feat: add security improvements, log rotation, and documentation

[kingkillery]

Security Improvements:

• Add 24-hour session expiration to prevent stale session reuse
• Add jq_safe timeout wrapper to prevent hanging on malformed JSON
• Add extract_semver to handle pre-release version parsing (e.g., 2.0.76-beta.1)
• Add sanitize_path function to remove full paths from error messages
• Remove debug logging statements from production code
• Add DEBUG log level support for verbose mode

New Features:

• Add log rotation library (lib/log_rotation.sh) with:
  • Automatic rotation when files exceed size threshold
  • Configurable max files and max age
  • Old log cleanup functionality
  • Log statistics reporting
• Integrate log maintenance at startup in main loop

Testing:

• Add test_security.bats with 20 tests covering:
  • Session expiration
  • Tool validation
  • Version parsing
  • Path sanitization
  • Command array security
• Add test_log_rotation.bats with 22 tests covering:
  • File size detection
  • Rotation logic
  • Backup management
  • Cleanup operations

Documentation:

• Add TESTING.md with comprehensive testing guide
• Add CONTRIBUTING.md with development guidelines

Total test count: 187 tests (100% pass rate)

Summary by CodeRabbit

• Documentation

  • Added contributor guidelines and development workflow documentation
  • Added comprehensive testing guide and best practices

• New Features

  • Implemented automatic log rotation and cleanup management
  • Added Claude session resumption with 24-hour expiration handling
  • Enhanced error handling with safe timeout wrappers and path sanitization

• Tests

  • Added unit tests for log rotation functionality
  • Added security and session management test suite

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This PR adds comprehensive contributor documentation, introduces a self-contained log rotation library component, integrates log rotation into the main event loop with session expiration tracking, and provides extensive unit test coverage for new functionality and security validation.

Changes

Cohort / File(s)	Summary
Documentation CONTRIBUTING.md, TESTING.md	Adds contributor guidelines covering code of conduct, development workflow, coding standards, PR process, and release procedure (+322 lines). Adds comprehensive testing guide detailing test strategy, structure, running instructions, and best practices (+415 lines).
Log Rotation Component lib/log_rotation.sh	New Bash-based log rotation module with 8 exported functions: get_file_size, rotate_log_file, needs_rotation, rotate_if_needed, cleanup_old_logs, rotate_all_logs, maintain_logs, and get_log_stats. Includes cross-platform (Darwin/Linux) file size retrieval and configurable rotation parameters (+165 lines).
Main Loop Integration ralph_loop.sh	Integrates log rotation via maintain_logs startup call. Adds 5 utility functions: sanitize_path, jq_safe (timeout wrapper), extract_semver, is_session_expired, save_claude_session. Implements 24-hour session expiration logic and enhances version comparison robustness (+102/-41 lines).
Unit Tests tests/unit/test_log_rotation.bats, tests/unit/test_security.bats	Adds 323 lines of Bash/Bats tests covering log rotation operations (rotation, cleanup, statistics, edge cases). Adds 516 lines of security tests validating session expiration, version parsing, path sanitization, jq timeout handling, and injection prevention (+839 lines total).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• [P3] Phase 1.10: Create CONTRIBUTING.md guide #25: CONTRIBUTING.md directly implements the contributor guidelines document outlined in this issue.

Possibly related PRs

• [P1] feat(cli): add modern CLI commands with JSON output support (Phase 1.1) #47: Overlapping changes to ralph_loop.sh affecting session management (init_claude_session, save_claude_session) and version handling (check_claude_version, semver parsing logic).

Poem

🐰 A hop, skip, and spin through the log files we keep,
Sessions expire, old logs rest in sleep,
With rotation and care, our archives stay neat,
While tests keep us honest—contribution complete! ✨

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0fbb92a and f4eae41.

📒 Files selected for processing (6)

• CONTRIBUTING.md
• TESTING.md
• lib/log_rotation.sh
• ralph_loop.sh
• tests/unit/test_log_rotation.bats
• tests/unit/test_security.bats

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kingkillery]

No need