Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(opencode/tools): normalize backslashes cross-platform + github-coordination branch coverage#2459

Open
t0kubetsu wants to merge 2 commits into
affaan-m:mainfrom
t0kubetsu:fix/format-code-windows-and-coordination-tests
Open

fix(opencode/tools): normalize backslashes cross-platform + github-coordination branch coverage#2459
t0kubetsu wants to merge 2 commits into
affaan-m:mainfrom
t0kubetsu:fix/format-code-windows-and-coordination-tests

Conversation

@t0kubetsu

Copy link
Copy Markdown
Contributor

Summary

Splits out the shared fixes that were duplicated verbatim across the dev-team (#2309), story-lifecycle (#2311), and closed project-context (#2310) sibling PRs, per affaan-m's review comment on #2309:

it bundles the same two unrelated changes (opencode format-code Windows fix + github-coordination tests) as #2311, which makes the trio mutually conflicting. Please rebase to a skill-only diff; put the shared fixes in one separate small PR and both can land.

  • fix(opencode/tools): buildFormatterCommand's path.normalize(...).split(path.sep).join("/") only splits on the platform's native separator, so backslash paths passed on non-Windows hosts (where path.sep is /) were left unconverted. Adds an explicit .replace(/\\/g, "/") to close the gap on Linux CI.
  • test(lib/github-coordination): adds branch coverage tests for parsing.js/state.js, policy.js, and store.js, raising branch coverage to 80.0%.

Once this lands, dev-team and story-lifecycle can each rebase to a skill-only diff on top of it.

Test plan

  • node tests/opencode-tools.test.js passes
  • node tests/lib/github-coordination-branches.test.js passes
  • node tests/lib/github-coordination-policy.test.js passes
  • node tests/lib/github-coordination-store.test.js passes

…ation test coverage

Split out of the dev-team/story-lifecycle/project-context sibling PRs
per affaan-m's review: these two changes were duplicated verbatim
across all three and caused mutual merge conflicts. Landing them here
once lets each skill PR rebase to a skill-only diff.

- format-code: split/join on path.sep missed backslashes on non-Windows
  hosts; explicit .replace(/\\/g, "/") closes the gap.
- github-coordination: branch coverage tests for parsing, state, policy,
  and store modules, raising coverage to 80.0%.
@t0kubetsu t0kubetsu requested a review from affaan-m as a code owner July 6, 2026 08:38
@ecc-tools

ecc-tools Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 137b1a50-84ed-4776-b623-80a7dee11bae

📥 Commits

Reviewing files that changed from the base of the PR and between 679fca8 and b0dd7cd.

📒 Files selected for processing (2)
  • .opencode/tools/format-code.ts
  • tests/lib/github-coordination-branches.test.js
📜 Recent review details
⏰ Context from checks skipped due to timeout. (23)
  • GitHub Check: Greptile Review
  • GitHub Check: Test (ubuntu-latest, Node 20.x, yarn)
  • GitHub Check: Test (windows-latest, Node 22.x, npm)
  • GitHub Check: Test (windows-latest, Node 18.x, yarn)
  • GitHub Check: Test (windows-latest, Node 22.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 22.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 22.x, bun)
  • GitHub Check: Test (windows-latest, Node 20.x, npm)
  • GitHub Check: Test (ubuntu-latest, Node 20.x, bun)
  • GitHub Check: Test (ubuntu-latest, Node 22.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 18.x, npm)
  • GitHub Check: Test (windows-latest, Node 20.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 22.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, npm)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 22.x, npm)
  • GitHub Check: Test (windows-latest, Node 18.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 20.x, npm)
  • GitHub Check: Test (windows-latest, Node 20.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 20.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, bun)
  • GitHub Check: Coverage
🧰 Additional context used
📓 Path-based instructions (13)
**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}

📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

No hardcoded secrets (API keys, passwords, tokens) - validate before any commit

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Use parameterized queries to prevent SQL injection

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Implement XSS prevention by sanitizing HTML output

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)

