Files

ci/woodpecker/push/woodpecker Pipeline failed

Details

fix(#274 ): Add input validation to prevent command injection in git operations

Implemented strict whitelist-based validation for git branch names and
repository URLs to prevent command injection vulnerabilities in worktree
operations.

Security fixes:
- Created git-validation.util.ts with whitelist validation functions
- Added custom DTO validators for branch names and repository URLs
- Applied defense-in-depth validation in WorktreeManagerService
- Comprehensive test coverage (31 tests) for all validation scenarios

Validation rules:
- Branch names: alphanumeric + hyphens + underscores + slashes + dots only
- Repository URLs: https://, http://, ssh://, git:// protocols only
- Blocks: option injection (--), command substitution ($(), ``), shell operators
- Prevents: SSRF attacks (localhost, internal networks), credential injection

Defense layers:
1. DTO validation (first line of defense at API boundary)
2. Service-level validation (defense-in-depth before git operations)

Fixes #274

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-03 20:17:47 -06:00

src

fix(#274 ): Add input validation to prevent command injection in git operations

2026-02-03 20:17:47 -06:00

.env.example

fix(orchestrator): resolve all M6 remediation issues (#260-#269)

2026-02-03 12:44:04 -06:00

.prettierrc

feat(#66 ): implement tag filtering in search API endpoint

2026-02-02 14:33:31 -06:00

Dockerfile

fix(orchestrator): resolve all M6 remediation issues (#260-#269)

2026-02-03 12:44:04 -06:00

ERROR_CONTEXT_DEMO.md

fix(orchestrator): resolve all M6 remediation issues (#260-#269)

2026-02-03 12:44:04 -06:00

eslint.config.js

feat(M6): Set up orchestrator service foundation

2026-02-02 13:16:19 -06:00

nest-cli.json

feat(M6): Set up orchestrator service foundation

2026-02-02 13:16:19 -06:00

package.json

fix(orchestrator): resolve all M6 remediation issues (#260-#269)

2026-02-03 12:44:04 -06:00

README.md

feat(M6): Set up orchestrator service foundation

2026-02-02 13:16:19 -06:00

SECURITY.md

fix(orchestrator): resolve all M6 remediation issues (#260-#269)

2026-02-03 12:44:04 -06:00

tsconfig.json

feat(M6): Set up orchestrator service foundation

2026-02-02 13:16:19 -06:00

vitest.config.ts

feat(#66 ): implement tag filtering in search API endpoint

2026-02-02 14:33:31 -06:00

README.md

Mosaic Orchestrator

Agent orchestration service for Mosaic Stack built with NestJS.

Overview

The Orchestrator is the execution plane of Mosaic Stack, responsible for:

Spawning and managing Claude agents
Task queue management (Valkey-backed)
Agent health monitoring and recovery
Git workflow automation
Quality gate enforcement callbacks
Killswitch emergency stop

Architecture

Part of the Mosaic Stack monorepo at apps/orchestrator/.

Controlled by apps/coordinator/ (Quality Coordinator). Monitored via apps/web/ (Agent Dashboard).

Development

# Install dependencies (from monorepo root)
pnpm install

# Run in dev mode (watch mode)
pnpm --filter @mosaic/orchestrator dev

# Build
pnpm --filter @mosaic/orchestrator build

# Start production
pnpm --filter @mosaic/orchestrator start:prod

# Test
pnpm --filter @mosaic/orchestrator test

# Generate module (NestJS CLI)
cd apps/orchestrator
nest generate module <name>
nest generate controller <name>
nest generate service <name>

NestJS Architecture

Modules: Feature-based organization (spawner, queue, monitor, etc.)
Controllers: HTTP endpoints (health, agents, tasks)
Services: Business logic
Providers: Dependency injection

Configuration

Environment variables loaded via @nestjs/config. See .env.example for required vars.

Documentation

Architecture: /docs/ORCHESTRATOR-MONOREPO-SETUP.md
API Contracts: /docs/M6-ISSUE-AUDIT.md
Milestone: M6-AgentOrchestration (0.0.6)