review-bot

rodin/review-bot

Fork 0

Files

T

History

claw b5f17ddfc4

PR Ready Gate / clear-labels (pull_request) Successful in 2s

Details

CI / test (pull_request) Successful in 17s

Details

CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 38s

Details

CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m18s

Details

CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m20s

Details

fix(security): prevent alias depth bypass in YAML validator

The global 'seen' set allowed anchored subtrees validated at a shallow
depth to be skipped when later referenced via alias at a greater depth.
This could let effective nesting exceed MaxYAMLDepth, enabling DoS.

Fix: replace the single 'seen' set with two tracking maps:
- validated (node -> min depth): only short-circuits when current depth
  <= previously validated depth; re-checks at deeper contexts.
- visiting (node -> bool): per-path recursion stack for true cycle
  detection (breaks alias loops without suppressing depth checks).

Add TestYAMLAliasDepthBypass that constructs a document with an
anchored 15-level subtree referenced via alias under 6 levels of
nesting, verifying the combined effective depth (22) is rejected.

Addresses security-review-bot findings on review #2774.

2026-05-12 14:07:05 -07:00

personas

feat: add YAML support for persona files (#57 )

2026-05-10 14:16:41 -07:00

formatter_test.go

feat(persona): add role-based review personas

2026-05-10 09:14:48 -07:00

formatter.go

fix: address review feedback on persona feature

2026-05-10 10:01:34 -07:00

parser_test.go

fix: repair unescaped quotes in LLM JSON responses (#45 )