Skip to content

Add ace run pattern runner command#4

Open
sunapi386 wants to merge 2 commits intomainfrom
feature/ace-run-patterns
Open

Add ace run pattern runner command#4
sunapi386 wants to merge 2 commits intomainfrom
feature/ace-run-patterns

Conversation

@sunapi386
Copy link
Contributor

Summary

  • Adds ace run <pattern> command — a Fabric-like pattern runner that pipes text through pre-configured system prompts, executed locally via the Python workflow engine (aceteam-nodes)
  • Supports stdin pipes, inline text, file input (--file), folder batch processing (--input-dir/--output-dir), model override (--model), and JSON output (--json)
  • Includes 10 built-in patterns (7 general + 3 government) with user-defined pattern support via ~/.ace/patterns/<name>/system.md
  • Extracts ensurePython() to shared utility for reuse across commands
  • Fixes command injection vulnerability: replaces all execSync shell-string calls with execFileSync array form
  • Fixes path traversal vulnerability: validates pattern names against /^[a-zA-Z0-9][a-zA-Z0-9_-]*$/

Test plan

  • All 91 tests pass (pnpm test)
  • Build succeeds (pnpm build)
  • Lint clean (pnpm lint)
  • Security review completed — 2 critical issues fixed in this PR
  • Manual: node dist/index.js run --list shows all patterns
  • Manual: echo "test text" | node dist/index.js run summarize produces output
  • Manual: node dist/index.js run summarize --file <path> reads file input

🤖 Generated with Claude Code

sunapi386 and others added 2 commits February 11, 2026 17:30
Implements a Fabric-like pattern runner that executes pre-configured
system prompts via the local Python workflow engine (aceteam-nodes).
Supports stdin pipes, inline text, file/folder I/O, and batch processing.

- Extract ensurePython() to shared util for reuse across commands
- Add 10 built-in patterns (7 general + 3 government)
- Support user-defined patterns via ~/.ace/patterns/<name>/system.md
- Add comprehensive tests for patterns, I/O, and command structure

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace all execSync shell-string calls with execFileSync array form
  to prevent command injection via config-sourced python paths
- Validate pattern names against /^[a-zA-Z0-9][a-zA-Z0-9_-]*$/ to
  prevent path traversal in user pattern loading
- Update tests to match execFileSync API

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant