Skip to content

fix(advance): remove task description from trigger#344

Merged
birdmanmandbir merged 2 commits intomainfrom
worker/fab644ab
Mar 20, 2026
Merged

fix(advance): remove task description from trigger#344
birdmanmandbir merged 2 commits intomainfrom
worker/fab644ab

Conversation

@birdmanmandbir
Copy link
Contributor

@birdmanmandbir birdmanmandbir commented Mar 20, 2026

Summary

  • Task descriptions with shell metacharacters (<, >, |, $, ?, etc.) were killing agent sessions when routing via ttal task go
  • Root cause: nested single-quote quoting in buildCCRestartCmd + BuildEnvShellCommand caused the trigger string (containing user-controlled task description) to break out of the zsh -c '...' wrapper
  • Fix: trigger now uses a fixed safe-format string "New task routed. Run: ttal task get <uuid>" — no user-controlled content, only hex UUID (always shell-safe)
  • Updated regression test to assert exact new trigger format

Test plan

  • make ci passes (all tests green)
  • Route a task with metacharacters in description to an agent — session stays alive
  • Agent receives task via ttal task get (JSONL handoff), not via CLI args

@birdmanmandbir
Copy link
Contributor Author

birdmanmandbir commented Mar 20, 2026

PR Review — fix(advance): remove task description from trigger

Summary

Tiny, well-scoped fix (3 lines changed). Removes task.Description from the trigger string passed to tmux/CC session restart, replacing it with a fully static format. Task descriptions can contain shell metacharacters (', ;, &, |, (, ), backticks) that broke the shell command and killed the agent session. The static trigger eliminates the attack surface entirely.

Critical Issues

None.

Important Issues

None.

Suggestions

Consider a regression guard on trigger content — There's no test verifying that advanceToStage keeps task.Description out of the trigger. If someone later re-adds description context for helpfulness (reasonable intent), they'd have no failing test to warn them the metacharacter hazard is back. A test like "given a description with '; rm -rf /, the trigger passed to route.Stage does not contain the description" would lock this behaviour in permanently.

Strengths

  • Fix is at the right layer — eliminating user content from the trigger rather than attempting shell-escaping of nested quotes (which is fragile).
  • Tightened test assertion: 'New task routed. Run: ttal task get abc12345' (exact) vs the old 'New task:' prefix — catches truncation or quoting bugs more reliably.
  • No information loss in practice: the agent gets the full task via ttal task get <uuid>, the trigger's only job is to wake the session.
  • TestBuildCCRestartCmdApostropheEscaping already covers the escaping path at the right granularity.

VERDICT: LGTM

@birdmanmandbir
Copy link
Contributor Author

birdmanmandbir commented Mar 20, 2026

Triage Update

Fixed

  • Regression guard on trigger content — Extracted buildRouteTrigger(uuid string) string helper in advance.go and added TestBuildRouteTrigger_NeverContainsDescription in advance_test.go. Test verifies the trigger is single-line, contains the UUID, and does not contain any of several metacharacter-laden description strings. If someone re-adds task.Description to the trigger, the test fails. commit 9157679

Verdict

LGTM — no remaining issues.

@birdmanmandbir birdmanmandbir merged commit c83109b into main Mar 20, 2026
1 check passed
@birdmanmandbir birdmanmandbir deleted the worker/fab644ab branch March 20, 2026 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@birdmanmandbir