lucasmodrich
diff --git a/‎CLAUDE.md‎
Lines changed: 96 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎PROJECT_TODO.md‎
Lines changed: 284 additions & 0 deletions b/‎PROJECT_TODO.md‎
Lines changed: 284 additions & 0 deletions
@@ -0,0 +1,96 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Overview
+
+This repository contains `git-worktree-manager.sh`, a self-updating Bash script that simplifies Git worktree management using a bare clone + worktree workflow. The script provides commands for repository setup, branch creation, worktree management, and self-updating.
+
+## Key Architecture
+
+### Core Components
+
+1. **Main Script**: `git-worktree-manager.sh` - A monolithic Bash script (400+ lines) containing all functionality
+   - Uses semantic versioning with self-upgrade capability
+   - Script version is hardcoded at line 5: `SCRIPT_VERSION="1.1.7"`
+   - Self-installs to `$HOME/.git-worktree-manager/`
+
+2. **Workflow Structure**: Creates and manages the following directory structure:
+   ```
+   <repo-name>/
+   ├── .bare/             # Bare repository clone
+   ├── .git               # Points to .bare
+   └── <branches>/        # Individual worktrees for each branch
+   ```
+
+3. **Version Management**:
+   - Implements custom semantic version comparison function (`version_gt()`)
+   - Fetches latest version from GitHub for upgrade checks
+   - VERSION file tracks current release version
+
+## Common Commands
+
+### Testing
+```bash
+# Run version comparison tests
+./tests/version_compare_tests.sh
+```
+
+### Release Process
+```bash
+# Install dependencies (for local testing of release process)
+npm ci
+
+# The actual release is automated via GitHub Actions when pushing to main
+# Semantic Release handles versioning, changelog, and GitHub releases
+```
+
+### Script Development
+```bash
+# Make script executable
+chmod +x git-worktree-manager.sh
+
+# Test script locally
+./git-worktree-manager.sh --help
+
+# Version check
+./git-worktree-manager.sh --version
+
+# Self-upgrade (fetches from GitHub main branch)
+./git-worktree-manager.sh --upgrade
+```
+
+## Release Configuration
+
+The project uses semantic-release for automated versioning:
+- **release.config.js**: Configures semantic-release plugins
+- Automatically updates:
+  - SCRIPT_VERSION in git-worktree-manager.sh
+  - VERSION file
+  - CHANGELOG.md
+- Creates GitHub releases with the script as an asset
+- GitHub Actions workflow (`.github/workflows/release.yml`) triggers on main branch pushes
+
+## Important Implementation Details
+
+1. **Version Comparison Logic**: The `version_gt()` function (lines 17-111) implements full semantic versioning comparison including prerelease precedence rules
+
+2. **Self-Upgrade Mechanism**:
+   - Fetches script from `https://raw.githubusercontent.com/lucasmodrich/git-worktree-manager/refs/heads/main/git-worktree-manager.sh`
+   - Compares versions before replacing
+   - Preserves executable permissions
+
+3. **Error Handling**: Uses `set -e` for strict error handling throughout the script
+
+4. **Git Worktree Operations**:
+   - Full setup from GitHub using org/repo shorthand
+   - Branch creation with automatic remote push
+   - Worktree listing, pruning, and removal
+   - Configures fetch to include all remote refs
+
+## Development Notes
+
+- The script is designed to be self-contained with no external dependencies beyond standard Unix tools and Git
+- All functionality is in a single file for easy distribution
+- The script assumes `$HOME/.git-worktree-manager/` as its installation directory (hardcoded)
+- Uses bash-specific features, requires bash shell (not sh-compatible)
@@ -0,0 +1,284 @@
+# Project Review TODO List
+
+## Review Status
+- **Date Started**: 2025-09-18
+- **Reviewer**: Claude Code + Team
+- **Project**: git-worktree-manager
+
+## Review Categories
+
+### 🔍 Code Quality & Structure
+- [ ] Review main script structure and organization
+- [ ] Check function naming and consistency
+- [ ] Evaluate code readability and comments
+- [ ] Assess variable naming conventions
