fix: address PR review findings
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 9m32s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 9m53s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 10m52s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 11m0s
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 9m32s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 9m53s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 10m52s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 11m0s
MAJOR fixes: - Remove false security claim about gopkg.in/yaml.v3 having built-in depth protection - Add explicit YAML depth limiting via yaml.Node API (MaxYAMLDepth=20) - Add file size limit for persona files (MaxPersonaFileSize=64KB) - Add test for deeply nested YAML rejection MINOR fixes: - Add sort.Strings to ListBuiltinPersonas for deterministic ordering - Update design doc to reflect actual library used (gopkg.in/yaml.v3) - Update README: 'Zero dependencies' → 'Minimal dependencies' - Add test for file size limit - Add test for sorted persona list
This commit is contained in:
Rodin
@@ -9,7 +9,7 @@ AI-powered code review bot for Gitea pull requests. Fetches diff + context, send
|
||||
- **Smart budget**: Automatically trims context to fit model token limits
|
||||
- **Idempotent reviews**: Posts new review, then cleans up stale ones (one review per bot)
|
||||
- **Custom prompts**: Load additional instructions from a file (e.g. security-focused review)
|
||||
- **Zero dependencies**: Go stdlib only
|
||||
- **Minimal dependencies**: Go stdlib + `gopkg.in/yaml.v3` only
|
||||
|
||||
## Quick Start: Composite Action
|
||||
|
||||
|
||||
Reference in New Issue
Block a user