**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead

**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn about console.log statements in edited files
Check all modified files for console.log statements before session ends

**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter: interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects

**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are met

Use Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{test,spec}.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{test,spec}.{js,ts,jsx,tsx}: Write tests before implementation (test-driven development); target 80%+ coverage
Achieve minimum 80% test coverage across all three layers: Unit, Integration, and E2E
Use AAA structure (Arrange / Act / Assert) in tests with descriptive test names that explain behavior under test

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts,jsx,tsx}: Always create new objects and never mutate in place; return new copies instead
Keep files between 200–400 lines typical, with a maximum of 800 lines
Extract helpers when a file exceeds 200 lines
Handle errors explicitly at every level; never swallow errors silently
Validate all user input before processing; use schema-based validation where available
Never trust external data (API responses, file content, query params); always validate
All user inputs must be validated and sanitized
Error messages must be scrubbed of sensitive internals
Use readable, well-named identifiers in all code
Keep functions under 50 lines
Keep files under 800 lines
Avoid nesting deeper than 4 levels
Implement comprehensive error handling in all code
Do not hardcode values; use constants or environment configuration instead
Do not use in-place mutation; always return new objects or state

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,jsx,tsx,json,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Do not hardcode secrets, API keys, passwords, or tokens

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts}: Use parameterized queries for all database writes (no string interpolation)
Auth/authz must be checked server-side for every sensitive path
Rate limiting must be applied to all public endpoints

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{jsx,tsx,js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

HTML output must be sanitized where applicable

Files:

  • tests/lib/github-coordination-branches.test.js
**/*.{js,ts,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Required environment variables must be validated at startup

Files:

  • tests/lib/github-coordination-branches.test.js
🔇 Additional comments (2)
.opencode/tools/format-code.ts (1)

110-110: LGTM!

tests/lib/github-coordination-branches.test.js (1)

225-240: LGTM!

Correctly restores process.stderr.write in finally, and the asserted message matches the exact format string in verifyDependenciesClosed (scripts/lib/github-coordination/state.js:219-236). This resolves the previously flagged gap where the test name promised stderr verification but didn't assert it.


📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • Formatter commands now consistently normalize Windows-style paths so generated commands use forward slashes.
  • Tests
    • Added new Node.js test coverage for coordination logic, including branch-sensitive parsing, state/label decisions, dependency validation, and claimability checks.
    • Added policy-loading tests for defaults, merging, and error handling.
    • Added store tests for ID generation, upsert behavior, metadata extraction, and option handling.
    • Added a formatter test to verify backslash-to-slash path normalization.

Walkthrough

This PR tightens formatter path normalization for Windows-style separators and adds new branch-coverage tests for github-coordination parsing/state, policy loading, and store behavior.

Changes

Windows Path Normalization Fix

Layer / File(s) Summary
Backslash normalization and test
.opencode/tools/format-code.ts, tests/opencode-tools.test.js
Adds a path.normalize(...).replace(/\\/g, "/") step in formatter command generation and verifies the command stays forward-slash only for backslash input.

GitHub Coordination Test Coverage

Layer / File(s) Summary
Parsing and state helper branch tests
tests/lib/github-coordination-branches.test.js
Adds assertions for parsing, issue-body merging, state construction, label mapping, claimability checks, dependency closure, and default state edge cases.
Policy loading branch tests
tests/lib/github-coordination-policy.test.js
Adds assertions for config resolution, invalid policy JSON, and merge/fallback behavior across labels, review, validation, branchModel, project, and fieldNames.
Store module branch tests
tests/lib/github-coordination-store.test.js
Adds assertions for work-item ID generation, coordination work-item upserts, and null-store/openStore edge cases.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related PRs

  • affaan-m/ECC#2251: Directly overlaps on .opencode/tools/format-code.ts path normalization for formatter command generation.

