You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added comprehensive unit tests for all exported functions in src/git/diff.ts using Node's built-in node:test and node:assert/strict.
Why
Git operations are central to the tool but had no test coverage. These tests validate the core git interaction layer in isolated temporary repositories.
Test coverage
checkGitRepo() — returns successfully inside a git repo, throws outside
getStagedDiff() — returns diff when staged, empty when nothing staged
getUnstagedDiff() — detects unstaged changes on tracked files
commit() — returns hash and summary, works with body, throws on empty commit
getRepoRoot() — returns the absolute path of the repository root
Testing
npm run build && node --test tests/git-diff.test.mjs — all 9 tests pass
Covers all exported functions: checkGitRepo, getStagedDiff,
getUnstagedDiff, commit, and getRepoRoot. Each test creates
isolated temporary git repos via mkdtempSync + git init.
The reason will be displayed to describe this comment to others. Learn more.
Review: PR #76 — test: add unit tests for src/git/diff.ts
Author
lb1192176991-lab
Base → Head
main → feat/git-diff-tests
Files changed
2 (+165 / -2)
State
Open
Overview ✅
The PR title and description clearly explain what (add unit tests for src/git/diff.ts) and why (git operations are central but had no coverage). Scope is focused — tests plus a minor refactor to the commit() return type. Size is manageable at 165 additions.
Correctness & Logic — ⚠️ Blocking
1. commit() return type change breaks all callers
The function signature changed from return string to return CommitResult (an object), but the two call sites in src/commands/suggest.ts were not updated:
Line 149 (auto path): result.trim() — .trim() on an object will throw at runtime.
Line 210 (interactive path): result.trim() — same issue.
Both need to become result.raw.trim() (or result.raw).
2. Existing test will break
tests/commit-echo.test.mjs does console.log(out) where out is the return value of commit(). With the new object return type, this prints [object Object] instead of the raw git output string, causing assertions like res.stdout.includes(title) to fail. The test runner needs console.log(out.raw).
Code Quality & Maintainability — Comment
3. Regex parsing of git output is fragile
The regex /[\[\S+(?:\s+\([^)]+\))?\s+([a-f0-9]+)\]\s+(.+)/ targets the standard [branch hash] summary format, but git output varies by detached HEAD state, rebase/merge states, non-English locale, and custom format.pretty overrides. A mismatch silently produces hash: undefined, summary: undefined. Consider adding a fallback when the regex doesn't match.
Testing ✅
The test suite itself is well-structured:
Isolated environments: Each test creates a temp dir, initializes a real git repo, and cleans up via try/finally — clean and reliable.
Coverage: All 5 exported functions are tested (9 tests) covering happy paths and error paths.
Error cases: checkGitRepo() throws outside a repo, commit() throws when nothing is staged, getStagedDiff() returns empty when nothing is staged.
No concerns. No new dependencies, no security-sensitive changes.
Verdict: Request changes
Must fix before merge:
Update src/commands/suggest.ts lines 149 and 210 to use result.raw instead of bare result (since .trim() is called on the value).
Update tests/commit-echo.test.mjs to handle the new CommitResult return type (change console.log(out) to console.log(out.raw)).
Recommended (non-blocking):
3. Add a fallback in commit() when the regex doesn't match the git output format, so hash and summary are explicitly undefined rather than silently failing.
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
The PR introduces a comprehensive test suite and refactors git utility functions, but several issues prevent it from meeting quality standards. Codacy analysis indicates the PR is not up to standards due to new quality and security issues. Key concerns include a breaking change to the commit function API that is not explicitly documented as such, and the use of fragile regex for parsing human-readable git porcelain output which is susceptible to ReDoS and fails in detached HEAD states. Additionally, the test suite introduces global state side effects and resource leaks that could affect CI stability. Addressing these architectural and security concerns is required before merging.
About this PR
Multiple functions rely on parsing human-readable git output (porcelain). This is fragile as output varies between Git versions and system locales. It is recommended to use plumbing commands (e.g., git rev-parse) which are designed for programmatic consumption.
The refactoring of the commit function introduces a breaking change to the public API by changing the return type from a string to an object. This should be explicitly documented in the PR description to alert consumers.
2 comments outside of the diffsrc/git/diff.ts
line 50 🔴 HIGH RISK
The file path used in writeFileSync is constructed from a variable, which triggers a security audit for potential path traversal. Ensure the resulting path is strictly validated or contained within the intended temporary directory.
line 17 🟡 MEDIUM RISK
Suggestion: Replace the logical OR (||) with the nullish coalescing operator (??) for safer default value assignment when handling errors. Note that if stderr is an empty string, the error message will now be empty.
throw new Error(stderr ?? 'Not a git repository');
Test suggestions
checkGitRepo returns successfully when inside a git repository
checkGitRepo throws an error when executed outside a git repository
getStagedDiff returns a DiffResult with content and hasChanges=true when changes are staged
getStagedDiff returns empty string and hasChanges=false when no changes are staged
getUnstagedDiff detects modifications to tracked files
commit successfully creates a commit and returns the hash and summary line
commit correctly incorporates an optional body into the full commit message
commit throws an error when there are no changes to commit
getRepoRoot returns the correct absolute path to the initialized repository
The reason will be displayed to describe this comment to others. Learn more.
🔴 HIGH RISK
The regular expression used to parse git commit output is both fragile and insecure. It will fail to match branch descriptions in a 'detached HEAD' state (where branch names contain spaces) and is susceptible to ReDoS (Regular Expression Denial of Service) due to its structure. It is safer to use a non-greedy approach or, preferably, use plumbing commands like git rev-parse HEAD for reliable results.
The reason will be displayed to describe this comment to others. Learn more.
🟡 MEDIUM RISK
Suggestion: Using process.chdir() modifies the global state of the Node.js process, which prevents parallel test execution and can cause race conditions. Additionally, temporary directories created with mkdtempSync are not cleaned up, leading to resource leaks. Consider refactoring functions to accept a cwd parameter and using a finally block with fs.rmSync for cleanup.
The reason will be displayed to describe this comment to others. Learn more.
⚪ LOW RISK
Nitpick: Asserting that the hash length is exactly 7 is fragile as short hashes can vary in length. Validate that it is a valid hex string of at least 7 characters instead.
Suggested change
assert.equal(result.hash.length,7);
assert.ok(/^[a-f0-9]{7,}$/.test(result.hash),'commit should return a valid hex hash');
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
404-Page-Found
left a comment
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
What
Added comprehensive unit tests for all exported functions in
src/git/diff.tsusing Node's built-innode:testandnode:assert/strict.Why
Git operations are central to the tool but had no test coverage. These tests validate the core git interaction layer in isolated temporary repositories.
Test coverage
checkGitRepo()— returns successfully inside a git repo, throws outsidegetStagedDiff()— returns diff when staged, empty when nothing stagedgetUnstagedDiff()— detects unstaged changes on tracked filescommit()— returns hash and summary, works with body, throws on empty commitgetRepoRoot()— returns the absolute path of the repository rootTesting
npm run build && node --test tests/git-diff.test.mjs— all 9 tests pass