Commit graph

135 commits

Author SHA1 Message Date
kite
a37bee50fb fix: sanitize terminal control characters in text output to prevent escape-sequence injection (#143)
Strip C0/C1 control characters and DEL from model/diff-derived strings
before printing to the terminal, preventing OSC 52 clipboard hijack,
screen erasure spoofing, and other ANSI injection attacks (CWE-150).
JSON output is unaffected as encoding/json already escapes control chars.
2026-06-16 14:48:56 +08:00
Lei Zhang
813205552d
fix: use text/tabwriter for dynamic column alignment in ocr llm providers (#146)
- Replace hardcoded fmt.Printf width specifiers with text/tabwriter
- Column widths now adapt to actual content, preventing overflow
- Eliminates risk of misaligned columns when provider names exceed preset width
2026-06-16 10:54:15 +08:00
kite
15b8817c39 docs: update providers screenshot with newly added providers 2026-06-15 15:41:38 +08:00
kite
0a7d14e453 fix: remove duplicate kimi provider and fix test locale
Remove the duplicate kimi provider entry introduced by overlapping PRs
(#130 and #134). Keep the Kimi Moonshot API entry with MOONSHOT_API_KEY.

Set LC_ALL=C in Makefile test target to ensure git outputs English
messages regardless of system locale.
2026-06-15 15:32:53 +08:00
wxwxwxw_orange
2bde478993
feat(llm): add volcengine and kimi providers (#134)
* feat(llm): add volcengine and kimi providers
Add pay-as-you-go OpenAI-compatible presets for Volcano Engine Ark
and Kimi Moonshot API.

Co-authored-by: Cursor <cursoragent@cursor.com>

* Apply suggestions from code review

Co-authored-by: lizhengfeng <lizhengfeng.lzf@alibaba-inc.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: lizhengfeng <lizhengfeng.lzf@alibaba-inc.com>
2026-06-15 15:23:19 +08:00
MuoDoo
86380286be
fix: sort provider selection list (#135) 2026-06-15 14:55:41 +08:00
DanielWalnut
3236a610ec
fix: remove sonnet 4.7&4.8 (#133) 2026-06-15 12:53:48 +08:00
kite
7c0b70b02b test(diff): add unit tests for readWorkspaceFileForDiff
Cover all key branches: regular file read, path traversal rejection,
directory rejection, parent symlink escape, external/internal symlink
target handling, and nonexistent file error.
2026-06-15 11:51:51 +08:00
不许对我狗叫丶
3b68c93013
feat: add Kimi provider (#130)
* feat: add build-in kimi provider

Co-authored-by: lizhengfeng <lizhengfeng.lzf@alibaba-inc.com>
2026-06-15 11:50:25 +08:00
不许对我狗叫丶
17c5edca8a
feat: add minimax provider (#131)
* feat: add build-in minimax provider


Co-authored-by: lizhengfeng <lizhengfeng.lzf@alibaba-inc.com>
2026-06-15 11:49:14 +08:00
不许对我狗叫丶
957132e3b6
fix: change mimo token plan url to api url and add mimo flash model (#132) 2026-06-15 09:57:04 +08:00
MuoDoo
4b3f41df10
Fix workspace symlink diff containment (#125)
* Fix workspace symlink diff containment

* Share repository path containment helpers
2026-06-15 00:03:36 +08:00
不许对我狗叫丶
6b8d269c0b
feat: add mimo provider (#124)
Some checks failed
Deploy Pages / build (push) Has been cancelled
Deploy Pages / deploy (push) Has been cancelled
2026-06-14 22:31:30 +08:00
ZheNing Hu
283ec8558c
fix(diff): detect renamed and deleted files correctly in diff parsing (#105)
When a file was renamed on the target branch, ocr review emitted
'[ocr] WARNING: cannot read file <old path> at ref <to>: exit status 128'.

Two compounding bugs:

1. The parser required 'a/'/'b/' prefixes when matching '--- /dev/null' /
   '+++ /dev/null', but git emits these lines without prefixes, so
   IsNew/IsDeleted were never set and deleted files fell through to a
   doomed 'git show ref:<old path>'.

2. 'rename from' / 'rename to' extended headers were never parsed, and
   git diff/show call sites did not force rename detection, so renames
   degraded to delete+add whenever the user had diff.renames=false.

Fixes:
- Parse 'rename from'/'rename to', 'new file mode', 'deleted file mode'
  and unprefixed /dev/null markers in ParseDiffText.
- Pass --find-renames to all git diff/show invocations so rename
  detection no longer depends on user config.
- Add IsRenamed to model.Diff (json: is_renamed) and prefer it in
  diffStatus.
- Add parser unit tests and a range-mode rename regression test.

Fixes #99
2026-06-14 22:29:02 +08:00
kite
689b5f185e fix(tui): widen cpAuth input to prevent placeholder truncation
The cpAuth text input width was 40, which truncated the 51-character
placeholder "optional, leave empty for default (Authorization)".
Increased to 55 so the full text is visible.
2026-06-14 21:59:21 +08:00
kite
72aad2c77c feat: add interactive provider setup with TUI and documentation 2026-06-14 10:49:33 +08:00
kite
f577742c04 ci: drop npm provenance flag incompatible with self-hosted runners
Sigstore provenance verification only supports GitHub-hosted runners,
causing E422 on publish. Remove --provenance and the unused id-token
permission.
2026-06-13 11:08:45 +08:00
kite
372802d294 ci: fix npm publish auth failure on self-hosted runners
The node:20 container lacks automatic NODE_AUTH_TOKEN mapping to npm
registry credentials. Add explicit .npmrc configuration step before
npm publish.
2026-06-13 11:08:45 +08:00
MuoDoo
64552aee9b
fix(security): block git ref option injection (#112) 2026-06-13 11:07:59 +08:00
MuoDoo
9f81cbe486
fix(tool): constrain workspace file reads to repo (#109) 2026-06-12 17:57:28 +08:00
Lei Zhang
76b4d5a3b5
ci: use self-hosted runners with container images for build and deplo… (#107)
* ci: use self-hosted runners with container images for build and deploy workflows

- deploy-pages: switch to self-hosted runner with node:20 container, remove redundant setup-node

- release: use self-hosted runner with golang:1.26.4 container for build job, remove redundant setup-go

- release: use self-hosted runner with ubuntu:24.04 container for release job

- release: use self-hosted runner with node:20 container for npm-publish job, remove redundant setup-node

- release: add jq installation step for version injection in npm-publish

* ci: fix dubious ownership in self-hosted container jobs

- Add git safe.directory trust step after checkout in release.yml build and npm-publish jobs
- Add git safe.directory trust step after checkout in deploy-pages.yml build job
- Switch deploy-pages deploy job from ubuntu-latest to self-hosted with node:20 container
2026-06-12 14:30:51 +08:00
Daniel Grießhaber
c2c7c37e0f
fix(agent): user includes should have higher priority than system supported extensions (#51) 2026-06-12 14:29:47 +08:00
Fedor
9c0c6f2393
docs: add Russian translations for README and CONTRIBUTING (#101)
Add README.ru-RU.md and CONTRIBUTING.ru-RU.md following the existing
localization pattern (zh-CN, ja-JP, ko-KR), and add the Русский link to
the language switcher line in all README and CONTRIBUTING variants.
Also add the previously missing 한국어 link to the CONTRIBUTING.zh-CN.md
and CONTRIBUTING.ja-JP.md switchers.

Closes #100
2026-06-12 11:49:04 +08:00
Lei Zhang
3239640df4
ci: fix dubious ownership error on self-hosted runners (#106)
Add safe.directory '*' to git config before running git operations.
Self-hosted runners may run jobs under a different OS user than the
one that owns the workspace, causing git to refuse operations with a
'dubious ownership' error.
2026-06-12 11:41:08 +08:00
Lei Zhang
022800c876
ci: optimize ocr-review workflow for self-hosted runners (#97) 2026-06-12 10:34:13 +08:00
zhouzhihao
c323c6b40c
fix(actions): preserve failed inline review comments (#81) 2026-06-10 17:50:08 +08:00
kite
7fcb9db6a3 fix: correct auth_header test to expect rejection of unsupported values
NormalizeAuthHeader only accepts "x-api-key" and "authorization". The
test was incorrectly expecting custom headers to be accepted and trimmed.
2026-06-09 22:24:16 +08:00
kite
dd0ebd905e feat: allow --max-tools to lower per-file tool call limit with minimum of 10
Previously --max-tools only took effect when greater than the template
default (30), making it impossible to reduce iterations for large diffs.
Now any non-zero value overrides the default, clamped to a floor of 10
with a stderr warning when the input is below the minimum.
2026-06-09 22:21:08 +08:00
kite
5050cbeef3 docs: add --background flag to README flags table and examples
The --background/-b flag was missing from the ocr review flags
documentation across all four README translations (EN, ZH-CN, JA-JP,
KO-KR). Added the flag entry and a usage example.
2026-06-09 21:39:24 +08:00
kite
01c9c85456 feat: add review filter to remove provably incorrect comments after subtask
- Add REVIEW_FILTER_TASK template and LLM conversation config
- Implement executeReviewFilter to post-process comments per file
- Add CommentsForPath and RemoveByPathAndIndices to CommentCollector
- Apply timeout from template config to review filter LLM call
- Await CommentWorkerPool before running filter to prevent race condition
- Include raw response preview in filter JSON parse error logs
2026-06-09 20:41:42 +08:00
kite
cf32900ca1 fix: force standard diff prefixes to prevent diff.noprefix/mnemonicPrefix from breaking parsing (#82)
Add --src-prefix=a/ --dst-prefix=b/ to all git diff/show calls so that
user config (diff.noprefix, diff.mnemonicPrefix) cannot alter the prefix
format the parser depends on. Also add missing ModeCommit test coverage.
2026-06-09 18:08:11 +08:00
Eldar Shlomi
c9fae8d4e9
fix: pass --no-ext-diff --no-textconv to git diff/show so external diff tools don't break parsing (#86)
When a user has configured a global external diff tool (diff.external /
GIT_EXTERNAL_DIFF) or a textconv filter, git diff/show emit the tool's
output instead of unified diff text. The provider's parser keys off
`diff --git` headers, so it parses zero diffs and the review silently
reports "No files changed".

Add --no-ext-diff --no-textconv to all four git diff/show call sites in
internal/diff/git.go (ModeRange diff, ModeCommit show, and both
workspaceTrackedDiff calls). merge-base and ls-files are left untouched
since they don't run the diff machinery.

Adds an integration test that initializes a real git repo, activates a
garbage GIT_EXTERNAL_DIFF script, and asserts the provider still parses
a non-empty diff (fails before this change, passes after).

Closes #82

AI-assisted contribution.
2026-06-09 18:02:01 +08:00
kite
48cc6a3329 feat: change default output language from Chinese to English 2026-06-09 09:57:45 +08:00
Lei Zhang
a32b8c7e30
docs(examples): add concurrency control to CI workflow examples (#60)
* docs(examples): add concurrency control to CI workflow examples

- GitHub Actions: add concurrency group with cancel-in-progress to avoid
  redundant review runs on rapid pushes
- GitLab CI: add interruptible and resource_group to cancel outdated
  review jobs when new commits are pushed to the same MR

* docs(examples): improve GitLab CI example with fork MR and concurrency support

- Support forked MR pipelines by using CI_COMMIT_SHA as --to target
- Fall back to CI_JOB_TOKEN when GITLAB_API_TOKEN is unavailable
- Use appropriate auth header (JOB-TOKEN vs PRIVATE-TOKEN) based on token source
- Add --audience agent flag for machine-consumable review output
- Make diff_refs required for inline comments, simplify post_discussion signature
- Improve summary with inline vs fallback comment breakdown
- Add documentation comments for fork MR setup requirements

* docs(examples): use pull_request_target and SHA refs for fork PR support

- Switch trigger from pull_request to pull_request_target so secrets
  are available for PRs from forks
- Use head SHA instead of branch ref for checkout and ocr --to, since
  fork branches don't exist on the origin remote
- Add explicit fetch step to ensure fork commits are available
- Update condition checks and comments to reflect the new event name

* docs: sync READMEs with CI script changes for fork PR/MR support
2026-06-08 21:33:20 +08:00
Shi Peipei
4043e9ee33
fix: handle previously swallowed json.Unmarshal errors (#78)
- Propagate json.Unmarshal error in buildAnthropicParams when parsing
  tool call arguments, preventing silent empty-map fallback on malformed JSON
- Return explicit error message in ParseComments when comments JSON
  string fails to unmarshal, instead of silently ignoring

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-08 21:03:00 +08:00
MuoDoo
adb9ac8b4e
feat(rules): add built-in Rust and Cargo.toml review rules (#74)
* Add Rust review rules

* Fix case-insensitive rule matching
2026-06-08 20:56:00 +08:00
KT
c6abbeec09
docs: fix Codex spelling in localized readmes (#76) 2026-06-08 20:51:46 +08:00
kite
b97382c727 docs: clarify auth_header is optional with default behavior in README
Move auth_header out of the main config example to avoid implying it is
required. Add a dedicated section explaining it is optional, its default
value, and when users need to set it explicitly.
2026-06-08 20:38:47 +08:00
kite
fa6c7d8e04 refactor(llm): deduplicate and validate auth header normalization
Export NormalizeAuthHeader from the llm package and remove the duplicate
normalizeConfigAuthHeader in config_cmd.go. Invalid auth_header values
now return an error at configuration time instead of being silently
accepted and causing opaque 401s at runtime.
2026-06-08 20:21:28 +08:00
zhouzhihao
48dc1b37d4
fix(llm): support Anthropic auth header (#77) 2026-06-08 19:35:12 +08:00
seunghun chae
fb819510ca
feat(codex): add local Codex plugin support (#69)
* feat(codex): add local Codex plugin support

* docs: add Korean documentation

* docs(codex): address plugin review feedback
2026-06-08 00:34:21 +08:00
kite
3885f499c5 docs: add path filtering documentation to all README files
Document the include/exclude configuration in rule.json files, explaining
the filter decision priority, how layers interact, and listing built-in
default exclude patterns.
2026-06-07 20:22:39 +08:00
kite
bdb83fdcab docs: add Go Report Card badge to all README files 2026-06-07 17:28:28 +08:00
kite
1b3c0ab19f fix(llm): handle Anthropic thinking content blocks in multi-turn conversations
Anthropic models with extended thinking return type:"thinking" content
blocks which were silently dropped, causing empty assistant content in
conversation history. Extract thinking blocks into ReasoningContent so
the existing Content() fallback works correctly.
2026-06-07 17:09:31 +08:00
kite
5fad9ce2fa fix(llm): use max_completion_tokens instead of deprecated max_tokens for OpenAI requests
Fixes #30 — newer OpenAI models (o1, o3, o4, gpt-5.x) reject the
deprecated max_tokens parameter with a 400 error.
2026-06-07 08:33:51 +08:00
Ikko Eltociear Ashimine
8d187f607f
docs: add Japanese document (#64)
* docs: add Japanese README

* docs: add Japanese CONTRIBUTING
2026-06-06 23:15:26 +08:00
kite
0d530f3b73 fix(viewer): use real API token usage in session page instead of tiktoken estimates
The session page was showing significantly lower token counts than the console
summary because it used local tiktoken estimation while the console used actual
API-reported usage data. Now SetResponse prefers resp.Usage when available
(falling back to tiktoken), persists cache token fields to JSONL, and the
viewer displays cache read/write stats alongside prompt/completion totals.
2026-06-06 21:17:47 +08:00
kite
f24334deb2 perf(tool): stream file reads line-by-line to avoid full-file memory allocation
Replace os.ReadFile + strings.Split with bufio.Reader streaming in
FileReadProvider, so only the requested window (up to 500 lines) is kept
in memory instead of the entire file. Adds Runner.Stream for semaphore-
aware stdout piping, FileReader.ReadLines for line-windowed reading, and
validates invalid line ranges. Reduces per-goroutine memory from ~8MB to
~44KB for large files under concurrent workloads.
2026-06-06 20:59:05 +08:00
kite
2bebc86cfc feat(config): increase default max tool call rounds from 20 to 30
Allow more thorough analysis per file by raising MAX_TOOL_REQUEST_TIMES.
2026-06-06 20:35:32 +08:00
kite
e34c634879 fix(output): skip subtask_error in final warning summary to avoid duplicate logging
Subtask errors are already printed in real-time when they occur in agent.go.
The final outputTextWithWarnings was printing them again after comments were displayed.
2026-06-06 20:31:07 +08:00