Suggested reviewers: affaan-m

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the two main changes: path normalization and github-coordination branch coverage.
Description check ✅ Passed The description directly matches the implemented fixes and added tests, with clear detail on both parts of the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

t0kubetsu added a commit to t0kubetsu/ECC that referenced this pull request Jul 6, 2026
Adds skills/dev-team/SKILL.md, a community skill inspired by the
BMAD Method's "party mode": PM, Architect, Developer, and QA respond
to the same topic in parallel, then a synthesis step names tensions
explicitly instead of averaging them.

Reads PROJECT-CONTEXT.md from the repo root when present, and offers
to generate it when missing, folding in the closed project-context
skill's (affaan-m#2310) generation workflow per affaan-m's review — that
skill's premise (every agent reads the file) wasn't implemented
anywhere, so the capability now lives directly in the one skill that
actually reads it.

Rebuilt on current upstream/main as a skill-only diff: the shared
format-code.ts Windows fix and github-coordination branch-coverage
tests that were previously bundled here (and duplicated across the
story-lifecycle and project-context sibling PRs) now live in affaan-m#2459.
@greptile-apps

greptile-apps Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR extracts two shared fixes from sibling branches into a standalone, conflict-free commit: a one-line cross-platform path normalisation fix in format-code.ts and a set of branch-coverage tests for the github-coordination library.

  • format-code.ts: Replaces .split(path.sep).join("/") with .replace(/\\/g, "/") so backslash paths passed on Linux CI (where path.sep is / and the split/join is a no-op) are also converted to forward slashes before being embedded in formatter commands.
  • tests/opencode-tools.test.js: Adds a targeted test that feeds a Windows-style path (src\index.ts) to formatcode.execute on any host and asserts forward slashes appear in the resulting command string.
  • tests/lib/github-coordination-*.test.js: Three new test files covering previously uncovered branches in parsing.js, state.js, policy.js, and store.js, bringing branch coverage to the project's 80% threshold.

Confidence Score: 5/5

Safe to merge — the production change is a one-line, self-contained path normalisation fix with a direct test that exercises it on Linux CI.

The format-code.ts change replaces one path-manipulation idiom with an equivalent and more correct one, and the new test directly validates the fixed behaviour. The three new test files add no production code. No new dependencies, no auth changes, no data mutations.

No files require special attention.

Important Files Changed

Filename Overview
.opencode/tools/format-code.ts Replaces split/join path normalisation with a regex replace to also handle backslashes passed on Linux CI — clean, minimal change.
tests/opencode-tools.test.js Adds one test case that passes a Windows-style backslash path on Linux CI and asserts forward slashes appear in the emitted formatter command.
tests/lib/github-coordination-branches.test.js New branch-coverage tests for parsing.js and state.js; uses a try-finally pattern to safely restore process.stderr.write after monkey-patching.
tests/lib/github-coordination-policy.test.js New tests covering all loadPolicy branches (missing file, invalid JSON, non-object root, per-field merging/fallback).
tests/lib/github-coordination-store.test.js New tests for store.js — covers null/undefined store guards, all optional field branches, and one async openStore test wired up with a closure-based counter.

Reviews (2): Last reviewed commit: "fix(pr-2459): address bot review finding..." | Re-trigger Greptile

Comment thread .opencode/tools/format-code.ts Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/lib/github-coordination-branches.test.js`:
- Around line 28-38: The local test runner helper is duplicated across the new
GitHub coordination test files, so extract the shared test(name, fn) harness
into a common tests/lib/test-helpers.js module. Update
github-coordination-branches.test.js, github-coordination-policy.test.js, and
github-coordination-store.test.js to import and use the shared helper instead of
keeping identical inline copies, so reporter behavior only needs to be
maintained in one place.
- Around line 225-229: The test name in verifyDependenciesClosed is claiming a
stderr warning path that the assertion does not cover. Either update the test
name in tests/lib/github-coordination-branches.test.js to describe only the
returned empty result, or add an assertion with a console.warn/console.error spy
in the same test so the warning behavior is actually verified alongside the
existing verifyDependenciesClosed call.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a2725fff-d192-4b8c-bf00-d0dd3a8d15b6

📥 Commits

Reviewing files that changed from the base of the PR and between 4130457 and 679fca8.

