward slashes appear in the emitted formatter command. |
| tests/lib/github-coordination-branches.test.js | New branch-coverage tests for parsing.js and state.js; uses a try-finally pattern to safely restore process.stderr.write after monkey-patching. |
| tests/lib/github-coordination-policy.test.js | New tests covering all loadPolicy branches (missing file, invalid JSON, non-object root, per-field merging/fallback). |
| tests/lib/github-coordination-store.test.js | New tests for store.js — covers null/undefined store guards, all optional field branches, and one async openStore test wired up with a closure-based counter. |
Reviews (2): Last reviewed commit: "fix(pr-2459): address bot review finding..." | Re-trigger Greptile
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@tests/lib/github-coordination-branches.test.js`:
- Around line 28-38: The local test runner helper is duplicated across the new
GitHub coordination test files, so extract the shared test(name, fn) harness
into a common tests/lib/test-helpers.js module. Update
github-coordination-branches.test.js, github-coordination-policy.test.js, and
github-coordination-store.test.js to import and use the shared helper instead of
keeping identical inline copies, so reporter behavior only needs to be
maintained in one place.
- Around line 225-229: The test name in verifyDependenciesClosed is claiming a
stderr warning path that the assertion does not cover. Either update the test
name in tests/lib/github-coordination-branches.test.js to describe only the
returned empty result, or add an assertion with a console.warn/console.error spy
in the same test so the warning behavior is actually verified alongside the
existing verifyDependenciesClosed call.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: a2725fff-d192-4b8c-bf00-d0dd3a8d15b6
📒 Files selected for processing (5)
.opencode/tools/format-code.tstests/lib/github-coordination-branches.test.jstests/lib/github-coordination-policy.test.jstests/lib/github-coordination-store.test.jstests/opencode-tools.test.js
📜 Review details
⏰ Context from checks skipped due to timeout. (23)
- GitHub Check: Greptile Review
- GitHub Check: Test (ubuntu-latest, Node 20.x, pnpm)
- GitHub Check: Test (windows-latest, Node 22.x, pnpm)
- GitHub Check: Test (windows-latest, Node 20.x, pnpm)
- GitHub Check: Test (macos-latest, Node 22.x, bun)
- GitHub Check: Test (windows-latest, Node 18.x, yarn)
- GitHub Check: Test (ubuntu-latest, Node 18.x, npm)
- GitHub Check: Test (ubuntu-latest, Node 22.x, pnpm)
- GitHub Check: Test (windows-latest, Node 18.x, npm)
- GitHub Check: Test (macos-latest, Node 20.x, pnpm)
- GitHub Check: Test (windows-latest, Node 20.x, npm)
- GitHub Check: Test (macos-latest, Node 22.x, pnpm)
- GitHub Check: Test (ubuntu-latest, Node 18.x, yarn)
- GitHub Check: Test (ubuntu-latest, Node 18.x, pnpm)
- GitHub Check: Test (ubuntu-latest, Node 20.x, yarn)
- GitHub Check: Test (windows-latest, Node 22.x, yarn)
- GitHub Check: Test (macos-latest, Node 20.x, yarn)
- GitHub Check: Test (windows-latest, Node 22.x, npm)
- GitHub Check: Test (windows-latest, Node 18.x, pnpm)
- GitHub Check: Test (windows-latest, Node 20.x, yarn)
- GitHub Check: Test (ubuntu-latest, Node 18.x, bun)
- GitHub Check: Test (macos-latest, Node 18.x, pnpm)
- GitHub Check: Coverage
🧰 Additional context used
📓 Path-based instructions (13)
**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}
📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)
**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}
📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
No hardcoded secrets (API keys, passwords, tokens) - validate before any commit
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}
📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}
📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Use parameterized queries to prevent SQL injection
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}
📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
Implement XSS prevention by sanitizing HTML output
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}
📄 CodeRabbit inference engine (.cursor/rules/common-security.md)
NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)
**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead
**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn aboutconsole.logstatements in edited files
Check all modified files forconsole.logstatements before session ends
**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter:interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects
**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are metUse Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{test,spec}.{js,ts,jsx,tsx}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
**/*.{test,spec}.{js,ts,jsx,tsx}: Write tests before implementation (test-driven development); target 80%+ coverage
Achieve minimum 80% test coverage across all three layers: Unit, Integration, and E2E
Use AAA structure (Arrange / Act / Assert) in tests with descriptive test names that explain behavior under test
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
**/*.{js,ts,jsx,tsx}: Always create new objects and never mutate in place; return new copies instead
Keep files between 200–400 lines typical, with a maximum of 800 lines
Extract helpers when a file exceeds 200 lines
Handle errors explicitly at every level; never swallow errors silently
Validate all user input before processing; use schema-based validation where available
Never trust external data (API responses, file content, query params); always validate
All user inputs must be validated and sanitized
Error messages must be scrubbed of sensitive internals
Use readable, well-named identifiers in all code
Keep functions under 50 lines
Keep files under 800 lines
Avoid nesting deeper than 4 levels
Implement comprehensive error handling in all code
Do not hardcode values; use constants or environment configuration instead
Do not use in-place mutation; always return new objects or state
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,json,env*}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Do not hardcode secrets, API keys, passwords, or tokens
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
**/*.{js,ts}: Use parameterized queries for all database writes (no string interpolation)
Auth/authz must be checked server-side for every sensitive path
Rate limiting must be applied to all public endpoints
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{jsx,tsx,js,ts}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
HTML output must be sanitized where applicable
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
**/*.{js,ts,env*}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Required environment variables must be validated at startup
Files:
tests/lib/github-coordination-policy.test.jstests/lib/github-coordination-branches.test.jstests/opencode-tools.test.jstests/lib/github-coordination-store.test.js
🪛 ast-grep (0.44.1)
tests/lib/github-coordination-policy.test.js
[warning] 46-46: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(configPath, typeof content === 'string' ? content : JSON.stringify(content))
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
(detect-non-literal-fs-filename)
[warning] 81-81: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(configPath, JSON.stringify({ schemaVersion: 'custom-v1' }))
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
(detect-non-literal-fs-filename)
🔇 Additional comments (6)
tests/lib/github-coordination-policy.test.js (2)
34-49: Static analysis path-traversal warning is a false positive.
