251 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Rodin	40a16b75e0	test(#146): add TestMainSubprocess_InvalidDocMapPath and TestMainSubprocess_InvalidDocMapFile ... Move --doc-map path validation earlier in main() (before network I/O) so subprocess tests can exercise both error paths: - Path traversal: ../../../etc/passwd → 'resolves outside workspace' - Nonexistent file: nonexistent.yml → 'failed to resolve doc-map' Both tests follow the existing TEST_SUBPROCESS_MAIN=1 env gate pattern. Closes #146	2026-05-15 01:29:39 -07:00
rodin	30fe48d265	docs(#148): add SKILL.md and dev-loop-spec.md for dispatch redesign (#149)	2026-05-15 08:12:02 +00:00
rodin	2dac6ce0c8	title	2026-05-15 07:39:21 +00:00
Rodin	af8b29fa5d	fix(#141): restore runValidateDocmap doc comment inadvertently truncated	2026-05-15 07:34:18 +00:00
Rodin	7d7a49e967	fix(#141): harden docmap file path — confine to repo-root, reject symlinks, cap size ... Address security-review-bot REQUEST_CHANGES findings on PR #142: MAJOR (Finding #1): Docmap file path was read directly without validating it is within --repo-root or checking for symlinks. A malicious PR could create .review-bot/doc-map.yml as a symlink to /dev/zero (resource exhaustion) or an arbitrary host file (information disclosure). Fix: Add validateDocmapPath() called before ParseDocMapConfig(). It: - Resolves --repo-root first (filepath.Abs + EvalSymlinks), moved up before docmap parsing so both checks share the same resolved root - Uses os.Lstat to detect symlinks and rejects them outright - Confirms the docmap path is within resolvedRoot via filepath.Rel - Checks file size against maxDocmapBytes (10 MB) before reading MINOR (Finding #2): No upper bound on docmap YAML size. Fix: os.Lstat size check enforces maxDocmapBytes cap before os.ReadFile. Tests: - TestValidateDocmapPath_Symlink: docmap is a symlink → exit 2 - TestValidateDocmapPath_OutsideRepoRoot: docmap outside repo-root → exit 2 - TestValidateDocmapPath_SizeLimit: docmap exceeds 10 MB cap → exit 2 - Updated all existing tests to use makeDocmapInDir() so the docmap lives inside the repo-root, satisfying the new confinement check	2026-05-15 07:33:49 +00:00
Rodin	83a1835474	chore(#141): remove TODO.md — dev-loop artifact, not project documentation	2026-05-15 00:24:32 -07:00
Rodin	5c6758e990	fix(#141): address review feedback — tighten escape check, improve error messages, add comments	2026-05-15 00:24:28 -07:00
Rodin	24247a8550	chore(#141): update dev-loop status — ready for PR submission	2026-05-15 07:03:45 +00:00
Rodin	b22de19aa1	fix(#141): address security-review-bot REQUEST_CHANGES findings ... Finding #1 [MAJOR]: replace os.Stat with os.Lstat in checkStaleDocs to prevent symlink traversal. Symlinks under repoRoot could probe arbitrary host file existence; Lstat never follows them. Symlinked docs are now treated as stale. Finding #2 [MINOR]: resolve --repo-root with filepath.Abs + filepath.EvalSymlinks before passing to checkStaleDocs, so a symlinked repo-root cannot bypass the filepath.Rel escape guard. Finding #3 [NIT]: reject backslashes in ValidateDocPath to prevent Windows platform edge cases where a path separator may be normalised differently by the host OS or VCS backend. Tests added: - TestCheckStaleDocs_SymlinkOutside: symlink inside repo → outside - TestCheckStaleDocs_SymlinkInsideRepo: intra-repo symlink also rejected - TestRunValidateDocmap_SymlinkRepoRoot: symlinked --repo-root resolves OK - TestValidateDocPath_Backslash: backslash paths rejected - Backslash cases added to TestValidateDocPath invalid slice All go test ./... pass, go vet ./... clean.	2026-05-14 23:50:12 -07:00
