fix(worker): sanitize report model arg, fix multi-repo summary attribution and standup-weekday sentinel

2026-06-03 10:22:06 +02:00
parent 0bc3d2a6c4
commit a8d8a8bd65
5 changed files with 31 additions and 3 deletions
--- a/src/ClaudeDo.Worker/Hub/WorkerHub.cs
+++ b/src/ClaudeDo.Worker/Hub/WorkerHub.cs
@@ -237,7 +237,7 @@ public sealed class WorkerHub : Microsoft.AspNetCore.SignalR.Hub
            WorktreeAutoCleanupEnabled = dto.WorktreeAutoCleanupEnabled,
            WorktreeAutoCleanupDays = dto.WorktreeAutoCleanupDays,
            ReportExcludedPaths = dto.ReportExcludedPaths,
-            StandupWeekday = dto.StandupWeekday == 0 ? (int)DayOfWeek.Wednesday : dto.StandupWeekday,
+            StandupWeekday = dto.StandupWeekday is >= 0 and <= 6 ? dto.StandupWeekday : (int)DayOfWeek.Wednesday,
        });
    }

--- a/src/ClaudeDo.Worker/Report/ClaudeHistoryReader.cs
+++ b/src/ClaudeDo.Worker/Report/ClaudeHistoryReader.cs
@@ -79,6 +79,14 @@ public sealed class ClaudeHistoryReader : IClaudeHistoryReader
                }
                else
                {
+                    // Keep only the closing summary per (repo, day). If this turn moved to a
+                    // different repo/day (e.g. the session cd'd), flush the previous one first.
+                    if (lastAssistantText is not null &&
+                        (cwd != lastAssistantRepo || date != lastAssistantDate))
+                    {
+                        Bucket(buckets, lastAssistantRepo!, lastAssistantDate).Summaries.Add(lastAssistantText);
+                        lastAssistantText = null;
+                    }
                    lastAssistantText = text.Trim();
                    lastAssistantRepo = cwd;
                    lastAssistantDate = date;
--- a/src/ClaudeDo.Worker/Report/WeekReportService.cs
+++ b/src/ClaudeDo.Worker/Report/WeekReportService.cs
@@ -65,7 +65,11 @@ public sealed class WeekReportService : IWeekReportService
        else
        {
            var prompt = WeekReportPromptBuilder.Build(start, end, activity, notesByDay);
-            var args = $"-p --output-format stream-json --verbose --permission-mode auto --model {model}";
+            // Guard against argument injection via the model setting: model aliases/ids are
+            // alphanumerics, dashes and dots only.
+            var safeModel = new string(model.Where(c => char.IsLetterOrDigit(c) || c is '-' or '.').ToArray());
+            if (safeModel.Length == 0) safeModel = "sonnet";
+            var args = $"-p --output-format stream-json --verbose --permission-mode auto --model {safeModel}";
            var result = await _claude.RunAsync(args, prompt, Path.GetTempPath(), _ => Task.CompletedTask, ct);
            if (!result.IsSuccess)
                throw new InvalidOperationException(result.ErrorMarkdown ?? "Claude konnte den Bericht nicht erzeugen.");