configPath/tmpDiroriginate fromfs.mkdtempSync(os.tmpdir())and fixed literal path segments — not external input — so there's no CWE-22 exposure here.
1-311: LGTM!tests/lib/github-coordination-branches.test.js (1)
1-256: LGTM!tests/lib/github-coordination-store.test.js (1)
1-209: LGTM!.opencode/tools/format-code.ts (1)
106-110: LGTM!tests/opencode-tools.test.js (1)
111-128: LGTM!
| function test(name, fn) { | ||
| try { | ||
| fn(); | ||
| console.log(` ✓ ${name}`); | ||
| return true; | ||
| } catch (err) { | ||
| console.log(` ✗ ${name}`); | ||
| console.log(` Error: ${err.message}`); | ||
| return false; | ||
| } | ||
| } |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win
Duplicated test harness across all three new files.
The test(name, fn) helper (lines 28-38) is byte-for-byte identical in github-coordination-policy.test.js and github-coordination-store.test.js. Extract to a shared tests/lib/test-helpers.js to avoid triple maintenance if the reporter format changes.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tests/lib/github-coordination-branches.test.js` around lines 28 - 38, The
local test runner helper is duplicated across the new GitHub coordination test
files, so extract the shared test(name, fn) harness into a common
tests/lib/test-helpers.js module. Update github-coordination-branches.test.js,
github-coordination-policy.test.js, and github-coordination-store.test.js to
import and use the shared helper instead of keeping identical inline copies, so
reporter behavior only needs to be maintained in one place.
…t loop Adds skills/story-lifecycle/SKILL.md, a community skill inspired by the BMAD Method's epic/story/sprint workflow: a self-contained, file-based delivery loop (Epic → Stories → Sprint → Implement → Done) with all state under .stories/, no external PM tool required. Rebuilt on current upstream/main as a skill-only diff, per affaan-m's review (same blockers as affaan-m#2309): the shared format-code.ts Windows fix and github-coordination branch-coverage tests that were bundled here now live in affaan-m#2459. Skill count recomputed as 277->278 against current main (the old bump was stale, which was the actual conflict source). Also repoints the Related Skills entry from the closed project-context skill (affaan-m#2310) to dev-team, which now owns reading/generating PROJECT-CONTEXT.md.
- format-code.ts: drop the now-redundant split(path.sep).join("/")
step (Greptile P2) — .replace(/\\/g, "/") alone covers every case
the split/join did, on every platform.
- github-coordination-branches.test.js: strengthen the "dependency
issue not found" test to actually assert the stderr warning it
claims to cover, instead of only checking the return value
(CodeRabbit).
Skipped: extracting the shared test(name, fn) runner into a common
helper (CodeRabbit) — that inline pattern is the established
convention across the test suite (160+ existing files use it the
same way), so singling out these 3 files would be inconsistent
rather than a real duplication fix.
|
Addressed the bot findings:
Skipped one, with reason: CodeRabbit's suggestion to extract the shared All 4 affected test files still pass (93 tests, 0 failures). |
|
ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR. |
Summary
Splits out the shared fixes that were duplicated verbatim across the
dev-team(#2309),story-lifecycle(#2311), and closedproject-context(#2310) sibling PRs, per affaan-m's review comment on #2309:buildFormatterCommand'spath.normalize(...).split(path.sep).join("/")only splits on the platform's native separator, so backslash paths passed on non-Windows hosts (wherepath.sepis/) were left unconverted. Adds an explicit.replace(/\\/g, "/")to close the gap on Linux CI.parsing.js/state.js,policy.js, andstore.js, raising branch coverage to 80.0%.Once this lands,
dev-teamandstory-lifecyclecan each rebase to a skill-only diff on top of it.Test plan
node tests/opencode-tools.test.jspassesnode tests/lib/github-coordination-branches.test.jspassesnode tests/lib/github-coordination-policy.test.jspassesnode tests/lib/github-coordination-store.test.jspasses