Closed
Conversation
…, draft status) - Updated all 25 PRs in pr_analysis.md to include complete metadata: - Task progress (X/Y tasks done, percentage complete) - Reaction counts - Draft status (Yes/No) - Enhanced Status field to show completion percentage - Updated summary statistics table to accurately reflect draft PRs - All PRs now have consistent metadata format for easy comparison Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
… medium, complex) Added comprehensive PR listings to PR_ANALYSIS_REPORT.md organized by complexity: - 14 Simple PRs (bug fixes, dependency updates) - 3 Medium PRs (feature implementations) - 5 Complex PRs (large refactors, full-stack features) Each PR entry includes: - Complexity rating with task progress - Technical scope (backend/frontend/fullstack) - Status with reaction counts - Requirements and rationale - Recommendation ratings Also added summary statistics table showing breakdown by complexity level. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…or each PR Enhanced all 25 PR entries in PR_ANALYSIS_REPORT.md with: - Comprehensive "Technical Requirements" sections for each PR - Detailed breakdown of skills, tools, and knowledge needed - Specific file paths and components involved - Testing requirements and platform considerations - Expanded "Recommendation Rationale" sections - Clear justification for priority level - Time investment estimates - Learning value and impact assessment - Risk evaluation and mitigation strategies - Actionable next steps Updated entries across all complexity levels: - 14 Simple PRs (quick wins, dependency updates, bug fixes) - 3 Medium PRs (feature implementations, integrations) - 5 Complex PRs (architectural changes, full-stack features) - 3 CI/CD PRs (GitHub Actions, dependency updates) Each PR now provides contributors with complete context to make informed decisions about contribution opportunities. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
OBenner
added a commit
that referenced
this pull request
Feb 20, 2026
Fixes Dependabot alerts: - #2 HIGH: tar path traversal via symlink chain (CVE-2026-26960) - #3 LOW: hono timing attack in basicAuth/bearerAuth Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OBenner
added a commit
that referenced
this pull request
Feb 20, 2026
* auto-claude: subtask-1-1 - Add badge priority constants and grouping logic to TaskCard * auto-claude: subtask-2-1 - Add expandable metadata section to TaskCard with hover/click - Import Popover components for expandable UI - Move category and complexity badges to expandable Popover section - Keep priority badges (stuck, incomplete, archived, status, review reason, impact, priority, security) visible by default - Add 'More Info' badge trigger with Info icon - Implement click-to-expand functionality for secondary metadata - Add i18n keys for 'More' label and 'Additional Information' header - Follow patterns from ProfileBadge.tsx and popover.tsx reference files - Stop event propagation to prevent card click when interacting with popover * fix: address review comments - remove unused helpers, fix a11y, extract icon helper - Remove unused BADGE_PRIORITY, BADGE_TYPE_PRIORITY, isBadgePriority, groupBadgesByPriority (CodeQL + pantoaibot) - Fix accessibility: wrap PopoverTrigger with <button> for keyboard/ screen-reader support (pantoaibot CRITICAL_BUG) - Extract renderCategoryIcon() helper to replace IIFE pattern (pantoaibot suggestion) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(deps): update tar 7.5.7->7.5.9 and hono 4.11.9->4.12.0 Fixes Dependabot alerts: - #2 HIGH: tar path traversal via symlink chain (CVE-2026-26960) - #3 LOW: hono timing attack in basicAuth/bearerAuth Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * 📝 Add docstrings to `auto-claude/015-consolidate-task-card-badge-density-with-expandabl` (#88) Docstrings generation was requested by @OBenner. * #41 (comment) The following files were modified: * `apps/frontend/src/renderer/components/TaskCard.tsx` Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
OBenner
added a commit
that referenced
this pull request
Feb 25, 2026
…uested) Fixes: - Issue #1: Created comprehensive unit test suite with 80%+ coverage - test_models.py: 57 tests covering WebhookConfig, WebhookLog, WebhookEvent, all validation - test_handlers.py: Tests for GitHub/Generic webhook handlers and HandlerRegistry - test_integrations.py: Tests for Slack, Discord, Teams, Jira integrations - Fixed Pydantic v2 model validation to use model_validator instead of field_validator - Issue #2: Created integration test (test_webhook_flow.py) covering: - Server startup and health endpoint - Incoming webhook → Build trigger flow - Build lifecycle → Outgoing webhook - Webhook logging and persistence - Authentication (API key, bearer token, basic auth, HMAC signature) - Issue #3: Fixed frontend-backend architecture - Added /api/webhooks/test endpoint to webhook server - Refactored webhooks-handlers.ts to call backend API via axios instead of importing Python - Removed broken Python import from Electron main process QA Fix Session: 1 All tests passing: test_models.py (57/57) Ready for QA re-validation
OBenner
added a commit
that referenced
this pull request
Feb 28, 2026
* auto-claude: subtask-1-1 - Add FastAPI and webhook dependencies to backend requirements
Added FastAPI framework and webhook-related dependencies:
- fastapi>=0.104.0 - Web framework for building APIs with webhooks
- uvicorn[standard]>=0.24.0 - ASGI server for FastAPI
- httpx>=0.25.0 - Modern async HTTP client with HTTP/2 support
- aiohttp>=3.9.0 - Async HTTP client/server library
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-1-2 - Create webhooks integration directory structure
- Created apps/backend/integrations/webhooks/ module
- Created handlers/ and integrations/ subdirectories
- Added __init__.py files for all modules
- Following the pattern from Linear integration
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-2-1 - Create webhook configuration and data models
Implement webhook data models using Pydantic for validation and type safety:
- WebhookConfig: Configuration for webhook endpoints (incoming/outgoing)
- Support for multiple integrations (Slack, Discord, Teams, Jira, GitHub, etc.)
- Authentication methods (API key, bearer token, basic auth, signature)
- Event filtering and custom payload templates
- Retry configuration with exponential backoff
- WebhookLog: Audit log for webhook deliveries
- Request/response tracking
- Error handling and retry information
- Sanitized logging for security
- WebhookEvent: Event types for build lifecycle
- Factory methods for common events (build_started, build_completed, etc.)
- Event data encapsulation
- WebhookStorage: Persistence layer
- JSON-based storage for configs and logs
- CRUD operations for webhook management
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-2-2 - Create webhook storage layer for config and logs
Created storage.py module with WebhookStorage class for persisting webhook
configurations and logs to JSON files. Extracted storage logic from models.py
to follow the separation of concerns pattern used in other integrations.
Key features:
- Load/save webhook configurations to JSON
- Load/save webhook logs with filtering
- CRUD operations for webhook configs
- Clear logs functionality
- Error handling for file operations
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-2-3 - Create webhook authentication system (API keys, signature verification)
Implements comprehensive webhook authentication system supporting:
- Cryptographically secure API key generation (secrets module)
- HMAC signature verification (SHA256/SHA512) for incoming webhooks
- Bearer token authentication
- HTTP Basic authentication
- Auth header preparation for outgoing webhooks
- Authentication configuration validation
Features:
- Constant-time comparison to prevent timing attacks
- Support for GitHub/GitLab-style signature headers
- Flexible authentication methods per webhook config
- Comprehensive error handling and logging
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-2-4 - Create FastAPI webhook server with incoming endpoint
- Implement FastAPI server with factory function create_webhook_server()
- Add incoming webhook endpoint at /webhooks/{webhook_path}
- Support multiple authentication methods (API key, bearer token, basic auth, HMAC signature)
- Add health check endpoint and webhook listing endpoint
- Implement automatic webhook logging to storage
- Add comprehensive error handling and HTTP status codes
- Sanitize headers to prevent secrets in logs
- Follow project patterns: type hints, docstrings, clean code
* auto-claude: subtask-3-1 - Create base incoming webhook handler interface
Implemented the base incoming webhook handler interface with:
- IncomingWebhookHandler abstract base class defining the handler interface
- HandlerResult (Pydantic model) for encapsulating webhook processing results
- WebhookAction enum for actions that handlers can take (trigger_build, trigger_subtask, etc.)
