refactor: reduce unsafe 'as' type assertions throughout codebase#18
Closed
dyoshikawa wants to merge 1 commit into
Closed
refactor: reduce unsafe 'as' type assertions throughout codebase#18dyoshikawa wants to merge 1 commit into
dyoshikawa wants to merge 1 commit into
Conversation
Improved type safety by: - Adding proper type guards before type assertions in JSON parsers - Replacing unsafe type coercion with explicit type checks - Using explicit conditional checks instead of unsafe key lookups - Adding validation before casting unknown types 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
8 tasks
dyoshikawa
added a commit
that referenced
this pull request
Apr 29, 2026
…ode/cline/qwencode Addresses 18 reviewer findings raised on PR #1338. Highlights: - #1 (critical): AugmentCode non-bash categories now fail-closed. A single deny rule in `read`/`edit`/`write`/`webfetch`/`websearch` collapses the whole tool to a catch-all `deny` entry; non-`*` allow/ask patterns are dropped with an aggregated warning instead of being silently downgraded to a catch-all `allow` that would shadow a deny. - #2 (high): `toolPermissions` are sorted to make AugmentCode's first-match-wins evaluation safe — entries with `shellInputRegex` come before catch-alls, longer regex first, with deny < ask-user < allow as the tiebreaker. - #5 (mid): existing `launch-process` deny entries are preserved across regeneration so a user-added shell deny rule cannot be silently downgraded; non-deny launch-process entries are still owned by rulesync. - #3 (mid): Qwencode generation uses `readFileContentOrNull` (no `readOrInitializeFileContent`) so dry-run does not create the `.qwen/` directory. - #4 (mid): Kilo schema parsing is deferred and respects `params.validate`, so `forDeletion` and dry-run construction never throw on permissive input. - #7, #16 (mid/low): Cline drops non-bash / ask rules at `logger.error` level (rather than warn) and surfaces a defensive warn on allow/deny pattern collisions. - #8, #13 (mid/low): Qwencode pattern parser uses the LAST `)` so nested parentheses (e.g. `Bash(echo (a))`) round-trip; malformed entries warn and fall back to `*`. - #9 (low): Augment non-bash warnings are aggregated once per category. - #11 (low): Kilo's wholesale-replace of the `permission` object is documented in `docs/reference/file-formats.md`. - #10, #6 (low): glob→regex behaviour and round-trip caveats are documented. - #14 (low): `mergedPermissions` is typed as `{ allow?: string[]; ask?: string[]; deny?: string[]; [k: string]: unknown }`. - #15 (low): redundant Qwencode global-mode equivalence assert removed. - #17 (low): `permissions-processor.test.ts` gains `loadToolFiles` cases for AugmentCode, Cline, Kilo, and Qwencode. Deferred: - #12 (kilo home-mock migration): the existing kilo global-mode test already passes `outputRoot` directly and does not reach `getHomeDirectory()`, so introducing the home-mock pattern adds only ceremony without coverage. - #18 (tool-name-mapping helper extraction): postponed to keep this fix focused and to avoid touching files outside the permissions feature. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes Made
typeofchecks before castingJSON.parse()resultsTest Plan
The changes maintain backward compatibility while significantly improving type safety.
🤖 Generated with Claude Code