Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
AgentDefinition has model on the constraints object, not at the top level. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- postinstall.js: fix TOCTOU race in patchRelayauthCoreExports (existsSync before readFileSync) - start.ts: fix TOCTOU races in ensureProvisioned, fix biased random in generateWorkspaceId, fix signal handler resolving before agent exit code captured - relay.ts: fix biased random in generateWorkspaceId, fix ensureStarted race (client set before wireEvents), wrap persistWorkspaceMapping in try-catch, clear client on error - prereqs.ts: fix unreachable parent-directory fallbacks (path.join always returns string) - services.ts: fix unreachable fallbacks in pickFirstString, fix fd leak in spawnLogged, add detached:true for service processes - on.ts: remove ...overrides spread that overwrites ?? defaults with undefined - validator.ts: fix duplicate "Check 5" comment numbering Co-Authored-By: My Senior Dev <dev@myseniordev.com>
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
Added a second coverage-focused pass on top of the earlier CI/review fixes.\n\nWhat landed:\n- new tests for \n- new tests for \n- new tests for \n\nCoverage improvements from this pass:\n- overall: 58.72%\n- : 98.75%\n- : 90.9%\n- : 100%\n\nEarlier first-pass improvements on this branch are still in place too:\n- : 87.77%\n- : 82.47%\n- : 80.99%\n\nValidation:\n- full
✓ broker binary (agent-relay-broker) built and copied to packages/sdk/bin/ Tasks: 12 successful, 12 total src/cli/commands/on/services.ts(144,9): error TS1005: ',' expected. |
- CRITICAL: Remove hardcoded JWT signing secret, generate random per-workspace secret - HIGH: Pass tokens via env vars instead of CLI arguments (ps-visible) - HIGH: Fix globMatch to handle ** double-star patterns correctly - HIGH: Fix symlink traversal in collectSeedPaths with path boundary check - HIGH: Atomic file permissions (writeFileSync mode:0o600) for token files - HIGH: Add SHA-256 checksum verification for downloaded binaries - HIGH: Use homedir-based PID file path instead of CWD-relative - HIGH: Add error handling for malformed workspace registry JSON - MEDIUM: Write config files with 0o600 permissions (signing secrets, API keys) - MEDIUM: Fix path traversal in syncWritableFilesBack with resolve+prefix check - MEDIUM: Fix signal handler to store cleanup promise for close handler - MEDIUM: Replace deps:any with typed GoOnRelayDeps interface - MEDIUM: Close parent fd copy after spawn in spawnLogged - MEDIUM: Add node_modules to walkProjectFiles exclusion list - MEDIUM: Replace Math.random() with crypto.randomUUID() for JWT jti - MEDIUM: Re-throw auth errors in provision workspace creation - MEDIUM: Fix writeBulkWrite falsy status check with typeof - MEDIUM: Add workspaceName deprecation notice - LOW: Remove npx turbo build side effect from checkPrereqs Co-Authored-By: My Senior Dev <dev@myseniordev.com>
| try { | ||
| const checksumContent = await new Promise((resolve, reject) => { | ||
| const chunks = []; | ||
| const request = https.get(checksumUrl, res => { |
Check warning
Code scanning / CodeQL
File data in outbound network request Medium
src/cli/commands/on/start.ts
Outdated
| const escaped = pattern | ||
| .replace(/[.+^${}()|[\]\\]/g, '\\$&') | ||
| .replace(/\\\*\\\*/g, '__DOUBLESTAR__') | ||
| .replace(/\\\*/g, '__STAR__') | ||
| .replace(/\\\?/g, '__QMARK__') | ||
| .replace(/__DOUBLESTAR__/g, '.*') | ||
| .replace(/__STAR__/g, '[^/]*') | ||
| .replace(/__QMARK__/g, '[^/]') | ||
| .replace(/__STAR__/g, '\\*') | ||
| .replace(/__QMARK__/g, '\\?'); |
There was a problem hiding this comment.
🔴 globMatch regex escaping omits * and ?, causing SyntaxError on any wildcard pattern
The globMatch function's first regex escape step (/[.+^${}()|[\]\\]/g at line 734) does not include * or ? in its character class. These glob wildcard characters pass through unescaped into the final regex string. For example, a pattern like docs/** produces the regex ^docs/**$, which throws SyntaxError: Nothing to repeat at runtime. This was confirmed by testing:
Reproduction showing the SyntaxError
For input pattern docs/**:
- After escape step:
docs/**(unchanged —*not in escape class) - After placeholder replacements:
docs/**(unchanged —\*\*not found in string) - Resulting regex:
^docs/**$ new RegExp('^docs/**$')→SyntaxError: Nothing to repeat
This function is called by isPathIgnored (start.ts:747-750) which controls permission enforcement in syncWritableFilesBack (start.ts:921-951). When cleanup runs after the agent exits, any readonly/ignored patterns containing wildcards (e.g., docs/**, *.js) will cause the sync-back to crash, potentially losing agent changes or failing to enforce file permissions.
| const escaped = pattern | |
| .replace(/[.+^${}()|[\]\\]/g, '\\$&') | |
| .replace(/\\\*\\\*/g, '__DOUBLESTAR__') | |
| .replace(/\\\*/g, '__STAR__') | |
| .replace(/\\\?/g, '__QMARK__') | |
| .replace(/__DOUBLESTAR__/g, '.*') | |
| .replace(/__STAR__/g, '[^/]*') | |
| .replace(/__QMARK__/g, '[^/]') | |
| .replace(/__STAR__/g, '\\*') | |
| .replace(/__QMARK__/g, '\\?'); | |
| const escaped = pattern | |
| .replace(/[.+^${}()|[\]\\*?]/g, '\\$&') | |
| .replace(/\\\*\\\*/g, '__DOUBLESTAR__') | |
| .replace(/\\\*/g, '__STAR__') | |
| .replace(/\\\?/g, '__QMARK__') | |
| .replace(/__DOUBLESTAR__/g, '.*') | |
| .replace(/__STAR__/g, '[^/]*') | |
| .replace(/__QMARK__/g, '[^/]'); |
Was this helpful? React with 👍 or 👎 to provide feedback.
Resolved package.json version conflict (bumped to 3.2.22) and fixed misplaced parenthesis in resolveServiceConfig that caused TS1005/TS1128 compile errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
start.ts: CRITICAL - reject empty JWT signing_secret with clear error start.ts: HIGH - remove dead globMatch .replace() calls start.ts: MEDIUM - harden syncWritableFilesBack with realpathSync for symlink traversal start.ts: MEDIUM - add sandbox bypass warning log postinstall.js: HIGH - validate needle count before patching, backup before write relay.ts: MEDIUM - deprecation warning for workspaceName without workspaceId Co-Authored-By: My Senior Dev <dev@myseniordev.com>
| const checksumContent = await new Promise((resolve, reject) => { | ||
| const chunks = []; | ||
| const request = https.get(checksumUrl, res => { | ||
| if (res.statusCode !== 200) { | ||
| res.resume(); | ||
| reject(new Error(`Checksums file not available (HTTP ${res.statusCode})`)); | ||
| return; | ||
| } | ||
| res.on('data', chunk => chunks.push(chunk)); | ||
| res.on('end', () => resolve(Buffer.concat(chunks).toString('utf-8'))); | ||
| res.on('error', reject); | ||
| }); | ||
| request.on('error', reject); | ||
| }); |
There was a problem hiding this comment.
🔴 verifyChecksum does not follow HTTP redirects, making checksum verification always skip for GitHub releases
The new verifyChecksum function uses a bare https.get to download the checksums file, but unlike downloadBinary (which has redirect-following logic), it rejects any non-200 status code — including 3xx redirects. GitHub release asset URLs always return a 302 redirect to a CDN. This means verifyChecksum will always receive a 302, reject with "Checksums file not available (HTTP 302)", and the outer catch block will log a warning but return false, silently skipping verification. The checksum verification feature added by this PR is effectively non-functional for all GitHub-hosted binaries (broker, dashboard-server, relay-acp).
Prompt for agents
In scripts/postinstall.js, the verifyChecksum function (lines 174-225) uses a simple https.get that does not follow HTTP redirects. GitHub release URLs always return 302 redirects, so the checksums file download always fails silently. Fix this by adding redirect-following logic similar to the existing downloadBinary function (lines 231-281). The simplest approach: extract the redirect-following logic from downloadBinary's attemptDownload into a shared helper, or inline redirect handling in verifyChecksum's https.get callback. The key change is: when res.statusCode is 3xx and res.headers.location exists, follow the redirect URL (up to a max of e.g. 5 redirects) instead of rejecting.
Was this helpful? React with 👍 or 👎 to provide feedback.
2 participants
Summary
Adds
agent-relay on <cli>— launch any agent in a permission-enforced relay workspace.agent-relay on codex— boots relayauth + relayfile, provisions scoped tokens, syncs files, launches codex with--dangerously-bypass-approvals-and-sandboxagent-relay off— stops services, cleans up mountsagent-relay on --scan— preview what the agent will seeagent-relay on --doctor— check prerequisitesHow it works
.agentignore/.agentreadonlyfrom project root (zero config)fs:read/fs:write).relay/,.git/,node_modules/)relayfile-mountwith permission enforcement:New files
Auto sandbox flags
--dangerously-bypass-approvals-and-sandbox--dangerously-skip-permissions--yolo--yesTest plan
agent-relay on --doctorchecks prerequisitesagent-relay on --scanshows permission summaryagent-relay on --workspace rw_xxxjoin flow (pending shareable workspaces)🤖 Generated with Claude Code