fix: merge latest dev updates into main#22
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- native.ts: add extractContext + formatArgs with matchedField/matchedWord tracing for "Context Sniper" popup — shows dangerous word in context - core.ts: extend evaluatePolicy return with matchedField/matchedWord; per-field scan after dangerous word found; pass through authorizeHeadless - daemon/index.ts: gate SSE broadcast and browser open on browser config flag - LICENSE/package.json/README.md: MIT → Apache-2.0 - .github/workflows/ai-review.yml: add paths-ignore to prevent self-modification - scripts/ai-review.mjs: upgrade to claude-sonnet-4-6, max_tokens 2048 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Wrap diff in <diff>...</diff> markers with untrusted-content notice to mitigate prompt injection - Surface truncation note in posted PR comment when diff exceeds MAX_DIFF_CHARS - Downgrade API errors to warning comments + exit 0 so Anthropic outages don't block PRs - Pin @anthropic-ai/sdk@0.78.0 and @octokit/rest@22.0.1 to prevent supply-chain drift - Add explicit permissions block (contents: read, pull-requests: write) - Exclude dependabot[bot] from triggering review - Add fetch-depth: 0 to checkout step Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… main - ai-review.yml: replace AUTO_PR_TOKEN with GITHUB_TOKEN (permissions block already scopes it correctly — no broad PAT needed) - ai-review.yml: add --ignore-scripts to npm install to block malicious postinstall hooks from transitive dependencies - sync-dev.yml: new workflow — after every push to main, merge main back into dev so release-bot version bumps don't cause recurring README conflicts on the next dev -> main PR Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move @anthropic-ai/sdk and @octokit/rest into devDependencies and switch the ai-review workflow from bare npm install to npm ci --ignore-scripts. This locks all transitive dependencies to the committed lockfile, eliminating supply-chain drift on every CI run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- context-sniper.ts (new): shared RiskMetadata type, smartTruncate,
extractContext (returns {snippet, lineIndex}), computeRiskMetadata
- native.ts: import from context-sniper, use .snippet on extractContext calls
- core.ts: add tier to evaluatePolicy returns; compute riskMetadata once in
authorizeHeadless; pass it to initNode9SaaS, askDaemon, notifyDaemonViewer
- daemon/index.ts: store and broadcast riskMetadata in PendingEntry
- daemon/ui.html: renderPayload() uses riskMetadata for intent badge, tier,
file path, annotated snippet, matched-word highlight; falls back to raw args
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the Node9 cloud responds with shadowMode:true (org is in shadow mode), print a yellow warning to stderr instead of blocking the agent. The developer sees exactly why it was flagged without being interrupted. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…er, and integration tests - Add Zod v3 schema validation (config-schema.ts) with clear error messages for bad config.json — catches literal newlines, invalid regex, unknown keys, bad enums - Fix silent JSON parse fallback in tryLoadConfig: bad config now warns to stderr instead of silently using DEFAULT_CONFIG (which had cloud:true causing unexpected browser/cloud popups when config was invalid) - Fix auditLocalAllow fire-and-forget killed by process.exit: audit mode path now awaits the POST so SaaS receives the event before the process exits - Gate all auditLocalAllow calls on approvers.cloud so cloud:false (privacy mode) never sends data to SaaS - Fix double browser windows when cloud+browser both enabled: RACER 3 (browser) now skips when cloudEnforced, preventing duplicate daemon /check entries - Fix calledFromDaemon guard on terminal status messages to prevent duplicate output - Add check.integration.test.ts: 20 end-to-end tests spawning real node9 check subprocess with isolated HOME dirs and in-process mock SaaS server Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…plied Previously tryLoadConfig warned about invalid fields (e.g. mode:"bad-mode") but still returned the raw object, letting them override valid values from higher-priority config layers. A project-level node9.config.json with mode:"bad-mode" would override the global mode:"audit", bypassing audit mode and triggering the full cloud approval race unexpectedly. sanitizeConfig() now drops top-level keys that fail Zod validation so invalid project configs cannot corrupt the effective merged config. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…l test, improve comments - Remove unreliable 200ms sleep from audit+cloud test: auditLocalAllow is awaited before process.exit so the POST is done by the time the subprocess closes; if it ever races here it would be a production bug too - Add task* wildcard test: task_drop_all_tables must be fast-pathed to allow (documents the intentional security trade-off of user-configured wildcards) - Expand runCheck docstring explaining why cwd=tmpHome is needed alongside HOME=tmpHome (avoids inheriting the repo's own node9.config.json) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…noredTools precedence tests - Add `let resolved = false` guard in runCheckAsync to prevent double-resolve when child.kill() is called on timeout (close event fires after kill) - Fix mockServer.close() in afterEach to return a Promise (was fire-and-forget) - Document NODE9_TESTING=1 behavior in file header comment - Add runCheck/runCheckAsync raw string support for malformed payload testing - Add section 10: malformed JSON payload tests (non-JSON, empty, partial JSON) - Add ignoredTools precedence test: task* wildcard + dangerous word in input documents that ignoredTools fast-path bypasses dangerousWords (by design) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The CLI intentionally exits 0 on unparseable JSON (fail-open policy): a transient serialization error must not block the AI session mid-flight. The test was asserting the opposite. Updated all three malformed-payload tests to verify graceful failure (no crash/stack trace) rather than an error exit code. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
