Treehouse Worktree

IMPROVEMENTS.md•4.89 kB

# Treehouse Improvements Summary This document summarizes all the improvements made to the treehouse-worktree project. ## Completed Improvements ### High Priority (Security & Critical Issues) ✅ 1. **LICENSE File Added** - Added proper MIT license file - File: `LICENSE` 2. **ESLint Configuration** - Installed ESLint with TypeScript support - Created ESLint 9-compatible config - All linting checks pass - Files: `eslint.config.js`, updated `package.json` 3. **Input Validation with Zod** - Added comprehensive validation for all user inputs - Prevents path traversal attacks - Validates worktree names, branch names, agent IDs, messages, and lock expiry times - File: `src/utils/validation.ts` - Applied in: `src/treehouse.ts` 4. **Fixed Command Injection Vulnerability** - Replaced string interpolation with environment variables - `ROOT_WORKTREE_PATH` now passed as env var instead of string replacement - Updated documentation to reflect the change - Files: `src/treehouse.ts`, `README.md` 5. **Windows Compatibility Fixed** - Replaced Unix-only `du` command with cross-platform `get-folder-size` package - Clean command now works on Windows, macOS, and Linux - File: `src/treehouse.ts` 6. **Test Infrastructure Added** - Vitest test framework installed and configured - 38 passing tests for validation logic - Test coverage reporting configured - Files: `vitest.config.ts`, `src/__tests__/validation.test.ts`, updated `package.json` ### Medium Priority ✅ 7. **Git Version Check** - Added version detection and validation - Ensures git 2.5+ is available (required for worktrees) - Clear error messages for unsupported versions - Files: `src/utils/git.ts`, `src/treehouse.ts` 8. **Magic Strings Replaced with Constants** - Added constants for `BRANCH_CURRENT`, `DEFAULT_AGENT_ID` - Added `ConflictStrategy` object for strategy types - Improves maintainability and reduces errors - File: `src/types.ts` 9. **CHANGELOG.md Added** - Follows Keep a Changelog format - Documents all changes in this update - File: `CHANGELOG.md` 10. **GitHub Actions CI/CD** - CI workflow tests on multiple OS (Ubuntu, macOS, Windows) and Node versions (18, 20, 22) - Automated npm publishing on release - Code coverage reporting - Files: `.github/workflows/ci.yml`, `.github/workflows/publish.yml` ### Low Priority ✅ 11. **CONTRIBUTING.md Added** - Clear contribution guidelines - Development setup instructions - Code style guidelines - File: `CONTRIBUTING.md` 12. **Troubleshooting Section in README** - Common issues and solutions - Platform-specific guidance - Help resources - File: `README.md` 13. **Improved .gitignore** - Added coverage directories - Added IDE and OS-specific files - File: `.gitignore` ## Pending Improvements (Optional) These weren't critical but could be addressed in future updates: 14. **Error Handling Consistency** - Currently mix of thrown errors and result objects - Could standardize to one approach 15. **Metadata Storage Location** - Currently in `.git/treehouse-metadata.json` - Could move to `.git/info/` for better compatibility ## Testing Summary - ✅ All tests pass (38/38) - ✅ Build successful - ✅ Linting passes with no errors - ✅ TypeScript compilation successful ## New Dependencies ### Production - `get-folder-size`: ^5.0.0 (cross-platform directory size calculation) ### Development - `eslint`: ^9.39.1 - `@typescript-eslint/eslint-plugin`: ^8.48.1 - `@typescript-eslint/parser`: ^8.48.1 - `vitest`: ^4.0.15 - `@vitest/ui`: ^4.0.15 - `@types/get-folder-size`: ^3.0.4 ## Package.json Updates New scripts added: - `test`: Run tests once - `test:watch`: Run tests in watch mode - `test:ui`: Run tests with UI - `test:coverage`: Run tests with coverage report - `lint`: Run ESLint ## Security Improvements 1. **Input validation** prevents malicious inputs 2. **Command injection** vulnerability fixed 3. **Path traversal** attacks prevented 4. **Git version check** ensures compatible version ## Before Publishing Checklist - [ ] Update version in `package.json` - [ ] Update `CHANGELOG.md` with release date - [ ] Test on all three platforms (Ubuntu, macOS, Windows) - [ ] Create git tag for release - [ ] Push to GitHub - [ ] Create GitHub release - [ ] CI will automatically publish to npm ## Breaking Changes None! All changes are backward compatible. ## Documentation Updates - README.md: Updated setup commands documentation, added troubleshooting section - Added CHANGELOG.md - Added CONTRIBUTING.md - Added LICENSE ## Conclusion The project is now significantly more robust, secure, and maintainable. All critical security issues have been addressed, and the project follows modern best practices for TypeScript/Node.js projects.

Loading blob content...

Latest Blog Posts

What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mark-hingston/treehouse-worktree'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

IMPROVEMENTS.md•4.89 kB