fix(cdk): normalize after cursor case + colon-truncation in approval-scope guard

[AshrafBen10]

Summary

Fixes two correctness bugs in the task API handlers, each with a regression test.

Bug 1 — lower-case after ULID cursor silently returns zero events

cdk/src/handlers/get-task-events.ts

isValidUlid accepts lower-case callers (it uppercases before matching), and the API contract documents case-insensitive cursors. But the handler fed the raw cursor into the DynamoDB key condition event_id > :after. Stored event_ids are upper-case Crockford Base32; DynamoDB compares raw bytes, and lower-case ASCII sorts after upper-case. So a lower-case cursor is greater than every stored id → the query returns zero events, and a consumer silently skips the rest of the event stream (data loss in replay).

Fix: upper-case the cursor before the query.

Bug 2 — colon in a glob value breaks the degenerate-pattern guard

cdk/src/handlers/shared/create-task-core.ts

The guard for bash_pattern: / write_path: scopes used scope.split(':', 2)[1], which truncates the value at the next colon. A value whose leading colon-segment is short or wildcard-heavy (e.g. ab:cdefgh) was truncated to a degenerate fragment (ab) and spuriously rejected with a 400.

Fix: take everything after the first colon via slice(indexOf(':') + 1).

Testing

• test/handlers/get-task-events.test.ts — added lower-case cursor normalization test
• test/handlers/shared/create-task-core.test.ts — added colon-value accept + genuine-degenerate reject tests
• All 87 tests across both suites pass; TypeScript compiles cleanly

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@e6ce821). Learn more about missing BASE report.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #360   +/-   ##
=======================================
  Coverage        ?   88.50%           
=======================================
  Files           ?      219           
  Lines           ?    51897           
  Branches        ?     4861           
=======================================
  Hits            ?    45933           
  Misses          ?     5964           
  Partials        ?        0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[krokoko]

@AshrafBen10 thanks ! Almost ready, please run a full build locally and push the changes not committed (see failing build step on mutation), we should be good to go after that

[krokoko]

see comment