99711dacc1
* feat(commands): add handoffs support for speckit compatibility - Upgrade frontmatter parser to use js-yaml for complex YAML support - Add HandoffDefinition interface for speckit-style workflow transitions - Update CommandFrontmatter and CommandDefinition to include handoffs - Add comprehensive tests for backward compatibility and complex YAML - Fix type parameters in auto-slash-command and slashcommand tools Closes #407 * fix(frontmatter): use JSON_SCHEMA for security and add extra fields tolerance tests - Use JSON_SCHEMA in yaml.load() to prevent code execution via YAML tags - Add tests to verify extra fields in frontmatter don't cause failures - Address Greptile security review comment --------- Co-authored-by: sisyphus-dev-ai <sisyphus-dev-ai@users.noreply.github.com>
30 lines
744 B
TypeScript
30 lines
744 B
TypeScript
import yaml from "js-yaml"
|
|
|
|
export interface FrontmatterResult<T = Record<string, unknown>> {
|
|
data: T
|
|
body: string
|
|
}
|
|
|
|
export function parseFrontmatter<T = Record<string, unknown>>(
|
|
content: string
|
|
): FrontmatterResult<T> {
|
|
const frontmatterRegex = /^---\r?\n([\s\S]*?)\r?\n?---\r?\n([\s\S]*)$/
|
|
const match = content.match(frontmatterRegex)
|
|
|
|
if (!match) {
|
|
return { data: {} as T, body: content }
|
|
}
|
|
|
|
const yamlContent = match[1]
|
|
const body = match[2]
|
|
|
|
try {
|
|
// Use JSON_SCHEMA for security - prevents code execution via YAML tags
|
|
const parsed = yaml.load(yamlContent, { schema: yaml.JSON_SCHEMA })
|
|
const data = (parsed ?? {}) as T
|
|
return { data, body }
|
|
} catch {
|
|
return { data: {} as T, body }
|
|
}
|
|
}
|