jerfowler
diff --git a/‎src/tools/create-task.ts‎
Lines changed: 62 additions & 4 deletions b/‎src/tools/create-task.ts‎
Lines changed: 62 additions & 4 deletions
diff --git a/‎src/tools/mark-complete.ts‎
Lines changed: 37 additions & 12 deletions b/‎src/tools/mark-complete.ts‎
Lines changed: 37 additions & 12 deletions
diff --git a/‎tests/integration/context-operations.test.ts‎
Lines changed: 8 additions & 8 deletions b/‎tests/integration/context-operations.test.ts‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎tests/integration/file-system-regression.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎tests/integration/file-system-regression.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/integration/flexible-workflow.test.ts‎
Lines changed: 23 additions & 23 deletions b/‎tests/integration/flexible-workflow.test.ts‎
Lines changed: 23 additions & 23 deletions
@@ -13,9 +13,52 @@ import * as fs from '../utils/file-system.js';
 import * as path from 'path';
 import debug from 'debug';
 
-
+// Create debug instance with proper namespace
 const log = debug('agent-comm:tools:create-task');
 
+/**
+ * Strict whitelist of valid agents for create_task
+ * This provides an additional layer of security beyond the general validation
+ */
+const VALID_AGENTS_WHITELIST = [
+  'senior-frontend-engineer',
+  'senior-backend-engineer',
+  'senior-system-architect',
+  'devops-deployment-engineer',
+  'senior-ai-ml-engineer',
+  'senior-dba-advisor',
+  'qa-test-automation-engineer',
+  'security-analyst',
+  'debug-investigator',
+  'ux-ui-designer',
+  'product-docs-manager',
+  'product-manager',
+  'product-owner-agile',
+  'scrum-master-coach'
+] as const;
+
+/**
+ * Validate agent against strict whitelist for create_task
+ * @param agent - The agent name to validate
+ * @throws Error if agent is not in whitelist
+ * @returns The validated agent name
+ */
+function validateAgentWhitelist(agent: string): string {
+  log('Validating agent against whitelist: %s', agent);
+
+  // Type-safe check against whitelist
+  const isValidAgent = VALID_AGENTS_WHITELIST.some(validAgent => validAgent === agent);
+
+  if (!isValidAgent) {
+    log('Agent validation failed - not in whitelist: %s', agent);
+    const errorMessage = `Invalid agent '${agent}'. Agent must be one of the known agents: ${VALID_AGENTS_WHITELIST.join(', ')}`;
+    throw new Error(errorMessage);
+  }
+
+  log('Agent validation passed: %s', agent);
+  return agent;
+}
+
 // Protocol context removed - guidance now provided via ResponseEnhancer orchestration templates
 
 // Task creation options interface
@@ -154,24 +197,39 @@ export async function createTask(
   let rawTaskName: string;
 
   try {
+    // First apply security validation (path traversal, injection, etc.)
     agent = await validateAgentWithAvailability(options.agent);
+
+    // Then apply strict whitelist validation for create_task
+    agent = validateAgentWhitelist(agent);
+
+    log('Agent validation complete: %s', agent);
   } catch (error) {
     // Log validation error before re-throwing
     if (config.errorLogger) {
+      // Check if this is a whitelist validation failure
+      const isWhitelistError = error instanceof Error &&
+        error.message.includes('Invalid agent') &&
+        error.message.includes('must be one of');
+
       const errorEntry: ErrorLogEntry = {
         timestamp: new Date(),
         source: 'validation',
         operation: 'create_task',
         agent: String(options.agent ?? ''),
         error: {
           message: error instanceof Error ? error.message : String(error),
-          name: error instanceof Error ? error.name : 'ValidationError'
+          name: isWhitelistError ? 'AgentWhitelistError' : (error instanceof Error ? error.name : 'ValidationError')
         },
         context: {
           tool: 'create_task',
-          parameters: { agent: options.agent, taskName: options.taskName }
+          parameters: {
+            agent: options.agent,
+            taskName: options.taskName,
+            ...(isWhitelistError && { violationType: 'agent_whitelist' })
+          }
         },
-        severity: 'high'
+        severity: isWhitelistError ? 'critical' : 'high'
       };
       await config.errorLogger.logError(errorEntry);
     }
 
