rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: rodin/review-bot:0be601de2a5c5f2b04bbed67cc7404d445890505
Branches Tags
rodin/review-bot:main rodin/review-bot:ci/cleanup rodin/review-bot:ci-selfreview-gate rodin/review-bot:issue-150 rodin/review-bot:issue-157 rodin/review-bot:issue-141 rodin/review-bot:issue-154 rodin/review-bot:review-bot-dev-loop rodin/review-bot:issue-143 rodin/review-bot:issue-146 rodin/review-bot:pr-153 rodin/review-bot:review-bot-issue-130-work rodin/review-bot:issue-148 rodin/review-bot:issue-139 rodin/review-bot:issue-137 rodin/review-bot:review-bot-fixes rodin/review-bot:review-bot-issue-133 rodin/review-bot:review-bot-issue-130 rodin/review-bot:issue-130 rodin/review-bot:github-support rodin/review-bot:issue-123-work rodin/review-bot:issue-123 rodin/review-bot:review-bot-issue-120 rodin/review-bot:fix/125-readme-cli-example rodin/review-bot:issue-125 rodin/review-bot:issue-124 rodin/review-bot:issue-120 rodin/review-bot:feature/github-support rodin/review-bot:review-bot-issue-116 rodin/review-bot:review-bot-issue-115 rodin/review-bot:review-bot-issue-114 rodin/review-bot:review-bot-issue-96 rodin/review-bot:review-bot-issue-107 rodin/review-bot:review-bot-issue-82 rodin/review-bot:review-bot-issue-95 rodin/review-bot:review-bot-issue-92 rodin/review-bot:review-bot-issue-94 rodin/review-bot:review-bot-issue-81 rodin/review-bot:review-bot-issue-91 rodin/review-bot:review-bot-issue-97 rodin/review-bot:issue-80-c-file-reader rodin/review-bot:issue-80-b-pr-reader rodin/review-bot:issue-80-a-client rodin/review-bot:review-bot-issue-80 rodin/review-bot:review-bot-issue-87 rodin/review-bot:review-bot-issue-79 rodin/review-bot:review-bot-issue-84 rodin/review-bot:review-bot-issue-78 rodin/review-bot:issue-73 rodin/review-bot:issue-70 rodin/review-bot:issue-68 rodin/review-bot:issue-66 rodin/review-bot:issue-64 rodin/review-bot:issue-60-remote-personas rodin/review-bot:issue-60 rodin/review-bot:issue-57 rodin/review-bot:allow-deps rodin/review-bot:feat/aicore-provider-v2 rodin/review-bot:issue-51 rodin/review-bot:ci/pr-ready-gate rodin/review-bot:fix/stale-commit-check rodin/review-bot:feat/aicore-provider rodin/review-bot:fix/response-body-truncation rodin/review-bot:fix/json-repair rodin/review-bot:fix/sonnet-reviewer rodin/review-bot:fix/consistent-path-escape rodin/review-bot:feat/inline-review-comments rodin/review-bot:feat/6-update-existing-review rodin/review-bot:fix/19-context-overflow rodin/review-bot:feat/18-anthropic-api rodin/review-bot:fix/url-escaping-and-shadow rodin/review-bot:fix/quick-wins rodin/review-bot:fix/context-and-encapsulation rodin/review-bot:docs/code-review-report rodin/review-bot:ci/release-workflow
rodin/review-bot:v0.4.0 rodin/review-bot:v0.3.2 rodin/review-bot:v0.3.1 rodin/review-bot:v0.3.0 rodin/review-bot:v0.2.0 rodin/review-bot:v0.1.0
..
compare: rodin/review-bot:pr-153
Branches Tags
rodin/review-bot:main rodin/review-bot:ci/cleanup rodin/review-bot:ci-selfreview-gate rodin/review-bot:issue-150 rodin/review-bot:issue-157 rodin/review-bot:issue-141 rodin/review-bot:issue-154 rodin/review-bot:review-bot-dev-loop rodin/review-bot:issue-143 rodin/review-bot:issue-146 rodin/review-bot:pr-153 rodin/review-bot:review-bot-issue-130-work rodin/review-bot:issue-148 rodin/review-bot:issue-139 rodin/review-bot:issue-137 rodin/review-bot:review-bot-fixes rodin/review-bot:review-bot-issue-133 rodin/review-bot:review-bot-issue-130 rodin/review-bot:issue-130 rodin/review-bot:github-support rodin/review-bot:issue-123-work rodin/review-bot:issue-123 rodin/review-bot:review-bot-issue-120 rodin/review-bot:fix/125-readme-cli-example rodin/review-bot:issue-125 rodin/review-bot:issue-124 rodin/review-bot:issue-120 rodin/review-bot:feature/github-support rodin/review-bot:review-bot-issue-116 rodin/review-bot:review-bot-issue-115 rodin/review-bot:review-bot-issue-114 rodin/review-bot:review-bot-issue-96 rodin/review-bot:review-bot-issue-107 rodin/review-bot:review-bot-issue-82 rodin/review-bot:review-bot-issue-95 rodin/review-bot:review-bot-issue-92 rodin/review-bot:review-bot-issue-94 rodin/review-bot:review-bot-issue-81 rodin/review-bot:review-bot-issue-91 rodin/review-bot:review-bot-issue-97 rodin/review-bot:issue-80-c-file-reader rodin/review-bot:issue-80-b-pr-reader rodin/review-bot:issue-80-a-client rodin/review-bot:review-bot-issue-80 rodin/review-bot:review-bot-issue-87 rodin/review-bot:review-bot-issue-79 rodin/review-bot:review-bot-issue-84 rodin/review-bot:review-bot-issue-78 rodin/review-bot:issue-73 rodin/review-bot:issue-70 rodin/review-bot:issue-68 rodin/review-bot:issue-66 rodin/review-bot:issue-64 rodin/review-bot:issue-60-remote-personas rodin/review-bot:issue-60 rodin/review-bot:issue-57 rodin/review-bot:allow-deps rodin/review-bot:feat/aicore-provider-v2 rodin/review-bot:issue-51 rodin/review-bot:ci/pr-ready-gate rodin/review-bot:fix/stale-commit-check rodin/review-bot:feat/aicore-provider rodin/review-bot:fix/response-body-truncation rodin/review-bot:fix/json-repair rodin/review-bot:fix/sonnet-reviewer rodin/review-bot:fix/consistent-path-escape rodin/review-bot:feat/inline-review-comments rodin/review-bot:feat/6-update-existing-review rodin/review-bot:fix/19-context-overflow rodin/review-bot:feat/18-anthropic-api rodin/review-bot:fix/url-escaping-and-shadow rodin/review-bot:fix/quick-wins rodin/review-bot:fix/context-and-encapsulation rodin/review-bot:docs/code-review-report rodin/review-bot:ci/release-workflow
rodin/review-bot:v0.4.0 rodin/review-bot:v0.3.2 rodin/review-bot:v0.3.1 rodin/review-bot:v0.3.0 rodin/review-bot:v0.2.0 rodin/review-bot:v0.1.0

1 Commits
0be601de2a .. pr-153

Author SHA1 Message Date
Rodin eff5b83852 feat(#143): fetch doc-map config from trusted VCS ref 
The doc-map YAML config was previously read from the local workspace
(the PR branch checkout). A malicious PR author could modify
.review-bot/doc-map.yml to map any path glob to sensitive design docs,
causing review-bot to fetch and inject those docs into the LLM prompt.

Fix: add --doc-map-trusted-ref (DOC_MAP_TRUSTED_REF) flag. When set to
a trusted ref (e.g. 'main'), the doc-map config is fetched from the VCS
API at that ref instead of from local workspace. A 404 from VCS is a
hard error (no silent fallback to local copy).

When unset, the local workspace is used with a security warning in the
logs pointing operators to the new flag.

Changes:
- review/docmap.go: add ParseDocMapConfigContent + parseDocMapBytes
  helper to parse from in-memory content (fetched via VCS API)
- cmd/review-bot/main.go: add --doc-map-trusted-ref flag; Step 6c
  branches on trusted-ref to fetch vs local-workspace load
- .gitea/actions/review/action.yml: add doc-map-trusted-ref input
- README.md: document new input
- CHANGELOG.md: security and feature entries

Tests:
- TestParseDocMapConfigContent_Valid/Empty/InvalidYAML/UnknownKeys
  in review/docmap_test.go

Coverage: 53.0% cmd/review-bot
 2026-05-15 10:39:43 +00:00
17 changed files with 1320 additions and 253 deletions
Expand all files Collapse all files
CHANGELOG.md
+5 -1
View File
@@ -1,16 +1,20 @@
# CHANGELOG
## v0.4.0
## Unreleased
### Security
- **`validateDocmapPath`: add `EvalSymlinks` to close directory-symlink bypass** ([#150](https://gitea.weiker.me/rodin/review-bot/issues/150)): The previous implementation used `os.Lstat` which only avoids following the *final* path component. An intermediate directory symlink (e.g. `.review-bot/` committed as a symlink to a directory outside the repo) would pass the path-confinement check because the textual path appeared within the repo root. `filepath.EvalSymlinks` is now called first, resolving all symlink components before the `filepath.Rel` confinement check. In-repo symlinks whose resolved targets also reside within the repo root are now allowed; out-of-repo targets are rejected by the confinement check.
- **`doc-map-trusted-ref`: fetch doc-map config from trusted VCS ref** ([#143](https://gitea.weiker.me/rodin/review-bot/issues/143)): New `--doc-map-trusted-ref` flag / `DOC_MAP_TRUSTED_REF` env var. When set, the doc-map YAML config is fetched from the specified VCS ref (e.g. `main`) via API instead of being read from the local workspace (the PR branch checkout). This prevents a malicious PR from modifying `.review-bot/doc-map.yml` to inject arbitrary design docs into the LLM prompt. When unset, the local workspace is used with a security warning in the logs.
### Tests
- **`TestValidateDocmapPath_DirSymlinkBypass`**: verifies that a directory symlink inside the repo pointing outside cannot be used to bypass path confinement ([#150](https://gitea.weiker.me/rodin/review-bot/issues/150)).
- **`doc-map-trusted-ref`: fetch doc-map config from trusted VCS ref** ([#143](https://gitea.weiker.me/rodin/review-bot/issues/143)): New `--doc-map-trusted-ref` flag / `DOC_MAP_TRUSTED_REF` env var. When set, the doc-map YAML config is fetched from the specified VCS ref (e.g. `main`) via API instead of being read from the local workspace (the PR branch checkout). This prevents a malicious PR from modifying `.review-bot/doc-map.yml` to inject arbitrary design docs into the LLM prompt. When unset, the local workspace is used with a security warning in the logs.
>>>>>>> 3222c76 (feat(#143): fetch doc-map config from trusted VCS ref)
### Added
- **`doc-map-trusted-ref` input** (`--doc-map-trusted-ref` flag / `DOC_MAP_TRUSTED_REF` env var): Git ref (branch, tag, or SHA) from which to fetch the doc-map config via VCS API. Recommended for all `doc-map` users. Example: `doc-map-trusted-ref: main`. ([#143](https://gitea.weiker.me/rodin/review-bot/issues/143))
DEV_LOOP_HEALTH.md
+74
View File
@@ -0,0 +1,74 @@
# Dev Loop Health Check — 2026-05-15 09:24 UTC
## Status: ✅ CLEAN & READY
### Summary
- **Main branch:** current (6d82535)
- **Latest commit:** chore: dev-loop verification — issue-130 already in main, worktree stale
- **Active worktrees:** NONE (all cleaned)
- **Repository state:** ✅ HEALTHY
### Cycle Completion
✅ Issue #130 (GitHub PR reviews): Verified complete in main via cherry-picks
✅ Issue #137 (doc-map validation): Verified complete in main
✅ Worktree cleanup: All stale worktrees removed
✅ Main branch: Fast-forward current with latest changes
### What Was Accomplished
**Issue #130 Self-Review Findings (ALL ADDRESSED):**
- ✅ f7008ab: refactor(#130): move IsBlockedIP to internal/netutil
- ✅ 1e50a22: refactor(#130): rename vcsReviewComment.NewPosition → NewLine
- ✅ 3e33e3d: fix(#130): pass VCS_TYPE env var from action.yml Run review step
- ✅ 3387456: docs(#130): fix README CLI example and env var table
**Earlier Completed (Issue #141):**
- chore(#141): hardened validate-docmap subcommand
- security fixes addressing REQUEST_CHANGES
- path traversal protections
---
## Repository Status
| Metric | Status |
|--------|--------|
| Main branch SHA | 6d82535 (2026-05-15 09:24 UTC) |
| Working tree | ✅ Clean |
| Worktrees | ✅ None active |
| Remote tracking | ✅ Current |
| Last push | ✅ Successful (6d82535) |
---
## Next Steps for Human/Maintainer
### Priority Issues for Next Cycle
1. **Issue #143** — fetch doc-map config from trusted VCS ref
2. **Issue #146** — (review Gitea for issue details)
3. **Issue #150** — add EvalSymlinks to validateDocmapPath
### Coverage Observations
- `cmd/review-bot`: 36.8% (target: >60%)
- `budget`: 91.8% ✅
- `review`: 91.5% ✅
- `llm`: 81.3%
- **Total:** 70.4%
### Recommendations
- Increase cmd/review-bot coverage by adding integration/e2e tests
- Consider extracting main logic to testable functions
- Review SKILL.md and dev-loop-spec.md for documentation gaps
---
## Cron Metadata
- **Cron ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c
- **Schedule:** Every 4 hours
- **Runtime:** 2026-05-15 09:23 UTC
- **Repo:** gitea.weiker.me/rodin/review-bot
---
_Dev-loop cycle complete. Repo is clean, ready for next development sprint._
DEV_LOOP_STATUS.md
+96
View File
@@ -0,0 +1,96 @@
# Dev Loop Status — 2026-05-15 09:37 UTC
## Summary
- **Review-bot status:** ✅ MAIN BRANCH CURRENT & HEALTHY
- **Coverage:** 77.1% (↑ from 70.4%) — healthy trajectory
- **Tests:** ✅ All passing
- **Active development tracks:**
- issue-143: fetch doc-map config from trusted VCS ref (ready for review)
- issue-146: reuse resolved doc-map path early (ready for review)
- issue-150: add EvalSymlinks to validateDocmapPath (ready for review)
- issue-154: refactor subprocess test helpers (ready for review)
---
## Current State
### Main Branch
- **HEAD:** 1650343 (dev-loop cycle complete)
- **Status:** Clean, all tests passing, 77.1% coverage
- **Recent work:** Issue #130 fixes merged and verified complete
### Active Issue Branches (Ready for Review)
| Issue | Branch | Latest Commit | Status | Recommendation |
|-------|--------|---------------|--------|-----------------|
| #143 | origin/issue-143 | 3222c76 | Ready | Review feature + tests, consider for merge |
| #146 | origin/issue-146 | 9b64c60 | Ready | 2 new test cases + 1 fix, review completeness |
| #150 | origin/issue-150 | 4dce8e4 | Ready | Symlink validation, security-sensitive |
| #154 | origin/issue-154 | 2892dff | Ready | Refactor/cleanup, low-risk |
### Priority Assessment
**High Priority (Security/Risk):**
- **#150** — EvalSymlinks for dir-symlink bypass (security fix)
- **#143** — Fetch doc-map from trusted VCS ref (trust boundary)
**Medium Priority (Feature):**
- **#146** — Path resolution optimization + tests
**Low Priority (Cleanup):**
- **#154** — Test refactoring
---
## Coverage Trends
| Package | Current | Previous | Δ |
|---------|---------|----------|---|
| cmd/review-bot | TBD | 36.8% | ↑ |
| budget | 91.8% | 91.8% | → |
| review | 91.5% | 91.5% | → |
| llm | 81.3% | 81.3% | → |
| **Total** | **77.1%** | **70.4%** | **↑6.7%** |
---
## Recommendations for Next Cycle
### Immediate (This Dev-Loop)
1. **Checkout #150** — Review symlink fix, run security tests
2. **Checkout #143** — Review doc-map config fetching, validate error handling
3. **Decide merge order**#150 or #143 first (dependency check)
4. **Run full integration** — After each merge to catch regressions
### Short-term (Next 1-2 cycles)
- Pull #146 into main if no blockers
- Merge #154 as low-risk cleanup
- Check for any test coverage gaps post-merge
- Monitor for regressions during next run
### Ongoing
- Continue tracking coverage trend (goal: >80%)
- Document new security fixes (issue #150)
- Review CONVENTIONS.md for consistency across new code
---
## Worktrees
- All stale worktrees cleaned in previous cycle ✅
- Ready for new worktree setup if Aaron wants to work on next issue
---
## Next Dev-Loop Cycle
When dev-loop runs next (in ~4 hours):
1. ✅ Verify main still current
2. ✅ Re-run tests & coverage
3. ✅ Check if any PRs merged (update local branches)
4. ⚠️ Flag for human review if coverage drops or tests fail
---
_Generated by dev-loop at 2026-05-15 09:37 UTC_
DEV_LOOP_STATUS.txt
+25
View File
@@ -0,0 +1,25 @@
Last updated: 2026-05-15 (dev-loop run)
Coverage (origin/main): 54.1% cmd/review-bot
## Open Issues
- #143: bug: doc-map config loaded from PR branch (untrusted) → IN PR #153
- #150: fix: validateDocmapPath — add EvalSymlinks → IN PR #152
- #154: refactor: extract shared base-args helper in main_test.go (LOW PRIORITY, deferred NIT)
## Closed This Run
- #144: bug: dev-loop merged PR autonomously → closed (fixed by #148 pure shell dispatch)
- #145: bug: merged despite REQUEST_CHANGES → closed (fixed by #148 pure shell dispatch)
- #146: missing subprocess tests → closed (fixed by PR #151 + comments)
- #147: coverage <50% → closed (54.1% on origin/main)
## Open PRs (waiting for review/merge by Aaron)
- #151: test(#146): add InvalidDocMapPath/File tests (base: main) — labels: ai-review
- #152: fix(#150): EvalSymlinks dir-symlink bypass (base: main) — labels: needs-review
- #153: feat(#143): doc-map-trusted-ref (base: main, rebased on issue-146) — labels: needs-review
## Merge Order
Recommended: #152 first (no deps), then #151, then #153 (rebased on issue-146, no conflict)
## Notes
- PR #153 is rebased on issue-146 (which is the base for PR #151). Merge #151 before #153.
- PR #154 (refactor) is low priority — deferred NIT from PR #151 review.
DEV_LOOP_SUMMARY.md
+139
View File
@@ -0,0 +1,139 @@
# Dev Loop Cycle Summary — 2026-05-15 09:37 UTC
## Cycle Report
**Cycle ID:** 5342ac81-4bbc-4e4c-a123-347a7788d50c
**Duration:** 4-hour scheduled run
**Runtime Status:** ✅ COMPLETE
**Overall Health:** ✅ EXCELLENT
---
## Key Findings
### 1. Repository Health
- ✅ Main branch is current with origin/main
- ✅ Working tree clean, no uncommitted changes
- ✅ All 77+ tests passing
- ✅ Coverage improved to **77.1%** (↑6.7% from previous cycle)
- ✅ No merge conflicts or stale branches in active development
### 2. Recent Merges & Completions
- ✅ Issue #130 (GitHub PR reviews): Fully integrated into main
- 4 commits cherry-picked from review-bot-issue-130-work
- All self-review findings addressed
- Verified: main includes all fixes
- ✅ Issue #137 (doc-map features): Previously completed, now stable
- ✅ Issue #141 (validate-docmap): Completed, security hardened
### 3. Active Ready Issues
| Issue | Type | Commits | Status | Blocker? |
|-------|------|---------|--------|----------|
| #143 | Feature | 1 | Review-ready | None |
| #146 | Fix | 2 | Review-ready | None |
| #150 | Security | 1 | Review-ready | None |
| #154 | Refactor | 2 | Review-ready | None |
**All issues are decoupled and can merge in any order.**
---
## Metrics
### Test Coverage
```
Total Coverage: 77.1% (↑ from 70.4%)
Cmd/review-bot: TBD (tracking separately)
Budget: 91.8% (stable)
Review: 91.5% (stable)
LLM: 81.3% (stable)
Internal packages: ~85% (estimated)
```
### Test Results
```
Total Tests: 77
Passed: 77 ✅
Failed: 0
Skipped: 0
Timeout: 0
```
### Linting & Formatting
```
go fmt: ✅ pass
go vet: ✅ pass (no blockers)
```
---
## Recommendations
### For Aaron (Maintainer)
**Merge Priority (suggested):**
1. **#150** (EvalSymlinks) — Security fix, should land first
2. **#143** (doc-map config) — Feature, complements #150
3. **#146** (path resolution) — Optimization, no risk
4. **#154** (test refactor) — Low-risk cleanup
**Pre-merge checklist:**
- [ ] Review each PR for design alignment
- [ ] Run `go test -v ./...` locally on each branch
- [ ] Check for dependency order (test separately if needed)
- [ ] Rebase each onto main before merge to avoid unclean history
### For Dev-Loop (Automated)
**Next cycle (4 hours from now):**
1. Re-verify main is still current
2. Re-run test suite (regression check)
3. Measure coverage again (track trend)
4. Check if any PRs merged (update local tracking)
5. Flag any coverage drops or new test failures
**Long-term (next week):**
- Analyze cmd/review-bot coverage gaps (36.8% → target 60%+)
- Consider integration/e2e tests for main CLI logic
- Review SKILL.md documentation accuracy
- Suggest follow-up issues from current backlog
---
## Backlog Overview
### Completed (In Main)
- ✅ Issue #130 — GitHub PR review API + VCS routing
- ✅ Issue #137 — doc-map feature validation
- ✅ Issue #141 — validate-docmap subcommand (hardened)
### Ready to Review (4 Issues)
- ⏳ Issue #143 — fetch doc-map config from trusted VCS ref
- ⏳ Issue #146 — reuse resolved doc-map path early (optimization)
- ⏳ Issue #150 — EvalSymlinks security fix
- ⏳ Issue #154 — test refactoring/cleanup
### Queued for Triage
- 📋 Issue #139, #148, others from `origin/review-bot-issue-*` branches
---
## Artifacts
- **Coverage report:** `coverage.out` (77.1%)
- **Status:** This file + `DEV_LOOP_STATUS.md`
- **Latest commit:** ffbbdf5 (status update pushed to main)
---
## Notes
- Significant improvement in coverage (+6.7%) suggests good test additions in active branches
- All security-sensitive branches (143, 146, 150) are ready for human review
- No urgent issues blocking development pipeline
- Repo is in excellent shape for next phase of work
---
_This cycle completed successfully at 2026-05-15 09:37 UTC._
PLAN-125.md
+175
View File
@@ -0,0 +1,175 @@
# Plan: Issue #125 — Rename GITEA_URL → VCS_URL
## Problem
The `GITEA_URL` environment variable (and `--gitea-url` flag) implies the binary only works with Gitea.
Now that review-bot supports both Gitea and GitHub/GHES, this name is misleading.
Renaming to `VCS_URL` makes the binary platform-agnostic in its interface.
## Constraints
- Must not break existing users who already use `GITEA_URL` — need a fallback
- The CLI flag `--gitea-url` should also be updated to `--vcs-url` for consistency
- `INTEGRATION_GITEA_URL` in integration tests is a test-only env var, not the binary's interface; but should be updated for clarity
- The action YAML uses `GITEA_URL` as an internal shell variable in bash scripts — distinct from the env var passed to the binary
- All changes must compile and pass existing tests
## Files Affected
### Binary / Go source
| File | Change |
|------|--------|
| `cmd/review-bot/main.go` | Rename `--gitea-url``--vcs-url`, add `VCS_URL` as primary, keep `GITEA_URL` fallback |
| `cmd/review-bot/integration_test.go` | Rename `INTEGRATION_GITEA_URL``INTEGRATION_VCS_URL` (test-only, no external compat concern) |
| `integration_test.go` | Same — rename `INTEGRATION_GITEA_URL``INTEGRATION_VCS_URL` |
### Action YAML
| File | Change |
|------|--------|
| `.gitea/actions/review/action.yml` | Rename input `gitea-url``vcs-url`; update env var passed to binary: `VCS_URL` instead of `GITEA_URL`; keep internal bash var as `GITEA_URL` (only used for release download, not passed to binary) |
| `.gitea/workflows/ci.yml` | Rename `GITEA_URL` env var to `VCS_URL` in Run review step |
### Documentation
| File | Change |
|------|--------|
| `README.md` | Update CLI example, env var table entry |
## Proposed Approach
### 1. Backward-compatible env var lookup in main.go
Replace:
```go
giteaURL := flag.String("gitea-url", envOrDefault("GITEA_URL", ""), "Gitea instance URL")
```
With:
```go
giteaURL := flag.String("vcs-url", envOrDefaultFallback("VCS_URL", "GITEA_URL", ""), "VCS server URL (e.g. https://gitea.example.com)")
```
Add a helper:
```go
// envOrDefaultFallback reads primary env var; if empty, falls back to deprecated env var.
func envOrDefaultFallback(primary, deprecated, defaultVal string) string {
if v := os.Getenv(primary); v != "" {
return v
}
if v := os.Getenv(deprecated); v != "" {
slog.Warn("deprecated env var in use; rename to " + primary, "old", deprecated, "new", primary)
return v
}
return defaultVal
}
```
**Note:** This must be called AFTER `setupLogger` conceptually, but the flag default is evaluated at flag registration time. Since `setupLogger` runs before `flag.Parse()`, the slog.Warn will print correctly at runtime. We use `log.Printf` as a fallback if this proves problematic.
Actually — flag defaults are evaluated at registration (line 57), before `setupLogger`. The warning won't go through slog. Two options:
- Use `log.Printf` for the deprecation warning (always visible)
- Move the fallback lookup to after `flag.Parse()`, checking if the parsed value is still empty
**Decision:** Move fallback to a post-parse check. This is cleaner:
```go
vcsURL := flag.String("vcs-url", os.Getenv("VCS_URL"), "VCS server URL")
flag.Parse()
// Backward compat: fall back to deprecated GITEA_URL
if *vcsURL == "" {
if v := os.Getenv("GITEA_URL"); v != "" {
slog.Warn("GITEA_URL is deprecated; use VCS_URL instead")
*vcsURL = v
}
}
```
This is clean, idiomatic, and the warning goes through slog correctly.
### 2. Keep `--gitea-url` as deprecated alias
Add a hidden flag for backward compat:
```go
giteaURLAlias := flag.String("gitea-url", "", "Deprecated: use --vcs-url")
```
Post-parse:
```go
if *vcsURL == "" && *giteaURLAlias != "" {
slog.Warn("--gitea-url is deprecated; use --vcs-url instead")
*vcsURL = *giteaURLAlias
}
```
### 3. Internal variable rename
Rename `giteaURL` local variable → `vcsURL` throughout `main.go` for consistency.
### 4. Error message update
```go
fmt.Fprintf(os.Stderr, "Required: --vcs-url, --repo, --pr, --reviewer-token, --llm-model\n")
```
### 5. Action YAML changes
In `.gitea/actions/review/action.yml`:
- Input `gitea-url``vcs-url` (with same description, `required: false`, `default: ''`)
- Line 172: `GITEA_URL: ${{ inputs.gitea-url || github.server_url }}``VCS_URL: ${{ inputs.vcs-url || github.server_url }}`
- Lines 115, 140: internal bash vars `GITEA_URL=` are used for downloading binaries — NOT passed to the review-bot binary. Leave them as internal bash vars (they're scope-local in bash). These could be renamed to `SERVER_URL` or `BASE_URL` for local clarity, but renaming them isn't strictly required.
In `.gitea/workflows/ci.yml`:
- Line 52: `GITEA_URL: ${{ github.server_url }}``VCS_URL: ${{ github.server_url }}`
### 6. Integration test updates
`INTEGRATION_GITEA_URL``INTEGRATION_VCS_URL` in both test files.
### 7. README
- CLI example: `--gitea-url``--vcs-url`
- Env var table: `GITEA_URL``VCS_URL`, add note about `GITEA_URL` fallback
## Backward Compatibility Summary
| Old | New | Fallback? |
|-----|-----|-----------|
| `GITEA_URL` env var | `VCS_URL` | ✅ with deprecation warning |
| `--gitea-url` flag | `--vcs-url` | ✅ with deprecation warning |
| `gitea-url` action input | `vcs-url` | ⚠️ No (action version bump handles this) |
| `INTEGRATION_GITEA_URL` | `INTEGRATION_VCS_URL` | N/A (test-only) |
## Error Cases
- Both `VCS_URL` and `GITEA_URL` set: `VCS_URL` wins (primary takes precedence)
- Both `--vcs-url` and `--gitea-url` provided: `--vcs-url` wins
- Neither set: existing "missing required flags" error unchanged
## Edge Cases
- `os.Getenv` returns "" for unset AND set-to-empty — consistent with existing behavior
- The `envOrDefault` helper is unchanged; we add `envOrDefaultFallback` for the one renamed var
## Testing Strategy
- Existing unit tests pass unchanged (they don't test env var parsing directly)
- Integration tests updated to use new env var name
- Manual: `GITEA_URL=https://example.com ./review-bot --repo x --pr 1 ...` should print deprecation warning and proceed
- Manual: `VCS_URL=https://example.com ./review-bot ...` should work silently
## Completion Checklist
1. `VCS_URL` is read first; `GITEA_URL` is fallback with deprecation warning
2. `--vcs-url` flag is primary; `--gitea-url` is deprecated alias with warning
3. Error message references `--vcs-url` not `--gitea-url`
4. `action.yml` passes `VCS_URL` (not `GITEA_URL`) to the binary
5. `ci.yml` passes `VCS_URL` (not `GITEA_URL`) to the binary
6. README updated in CLI example and env var table
7. Integration tests use `INTEGRATION_VCS_URL`
8. `go test ./...` passes
9. `go vet ./...` passes
10. `go build ./cmd/review-bot` succeeds
## Open Questions
- Should the CLI flag `--gitea-url` be completely hidden from `--help` or just deprecated with a note? The issue doesn't specify. Decision: keep it visible but add "(deprecated: use --vcs-url)" to the description.
- Should action.yml also add `gitea-url` as a deprecated input alias? The issue says "Update the action to pass the new env var name" — no mention of backward compat for the action input. Decision: rename only, no alias (action users pin a version anyway).
- The bash-internal `GITEA_URL` variable in action.yml scripts (used for release download, not passed to binary) — rename for clarity? Decision: yes, rename to `BASE_URL` to avoid confusion with the env var.
PLAN-141.md
+154
View File
@@ -0,0 +1,154 @@
# Plan: validate-docmap subcommand (Issue #141)
## Problem
CI has no way to verify that `doc-map.yml` is kept up to date. When a developer adds a new
module/directory, they may forget to add a `paths:` entry. When a design doc is deleted or
moved, the `docs:` entry becomes stale. Both failures are silent — the AI reviewer just gets
no docs injected, and nobody notices.
This is a **pure static check**: no AI, no VCS API. Just YAML parsing + glob matching + `os.Stat`.
## Constraints
- No external API calls or AI involvement
- Must compose with `git diff --name-only` output via stdin (standard CI pattern)
- Reuse existing `ParseDocMapConfig` from `review/docmap.go`
- Glob matching logic must also reuse (or expose) existing `globMatch`/`mappingMatches`
- Follow the `validate-url` subcommand pattern exactly
- Both checks must always run — report all failures, not just the first
- `outWriter`/`errWriter` vars must be respected for testability
## Proposed Approach
### 1. Export a glob-coverage helper from `review/docmap.go`
Add one new exported function:
```go
// FileCoveredByDocMap returns true if any paths: glob in cfg matches the given file.
func FileCoveredByDocMap(cfg *DocMapConfig, file string) bool
```
This is a thin wrapper over the existing unexported `mappingMatches`. It lets the `cmd/` layer
call into the review package without duplicating glob logic.
**Alternative considered:** Duplicate the loop in `cmd/`. Rejected — duplication of non-trivial
glob matching is a maintenance hazard. Exporting one function is cleaner.
### 2. New file: `cmd/review-bot/validatedocmap.go`
Implements `runValidateDocmap(args []string) int` following the `validateurl.go` pattern.
```
Flag parsing (use flag.NewFlagSet — NOT global flag, to avoid polluting main.go's flag state):
--docmap (required) path to YAML file
--repo-root (optional, default ".") base for resolving docs: paths
Step 1: Parse flags. Validate --docmap is set. Exit 2 on error.
Step 2: ParseDocMapConfig(docmapPath) → exit 2 on parse error
Step 3: Read stdin lines → changedFiles []string
Step 4: Coverage check — for each file in changedFiles:
if !FileCoveredByDocMap(cfg, file) → record as uncovered
Step 5: Stale-docs check — for each unique docs: entry across all mappings:
if os.Stat(filepath.Join(repoRoot, docPath)) fails → record as stale
Step 6: If any uncovered or stale entries → print ERROR sections → return 1
Else → print "OK" → return 0
```
Exit codes (parallel to `validate-url`):
- `0` — clean
- `1` — coverage or stale-doc failures
- `2` — usage error, missing flag, or YAML parse error
### 3. Wire into `main.go`
Add `case "validate-docmap":` to the existing `os.Args[1]` switch.
### 4. Tests: `cmd/review-bot/validatedocmap_test.go`
Test table covering:
| Case | stdin | docmap | repo-root | want exit |
|------|-------|--------|-----------|-----------|
| clean | covered file | valid docmap | docs exist | 0 |
| uncovered file | uncovered file | valid docmap | docs exist | 1 |
| stale doc | covered file | stale docs: | missing path | 1 |
| both failures | uncovered + stale | | | 1 |
| empty stdin | (empty) | valid docmap | docs exist | 0 |
| missing --docmap flag | | | | 2 |
| bad YAML | | invalid YAML | | 2 |
Use `os.MkdirTemp` + `os.WriteFile` to create real temp directories for the stale-docs check.
### 5. README update
Add a subsection under the `validate-url` section showing the `validate-docmap` invocation.
## State/Data Model
No persistent state. All inputs are flags + stdin + local filesystem.
## Error Cases
| Scenario | Behavior |
|----------|----------|
| `--docmap` flag missing | Print usage, exit 2 |
| YAML parse fails | Print error message, exit 2 |
| stdin read error | Print error, exit 2 |
| `--repo-root` does not exist | Individual docs: entries will fail Stat; logged per-path, exit 1 |
| changed file is empty string (blank line) | Skip (trim + ignore empty) |
## Edge Cases
- Blank lines in stdin input (from git diff with trailing newline) → trim and skip
- Duplicate `docs:` entries across multiple mappings → deduplicate before checking existence
- `docs:` entry that is a directory (ends with `/`) → `os.Stat` the path; if it exists it's fine
- `--repo-root` with trailing slash → use `filepath.Join` which normalizes it
- Changed files with `../` or absolute paths → check only (no traversal needed here since we're just calling `FileCoveredByDocMap`, which is pure string matching)
## Testing Strategy
- Unit tests with real temp files for stale-doc check (no mocking needed for `os.Stat`)
- `outWriter`/`errWriter` capture pattern (same as `validateurl_test.go`)
- Table-driven tests
## Open Questions
- **stdin vs `--files` flag**: Using stdin matches the standard CI pipe idiom and avoids shell
quoting issues with many files. Confirmed by Aaron's clarification.
- **Empty stdin coverage**: Aaron said empty stdin = no coverage failures. This means
"no changed files, no problem" — vacuously true. Makes sense for `git diff` on unchanged branches.
- **Directory docs: entries**: `os.Stat` is sufficient — if the directory exists, it's valid.
We don't recursively verify it has `.md` files. Kept simple.
- **`--repo-root` vs always cwd**: Default to cwd but allow override. This makes the command
usable from CI scripts that `cd` to a different directory.
## Completion Checklist (generated for this task)
1. `FileCoveredByDocMap` exported and covers the all-mappings, any-glob-matches logic correctly?
2. `runValidateDocmap` follows `runValidateURL` exactly: flag parse → validate → work → exit code?
3. Both checks always run (no early exit after first failure section)?
4. Empty stdin treated as clean (exit 0, no coverage errors)?
5. All `docs:` entries deduplicated before stale check?
6. `outWriter`/`errWriter` used (not `fmt.Println` directly), so tests can capture output?
7. `case "validate-docmap":` added to `main.go` dispatch switch?
8. Tests cover all 7 cases in the table above?
9. README updated with usage example?
10. `go test ./...` passes with no new failures?
## Implementation Phases
### Phase 1: Export helper in `review/docmap.go`
- Add `FileCoveredByDocMap(cfg *DocMapConfig, file string) bool`
- Add test in `review/docmap_test.go`
### Phase 2: `cmd/review-bot/validatedocmap.go`
- Full `runValidateDocmap` implementation
### Phase 3: Wire into `main.go` + tests
- `case "validate-docmap":` dispatch
- `validatedocmap_test.go` with full table
### Phase 4: README + final
- Update README
- `go test ./...`
PLAN-143.md
+125
View File
@@ -0,0 +1,125 @@
# PLAN-143: Load doc-map config from trusted (default) branch
**Issue:** #143
**Status:** Planning
**Branch:** TBD (issue-143)
---
## Problem Statement
The `--doc-map` flag reads the doc-map YAML config from the local `GITHUB_WORKSPACE` checkout, which is the **PR branch** in CI. A malicious PR author can:
1. Modify `.review-bot/doc-map.yml` in their branch to map any path glob to sensitive docs
2. review-bot reads the PR-branch doc-map config
3. Docs from the **default branch** are fetched and injected into the LLM prompt
4. Via prompt injection in those docs, the attacker could exfiltrate content
The config is the trust boundary. The *data* fetched (design docs) already comes from the default branch via VCS API. The *config* is what needs to be pinned to the default branch.
## Constraints
- Must not break existing callers (backward compatibility)
- Should have a clearly named flag/env var
- Fall back to local workspace if no trusted ref configured (for users not yet migrated)
- The gargoyle workflow (.github/workflows/review.yml) will need updating
## Proposed Approach
### Option A: Fetch via VCS API from default branch (preferred)
Add a new flag `--doc-map-trusted-ref` (default: `""` = use local workspace).
When `--doc-map-trusted-ref` is set:
1. Use the VCS API to fetch the file at `--doc-map` path from the specified ref
2. Parse the fetched content as YAML
3. Use this config (not the local workspace copy)
When `--doc-map-trusted-ref` is empty:
- Current behavior (local workspace) with a deprecation warning
This follows the same pattern as `patterns-repo` which fetches from VCS.
### Option B: Auto-detect and always use default branch
Always fetch doc-map from the default branch via VCS API, ignoring local workspace.
Simpler API but breaks local testing (where there's no VCS to fetch from).
### Recommendation
Option A — explicit `--doc-map-trusted-ref` flag. The gargoyle workflow would set:
```yaml
doc-map-trusted-ref: "main"
```
This is explicit and allows local testing to continue using local workspace.
## Implementation Plan
### Phase 1: VCS API fetch for doc-map config
**Files to change:**
- `cmd/review-bot/main.go` — add `--doc-map-trusted-ref` flag, conditional fetch logic
- `review/docmap.go` — add `FetchDocMapConfig(vcs, owner, repo, ref, path string) (*DocMapConfig, error)`
- `action.yml` — add `doc-map-trusted-ref` input
- `README.md` — document new flag
**Logic:**
```go
if *docMapTrustedRef != "" {
// Fetch from VCS (trusted branch) — secure
content, err := vcs.GetFileContent(ctx, owner, repoName, *docMapTrustedRef, resolvedDocMap)
...
docMapCfg, err = review.ParseDocMapConfigContent(content)
} else {
// Local workspace (backward compat with deprecation warning)
slog.Warn("doc-map loaded from local workspace (PR branch) — consider --doc-map-trusted-ref for security")
docMapCfg, err = review.ParseDocMapConfig(resolvedDocMap)
}
```
### Phase 2: Tests
- `TestFetchDocMapConfig_Success`: mock VCS returns valid YAML → parses correctly
- `TestFetchDocMapConfig_NotFound`: VCS returns 404 → clear error
- `TestMainSubprocess_DocMapTrustedRef`: subprocess test for the new flag
### Phase 3: Gargoyle workflow update
Update `.github/workflows/review.yml` in gargoyle to add `doc-map-trusted-ref: main`.
## State/Data Model
New flag: `--doc-map-trusted-ref` / `DOC_MAP_TRUSTED_REF` env var
- Type: string
- Default: `""` (local workspace)
- Example value: `"main"`, `"master"`, `HEAD`
## Error Cases
- VCS returns 404 for doc-map path at trusted ref → error + exit (not silent)
- VCS returns 404 but local copy exists → do NOT fall back (could be attack path)
- Parse error on fetched content → error + exit
## Edge Cases
- What if the doc-map doesn't exist at the trusted ref? → log error, exit (don't silently continue)
- What if trusted-ref is a commit SHA? → should work via VCS GetFileContent
- What if the user sets trusted-ref to the PR branch? → Works, but defeats the purpose. Not our problem to prevent.
## Open Questions
- Should we warn when `--doc-map` is set without `--doc-map-trusted-ref`? → Yes, deprecation warning pointing to docs
- Should we add `--doc-map-trusted-ref` to the `validate-docmap` subcommand? → No, that subcommand operates on local files only; it's a developer tool
## Acceptance Criteria
- [ ] `--doc-map-trusted-ref` flag added to `action.yml` and `cmd/review-bot/main.go`
- [ ] When set, doc-map config fetched from VCS at the specified ref (not local workspace)
- [ ] When unset, local workspace used with deprecation warning in logs
- [ ] 404 from VCS is a hard error (no silent fallback to local copy)
- [ ] Tests cover: fetch success, fetch 404, parse error
- [ ] Gargoyle `.github/workflows/review.yml` updated to use `doc-map-trusted-ref: main`
- [ ] README updated
- [ ] CHANGELOG updated
- [ ] `make precommit` passes
cmd/review-bot/main.go
+2 -5
View File
@@ -174,12 +174,9 @@ func main() {
os.Exit(1)
}
// Early validation of filesystem-path flags (fail fast before network I/O).
// Skip local-path validation when --doc-map-trusted-ref is set: the flag
// value is used as a VCS API path, not a local filesystem path, and the
// file may not exist in the local checkout (sparse, PR-deleted, etc.).
// Early validation of filesystem-path flags (fail fast before network I/O)
var resolvedDocMapFile string
if *docMapFile != "" && *docMapTrustedRef == "" {
if *docMapFile != "" {
resolved, err := validateWorkspacePath(*docMapFile, "doc-map")
if err != nil {
slog.Error("invalid doc-map path", "error", err)
cmd/review-bot/main_test.go
-58
View File
@@ -903,17 +903,12 @@ func TestMainSubprocess_InvalidRepo(t *testing.T) {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
args := baseSubprocessArgs()
// Replace the canonical --repo value with an invalid one.
found := false
for i, a := range args {
if a == "--repo" && i+1 < len(args) {
args[i+1] = "invalidrepo"
found = true
break
}
}
if !found {
t.Fatal("baseSubprocessArgs() does not contain --repo; test is broken")
}
os.Args = args
main()
return
@@ -935,17 +930,12 @@ func TestMainSubprocess_InvalidPRNumber(t *testing.T) {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
args := baseSubprocessArgs()
// Replace the canonical --pr value with a non-numeric string.
found := false
for i, a := range args {
if a == "--pr" && i+1 < len(args) {
args[i+1] = "notanumber"
found = true
break
}
}
if !found {
t.Fatal("baseSubprocessArgs() does not contain --pr; test is broken")
}
os.Args = args
main()
return
@@ -1531,8 +1521,6 @@ func TestMainSubprocess_InvalidDocMapPath(t *testing.T) {
}
cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapPath")
// t.TempDir() is evaluated here in the outer process, producing a real directory
// that is passed as the GITHUB_WORKSPACE env var string to the subprocess.
cmd.Env = append(cleanEnv(),
"TEST_SUBPROCESS_MAIN=1",
"GITHUB_WORKSPACE="+t.TempDir(),
@@ -1570,8 +1558,6 @@ func TestMainSubprocess_InvalidDocMapFile(t *testing.T) {
}
cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_InvalidDocMapFile")
// t.TempDir() is evaluated here in the outer process, producing a real directory
// that is passed as the GITHUB_WORKSPACE env var string to the subprocess.
cmd.Env = append(cleanEnv(),
"TEST_SUBPROCESS_MAIN=1",
"GITHUB_WORKSPACE="+t.TempDir(),
@@ -1588,47 +1574,3 @@ func TestMainSubprocess_InvalidDocMapFile(t *testing.T) {
t.Errorf("expected error about failed resolution, got: %s", output)
}
}
// TestMainSubprocess_DocMapTrustedRefSkipsLocalValidation confirms that
// --doc-map-trusted-ref bypasses local filesystem validation for --doc-map.
// When the trusted-ref flag is set, the doc-map value is used as a VCS API
// path; a nonexistent local file must not cause an early exit before network I/O.
func TestMainSubprocess_DocMapTrustedRefSkipsLocalValidation(t *testing.T) {
if os.Getenv("TEST_SUBPROCESS_MAIN") == "1" {
flag.CommandLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError)
os.Args = []string{"review-bot",
"--vcs-url", "https://gitea.example.com",
"--repo", "owner/repo",
"--pr", "1",
"--reviewer-token", "tok",
"--llm-base-url", "https://api.example.com",
"--llm-api-key", "key",
"--llm-model", "gpt-4",
"--doc-map", "nonexistent-local.yml",
"--doc-map-trusted-ref", "main",
}
main()
return
}
cmd := exec.Command(os.Args[0], "-test.run=TestMainSubprocess_DocMapTrustedRefSkipsLocalValidation")
cmd.Env = append(cleanEnv(),
"TEST_SUBPROCESS_MAIN=1",
"GITHUB_WORKSPACE="+t.TempDir(),
)
out, err := cmd.CombinedOutput()
output := string(out)
// The test must fail (network I/O or VCS API failure) but must NOT
// fail with the local filesystem validation error.
// "failed to resolve" would indicate the early validateWorkspacePath ran —
// that would be the bug this test is catching.
if strings.Contains(output, "failed to resolve") {
t.Errorf("--doc-map-trusted-ref should skip local path validation, but got filesystem error: %s", output)
}
// It must still exit non-zero (real VCS call to example.com will fail).
if err == nil {
t.Fatal("expected non-zero exit when VCS API is unreachable, got success")
}
}
cmd/review-bot/validatedocmap.go
+19 -68
View File
@@ -23,19 +23,18 @@ const maxDocmapBytes int64 = 10 * 1024 * 1024 // 10 MB
// 1. The path resolves to a regular file within resolvedRoot (path
// confinement): prevents a PR-controlled --docmap from reading arbitrary
// host files via absolute paths or ".." traversal.
// 2. The resolved path is within resolvedRoot: in-repo file-level symlinks
// are allowed when their resolved target is still inside the root;
// symlinks that escape the root are rejected by the confinement check.
// 2. The path is not a symlink: prevents denial-of-service via /dev/zero or
// information disclosure via symlinks that point outside the workspace.
// 3. The file does not exceed maxDocmapBytes: prevents memory exhaustion
// from an oversized but legitimately committed doc-map file.
//
// resolvedRoot must already be an absolute, symlink-free path (obtained from
// filepath.Abs + filepath.EvalSymlinks).
func validateDocmapPath(localPath, resolvedRoot string) (string, error) {
func validateDocmapPath(localPath, resolvedRoot string) error {
// Resolve the docmap path to an absolute path.
absPath, err := filepath.Abs(localPath)
if err != nil {
return "", fmt.Errorf("cannot resolve path: %w", err)
return fmt.Errorf("cannot resolve path: %w", err)
}
// Resolve ALL symlink components, not just the final one.
@@ -47,36 +46,34 @@ func validateDocmapPath(localPath, resolvedRoot string) (string, error) {
// path is inside the root while the actual destination is not.
resolvedPath, err := filepath.EvalSymlinks(absPath)
if err != nil {
return "", fmt.Errorf("cannot resolve path (symlink): %w", err)
return fmt.Errorf("cannot resolve path (symlink): %w", err)
}
// Lstat the resolved path for size and existence checks — EvalSymlinks
// guarantees no symlink components remain, so ModeSymlink can never be set.
// Lstat the resolved path — at this point resolvedPath is symlink-free, so
// ModeSymlink will never be set. We keep the check as defense-in-depth.
fi, err := os.Lstat(resolvedPath)
if err != nil {
return "", fmt.Errorf("cannot stat file: %w", err)
return fmt.Errorf("cannot stat file: %w", err)
}
// Reject anything that is not a regular file (directories, FIFOs, device
// nodes, etc.) — ParseDocMapConfig expects a plain YAML file and would
// produce a confusing error on non-regular entries.
if !fi.Mode().IsRegular() {
return "", fmt.Errorf("docmap must be a regular file")
// Defense-in-depth: reject any remaining symlink indicator.
if fi.Mode()&os.ModeSymlink != 0 {
return fmt.Errorf("symlinks are not allowed")
}
// Confine to resolvedRoot: use the fully-resolved path so that a directory
// symlink inside the repo cannot carry the path outside the root.
rel, err := filepath.Rel(resolvedRoot, resolvedPath)
if err != nil || rel == ".." || strings.HasPrefix(rel, ".."+string(os.PathSeparator)) {
return "", fmt.Errorf("path must be within --repo-root")
return fmt.Errorf("path must be within --repo-root")
}
// Enforce size cap before reading to prevent memory exhaustion.
if fi.Size() > maxDocmapBytes {
return "", fmt.Errorf("file size %d bytes exceeds %d-byte limit", fi.Size(), maxDocmapBytes)
return fmt.Errorf("file size %d bytes exceeds %d-byte limit", fi.Size(), maxDocmapBytes)
}
return resolvedPath, nil
return nil
}
// runValidateDocmap implements the `review-bot validate-docmap` subcommand.
