PR #396 #1178
cameroncookecodeql
on: dynamic
Matrix: analyze
Annotations
3 errors and 2 warnings
|
renderTranscript produces empty output for 'cli-text' strategy:
src/rendering/render.ts#L167
The refactored `renderTranscript` calls `createRenderHooks(strategy, ...).finalize(input)` directly. For the `'cli-text'` strategy, the returned `finalize` hook ignores its `input` parameter and only invokes `renderer.finalize()` on a freshly created renderer that never received any fragments, structured output, or next steps. As a result, `renderTranscript(input, 'cli-text')` (and `renderFragments(..., 'cli-text')`) always returns an empty string regardless of input, silently dropping all transcript content for any caller using the cli-text strategy.
|
|
[46P-FRU] renderTranscript produces empty output for 'cli-text' strategy (additional location):
src/rendering/render.ts#L166
The refactored `renderTranscript` calls `createRenderHooks(strategy, ...).finalize(input)` directly. For the `'cli-text'` strategy, the returned `finalize` hook ignores its `input` parameter and only invokes `renderer.finalize()` on a freshly created renderer that never received any fragments, structured output, or next steps. As a result, `renderTranscript(input, 'cli-text')` (and `renderFragments(..., 'cli-text')`) always returns an empty string regardless of input, silently dropping all transcript content for any caller using the cli-text strategy.
|
|
Daemon runtime no longer rethrows direct invocation errors:
src/runtime/tool-invoker.ts#L585
The previous code rethrew the error when `opts.runtime === 'daemon'`, allowing the daemon to surface infrastructure failures to its caller. The new code unconditionally calls `emitExplicitRuntimeError` and swallows the exception, so daemon-internal direct invocations that fail will no longer propagate the error to the daemon's RPC layer. Callers relying on the daemon throwing on infra errors may now silently receive a structured error fragment instead, changing behavior and potentially breaking error handling/backwards compatibility.
|
|
Analyze (javascript-typescript)
Starting April 2026, the CodeQL Action will skip computing file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses.
To opt out of this change, create a custom repository property with the name `github-codeql-file-coverage-on-prs` and the type "True/false", then set this property to `true` in the repository's settings.
|
|
Snapshot suite invokes real xcrun mcpbridge and live Xcode instance:
src/snapshot-tests/suites/xcode-ide-suite.ts#L87
The suite gates on `isXcodeIdeBridgeAvailable()` and then drives `harness.invoke('xcode-ide', ...)` against a real running Xcode/xcrun mcpbridge to populate fixtures. While this is a snapshot suite (not a unit test) and is guarded by availability checks, the skill's guardrails state that tests should not call real `xcodebuild`/`xcrun`/devices/simulators. Reviewer should confirm this snapshot path is intentionally classified as integration/contract validation rather than a unit boundary, and that snapshot updates produced from this live bridge are reviewed as contract changes.
|