@@ -11,8 +11,8 @@ import * as fs from '../utils/file-system.js';
 import * as path from 'path';
 import debug from 'debug';
 
-
-const log = debug('agent-comm:tools:markcomplete');
+// Create debug instance with proper namespace
+const log = debug('agent-comm:tools:mark-complete');
 interface ReconciliationOptions {
   mode?: 'strict' | 'auto_complete' | 'reconcile' | 'force';
   explanations?: Record<string, string> | undefined; // item -> reason for not being checked
@@ -38,20 +38,30 @@ interface ReconciledCompletion {
 
 /**
  * Extract unchecked checkbox items from plan content
+ * Includes both pending [ ] and in-progress [~] states
  */
 function extractUncheckedItems(content: string): string[] {
-  const uncheckedRegex = /^- \[ \] \*\*([^:]+)\*\*:/gm;
+  log('extractUncheckedItems called, content length: %d', content.length);
+
+  // Match both pending [ ] and in-progress [~] checkboxes as unchecked
+  const uncheckedRegex = /^- \[(?:[ ~])\] \*\*([^:]+)\*\*:/gm;
   const matches = content.match(uncheckedRegex) ?? [];
+
+  log('Found %d unchecked items (pending or in-progress)', matches.length);
+
   return matches.map((match: string) => {
     const titleMatch = match.match(/\*\*([^:]+)\*\*/);
-    return titleMatch ? titleMatch[1] : match;
+    const title = titleMatch ? titleMatch[1] : match;
+    log('Unchecked item: %s', title);
+    return title;
   });
 }
 
 /**
  * Validate checkbox format in plan content and detect invalid formats
  */
 function validateCheckboxFormats(content: string, config: ServerConfig, agent: string, taskId?: string): void {
+  log('validateCheckboxFormats called for agent: %s, taskId: %s', agent, taskId ?? 'none');
   const lines = content.split('\n');
 
   for (let i = 0; i < lines.length; i++) {
@@ -68,9 +78,11 @@ function validateCheckboxFormats(content: string, config: ServerConfig, agent: s
     const isListItem = line.startsWith('-') && hasCheckboxBrackets;
     if (hasCheckboxBrackets && (isListItem || !line.startsWith('-'))) {
       // This looks like a checkbox attempt, validate format
-      const validCheckbox = line.match(/^- \[[x ]\] \*\*[^:]+\*\*:/);
+      // Now accepting three states: [ ] (pending), [~] (in-progress), [x] or [X] (completed)
+      const validCheckbox = line.match(/^- \[(?:[xX ~])\] \*\*[^:]+\*\*:/);
 
       if (!validCheckbox) {
+        log('Invalid checkbox format detected on line %d: %s', i + 1, line);
         // Log parsing error for invalid checkbox format
         if (config.errorLogger) {
           config.errorLogger.logError({
@@ -106,14 +118,22 @@ function validateCheckboxFormats(content: string, config: ServerConfig, agent: s
 }
 
 /**
- * Extract checked checkbox items from plan content  
+ * Extract checked checkbox items from plan content
  */
 function extractCheckedItems(content: string): string[] {
-  const checkedRegex = /^- \[x\] \*\*([^:]+)\*\*:/gmi;
+  log('extractCheckedItems called, content length: %d', content.length);
+
+  // Match both lowercase [x] and uppercase [X] as checked/completed
+  const checkedRegex = /^- \[[xX]\] \*\*([^:]+)\*\*:/gm;
   const matches = content.match(checkedRegex) ?? [];
+
+  log('Found %d checked items (completed)', matches.length);
+
   return matches.map((match: string) => {
     const titleMatch = match.match(/\*\*([^:]+)\*\*/);
-    return titleMatch ? titleMatch[1] : match;
+    const title = titleMatch ? titleMatch[1] : match;
+    log('Checked item: %s', title);
+    return title;
   });
 }
 
@@ -125,10 +145,10 @@ async function validateCompletion(
   agent: string,
   taskId?: string
 ): Promise<CompletionValidation> {
+  log('validateCompletion called for agent: %s, taskId: %s', agent, taskId ?? 'none');
   let planContent = '';  // Declare in function scope for error logging
 
   try {
-    log('validateCompletion called for agent: %s, taskId: %s', agent, taskId);
     // Find the task directory - either specified or active
     const agentDir = path.join(config.commDir, agent);
     log('Checking agent directory: %s', agentDir);
@@ -313,10 +333,15 @@ async function reconcileCompletion(
         if (planPath && await fs.pathExists(planPath)) {
           let planContent = await fs.readFile(planPath);
 