core.ts:
- fix review-git-push regex: literal space → \s+ so "git push" can't bypass
- fix getConfig(): environments block was always hardcoded {} and never merged
from global/project config files; now applyLayer() accumulates environments
correctly so strict-mode env overrides actually work
examples/node9.config.json.example:
- remove dangerousWords that caused false positives; keep only mkfs + shred
(catastrophic, unambiguous — everything else handled by smartRules)
- add enterplanmode/enterworktree/exitworktree to ignoredTools
- add execute_query, query, mcp__postgres__*, mcp__github__* to toolInspection
- fix allow-readonly-bash regex: "npm run(build|test)" → "npm run (build|test)"
(was matching "runbuild"/"runtest" instead of "run build"/"run test")
- remove smartRules already covered by built-in defaults:
review-delete-without-where, block-force-push, block-drop-database, review-sudo
- remove "push"/"git" rules entries (match tool *names*, never fire for bash)
- remove non-functional environments block (was silently ignored until above fix)
- add approvalTimeoutMs:30000, version:"1.0", expanded snapshot.tools + ignorePaths
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ule bypass, tests core.ts: - move mergedEnvironments declaration before applyLayer closure so the captured variable is clearly in scope (was hoisted at runtime but misleading to read) - replace unsafe Partial<EnvironmentConfig> spread with field-level validation: only copies requireApproval when it is a boolean, ignoring any other input - add version guard in tryLoadConfig: warns to stderr when a config file declares a version other than "1.0" so future schema changes can be caught early examples/node9.config.json.example: - add notMatches (&&|\|\||;\s*\S) condition to allow-readonly-bash rule so chained commands like "cat /etc/passwd && rm -rf /" are NOT fast-allowed - tighten review-secrets-write file_path regex: add (^|[/\\]) path separator anchor so "notmy.env" no longer matches — only actual dotenv files do tests (advanced_policy.test.ts): - 6 new tests for allow-readonly-bash: verifies safe commands are allowed, &&/||/; chaining is rejected, pipe-only chains remain allowed - 4 new tests for environments merge: project overrides global, type-unsafe values are dropped, multiple envs merge independently Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ets detection - allow-readonly-bash: add notMatches for $() and backtick to prevent command substitution bypass - allow-install-devtools: add notMatches guard for -g/--global flags - review-secrets-write: change to conditionMode any and add path/filename field checks alongside file_path - Add review-command-substitution rule (catches $() and backtick) - Add review-global-install rule (catches npm/yarn/pnpm -g/--global) - Add tests: $() bypass, backtick bypass, npm install -g, --global, review-secrets-write multi-field (path, filename), version mismatch warning/rejection paths Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…n guard, secrets rule rename - Restore rm and drop to dangerousWords (security regression from previous cleanup) - Fix allow-readonly-bash notMatches: change ;\s*\S to bare ; so a trailing semicolon with no following content cannot bypass the guard - Rename review-secrets-write → flag-secrets-access to reflect that it covers reads as well as writes; update reason string to match - Add .env.bak test: dotfile backup IS flagged, notmy.env.bak is NOT - Update all test fixtures to use ; instead of ;\s*\S to stay consistent with the corrected example config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- node9 undo now filters snapshots by cwd, so you only see snapshots from the current project - add --all flag to show global snapshot history across all projects - add helpful hint message when no local snapshots found but global ones exist - add brew install to README quick start as recommended install method - add homebrew tap notification step to release workflow Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
🤖 Claude Code ReviewReview
|
- restore broken README image src to original GitHub asset URL - use jq for safe JSON serialization in homebrew dispatch curl call - add --fail to curl so failed dispatch is visible in CI logs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
🤖 Claude Code ReviewReviewCI/CD — Homebrew notification stepSecurity concern (medium): Correctness: The if: steps.release.outputs.new_release_published == 'true'Without this, spurious dispatches to the Homebrew tap will occur on every CI run against the release branch. Minor: CLI —
|
🤖 Claude Code ReviewReviewCI/Workflow (
|
## [1.0.12](v1.0.11...v1.0.12) (2026-03-20) ### Bug Fixes * merge latest dev updates into main ([#22](#22)) ([3e235d7](3e235d7))
|
🎉 This PR is included in version 1.0.12 🎉 The release is available on: Your semantic-release bot 📦🚀 |
2 participants
Auto-generated PR
Merge latest
devchanges intomainto trigger a release.