Commit graph

26 commits

Author SHA1 Message Date
kite
a37bee50fb fix: sanitize terminal control characters in text output to prevent escape-sequence injection (#143)
Strip C0/C1 control characters and DEL from model/diff-derived strings
before printing to the terminal, preventing OSC 52 clipboard hijack,
screen erasure spoofing, and other ANSI injection attacks (CWE-150).
JSON output is unaffected as encoding/json already escapes control chars.
2026-06-16 14:48:56 +08:00
Lei Zhang
813205552d
fix: use text/tabwriter for dynamic column alignment in ocr llm providers (#146)
- Replace hardcoded fmt.Printf width specifiers with text/tabwriter
- Column widths now adapt to actual content, preventing overflow
- Eliminates risk of misaligned columns when provider names exceed preset width
2026-06-16 10:54:15 +08:00
kite
689b5f185e fix(tui): widen cpAuth input to prevent placeholder truncation
The cpAuth text input width was 40, which truncated the 51-character
placeholder "optional, leave empty for default (Authorization)".
Increased to 55 so the full text is visible.
2026-06-14 21:59:21 +08:00
kite
72aad2c77c feat: add interactive provider setup with TUI and documentation 2026-06-14 10:49:33 +08:00
MuoDoo
64552aee9b
fix(security): block git ref option injection (#112) 2026-06-13 11:07:59 +08:00
kite
7fcb9db6a3 fix: correct auth_header test to expect rejection of unsupported values
NormalizeAuthHeader only accepts "x-api-key" and "authorization". The
test was incorrectly expecting custom headers to be accepted and trimmed.
2026-06-09 22:24:16 +08:00
kite
dd0ebd905e feat: allow --max-tools to lower per-file tool call limit with minimum of 10
Previously --max-tools only took effect when greater than the template
default (30), making it impossible to reduce iterations for large diffs.
Now any non-zero value overrides the default, clamped to a floor of 10
with a stderr warning when the input is below the minimum.
2026-06-09 22:21:08 +08:00
kite
fa6c7d8e04 refactor(llm): deduplicate and validate auth header normalization
Export NormalizeAuthHeader from the llm package and remove the duplicate
normalizeConfigAuthHeader in config_cmd.go. Invalid auth_header values
now return an error at configuration time instead of being silently
accepted and causing opaque 401s at runtime.
2026-06-08 20:21:28 +08:00
zhouzhihao
48dc1b37d4
fix(llm): support Anthropic auth header (#77) 2026-06-08 19:35:12 +08:00
kite
e34c634879 fix(output): skip subtask_error in final warning summary to avoid duplicate logging
Subtask errors are already printed in real-time when they occur in agent.go.
The final outputTextWithWarnings was printing them again after comments were displayed.
2026-06-06 20:31:07 +08:00
kite
ef46dfdac9 feat(tool): add global git subprocess concurrency limiter and propagate context.Context to diff layer
Introduce gitcmd.Runner with channel-based semaphore to cap concurrent
git subprocesses (default 16, configurable via --max-git-procs). Route
all tool-layer and diff-layer git calls through the shared runner.
Also fix diff.Provider.runGit lacking context.Context — now the full
chain (GetDiff → MergeBase → ParseDiffText → finalizeDiff) propagates
the caller's context for proper cancellation and timeout support.
2026-06-06 20:20:34 +08:00
kite
363d971916 fix(tool): make Registry and DiffMap concurrency-safe via freeze semantics
Registry was a plain map alias and DiffMap a shared map[string]string,
both relying on implicit write-before-read ordering with no compile-time
safety. Refactor Registry into an encapsulated struct with Freeze() that
panics on post-freeze writes, and wrap DiffMap as an immutable value type
with defensive copy on construction. Move DiffMap injection to before
filterDiffs to preserve the original behavior of exposing all file diffs.
2026-06-06 19:41:11 +08:00
kite
08bb28ced5 feat(llm): enable Anthropic prompt caching and fix token accounting
Add cache_control ephemeral breakpoints on system prompt and tool
definitions to activate Anthropic prompt caching for multi-turn
agent loops. Fix token double-counting by removing the redundant
totalTokensUsed accumulator and computing it from sub-items. Surface
cache read/write statistics in both text and JSON summary output.
2026-06-06 19:26:34 +08:00
kite
cfd62ae834 feat(cli): auto-load commit message as background in commit review mode 2026-06-04 11:54:14 +08:00
kite
6ce1ec7511 style: apply go fmt formatting 2026-06-03 17:34:28 +08:00
kite
49e1c700ed fix(cli): embed summary into JSON output to avoid breaking JSON parsing
When using --audience agent --format json, the text summary line was
printed before the JSON body, causing parse failures for integrations.
Move summary data into the JSON "summary" field and skip PrintTraceSummary
in JSON mode.
2026-06-03 15:38:22 +08:00
kite
fe647bc489 feat(cli): display GitHub repository URL in version and help output 2026-06-02 22:50:36 +08:00
kite
45ee52f5b8 feat(cli): add --max-tools flag to control max tool call rounds per file 2026-06-01 20:04:24 +08:00
kite
e71fa597d8 feat(review): add --preview flag to show files before running LLM review 2026-05-26 23:06:47 +08:00
kite
834a4e7e3f feat(rules): add ocr rules check command to preview effective rule for a file path 2026-05-26 22:11:39 +08:00
kite
5053e6dca8 refactor(config): rename config directory from .open-code-review to .opencodereview
Unify the config folder name to `.opencodereview` across all runtime paths,
  tests, docs, and i18n strings. Also make defaultConfigPath() return an error
  instead of silently falling back to a current-directory file when $HOME is
  unresolvable.
2026-05-25 23:07:36 +08:00
kite
db5bc4b8a9 feat(rules): add include/exclude file filter support in rule.json
Allow users to configure include/exclude glob patterns in
  .open-code-review/rule.json (global or project-level) to control
  which files are reviewed. Exclude has highest priority, include
  penetrates default path exclusions but not the extension allowlist.
  Only one layer takes effect following --rule > project > global priority.
2026-05-25 20:19:02 +08:00
kite
d44fd31989 feat(rules): unify rule resolution behind Resolver interface with four-layer priority
Consolidate review rules into a composedResolver that supports four layers
  (--rule flag > project .open-code-review/rule.json > global ~/rule.json >
  embedded system default), each with first-match-wins fall-through semantics.
2026-05-25 17:45:53 +08:00
kite
d345ef9707 feat: add llm.extra_body config support to disable thinking mode 2026-05-22 21:28:32 +08:00
kite
f054bb799e fix: propagate LLM API errors instead of showing misleading "Looks good to me"
When all subtask LLM calls fail (e.g. invalid API key), dispatchSubtasks
now returns an error instead of empty comments with nil error. Partial
failures are recorded as subtask_error warnings so output functions can
distinguish "no issues found" from "review failed".
2026-05-22 15:28:26 +08:00
kite
7c8b8562aa feat: init 2026-05-20 22:03:52 +08:00