fix: remove shell syntax from git.run() calls across 8 tools (#172)

Replace shell pipes, redirects, and non-git commands that were passed
as literal args to execFileSync('git', args):

- verify-completion: use fs.readFileSync for package.json, execFileSync
  for tsc/test/build commands instead of run() with pipes
- token-audit: use fs for line counting and file size instead of wc/tail
- session-handoff: use 'which' + execFileSync('gh') instead of shell
- audit-workspace: use fs.readdirSync for test file counting
- sharpen-followup: use array args for git diff/status
- scope-work: use JS regex filter instead of shell grep pipes
- enrich-agent-task: use JS filter/slice instead of grep/head pipes
- sequence-tasks: use array args + JS slice instead of shell pipes

All 43 tests pass, clean build.

Author: preflight-agent

package-lock.json

@@ -1,6 +1,8 @@
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { run } from "../lib/git.js";
-import { readIfExists, findWorkspaceDocs } from "../lib/files.js";
+import { readIfExists, findWorkspaceDocs, PROJECT_DIR } from "../lib/files.js";
+import { readdirSync, statSync, existsSync } from "fs";
+import { join } from "path";
 
 /** Extract top-level work areas from file paths generically */
 function detectWorkAreas(files: string[]): Set<string> {
@@ -36,7 +38,8 @@ export function registerAuditWorkspace(server: McpServer): void {
     {},
     async () => {
       const docs = findWorkspaceDocs();
-      const recentFiles = run("git diff --name-only HEAD~10 2>/dev/null || echo ''").split("\n").filter(Boolean);
+      const recentFilesRaw = run(["diff", "--name-only", "HEAD~10"]);
+      const recentFiles = recentFilesRaw.startsWith("[") ? [] : recentFilesRaw.split("\n").filter(Boolean);
       const sections: string[] = [];
 
       // Doc freshness
@@ -75,7 +78,22 @@ export function registerAuditWorkspace(server: McpServer): void {
       // Check for gap trackers or similar tracking docs
       const trackingDocs = Object.entries(docs).filter(([n]) => /gap|track|progress/i.test(n));
       if (trackingDocs.length > 0) {
-        const testFilesCount = parseInt(run("find tests -name '*.spec.ts' -o -name '*.test.ts' 2>/dev/null | wc -l").trim()) || 0;
+        // Count test files using Node.js fs instead of shell find|wc
+        let testFilesCount = 0;
+        const testsDir = join(PROJECT_DIR, "tests");
+        if (existsSync(testsDir)) {
+          const countTests = (dir: string): number => {
+            let count = 0;
+            try {
+              for (const entry of readdirSync(dir, { withFileTypes: true })) {
+                if (entry.isDirectory()) count += countTests(join(dir, entry.name));
+                else if (/\.(spec|test)\.(ts|tsx|js|jsx)$/.test(entry.name)) count++;
+              }
+            } catch { /* skip unreadable dirs */ }
+            return count;
+          };
+          testFilesCount = countTests(testsDir);
+        }
         sections.push(`## Tracking Docs\n${trackingDocs.map(([n]) => {
           const age = docStatus.find(d => d.name === n)?.ageHours ?? "?";
           return `- .claude/${n} — last updated ${age}h ago`;

src/tools/audit-workspace.ts

@@ -8,11 +8,6 @@ import { execFileSync } from "child_process";
 import { join, basename } from "path";
 import { createHash } from "crypto";
 
-/** Sanitize user input for safe use in shell commands */
-function shellEscape(s: string): string {
-  return s.replace(/[^a-zA-Z0-9_\-./]/g, "");
-}
-
 /** Detect package manager from lockfiles */
 function detectPackageManager(): string {
   if (existsSync(join(PROJECT_DIR, "pnpm-lock.yaml"))) return "pnpm";
@@ -25,35 +20,48 @@ function detectPackageManager(): string {
 function findAreaFiles(area: string): string {
   if (!area) return getDiffFiles("HEAD~3");
 
-  const safeArea = shellEscape(area);
-
-  // If area looks like a path, search directly
+  // If area looks like a path, search directly with git ls-files glob
   if (area.includes("/")) {
-    return run(`git ls-files -- '${safeArea}*' 2>/dev/null | head -20`);
+    const result = run(["ls-files", "--", `${area}*`]);
+    if (result && !result.startsWith("[")) {
+      return result.split("\n").filter(Boolean).slice(0, 20).join("\n");
+    }
   }
 
