diff --git a/autoplan/SKILL.md b/autoplan/SKILL.md index 5f8b5013..54a8f213 100644 --- a/autoplan/SKILL.md +++ b/autoplan/SKILL.md @@ -408,6 +408,7 @@ If the Read fails (file not found), say: After /office-hours completes, re-run the design doc check: ```bash +setopt +o nomatch 2>/dev/null || true # zsh compat SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)") BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-' || echo 'no-branch') DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1) diff --git a/package.json b/package.json index 76b58e81..aa5fcfb9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "gstack", - "version": "0.12.8.0", + "version": "0.12.8.1", "description": "Garry's Stack — Claude Code skills + fast headless browser. One repo, one install, entire AI engineering workflow.", "license": "MIT", "type": "module", diff --git a/plan-ceo-review/SKILL.md b/plan-ceo-review/SKILL.md index 4ad8675e..60441158 100644 --- a/plan-ceo-review/SKILL.md +++ b/plan-ceo-review/SKILL.md @@ -511,6 +511,7 @@ If the Read fails (file not found), say: After /office-hours completes, re-run the design doc check: ```bash +setopt +o nomatch 2>/dev/null || true # zsh compat SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)") BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-' || echo 'no-branch') DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1) diff --git a/plan-eng-review/SKILL.md b/plan-eng-review/SKILL.md index aae85f6b..e9997d84 100644 --- a/plan-eng-review/SKILL.md +++ b/plan-eng-review/SKILL.md @@ -421,6 +421,7 @@ If the Read fails (file not found), say: After /office-hours completes, re-run the design doc check: ```bash +setopt +o nomatch 2>/dev/null || true # zsh compat SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)") BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-' || echo 'no-branch') DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1) diff --git a/review/SKILL.md b/review/SKILL.md index 15940663..b06e38e2 100644 --- a/review/SKILL.md +++ b/review/SKILL.md @@ -394,6 +394,7 @@ Before reviewing code quality, check: **did they build what was requested — no 2. **Content-based search (fallback):** If no plan file is referenced in conversation context, search by content: ```bash +setopt +o nomatch 2>/dev/null || true # zsh compat BRANCH=$(git branch --show-current 2>/dev/null | tr '/' '-') REPO=$(basename "$(git rev-parse --show-toplevel 2>/dev/null)") # Search common plan file locations diff --git a/scripts/resolvers/review.ts b/scripts/resolvers/review.ts index a4963b13..bf09a528 100644 --- a/scripts/resolvers/review.ts +++ b/scripts/resolvers/review.ts @@ -233,6 +233,7 @@ If the Read fails (file not found), say: After /${first} completes, re-run the design doc check: \`\`\`bash +setopt +o nomatch 2>/dev/null || true # zsh compat SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)") BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-' || echo 'no-branch') DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1) @@ -614,6 +615,7 @@ function generatePlanFileDiscovery(): string { 2. **Content-based search (fallback):** If no plan file is referenced in conversation context, search by content: \`\`\`bash +setopt +o nomatch 2>/dev/null || true # zsh compat BRANCH=$(git branch --show-current 2>/dev/null | tr '/' '-') REPO=$(basename "$(git rev-parse --show-toplevel 2>/dev/null)") # Search common plan file locations diff --git a/ship/SKILL.md b/ship/SKILL.md index 946e870c..f3f2ec01 100644 --- a/ship/SKILL.md +++ b/ship/SKILL.md @@ -1126,6 +1126,7 @@ Repo: {owner/repo} 2. **Content-based search (fallback):** If no plan file is referenced in conversation context, search by content: ```bash +setopt +o nomatch 2>/dev/null || true # zsh compat BRANCH=$(git branch --show-current 2>/dev/null | tr '/' '-') REPO=$(basename "$(git rev-parse --show-toplevel 2>/dev/null)") # Search common plan file locations diff --git a/test/gen-skill-docs.test.ts b/test/gen-skill-docs.test.ts index a4262458..cac45ec7 100644 --- a/test/gen-skill-docs.test.ts +++ b/test/gen-skill-docs.test.ts @@ -263,6 +263,43 @@ describe('gen-skill-docs', () => { } }); + test('bash blocks with shell globs are zsh-safe (setopt guard or find)', () => { + for (const skill of ALL_SKILLS) { + const content = fs.readFileSync(path.join(ROOT, skill.dir, 'SKILL.md'), 'utf-8'); + const bashBlocks = [...content.matchAll(/```bash\n([\s\S]*?)```/g)].map(m => m[1]); + + for (const block of bashBlocks) { + const lines = block.split('\n'); + + for (const line of lines) { + const trimmed = line.trimStart(); + if (trimmed.startsWith('#')) continue; + if (!trimmed.includes('*')) continue; + // Skip lines where * is inside find -name, git pathspecs, or $(find) + if (/\bfind\b/.test(trimmed)) continue; + if (/\bgit\b/.test(trimmed)) continue; + if (/\$\(find\b/.test(trimmed)) continue; + + // Check 1: "for VAR in " must use $(find ...) — caught above by the + // $(find check, so any surviving for-in with a glob pattern is a violation + if (/\bfor\s+\w+\s+in\b/.test(trimmed) && /\*\./.test(trimmed)) { + throw new Error( + `Unsafe for-in glob in ${skill.dir}/SKILL.md: "${trimmed}". ` + + `Use \`for f in $(find ... -name '*.ext')\` for zsh compatibility.` + ); + } + + // Check 2: ls/cat/rm/grep with glob file args must have setopt guard + const isGlobCmd = /\b(?:ls|cat|rm|grep)\b/.test(trimmed) && + /(?:\/\*[a-z.*]|\*\.[a-z])/.test(trimmed); + if (isGlobCmd) { + expect(block).toContain('setopt +o nomatch'); + } + } + } + } + }); + test('preamble-using skills have correct skill name in telemetry', () => { const PREAMBLE_SKILLS = [ { dir: '.', name: 'gstack' },