test(plugin): add collision guardrails for reserved slash commands (#1288)#1294
Merged
Conversation
…1288) Add automated detection of command name collisions between plugin commands and Claude Code built-in slash commands to prevent regressions. - Add validate-commands.ts with reserved denylist (33 commands), legacy allowlist, and namespace validation - Add 26 tests covering denylist, extraction, collision, and namespace - Add validate:commands script to package.json - Add plugin-validate-commands CI job to dev.yml
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
JeremyDev87
commented
Apr 4, 2026
JeremyDev87
left a comment
Owner
Author
There was a problem hiding this comment.
Review: ✅ APPROVE
CI Status: ALL PASS (26/26 checks including new plugin-validate-commands)
Code Quality Assessment:
- Reserved denylist: 30+ Claude Code built-in commands properly catalogued
- Legacy allowlist: Current 6 bare commands (plan, act, eval, auto, buddy, checklist) correctly allow-listed
- Collision detection: Clean validation with both reserved command and namespace violation checks
- CI integration: New
plugin-validate-commandsjob in dev.yml with SHA-pinned checkout action - Tests: 275 lines, 23 test cases covering denylist, allowlist, extraction, namespace helpers, collision detection, and full validation
- Type safety: Proper
ValidationResultinterface, noanytypes - CLI runner:
require.mainguard for dual import/CLI usage
Checklist:
- CI ALL PASS
- No unused imports/variables
- No
anytypes - Tests cover acceptance criteria from #1288
- SHA-pinned GitHub Actions checkout
- Script properly exits non-zero on collision
- package.json script entry added
✅ Review complete — well-structured collision guardrails implementation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
validate-commands.tsscript with reserved command denylist (33 Claude Code built-in commands), legacy allowlist for existing bare commands, and namespace validation forcodingbuddy:*conventionvalidate:commandsnpm script andplugin-validate-commandsCI job indev.ymlCloses #1288
Test plan
npx tsx scripts/validate-commands.tspasses with current commandsvitest run— all 97 tests pass (26 new)dev.ymlfor automated enforcement