@every-env/cli

# Release Notes - Pattern System Security & Architecture Refactor ## Overview This release includes critical security fixes and a major architectural simplification of the pattern system. The changes reduce code complexity while maintaining all functionality and addressing multiple security vulnerabilities. ## 🔒 Security Fixes (CRITICAL) ### Command Injection Prevention - Implemented strict command allowlisting - only safe commands can be executed - Added argument sanitization to prevent shell injection attacks - Commands are now validated before execution ### Path Traversal Protection - All file paths are now validated against the project root - Prevents unauthorized access to files outside the project directory - Symlink attacks are blocked ### Resource Limits - Added configurable memory limits (default: 512MB) - Process timeout protection (default: 5 minutes) - Output size limits to prevent memory exhaustion (default: 10MB) ### Process Management - Proper cleanup of child processes on termination - Graceful shutdown with SIGTERM, forceful with SIGKILL - Prevents zombie processes and resource leaks ## 🏗️ Architecture Improvements ### Simplified Pattern System - **Before**: 3 classes (PatternRegistry, PatternResolver, PatternLoader) with ~427 lines - **After**: 1 class (PatternManager) with ~207 lines - **Result**: 51% reduction in pattern system complexity ### Removed Over-Engineering - Eliminated command abstraction layer (BasePatternCommand, CommandRegistry) - Removed namespace and override features (YAGNI principle) - Simplified pattern validation to essential checks only - Removed built-in pattern loading complexity ### Direct Command Implementation - Commands now implemented directly in CLI file - Removed unnecessary abstraction layers - Cleaner, more maintainable code structure ## 📊 Impact ### Code Reduction - **Total reduction**: 1,019 lines (28% of codebase) - **From**: ~3,600 lines - **To**: 2,581 lines ### Performance - Faster startup time due to simplified initialization - Reduced memory footprint - More efficient pattern execution flow ### Maintainability - Easier to understand and modify - Less indirection between components - Clearer execution flow ## 🔄 Migration Guide ### Breaking Changes 1. **Pattern System APIs** ```typescript // Before const registry = new PatternRegistry(); const resolver = new PatternResolver(registry); const loader = new PatternLoader(registry); // After const patternManager = new PatternManager(); ``` 2. **Command Registration** ```typescript // Before const command = new CustomCommand(); commandRegistry.register(command); // After // Commands implemented directly in CLI ``` 3. **Pattern Configuration** - Removed: `namespace`, `overridable`, `builtIn` properties - Removed: Built-in pattern loading from `resources/patterns/` - Patterns must now be defined in configuration file ### Upgrade Steps 1. Update your `.docs-config.json` to remove deprecated properties 2. Move any custom patterns from `resources/patterns/` to your config file 3. Update any custom code that used the old pattern registry system 4. Review and update any command extensions ## ✅ Testing - All existing tests updated and passing - New tests added for PatternManager - Security measures thoroughly tested - CI/CD pipeline green on all Node.js versions (18.x, 20.x) ## 🙏 Acknowledgments This refactor was driven by a comprehensive security review that identified critical vulnerabilities. Thanks to the review process for highlighting these issues and the over-engineered architecture. ## 📝 Full Changelog See [CHANGELOG.md](./CHANGELOG.md) for detailed changes.