+- [ ] Review use of global vs local variables
+
+### 🛡️ Error Handling & Robustness
+- [ ] Review error handling patterns
+- [ ] Check for unhandled edge cases
+- [ ] Validate input sanitization
+- [ ] Review exit codes usage
+- [ ] Check for potential race conditions
+
+### 🔧 Functionality & Features
+- [ ] Test all command-line options
+- [ ] Verify upgrade mechanism
+- [ ] Check version comparison logic
+- [ ] Review git operations safety
+- [ ] Validate worktree management logic
+
+### 📦 Portability & Dependencies
+- [ ] Check bash version requirements
+- [ ] Review OS compatibility (Linux/macOS)
+- [ ] Verify git version requirements
+- [ ] Check for non-standard tool dependencies
+
+### 🧪 Testing
+- [ ] Review existing test coverage
+- [ ] Identify missing test cases
+- [ ] Suggest test improvements
+- [ ] Check test automation
+
+### 📚 Documentation
+- [ ] README completeness
+- [ ] Help text accuracy
+- [ ] Installation instructions clarity
+- [ ] Usage examples adequacy
+
+### 🚀 Release & CI/CD
+- [ ] Review semantic-release configuration
+- [ ] Check GitHub Actions workflow
+- [ ] Validate versioning strategy
+- [ ] Review release assets
+
+### 🔒 Security
+- [ ] Check for command injection vulnerabilities
+- [ ] Review file permission handling
+- [ ] Validate URL handling
+- [ ] Check for sensitive data exposure
+
+## Findings & Issues
+
+### High Priority Issues
+
+1. **Typo in LICENCE file download (Line 241)**
+   - Script downloads to "LICENCE" but standard is "LICENSE"
+   - This could break expectations for users looking for license file
+
+2. **Missing error handling for curl failures**
+   - Lines 197, 233, 237-241: No check if curl commands succeed
+   - Could lead to corrupt or missing files during upgrade
+
+3. **Potential command injection vulnerability**
+   - Line 344: `REPO_NAME=$(basename -s .git "$REPO_PATH")` uses unsanitized input
+   - Lines 346-347: mkdir/cd with unsanitized `$REPO_NAME`
+
+4. **No validation of GitHub repo format**
+   - Script accepts any input as org/repo without validation
+   - Could lead to unexpected behavior with malformed inputs
+
+### Medium Priority Issues
+
+1. **Hardcoded installation directory**
+   - `SCRIPT_FOLDER="$HOME/.git-worktree-manager"` is inflexible
+   - Users might want to install elsewhere
+
+2. **Silent curl failures in upgrade**
+   - Using `curl -s` hides potential network errors
+   - Should provide feedback on download progress/failures
+
+3. **IFS not properly restored**
+   - Lines 44-45, 72-73: IFS modified but not saved/restored
+   - Could affect subsequent code if script is sourced
+
+4. **Missing quotes in some variable expansions**
+   - Potential word splitting issues in edge cases
+
+5. **Commented debug line left in code**
+   - Line 234: Commented mv command suggests incomplete refactoring
+
+### Low Priority Issues / Improvements
+
+1. **Inconsistent error exit codes**
+   - Sometimes exit 1, sometimes exit 0 on errors
+   - Should standardize error codes
+
+2. **Mixed string comparison styles**
+   - Uses both `==` and `=` for string comparison
+   - Should be consistent (prefer `=` for POSIX compatibility)
+
+3. **version_gt function complexity**
+   - 100+ lines for version comparison
+   - Consider using existing tools or simplifying
+
+4. **No shellcheck directive**
+   - Adding shellcheck directives would help maintain quality
+
+5. **Limited test coverage**
+   - Only version comparison is tested
+   - Need tests for core functionality
+
+### Questions for Discussion
+
+1. **Why is the installation directory hardcoded?**
+   - Should we make it configurable via environment variable?
+
+2. **Should we add a --dry-run option?**
+   - Would help users preview actions before execution
+
+3. **Remote branch deletion on --remove?**
+   - Currently only deletes local branch
+   - Should we offer option to delete remote too?
+
+4. **Dependency on bash-specific features**
+   - Script uses arrays and bash-specific syntax
+   - Is POSIX sh compatibility desired?
+
+5. **Error recovery strategy**
+   - Should script attempt to rollback on failures?
+
+## Proposed Improvements
+
+### Short-term (Quick Wins)
+1. Fix LICENCE typo → LICENSE
+2. Add error checking for curl commands
+3. Remove commented code (line 234)
+4. Add input validation for repo format
+5. Add shellcheck directives
+6. Standardize exit codes (1 for errors, 0 for success)
+7. Fix IFS save/restore pattern
+
+### Medium-term
+1. Make installation directory configurable
+2. Add --dry-run option for preview mode
+3. Improve error messages with actionable feedback
+4. Add progress indicators for long operations
+5. Create comprehensive test suite
+6. Add GitHub Actions for testing PRs
+7. Implement proper logging mechanism
+
+### Long-term
+1. Consider modularizing the script into functions
+2. Add support for other Git hosting platforms
+3. Implement configuration file support
+4. Add interactive mode for guided setup
+5. Consider rewriting critical sections for POSIX compatibility
+6. Add command completion support
+
+## Progress Log
+
+### Session 1 - Complete Code Review & Improvements ✅
+
+#### 🔍 Analysis Phase
+- Created PROJECT_TODO.md with structured review categories
+- Conducted comprehensive code analysis identifying 20+ issues
+- Analyzed semantic release configuration
+- Documented findings with priority classification
+
+#### 🚀 Implementation Phase
+**High-Priority Fixes:**
+- ✅ Fixed LICENCE → LICENSE typo (prevents release failures)
+- ✅ Added comprehensive curl error handling with progress feedback
+- ✅ Added input validation to prevent command injection vulnerabilities
+- ✅ Removed commented debug code
+
+**Feature Enhancements:**
+- ✅ Made installation directory configurable via GIT_WORKTREE_MANAGER_HOME
+- ✅ Added --dry-run option for safe action previews
+- ✅ Enhanced --remove with optional --remote flag for complete cleanup
+- ✅ Improved help text with all new options and examples
+
+**Code Quality Improvements:**
+- ✅ Fixed IFS save/restore pattern to prevent side effects
+- ✅ Added repository format validation with clear error messages
+- ✅ Enhanced user experience with emojis and clear feedback
+- ✅ Maintained 100% backward compatibility
+
+#### 🧪 Testing Infrastructure
+- ✅ Created comprehensive test suite (33 tests, 100% passing)
+- ✅ Added input validation tests (15 test cases)
+- ✅ Added dry-run functionality tests (3 test cases)
+- ✅ Created unified test runner with clear reporting
+- ✅ All existing version comparison tests continue passing
+
+#### 📚 Documentation Updates
+- ✅ Comprehensive README update with all new features
+- ✅ Added Testing, Security, Configuration, and Requirements sections
+- ✅ Updated flow diagrams to include dry-run and validation
+- ✅ Added advanced workflow examples
+- ✅ Documented environment variables and customization options
+
+#### 📊 Impact Summary
+**Before Review:**
+- 1 test file (version comparison only)
+- Hardcoded installation directory
+- Missing error handling for network operations
+- Potential security vulnerabilities
+- Limited user guidance
+
+**After Review:**
+- 4 test files with 33 comprehensive tests
+- Configurable installation directory
+- Robust error handling with user-friendly messages
+- Input validation preventing security issues
+- Extensive documentation and examples
+- New power-user features (dry-run, remote cleanup)
+
+### Semantic Release Analysis & Options
+
+**Current Setup (What's Working Well):**
+1. ✅ Conventional commit analysis working
+2. ✅ Automatic VERSION file creation
+3. ✅ Script version updating in source code
+4. ✅ GitHub releases with assets
+5. ✅ CHANGELOG.md generation
+6. ✅ Two-branch strategy (main + dev/beta)
+
+**Potential Areas for Discussion:**
+
+1. **Commit Types & Version Bumping:**
+   - Current: Uses default semantic-release rules
+   - Options:
+     - Add custom rules for script-specific changes
+     - Define what constitutes breaking changes for a CLI tool
+     - Consider patch vs minor for new features like --dry-run
+
+2. **Release Assets Strategy:**
+   - Current: Individual files + tarball
+   - Options:
+     - Single executable release
+     - Checksums for verification
+     - Multiple platform packages (if needed)
+
+3. **Branch Strategy:**
+   - Current: main (stable) + dev (beta prereleases)
+   - Options:
+     - Add hotfix branch support
+     - Release candidate workflow
+     - Keep current simple approach
+
+4. **Version Management:**
+   - Current: Updates script source directly
+   - Options:
+     - External version file only
+     - Git tags as source of truth
+     - Current approach (embedded version)
+
+5. **Release Notes Enhancement:**
+   - Current: Auto-generated from commits
+   - Options:
+     - Custom release note templates
+     - Migration guides for breaking changes
+     - Installation instructions in releases
+
+**My Recommendation:**
+The current setup is solid for a shell script project! Main considerations:
+- Should we be more specific about what constitutes breaking changes?
+- Would checksums add value for security-conscious users?
+- Is the current two-branch strategy meeting your needs?
+
+Which aspects would you like to explore further?
+
+---
+*This document will be updated throughout the review process*