Rodin	3f8da76b42	fix(#141): harden checkStaleDocs against path traversal ... Export review.ValidateDocPath and use it in checkStaleDocs before calling os.Stat. Add filepath.Clean + filepath.Rel confinement check as defense-in-depth to ensure doc paths from PR-controlled YAML cannot probe filesystem locations outside repoRoot. Also add tests covering: ../../etc/passwd, /etc/passwd, ../outside, a valid present path, and a valid missing path. Addresses security finding from security-review-bot on PR #142.	2026-05-14 23:43:24 -07:00
Rodin	2ecbd86e24	fix(#141): use stdinValidateDocmap in Clean test — avoid real os.Stdin dependency ... TestRunValidateDocmap_Clean was reading real os.Stdin (fragile in CI). Switch to stdinValidateDocmap with a covered file and empty-stdin test already covered by TestRunValidateDocmap_EmptyStdin.	2026-05-15 04:50:21 +00:00
Rodin	7cdba14181	docs(#141): add validate-docmap subcommand to README ... Documents the new validate-docmap subcommand under a new '## Subcommands' section, alongside the existing validate-url documentation.	2026-05-15 04:48:32 +00:00
Rodin	69da5df254	feat(#141): add validate-docmap subcommand ... Adds 'review-bot validate-docmap' for CI hard-fail on docmap coverage gaps. Usage: git diff --name-only origin/main HEAD | \ review-bot validate-docmap --docmap .review-bot/doc-map.yml --repo-root . Flags: --docmap (required) path to doc-map YAML file --repo-root (optional, default '.') root for resolving docs: paths Two checks, both always run: 1. Coverage: every stdin file must match at least one paths: glob. 2. Stale docs: every docs: entry must exist on disk under --repo-root. Exit codes: 0=clean, 1=failures found, 2=usage/parse error. Tests cover: clean pass, uncovered file, stale doc, both failures, empty stdin, blank-line stdin, and duplicate docs: deduplication.	2026-05-15 04:47:59 +00:00
Rodin	93268869c5	feat(#141): export FileCoveredByDocMap helper in review/docmap.go ... Adds FileCoveredByDocMap(cfg *DocMapConfig, file string) bool — a thin wrapper over the existing unexported mappingMatches that lets cmd/ check per-file docmap coverage without duplicating glob logic. Also adds unit tests covering matched globs, non-matching paths, empty file, and empty config.	2026-05-15 04:46:38 +00:00
Rodin	04b24256c0	chore: dev-loop status update — PR #140 merged, coverage now 49.3%	2026-05-15 04:36:09 +00:00
rodin	1a4bab8ddc	test(#139): improve cmd/review-bot coverage from 44.6% to 49.3% (#140)	2026-05-15 04:35:54 +00:00
claw	d0349a6223	chore: dev-loop status update — PR #140 open, coverage 44.6% → 49.3%	2026-05-14 21:16:24 -07:00
rodin	1e3d86b604	Merge pull request 'feat(#137): add doc-map input for path-scoped doc injection' (#138) from issue-137 into main	2026-05-15 03:39:36 +00:00
claw	60c6bd9f49	test(budget): add DesignDocs tests; replace PLAN-137 with clean design doc ... - budget/budget_test.go: add TestFit_DesignDocsInSystemPrompt, TestFit_DesignDocsTrimmedBeforeFileContext, TestFit_DesignDocsEmptyNoHeading to cover the new DesignDocs section through Fit() and buildResult() - Remove PLAN-137.md (contained raw thinking stream, not suitable as repo doc) - Add docs/DESIGN-137-doc-map.md with clean architectural decision record	2026-05-14 20:36:22 -07:00
Rodin	cc053cfede	chore: dev-loop health check — PR #138 ready for merge at 2026-05-15 03:33 UTC	2026-05-15 03:33:20 +00:00
Rodin	f7815b8778	chore(#137): update CHANGELOG with security fixes from review	2026-05-15 03:32:18 +00:00
Rodin	45e2f5fc1c	docs(#137): add doc-map and doc-map-max-bytes to action inputs table (gpt #2)	2026-05-15 03:32:16 +00:00
Rodin	860dd98415	fix(#137): address review findings in budget.go ... - Update package comment trim order to include design docs (gpt #1) - Add prompt injection guardrail for DesignDocs section (security #2)	2026-05-15 03:32:13 +00:00
Rodin	a80c12355b	test(#137): add tests for validateDocPath and path traversal rejection	2026-05-15 03:32:10 +00:00
Rodin	a24edeee89	fix(#137): address review findings in docmap.go ... - Fix package comment collision: convert to file comment (not package doc) - Add debug log for directory expansion failure before single-file fallback - Add validateDocPath: reject absolute paths and '..' segments (security #3) - Update globMatch comment to say 'filepath.Match' not 'path.Match' (gpt nit #3) - Add duplication note to truncateUTF8 explaining why it's kept separate (sonnet #2)	2026-05-15 03:32:07 +00:00
Rodin	9670a5fda3	feat(#137): add doc-map input for path-scoped doc injection ... - New --doc-map flag (DOC_MAP_FILE env var): path to YAML config mapping source path globs to governing design docs - New --doc-map-max-bytes flag (DOC_MAP_MAX_BYTES env var): cap on total injected doc content, default 100KB - review/docmap.go: DocMapConfig parsing, glob matching with ** support, doc loading via VCS with directory expansion and size guard - budget.Sections: new DesignDocs field, trimmed after conventions - budget.buildResult: injects DesignDocs under ## Design Documents heading - action.yml: doc-map and doc-map-max-bytes inputs wired to env vars - CHANGELOG.md: created with unreleased entry - Tests: ParseDocMapConfig, MatchDocs, globMatch, LoadMatchingDocs	2026-05-15 03:25:54 +00:00
Rodin	6f14549062	chore: dev-loop health check — infrastructure stable at 2026-05-15 02:43 UTC	2026-05-15 02:43:56 +00:00
Rodin	f371c24dc3	chore: dev-loop health check — status at 2026-05-15 02:28 UTC	2026-05-15 02:28:58 +00:00
Rodin	3f2d34f4ba	chore: dev-loop health check — status at 2026-05-15 01:58 UTC	2026-05-15 01:58:37 +00:00
Rodin	dcfd360388	chore: dev-loop health check — status at 2026-05-15 01:48 UTC (post-sync)	2026-05-15 01:49:26 +00:00
claw	4ffa6b681d	chore: dev-loop health check — status at 2026-05-15 01:33 UTC	2026-05-14 18:34:26 -07:00
Rodin	d0b0b0b211	chore: dev-loop health check — status at 2026-05-15 01:28 UTC	2026-05-15 01:29:23 +00:00
claw	2f085fd6ba	chore: dev-loop cleanup — remove orphaned untracked files, update TODO ... Removed github/review.go and github/identity.go which were untracked orphan files from an incomplete refactor (issue #130). They referenced a non-existent vcs package and duplicated methods already in github/client.go. All 6 packages pass: go test -count=1 ./... ✅ go build ./... and go vet ./... clean ✅ Updated TODO.md with current cycle status.	2026-05-14 17:55:59 -07:00
Rodin	00047e9137	[dev-loop] Status update — 2026-05-15 00:05 UTC	2026-05-15 00:03:31 +00:00
Rodin	f28c792bda	chore: dev-loop health check — all tests passing at 2026-05-14 23:33 UTC	2026-05-14 23:33:47 +00:00
Rodin	b534247c85	[dev-loop] Update TODO.md with current cycle status and coverage metrics	2026-05-14 23:12:43 +00:00
