- Remove deprecated dolt_server_port from metadata.json (stale Windows value causing auto-start suppression)
- Convert numeric comment IDs to strings in issues.jsonl (bd 0.61.0 schema requirement)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit removes the following directories from git tracking (not from disk):
- .agent/ - AI tool configs
- .agents/ - Agent skills
- .augment/ - Augment AI
- .beads/ - Runtime database
- .claude/ - Claude AI configs
- .cline/ - Cline AI configs
- .openhands/ - OpenHands AI
- .dolt/ - Dolt database
These are now properly gitignored and will not appear in the repository.
This is a MASSIVE cleanup removing 1500+ files from version control.
Critical Security Fixes:
- Fix command injection vulnerability in Windows shims (beadboard.cmd, bb.cmd)
- Added path validation to block traversal (.. and root-relative paths)
- Added quotes around env var to prevent command injection
Reliability Fixes:
- Fix agent cache null safety bug
- Fixed callBdAgentShow() to check for cache misses (null check, expiration)
- Fixed getCachedAgent to properly return entry.data or null
- Fix null body crashes in mail ack route
- Added null check before casting body to object
- Returns 400 error instead of 500 for invalid requests
BD Compliance Fixes:
- Fix read-issues to use BD audit record path
- Ensures all writes go through bd audit record
- Maintains watcher/SSE parity and Dolt commit tracking
Code Quality Fixes:
- Fix path canonicalization violations
- Use canonicalizeWindowsPath() and windowsPathKey() from pathing module
- Prevents Windows edge cases and ensures machine-reproducible paths
- Fix typo: mobile-fronted → mobile-frontend
- Pin GitHub Actions tags
- softprops/action-gh-release@v1 → specific commit hash
- Register pr14 test in package.json (already registered)
Testing:
- Refactor broad exception handlers in Python scripts
- Replace except Exception: with specific exceptions
- Allows KeyboardInterrupt and SystemExit to propagate correctly
- All tests passing
