rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

feat(#137): add doc-map input for path-scoped doc injection #138

Merged
rodin merged 7 commits from issue-137 into main 2026-05-15 03:39:37 +00:00
Conversation 10 Commits 7 Files Changed 9
+6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit f7815b8778 - Show all commits
CHANGELOG.md
+6
View File
@@ -27,6 +27,12 @@ mappings:
- Multiple mappings can reference the same doc; docs are deduplicated - Multiple mappings can reference the same doc; docs are deduplicated
- Missing doc files: warn and skip (review continues without them) - Missing doc files: warn and skip (review continues without them)
- No matching paths: no docs injected, review runs normally - No matching paths: no docs injected, review runs normally
- Absolute paths and path traversal (`..` segments) in doc paths are rejected
### Security
- **Path traversal guard**: doc paths from the YAML config are validated to reject absolute paths and `..` segments before VCS API calls
- **Prompt injection guard**: design doc content is injected with an explicit instruction to treat it as reference data and not follow any instructions it may contain
## v0.3.2 ## v0.3.2