PR Review suggestions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
Signed-off-by: sallyom <[email protected]>

Author: sallyom

components/backend/crd/bugfix.go

@@ -3,6 +3,7 @@ package crd
 import (
 	"context"
 	"fmt"
+	"log"
 
 	"ambient-code-backend/types"
 
@@ -113,8 +114,16 @@ func GetProjectBugFixWorkflowCR(dyn dynamic.Interface, project, id string) (*typ
 
 	spec, found, _ := unstructured.NestedMap(obj.Object, "spec")
 	if found {
+		// Parse githubIssueNumber with type safety - handle both int64 and float64
+		// JSON unmarshaling can produce either depending on the source
 		if val, ok := spec["githubIssueNumber"].(int64); ok {
 			workflow.GithubIssueNumber = int(val)
+		} else if val, ok := spec["githubIssueNumber"].(float64); ok {
+			workflow.GithubIssueNumber = int(val)
+		} else if spec["githubIssueNumber"] != nil {
+			// Log warning if type assertion fails - helps debug unexpected types
+			log.Printf("Warning: githubIssueNumber has unexpected type %T in BugFixWorkflow %s/%s",
+				spec["githubIssueNumber"], project, id)
 		}
 		if val, ok := spec["githubIssueURL"].(string); ok {
 			workflow.GithubIssueURL = val
@@ -144,16 +153,22 @@ func GetProjectBugFixWorkflowCR(dyn dynamic.Interface, project, id string) (*typ
 			workflow.LastSyncedAt = &val
 		}
 
-		// Parse implementationRepo
+		// Parse implementationRepo (required field)
 		if implMap, ok := spec["implementationRepo"].(map[string]interface{}); ok {
 			repo := types.GitRepository{}
-			if url, ok := implMap["url"].(string); ok {
+			if url, ok := implMap["url"].(string); ok && url != "" {
 				repo.URL = url
+			} else {
+				// Critical field missing - return error instead of zero value
+				return nil, fmt.Errorf("BugFixWorkflow %s/%s missing required field: implementationRepo.url", project, id)
 			}
 			if branch, ok := implMap["branch"].(string); ok && branch != "" {
 				repo.Branch = &branch
 			}
 			workflow.ImplementationRepo = repo
+		} else {
+			// implementationRepo is required
+			return nil, fmt.Errorf("BugFixWorkflow %s/%s missing required field: implementationRepo", project, id)
 		}
 	}
 

components/backend/git/operations.go

@@ -206,6 +206,11 @@ func CheckRepoSeeding(ctx context.Context, repoURL string, branch *string, githu
 
 // ParseGitHubURL extracts owner and repo from a GitHub URL
 func ParseGitHubURL(gitURL string) (owner, repo string, err error) {
+	// Only HTTPS URLs are supported (no SSH git@ URLs)
+	if !strings.HasPrefix(gitURL, "https://") {
+		return "", "", fmt.Errorf("invalid URL scheme: must be https://")
+	}
+
 	gitURL = strings.TrimSuffix(gitURL, ".git")
 
 	if strings.Contains(gitURL, "github.com") {
@@ -218,7 +223,15 @@ func ParseGitHubURL(gitURL string) (owner, repo string, err error) {
 		if len(pathParts) < 2 {
 			return "", "", fmt.Errorf("invalid GitHub URL path")
 		}
-		return pathParts[0], pathParts[1], nil
+
+		// Validate owner and repo are non-empty
+		owner = pathParts[0]
+		repo = pathParts[1]
+		if owner == "" || repo == "" {
+			return "", "", fmt.Errorf("owner and repository name cannot be empty")
+		}
+
+		return owner, repo, nil
 	}
 
 	return "", "", fmt.Errorf("not a GitHub URL")

components/backend/handlers/bugfix/create.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"regexp"
 	"strings"
 	"time"
 
@@ -24,6 +25,42 @@ var (
 	GetProjectSettingsResource func() schema.GroupVersionResource
 )
 
