fix(create-app): Fix critical CLI validation bugs and improve error handling #34472
+541
−144
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…andling This commit addresses 4 critical bugs identified during QA testing: 1. **Late Framework Validation** - Framework validation now occurs immediately after the welcome screen, before any API calls or interactive prompts. Invalid frameworks fail fast with clear error messages. 2. **Invalid URL Retry Loop** - Added comprehensive URL format validation that catches malformed URLs before connection attempts. URLs must now include protocol (http:// or https://), preventing infinite retry loops. 3. **Framework Case Sensitivity** - Framework names are now case-insensitive. Users can enter NextJS, nextjs, NEXTJS, etc. 4. **Positional Arguments** - Verified working correctly (was already implemented). Additional improvements: - Added framework aliases (next → nextjs, ng → angular, next.js → nextjs) - Enhanced fetchWithRetry() to track error history and provide troubleshooting steps - Increased Docker startup timeout from 40 to 60 retries (5 minutes) for first-time pulls - Fixed typo in prompt: "exsisting" → "existing" - Added localhost port warning when using non-standard ports - Updated README with framework aliases and URL format requirements - All error messages styled with chalk colors and emojis for consistency Files changed: - NEW: src/utils/validation.ts - Centralized validation logic - MODIFIED: src/index.ts - Early validation calls, updated retry parameters - MODIFIED: src/utils/index.ts - Enhanced error handling in fetchWithRetry() - MODIFIED: src/asks.ts - Fixed typo - MODIFIED: README.md - Updated documentation All changes are backward compatible. The CLI is now more permissive (accepts more input variations) while providing clearer error messages for invalid input. Co-Authored-By: Claude Sonnet 4.5 (1M context) <[email protected]>
This commit introduces several improvements to the CLI validation process: 1. **New Validation Functions**: Added to ensure project names are filesystem-safe and follow best practices, and to warn users about conflicting CLI options. 2. **Updated Validation Calls**: Integrated new validation functions into the CLI flow, ensuring immediate feedback on project name and parameter conflicts. 3. **Path Escaping**: Implemented to safely handle file paths in shell commands, enhancing cross-platform compatibility. These changes improve user experience by providing clearer error messages and preventing invalid configurations. Files changed: - MODIFIED: src/index.ts - Added new validation calls - MODIFIED: src/utils/index.ts - Updated project path handling - NEW: src/utils/validation.ts - Introduced new validation logic All changes maintain backward compatibility and enhance the robustness of the CLI.
Address code review feedback to enhance security, maintainability, and user experience: **Validation Improvements:** - Add post-prompt validation to prevent bypass of interactive project name input - Implement platform-specific shell escaping (Windows vs Unix backslash handling) - Add newline and tab character detection in shell path escaping **Code Quality:** - Extract magic number 255 to MAX_PROJECT_NAME_LENGTH constant - Add CONTROL_CHAR_THRESHOLD constant for ASCII validation - Replace console.log with console.warn for warning messages - Add explanatory comments for ESLint fixes and regex patterns **Error Handling:** - Wrap main action in try-catch for consistent error handling - Graceful exit with proper error messages on validation failures - Improved user feedback for all error scenarios **Security:** - Close validation bypass vulnerability in interactive mode - Enhanced cross-platform shell injection protection - Better handling of edge cases (tabs, newlines, Windows paths) All changes maintain backward compatibility and pass ESLint validation. Co-Authored-By: Claude Sonnet 4.5 (1M context) <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses critical bugs in the create-app CLI tool and significantly enhances validation, error handling, and robustness.
Changes
Critical Bug Fixes
Validation Enhancements
../, absolute paths)--localis used with cloud parameters and warns appropriatelyError Handling Improveme### - Enhanced
fetchWithRetrywith configurable timeout (default 10s)Code Quality
validation.tsmodule with reusable validation utilitiesescapeShellPathutility for cross-platform shell safetyFiles Changed
core-web/libs/sdk/create-app/README.md: Updated documentation for new validation featurescore-web/libs/sdk/create-app/src/asks.ts: Fixed typocore-web/libs/sdk/create-app/src/index.ts: Added early validation and improved flow controlcore-web/libs/sdk/create-app/src/utils/index.ts: EnhancedfetchWithRetryand added shell escapingcore-web/libs/sdk/create-app/src/utils/validation.ts: Ne-core-web/libs/sdk/create-app/src/utils/validation.ts: Ne- `core-web/libs/sdk/create-app/src/utionCo-Authored-By: Warp [email protected]