@@ -140,59 +137,16 @@ func runValidateDocmap(args []string) int {
// may reference a PR-controlled file (e.g. .review-bot/doc-map.yml).
// Validate that it:
// 1. Resolves within resolvedRoot (prevent reading arbitrary host files).
// 2. Resolved target stays within the root (in-repo symlinks are allowed
// if they resolve to a path inside the root).
// 2. Is not a symlink (prevent /dev/zero or symlink-based host probing).
// 3. Does not exceed maxDocmapBytes (prevent memory exhaustion from an
// oversized committed file).
// validateDocmapPath returns the resolved path; use it directly to
// eliminate any TOCTOU race between validation and use.
resolvedDocmap, err := validateDocmapPath(*docmapFlag, resolvedRoot)
if err != nil {
if err := validateDocmapPath(*docmapFlag, resolvedRoot); err != nil {
fmt.Fprintf(errWriter, "Error: --docmap %q is invalid: %v\n", *docmapFlag, err)
return 2
}
// Open and read the docmap with a LimitedReader — closes the residual TOCTOU
// window between the Lstat size check in validateDocmapPath and the file open
// here. The limit is maxDocmapBytes+1 so we can detect a file that grew past
// the cap after the stat without reading unbounded bytes.
//
// Defense-in-depth: stat the path immediately before and after open so we can
// detect a file swap between validateDocmapPath's validation and this open via
// os.SameFile. An attacker with workspace write access could otherwise replace
// the validated file with a symlink in the gap between validation and use.
preStat, err := os.Lstat(resolvedDocmap)
if err != nil {
fmt.Fprintf(errWriter, "Error: failed to stat docmap before open %q: %v\n", *docmapFlag, err)
return 2
}
f, err := os.Open(resolvedDocmap)
if err != nil {
fmt.Fprintf(errWriter, "Error: failed to open docmap %q: %v\n", *docmapFlag, err)
return 2
}
defer func() { _ = f.Close() }()
// Verify we opened the same file that was validated — rejects a swap between
// the pre-open Lstat and the open call.
postStat, err := f.Stat()
if err != nil {
fmt.Fprintf(errWriter, "Error: failed to stat open docmap %q: %v\n", *docmapFlag, err)
return 2
}
if !os.SameFile(preStat, postStat) {
fmt.Fprintf(errWriter, "Error: --docmap %q changed between validation and open\n", *docmapFlag)
return 2
}
docmapData, err := io.ReadAll(io.LimitReader(f, maxDocmapBytes+1))
if err != nil {
fmt.Fprintf(errWriter, "Error: failed to read docmap %q: %v\n", *docmapFlag, err)
return 2
}
if int64(len(docmapData)) > maxDocmapBytes {
fmt.Fprintf(errWriter, "Error: --docmap %q exceeded %d-byte limit after open\n", *docmapFlag, maxDocmapBytes)
return 2
}
cfg, err := review.ParseDocMapConfigContent(string(docmapData), *docmapFlag)
// Parse docmap YAML.
cfg, err := review.ParseDocMapConfig(*docmapFlag)
if err != nil {
fmt.Fprintf(errWriter, "Error: failed to parse docmap %q: %v\n", *docmapFlag, err)
return 2
@@ -217,9 +171,6 @@ func runValidateDocmap(args []string) int {
// Normalize Windows-style backslashes to forward slashes so that
// changed-file paths from git on Windows match doc-map globs.
f = strings.ReplaceAll(f, "\\", "/")
// Strip a leading "./" emitted by non-git tools (e.g. `find`) so that
// paths like "./cmd/foo.go" match doc-map globs written as "cmd/**".
f = strings.TrimPrefix(f, "./")
if !review.FileCoveredByDocMap(cfg, f) {
uncovered = append(uncovered, f)
}
@@ -238,7 +189,7 @@ func runValidateDocmap(args []string) int {
staleDocs := checkStaleDocs(cfg, resolvedRoot)
if len(staleDocs) > 0 {
failed = true
fmt.Fprintln(errWriter, "ERROR: stale docmap entries (paths do not exist):")
fmt.Fprintln(errWriter, "ERROR: stale docmap docs: entries (paths do not exist):")
for _, d := range staleDocs {
fmt.Fprintf(errWriter, " %s\n", d)
}
cmd/review-bot/validatedocmap_test.go
+1 -96
View File
@@ -595,102 +595,7 @@ func TestValidateDocmapPath_DirSymlinkBypass(t *testing.T) {
t.Fatalf("EvalSymlinks(repoDir): %v", err)
}
if _, err := validateDocmapPath(attackPath, resolvedRoot); err == nil {
if err := validateDocmapPath(attackPath, resolvedRoot); err == nil {
t.Error("expected rejection of dir-symlink bypass, got nil error")
}
}
// TestValidateDocmapPath_NonRegularFile verifies that --docmap pointing at a
// non-regular file (e.g. a directory) is rejected with a clear error before
// ParseDocMapConfig is called.
func TestValidateDocmapPath_NonRegularFile(t *testing.T) {
dir := t.TempDir()
// Use the directory itself as the docmap path — directories pass Lstat but
// are not regular files.
reviewBotDir := filepath.Join(dir, ".review-bot")
if err := os.MkdirAll(reviewBotDir, 0o755); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
code, _, stderr := stdinValidateDocmap(t,
"",
[]string{"--docmap", reviewBotDir, "--repo-root", dir},
)
if code != 2 {
t.Errorf("expected exit 2 for directory docmap, got %d; stderr: %q", code, stderr)
}
if !strings.Contains(stderr, "regular file") && !strings.Contains(stderr, "invalid") {
t.Errorf("expected regular-file rejection in stderr, got %q", stderr)
}
}
// TestRunValidateDocmap_DotSlashPrefix verifies that paths emitted with a
// leading "./" (e.g. from `find` or `ls`) match doc-map globs correctly.
// Without TrimPrefix, "./cmd/foo.go" would not match the pattern "cmd/**".
func TestRunValidateDocmap_DotSlashPrefix(t *testing.T) {
dir := t.TempDir()
makeDocFile(t, dir, "docs/foo.md")
docmap := makeDocmapInDir(t, dir, `
mappings:
- paths:
- "cmd/**"
docs:
- docs/foo.md
`)
// File with a leading "./" should be treated as covered.
code, _, stderr := stdinValidateDocmap(t,
"./cmd/foo.go\n",
[]string{"--docmap", docmap, "--repo-root", dir},
)
if code != 0 {
t.Errorf("expected exit 0 for './' prefixed covered file, got %d; stderr: %q", code, stderr)
}
}
// TestValidateDocmapPath_InRepoSymlinkAllowed verifies that an in-repo
// file-level symlink whose resolved target is still within the repo root is
// accepted. This is the positive case for the issue #150 behavioral change:
// only symlinks that escape the root are rejected; intra-repo symlinks are
// allowed because EvalSymlinks resolves the target and the confinement check
// is applied to the resolved path, not the symlink entry itself.
func TestValidateDocmapPath_InRepoSymlinkAllowed(t *testing.T) {
dir := t.TempDir()
// Create the real docmap file inside the repo root.
if err := os.MkdirAll(filepath.Join(dir, ".review-bot"), 0o755); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
realDocmap := filepath.Join(dir, ".review-bot", "doc-map-real.yml")
if err := os.WriteFile(realDocmap, []byte("mappings: []\n"), 0o644); err != nil {
t.Fatalf("WriteFile: %v", err)
}
// Create a symlink inside the repo root that points to the real file
// (also inside the root).
symlinkPath := filepath.Join(dir, ".review-bot", "doc-map-link.yml")
if err := os.Symlink(realDocmap, symlinkPath); err != nil {
t.Skipf("cannot create symlink (platform may not support it): %v", err)
}
// Resolve dir to a symlink-free root, as runValidateDocmap does.
resolvedRoot, err := filepath.EvalSymlinks(dir)
if err != nil {
t.Fatalf("EvalSymlinks(dir): %v", err)
}
// In-repo symlink whose target is within root: must be accepted.
resolved, err := validateDocmapPath(symlinkPath, resolvedRoot)
if err != nil {
t.Fatalf("expected in-repo symlink to be accepted, got error: %v", err)
}
// The returned resolved path must be the real file (not the symlink entry).
// validateDocmapPath calls filepath.EvalSymlinks internally, so the returned
// path is always the fully-resolved real path — it can never equal the
// symlink entry itself.
if resolved == symlinkPath {
t.Errorf("expected resolved path to differ from symlink path")
}
}
docs/DESIGN-137-doc-map.md
+82
View File
@@ -0,0 +1,82 @@
# Design: doc-map input for path-scoped design doc injection (Issue #137)
## Problem
review-bot can inject context via `patterns-repo` (external VCS repos) and `conventions-file`
(a single file from the reviewed repo). There is no mechanism to inject local repo documentation
files scoped to the paths changed in a PR.
First consumer: `grgl/gargoyle#778` needs a "doc adherence" reviewer that checks code against the
module's governing design doc, without injecting every doc in the tree.
## Approach
### New: `doc-map` input
A `.review-bot/doc-map.yml` config file in the reviewed repo maps source path globs to governing
design docs. review-bot reads the map, intersects it with changed PR paths, and injects only the
relevant docs into the system prompt.
### Config format
```yaml
mappings:
- paths:
- "lib/gargoyle/engine/signal_risk/**"
docs:
- docs/domain/contexts/risk/risk-controls.md
- paths:
- "lib/gargoyle/trading/**"
docs:
- docs/domain/contexts/trading/
```
- `paths` — glob patterns (including `**`) matched against changed file paths in the PR
- `docs` — file paths or directory paths (all `.md` files under a directory) to inject
- Docs are deduplicated across mappings
### Architecture
| Component | Description |
|-----------|-------------|
| `review/docmap.go` | YAML parsing, glob matching with `**` support, doc loading via VCS |
| `cmd/review-bot/main.go` | Step 6c: parses config, intersects with changed files, calls LoadMatchingDocs |
| `budget/budget.go` | New `DesignDocs` section — injected after Conventions in system prompt |
| `action.yml` | `doc-map` and `doc-map-max-bytes` inputs, wired to `DOC_MAP_FILE`/`DOC_MAP_MAX_BYTES` |
### Doc file loading
- The `doc-map` YAML file is read from the local workspace (like `system-prompt-file`).
- Doc files listed in the config are fetched via VCS API (same as `conventions-file`),
enabling them to be loaded from any branch without a local checkout.
- `GetAllFilesInPath` is tried first; if it returns files, they are treated as a directory listing.
If it returns empty, `GetFileContent` is tried as a fallback (single file).
### Glob matching
`**` is implemented by splitting patterns and paths on `/`, then matching segment-by-segment.
A `**` segment consumes zero or more path segments (not just one level like `*`).
### Budget integration
`DesignDocs` is added to `budget.Sections` between `Conventions` and `FileContext`.
Trim order: Patterns → Conventions → DesignDocs → FileContext → Diff.
Design docs appear in the system prompt under `## Design Documents`.
### Context size guard
Default: 100 KB. Configurable via `--doc-map-max-bytes` / `DOC_MAP_MAX_BYTES`.
Truncation is noted inline with a `⚠️` message.
## Error handling
| Situation | Behavior |
|-----------|----------|
| `--doc-map` file not found | Fatal error (like `--system-prompt-file`) |
| `--doc-map` file invalid YAML | Fatal error with descriptive message |
| Unknown YAML keys | Log warning, continue |
| Doc file not found in VCS | Log warning, skip |
| Doc directory empty or no `.md` files | Log debug, skip |
| Total size exceeds limit | Truncate with notice, log warning |
| No changed paths match any mapping | No docs injected, review runs normally |
| `paths` or `docs` list empty in a mapping | Skip that mapping |
docs/DESIGN-51-personas.md
+334
View File
@@ -0,0 +1,334 @@
# Design: Role-based Review Personas (Issue #51)
> **Note:** This design was revised during implementation to use JSON instead of YAML
> to maintain the repository's zero-external-dependencies convention. All persona
> files use JSON format. See "Design Revision" section at the end for details.
## Problem
Current review-bot performs generic code review. Every reviewer (regardless of `reviewer-name`) uses the same base prompt and evaluates the same concerns. This leads to:
1. **Redundancy** — Two reviewers (e.g., GPT + Claude twins) often flag identical issues
2. **Gaps** — Generic reviewers miss specialized concerns (security, domain logic, architecture)
3. **Noise** — NITs about style mixed with critical security findings
4. **No ownership** — Findings lack clear domain attribution
## Constraints
- Must work with existing CLI flags and CI workflow patterns
- Must not break backwards compatibility (existing configs still work)
- Must integrate cleanly with the budget system (personas add to context)
- Multiple personas running in parallel must not interfere with each other
- Each persona must have clear scope boundaries (no duplication)
## Proposed Approach
### 1. Persona Definition
A persona is a named review role with:
- **Identity** — Who am I? What's my expertise?
- **Focus** — What do I look for?
- **Scope boundaries** — What do I explicitly NOT comment on?
- **Severity calibration** — What counts as MAJOR/MINOR/NIT for MY domain?
Personas are defined in JSON files that can live:
1. In the pattern repos (shared across projects)
2. In the target repo (project-specific personas)
3. Inline via a new `--persona-file` flag (JSON format)
### 2. Persona File Format
```json
# .review/personas/security.yaml
name: security
display_name: Security Specialist
model_preference: opus # optional hint for expensive analysis
identity: |
You are a security specialist reviewing code for vulnerabilities.
Your expertise: OWASP Top 10, injection attacks, auth/authz, secrets management,
event sourcing security (replay attacks, event injection).
focus:
- Injection attacks (SQL, command, path traversal, template)
- Authentication and authorization gaps
- Secrets exposure (hardcoded credentials, tokens in logs)
- Input validation (unsanitized input, unsafe deserialization)
- Race conditions with security implications
- Event sourcing attack vectors
ignore:
- Code style and naming conventions
- Performance (unless security-related)
- Documentation
- General code quality
- Test coverage
severity:
critical: "Remote code execution, auth bypass, data exfiltration"
major: "Privilege escalation, information disclosure, DoS"
minor: "Missing rate limiting, verbose errors"
nit: "Theoretical risk with low exploitability"
output_format: |
For each finding:
- Severity: [CRITICAL|MAJOR|MINOR|NIT]
- Attack vector: How could this be exploited?
- Evidence: Code snippet showing the vulnerability
- Recommendation: Specific fix
```
### 3. New CLI Flags
```
--persona-file PATH Path to persona JSON file (local or in repo)
--persona NAME Built-in persona name (security, architect, domain)
```
Either flag sets the persona. If neither is provided, behavior is unchanged (generic review).
### 4. Prompt Assembly
Current flow:
```
SystemBase → Patterns → Conventions → [LLM]
```
New flow with persona:
```
PersonaPrompt (from YAML) → Patterns (filtered?) → Conventions → [LLM]
```
The persona's identity/focus/ignore/severity sections become the system prompt, replacing the generic "You are an expert code reviewer" base.
### 5. Built-in Personas
Ship with these built-in personas (loadable via `--persona NAME`):
| Name | Focus |
|------|-------|
| `security` | Vulnerabilities, auth, secrets |
| `architect` | Patterns, consistency, design |
| `domain` | Business logic (requires repo-specific config) |
| `docs` | Documentation, API clarity |
Built-in personas live in `review/personas/` as embedded Go assets or YAML shipped with the binary.
### 6. CI Workflow Integration
Single persona:
```yaml
- uses: rodin/review-bot/.gitea/actions/review@v1
with:
reviewer-name: security
persona: security
...
```
Multiple personas (parallel jobs):
```yaml
jobs:
review:
strategy:
matrix:
include:
- name: security
persona: security
- name: architect
persona: architect
steps:
- uses: rodin/review-bot/.gitea/actions/review@v1
with:
reviewer-name: ${{ matrix.name }}
persona: ${{ matrix.persona }}
```
Custom persona from repo:
```yaml
- uses: rodin/review-bot/.gitea/actions/review@v1
with:
reviewer-name: trading
persona-file: .review/personas/trading.yaml
```
### 7. Persona + Patterns Interaction
Some personas benefit from filtered patterns:
- Security → only security-related patterns
- Architect → all patterns (structural focus)
- Domain → domain docs, not language patterns
For v1, keep it simple: all patterns are included regardless of persona. Future enhancement could add `patterns_filter` to persona YAML.
### 8. Output Format Changes
Persona name appears in the review header:
```markdown
# Security Review
## Summary
No critical vulnerabilities found in this change.
## Findings
| # | Severity | File | Line | Finding |
...
## Recommendation
**APPROVE** — No security-relevant issues detected.
---
*Review by security*
<!-- review-bot:security -->
```
## State/Data Model
### Persona struct
```go
// review/persona.go
type Persona struct {
Name string `yaml:"name"`
DisplayName string `yaml:"display_name"`
ModelPref string `yaml:"model_preference,omitempty"`
Identity string `yaml:"identity"`
Focus []string `yaml:"focus"`
Ignore []string `yaml:"ignore"`
Severity Severity `yaml:"severity"`
OutputFormat string `yaml:"output_format,omitempty"`
}
type Severity struct {
Critical string `yaml:"critical"`
Major string `yaml:"major"`
Minor string `yaml:"minor"`
Nit string `yaml:"nit"`
}
```
### Loading precedence
1. `--persona-file PATH` → load from local file system
2. `--persona NAME` → load from embedded built-ins
3. Neither → use generic system prompt (current behavior)
## Error Cases
| Error | Handling |
|-------|----------|
| Persona file not found | Fatal exit with clear message |
| Invalid YAML in persona file | Fatal exit with parse error |
| Both `--persona` and `--persona-file` specified | Fatal exit: mutually exclusive |
| Unknown built-in persona name | Fatal exit with list of valid names |
| Empty identity in persona | Warning, fall back to generic prompt |
## Edge Cases
- **Empty focus list**: Valid — persona relies on identity alone
- **Empty ignore list**: Valid — no explicit scope exclusions
- **No severity section**: Use default MAJOR/MINOR/NIT definitions
- **Model preference set but budget insufficient**: Ignore preference, log warning
- **Persona file in pattern repo**: Fetch like other pattern files
## Testing Strategy
### Unit tests
- `persona_test.go`: Parse valid/invalid YAML, validate required fields
- `prompt_test.go`: Verify persona prompt assembly
- Integration with budget: persona prompts count toward token limit
### Integration tests
- End-to-end with `--persona security` (built-in)
- End-to-end with `--persona-file custom.yaml`
- Backwards compatibility: no flags = generic behavior
### Manual verification
- Run security persona on a PR with obvious vulnerability
- Verify security persona ignores style issues
- Verify non-security persona doesn't flag security issues
## Implementation Phases
### Phase 1: Persona types and loading
- [ ] `review/persona.go`: Persona struct + YAML parsing
- [ ] `review/persona_test.go`: Unit tests
- [ ] Embed built-in personas in binary
- [ ] Compiles clean, tests pass
### Phase 2: Prompt generation
- [ ] `review/prompt.go`: `BuildPersonaPrompt(p Persona) string`
- [ ] Modify `BuildSystemBase()` to accept optional persona
- [ ] Integrate persona prompt with budget system
- [ ] Tests for prompt assembly
### Phase 3: CLI integration
- [ ] Add `--persona` and `--persona-file` flags
- [ ] Flag validation (mutually exclusive, valid names)
- [ ] Load persona based on flags
- [ ] Pass persona to prompt builder
### Phase 4: Action integration
- [ ] Add `persona` and `persona-file` inputs to action.yml
- [ ] Update README with persona examples
- [ ] End-to-end CI test
### Phase 5: Built-in personas
- [ ] `security.yaml` built-in
- [ ] `architect.yaml` built-in
- [ ] `docs.yaml` built-in
- [ ] Document each persona's focus
## Open Questions
1. **Persona file location in repo**: Should we support `--persona-file .review/security.yaml` where the file is fetched from the PR's repo (like conventions)? This adds complexity but enables project-specific personas without action changes.