+// Input validation constants to prevent oversized inputs
+const (
+	MaxTitleLength             = 200   // GitHub Issue title limit is 256, use 200 for safety
+	MaxSymptomsLength          = 10000 // ~10KB for symptoms description
+	MaxReproductionStepsLength = 10000 // ~10KB for reproduction steps
+	MaxExpectedBehaviorLength  = 5000  // ~5KB for expected behavior
+	MaxActualBehaviorLength    = 5000  // ~5KB for actual behavior
+	MaxAdditionalContextLength = 10000 // ~10KB for additional context
+	MaxBranchNameLength        = 255   // Git branch name limit
+)
+
+// validBranchNameRegex defines allowed characters in branch names
+// Allows: letters, numbers, hyphens, underscores, forward slashes, and dots
+// Prevents: shell metacharacters, backticks, quotes, semicolons, pipes, etc.
+var validBranchNameRegex = regexp.MustCompile(`^[a-zA-Z0-9/_.-]+$`)
+
+// validateBranchName checks if a branch name is safe to use in git operations
+// Returns error if the branch name contains potentially dangerous characters
+func validateBranchName(branchName string) error {
+	if branchName == "" {
+		return fmt.Errorf("branch name cannot be empty")
+	}
+	if !validBranchNameRegex.MatchString(branchName) {
+		return fmt.Errorf("branch name contains invalid characters (allowed: a-z, A-Z, 0-9, /, _, -, .)")
+	}
+	// Prevent branch names that start with special characters
+	if strings.HasPrefix(branchName, ".") || strings.HasPrefix(branchName, "-") {
+		return fmt.Errorf("branch name cannot start with '.' or '-'")
+	}
+	// Prevent branch names with ".." (path traversal) or "//" (double slashes)
+	if strings.Contains(branchName, "..") || strings.Contains(branchName, "//") {
+		return fmt.Errorf("branch name cannot contain '..' or '//'")
+	}
+	return nil
+}
+
 // CreateProjectBugFixWorkflow handles POST /api/projects/:projectName/bugfix-workflows
 // Creates a new BugFix Workspace from either GitHub Issue URL or text description
 func CreateProjectBugFixWorkflow(c *gin.Context) {
@@ -94,18 +131,37 @@ func CreateProjectBugFixWorkflow(c *gin.Context) {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "Title is required"})
 			return
 		}
-		if len(strings.TrimSpace(td.Title)) < 10 {
+		titleLen := len(strings.TrimSpace(td.Title))
+		if titleLen < 10 {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "Title must be at least 10 characters"})
 			return
 		}
+		if titleLen > MaxTitleLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Title exceeds maximum length of %d characters", MaxTitleLength),
+				"current": titleLen,
+				"max":     MaxTitleLength,
+			})
+			return
+		}
+
 		if strings.TrimSpace(td.Symptoms) == "" {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "Symptoms are required"})
 			return
 		}
-		if len(strings.TrimSpace(td.Symptoms)) < 20 {
+		symptomsLen := len(strings.TrimSpace(td.Symptoms))
+		if symptomsLen < 20 {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "Symptoms must be at least 20 characters"})
 			return
 		}
+		if symptomsLen > MaxSymptomsLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Symptoms exceed maximum length of %d characters", MaxSymptomsLength),
+				"current": symptomsLen,
+				"max":     MaxSymptomsLength,
+			})
+			return
+		}
 		if strings.TrimSpace(td.TargetRepository) == "" {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "Target repository is required"})
 			return
@@ -118,6 +174,40 @@ func CreateProjectBugFixWorkflow(c *gin.Context) {
 			return
 		}
 
+		// Validate optional field lengths
+		if td.ReproductionSteps != nil && len(*td.ReproductionSteps) > MaxReproductionStepsLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Reproduction steps exceed maximum length of %d characters", MaxReproductionStepsLength),
+				"current": len(*td.ReproductionSteps),
+				"max":     MaxReproductionStepsLength,
+			})
+			return
+		}
+		if td.ExpectedBehavior != nil && len(*td.ExpectedBehavior) > MaxExpectedBehaviorLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Expected behavior exceeds maximum length of %d characters", MaxExpectedBehaviorLength),
+				"current": len(*td.ExpectedBehavior),
+				"max":     MaxExpectedBehaviorLength,
+			})
+			return
+		}
+		if td.ActualBehavior != nil && len(*td.ActualBehavior) > MaxActualBehaviorLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Actual behavior exceeds maximum length of %d characters", MaxActualBehaviorLength),
+				"current": len(*td.ActualBehavior),
+				"max":     MaxActualBehaviorLength,
+			})
+			return
+		}
+		if td.AdditionalContext != nil && len(*td.AdditionalContext) > MaxAdditionalContextLength {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"error":   fmt.Sprintf("Additional context exceeds maximum length of %d characters", MaxAdditionalContextLength),
+				"current": len(*td.AdditionalContext),
+				"max":     MaxAdditionalContextLength,
+			})
+			return
+		}
+
 		// Generate issue body from template
 		reproSteps := ""
 		if td.ReproductionSteps != nil {
@@ -162,9 +252,14 @@ func CreateProjectBugFixWorkflow(c *gin.Context) {
 	}
 
 	// Auto-generate branch name if not provided
-	branch := "main"
+	var branch string
 	if req.BranchName != nil && *req.BranchName != "" {
 		branch = *req.BranchName
+		// Validate user-provided branch name for security
+		if err := validateBranchName(branch); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid branch name", "details": err.Error()})
+			return
+		}
 	} else {
 		// Auto-generate branch name: bugfix/gh-{issue-number}
 		branch = fmt.Sprintf("bugfix/gh-%d", githubIssue.Number)

components/backend/handlers/bugfix/handlers_test.go

@@ -11,7 +11,7 @@ func TestCreateBugFixWorkflow(t *testing.T) {
 	// Test cases:
 	// 1. Valid GitHub Issue URL -> 201 Created
 	// 2. Invalid GitHub Issue URL -> 400 Bad Request
-	// 3. Missing umbrellaRepo -> 400 Bad Request
+	// 3. Missing implementationRepo -> 400 Bad Request
 	// 4. Duplicate workspace (same issue number) -> 409 Conflict
 	// 5. Text description with valid targetRepository -> 201 Created
 	// 6. Both githubIssueURL and textDescription -> 400 Bad Request

components/backend/handlers/bugfix/jira_sync.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"strings"
 	"time"
@@ -152,6 +153,7 @@ func SyncProjectBugFixWorkflowToJira(c *gin.Context) {
 		req.Header.Set("Content-Type", "application/json")
 		req.Header.Set("Accept", "application/json")
 
