Critical Security Fixes:
- Fix command injection vulnerability in Windows shims (beadboard.cmd, bb.cmd)
- Added path validation to block traversal (.. and root-relative paths)
- Added quotes around env var to prevent command injection
Reliability Fixes:
- Fix agent cache null safety bug
- Fixed callBdAgentShow() to check for cache misses (null check, expiration)
- Fixed getCachedAgent to properly return entry.data or null
- Fix null body crashes in mail ack route
- Added null check before casting body to object
- Returns 400 error instead of 500 for invalid requests
BD Compliance Fixes:
- Fix read-issues to use BD audit record path
- Ensures all writes go through bd audit record
- Maintains watcher/SSE parity and Dolt commit tracking
Code Quality Fixes:
- Fix path canonicalization violations
- Use canonicalizeWindowsPath() and windowsPathKey() from pathing module
- Prevents Windows edge cases and ensures machine-reproducible paths
- Fix typo: mobile-fronted → mobile-frontend
- Pin GitHub Actions tags
- softprops/action-gh-release@v1 → specific commit hash
- Register pr14 test in package.json (already registered)
Testing:
- Refactor broad exception handlers in Python scripts
- Replace except Exception: with specific exceptions
- Allows KeyboardInterrupt and SystemExit to propagate correctly
- All tests passing
## What changed
### scripts/bb-mail-shim.mjs (new)
Translates bd mail delegate calls into bb agent coordination commands.
bd mail delegates by prepending the configured command to all args, so
this shim bridges the interface mismatch between bd mail (gt-mail style)
and bb agent (--agent/--from flags required).
Command mappings:
bd mail inbox [...] → bb agent inbox --agent $BB_AGENT [...]
bd mail send --to foo [...] → bb agent send --from $BB_AGENT --to foo [...]
bd mail read <msg-id> → bb agent read --agent $BB_AGENT --message <msg-id>
bd mail ack <msg-id> → bb agent ack --agent $BB_AGENT --message <msg-id>
bd mail <other> [...] → bb agent <other> [...] (passthrough)
Agent identity injected automatically from BB_AGENT env var (primary) or
BD_ACTOR env var (fallback). Caller can override --from by supplying it
explicitly in bd mail send args. Falls back with clear error messages if
bb is not in PATH or BB_AGENT/BD_ACTOR is unset.
### scripts/session-preflight.mjs (updated)
Added mail delegate auto-configuration step after successful bb resolution:
- Calls: bd config set mail.delegate "node <abs-path-to-bb-mail-shim.mjs>"
- Uses absolute path to shim resolved relative to session-preflight.mjs
- Reports mail.configured + mail.delegate + usage note in output JSON
- Graceful failure if shim missing, bd config set fails, or bb not found
- Added mail: null to all error branches for consistent output shape
## Verification
Tested end-to-end on this machine:
export BB_AGENT=silver-scribe
node session-preflight.mjs # → ok:true, mail.configured:true
bd mail send --to silver-scribe --bead beadboard-izs.5 \
--category INFO --subject "test" --body "pipeline verified"
bd mail inbox # → Inbox (1): [msg_...] INFO: test
All commands exit 0. Delegate persisted via bd config get mail.delegate.
## Bead: beadboard-izs.5 (closed)
## Also closed: beadboard-izs.2 — bb agent already in global CLI (feat(cli) commit)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
