Rodin

rodin created branch review-bot-issue-96 in rodin/review-bot

2026-05-13 17:31:22 +00:00

rodin pushed to review-bot-issue-96 at rodin/review-bot

2026-05-13 17:31:22 +00:00

ce48dc0ec6 feat(github): add safeguards against accidental AllowInsecureHTTP use (#96)

rodin created pull request rodin/review-bot#112

2026-05-13 17:29:21 +00:00

feat(gitea): pass commit_id explicitly in PostReview (#107)

rodin pushed to review-bot-issue-107 at rodin/review-bot

2026-05-13 17:29:11 +00:00

e59c2bc831 feat(gitea): pass commit_id explicitly in PostReview (#107)

rodin created branch review-bot-issue-107 in rodin/review-bot

2026-05-13 17:29:11 +00:00

rodin commented on issue rodin/review-bot#96

2026-05-13 17:26:18 +00:00

Add safeguards against accidental AllowInsecureHTTP use in production

Plan: Add safeguards against accidental AllowInsecureHTTP use in production

Problem

AllowInsecureHTTP() is a client option that permits sending credentials over HTTP. It's currently a…

rodin commented on issue rodin/review-bot#107

2026-05-13 17:25:22 +00:00

PostReview: pass CommitID explicitly via ReviewRequest

Plan: PostReview — pass CommitID explicitly

Problem

gitea.Client.PostReview() does not include a commit_id field in the review payload. The review is not explicitly anchored to the…

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:49:39 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

Inline Finding Acknowledgments

All inline review findings have been resolved and threads marked as resolved. Summary of resolutions:

From review 3158 (sonnet):

18929 [MINOR]…

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:48:41 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

test reply again

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:48:33 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

test reply

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:44:08 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

Self-Review: PR #106

Self-review against 91fba770d9e07d7fe5b76ba634b59d073645d8e4

Phase 1: Independent Findings

None — diff looks clean.

The refactor correctly replaces direct…

rodin commented on pull request rodin/review-bot#111

2026-05-13 16:36:22 +00:00

feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)

Self-Review: PR #111

Self-review against 7de6fdd9ec7db7441bc1bbd58dafabc6a4ad4aad

Phase 1: Independent Findings

None — diff looks clean. The defaultCheckRedirect implementation is…

rodin pushed to review-bot-issue-82 at rodin/review-bot

2026-05-13 16:33:12 +00:00

91fba770d9 fix(ci): restore *vcsURL default in --gitea-url alias registration

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:32:14 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

Fix Plan against 5252143a33c634301efea27789016366d3548853:

Root Cause

Commit 5252143 changed the --gitea-url backward-compatible alias from:

flag.StringVar(vcsURL, "gitea-url",…

rodin pushed to review-bot-issue-95 at rodin/review-bot

2026-05-13 16:28:51 +00:00

7de6fdd9ec fix: address review feedback on redirect policy

rodin commented on pull request rodin/review-bot#111

2026-05-13 16:28:35 +00:00

feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)

Verified: Go's url.Parse normalizes schemes to lowercase. Tested with Go 1.26.2:

Input: "HTTP://example.com"   -> Parsed scheme: "http"
Input: "HTTPS://example.com"  -> Parsed scheme:…

rodin commented on pull request rodin/review-bot#111

2026-05-13 16:28:26 +00:00

feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)

Acknowledged — I've added cross-reference comments pointing to the sibling implementation in both files. An internal/ package would add structural overhead for a single function (~25 lines), so…

rodin commented on pull request rodin/review-bot#111

2026-05-13 16:27:11 +00:00

feat: reject cross-host redirects and HTTPS→HTTP downgrades (#95)

Fix Plan against 1e0959b077bd0b06807ea984ba17dd137b8023f9:

Findings & Actions

rodin pushed to review-bot-issue-82 at rodin/review-bot

2026-05-13 16:20:39 +00:00

5252143a33 fix: address review feedback — alias default, acronym convention, observability

rodin commented on pull request rodin/review-bot#106

2026-05-13 16:18:54 +00:00

feat(cmd): wire --provider and --base-url flags into CLI (Phase 5)

Fix Plan against ac6d34f5bd09cb340db87acee6f34c1c2c504f53:

#19639 [MINOR] cmd/review-bot/main.go:87 — --gitea-url alias ordering dependency

Decision: FIX

The reviewer is correct…