Rodin	6f02cef662	[dev-loop] Add tests for GetTimelineReviewCommentIDForReview and GitHub GetAllFilesInPath ... gitea: Add 4 tests for GetTimelineReviewCommentIDForReview (was 0% coverage): - Success: find review in timeline by user login + body prefix match - ReviewFetchError: 404 on review API - EmptyBody: review with empty body returns error - NotFoundInTimeline: body matches but user login doesn't github: Add 3 tests for GetAllFilesInPath (was 0% coverage): - DirectoryWithFiles: lists directory, fetches base64-encoded file content - 404FallsBackToFile: 404 on dir path returns error when file also 404s - DirectoryWithSubdir: recursive directory traversal Coverage changes: - gitea: 80.0% → 85.2% - github: 79.9% → 86.3%	2026-05-14 23:11:47 +00:00
Rodin	fccfdd2ff7	[dev-loop] Add tests for fetchFileContext, fetchPatterns, and persona edge cases ... - Add mock vcsClient for unit testing helper functions in cmd/review-bot - Add 11 tests for fetchFileContext: empty files, removed file skip, content fetching, error continuation, context cancellation - Add 6 tests for fetchPatterns: empty repo, all files, specific files, invalid repo format, fetch errors, multiple repos - Add 4 tests for review/persona: LoadPersona nonexistent/non-regular/oversized, CapitalizeFirst RuneError path Coverage: cmd/review-bot 37.6% → 46.1%, review 91.5% → 92.0%	2026-05-14 23:08:55 +00:00
Rodin	e3fb19fa1b	chore: dev-loop cleanup — go fmt and go mod tidy at 2026-05-14 22:53 UTC	2026-05-14 22:53:59 +00:00
Rodin	a1bbab406d	test: fix cleanEnv VCS_ leak, add githubAPIURL tests, add GitHub integration test (#136)	2026-05-14 22:53:43 +00:00
claw	4d48917e36	refactor(test): remove misleading t.Setenv in GitHub integration test ... The test constructs github.Client directly (matching the Gitea integration test pattern), so setting VCS_TYPE does not affect the code under test. Remove the setenv call to avoid implying routing is being exercised.	2026-05-14 15:33:47 -07:00
claw	bd516cd044	nit: remove extra blank line before TestEnvOrDefault	2026-05-14 15:32:41 -07:00
claw	1f67954da7	test(#133,#134,#135): fix cleanEnv, add githubAPIURL tests, add GitHub integration test ... - Strip VCS_TYPE and VCS_URL in cleanEnv() to prevent env leakage in subprocess tests when VCS_TYPE=github is set in the runner environment (fixes #135) - Add TestGithubAPIURL table-driven tests covering: - Empty string defaults to https://api.github.com - https://github.com maps to https://api.github.com - Trailing slash variant maps correctly - GHES host (ghe.example.com) gets /api/v3 suffix - GHES concur domain does not map to api.github.com (fixes #134) - Add TestIntegration_GitHub_PostAndVerifyReview: exercises the GitHub adapter end-to-end via VCS_TYPE=github. Skips gracefully when INTEGRATION_GITHUB_TOKEN, INTEGRATION_GITHUB_REPO, and INTEGRATION_GITHUB_PR are not set. Verifies GetAuthenticatedUser, GetPullRequest, PostReview, and ListReviews succeed; notes that DeleteReview on submitted GitHub reviews is expected to fail (422). (fixes #133)	2026-05-14 15:32:13 -07:00
Rodin	d396599d05	chore: dev-loop health check — status at 2026-05-15 02:10 UTC	2026-05-14 22:10:57 +00:00
Rodin	9f3f32174b	chore: update dev-loop status after issue-130 merge	2026-05-14 22:07:04 +00:00
rodin	c53a07b230	feat: implement GitHub API methods and VCS routing (issue #130) (#131) ... title	2026-05-14 22:06:21 +00:00
Rodin	bbf3dfbf0d	chore: dev-loop health check — status at 2026-05-14 20:10 UTC	2026-05-14 20:10:56 +00:00
Rodin	ed3a5dddf1	chore: dev-loop health check — cleanup & status at 2026-05-14 19:25 UTC	2026-05-14 19:26:04 +00:00
Rodin	449a24e4c5	chore: dev-loop status after cleanup at 2026-05-14 19:20 UTC	2026-05-14 19:21:18 +00:00
rodin	4440823571	Merge pull request 'feat(#123): add IP-level SSRF defense to Gitea client and action' (#129) from issue-123 into main	2026-05-14 19:10:20 +00:00