agent

core/agent

Fork 0

Commit graph

Author	SHA1	Message	Date
Snider	40d2b0db16	fix: address Codex round 7 — path traversal + dispatch check Some checks failed CI / test (push) Failing after 2s Details High/Security: sanitise input.Repo via filepath.Base to prevent path traversal in workspace prep (../escape from CODE_PATH). High/Security: sanitise repo.Repo from API response in syncRepos to prevent path traversal via crafted checkin responses. Medium: dispatchFixFromQueue now returns error, review_queue checks success before recording fix_dispatched. Known issues updated with async bridge provider findings. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 17:25:23 +00:00
Snider	013396bf91	docs: record known issues from 7 rounds of Codex review Some checks failed CI / test (push) Failing after 3s Details API enhancements, test coverage gaps, conventions, and compile issues — all acknowledged and tracked for future work. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 17:22:17 +00:00

Author

SHA1

Message

Date

Snider

40d2b0db16

fix: address Codex round 7 — path traversal + dispatch check

CI / test (push) Failing after 2s

Details

High/Security: sanitise input.Repo via filepath.Base to prevent
path traversal in workspace prep (../escape from CODE_PATH).

High/Security: sanitise repo.Repo from API response in syncRepos
to prevent path traversal via crafted checkin responses.

Medium: dispatchFixFromQueue now returns error, review_queue checks
success before recording fix_dispatched.

Known issues updated with async bridge provider findings.

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-21 17:25:23 +00:00

Snider

013396bf91

docs: record known issues from 7 rounds of Codex review

CI / test (push) Failing after 3s

Details

API enhancements, test coverage gaps, conventions, and compile
issues — all acknowledged and tracked for future work.

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-21 17:22:17 +00:00

2 commits