fix: clean up stale lock files and validate installation

- Remove ~/.claude/.locks before each retry attempt to prevent
  "another process is currently installing" errors after timeout
- Validate claude binary is in PATH before reporting success
- Add missing PATH setup to base-action/action.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/sync-base-action.yml

@@ -94,5 +94,5 @@ jobs:
           echo "✅ Successfully synced \`base-action\` directory to [anthropics/claude-code-base-action](https://github.com/anthropics/claude-code-base-action)" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "- **Source commit**: [\`${GITHUB_SHA:0:7}\`](https://github.com/anthropics/claude-code-action/commit/${GITHUB_SHA})" >> $GITHUB_STEP_SUMMARY
-          echo "- **Triggered by**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Actor**: @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Triggered by**: $GITHUB_EVENT_NAME" >> $GITHUB_STEP_SUMMARY
+          echo "- **Actor**: @$GITHUB_ACTOR" >> $GITHUB_STEP_SUMMARY

action.yml

@@ -127,6 +127,9 @@ outputs:
   structured_output:
     description: "JSON string containing all structured output fields when --json-schema is provided in claude_args. Use fromJSON() to parse: fromJSON(steps.id.outputs.structured_output).field_name"
     value: ${{ steps.claude-code.outputs.structured_output }}
+  session_id:
+    description: "The Claude Code session ID that can be used with --resume to continue this conversation"
+    value: ${{ steps.claude-code.outputs.session_id }}
 
 runs:
   using: "composite"
@@ -140,10 +143,12 @@ runs:
     - name: Setup Custom Bun Path
       if: inputs.path_to_bun_executable != ''
       shell: bash
+      env:
+        PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
       run: |
-        echo "Using custom Bun executable: ${{ inputs.path_to_bun_executable }}"
+        echo "Using custom Bun executable: $PATH_TO_BUN_EXECUTABLE"
         # Add the directory containing the custom executable to PATH
-        BUN_DIR=$(dirname "${{ inputs.path_to_bun_executable }}")
+        BUN_DIR=$(dirname "$PATH_TO_BUN_EXECUTABLE")
         echo "$BUN_DIR" >> "$GITHUB_PATH"
 
     - name: Install Dependencies
@@ -182,6 +187,8 @@ runs:
     - name: Install Base Action Dependencies
       if: steps.prepare.outputs.contains_trigger == 'true'
       shell: bash
+      env:
+        PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
       run: |
         echo "Installing base-action dependencies..."
         cd ${GITHUB_ACTION_PATH}/base-action
@@ -190,11 +197,15 @@ runs:
         cd -
 
         # Install Claude Code if no custom executable is provided
-        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
-          CLAUDE_CODE_VERSION="2.0.60"
+        if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
+          CLAUDE_CODE_VERSION="2.0.69"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."
+
+            # Clean up stale lock files before retry
+            rm -rf ~/.claude/.locks 2>/dev/null || true
+
             if command -v timeout &> /dev/null; then
               timeout 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
             else
@@ -207,12 +218,19 @@ runs:
             echo "Installation failed, retrying..."
             sleep 5
           done
-          echo "Claude Code installed successfully"
+
+          # Add to PATH and validate installation
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+          export PATH="$HOME/.local/bin:$PATH"
+          if ! command -v claude &> /dev/null; then
+            echo "Installation failed: claude binary not found in PATH"
+            exit 1
+          fi
+          echo "Claude Code installed successfully"
         else
-          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
+          echo "Using custom Claude Code executable: $PATH_TO_CLAUDE_CODE_EXECUTABLE"
           # Add the directory containing the custom executable to PATH
-          CLAUDE_DIR=$(dirname "${{ inputs.path_to_claude_code_executable }}")
+          CLAUDE_DIR=$(dirname "$PATH_TO_CLAUDE_CODE_EXECUTABLE")
           echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
         fi
 

base-action/action.yml

@@ -82,6 +82,9 @@ outputs:
   structured_output:
     description: "JSON string containing all structured output fields when --json-schema is provided in claude_args (use fromJSON() or jq to parse)"
     value: ${{ steps.run_claude.outputs.structured_output }}
+  session_id:
+    description: "The Claude Code session ID that can be used with --resume to continue this conversation"
+    value: ${{ steps.run_claude.outputs.session_id }}
 
 runs:
   using: "composite"
@@ -101,10 +104,12 @@ runs:
     - name: Setup Custom Bun Path
       if: inputs.path_to_bun_executable != ''
       shell: bash
+      env:
+        PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
       run: |
-        echo "Using custom Bun executable: ${{ inputs.path_to_bun_executable }}"
+        echo "Using custom Bun executable: $PATH_TO_BUN_EXECUTABLE"
         # Add the directory containing the custom executable to PATH
-        BUN_DIR=$(dirname "${{ inputs.path_to_bun_executable }}")
+        BUN_DIR=$(dirname "$PATH_TO_BUN_EXECUTABLE")
         echo "$BUN_DIR" >> "$GITHUB_PATH"
 
     - name: Install Dependencies
@@ -115,12 +120,18 @@ runs:
 
     - name: Install Claude Code
       shell: bash
+      env:
+        PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
       run: |
-        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
-          CLAUDE_CODE_VERSION="2.0.60"
+        if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
+          CLAUDE_CODE_VERSION="2.0.69"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."
+
+            # Clean up stale lock files before retry
+            rm -rf ~/.claude/.locks 2>/dev/null || true
+
             if command -v timeout &> /dev/null; then
               timeout 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
             else
@@ -133,11 +144,19 @@ runs:
             echo "Installation failed, retrying..."
             sleep 5
           done
+
+          # Add to PATH and validate installation
+          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+          export PATH="$HOME/.local/bin:$PATH"
+          if ! command -v claude &> /dev/null; then
+            echo "Installation failed: claude binary not found in PATH"
+            exit 1
+          fi
           echo "Claude Code installed successfully"
         else
-          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
+          echo "Using custom Claude Code executable: $PATH_TO_CLAUDE_CODE_EXECUTABLE"
           # Add the directory containing the custom executable to PATH
-          CLAUDE_DIR=$(dirname "${{ inputs.path_to_claude_code_executable }}")
+          CLAUDE_DIR=$(dirname "$PATH_TO_CLAUDE_CODE_EXECUTABLE")
           echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
         fi
 

base-action/src/run-claude-sdk.ts

@@ -75,28 +75,15 @@ export async function runClaudeWithSdk(
   }
 
   console.log(`Running Claude with prompt from file: ${promptPath}`);
-  console.log(
-    "[DEBUG] Prompt content (first 2000 chars):",
-    prompt.substring(0, 2000),
-  );
-  console.log("[DEBUG] Prompt length:", prompt.length);
-  console.log(
-    "[DEBUG] sdkOptions passed to query():",
-    JSON.stringify(sdkOptions, null, 2),
-  );
+  // Log SDK options without env (which could contain sensitive data)
+  const { env, ...optionsToLog } = sdkOptions;
+  console.log("SDK options:", JSON.stringify(optionsToLog, null, 2));
 
   const messages: SDKMessage[] = [];
   let resultMessage: SDKResultMessage | undefined;
 
   try {
-    console.log("[DEBUG] About to call query()...");
     for await (const message of query({ prompt, options: sdkOptions })) {
-      console.log(
-        "[DEBUG] Received message type:",
-        message.type,
-        "subtype:",
-        (message as any).subtype,
-      );
       messages.push(message);
 
       const sanitized = sanitizeSdkOutput(message, showFullOutput);
@@ -106,16 +93,8 @@ export async function runClaudeWithSdk(
 
       if (message.type === "result") {
         resultMessage = message as SDKResultMessage;
-        console.log(
-          "[DEBUG] Got result message:",
-          JSON.stringify(resultMessage, null, 2),
-        );
       }
     }
-    console.log(
-      "[DEBUG] Finished iterating query(), total messages:",
-      messages.length,
-    );
   } catch (error) {
     console.error("SDK execution error:", error);
     core.setOutput("conclusion", "failure");

base-action/src/run-claude.ts

@@ -124,6 +124,36 @@ export function prepareRunConfig(
   };
 }
 
+/**
+ * Parses session_id from execution file and sets GitHub Action output
+ * Exported for testing
+ */
+export async function parseAndSetSessionId(
+  executionFile: string,
+): Promise<void> {
+  try {
+    const content = await readFile(executionFile, "utf-8");
+    const messages = JSON.parse(content) as {
+      type: string;
+      subtype?: string;
+      session_id?: string;
+    }[];
+
+    // Find the system.init message which contains session_id
+    const initMessage = messages.find(
+      (m) => m.type === "system" && m.subtype === "init",
+    );
+
+    if (initMessage?.session_id) {
+      core.setOutput("session_id", initMessage.session_id);
+      core.info(`Set session_id: ${initMessage.session_id}`);
+    }
+  } catch (error) {
+    // Don't fail the action if session_id extraction fails
+    core.warning(`Failed to extract session_id: ${error}`);
+  }
+}
+
 /**
  * Parses structured_output from execution file and sets GitHub Action outputs
  * Only runs if --json-schema was explicitly provided in claude_args
@@ -167,22 +197,14 @@ export async function parseAndSetStructuredOutputs(
 }
 
 export async function runClaude(promptPath: string, options: ClaudeOptions) {
-  // Feature flag: use SDK path when USE_AGENT_SDK=true
-  const useAgentSdk = process.env.USE_AGENT_SDK === "true";
+  // Feature flag: use SDK path by default, set USE_AGENT_SDK=false to use CLI
+  const useAgentSdk = process.env.USE_AGENT_SDK !== "false";
   console.log(
     `Using ${useAgentSdk ? "Agent SDK" : "CLI"} path (USE_AGENT_SDK=${process.env.USE_AGENT_SDK ?? "unset"})`,
   );
 
   if (useAgentSdk) {
-    console.log(
-      "[DEBUG] Raw options passed to SDK path:",
-      JSON.stringify(options, null, 2),
-    );
     const parsedOptions = parseSdkOptions(options);
-    console.log(
-      "[DEBUG] Parsed SDK options:",
-      JSON.stringify(parsedOptions, null, 2),
-    );
     return runClaudeWithSdk(promptPath, parsedOptions);
   }
 
@@ -376,6 +398,9 @@ export async function runClaude(promptPath: string, options: ClaudeOptions) {
 
     core.setOutput("execution_file", EXECUTION_FILE);
 
+    // Extract and set session_id
+    await parseAndSetSessionId(EXECUTION_FILE);
+
     // Parse and set structured outputs only if user provided --json-schema in claude_args
     if (hasJsonSchema) {
       try {

base-action/test/structured-output.test.ts

@@ -4,7 +4,10 @@ import { describe, test, expect, afterEach, beforeEach, spyOn } from "bun:test";
 import { writeFile, unlink } from "fs/promises";
 import { tmpdir } from "os";
 import { join } from "path";
-import { parseAndSetStructuredOutputs } from "../src/run-claude";
+import {
+  parseAndSetStructuredOutputs,
+  parseAndSetSessionId,
+} from "../src/run-claude";
 import * as core from "@actions/core";
 
 // Mock execution file path
@@ -35,16 +38,19 @@ async function createMockExecutionFile(
 // Spy on core functions
 let setOutputSpy: any;
 let infoSpy: any;
+let warningSpy: any;
 
 beforeEach(() => {
   setOutputSpy = spyOn(core, "setOutput").mockImplementation(() => {});
   infoSpy = spyOn(core, "info").mockImplementation(() => {});
+  warningSpy = spyOn(core, "warning").mockImplementation(() => {});
 });
 
 describe("parseAndSetStructuredOutputs", () => {
   afterEach(async () => {
     setOutputSpy?.mockRestore();
     infoSpy?.mockRestore();
+    warningSpy?.mockRestore();
     try {
       await unlink(TEST_EXECUTION_FILE);
     } catch {
@@ -156,3 +162,66 @@ describe("parseAndSetStructuredOutputs", () => {
     );
   });
 });
+
+describe("parseAndSetSessionId", () => {
+  afterEach(async () => {
+    setOutputSpy?.mockRestore();
+    infoSpy?.mockRestore();
+    warningSpy?.mockRestore();
+    try {
+      await unlink(TEST_EXECUTION_FILE);
+    } catch {
+      // Ignore if file doesn't exist
+    }
+  });
+
+  test("should extract session_id from system.init message", async () => {
+    const messages = [
+      { type: "system", subtype: "init", session_id: "test-session-123" },
+      { type: "result", cost_usd: 0.01 },
+    ];
+    await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
+
+    await parseAndSetSessionId(TEST_EXECUTION_FILE);
+
+    expect(setOutputSpy).toHaveBeenCalledWith("session_id", "test-session-123");
+    expect(infoSpy).toHaveBeenCalledWith("Set session_id: test-session-123");
+  });
+
+  test("should handle missing session_id gracefully", async () => {
+    const messages = [
+      { type: "system", subtype: "init" },
+      { type: "result", cost_usd: 0.01 },
+    ];
+    await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
+
+    await parseAndSetSessionId(TEST_EXECUTION_FILE);
+
+    expect(setOutputSpy).not.toHaveBeenCalled();
+  });
+
+  test("should handle missing system.init message gracefully", async () => {
+    const messages = [{ type: "result", cost_usd: 0.01 }];
+    await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
+
+    await parseAndSetSessionId(TEST_EXECUTION_FILE);
+
+    expect(setOutputSpy).not.toHaveBeenCalled();
+  });
+
+  test("should handle malformed JSON gracefully with warning", async () => {
+    await writeFile(TEST_EXECUTION_FILE, "{ invalid json");
+
+    await parseAndSetSessionId(TEST_EXECUTION_FILE);
+
+    expect(setOutputSpy).not.toHaveBeenCalled();
+    expect(warningSpy).toHaveBeenCalled();
+  });
+
+  test("should handle non-existent file gracefully with warning", async () => {
+    await parseAndSetSessionId("/nonexistent/file.json");
+
+    expect(setOutputSpy).not.toHaveBeenCalled();
+    expect(warningSpy).toHaveBeenCalled();
+  });
+});

src/github/operations/branch.ts

@@ -6,13 +6,112 @@
  * - For Issues: Create a new branch
  */
 
-import { $ } from "bun";
+import { execFileSync } from "child_process";
 import * as core from "@actions/core";
 import type { ParsedGitHubContext } from "../context";
 import type { GitHubPullRequest } from "../types";
 import type { Octokits } from "../api/client";
 import type { FetchDataResult } from "../data/fetcher";
 
+/**
+ * Validates a git branch name against a strict whitelist pattern.
+ * This prevents command injection by ensuring only safe characters are used.
+ *
+ * Valid branch names:
+ * - Start with alphanumeric character (not dash, to prevent option injection)
+ * - Contain only alphanumeric, forward slash, hyphen, underscore, or period
+ * - Do not start or end with a period
+ * - Do not end with a slash
+ * - Do not contain '..' (path traversal)
+ * - Do not contain '//' (consecutive slashes)
+ * - Do not end with '.lock'
+ * - Do not contain '@{'
+ * - Do not contain control characters or special git characters (~^:?*[\])
+ */
+export function validateBranchName(branchName: string): void {
+  // Check for empty or whitespace-only names
+  if (!branchName || branchName.trim().length === 0) {
+    throw new Error("Branch name cannot be empty");
+  }
+
+  // Check for leading dash (prevents option injection like --help, -x)
+  if (branchName.startsWith("-")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot start with a dash.`,
+    );
+  }
+
+  // Check for control characters and special git characters (~^:?*[\])
+  // eslint-disable-next-line no-control-regex
+  if (/[\x00-\x1F\x7F ~^:?*[\]\\]/.test(branchName)) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot contain control characters, spaces, or special git characters (~^:?*[\\]).`,
+    );
+  }
+
+  // Strict whitelist pattern: alphanumeric start, then alphanumeric/slash/hyphen/underscore/period
+  const validPattern = /^[a-zA-Z0-9][a-zA-Z0-9/_.-]*$/;
+
+  if (!validPattern.test(branchName)) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names must start with an alphanumeric character and contain only alphanumeric characters, forward slashes, hyphens, underscores, or periods.`,
+    );
+  }
+
+  // Check for leading/trailing periods
+  if (branchName.startsWith(".") || branchName.endsWith(".")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot start or end with a period.`,
+    );
+  }
+
+  // Check for trailing slash
+  if (branchName.endsWith("/")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot end with a slash.`,
+    );
+  }
+
+  // Check for consecutive slashes
+  if (branchName.includes("//")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot contain consecutive slashes.`,
+    );
+  }
+
+  // Additional git-specific validations
+  if (branchName.includes("..")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot contain '..'`,
+    );
+  }
+
+  if (branchName.endsWith(".lock")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot end with '.lock'`,
+    );
+  }
+
+  if (branchName.includes("@{")) {
+    throw new Error(
+      `Invalid branch name: "${branchName}". Branch names cannot contain '@{'`,
+    );
+  }
+}
+
+/**
+ * Executes a git command safely using execFileSync to avoid shell interpolation.
+ *
+ * Security: execFileSync passes arguments directly to the git binary without
+ * invoking a shell, preventing command injection attacks where malicious input
+ * could be interpreted as shell commands (e.g., branch names containing `;`, `|`, `&&`).
+ *
+ * @param args - Git command arguments (e.g., ["checkout", "branch-name"])
+ */
+function execGit(args: string[]): void {
+  execFileSync("git", args, { stdio: "inherit" });
+}
+
 export type BranchInfo = {
   baseBranch: string;
   claudeBranch?: string;
@@ -53,14 +152,19 @@ export async function setupBranch(
         `PR #${entityNumber}: ${commitCount} commits, using fetch depth ${fetchDepth}`,
       );
 
+      // Validate branch names before use to prevent command injection
+      validateBranchName(branchName);
+
       // Execute git commands to checkout PR branch (dynamic depth based on PR size)
-      await $`git fetch origin --depth=${fetchDepth} ${branchName}`;
-      await $`git checkout ${branchName} --`;
+      // Using execFileSync instead of shell template literals for security
+      execGit(["fetch", "origin", `--depth=${fetchDepth}`, branchName]);
+      execGit(["checkout", branchName, "--"]);
 
       console.log(`Successfully checked out PR branch for PR #${entityNumber}`);
 
       // For open PRs, we need to get the base branch of the PR
       const baseBranch = prData.baseRefName;
+      validateBranchName(baseBranch);
 
       return {
         baseBranch,
@@ -118,8 +222,9 @@ export async function setupBranch(
 
       // Ensure we're on the source branch
       console.log(`Fetching and checking out source branch: ${sourceBranch}`);
-      await $`git fetch origin ${sourceBranch} --depth=1`;
-      await $`git checkout ${sourceBranch}`;
+      validateBranchName(sourceBranch);
+      execGit(["fetch", "origin", sourceBranch, "--depth=1"]);
+      execGit(["checkout", sourceBranch, "--"]);
 
       // Set outputs for GitHub Actions
       core.setOutput("CLAUDE_BRANCH", newBranch);
@@ -138,11 +243,13 @@ export async function setupBranch(
 
     // Fetch and checkout the source branch first to ensure we branch from the correct base
     console.log(`Fetching and checking out source branch: ${sourceBranch}`);
-    await $`git fetch origin ${sourceBranch} --depth=1`;
-    await $`git checkout ${sourceBranch}`;
+    validateBranchName(sourceBranch);
+    validateBranchName(newBranch);
+    execGit(["fetch", "origin", sourceBranch, "--depth=1"]);
+    execGit(["checkout", sourceBranch, "--"]);
 
     // Create and checkout the new branch from the source branch
-    await $`git checkout -b ${newBranch}`;
+    execGit(["checkout", "-b", newBranch]);
 
     console.log(
       `Successfully created and checked out local branch: ${newBranch}`,

test/validate-branch-name.test.ts

@@ -0,0 +1,201 @@
+import { describe, expect, it } from "bun:test";
+import { validateBranchName } from "../src/github/operations/branch";
+
+describe("validateBranchName", () => {
+  describe("valid branch names", () => {
+    it("should accept simple alphanumeric names", () => {
+      expect(() => validateBranchName("main")).not.toThrow();
+      expect(() => validateBranchName("feature123")).not.toThrow();
+      expect(() => validateBranchName("Branch1")).not.toThrow();
+    });
+
+    it("should accept names with hyphens", () => {
+      expect(() => validateBranchName("feature-branch")).not.toThrow();
+      expect(() => validateBranchName("fix-bug-123")).not.toThrow();
+    });
+
+    it("should accept names with underscores", () => {
+      expect(() => validateBranchName("feature_branch")).not.toThrow();
+      expect(() => validateBranchName("fix_bug_123")).not.toThrow();
+    });
+
+    it("should accept names with forward slashes", () => {
+      expect(() => validateBranchName("feature/new-thing")).not.toThrow();
+      expect(() => validateBranchName("user/feature/branch")).not.toThrow();
+    });
+
+    it("should accept names with periods", () => {
+      expect(() => validateBranchName("v1.0.0")).not.toThrow();
+      expect(() => validateBranchName("release.1.2.3")).not.toThrow();
+    });
+
+    it("should accept typical branch name formats", () => {
+      expect(() =>
+        validateBranchName("claude/issue-123-20250101-1234"),
+      ).not.toThrow();
+      expect(() => validateBranchName("refs/heads/main")).not.toThrow();
+      expect(() => validateBranchName("bugfix/JIRA-1234")).not.toThrow();
+    });
+  });
+
+  describe("command injection attempts", () => {
+    it("should reject shell command substitution with $()", () => {
+      expect(() => validateBranchName("$(whoami)")).toThrow();
+      expect(() => validateBranchName("branch-$(rm -rf /)")).toThrow();
+      expect(() => validateBranchName("test$(cat /etc/passwd)")).toThrow();
+    });
+
+    it("should reject shell command substitution with backticks", () => {
+      expect(() => validateBranchName("`whoami`")).toThrow();
+      expect(() => validateBranchName("branch-`rm -rf /`")).toThrow();
+    });
+
+    it("should reject command chaining with semicolons", () => {
+      expect(() => validateBranchName("branch; rm -rf /")).toThrow();
+      expect(() => validateBranchName("test;whoami")).toThrow();
+    });
+
+    it("should reject command chaining with &&", () => {
+      expect(() => validateBranchName("branch && rm -rf /")).toThrow();
+      expect(() => validateBranchName("test&&whoami")).toThrow();
+    });
+
+    it("should reject command chaining with ||", () => {
+      expect(() => validateBranchName("branch || rm -rf /")).toThrow();
+      expect(() => validateBranchName("test||whoami")).toThrow();
+    });
+
+    it("should reject pipe characters", () => {
+      expect(() => validateBranchName("branch | cat")).toThrow();
+      expect(() => validateBranchName("test|grep password")).toThrow();
+    });
+
+    it("should reject redirection operators", () => {
+      expect(() => validateBranchName("branch > /etc/passwd")).toThrow();
+      expect(() => validateBranchName("branch < input")).toThrow();
+      expect(() => validateBranchName("branch >> file")).toThrow();
+    });
+  });
+
+  describe("option injection attempts", () => {
+    it("should reject branch names starting with dash", () => {
+      expect(() => validateBranchName("-x")).toThrow(
+        /cannot start with a dash/,
+      );
+      expect(() => validateBranchName("--help")).toThrow(
+        /cannot start with a dash/,
+      );
+      expect(() => validateBranchName("-")).toThrow(/cannot start with a dash/);