-  // Search for area keyword in git-tracked file paths
-  const files = run(`git ls-files 2>/dev/null | grep -i '${safeArea}' | head -20`);
-  if (files && !files.startsWith("[command failed")) return files;
+  // Search for area keyword in git-tracked file paths using JS filter
+  const allFiles = run(["ls-files"]);
+  if (allFiles && !allFiles.startsWith("[")) {
+    const areaLower = area.toLowerCase();
+    const matched = allFiles.split("\n").filter(f => f.toLowerCase().includes(areaLower)).slice(0, 20);
+    if (matched.length > 0) return matched.join("\n");
+  }
 
   // Fallback to recently changed files
   return getDiffFiles("HEAD~3");
 }
 
 /** Find related test files for an area */
 function findRelatedTests(area: string): string {
-  if (!area) return run("git ls-files 2>/dev/null | grep -E '\\.(spec|test)\\.(ts|tsx|js|jsx)$' | head -10");
-
-  const safeArea = shellEscape(area.split(/\s+/)[0]);
-  const tests = run(`git ls-files 2>/dev/null | grep -E '\\.(spec|test)\\.(ts|tsx|js|jsx)$' | grep -i '${safeArea}' | head -10`);
-  return tests || run("git ls-files 2>/dev/null | grep -E '\\.(spec|test)\\.(ts|tsx|js|jsx)$' | head -10");
+  const allFiles = run(["ls-files"]);
+  if (!allFiles || allFiles.startsWith("[")) return "";
+  const testFiles = allFiles.split("\n").filter(f => /\.(spec|test)\.(ts|tsx|js|jsx)$/.test(f));
+  if (!area) return testFiles.slice(0, 10).join("\n");
+
+  const areaLower = area.split(/\s+/)[0].toLowerCase();
+  const matched = testFiles.filter(f => f.toLowerCase().includes(areaLower)).slice(0, 10);
+  return matched.length > 0 ? matched.join("\n") : testFiles.slice(0, 10).join("\n");
 }
 
 /** Get an example pattern from the first matching file */
 function getExamplePattern(files: string): string {
   const firstFile = files.split("\n").filter(Boolean)[0];
   if (!firstFile) return "no pattern available";
-  return run(`head -30 '${shellEscape(firstFile)}' 2>/dev/null || echo 'could not read file'`);
+  try {
+    const filePath = join(PROJECT_DIR, firstFile);
+    if (!existsSync(filePath)) return "could not read file";
+    const content = readFileSync(filePath, "utf-8");
+    return content.split("\n").slice(0, 30).join("\n");
+  } catch { return "could not read file"; }
 }
 
 // ---------------------------------------------------------------------------

src/tools/enrich-agent-task.ts

@@ -17,10 +17,7 @@ const STOP_WORDS = new Set([
   "like", "some", "each", "only", "need", "want", "please", "update", "change",
 ]);
 
-/** Shell-escape a string for use inside single quotes */
-function shellEscape(s: string): string {
-  return s.replace(/'/g, "'\\''");
-}
+/* shellEscape removed — no longer needed */
 
 /** Safely parse git porcelain status lines */
 function parsePortelainFiles(porcelain: string): string[] {
@@ -127,8 +124,12 @@ export function registerScopeWork(server: McpServer): void {
         .filter((k) => k.length > 2)
         .slice(0, 5);
       if (grepTerms.length > 0) {
-        const pattern = shellEscape(grepTerms.join("|"));
-        matchedFiles = run(`git ls-files | head -500 | grep -iE '${pattern}' | head -30`);
+        const allFiles = run(["ls-files"]);
+        if (allFiles && !allFiles.startsWith("[")) {
+          const regex = new RegExp(grepTerms.join("|"), "i");
+          matchedFiles = allFiles.split("\n").filter(Boolean).slice(0, 500)
+            .filter(f => regex.test(f)).slice(0, 30).join("\n");
+        }
       }
 
       // Check which relevant dirs actually exist (with path traversal protection)

src/tools/scope-work.ts

@@ -90,7 +90,8 @@ export function registerSequenceTasks(server: McpServer): void {
       // For locality: infer directories from path-like tokens in task text
       if (strategy === "locality") {
         // Use git ls-files with a depth limit instead of find for performance
-        const gitFiles = run("git ls-files 2>/dev/null | head -1000");
+        const gitFilesRaw = run(["ls-files"]);
+        const gitFiles = gitFilesRaw.startsWith("[") ? "" : gitFilesRaw.split("\n").slice(0, 1000).join("\n");
         const knownDirs = new Set<string>();
         for (const f of gitFiles.split("\n").filter(Boolean)) {
           const parts = f.split("/");

src/tools/sequence-tasks.ts

@@ -1,15 +1,18 @@
 import { z } from "zod";
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { existsSync, readFileSync } from "fs";
+import { execFileSync } from "child_process";
 import { join } from "path";
 import { run, getBranch, getRecentCommits, getStatus } from "../lib/git.js";
-import { readIfExists, findWorkspaceDocs } from "../lib/files.js";
+import { readIfExists, findWorkspaceDocs, PROJECT_DIR } from "../lib/files.js";
 import { STATE_DIR, now } from "../lib/state.js";
 
 /** Check if a CLI tool is available */
 function hasCommand(cmd: string): boolean {
-  const result = run(`command -v ${cmd} 2>/dev/null`);
-  return !!result && !result.startsWith("[command failed");
+  try {
+    execFileSync("which", [cmd], { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+    return true;
+  } catch { return false; }
 }
 
 export function registerSessionHandoff(server: McpServer): void {
@@ -44,7 +47,13 @@ export function registerSessionHandoff(server: McpServer): void {
 
         // Only try gh if it exists
         if (hasCommand("gh")) {
-          const openPRs = run("gh pr list --state open --json number,title,headRefName 2>/dev/null || echo '[]'");
+          let openPRs = "[]";
+          try {
+            openPRs = execFileSync("gh", ["pr", "list", "--state", "open", "--json", "number,title,headRefName"], {
+              cwd: PROJECT_DIR, encoding: "utf-8", timeout: 10000,
+              stdio: ["pipe", "pipe", "pipe"],
+            }).trim();
+          } catch { /* gh not available or not in a repo */ }
           if (openPRs && openPRs !== "[]") {
             sections.push(`## Open PRs\n\`\`\`json\n${openPRs}\n\`\`\``);
           }

src/tools/session-handoff.ts

@@ -27,15 +27,15 @@ function parsePortelainFiles(output: string): string[] {
 /** Get recently changed files, safe for first commit / shallow clones */
 function getRecentChangedFiles(): string[] {
   // Try HEAD~1..HEAD, fall back to just staged, then unstaged
-  const commands = [
-    "git diff --name-only HEAD~1 HEAD 2>/dev/null",
-    "git diff --name-only --cached 2>/dev/null",
-    "git diff --name-only 2>/dev/null",
+  const commands: string[][] = [
+    ["diff", "--name-only", "HEAD~1", "HEAD"],
+    ["diff", "--name-only", "--cached"],
+    ["diff", "--name-only"],
   ];
   const results = new Set<string>();
-  for (const cmd of commands) {
-    const out = run(cmd);
-    if (out) out.split("\n").filter(Boolean).forEach((f) => results.add(f));
+  for (const args of commands) {
+    const out = run(args);
+    if (out && !out.startsWith("[")) out.split("\n").filter(Boolean).forEach((f) => results.add(f));
     if (results.size > 0) break; // first successful source is enough
   }
   return [...results];
@@ -87,7 +87,7 @@ export function registerSharpenFollowup(server: McpServer): void {
       // Gather context to resolve ambiguity
       const contextFiles: string[] = [...(previous_files ?? [])];
       const recentChanged = getRecentChangedFiles();
-      const porcelainOutput = run("git status --porcelain 2>/dev/null");
+      const porcelainOutput = run(["status", "--porcelain"]);
       const untrackedOrModified = parsePortelainFiles(porcelainOutput);
 
       const allKnownFiles = [...new Set([...contextFiles, ...recentChanged, ...untrackedOrModified])].filter(Boolean);

src/tools/sharpen-followup.ts

@@ -4,14 +4,9 @@ import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { run } from "../lib/git.js";
 import { readIfExists, findWorkspaceDocs, PROJECT_DIR } from "../lib/files.js";
 import { loadState, saveState, now, STATE_DIR } from "../lib/state.js";
-import { readFileSync, existsSync, statSync } from "fs";
+import { readFileSync, existsSync, statSync, openSync, readSync, closeSync } from "fs";
 import { join } from "path";
 