+		// Use context from request for proper cancellation propagation
 		client := &http.Client{Timeout: 30 * time.Second}
 		resp, err := client.Do(req)
 		if err != nil {
@@ -187,26 +189,29 @@ func SyncProjectBugFixWorkflowToJira(c *gin.Context) {
 			return
 		case 404:
 			websocket.BroadcastBugFixJiraSyncFailed(workflowID, workflow.GithubIssueNumber, "Jira project not found")
-			c.JSON(http.StatusBadRequest, gin.H{"error": "Jira project not found", "details": string(body)})
+			// Don't expose Jira error details to user - may contain sensitive info
+			log.Printf("Jira 404 error details: %s", string(body))
+			c.JSON(http.StatusBadRequest, gin.H{"error": "Jira project not found"})
 			return
 		default:
-			websocket.BroadcastBugFixJiraSyncFailed(workflowID, workflow.GithubIssueNumber, fmt.Sprintf("Jira API error: %s", string(body)))
-			c.JSON(http.StatusServiceUnavailable, gin.H{"error": fmt.Sprintf("Failed to create Jira issue (status %d)", resp.StatusCode), "details": string(body)})
+			websocket.BroadcastBugFixJiraSyncFailed(workflowID, workflow.GithubIssueNumber, "Jira API error")
+			// Log details for debugging, but don't expose to user
+			log.Printf("Jira API error (status %d): %s", resp.StatusCode, string(body))
+			c.JSON(http.StatusServiceUnavailable, gin.H{"error": fmt.Sprintf("Failed to create Jira issue (status %d)", resp.StatusCode)})
 			return
 		}
 
 		// Parse JSON response
 		var result map[string]interface{}
 		if err := json.Unmarshal(body, &result); err != nil {
-			// Log the raw response for debugging
-			fmt.Printf("ERROR: Failed to parse Jira response as JSON: %v\n", err)
+			// Log the raw response for debugging (server-side only)
+			log.Printf("ERROR: Failed to parse Jira response as JSON: %v", err)
 			bodyLen := len(body)
-			fmt.Printf("Response body (first 500 chars): %s\n", string(body[:min(500, bodyLen)]))
+			log.Printf("Response body (first 500 chars): %s", string(body[:min(500, bodyLen)]))
 			websocket.BroadcastBugFixJiraSyncFailed(workflowID, workflow.GithubIssueNumber, "Invalid Jira response")
+			// Don't expose Jira response body to user - may contain sensitive details
 			c.JSON(http.StatusInternalServerError, gin.H{
-				"error":           "Failed to parse Jira response",
-				"details":         err.Error(),
-				"responsePreview": string(body[:min(200, bodyLen)]),
+				"error": "Failed to parse Jira response",
 			})
 			return
 		}
@@ -422,40 +427,6 @@ func formatGitHubJiraLinkComment(jiraTaskKey, jiraTaskURL string, workflow *type
 	return comment.String()
 }
 
-// formatGitHubJiraUpdateComment formats the comment to post on GitHub Issue when updating Jira task
-func formatGitHubJiraUpdateComment(jiraTaskKey, jiraTaskURL string, workflow *types.BugFixWorkflow) string {
-	var comment strings.Builder
-
-	comment.WriteString("## 🔄 Jira Task Updated\n\n")
-	comment.WriteString(fmt.Sprintf("Jira task [**%s**](%s) has been updated with the latest information.\n\n", jiraTaskKey, jiraTaskURL))
-
-	// Add links to analysis documents if available
-	if workflow.Annotations != nil {
-		hasGists := false
-		if bugReviewGist := workflow.Annotations["bug-review-gist-url"]; bugReviewGist != "" {
-			if !hasGists {
-				comment.WriteString("### 📄 Latest Analysis\n\n")
-				hasGists = true
-			}
-			comment.WriteString(fmt.Sprintf("- [Bug Review & Assessment](%s)\n", bugReviewGist))
-		}
-		if implGist := workflow.Annotations["implementation-gist-url"]; implGist != "" {
-			if !hasGists {
-				comment.WriteString("### 📄 Latest Analysis\n\n")
-				hasGists = true
-			}
-			comment.WriteString(fmt.Sprintf("- [Implementation Details](%s)\n", implGist))
-		}
-		if hasGists {
-			comment.WriteString("\n")
-		}
-	}
-
-	comment.WriteString("*Synchronized by vTeam BugFix Workspace*")
-
-	return comment.String()
-}
-
 // getSuccessMessage returns appropriate success message
 func getSuccessMessage(created bool, jiraTaskKey string) string {
 	if created {