+      expect(() => validateBranchName("--version")).toThrow(
+        /cannot start with a dash/,
+      );
+      expect(() => validateBranchName("-rf")).toThrow(
+        /cannot start with a dash/,
+      );
+    });
+  });
+
+  describe("path traversal attempts", () => {
+    it("should reject double dot sequences", () => {
+      expect(() => validateBranchName("../../../etc")).toThrow();
+      expect(() => validateBranchName("branch/../secret")).toThrow(/'\.\.'$/);
+      expect(() => validateBranchName("a..b")).toThrow(/'\.\.'$/);
+    });
+  });
+
+  describe("git-specific invalid patterns", () => {
+    it("should reject @{ sequence", () => {
+      expect(() => validateBranchName("branch@{1}")).toThrow(/@{/);
+      expect(() => validateBranchName("HEAD@{yesterday}")).toThrow(/@{/);
+    });
+
+    it("should reject .lock suffix", () => {
+      expect(() => validateBranchName("branch.lock")).toThrow(/\.lock/);
+      expect(() => validateBranchName("feature.lock")).toThrow(/\.lock/);
+    });
+
+    it("should reject consecutive slashes", () => {
+      expect(() => validateBranchName("feature//branch")).toThrow(
+        /consecutive slashes/,
+      );
+      expect(() => validateBranchName("a//b//c")).toThrow(
+        /consecutive slashes/,
+      );
+    });
+
+    it("should reject trailing slashes", () => {
+      expect(() => validateBranchName("feature/")).toThrow(
+        /cannot end with a slash/,
+      );
+      expect(() => validateBranchName("branch/")).toThrow(
+        /cannot end with a slash/,
+      );
+    });
+
+    it("should reject leading periods", () => {
+      expect(() => validateBranchName(".hidden")).toThrow();
+    });
+
+    it("should reject trailing periods", () => {
+      expect(() => validateBranchName("branch.")).toThrow(
+        /cannot start or end with a period/,
+      );
+    });
+
+    it("should reject special git refspec characters", () => {
+      expect(() => validateBranchName("branch~1")).toThrow();
+      expect(() => validateBranchName("branch^2")).toThrow();
+      expect(() => validateBranchName("branch:ref")).toThrow();
+      expect(() => validateBranchName("branch?")).toThrow();
+      expect(() => validateBranchName("branch*")).toThrow();
+      expect(() => validateBranchName("branch[0]")).toThrow();
+      expect(() => validateBranchName("branch\\path")).toThrow();
+    });
+  });
+
+  describe("control characters and special characters", () => {
+    it("should reject null bytes", () => {
+      expect(() => validateBranchName("branch\x00name")).toThrow();
+    });
+
+    it("should reject other control characters", () => {
+      expect(() => validateBranchName("branch\x01name")).toThrow();
+      expect(() => validateBranchName("branch\x1Fname")).toThrow();
+      expect(() => validateBranchName("branch\x7Fname")).toThrow();
+    });
+
+    it("should reject spaces", () => {
+      expect(() => validateBranchName("branch name")).toThrow();
+      expect(() => validateBranchName("feature branch")).toThrow();
+    });
+
+    it("should reject newlines and tabs", () => {
+      expect(() => validateBranchName("branch\nname")).toThrow();
+      expect(() => validateBranchName("branch\tname")).toThrow();
+    });
+  });
+
+  describe("empty and whitespace", () => {
+    it("should reject empty strings", () => {
+      expect(() => validateBranchName("")).toThrow(/cannot be empty/);
+    });
+
+    it("should reject whitespace-only strings", () => {
+      expect(() => validateBranchName("   ")).toThrow();
+      expect(() => validateBranchName("\t\n")).toThrow();
+    });
+  });
+
+  describe("edge cases", () => {
+    it("should accept single alphanumeric character", () => {
+      expect(() => validateBranchName("a")).not.toThrow();
+      expect(() => validateBranchName("1")).not.toThrow();
+    });
+
+    it("should reject single special characters", () => {
+      expect(() => validateBranchName(".")).toThrow();
+      expect(() => validateBranchName("/")).toThrow();
+      expect(() => validateBranchName("-")).toThrow();
+    });
+  });
+});