-          // Replace unchecked items with checked
+          // Replace unchecked items (both [ ] and [~]) with checked [x]
           validation.uncheckedItems.forEach(item => {
-            const uncheckedPattern = new RegExp(`^- \\[ \\] \\*\\*${item.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\*\\*:`, 'gm');
-            planContent = planContent.replace(uncheckedPattern, `- [x] **${item}**:`);
+            // Replace both pending [ ] and in-progress [~] with completed [x]
+            const escapedItem = item.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+            const pendingPattern = new RegExp(`^- \\[ \\] \\*\\*${escapedItem}\\*\\*:`, 'gm');
+            const inProgressPattern = new RegExp(`^- \\[~\\] \\*\\*${escapedItem}\\*\\*:`, 'gm');
+
+            planContent = planContent.replace(pendingPattern, `- [x] **${item}**:`);
+            planContent = planContent.replace(inProgressPattern, `- [x] **${item}**:`);
           });
 
           await fs.writeFile(planPath, planContent);
 
@@ -48,7 +48,7 @@ describe('MCP Server Context-Based Operations', () => {
 
   describe('1. Context-Based Format Support', () => {
     it('should always use context format in checkTasks', async () => {
-      const agent = 'test-agent';
+      const agent = 'senior-backend-engineer';
 
       // Create test tasks first
       const agentDir = path.join(commDir, agent);
@@ -75,7 +75,7 @@ describe('MCP Server Context-Based Operations', () => {
     });
 
     it('should handle task discovery correctly', async () => {
-      const agent = 'test-agent';
+      const agent = 'senior-backend-engineer';
 
       // Create test task structure
       const agentDir = path.join(commDir, agent);
@@ -104,7 +104,7 @@ describe('MCP Server Context-Based Operations', () => {
 
   describe('2. Clean Task Content (Issue #64)', () => {
     it('should provide clean task content with metadata only (no protocol injection)', async () => {
-      const targetAgent = 'frontend-engineer';
+      const targetAgent = 'senior-frontend-engineer';
       const taskName = 'implement-dashboard';
       const originalContent = '# Dashboard Task\n\nImplement user dashboard';
 
@@ -136,13 +136,13 @@ describe('MCP Server Context-Based Operations', () => {
       expect(taskContent).toContain('Dashboard Task');
       expect(taskContent).toContain('Implement user dashboard');
       expect(taskContent).toContain('## Metadata');
-      expect(taskContent).toContain('Agent: frontend-engineer');
+      expect(taskContent).toContain('Agent: senior-frontend-engineer');
       // Protocol guidance now provided via ResponseEnhancer, not injected in task content
       expect(taskContent).not.toContain('MCP Task Management Protocol');
     });
 
     it('should provide clean delegated task content with metadata only', async () => {
-      const targetAgent = 'backend-engineer';
+      const targetAgent = 'senior-backend-engineer';
       const taskName = 'implement-api';
       const originalContent = '# API Task\n\nImplement REST API endpoints';
 
@@ -170,7 +170,7 @@ describe('MCP Server Context-Based Operations', () => {
       expect(taskContent).toContain('API Task');
       expect(taskContent).toContain('Implement REST API endpoints');
       expect(taskContent).toContain('## Metadata');
-      expect(taskContent).toContain('Agent: backend-engineer');
+      expect(taskContent).toContain('Agent: senior-backend-engineer');
       // Protocol guidance now provided via ResponseEnhancer, not injected in task content
       expect(taskContent).not.toContain('MCP Task Management Protocol');
     });
@@ -287,7 +287,7 @@ Train and deploy machine learning model for user behavior prediction
 
   describe('4. Component Integration', () => {
     it('should integrate with ConnectionManager and EventLogger', async () => {
-      const agent = 'devops-engineer';
+      const agent = 'devops-deployment-engineer';
 
       // Verify config has required components
       expect(config.connectionManager).toBeDefined();
@@ -327,7 +327,7 @@ Train and deploy machine learning model for user behavior prediction
 
       // This should handle errors gracefully
       const result = await checkTasks(invalidConfig, { 
-        agent: 'test-agent' 
+        agent: 'senior-backend-engineer' 
       });
 
       expect(result.tasks).toEqual([]);
 
@@ -86,7 +86,7 @@ describe('File System Operations Regression Test', () => {
   describe('Tool-level fs.readdir usage', () => {
     it('REGRESSION: listAgents should traverse directories using fs.readdir', async () => {
       // Create agent directory structure that requires fs.readdir
-      const agents = ['agent-1', 'agent-2', 'agent-3'];
+      const agents = ['senior-frontend-engineer', 'senior-backend-engineer', 'qa-test-automation-engineer'];
 
       for (const agentName of agents) {
         const agentPath = path.join(commDir, agentName);
 
@@ -44,9 +44,9 @@ describe('Flexible Workflow Integration', () => {
     it('should handle complete workflow with multiple tasks across agents', async () => {
       // Simulate multiple agents working on different tasks
       const agents = [
-        { name: 'frontend-engineer', tasks: ['ui-redesign', 'performance-optimization'] },
-        { name: 'backend-engineer', tasks: ['api-refactor', 'database-migration', 'caching-layer'] },
-        { name: 'qa-engineer', tasks: ['test-automation', 'regression-suite'] }
+        { name: 'senior-frontend-engineer', tasks: ['ui-redesign', 'performance-optimization'] },
+        { name: 'senior-backend-engineer', tasks: ['api-refactor', 'database-migration', 'caching-layer'] },
+        { name: 'qa-test-automation-engineer', tasks: ['test-automation', 'regression-suite'] }
       ];
 
       // Phase 1: Create all tasks
@@ -66,11 +66,11 @@ describe('Flexible Workflow Integration', () => {
 
       // Phase 2: Submit plans in non-sequential order
       const planSubmissions = [
-        { agent: 'backend-engineer', task: 'database-migration', plan: '# Database Migration Plan\n\n## Implementation Steps\n\n- [ ] Analyze current schema and identify changes needed\n- [ ] Create migration scripts for data transformation\n- [ ] Develop rollback plan for emergency recovery' },
-        { agent: 'frontend-engineer', task: 'ui-redesign', plan: '# UI Redesign Implementation\n\n## Design Phase\n\n- [ ] Create wireframes for new interface components\n- [ ] Implement responsive component architecture' },
-        { agent: 'qa-engineer', task: 'test-automation', plan: '# Test Automation Framework\n\n## Setup and Configuration\n\n- [ ] Configure test framework with proper dependencies\n- [ ] Develop comprehensive test cases for coverage' },
-        { agent: 'backend-engineer', task: 'api-refactor', plan: '# API Refactoring Project\n\n## Technical Design\n\n- [ ] Design RESTful endpoint architecture patterns\n- [ ] Implement new API structure with validation' },
-        { agent: 'frontend-engineer', task: 'performance-optimization', plan: '# Performance Optimization\n\n## Analysis and Implementation\n\n- [ ] Profile application for performance bottlenecks\n- [ ] Implement optimization strategies and caching' }
+        { agent: 'senior-backend-engineer', task: 'database-migration', plan: '# Database Migration Plan\n\n## Implementation Steps\n\n- [ ] Analyze current schema and identify changes needed\n- [ ] Create migration scripts for data transformation\n- [ ] Develop rollback plan for emergency recovery' },
+        { agent: 'senior-frontend-engineer', task: 'ui-redesign', plan: '# UI Redesign Implementation\n\n## Design Phase\n\n- [ ] Create wireframes for new interface components\n- [ ] Implement responsive component architecture' },
+        { agent: 'qa-test-automation-engineer', task: 'test-automation', plan: '# Test Automation Framework\n\n## Setup and Configuration\n\n- [ ] Configure test framework with proper dependencies\n- [ ] Develop comprehensive test cases for coverage' },
+        { agent: 'senior-backend-engineer', task: 'api-refactor', plan: '# API Refactoring Project\n\n## Technical Design\n\n- [ ] Design RESTful endpoint architecture patterns\n- [ ] Implement new API structure with validation' },
+        { agent: 'senior-frontend-engineer', task: 'performance-optimization', plan: '# Performance Optimization\n\n## Analysis and Implementation\n\n- [ ] Profile application for performance bottlenecks\n- [ ] Implement optimization strategies and caching' }
       ];
 
       for (const submission of planSubmissions) {
@@ -88,13 +88,13 @@ describe('Flexible Workflow Integration', () => {
 