- HandlerRegistry for mapping integration types to handler implementations
- Factory function create_handler_for_webhook() for creating handler instances
Key features:
- Abstract methods: validate_payload(), extract_event_data(), determine_action()
- Main entry point: handle_webhook() orchestrates validation, extraction, and action execution
- Error handling with comprehensive logging
- Type hints throughout for type safety
- Integration with existing webhook models (WebhookConfig, WebhookEventType)
- Extensible design for adding new handlers (GitHub, GitLab, generic) in future subtasks
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-3-2 - Implement GitHub webhook handler (push, PR merge events)
Implemented GitHubWebhookHandler class that extends IncomingWebhookHandler to process GitHub webhooks for push and PR merge events.
Key features:
- validate_payload(): Checks for valid GitHub webhook structure (repository, ref, pull_request)
- extract_event_data(): Extracts repo info, branch, commits, PR details, and actor
- determine_action(): Triggers builds on feature branch pushes and merged PRs
- Registered handler with HandlerRegistry for automatic discovery
Supports GitHub webhook events:
- Push events to feature branches (triggers build)
- Pull request merged events (triggers build)
- Extracts commit info, PR metadata, and sender details
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-3-3 - Implement generic webhook handler with payload templates
Implemented GenericWebhookHandler class with flexible payload template support:
- Validates minimal requirements (accepts any dict payload)
- Extracts data using customizable templates:
* Dict mapping: {'branch': 'ref', 'commit': 'sha'}
* List of fields: ['field1', 'field2']
* Raw payload (template=None)
- Supports nested path extraction:
* Dot notation: 'repo.name'
* Bracket notation: repo['owner']['login']
* Mixed notation: repo['owner'].login
- Custom event filter evaluation for conditional triggering
- Registered with HandlerRegistry for integration type 'generic'
Verification passed: All template extraction and webhook processing tests successful.
* auto-claude: subtask-4-1 - Create outgoing webhook sender with retry logic
Implemented OutgoingWebhookSender class with comprehensive webhook delivery
capabilities:
Features:
- HTTP POST requests with configurable timeouts
- Multiple authentication methods (API key, bearer token, basic auth)
- Retry logic with exponential backoff for transient failures
- Retries on configurable HTTP status codes (429, 500, 502, 503, 504)
- Payload template support for custom integrations
- Integration-specific payload formats (Slack, Discord, Teams)
- Comprehensive logging of all delivery attempts
- Sanitization of sensitive data in logs (API keys, passwords)
Retry Logic:
- Configurable max retries, initial delay, and backoff multiplier
- Retries on connection errors, timeouts, and specified status codes
- Each retry attempt logged separately with attempt number
- Exponential backoff: delay * (backoff_multiplier ^ (attempt - 1))
Security:
- Sensitive data (API keys, passwords, tokens) redacted in logs
- Restricted eval() environment for event filter evaluation
- Base64 encoding for basic authentication
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-4-2 - Hook outgoing webhooks into build lifecycle events
Integrated outgoing webhook system into build lifecycle events in
core/progress.py. Webhooks are now triggered at key build events:
1. Build Start: notify_build_start() - Called when build begins
2. Build Complete: print_build_complete_banner() - Enhanced to send webhooks
3. Build Failure: notify_build_error() - Called on critical errors
Implementation Details:
- Fire-and-forget webhook sending (async, non-blocking)
- Errors logged but don't interrupt builds
- Public API functions extract spec_id/name from spec_dir
- Internal implementation (_notify_*_impl) handles actual webhook sending
- Uses _send_webhooks_async() to send webhooks in background
Public API:
- notify_build_start(spec_dir) - Send build_started webhook
- notify_build_error(spec_dir, error_message, failed_subtask) - Send build_failed webhook
- print_build_complete_banner(spec_dir, duration_seconds) - Enhanced to send build_completed webhook
The webhook integration is now ready for use. Webhooks will be sent
to configured endpoints (Slack, Discord, Teams, etc.) when builds
start, complete, or fail.
