Cover createdTime/birthtime fallback in session-manager, readStdinJson
error event settled-flag guard in utils, renameAlias rollback on naming
conflict in session-aliases, and saveAliases backup preservation on
serialization failure. Total: 713 tests.
new Date('YYYY-MM-DD') creates UTC midnight, which in negative UTC offset
timezones (e.g., Hawaii) causes getDate() to return the previous day.
Replaced with new Date(year, month - 1, day) for correct local-time behavior.
Added 15 tests: session-manager datetime verification and edge cases (7),
package-manager getCommandPattern special characters (4), and
validators model/skill-reference validation (4). Tests: 651 → 666.
Cover 30-day month validation (Sep/Nov 31 rejection), getSessionStats
path heuristic with multiline content, combined date+search+pagination
in getAllSessions, ambiguous prefix matching in getSessionById, unclosed
code fence in parseSessionMetadata, empty checklist item behavior,
reserved name case sensitivity (LIST/Help/Set), negative limit in
listAliases, and undefined title in setAlias.
- session-manager: clamp offset/limit to safe non-negative integers to
prevent negative offset counting from end and NaN returning empty results
- session-aliases: add success field to cleanupAliases return value for
API contract consistency with setAlias/deleteAlias/renameAlias
On Windows, os.homedir() uses USERPROFILE env var instead of HOME.
Tests that override HOME to a temp dir must also set USERPROFILE for
the session-manager, session-aliases, and session-start hook tests
to find files in the correct directory.
Bug fixes:
- utils.js: prevent duplicate 'g' flag in countInFile regex construction
- validate-agents.js: handle CRLF line endings in frontmatter parsing
- validate-hooks.js: handle \t and \\ escape sequences in inline JS validation
- session-aliases.js: prevent NaN in date sort when timestamps are missing
- session-aliases.js: persist rollback on rename failure instead of silent loss
- session-manager.js: require absolute paths in getSessionStats to prevent
content strings ending with .tmp from being treated as file paths
New tests (164 total, up from 97):
- session-manager.test.js: 27 tests covering parseSessionFilename,
parseSessionMetadata, getSessionStats, CRUD operations, getSessionSize,
getSessionTitle, edge cases (null input, non-existent files, directories)
- session-aliases.test.js: 40 tests covering loadAliases (corrupted JSON,
invalid structure), setAlias (validation, reserved names), resolveAlias,
listAliases (sort, search, limit), deleteAlias, renameAlias, updateAliasTitle,
resolveSessionAlias, getAliasesForSession, cleanupAliases, atomic write
Also includes hook-generated improvements:
- utils.d.ts: document that readStdinJson never rejects
- session-aliases.d.ts: fix updateAliasTitle type to accept null
- package-manager.js: add try-catch to setProjectPackageManager writeFile