Skip to content

fix: land the 2026-07-01/02 review --max --fix hardening batch#195

Merged
unohee merged 3 commits into
mainfrom
feat/audit-fix-batch-0716
Jul 2, 2026
Merged

fix: land the 2026-07-01/02 review --max --fix hardening batch#195
unohee merged 3 commits into
mainfrom
feat/audit-fix-batch-0716

Conversation

@unohee

@unohee unohee commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

Two full-codebase audit passes (openswarm review --max --fix, 2026-07-01 22:48 + 2026-07-02 09:47) left ~130 files of worker-applied fixes in the working tree. This lands them, stabilized and reconciled with v0.15.0 (clean auto-merge).

Themes:

  • taskState store — prototype-pollution-safe task map (null-prototype via schema preprocess), fail-closed on corrupt persisted state, Linear sync-comment trust filter (marker/prefix + author allowlist) with an issueId mismatch guard, R5 reconcile extended to done→reopened
  • telemetry — command/adapter/event label sanitization (no path/prompt leakage), installId shape validation, unref'd send timeout
  • bsDetector — hardcoded-secret pattern now catches env-fallback literals (process.env.X || "secret")
  • adaptersreadOnly CliRunOptions plumbed through the tool layer
  • assorted per-area audit fixes (locale key coverage, fix-loop worker error surfacing, GraphQL resolvers, memory ops) + 13 new test files

Stabilization on top of the raw worker edits

  • 3 broken tests fixed: bsDetector expectation updated to the new intended behavior; telemetry mock uses a valid 21-char install id; sync-comment trust filter made compatible with the production fetcher (user: undefined → falls back to marker-only checks — otherwise hydration silently breaks in production)
  • 1 unused variable (oxlint)

Verification

Full suite 1389 passed · oxlint 0 · tsc clean (after merging v0.15.0)

🤖 Generated with Claude Code

unohee added 2 commits July 2, 2026 10:37
Two full-codebase audit passes (openswarm review --max --fix) applied
working-tree fixes across ~120 files, plus 13 new test files. Themes:

- taskState store: prototype-pollution-safe task map (null-prototype via
  schema preprocess), fail-closed on corrupt persisted state, Linear sync
  comment trust filter (marker/prefix + author allowlist; falls back to
  marker-only when the fetcher provides no author info), issueId mismatch
  guard, R5 reconcile extended to done->reopened transitions
- telemetry: label sanitization (command/adapter/event) so dynamic strings
  cannot leak paths or prompts, installId shape validation, unref'd send
  timeout so fire-and-forget never keeps the process alive
- bsDetector: hardcoded-secret pattern now catches env-fallback literals
  (process.env.X || "secret") instead of excluding any env-referencing line
- adapters: readOnly CliRunOptions plumbed through the tool layer
- assorted per-area fixes from the audit verdicts (locale key coverage,
  worker error surfacing in the fix loop, GraphQL resolvers, memory ops)

Post-batch stabilization on top of the raw worker edits: 3 broken tests
fixed (bsDetector expectation updated to the new intended behavior,
telemetry mock uses a valid 21-char install id, sync-comment trust filter
made compatible with the production fetcher's user:undefined) and 1 unused
variable. Full suite 1378 passed, lint 0, tsc clean.
Comment thread src/support/web.ts Fixed
/^Bearer\s+(.+)$/i backtracks polynomially on adversarial whitespace
runs in the Authorization header. Replace with a regex-free slice/trim
parse (same accepted forms: 'Bearer <token>' with space or tab).
@unohee unohee merged commit 5877f3b into main Jul 2, 2026
9 checks passed
@unohee unohee deleted the feat/audit-fix-batch-0716 branch July 2, 2026 01:48
@unohee unohee mentioned this pull request Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants