* fix(scripts): harden bash scripts with escape, compat, and cleanup fixes
- common.sh: complete RFC 8259 JSON escape (\b, \f, strip control chars)
- common.sh: distinguish python3 success-empty vs failure in resolve_template
- check-prerequisites.sh: escape doc names through json_escape in fallback path
- create-new-feature.sh: remove duplicate json_escape (already in common.sh)
- create-new-feature.sh: warn on stderr when spec template is not found
- update-agent-context.sh: move nested function to top-level for bash 3.2 compat
* fix(scripts): explicit resolve_template return code and best-effort agent updates
- common.sh: resolve_template now returns 1 when no template is found,
making the "not found" case explicit instead of relying on empty stdout
- setup-plan.sh, create-new-feature.sh: add || true to resolve_template
calls so set -e does not abort on missing templates (non-fatal)
- update-agent-context.sh: accumulate errors in update_all_existing_agents
instead of silently discarding them — all agents are attempted and the
composite result is returned, matching the PowerShell equivalent behavior
* style(scripts): add clarifying comment in resolve_template preset branch
* fix(scripts): wrap python3 call in if-condition to prevent set -e abort
Move the python3 command substitution in resolve_template into an
if-condition so that a non-zero exit (e.g. invalid .registry JSON)
does not abort the function under set -e. The fallback directory
scan now executes as intended regardless of caller errexit settings.
* fix(scripts): track agent file existence before update and avoid top-level globals
- _update_if_new now records the path and sets _found_agent before calling
update_agent_file, so that failures do not cause duplicate attempts on
aliased paths (AMP/KIRO/BOB -> AGENTS_FILE) or false "no agent files
found" fallback triggers
- Remove top-level initialisation of _updated_paths and _found_agent;
they are now created exclusively inside update_all_existing_agents,
keeping the script side-effect free when sourced
- Replace eval of unquoted get_feature_paths output with safe pattern:
capture into variable, check return code, then eval quoted result
- Use printf '%q' in get_feature_paths to safely emit shell assignments,
preventing injection via paths containing quotes or metacharacters
- Add json_escape() helper for printf JSON fallback paths, handling
backslash, double-quote, and control characters when jq is unavailable
- Use jq -cn for safe JSON construction with proper escaping when
available, with printf + json_escape() fallback
- Replace declare -A (bash 4+) with indexed array for bash 3.2
compatibility (macOS default)
- Use inline command -v jq check in create-new-feature.sh since it
does not source common.sh
- Guard trap cleanup against re-entrant invocation by disarming traps
at entry
- Use printf '%q' for shell-escaped branch names in user-facing output
- Return failure instead of silently returning wrong path on ambiguous
spec directory matches
- Deduplicate agent file updates via realpath to prevent multiple writes
to the same file (e.g. AGENTS.md aliased by multiple variables)
When --number 027 was passed, printf '%03d' interpreted it as octal,
converting 027 (octal) to 23 (decimal). Now forces base-10 with 10# prefix.
Bug: User passes --number 027, gets feature 023 instead of 027
Root cause: printf %03d treats leading zeros as octal notation
Fix: Use $((10#$BRANCH_NUMBER)) to force decimal interpretation
Example:
- Before: --number 027 → octal 027 → decimal 23 → feature 023
- After: --number 027 → decimal 27 → feature 027
Note: PowerShell version does not have this bug because [int] type
conversion in PowerShell does not treat leading zeros as octal.
The check_existing_branches (bash) and Get-NextBranchNumber (PowerShell)
functions no longer use the short_name parameter since they now find the
global maximum across ALL features. This commit:
1. Removes the unused parameter from function signatures
2. Updates all call sites to not pass the parameter
This prevents the scripts from failing when the function is called with
the wrong number of arguments.
The check_existing_branches (bash) and Get-NextBranchNumber (PowerShell)
functions were only looking for branches/specs matching the SAME short name
when determining the next feature number. This caused collisions where
multiple features could be assigned the same number if they had different
short names.
For example, if feature 023-ci-optimization existed, creating a new feature
with a different short name would incorrectly use 001 instead of 024.
This fix changes both functions to:
1. Use get_highest_from_branches() / Get-HighestNumberFromBranches to find
the highest number across ALL branches globally
2. Use get_highest_from_specs() / Get-HighestNumberFromSpecs to find the
highest number across ALL spec directories globally
3. Return the maximum of both + 1
The helper functions already existed but were not being used. This fix
properly utilizes them to ensure features are numbered sequentially
regardless of their short names.
Issue: Branch number collisions when creating features with different names
Impact: Prevents multiple features from sharing the same number prefix
Refactored both Bash and PowerShell create-new-feature scripts to modularize and deduplicate logic for determining the next feature number, including new helper functions for extracting the highest number from specs and branches. Improved branch name cleaning and generation. In update-agent-context scripts, removed redundant updates to AGENTS.md for Copilot, streamlining agent update logic.
- Use git ls-remote for more reliable remote branch detection
- Check remote branches, local branches, AND specs directories
- Match exact short-name pattern to avoid false positives
- Ensures no duplicate numbers across all sources
- Add --number parameter to create-new-feature scripts (bash & PowerShell)
- Add check_existing_branches() function to fetch and scan remote branches
- Update branch numbering logic to check remotes before creating new branches
- Update /speckit.specify command to document remote branch checking workflow
- Prevents duplicate branch numbers when branches exist on remotes but not locally
- Maintains backward compatibility with existing workflows
- Falls back to local directory scanning when Git is not available
Fix two critical bugs in the argument parsing logic that caused incorrect
behavior when --short-name parameter was used:
1. **Index offset bug**: The loop started at i=0 and used i < $#, which
incorrectly processed $0 (script name) as the first argument and
skipped the last actual parameter. Changed to i=1 and i <= $# to
properly iterate through actual command-line arguments ($1 to $#).
2. **Boundary condition bug**: The condition `[ $((i + 1)) -ge $# ]`
incorrectly flagged valid arguments as missing. When --short-name was
at position $#-1, the next position $# was valid but treated as
out-of-bounds. Changed to `[ $((i + 1)) -gt $# ]` for correct validation.
3. **Enhanced validation**: Added check to ensure --short-name value is
not another option (doesn't start with --).
**Before**:
- `script --json "desc" --short-name "test"` → Error: requires a value
- `script --json "desc1" "desc2" --short-name` → Generated wrong branch name
**After**:
- `script --json "desc" --short-name "test"` → Works correctly
- `script --json "desc1" "desc2" --short-name` → Proper error message
This ensures the script correctly supports both parameter orders:
- `[--json] [--short-name <name>] <feature_description>`
- `[--json] <feature_description> [--short-name <name>]`