* auto-claude: subtask-5-1 - Create base integration class and interface
Implemented BaseIntegration abstract base class for webhook integrations.
Key features:
- Abstract interface for all integrations (Slack, Discord, Teams, Jira)
- Configuration management with WebhookConfig
- Connection testing with state persistence
- Integration-specific payload formatting
- Graceful no-op when not configured (optional integrations)
- State persistence to .integration_{name}.json files
- Statistics tracking (sent, failed, last sent timestamp)
- Factory functions for dynamic integration loading
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-5-2 - Implement Slack integration (webhook and API)
- Created SlackIntegration class extending BaseIntegration
- Implemented get_config() to build WebhookConfig for Slack
- Implemented test_connection() to send test messages
- Implemented format_payload() for Slack-specific message formatting
- Added rich message formatting with Slack blocks
- Support for build lifecycle events (start, complete, fail)
- Color-coded messages based on status (success/warning/error)
- Context metadata and detailed event information
- Configuration via SLACK_WEBHOOK_URL environment variable
* auto-claude: Fix initialization order in SlackIntegration
Load configuration attributes before calling super().__init__() to fix
AttributeError in _check_configured() which is called by parent class.
* auto-claude: subtask-5-3 - Implement Discord integration
* auto-claude: subtask-5-4 - Implement Microsoft Teams integration
* auto-claude: subtask-5-5 - Implement Jira integration (project sync)
Implemented JiraIntegration class extending BaseIntegration for sending build notifications to Jira issues using Jira REST API.
Features:
- Sends build lifecycle events as comments to Jira issues
- Supports creating new Jira issues for build events
- Uses Jira Atlassian Document Format (ADF) for rich comment formatting
- HTTP Basic Auth using email and API token
- Graceful handling when credentials not configured
- Test connection endpoint for verifying Jira API access
Configuration:
- JIRA_API_URL: Jira instance URL
- JIRA_API_EMAIL: Account email
- JIRA_API_TOKEN: API token from Atlassian
- JIRA_PROJECT_KEY: Optional default project key
- JIRA_ISSUE_KEY: Optional default issue for comments
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-6-1 - Add webhook types to shared TypeScript types
* auto-claude: subtask-6-2 - Create IPC handlers for webhook configuration
* auto-claude: subtask-6-3 - Create preload API for webhooks
* auto-claude: subtask-6-4 - Create WebhooksSection component for settings
* auto-claude: subtask-6-5 - Create WebhookIntegrationCard for individual integrations
Implemented reusable WebhookIntegrationCard component for displaying individual webhook
integration status and configuration. Features:
- Integration icon and name display with custom icons (💬Slack, 🎮Discord, etc.)
- Connection status indicator (Connected/Not configured)
- Error display with tooltip
- Enabled/Active badge
- Configure/Setup button with Settings icon
- Hover effects and proper accessibility (role, tabIndex, aria-label)
- Keyboard support (Enter key)
- Disabled state support
Component follows established patterns from LinearIntegrationSection and WebhooksSection,
with consistent styling, StatusBadge usage, and Button components.
