Improve pull request flow, add branch selection for worktree creation, fix auto-mode concurrency count (#787)

* Changes from fix/fetch-before-pull-fetch * feat: Improve pull request flow, add branch selection for worktree creation, fix for automode concurrency count * feat: Add validation for remote names and improve error handling * Address PR comments and mobile layout fixes * ``` refactor: Extract PR target resolution logic into dedicated service ``` * feat: Add app shell UI and improve service imports. Address PR comments * fix: Improve security validation and cache handling in git operations * feat: Add GET /list endpoint and improve parameter handling * chore: Improve validation, accessibility, and error handling across apps * chore: Format vite server port configuration * fix: Add error handling for gh pr list command and improve offline fallbacks * fix: Preserve existing PR creation time and improve remote handling
2026-03-22 11:43:07 +00:00 · 2026-02-19 21:55:12 -08:00
parent ee52333636
commit 7df2182818
80 changed files with 4729 additions and 1107 deletions
--- a/apps/server/src/routes/worktree/common.ts
+++ b/apps/server/src/routes/worktree/common.ts
@@ -2,7 +2,12 @@
 * Common utilities for worktree routes
 */

-import { createLogger, isValidBranchName, MAX_BRANCH_NAME_LENGTH } from '@automaker/utils';
+import {
+  createLogger,
+  isValidBranchName,
+  isValidRemoteName,
+  MAX_BRANCH_NAME_LENGTH,
+} from '@automaker/utils';
 import { exec } from 'child_process';
 import { promisify } from 'util';
 import { getErrorMessage as getErrorMessageShared, createLogError } from '../common.js';
@@ -16,7 +21,7 @@ export const execAsync = promisify(exec);

 // Re-export git validation utilities from the canonical shared module so
 // existing consumers that import from this file continue to work.
-export { isValidBranchName, MAX_BRANCH_NAME_LENGTH };
+export { isValidBranchName, isValidRemoteName, MAX_BRANCH_NAME_LENGTH };

 // ============================================================================
 // Extended PATH configuration for Electron apps
@@ -60,25 +65,6 @@ export const execEnv = {
  PATH: extendedPath,
 };

-/**
- * Validate git remote name to prevent command injection.
- * Matches the strict validation used in add-remote.ts:
- * - Rejects empty strings and names that are too long
- * - Disallows names that start with '-' or '.'
- * - Forbids the substring '..'
- * - Rejects '/' characters
- * - Rejects NUL bytes
- * - Must consist only of alphanumerics, hyphens, underscores, and dots
- */
-export function isValidRemoteName(name: string): boolean {
-  if (!name || name.length === 0 || name.length >= MAX_BRANCH_NAME_LENGTH) return false;
-  if (name.startsWith('-') || name.startsWith('.')) return false;
-  if (name.includes('..')) return false;
-  if (name.includes('/')) return false;
-  if (name.includes('\0')) return false;
-  return /^[a-zA-Z0-9._-]+$/.test(name);
-}
-
 /**
 * Check if gh CLI is available on the system
 */