fix: Update pnpm version to 10.12.2 in CI and release workflows#1
Merged
Conversation
cm-dyoshikawa
pushed a commit
that referenced
this pull request
Nov 7, 2025
rudironsoni
added a commit
to rudironsoni/rulesync
that referenced
this pull request
Feb 26, 2026
Previously, the mode was hardcoded to 'subagent', ignoring any mode specified in the Rulesync subagent frontmatter. Now it defaults to 'subagent' only when mode is not specified. Fixes dyoshikawa#1
rudironsoni
added a commit
to rudironsoni/rulesync
that referenced
this pull request
Feb 26, 2026
Previously, the mode was hardcoded to 'subagent', ignoring any mode specified in the Rulesync subagent frontmatter. Now it defaults to 'subagent' only when mode is not specified. Fixes dyoshikawa#1
4 tasks
2 tasks
This was referenced Mar 2, 2026
Merged
This was referenced Mar 10, 2026
1 task
This was referenced Mar 17, 2026
This was referenced Mar 26, 2026
dyoshikawa
added a commit
that referenced
this pull request
Mar 30, 2026
- Add explanatory comments in ai-file.ts and ai-dir.ts for why .replace() is used instead of path.posix.join (#1) - Improve fetch.test.ts with parameterized Windows-style backslash path test inputs via it.each (#2) - Normalize backslashes in fetch.ts resolvedPath for API compatibility - Update coding-guidelines.md to distinguish filesystem paths (path.join) from semantic/API paths (path.posix.join) (#3) Closes #1394 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
dyoshikawa
added a commit
that referenced
this pull request
Mar 31, 2026
…d gitignore sync - Enforce both-or-neither opts in buildDeletionRulesFromPaths (#1) - Rename destructured param in fromRootFile for clarity (#2) - Remove redundant optional chaining after nonRoot guard (#3) - Remove duplicate **/.rovodev/ gitignore entry (#4) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Mar 31, 2026
dyoshikawa
added a commit
that referenced
this pull request
Apr 8, 2026
- Add logger to ToolHooksFromRulesyncHooksParams and pass this.logger from HooksProcessor so converter warnings actually fire (#1). - Add passthroughNameDescription flag to ToolHooksConverterConfig and enable it only for codexcli/geminicli, preventing the unconditional pass-through from leaking unknown 'name'/'description' keys into Claude Code / Factory Droid hook outputs (#2). - Document the Codex CLI command-passthrough behavior for hand-edited configs containing other tools' project-dir variables (#3). Refs #1445 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dyoshikawa
added a commit
that referenced
this pull request
Apr 15, 2026
- #1: use static import for resetDeprecationWarningForTests in tests - #2: document why mutual-exclusivity is runtime-enforced, not a discriminated union - #3: stop emitting the deprecation warning from the Config constructor; the ConfigResolver is now the single emission point - #4: cache validated ToolTarget[] for object-form targets in the constructor so getTargets() no longer rebuilds the ALL_TOOL_TARGETS set per call - #5: fix misleading schema comment that claimed unknown-target warnings (the runtime path actually throws) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dyoshikawa
added a commit
that referenced
this pull request
Apr 15, 2026
- #1: use static import for resetDeprecationWarningForTests in tests - #2: document why mutual-exclusivity is runtime-enforced, not a discriminated union - #3: stop emitting the deprecation warning from the Config constructor; the ConfigResolver is now the single emission point - #4: cache validated ToolTarget[] for object-form targets in the constructor so getTargets() no longer rebuilds the ALL_TOOL_TARGETS set per call - #5: fix misleading schema comment that claimed unknown-target warnings (the runtime path actually throws) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dyoshikawa
added a commit
that referenced
this pull request
Apr 21, 2026
…nd match-all bypasses - Reject imported rules whose toolName maps to __proto__, constructor, or prototype to prevent prototype pollution when round-tripping untrusted TOML; use Object.hasOwn for lookups to avoid hitting inherited accessors. (Sec #1) - Stop translating glob character classes to regex classes; emit '[' and ']' as literals so that negated ([^a]) or wide-range ([!-~]) classes cannot bypass the JSON field-boundary guard. (Sec #2) - Skip empty patterns ('') with a warning (would match every bash invocation or nothing for other tools). Skip bash '*' and '**' with allow/deny decisions because they would silently grant or revoke every shell command; 'ask' remains supported. (Sec #3) - Update docs to reflect the new guardrails. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dyoshikawa
added a commit
that referenced
this pull request
Apr 21, 2026
Address Round 2 review findings for PR #1526: - HIGH-R2-#1: guard the stale-file cleanup loop in apm-install.ts against path traversal. Attacker-controlled deployed_files entries with ".." segments or absolute paths are now rejected by shape and via checkPathTraversal, with a warn log per offending entry, so a hostile lockfile cannot drive arbitrary removeFile calls. - MID-R2-#2: make lockfile ordering deterministic for failed deps. The per-dep worker now returns the preserved prior entry via its result object, and the sequential post-loop pushes successes or preserved entries strictly in manifest order, not in promise-completion order. - MID-R2-#3: preserve top-level loose fields (mcp_servers and any looseObject extras) across lockfile rewrites by carrying forward existingLock through createEmptyApmLock. - MID-R2-#4: relax the content_hash schema to accept arbitrary strings on parse so a lockfile produced by the upstream apm CLI does not break readApmLock. The --frozen integrity check now only compares hashes whose shape matches RULESYNC_CONTENT_HASH_REGEX and skips comparison otherwise (commit SHA pin still enforces integrity). Tests added for each finding, including a two-dep ordering regression and a frozen-mode interop check with a legacy content_hash value. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
dyoshikawa
added a commit
that referenced
this pull request
Apr 29, 2026
…ode/cline/qwencode Addresses 18 reviewer findings raised on PR #1338. Highlights: - #1 (critical): AugmentCode non-bash categories now fail-closed. A single deny rule in `read`/`edit`/`write`/`webfetch`/`websearch` collapses the whole tool to a catch-all `deny` entry; non-`*` allow/ask patterns are dropped with an aggregated warning instead of being silently downgraded to a catch-all `allow` that would shadow a deny. - #2 (high): `toolPermissions` are sorted to make AugmentCode's first-match-wins evaluation safe — entries with `shellInputRegex` come before catch-alls, longer regex first, with deny < ask-user < allow as the tiebreaker. - #5 (mid): existing `launch-process` deny entries are preserved across regeneration so a user-added shell deny rule cannot be silently downgraded; non-deny launch-process entries are still owned by rulesync. - #3 (mid): Qwencode generation uses `readFileContentOrNull` (no `readOrInitializeFileContent`) so dry-run does not create the `.qwen/` directory. - #4 (mid): Kilo schema parsing is deferred and respects `params.validate`, so `forDeletion` and dry-run construction never throw on permissive input. - #7, #16 (mid/low): Cline drops non-bash / ask rules at `logger.error` level (rather than warn) and surfaces a defensive warn on allow/deny pattern collisions. - #8, #13 (mid/low): Qwencode pattern parser uses the LAST `)` so nested parentheses (e.g. `Bash(echo (a))`) round-trip; malformed entries warn and fall back to `*`. - #9 (low): Augment non-bash warnings are aggregated once per category. - #11 (low): Kilo's wholesale-replace of the `permission` object is documented in `docs/reference/file-formats.md`. - #10, #6 (low): glob→regex behaviour and round-trip caveats are documented. - #14 (low): `mergedPermissions` is typed as `{ allow?: string[]; ask?: string[]; deny?: string[]; [k: string]: unknown }`. - #15 (low): redundant Qwencode global-mode equivalence assert removed. - #17 (low): `permissions-processor.test.ts` gains `loadToolFiles` cases for AugmentCode, Cline, Kilo, and Qwencode. Deferred: - #12 (kilo home-mock migration): the existing kilo global-mode test already passes `outputRoot` directly and does not reach `getHomeDirectory()`, so introducing the home-mock pattern adds only ceremony without coverage. - #18 (tool-name-mapping helper extraction): postponed to keep this fix focused and to avoid touching files outside the permissions feature. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dyoshikawa
added a commit
that referenced
this pull request
Apr 29, 2026
- #1 (mid): augmentcode-permissions sort the COMBINED [generated, preserved] entries so a preserved launch-process deny cannot be shadowed by a generated catch-all allow/ask under first-match-wins. Adds regression test. - #2 (low): sortAugmentEntries applies fail-closed type priority (deny < ask-user < allow) BEFORE the regex-length heuristic for has-regex entries. Heuristic limits documented in code. - #3 (low): cline-permissions downgrades translation-loss logs from logger.error to a single aggregated logger.warn per call (project convention; CI gates that treat error lines as failures no longer trip). - #4 (low): documents in docs/reference/file-formats.md (and synced skills/rulesync/file-formats.md) that Cline allow/deny arrays are owned by rulesync entirely (no preservation), in contrast to Qwen Code and AugmentCode. - #5 (low): qwencode-permissions forwards a logger to parseQwenPermissionEntry from both call sites (preservation filter and convertQwenToRulesyncPermissions) so the malformed-entry warnings are no longer dead code in production. - #6 (low): qwencode-permissions.test extends the nested-paren round-trip test to cover sequential parens (Bash(grep (foo) | wc (-l))) and multi-nesting (Bash(echo ((deep)))).
dyoshikawa
added a commit
that referenced
this pull request
May 1, 2026
…structors Address review findings on PR #1589: - #1 (mid): Wire `validate()` into the constructors of AugmentcodePermissions, ClinePermissions, and QwencodePermissions so that `fromFile({ validate: true })` actually rejects malformed input. Previously the validate() method existed but was never invoked at construction time, so callers reading `validate: true` falsely assumed validation had run. Mirrors the RulesyncPermissions pattern. - #3 (low): Drop PR-internal label `(Finding F)` from the describe title in augmentcode-permissions.test.ts since it is meaningless after merge. - #4 (low): Add a co-located inner `afterEach` that restores the warnSpy on ConsoleLogger.prototype, instead of relying on the outer describe's vi.restoreAllMocks(). Keeps the cleanup next to the spy so future refactors cannot silently leak the prototype-level spy across other test files. Adds three constructor-level rejection tests per class (malformed JSON, schema violation, and a validate: false escape hatch) so future regressions are caught.
This was referenced May 12, 2026
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.