fix: coord review remediations (path traversal, JSON parse, race condition) #81

Merged

jason.woltje merged 1 commits from fix/coord-review-remediations into main

2026-03-13 03:43:50 +00:00

Author	SHA1	Message	Date
Jason Woltje	4de23e238a	fix: coord review remediations — path traversal, JSON parse, race condition Addresses code review findings from P2-005: - Validate projectPath against allowed workspace roots (path traversal) - Guard JSON.parse with try/catch in loadMission, readActiveSession, readSessionLock - Add delay after stale lock removal to reduce race window - Add @Inject(CoordService) per project guideline (no emitDecoratorMetadata) - Eliminate double loadMission in getTaskStatus via shared buildStatusSummary - Fix fragile prompt-inclusion check to test original command for {prompt} - Add mkdir to writeAtomic for consistency with other atomic helpers Closes #80 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-12 22:43:30 -05:00

Author

SHA1

Message

Date

Jason Woltje

4de23e238a

fix: coord review remediations — path traversal, JSON parse, race condition

Addresses code review findings from P2-005:
- Validate projectPath against allowed workspace roots (path traversal)
- Guard JSON.parse with try/catch in loadMission, readActiveSession, readSessionLock
- Add delay after stale lock removal to reduce race window
- Add @Inject(CoordService) per project guideline (no emitDecoratorMetadata)
- Eliminate double loadMission in getTaskStatus via shared buildStatusSummary
- Fix fragile prompt-inclusion check to test original command for {prompt}
- Add mkdir to writeAtomic for consistency with other atomic helpers

Closes #80

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-12 22:43:30 -05:00

fix: coord review remediations (path traversal, JSON parse, race condition) #81

1 Commits