sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests 1 Actions 34 Packages Projects 3 Releases 6 Wiki Activity

fix: safe uploads, AI history continuity, deep search, sudo credentials #55

Merged
sarman merged 19 commits from fix/safe-uploads-history-search-sudo into master 2026-05-31 20:52:32 +00:00
Conversation 0 Commits 19 Files Changed 14 +33 -33
1 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 84bb3a20c1 - Show all commits

66
.gitea/workflows/pr-review.yml
View File

@ -149,44 +149,44 @@ jobs:
set -euo pipefail set -euo pipefail
CHANGED_FILES=$(tr '\n' ' ' < /tmp/pr_files.txt) CHANGED_FILES=$(tr '\n' ' ' < /tmp/pr_files.txt)
# Build prompt with printf + cat so every line stays indented within # Build prompt file. Use 'printf "%s\n" text' throughout so the format
# the YAML run: | block. Heredocs with unindented bodies terminate the # string is always "%s\n" and content with leading hyphens or embedded
# YAML block scalar, breaking the workflow file entirely. # double-dashes is never misinterpreted as a printf option flag.
{ {
printf 'You are a senior engineer performing a code review.\n\n' printf '%s\n\n' 'You are a senior engineer performing a code review.'
printf 'PR Title: %s\n' "$PR_TITLE" printf 'PR Title: %s\n' "$PR_TITLE"
printf 'Files changed: %s\n\n' "$CHANGED_FILES" printf 'Files changed: %s\n\n' "$CHANGED_FILES"
printf '---\n' printf '%s\n' '---'
cat /tmp/codebase_index.txt cat /tmp/codebase_index.txt
printf '---\n\n' printf '%s\n\n' '---'
printf '## Changed file contents\n\n' printf '%s\n\n' '## Changed file contents'
printf 'Each section is the COMPLETE, FINAL file after PR changes (not a diff).\n' printf '%s\n' 'Each section is the COMPLETE, FINAL file after PR changes (not a diff).'
printf 'Files over 500 lines show only changed sections with surrounding context.\n\n' printf '%s\n\n' 'Files over 500 lines show only changed sections with surrounding context.'
printf '---\n' printf '%s\n' '---'
cat /tmp/pr_context.txt cat /tmp/pr_context.txt
printf '---\n\n' printf '%s\n\n' '---'
printf '## Instructions\n\n' printf '%s\n\n' '## Instructions'
printf 'Before raising any finding:\n' printf '%s\n' 'Before raising any finding:'
printf '1. Confirm every symbol you cite exists in the CODEBASE INDEX or file\n' printf '%s\n' '1. Confirm every symbol you cite exists in the CODEBASE INDEX or file'
printf ' contents above. If absent from both, discard the finding.\n' printf '%s\n' ' contents above. If absent from both, discard the finding.'
printf '2. Quote the exact line(s) from the file contents that support it.\n' printf '%s\n' '2. Quote the exact line(s) from the file contents that support it.'
printf '3. Confirm the issue is genuine, not intentional design.\n' printf '%s\n' '3. Confirm the issue is genuine, not intentional design.'
printf '4. If any step fails, discard silently -- do not mention it.\n\n' printf '%s\n\n' '4. If any step fails, discard silently - do not mention it.'
printf 'Do NOT show reasoning. Only output confirmed issues.\n\n' printf '%s\n\n' 'Do NOT show reasoning. Only output confirmed issues.'
printf 'Severity:\n' printf '%s\n' 'Severity:'
printf '- BLOCKER: fails to compile, corrupts data, or security vulnerability\n' printf '%s\n' '- BLOCKER: fails to compile, corrupts data, or security vulnerability'
printf '- WARNING: real risk to address before merge\n' printf '%s\n' '- WARNING: real risk to address before merge'
printf '- SUGGESTION: minor improvement, follow-up PR fine\n\n' printf '%s\n\n' '- SUGGESTION: minor improvement, follow-up PR fine'
printf 'Focus: security bugs, logic errors, data loss, injection, unhandled errors.\n' printf '%s\n\n' 'Focus: security bugs, logic errors, data loss, injection, unhandled errors.'
printf 'Ignore: style, missing comments, speculative future concerns.\n\n' printf '%s\n\n' 'Ignore: style, missing comments, speculative future concerns.'
printf '## Output format (strict)\n\n' printf '%s\n\n' '## Output format (strict)'
printf '**Summary** (2-3 sentences)\n\n' printf '%s\n\n' '**Summary** (2-3 sentences)'
printf '**Findings**\n' printf '%s\n' '**Findings**'
printf '- [SEVERITY] file:line -- description\n' printf '%s\n' '- [SEVERITY] file:line - description'
printf ' Evidence: quoted line\n' printf '%s\n' ' Evidence: quoted line'
printf ' Fix: concrete change\n\n' printf '%s\n\n' ' Fix: concrete change'
printf '(Write "No findings." if none.)\n\n' printf '%s\n\n' '(Write "No findings." if none.)'
printf '**Verdict**: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES\n' printf '%s\n' '**Verdict**: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES'
} > /tmp/prompt.txt } > /tmp/prompt.txt
BODY=$(jq -cn \ BODY=$(jq -cn \