rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

Add YAML support for persona files #57

New Issue
Closed
opened 2026-05-10 17:11:09 +00:00 by rodin · 0 comments
rodin commented 2026-05-10 17:11:09 +00:00
Owner
Copy Link
Copy Source

Summary

Add YAML support for persona configuration files. YAML provides cleaner multi-line strings and supports comments, making persona definitions more readable and maintainable.

Requirements

  • Support both YAML and JSON formats for persona files
  • Detect format by file extension (.yaml/.yml vs .json)
  • Convert built-in personas to YAML format
  • Keep JSON parsing as fallback for backwards compatibility

Library

Use github.com/goccy/go-yaml v1.16.0 or later.

Why this library:

  • Actively maintained (10 releases in the last year, current v1.19.2)
  • Security issue (AIKIDO-2024-10486, DoS via deep nesting) was fixed promptly in v1.16.0
  • gopkg.in/yaml.v3 is abandoned (no code changes since May 2022)

Implementation Notes

  • Update parsePersona() to detect format and use appropriate parser
  • YAML files should use .yaml extension (not .yml) for consistency
  • Validate that deeply nested YAML is rejected (defense in depth)
## Summary Add YAML support for persona configuration files. YAML provides cleaner multi-line strings and supports comments, making persona definitions more readable and maintainable. ## Requirements - Support both YAML and JSON formats for persona files - Detect format by file extension (`.yaml`/`.yml` vs `.json`) - Convert built-in personas to YAML format - Keep JSON parsing as fallback for backwards compatibility ## Library Use `github.com/goccy/go-yaml` v1.16.0 or later. **Why this library:** - Actively maintained (10 releases in the last year, current v1.19.2) - Security issue (AIKIDO-2024-10486, DoS via deep nesting) was fixed promptly in v1.16.0 - `gopkg.in/yaml.v3` is abandoned (no code changes since May 2022) ## Implementation Notes - Update `parsePersona()` to detect format and use appropriate parser - YAML files should use `.yaml` extension (not `.yml`) for consistency - Validate that deeply nested YAML is rejected (defense in depth)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
ai-review
bug
needs-review
ready
Ready for human review
 self-reviewed
Self-review passed since last push
 wip
Work in progress - do not start new work on this PR
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
security-review-bot rodin (Rodin)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rodin/review-bot#57
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?