📒 Files selected for processing (5)
  • .opencode/tools/format-code.ts
  • tests/lib/github-coordination-branches.test.js
  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-store.test.js
  • tests/opencode-tools.test.js
📜 Review details
⏰ Context from checks skipped due to timeout. (23)
  • GitHub Check: Greptile Review
  • GitHub Check: Test (ubuntu-latest, Node 20.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 22.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 20.x, pnpm)
  • GitHub Check: Test (macos-latest, Node 22.x, bun)
  • GitHub Check: Test (windows-latest, Node 18.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, npm)
  • GitHub Check: Test (ubuntu-latest, Node 22.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 18.x, npm)
  • GitHub Check: Test (macos-latest, Node 20.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 20.x, npm)
  • GitHub Check: Test (macos-latest, Node 22.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, pnpm)
  • GitHub Check: Test (ubuntu-latest, Node 20.x, yarn)
  • GitHub Check: Test (windows-latest, Node 22.x, yarn)
  • GitHub Check: Test (macos-latest, Node 20.x, yarn)
  • GitHub Check: Test (windows-latest, Node 22.x, npm)
  • GitHub Check: Test (windows-latest, Node 18.x, pnpm)
  • GitHub Check: Test (windows-latest, Node 20.x, yarn)
  • GitHub Check: Test (ubuntu-latest, Node 18.x, bun)
  • GitHub Check: Test (macos-latest, Node 18.x, pnpm)
  • GitHub Check: Coverage
🧰 Additional context used
📓 Path-based instructions (13)
**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}

📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

No hardcoded secrets (API keys, passwords, tokens) - validate before any commit

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Use parameterized queries to prevent SQL injection

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Implement XSS prevention by sanitizing HTML output

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)

**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead

**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn about console.log statements in edited files
Check all modified files for console.log statements before session ends

**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter: interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects

**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are met

Use Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{test,spec}.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{test,spec}.{js,ts,jsx,tsx}: Write tests before implementation (test-driven development); target 80%+ coverage
Achieve minimum 80% test coverage across all three layers: Unit, Integration, and E2E
Use AAA structure (Arrange / Act / Assert) in tests with descriptive test names that explain behavior under test

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts,jsx,tsx}: Always create new objects and never mutate in place; return new copies instead
Keep files between 200–400 lines typical, with a maximum of 800 lines
Extract helpers when a file exceeds 200 lines
Handle errors explicitly at every level; never swallow errors silently
Validate all user input before processing; use schema-based validation where available
Never trust external data (API responses, file content, query params); always validate
All user inputs must be validated and sanitized
Error messages must be scrubbed of sensitive internals
Use readable, well-named identifiers in all code
Keep functions under 50 lines
Keep files under 800 lines
Avoid nesting deeper than 4 levels
Implement comprehensive error handling in all code
Do not hardcode values; use constants or environment configuration instead
Do not use in-place mutation; always return new objects or state

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,jsx,tsx,json,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Do not hardcode secrets, API keys, passwords, or tokens

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts}: Use parameterized queries for all database writes (no string interpolation)
Auth/authz must be checked server-side for every sensitive path
Rate limiting must be applied to all public endpoints

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{jsx,tsx,js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

HTML output must be sanitized where applicable

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
**/*.{js,ts,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Required environment variables must be validated at startup

Files:

  • tests/lib/github-coordination-policy.test.js
  • tests/lib/github-coordination-branches.test.js
  • tests/opencode-tools.test.js
  • tests/lib/github-coordination-store.test.js
🪛 ast-grep (0.44.1)
tests/lib/github-coordination-policy.test.js

[warning] 46-46: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(configPath, typeof content === 'string' ? content : JSON.stringify(content))
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename)


[warning] 81-81: Filesystem path is not a string literal; a request-/variable-derived path can enable path traversal. Validate and normalize the path before use.
Context: fs.writeFileSync(configPath, JSON.stringify({ schemaVersion: 'custom-v1' }))
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(detect-non-literal-fs-filename)

🔇 Additional comments (6)
tests/lib/github-coordination-policy.test.js (2)

34-49: Static analysis path-traversal warning is a false positive.

configPath/tmpDir originate from fs.mkdtempSync(os.tmpdir()) and fixed literal path segments — not external input — so there's no CWE-22 exposure here.


1-311: LGTM!

tests/lib/github-coordination-branches.test.js (1)

1-256: LGTM!

tests/lib/github-coordination-store.test.js (1)

1-209: LGTM!

.opencode/tools/format-code.ts (1)

106-110: LGTM!

tests/opencode-tools.test.js (1)

111-128: LGTM!

Comment on lines +28 to +38
function test(name, fn) {
try {
fn();
console.log(` ✓ ${name}`);
return true;
} catch (err) {
console.log(` ✗ ${name}`);
console.log(` Error: ${err.message}`);
return false;
}
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Duplicated test harness across all three new files.

The test(name, fn) helper (lines 28-38) is byte-for-byte identical in github-coordination-policy.test.js and github-coordination-store.test.js. Extract to a shared tests/lib/test-helpers.js to avoid triple maintenance if the reporter format changes.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/lib/github-coordination-branches.test.js` around lines 28 - 38, The
local test runner helper is duplicated across the new GitHub coordination test
files, so extract the shared test(name, fn) harness into a common
tests/lib/test-helpers.js module. Update github-coordination-branches.test.js,
github-coordination-policy.test.js, and github-coordination-store.test.js to
import and use the shared helper instead of keeping identical inline copies, so
reporter behavior only needs to be maintained in one place.

Comment thread tests/lib/github-coordination-branches.test.js Outdated
t0kubetsu added a commit to t0kubetsu/ECC that referenced this pull request Jul 6, 2026
…t loop

Adds skills/story-lifecycle/SKILL.md, a community skill inspired by
the BMAD Method's epic/story/sprint workflow: a self-contained,
file-based delivery loop (Epic → Stories → Sprint → Implement → Done)
with all state under .stories/, no external PM tool required.

Rebuilt on current upstream/main as a skill-only diff, per affaan-m's
review (same blockers as affaan-m#2309): the shared format-code.ts Windows fix
and github-coordination branch-coverage tests that were bundled here
now live in affaan-m#2459. Skill count recomputed as 277->278 against current
main (the old bump was stale, which was the actual conflict source).

Also repoints the Related Skills entry from the closed project-context
skill (affaan-m#2310) to dev-team, which now owns reading/generating
PROJECT-CONTEXT.md.
- format-code.ts: drop the now-redundant split(path.sep).join("/")
  step (Greptile P2) — .replace(/\\/g, "/") alone covers every case
  the split/join did, on every platform.
- github-coordination-branches.test.js: strengthen the "dependency
  issue not found" test to actually assert the stderr warning it
  claims to cover, instead of only checking the return value
  (CodeRabbit).

Skipped: extracting the shared test(name, fn) runner into a common
helper (CodeRabbit) — that inline pattern is the established
convention across the test suite (160+ existing files use it the
same way), so singling out these 3 files would be inconsistent
rather than a real duplication fix.
@t0kubetsu

Copy link
Copy Markdown
Contributor Author

Addressed the bot findings:

  • Greptile (P2): dropped the now-redundant split(path.sep).join("/") in buildFormatterCommand.replace(/\\/g, "/") alone covers every case that step handled, on every platform.
  • CodeRabbit: strengthened the "dependency issue not found" test in github-coordination-branches.test.js to actually assert the stderr warning it claims to cover (via a temporary process.stderr.write spy), instead of only checking the return value.

Skipped one, with reason: CodeRabbit's suggestion to extract the shared test(name, fn) runner into a common tests/lib/test-helpers.js — that inline pattern is the existing convention across 160+ test files in this suite already, so singling out just these 3 new files would be inconsistent with the rest of the codebase rather than a real fix.

All 4 affected test files still pass (93 tests, 0 failures).

@ecc-tools

ecc-tools Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant