mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix: coord review remediations (path traversal, JSON parse, race condition) #81

Merged
jason.woltje merged 1 commits from fix/coord-review-remediations into main 2026-03-13 03:43:50 +00:00
Conversation 0 Commits 1 Files Changed 5 +86 -34
jason.woltje commented 2026-03-13 03:43:44 +00:00
Owner
Copy Link

Addresses code review findings from P2-005 coord migration.

Changes

  • Validate projectPath against allowed workspace roots (path traversal fix)
  • Guard JSON.parse with try/catch in loadMission, readActiveSession, readSessionLock
  • Add delay after stale lock removal to reduce race window
  • Add @Inject(CoordService) per project guideline
  • Eliminate double loadMission in getTaskStatus via shared buildStatusSummary
  • Fix fragile prompt-inclusion check to test original command for {prompt}
  • Add mkdir to writeAtomic for consistency

Test plan

  • All 19 existing tests pass
  • typecheck, lint, format:check all green

Closes #80

Addresses code review findings from P2-005 coord migration. ## Changes - Validate projectPath against allowed workspace roots (path traversal fix) - Guard JSON.parse with try/catch in loadMission, readActiveSession, readSessionLock - Add delay after stale lock removal to reduce race window - Add @Inject(CoordService) per project guideline - Eliminate double loadMission in getTaskStatus via shared buildStatusSummary - Fix fragile prompt-inclusion check to test original command for {prompt} - Add mkdir to writeAtomic for consistency ## Test plan - All 19 existing tests pass - typecheck, lint, format:check all green Closes #80
jason.woltje added 1 commit 2026-03-13 03:43:44 +00:00
fix: coord review remediations — path traversal, JSON parse, race condition 4de23e238a 
Addresses code review findings from P2-005:
- Validate projectPath against allowed workspace roots (path traversal)
- Guard JSON.parse with try/catch in loadMission, readActiveSession, readSessionLock
- Add delay after stale lock removal to reduce race window
- Add @Inject(CoordService) per project guideline (no emitDecoratorMetadata)
- Eliminate double loadMission in getTaskStatus via shared buildStatusSummary
- Fix fragile prompt-inclusion check to test original command for {prompt}
- Add mkdir to writeAtomic for consistency with other atomic helpers

Closes #80

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jason.woltje merged commit 8da2759fec into main 2026-03-13 03:43:50 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#81
Delete Branch "fix/coord-review-remediations"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?