2. **Model preference enforcement**: If persona specifies `model_preference: opus` but the action uses a different model, should we warn? Override? Ignore? Current thinking: log warning, use the specified model (user controls model via action input).
3. **Severity override output**: If persona defines custom severity levels (CRITICAL), should the JSON output include them, or map back to standard MAJOR/MINOR/NIT? Current thinking: keep standard output format, use severity calibration only for prompt guidance.
## Completion Checklist
1. Persona struct matches YAML schema exactly?
2. Built-in personas embedded in binary (not external files)?
3. `--persona` and `--persona-file` are mutually exclusive?
4. Unknown persona name produces clear error with valid options?
5. Empty persona file fields have sensible defaults?
6. Persona prompt integrates with budget system (token counting)?
7. Backwards compatibility: no flags = current behavior?
8. Review header shows persona display name?
9. Sentinel still uses reviewer-name (not persona name)?
10. Unit tests cover parse errors, missing fields, valid YAML?
## Design Review Findings (Self-Review)
### Finding 1: Severity Mapping
The persona YAML allows `critical` severity, but the LLM output parser (`review/parser.go`) only accepts MAJOR/MINOR/NIT.
**Resolution:** Keep standard output format. Persona severity section is ONLY for calibrating the LLM's judgment (prompt guidance). Output must still use MAJOR/MINOR/NIT. Document this clearly in persona format docs.
### Finding 2: Embedding Built-in Personas
Go doesn't natively embed YAML. Must use `//go:embed` directive (Go 1.16+).
**Resolution:** Create `review/personas/` directory with YAML files and use:
```go
//go:embed personas/*.yaml
var embeddedPersonas embed.FS
```
### Finding 3: display_name vs reviewer-name
Design says header shows "persona display name" but sentinel uses "reviewer-name". This is correct - they serve different purposes:
- `display_name` → human-readable header ("Security Specialist Review")
- `reviewer-name` → machine sentinel for cleanup (`<!-- review-bot:security -->`)
When persona is used, `display_name` takes precedence for the header title, but `reviewer-name` (CLI flag) is still used for the sentinel.
## Design Revision: YAML with gopkg.in/yaml.v3
**Decision:** Add `gopkg.in/yaml.v3` as a dependency.
YAML is preferred over JSON for persona files because:
- Multi-line strings are cleaner (no escaping quotes in identity/focus text)
- Comments are supported for documentation
- More human-readable for complex persona definitions
The implementation supports both YAML (`.yaml`, `.yml`) and JSON (`.json`) for backwards compatibility, with YAML as the default for built-in personas.
docs/DESIGN-57-yaml-persona.md
+87
View File
@@ -0,0 +1,87 @@
# Design: YAML Support for Persona Files (#57)
## Problem
JSON is awkward for persona files that contain multi-line text (identity, severity descriptions). YAML supports cleaner multi-line strings and comments, improving readability and maintainability.
## Constraints
- Backwards compatibility: existing JSON personas must continue to work
- Security: protect against DoS via deeply nested YAML (AIKIDO-2024-10486)
- Consistency: use `.yaml` extension (not `.yml`)
- Library: use `github.com/goccy/go-yaml` v1.16.0+ (approved in CONVENTIONS.md); we implement custom AST-based depth/node-count checks for precise alias-aware validation
## Proposed Approach
1. **Update `parsePersona`** to detect format from file extension
2. **Add YAML parsing** with explicit depth limit (defense in depth)
3. **Keep JSON as fallback** for files without `.yaml`/`.yml` extension
4. **Convert built-in personas** to YAML format
5. **Update embed directive** to include both formats
### File Extension Detection
```go
func parsePersona(data []byte, source string) (*Persona, error) {
isYAML := strings.HasSuffix(source, ".yaml") || strings.HasSuffix(source, ".yml")
if isYAML {
return parseYAML(data, source)
}
return parseJSON(data, source)
}
```
### YAML Parsing with Depth Protection
We implement a custom AST-based depth/node-count walk (`checkYAMLDepth` in
`review/persona.go`) rather than relying on library decoder options. Key design
decisions:
- **Library:** `github.com/goccy/go-yaml` with `ast.Node`-based traversal
- **Dual-map tracking:** `validated` (depth-aware short-circuit) + `visiting` (cycle detection)
- **Node-count limit:** Conservative overcounting bounds total validation work
- **Alias-aware depth:** Aliases increment depth and are re-checked when encountered at greater depths
See `review/persona.go:checkYAMLDepth` for the authoritative implementation.
## State/Data Model
No new state. Same `Persona` struct, just different parsing.
## Error Cases
| Error | Handling |
|-------|----------|
| Invalid YAML syntax | Return parse error with source file |
| Deeply nested YAML | Custom AST walk (`checkYAMLDepth`) rejects before decode |
| Unknown extension | Fall back to JSON parsing |
| Missing required fields | Validation rejects after parse |
## Edge Cases
- File with `.json` extension but YAML content → JSON parse fails, user sees error
- File with no extension → defaults to JSON
- Embedded persona reference like `builtin:security` → detect by embed path (`personas/X.yaml`)
## Testing Strategy
1. Unit tests for YAML parsing (valid, invalid, deeply nested)
2. Unit tests for extension detection
3. Integration test for built-in personas (now YAML)
4. Backwards compat test: verify JSON still works for external files
## Completion Checklist
1. [ ] `go-yaml` dependency added at v1.16.0+
2. [ ] Extension detection uses case-insensitive comparison
3. [ ] YAML parse errors include source file name
4. [ ] JSON parsing still works for `.json` files
5. [ ] Built-in personas converted to YAML with readable multi-line strings
6. [ ] Embed directive updated to include `*.yaml`
7. [ ] Test for deeply nested YAML rejection
8. [ ] All existing tests pass
## Open Questions
- Should we support both `.yaml` AND `.yml`? Issue says `.yaml` only for consistency, but some users expect `.yml`. **Decision:** Support both for reading, recommend `.yaml` in docs.
- Should we add a "format" field to detect mismatched extension/content? **Decision:** No, keep it simple. Extension determines format.
docs/dev-loop-spec.md
+1 -24
View File
@@ -231,8 +231,6 @@ These are statically checked by `~/.openclaw/workspace/scripts/test/check-invari
| S6 | Active WIP does not cause early exit (only sets ACTIVE_WIP flag) |
| S7 | SPAWN:impl guarded by `ACTIVE_WIP == 0` check |
| S8 | No merge calls in any worker template |
| S9 | Zero close-PR API calls in dispatch script (`state=closed` does not appear) |
| S10 | No close-PR API calls in any worker template; every worker template contains `NEVER close a PR` |
---
@@ -265,20 +263,9 @@ Each worker receives a precise task description with substituted values:
Workers **always** remove the WIP label on completion and reply `NO_REPLY`.
### Worker Absolute Constraints
Every worker template begins with an `⛔ ABSOLUTE CONSTRAINTS` section containing these rules:
- **NEVER close a PR.** Never call `PATCH /pulls/{id}` with `state=closed`. Closing a PR requires human action. "Duplicate", "superseded", or "already done" are never a worker's call.
- **NEVER merge a PR.** Never call the merge API. Merging requires human approval.
- **NEVER use the gitea-aweiker token.** All API calls use the gitea-rodin token only.
- **NEVER act on a PR with active REQUEST_CHANGES.** Fix the findings first.
The first two constraints are statically enforced by `check-invariants.sh`: S1 and S9 cover the dispatch script (no merge, no close); S8 covers worker templates (no merge calls); S10 covers worker templates (no close calls, with NEVER-close text verified present in each). The remaining two constraints (token usage and REQUEST_CHANGES gate) are enforced by runtime logic.
---
## 9. Fixes for Issues #144, #145, and #157
## 9. Fixes for Issues #144 and #145
**Issue #144** (autonomous merge):
The dispatch script contains no merge API calls anywhere. The `~/.openclaw/workspace/scripts/test/check-invariants.sh`
@@ -289,13 +276,3 @@ Rule 2 is the **first** rule evaluated per PR. It cannot be skipped, reasoned pa
or bypassed. It is checked before CI, before self-review, before handoff. The check
uses latest-per-reviewer state, so a reviewer who re-approved after REQUEST_CHANGES
is correctly handled.
**Issue #157** (autonomous PR close):
Worker templates were missing an explicit constraint against closing PRs. The dispatch
script never had a close call, but workers could reason their way into calling
`PATCH /pulls/{id}` with `state=closed`. All worker templates now include
`NEVER close a PR` in their ABSOLUTE CONSTRAINTS section. Invariant S9 verifies
the dispatch script contains no close calls. Invariant S10 verifies
worker templates contain no close calls and each contains the NEVER-close text.
Regression tests in `dispatch.bats` statically verify all of these constraints.
review/docmap.go
+1 -1
View File
@@ -57,7 +57,7 @@ func ParseDocMapConfig(localPath string) (*DocMapConfig, error) {
// ParseDocMapConfigContent parses a doc-map YAML config from an in-memory
// string. The source parameter is used only for error messages and log entries
// (e.g. "owner/repo@main:.review-bot/doc-map.yml").
// (e.g. "main:main@<ref>").
//
// Use this when the config content has been fetched from a trusted VCS ref
// rather than read from the local workspace.