-/** Shell-escape a filename for safe interpolation */
-function shellEscape(s: string): string {
-  return s.replace(/'/g, "'\\''");
-}
-
 /**
  * Grade thresholds rationale:
  * - A (0-10):  Minimal waste — small diffs, targeted reads, lean context
@@ -39,8 +34,8 @@ export function registerTokenAudit(server: McpServer): void {
       let wasteScore = 0;
 
       // 1. Git diff size & dirty file count
-      const diffStat = run("git diff --stat --no-color 2>/dev/null");
-      const dirtyFiles = run("git diff --name-only 2>/dev/null");
+      const diffStat = run(["diff", "--stat", "--no-color"]);
+      const dirtyFiles = run(["diff", "--name-only"]);
       const dirtyList = dirtyFiles.split("\n").filter(Boolean);
       const dirtyCount = dirtyList.length;
 
@@ -62,9 +57,15 @@ export function registerTokenAudit(server: McpServer): void {
       const largeFiles: string[] = [];
 
       for (const f of dirtyList.slice(0, 30)) {
-        // Use shell-safe quoting instead of interpolation
-        const wc = run(`wc -l < '${shellEscape(f)}' 2>/dev/null`);
-        const lines = parseInt(wc) || 0;
+        // Count lines using Node.js fs instead of shell wc
+        let lines = 0;
+        try {
+          const filePath = join(PROJECT_DIR, f);
+          if (existsSync(filePath)) {
+            const content = readFileSync(filePath, "utf-8");
+            lines = content.split("\n").length;
+          }
+        } catch { /* skip unreadable files */ }
         estimatedContextTokens += lines * AVG_LINE_BYTES * AVG_TOKENS_PER_BYTE;
         if (lines > 500) {
           largeFiles.push(`${f} (${lines} lines)`);
@@ -80,8 +81,11 @@ export function registerTokenAudit(server: McpServer): void {
       // 3. CLAUDE.md bloat check
       const claudeMd = readIfExists("CLAUDE.md", 1);
       if (claudeMd !== null) {
-        const stat = run(`wc -c < '${shellEscape("CLAUDE.md")}' 2>/dev/null`);
-        const bytes = parseInt(stat) || 0;
+        let bytes = 0;
+        try {
+          const claudePath = join(PROJECT_DIR, "CLAUDE.md");
+          if (existsSync(claudePath)) bytes = statSync(claudePath).size;
+        } catch { /* ignore */ }
         if (bytes > 5120) {
           patterns.push(`CLAUDE.md is ${(bytes / 1024).toFixed(1)}KB — injected every session, burns tokens on paste`);
           recommendations.push("Trim CLAUDE.md to essentials (<5KB). Move reference docs to files read on-demand");
@@ -137,9 +141,16 @@ export function registerTokenAudit(server: McpServer): void {
             }
 
             // Read with size cap: take the tail if too large
-            const raw = stat.size <= MAX_TOOL_LOG_BYTES
-              ? readFileSync(toolLogPath, "utf-8")
-              : run(`tail -c ${MAX_TOOL_LOG_BYTES} '${shellEscape(toolLogPath)}'`);
+            let raw: string;
+            if (stat.size <= MAX_TOOL_LOG_BYTES) {
+              raw = readFileSync(toolLogPath, "utf-8");
+            } else {
+              const fd = openSync(toolLogPath, "r");
+              const buf = Buffer.alloc(MAX_TOOL_LOG_BYTES);
+              readSync(fd, buf, 0, MAX_TOOL_LOG_BYTES, stat.size - MAX_TOOL_LOG_BYTES);
+              closeSync(fd);
+              raw = buf.toString("utf-8");
+            }
 
             const lines = raw.trim().split("\n").filter(Boolean);
             totalToolCalls = lines.length;