test: wildcard matching + config markdown sanitization

[anandgupta42]

What does this PR do?

1. Wildcard.match, Wildcard.all, Wildcard.allStructured — src/util/wildcard.ts (7 new tests)

This module powers the entire permission system — PermissionNext.evaluate calls Wildcard.match for both permission names and file patterns. Existing tests covered basic matching and command patterns but missed several edge cases. New coverage includes:

• Star crosses path separators: Verifies that * matches across / boundaries (diverges from shell glob semantics intentionally — src/* must match src/deep/nested/file.ts for permission patterns to work)
• Special regex character escaping: Dots, parentheses, pipes, brackets, $, ^ in patterns are treated as literals, not regex metacharacters. A bug here could allow pattern injection attacks.
• Empty pattern boundary: Empty pattern matches only empty string
• Non-contiguous tail matching in allStructured: matchSequence scans non-contiguously — git push extra --force matches pattern git push --force because tokens are matched in order but not required to be adjacent. This is the actual behavior the permission system relies on.
• Reversed tail token exhaustion: git --force push does NOT match git push --force because after finding push at the end, no items remain for --force

2. ConfigMarkdown.fallbackSanitization + ConfigMarkdown.shell — src/config/markdown.ts (14 new tests)

These functions had zero test coverage. fallbackSanitization is the YAML recovery path when gray-matter fails to parse frontmatter from other tools (e.g., Claude Code's CLAUDE.md files with unquoted URLs containing colons). shell() extracts !backtick`` shell commands from skill templates. New coverage includes:

• Colon-to-block-scalar conversion: Values with : (like URLs) are converted to YAML block scalars (|-)
• Already-quoted values preserved: Double-quoted and single-quoted values with colons are left untouched
• Block scalar indicators preserved: > and | markers pass through without double-wrapping
• Content after frontmatter untouched: Only the frontmatter section is sanitized
• CRLF line endings: Windows-style \r\n in frontmatter is handled by the regex
• Shell command extraction: !git status`` syntax, pipes/flags in commands, no false positives on regular backticks or empty bang-backticks

Type of change

• New feature (non-breaking change which adds functionality)

Issue for this PR

N/A — proactive test coverage from /test-discovery

How did you verify your code works?

bun test test/util/wildcard.test.ts     # 16 pass (9 existing + 7 new)
bun test test/config/markdown.test.ts   # 51 pass (37 existing + 14 new)

Checklist

• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

https://claude.ai/code/session_01ArGQ4moupZc4ZY6pwjMVTj

Summary by CodeRabbit

• Tests
  • Expanded test coverage for markdown configuration handling, including shell command extraction and frontmatter sanitization scenarios.
  • Enhanced test coverage for wildcard pattern matching, including edge cases and special character handling.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 219c22f4-a9ef-4704-9d83-57d17d3e0d85

📥 Commits

Reviewing files that changed from the base of the PR and between 3b6d5d4 and ba0c40f.

📒 Files selected for processing (2)

• packages/opencode/test/config/markdown.test.ts
• packages/opencode/test/util/wildcard.test.ts

---

📝 Walkthrough

Walkthrough

Two test files now include expanded test coverage: ConfigMarkdown methods (shell and fallbackSanitization) for command extraction and frontmatter YAML sanitization, and Wildcard matching for edge cases including special character handling and non-contiguous token matching.

Changes

Cohort / File(s)	Summary
ConfigMarkdown Tests packages/opencode/test/config/markdown.test.ts	Added test suites for shell method (command extraction with ! + backtick delimiters) and fallbackSanitization method (YAML frontmatter colon-handling and block scalar conversion).
Wildcard Matching Tests packages/opencode/test/util/wildcard.test.ts	Updated to import describe from bun:test and added edge case coverage for wildcard pattern matching, including * across directory separators, special characters treated as literals, empty patterns, and non-contiguous tail token matching behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Suggested labels

contributor

Poem

A rabbit hops through test arrays bright,
Shell commands and wildcards held tight,
Each assertion a burrow well-planned,
Coverage blooms across the land! 🐰✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides detailed context for both test suites, explains the significance of the changes, and includes verification steps, but does not follow the repository's template structure with Summary, Test Plan, and Checklist sections.	Reorganize the description to match the repository template: use Summary, Test Plan, and Checklist sections at the top level for better consistency with repository standards.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: adding tests for wildcard matching and config markdown sanitization, which matches the two test files modified.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/hourly-20260323-2009

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anandgupta42]

Superseded by #439 which consolidates all 12 test PRs into one, deduplicates overlapping tests, and fixes bugs found during review.