       // Phase 3: Report progress interchangeably
       const progressReports = [
-        { agent: 'backend-engineer', task: 'database-migration', step: 1, status: 'IN_PROGRESS' as const },
-        { agent: 'frontend-engineer', task: 'ui-redesign', step: 1, status: 'COMPLETE' as const },
-        { agent: 'backend-engineer', task: 'api-refactor', step: 1, status: 'IN_PROGRESS' as const },
-        { agent: 'backend-engineer', task: 'database-migration', step: 1, status: 'COMPLETE' as const },
-        { agent: 'qa-engineer', task: 'test-automation', step: 1, status: 'COMPLETE' as const },
-        { agent: 'frontend-engineer', task: 'ui-redesign', step: 2, status: 'IN_PROGRESS' as const },
-        { agent: 'backend-engineer', task: 'database-migration', step: 2, status: 'IN_PROGRESS' as const }
+        { agent: 'senior-backend-engineer', task: 'database-migration', step: 1, status: 'IN_PROGRESS' as const },
+        { agent: 'senior-frontend-engineer', task: 'ui-redesign', step: 1, status: 'COMPLETE' as const },
+        { agent: 'senior-backend-engineer', task: 'api-refactor', step: 1, status: 'IN_PROGRESS' as const },
+        { agent: 'senior-backend-engineer', task: 'database-migration', step: 1, status: 'COMPLETE' as const },
+        { agent: 'qa-test-automation-engineer', task: 'test-automation', step: 1, status: 'COMPLETE' as const },
+        { agent: 'senior-frontend-engineer', task: 'ui-redesign', step: 2, status: 'IN_PROGRESS' as const },
+        { agent: 'senior-backend-engineer', task: 'database-migration', step: 2, status: 'IN_PROGRESS' as const }
       ];
 
       for (const report of progressReports) {
@@ -122,10 +122,10 @@ describe('Flexible Workflow Integration', () => {
 
       // Phase 4: Complete tasks in arbitrary order
       const completions = [
-        { agent: 'qa-engineer', task: 'test-automation', status: 'DONE' as const },
-        { agent: 'backend-engineer', task: 'database-migration', status: 'DONE' as const },
-        { agent: 'frontend-engineer', task: 'ui-redesign', status: 'DONE' as const },
-        { agent: 'backend-engineer', task: 'api-refactor', status: 'ERROR' as const }
+        { agent: 'qa-test-automation-engineer', task: 'test-automation', status: 'DONE' as const },
+        { agent: 'senior-backend-engineer', task: 'database-migration', status: 'DONE' as const },
+        { agent: 'senior-frontend-engineer', task: 'ui-redesign', status: 'DONE' as const },
+        { agent: 'senior-backend-engineer', task: 'api-refactor', status: 'ERROR' as const }
       ];
 
       for (const completion of completions) {
@@ -263,14 +263,14 @@ describe('Flexible Workflow Integration', () => {
       // Scenario: Frontend and backend engineers collaborating on a feature
       const frontendConn = {
         id: 'frontend-conn',
-        agent: 'frontend-engineer',
+        agent: 'senior-frontend-engineer',
         startTime: new Date(),
         metadata: {}
       };
 
       const backendConn = {
         id: 'backend-conn',
-        agent: 'backend-engineer',
+        agent: 'senior-backend-engineer',
         startTime: new Date(),
         metadata: {}
       };
@@ -280,7 +280,7 @@ describe('Flexible Workflow Integration', () => {
 
       // Frontend tasks
       const frontendTasks = ['ui-components', 'state-management'];
-      const frontendDir = path.join(commDir, 'frontend-engineer');
+      const frontendDir = path.join(commDir, 'senior-frontend-engineer');
 
       for (const task of frontendTasks) {
         const taskDir = path.join(frontendDir, task);
@@ -293,7 +293,7 @@ describe('Flexible Workflow Integration', () => {
 
       // Backend tasks
       const backendTasks = ['api-endpoints', 'data-models'];
-      const backendDir = path.join(commDir, 'backend-engineer');
+      const backendDir = path.join(commDir, 'senior-backend-engineer');
 
       for (const task of backendTasks) {
         const taskDir = path.join(backendDir, task);