From 9131b0004e7c640cc028179e1d049a4c62210d94 Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Fri, 22 May 2026 10:46:02 -0400 Subject: Security hardening: prevent shell injection and null-byte crashes, implement 8-bit clean argument fuzzing and portable E2E binary discovery --- AGENTS.md | 1 + 1 file changed, 1 insertion(+) (limited to 'AGENTS.md') diff --git a/AGENTS.md b/AGENTS.md index f9e085d..dd1bdaa 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -45,6 +45,7 @@ To maintain a high-velocity development cycle without sacrificing correctness, w - **Code Stubs**: Any unimplemented logic path must be explicitly marked with a `// TODO` comment and return a descriptive error (e.g., `fmt.Errorf("feature X not yet implemented")`). - **Test Stubs**: Any test that is planned but not yet implementable must use `t.Skip("not implemented")` and include a comment describing the specific scenario the test is intended to verify. - **Hermetic Configuration**: Tests involving profiles, settings, or filesystem state must not touch the actual user home directory. Use the `ConfigDir` injection pattern in the `App` struct combined with `t.TempDir()` to create isolated, temporary test environments. +- **Path Portability**: NEVER hardcode absolute paths (e.g., `/home/user/...`) in the source code or test suites. Always use relative paths, `os.Getwd()`, or environment-aware discovery to locate binaries and configuration files. - **Performance & Reliability**: - **Parallelism**: Use `t.Parallel()` in integration and E2E tests. Use `t.TempDir()` to ensure resource isolation. - **Granular Timeouts**: All system calls, network operations, and external command executions must be wrapped in a `context.WithTimeout` (typically 2-5 seconds) to prevent hanging tests. -- cgit v1.2.3