Skip to content

feat: add mk template for scaffolding project structures #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vitali87 merged 7 commits into from
Mar 27, 2026
Merged

feat: add mk template for scaffolding project structures #40

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f874908
feat: add mk template for scaffolding project structures
vitali87 Mar 24, 2026
6700684
fix: validate name, dry-run support, existing dir guard, use jq for J…
vitali87 Mar 24, 2026
e8fb5c4
fix: add jq require check for node template, validate package.json co…
vitali87 Mar 24, 2026
128a0dd
fix: reject path traversal in template project name
vitali87 Mar 24, 2026
351cb79
fix: use single quotes in generated main.sh to handle special chars i…
vitali87 Mar 24, 2026
05e9656
fix: validate project name to alphanumerics/hyphens/underscores only,…
vitali87 Mar 24, 2026
f3c0163
Merge branch 'main' into feat/mk-template
vitali87 Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,59 @@ else
((PASSED++))
fi

# Test: mk template python
cd "$TEST_DIR"
u7 mk template python myapp >/dev/null 2>&1
if [[ -f "myapp/src/main.py" && -f "myapp/README.md" && -f "myapp/src/__init__.py" && -f "myapp/tests/__init__.py" ]]; then
echo -e "${GREEN}✓${NC} mk template python works"
((PASSED++))
else
echo -e "${RED}✗${NC} mk template python failed"
((FAILED++))
fi

# Test: mk template node
u7 mk template node mynode >/dev/null 2>&1
if [[ -f "mynode/package.json" && -f "mynode/src/index.js" ]]; then
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This test for the Node.js template is incomplete. The scaffolding logic also creates a README.md file and a test directory, but this test doesn't verify their existence. Expanding the check will make the test more robust.

Suggested change
if [[ -f "mynode/package.json" && -f "mynode/src/index.js" ]]; then
if [[ -f "mynode/package.json" && -f "mynode/src/index.js" && -f "mynode/README.md" && -d "mynode/test" ]]; then

assert_contains "mk template node package.json has name" "mynode" "$(cat mynode/package.json)"
else
echo -e "${RED}✗${NC} mk template node failed"
((FAILED++))
fi

# Test: mk template bash
u7 mk template bash mybash >/dev/null 2>&1
if [[ -f "mybash/main.sh" && -x "mybash/main.sh" ]]; then
echo -e "${GREEN}✓${NC} mk template bash works"
((PASSED++))
else
echo -e "${RED}✗${NC} mk template bash failed"
((FAILED++))
fi

# Test: mk template web
u7 mk template web myweb >/dev/null 2>&1
if [[ -f "myweb/index.html" && -d "myweb/css" && -d "myweb/js" ]]; then
echo -e "${GREEN}✓${NC} mk template web works"
((PASSED++))
else
echo -e "${RED}✗${NC} mk template web failed"
((FAILED++))
fi

# Test: mk template requires args
result=$(u7 mk template 2>&1)
assert_contains "mk template requires args" "Usage:" "$result"

# Test: mk template rejects existing directory
mkdir -p existingdir
result=$(u7 mk template python existingdir 2>&1)
assert_contains "mk template rejects existing dir" "already exists" "$result"

# Test: mk template rejects special characters in name
result=$(u7 mk template python "my project" 2>&1)
assert_contains "mk template rejects special chars" "alphanumerics" "$result"

# Cleanup
cd /
rm -rf "$TEST_DIR"
Expand Down
55 changes: 55 additions & 0 deletions utility.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,60 @@ _u7_make() {
fi
;;

template)
local tmpl="$1"
local name="$2"
if [[ -z "$tmpl" || -z "$name" ]]; then
echo "Usage: u7 mk template <python|node|bash|web> <project-name>"
return 1
fi
if [[ ! "$name" =~ ^[a-zA-Z0-9_-]+$ ]]; then
echo "Error: project name must contain only alphanumerics, hyphens, and underscores"
return 1
Comment on lines +554 to +556
Copy link
Copy Markdown

@greptile-apps greptile-apps bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Regex permits names starting with -

The pattern ^[a-zA-Z0-9_-]+$ allows project names that begin with a hyphen (e.g., -myapp, --help). Although most path-based operations are safe once a / is present in the full path, some downstream tools called with a bare $name (e.g., tools that don't use --) could misinterpret it as a flag. Anchoring the first character to an alphanumeric avoids the ambiguity:

Suggested change
if [[ ! "$name" =~ ^[a-zA-Z0-9_-]+$ ]]; then
echo "Error: project name must contain only alphanumerics, hyphens, and underscores"
return 1
if [[ ! "$name" =~ ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ ]]; then
Prompt To Fix With AI 
This is a comment left during a code review.
Path: utility.sh
Line: 536-538

Comment:
**Regex permits names starting with `-`**

The pattern `^[a-zA-Z0-9_-]+$` allows project names that begin with a hyphen (e.g., `-myapp`, `--help`). Although most path-based operations are safe once a `/` is present in the full path, some downstream tools called with a bare `$name` (e.g., tools that don't use `--`) could misinterpret it as a flag. Anchoring the first character to an alphanumeric avoids the ambiguity:

```suggestion
      if [[ ! "$name" =~ ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ ]]; then
```

How can I resolve this? If you propose a fix, please make it concise.

fi
if [[ -d "$name" ]]; then
echo "Error: directory '$name' already exists"
return 1
fi
if [[ "$_U7_DRY_RUN" == "1" ]]; then
echo "[dry-run] Create $tmpl project: $name"
return 0
fi
case "$tmpl" in
python)
mkdir -p "$name/src" "$name/tests"
echo "# $name" > "$name/README.md"
echo "#!/usr/bin/env python3" > "$name/src/main.py"
touch "$name/src/__init__.py" "$name/tests/__init__.py"
echo "Created Python project: $name"
;;
node)
_u7_require jq || return 1
mkdir -p "$name/src" "$name/test"
echo "# $name" > "$name/README.md"
jq -n --arg name "$name" '{"name": $name, "version": "0.1.0", "main": "src/index.js"}' > "$name/package.json"
echo "// $name" > "$name/src/index.js"
echo "Created Node project: $name"
;;
bash)
mkdir -p "$name"
echo "# $name" > "$name/README.md"
printf '#!/usr/bin/env bash\nset -euo pipefail\n\necho '\''Hello from %s'\''\n' "$name" > "$name/main.sh"
chmod +x "$name/main.sh"
echo "Created Bash project: $name"
;;
web)
mkdir -p "$name/css" "$name/js"
local escaped_name="${name//</&lt;}"
escaped_name="${escaped_name//>/&gt;}"
Comment on lines +591 to +592
Copy link
Copy Markdown

@greptile-apps greptile-apps bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 HTML escaping is now dead code

The <&lt; and >&gt; substitutions on these two lines can never trigger because the input validation on line 536 (^[a-zA-Z0-9_-]+$) already rejects any name containing <, >, or &. The escaped_name variable is identical to $name in every reachable code path, so the variable and both assignments can be removed:

Suggested change
local escaped_name="${name//</&lt;}"
escaped_name="${escaped_name//>/&gt;}"
echo "<!DOCTYPE html><html><head><title>$name</title><link rel=\"stylesheet\" href=\"css/style.css\"></head><body><h1>$name</h1><script src=\"js/main.js\"></script></body></html>" > "$name/index.html"

Removing the dead escaping also makes it immediately obvious that the name is safe to embed directly, thanks to the earlier validation guard.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: utility.sh
Line: 573-574

Comment:
**HTML escaping is now dead code**

The `<``&lt;` and `>``&gt;` substitutions on these two lines can never trigger because the input validation on line 536 (`^[a-zA-Z0-9_-]+$`) already rejects any name containing `<`, `>`, or `&`. The `escaped_name` variable is identical to `$name` in every reachable code path, so the variable and both assignments can be removed:

```suggestion
          echo "<!DOCTYPE html><html><head><title>$name</title><link rel=\"stylesheet\" href=\"css/style.css\"></head><body><h1>$name</h1><script src=\"js/main.js\"></script></body></html>" > "$name/index.html"
```

Removing the dead escaping also makes it immediately obvious that the name is safe to embed directly, thanks to the earlier validation guard.

How can I resolve this? If you propose a fix, please make it concise.

echo "<!DOCTYPE html><html><head><title>$escaped_name</title><link rel=\"stylesheet\" href=\"css/style.css\"></head><body><h1>$escaped_name</h1><script src=\"js/main.js\"></script></body></html>" > "$name/index.html"
Comment on lines +591 to +593
Copy link
Copy Markdown

@greptile-apps greptile-apps bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 & not escaped in HTML template (incomplete fix)

The previous fix added <&lt; and >&gt; escaping, but &&amp; is still missing. This means a project name like foo & bar will produce:

<title>foo & bar</title>
<h1>foo & bar</h1>

A bare & not followed by a valid entity reference is technically invalid HTML and can cause browsers to issue parse warnings. Additionally, the & substitution must happen first — if it were added after the current </> substitutions, the &lt; and &gt; sequences already written would get double-encoded into &amp;lt; / &amp;gt;.

Suggested change
local escaped_name="${name//</&lt;}"
escaped_name="${escaped_name//>/&gt;}"
echo "<!DOCTYPE html><html><head><title>$escaped_name</title><link rel=\"stylesheet\" href=\"css/style.css\"></head><body><h1>$escaped_name</h1><script src=\"js/main.js\"></script></body></html>" > "$name/index.html"
local escaped_name="${name//&/&amp;}"
escaped_name="${escaped_name//</&lt;}"
escaped_name="${escaped_name//>/&gt;}"
Prompt To Fix With AI 
This is a comment left during a code review.
Path: utility.sh
Line: 569-571

Comment:
**`&` not escaped in HTML template (incomplete fix)**

The previous fix added `<``&lt;` and `>``&gt;` escaping, but `&``&amp;` is still missing. This means a project name like `foo & bar` will produce:

```html
<title>foo & bar</title>
<h1>foo & bar</h1>
```

A bare `&` not followed by a valid entity reference is technically invalid HTML and can cause browsers to issue parse warnings. Additionally, the `&` substitution **must happen first** — if it were added after the current `<`/`>` substitutions, the `&lt;` and `&gt;` sequences already written would get double-encoded into `&amp;lt;` / `&amp;gt;`.

```suggestion
          local escaped_name="${name//&/&amp;}"
          escaped_name="${escaped_name//</&lt;}"
          escaped_name="${escaped_name//>/&gt;}"
```

How can I resolve this? If you propose a fix, please make it concise.

touch "$name/css/style.css" "$name/js/main.js"
echo "Created Web project: $name"
;;
*) echo "Unknown template: $tmpl. Available: python, node, bash, web" ; return 1 ;;
esac
;;

sequence)
if [[ "$1" != "with" || "$2" != "prefix" ]]; then
echo "Usage: u7 mk sequence with prefix <prefix> limit <N>"
Expand Down Expand Up @@ -557,6 +611,7 @@ Entities:
link <source> to <destination> Create symbolic link
archive <output> from <files...> Create archive from <files...> to <output>
clone <repo> [to <directory>] Git clone a repository
template <python|node|bash|web> <name> Scaffold a project structure
sequence with prefix <prefix> limit <N> Generate numbered sequence with prefix <prefix> and limit <N>
EOF
;;
Expand Down