fix(security): add rstrip('/') to get_target_repo for trailing-slash URLs

The regex r'[:/]([^/]+/[^/]+?)(?:\.git)?$' fails on URLs with trailing slashes like 'https://git.softuniq.eu/UniqueSoft/APAW/' because the final '/' breaks the pattern. Added .rstrip('/') in Python and sed 's:/*' in Bash to all get_target_repo() implementations across 11 files.
2026-04-19 12:17:53 +01:00
parent 7523911812
commit 573d9a641e
11 changed files with 16 additions and 16 deletions
--- a/.kilo/commands/landing-page.md
+++ b/.kilo/commands/landing-page.md
@@ -114,7 +114,7 @@ def get_target_repo():
    """Detect target project from git remote — see .kilo/shared/gitea-auth.md"""
    try:
        result = subprocess.run(['git', 'remote', 'get-url', 'origin'], capture_output=True, text=True)
-        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip())
+        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip().rstrip('/'))
        if match:
            return match.group(1)
    except Exception:
--- a/.kilo/commands/pipeline.md
+++ b/.kilo/commands/pipeline.md
@@ -64,7 +64,7 @@ After each agent completes, post comment to the TARGET project issue (NOT APAW):

 ```bash
 # Auto-detect target project
-TARGET_REPO=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
+TARGET_REPO=$(git remote get-url origin | sed 's:/*$::' | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')

 # Post comment using target project
 curl -X POST -H "Authorization: token ${GITEA_TOKEN}" \
--- a/.kilo/commands/workflow.md
+++ b/.kilo/commands/workflow.md
@@ -79,7 +79,7 @@ def get_target_repo():
    """Detect target project from git remote — see .kilo/shared/gitea-auth.md"""
    try:
        result = subprocess.run(['git', 'remote', 'get-url', 'origin'], capture_output=True, text=True)
-        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip())
+        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip().rstrip('/'))
        if match:
            return match.group(1)
    except Exception:
--- a/.kilo/rules/gitea-centric-workflow.md
+++ b/.kilo/rules/gitea-centric-workflow.md
@@ -71,7 +71,7 @@ def get_target_repo():
        ['git', 'remote', 'get-url', 'origin'],
        capture_output=True, text=True
    )
-    remote_url = result.stdout.strip()
+    remote_url = result.stdout.strip().rstrip('/')
    
    # HTTPS: https://git.softuniq.eu/Owner/Repo.git
    # SSH: git@git.softuniq.eu:Owner/Repo.git
--- a/.kilo/shared/gitea-api.md
+++ b/.kilo/shared/gitea-api.md
@@ -17,7 +17,7 @@ def get_target_repo():
        ['git', 'remote', 'get-url', 'origin'],
        capture_output=True, text=True
    )
-    remote_url = result.stdout.strip()
+    remote_url = result.stdout.strip().rstrip('/')
    
    # HTTPS: https://git.softuniq.eu/Owner/Repo.git
    # SSH: git@git.softuniq.eu:Owner/Repo.git
@@ -51,7 +51,7 @@ def get_target_repo():
            ['git', 'remote', 'get-url', 'origin'],
            capture_output=True, text=True
        )
-        remote_url = result.stdout.strip()
+        remote_url = result.stdout.strip().rstrip('/')
        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', remote_url)
        if match:
            return match.group(1)
@@ -89,7 +89,7 @@ def create_issue(title, body, labels=None, repo=None):

 ```bash
 # Auto-detect target repo
-TARGET_REPO=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
+TARGET_REPO=$(git remote get-url origin | sed 's:/*$::' | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')

 # Post comment
 curl -X POST -H "Authorization: token ${GITEA_TOKEN}" \
--- a/.kilo/skills/gitea-commenting/SKILL.md
+++ b/.kilo/skills/gitea-commenting/SKILL.md
@@ -63,7 +63,7 @@ Please respond with your choice.

 ```bash
 # Auto-detect target repo
-TARGET_REPO=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
+TARGET_REPO=$(git remote get-url origin | sed 's:/*$::' | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')

 # Using curl with GITEA_TOKEN
 curl -X POST \
@@ -90,7 +90,7 @@ def get_target_repo():
            ['git', 'remote', 'get-url', 'origin'],
            capture_output=True, text=True
        )
-        remote_url = result.stdout.strip()
+        remote_url = result.stdout.strip().rstrip('/')
        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', remote_url)
        if match:
            return match.group(1)
@@ -206,7 +206,7 @@ def upload_screenshot(issue_number, screenshot_path, description="Error screensh
    if repo is None:
        try:
            result = subprocess.run(['git', 'remote', 'get-url', 'origin'], capture_output=True, text=True)
-            match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip())
+            match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip().rstrip('/'))
            repo = match.group(1) if match else os.environ.get('GITEA_TARGET_REPO', 'UniqueSoft/APAW')
        except Exception:
            repo = os.environ.get('GITEA_TARGET_REPO', 'UniqueSoft/APAW')
--- a/.kilo/skills/gitea-workflow/SKILL.md
+++ b/.kilo/skills/gitea-workflow/SKILL.md
@@ -29,7 +29,7 @@ class GiteaClient:
                ['git', 'remote', 'get-url', 'origin'],
                capture_output=True, text=True
            )
-            remote_url = result.stdout.strip()
+            remote_url = result.stdout.strip().rstrip('/')
            match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', remote_url)
            if match:
                return match.group(1)
--- a/.kilo/skills/gitea/SKILL.md
+++ b/.kilo/skills/gitea/SKILL.md
@@ -118,7 +118,7 @@ If Gitea token is available:

 ```bash
 # Auto-detect target repo
-TARGET_REPO=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
+TARGET_REPO=$(git remote get-url origin | sed 's:/*$::' | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
 ```

 Project URL: `https://git.softuniq.eu/{TARGET_REPO}`
--- a/.kilo/skills/task-analysis/SKILL.md
+++ b/.kilo/skills/task-analysis/SKILL.md
@@ -20,7 +20,7 @@ git log --all --oneline --grep="<keyword>"
 git log --all --oneline -- "<file_pattern>"

 # Search issues for similar tasks (auto-detect repo)
-TARGET_REPO=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
+TARGET_REPO=$(git remote get-url origin | sed 's:/*$::' | sed -E 's|.*[:/]([^/]+/[^/]+?)(\.git)?$|\1|')
 curl -s "https://git.softuniq.eu/api/v1/repos/${TARGET_REPO}/issues?state=all" | \
  python3 -c "import sys,json; [print(f\"#{i['number']}: {i['title']}\") for i in json.load(sys.stdin) if '<keyword>' in i['title'].lower()]"
 ```
@@ -73,7 +73,7 @@ def get_target_repo():
    import subprocess, re
    try:
        result = subprocess.run(['git', 'remote', 'get-url', 'origin'], capture_output=True, text=True)
-        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip())
+        match = re.search(r'[:/]([^/]+/[^/]+?)(?:\.git)?$', result.stdout.strip().rstrip('/'))
        if match:
            return match.group(1)
    except Exception: