- getAllSessions search matches only shortId, not title/content
- getSessionPath returns absolute path with correct directory structure
- analysisResults handles zero values for all data fields without crash
Round 53: Adds 3 hook tests — validates evaluate-session.js
falls back to CLAUDE_TRANSCRIPT_PATH env var when stdin JSON
is invalid, post-edit-console-warn.js truncates output to max
5 matches, and post-edit-format.js passes through data when
the target .tsx file doesn't exist.
Round 46: verify getSessionStats recognises C:/ and D:\ as file
paths but not bare C: without slash; verify parseSessionMetadata
only matches lowercase [x] checkboxes (not uppercase [X]).
User messages containing newline characters were being added as-is to
markdown list items in buildSummarySection(), breaking the list format.
Now newlines are replaced with spaces before backtick escaping.
On Unix/macOS, rename(2) atomically replaces the destination file.
The previous code ran unlinkSync before renameSync on all platforms,
creating an unnecessary non-atomic window where a crash could lose
data. Now the delete-before-rename is gated behind process.platform
=== 'win32', where rename cannot overwrite an existing file.
The box() helper produced lines that were width+1 characters instead of
the requested width. Adjusted all three formulas (top border, middle
content, bottom border) by -1 each. Added 4 tests verifying box width
accuracy across instincts(), analysisResults(), and nextSteps() output.
Cover createdTime/birthtime fallback in session-manager, readStdinJson
error event settled-flag guard in utils, renameAlias rollback on naming
conflict in session-aliases, and saveAliases backup preservation on
serialization failure. Total: 713 tests.
When --global or --project was followed by another flag (e.g., --global --project),
the flag was treated as a package manager name. Added pmName.startsWith('-') check
to both handlers. Added 20 tests across 4 test files covering argument validation,
ensureDir error propagation, runCommand stderr handling, and saveAliases failure paths.
new Date('YYYY-MM-DD') creates UTC midnight, which in negative UTC offset
timezones (e.g., Hawaii) causes getDate() to return the previous day.
Replaced with new Date(year, month - 1, day) for correct local-time behavior.
Added 15 tests: session-manager datetime verification and edge cases (7),
package-manager getCommandPattern special characters (4), and
validators model/skill-reference validation (4). Tests: 651 → 666.
Cover 30-day month validation (Sep/Nov 31 rejection), getSessionStats
path heuristic with multiline content, combined date+search+pagination
in getAllSessions, ambiguous prefix matching in getSessionById, unclosed
code fence in parseSessionMetadata, empty checklist item behavior,
reserved name case sensitivity (LIST/Help/Set), negative limit in
listAliases, and undefined title in setAlias.
Replace console.log(data) with process.stdout.write(data) in both
pass-through paths to prevent appending a trailing newline that
corrupts the hook output. Add 7 tests covering exact byte fidelity,
malformed JSON, missing file_path, non-existent files, exclusion
patterns in check-console-log, non-git repo handling, and empty stdin.
Validate args parameter in getExecCommand() against SAFE_ARGS_REGEX to
prevent command injection when returned string is passed to a shell.
Escape regex metacharacters in getCommandPattern() generic action branch
to prevent malformed patterns and unintended matching. Clean up stdin
listeners in readStdinJson() timeout path to prevent process hanging.
Replace shell: true with npx.cmd on Windows in post-edit-format.js and
post-edit-typecheck.js to prevent command injection via crafted file paths.
Replace console.log(data) with process.stdout.write(data) in
check-console-log.js to avoid appending extra newlines to pass-through data.
- session-manager: clamp offset/limit to safe non-negative integers to
prevent negative offset counting from end and NaN returning empty results
- session-aliases: add success field to cleanupAliases return value for
API contract consistency with setAlias/deleteAlias/renameAlias
progressBar() in skill-create-output.js could crash with RangeError when
percent > 100 because repeat() received a negative count. Fixed by
clamping filled to [0, width].
New tests:
- progressBar edge cases: 0%, 100%, and >100% confidence
- Empty patterns/instincts arrays
- post-edit-format: null tool_input, missing file_path, prettier failure
- setup-package-manager: --detect output completeness, current marker
The command cross-reference regex /^.*`\/(...)`.*$/gm only captured the
LAST command ref per line due to greedy .* consuming earlier refs.
Replaced with line-by-line processing using non-anchored regex to
capture ALL command references.
New tests:
- 4 validate-commands multi-ref-per-line tests (regression)
- 8 evaluate-session threshold boundary tests (new file)
- 6 session-aliases edge case tests (cleanup, rename, path matching)
- Test valid project-config detection (.claude/package-manager.json)
- Test priority order: project-config > package.json > lock-file
- Test package.json > lock-file priority
- Test default fallback to npm
- Test setPreferredPackageManager success case
- Test getCommandPattern for test and build actions
Fix grepFile() silently skipping matches when called with /g flag regex.
The global flag makes .test() stateful, causing alternating match/miss
on consecutive matching lines. Strip g flag since per-line testing
doesn't need global state.
Add first-ever tests for evaluate-session.js (5 tests: short session,
long session, missing transcript, malformed stdin, env var fallback)
and suggest-compact.js (5 tests: counter increment, threshold trigger,
periodic suggestions, below-threshold silence, invalid threshold).
- post-edit-typecheck: verify 25-level-deep directory completes without
hanging (tests the max depth=20 walk-up guard)
- cleanupAliases: document behavior when sessionExists callback throws
(propagates to caller, which is acceptable)
Tests the new transcript parsing from PR #215:
- entry.message.content format (string and array content)
- tool_use blocks nested in assistant message content arrays
- Verifies file paths and tool names extracted from both formats
The test was using 'claude-sonnet-4-5-20250929' which isn't in VALID_MODELS
(haiku/sonnet/opus). Use 'sonnet' with a description field containing
colons to properly test colon handling in frontmatter values.
Windows cmd.exe treats single quotes literally, so `echo '...' | node -e '...'`
fails. Switched to execFileSync with the `input` option to pipe stdin data
directly without shell quoting issues.
