Skip to content

upstream 取り込み PR #11: use task title as workspace name (#3678) #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MocA-Love merged 1 commit into from
Apr 24, 2026
Merged

upstream 取り込み PR #11: use task title as workspace name (#3678) #414

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...tasks/$taskId/components/PropertiesSidebar/components/OpenInWorkspace/OpenInWorkspace.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ export function OpenInWorkspace({ task }: OpenInWorkspaceProps) {
const result = await createWorkspace.mutateAsyncWithPendingSetup(
{
projectId,
name: task.slug,
name: task.title,
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# useCreateWorkspace と mutateAsyncWithPendingSetup の実装を確認し、
# name のバリデーション/サニタイズ、および wasExisting 判定のキーを特定する
fd -t f 'workspaces' apps/desktop/src/renderer/react-query
rg -nP -C5 'mutateAsyncWithPendingSetup|wasExisting' --type=ts --type=tsx
rg -nP -C3 '\bname\b.*(trim|slice|sanitize|length)' --type=ts --type=tsx -g '!**/node_modules/**'

Repository: MocA-Love/superset

Length of output: 453

🏁 Script executed:

#!/bin/bash
# Find useCreateWorkspace hook and related mutations
echo "=== Finding workspace-related hooks ==="
find apps/desktop/src/renderer/react-query/workspaces -type f -name "*.ts" -o -name "*.tsx" | head -20

echo -e "\n=== Searching for useCreateWorkspace ==="
rg 'useCreateWorkspace|mutateAsyncWithPendingSetup' -t ts -t tsx apps/desktop/src/renderer

echo -e "\n=== Searching for wasExisting ==="
rg 'wasExisting' -t ts -t tsx apps/desktop/src/renderer -C 3

echo -e "\n=== Checking OpenInWorkspace.tsx ==="
find apps/desktop/src/renderer -name 'OpenInWorkspace.tsx' -exec head -150 {} \;

Repository: MocA-Love/superset

Length of output: 6626

🏁 Script executed:

#!/bin/bash
echo "=== Reading useCreateWorkspace.ts ==="
wc -l apps/desktop/src/renderer/react-query/workspaces/useCreateWorkspace.ts

echo -e "\n=== Full content ==="
cat -n apps/desktop/src/renderer/react-query/workspaces/useCreateWorkspace.ts

echo -e "\n=== Searching for workspace creation/validation in src/lib ==="
find apps/desktop/src/lib -type f \( -name "*.ts" -o -name "*.tsx" \) | xargs grep -l "wasExisting\|workspace" | head -10

Repository: MocA-Love/superset

Length of output: 6812

🏁 Script executed:

#!/bin/bash
echo "=== Finding workspaces tRPC router ==="
find apps/desktop/src/lib/trpc -type f -name "*workspace*"

echo -e "\n=== Searching for workspaces router directory ==="
ls -la apps/desktop/src/lib/trpc/routers/ | grep -i workspace

echo -e "\n=== Check main index for workspaces ==="
grep -n "workspaces" apps/desktop/src/lib/trpc/index.ts

Repository: MocA-Love/superset

Length of output: 1039

🏁 Script executed:

#!/bin/bash
echo "=== Reading workspaces.ts ==="
wc -l apps/desktop/src/lib/trpc/routers/workspaces/workspaces.ts

echo -e "\n=== First 200 lines of workspaces.ts ==="
head -200 apps/desktop/src/lib/trpc/routers/workspaces/workspaces.ts

echo -e "\n=== Reading workspace-creation.ts ==="
wc -l apps/desktop/src/lib/trpc/routers/workspaces/utils/workspace-creation.ts
cat -n apps/desktop/src/lib/trpc/routers/workspaces/utils/workspace-creation.ts

Repository: MocA-Love/superset

Length of output: 15863

🏁 Script executed:

#!/bin/bash
echo "=== Reading create procedures ==="
wc -l apps/desktop/src/lib/trpc/routers/workspaces/procedures/create.ts
head -300 apps/desktop/src/lib/trpc/routers/workspaces/procedures/create.ts

echo -e "\n=== Reading workspace-auto-rename.ts ==="
cat -n apps/desktop/src/lib/trpc/routers/workspaces/utils/workspace-auto-rename.ts

Repository: MocA-Love/superset

Length of output: 9201

🏁 Script executed:

#!/bin/bash
echo "=== Checking for name validation in workspace schema/types ==="
find packages/db/src -type f -name "*.ts" | xargs grep -l "workspace" | head -5

echo -e "\n=== Checking workspace table schema ==="
rg "export const workspaces|workspace.*schema" packages/db/src -t ts -A 10 | head -50

Repository: MocA-Love/superset

Length of output: 1760

task.title をワークスペース名として使用する際の検証を確認してください。

task.slug(例: SUPER-172)から task.title への変更により、以下の観点で考慮が必要です:

  • task.title が空文字や空白のみの場合のハンドリング
  • 非常に長いタイトルやファイルシステム/UI で問題となる文字(/, \, 改行など)の検証またはサニタイズ

createWorkspace.mutateAsyncWithPendingSetup の実装を確認したところ、name パラメータは検証なくそのままデータベースに挿入されています。現在、テキスト長の制限や特殊文字の事前チェックがないため、入力側での適切なサニタイズまたはバリデーションレイヤーの追加を検討してください。

なお、wasExisting 判定は worktreeId に基づいているため、タイトルの一意性が問題になることはありません。branchName は引き続き deriveBranchName({ slug, title }) で識別子を含むため、追跡性は保たれています。

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/routes/_authenticated/_dashboard/tasks/`$taskId/components/PropertiesSidebar/components/OpenInWorkspace/OpenInWorkspace.tsx
at line 124, task.title is used directly as the workspace name when calling
createWorkspace.mutateAsyncWithPendingSetup; add input validation/sanitization
before passing name: ensure task.title is not empty or whitespace-only, trim it,
enforce a reasonable max length, and remove or replace
filesystem/URL/UI-problematic characters (e.g. '/', '\', newlines) or fall back
to task.slug if sanitized title is invalid; keep deriveBranchName({ slug, title
}) behavior and wasExisting/worktreeId logic unchanged, and ensure the sanitized
value is what you pass to createWorkspace.mutateAsyncWithPendingSetup as the
name parameter.

branchName,
},
{ agentLaunchRequest: launchRequestTemplate ?? undefined },
Expand Down
2 changes: 1 addition & 1 deletion ...sksView/components/TasksTopBar/components/RunInWorkspacePopover/RunInWorkspacePopover.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ export function RunInWorkspacePopover({
const result = await createWorkspace.mutateAsyncWithPendingSetup(
{
projectId: effectiveProjectId,
name: task.slug,
name: task.title,
branchName,
},
{ agentLaunchRequest: launchRequestTemplate ?? undefined },
Expand Down
Loading