* auto-claude: subtask-6-6 - Create WebhookLogsViewer component
* auto-claude: subtask-6-7 - Integrate WebhooksSection into IntegrationSettings
* auto-claude: subtask-7-1 - Add webhook server startup to backend initialization
Added webhook server startup functionality to init.py:
- Global thread tracking for webhook server
- _run_webhook_server() function to run uvicorn in background thread
- start_webhook_server_if_enabled() to conditionally start server
- Integration with init_auto_claude_dir() to auto-start on first init
- Environment variable checks (WEBHOOKS_ENABLED, WEBHOOK_HOST, WEBHOOK_PORT)
- Proper error handling and logging
- Daemon thread for clean shutdown on exit
The webhook server starts automatically when:
1. WEBHOOKS_ENABLED=true environment variable is set
2. The .auto-claude directory is initialized for the first time
Default configuration:
- Host: 127.0.0.1 (configurable via WEBHOOK_HOST)
- Port: 8080 (configurable via WEBHOOK_PORT)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-7-2 - Add webhook environment variables to .env.example
* auto-claude: subtask-7-3 - End-to-end verification: Configure Slack integration and test notification
Created comprehensive verification script for Slack webhook integration:
- verify_slack_integration.py with 16 automated tests
- Tests cover: initialization, configuration, status checking, payload
formatting for all build events, connection testing, notification
sending, webhook logs, state management, and persistence
- Fixed bugs: WebhookStorage method name (get_logs -> load_logs),
WebhookEvent type parameter (string -> WebhookEventType enum)
- All tests passed (16/16) in mock mode
- Script supports both mock mode and real mode with SLACK_WEBHOOK_URL
- Verification results saved to slack_verification_results.json
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* auto-claude: subtask-7-4 - End-to-end verification: Trigger build via incoming GitHub webhook
Created comprehensive verification script for GitHub webhook integration:
- Tests GitHub webhook handler import and initialization
- Validates GitHub push and PR merge payloads
- Verifies event data extraction (repo, branch, commits, PR info)
- Tests action determination (trigger_build for feature branches, no_action for main)
- Tests handler registry and factory functions
- Includes webhook server endpoint tests (optional, requires running server)
- Verifies webhook logs are created
Verification Results:
- Total Tests: 15
- Passed: 15
- Failed: 0
- All handler tests passed successfully
Script supports both handler-only testing and full server testing.
Saved detailed results to github_webhook_verification_results.json.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: Add webhook test suite and fix frontend IPC architecture (qa-requested)
Fixes:
- Issue #1: Created comprehensive unit test suite with 80%+ coverage
- test_models.py: 57 tests covering WebhookConfig, WebhookLog, WebhookEvent, all validation
- test_handlers.py: Tests for GitHub/Generic webhook handlers and HandlerRegistry
- test_integrations.py: Tests for Slack, Discord, Teams, Jira integrations
- Fixed Pydantic v2 model validation to use model_validator instead of field_validator
- Issue #2: Created integration test (test_webhook_flow.py) covering:
- Server startup and health endpoint
- Incoming webhook → Build trigger flow
- Build lifecycle → Outgoing webhook
- Webhook logging and persistence
- Authentication (API key, bearer token, basic auth, HMAC signature)
- Issue #3: Fixed frontend-backend architecture
- Added /api/webhooks/test endpoint to webhook server
- Refactored webhooks-handlers.ts to call backend API via axios instead of importing Python
- Removed broken Python import from Electron main process
QA Fix Session: 1
All tests passing: test_models.py (57/57)
Ready for QA re-validation
* chore: untrack .auto-claude/specs/ (already in .gitignore)
* fix: address all CodeRabbit review findings and SonarCloud hotspots
Security fixes (Critical):
- Replace eval() with safe AST-based expression evaluation (incoming.py, outgoing.py)
- Replace jinja2.Template with SandboxedEnvironment to prevent SSTI (outgoing.py)
- Add path traversal protection for project_dir in server.py
- Fix FastAPI lifespan function signature (server.py)
- Add localhost restriction to admin endpoint (server.py)
- Replace Math.random() with crypto.randomUUID() (webhooks-handlers.ts)
Bug fixes:
- Fix spec ID parsing: extract numeric prefix not last word (progress.py)
- Fix storage.list_webhooks() -> storage.load_configs() (progress.py)
- Fix event_type extraction from request headers not config (server.py)
- Fix custom_handler async/sync handling (server.py)
- Fix Slack duplicate message rendering (slack.py)
- Fix preload API missing projectId parameter (webhooks-api.ts)
- Fix test_connection bypassing is_enabled check (teams.py)
- Fix max_retries=0 causing zero requests (outgoing.py)
Improvements:
- Add model validation for signature auth requiring secret (models.py)
- Use `is not None` for status_code/response_body checks (models.py)
- Per-record error handling in storage load (storage.py)
- Unique webhook IDs using UUID (discord.py, slack.py, teams.py)
- Use WebhookEventType.CUSTOM enum consistently (discord.py)
- Remove unused imports (incoming.py, outgoing.py, server.py)
- Quote SLACK_CHANNEL in .env.example
- Remove generated artifact file
- Mask webhook URL in verify script output
- Fix teams.py http:// -> https:// (SonarCloud)
- Remove unsupported themeColor from Adaptive Cards
- Add HandlerRegistry.reset() for test isolation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address remaining PR #110 review comments
Security:
- Add validate=True to b64decode in auth.py
- Redact sensitive headers in outgoing.py and WebhookLogsViewer
- Sanitize event_data logging in incoming.py to prevent PII leaks
- Add thread-safe locking and atomic file writes in storage.py
- Set restricted file permissions (0o600) on config files
Bug fixes:
- Fix WebhookDeliveryStatus enum references in server.py
- Fix mark_completed() parameter name (status_code)
- Fix test endpoint: correct storage/sender API calls
- Fix retry off-by-one error in outgoing.py
- Fix asyncio.run() RuntimeError in progress.py with threading
- Add list[str] to payload_template type union in models.py
Frontend i18n:
- Add comprehensive webhook i18n keys (en + fr)
- Convert WebhooksSection, WebhookIntegrationCard, WebhookLogsViewer to use translations
- Add Space key handler for accessibility on integration cards
- Remove unused Plug import from WebhookIntegrationCard
Cleanup:
- Remove verification test artifacts (verify_*.py, *_results.json)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(security): address CodeQL findings in webhook module
- Remove sensitive header name from auth.py log message
- Fix log injection: sanitize user-provided webhook_path and webhook_id
- Fix path traversal: reject paths containing '..' before resolving
- Remove unnecessary pass in WebhookRequestBody
- Rewrite verbose regex to avoid duplicate character class warning
- Remove user input from HTTP error detail messages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Potential fix for code scanning alert no. 1304: Uncontrolled data used in path expression
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* fix: address coderabbitai review findings round 2
Backend:
- Fix filter eval context: flatten event.data into eval context so
filter expressions like subtask_id.startswith(...) resolve correctly
- Fix api_key header: use auth_config.api_key_header instead of
hardcoded "X-Webhook-API-Key"
- Add localhost-only guard on test_webhook_connection endpoint
- Run sync custom_handler via asyncio.to_thread to avoid blocking loop
- Promote storage lock to class-level so all instances coordinate writes
- Wrap save_config, delete_config, clear_logs in lock
- Add atomic writes to clear_logs
Frontend:
- Add explicit React type imports (ReactNode, KeyboardEvent)
- Add aria-disabled on integration card when disabled
- Add role="button", tabIndex, onKeyDown, aria-expanded, aria-controls
to log summary rows for keyboard accessibility
- Add redactSensitiveFields helper for body/event_data display
- Add i18n event type names with translation lookup + fallback
- Fix incoming integrations: use status.connected instead of status.active
- Add webhook event type translations (en + fr)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve SonarCloud quality gate failures
- Remove user-controlled data from log messages (pythonsecurity:S5145)
- Add explicit compare function to Array.sort() (typescript:S2871)
- Remove unused _sanitize_log_value helper
Fixes: Reliability Rating D → A, Security Rating B → A
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(security): eliminate user-controlled path from test endpoint
Remove project_dir from TestConnectionRequest - use the server's
configured spec_dir closure instead. This eliminates the path
traversal taint tracked by CodeQL (lines 438, 445).
The server already knows its spec_dir from create_webhook_server(),
so accepting a path from the client was unnecessary and insecure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
OBenner
pushed a commit
that referenced
this pull request
Mar 23, 2026
…t errors (qa-requested) Fixes: - Issue #1: Module-level side effects blocking test collection - Moved validate_platform_dependencies() call from module level to main() function - Prevents SystemExit during pytest collection on Windows without pywin32 - Issue #2: Import errors in dependency_notifications.py - Changed from relative import to absolute import pattern - Now uses: from runners.github.gh_client import GHClient, GHCommandError - Matches existing import patterns used throughout the codebase - Issue #3: Test coverage verification - All 19 tests now pass (previously 0 due to collection failure) - Test file has 99% coverage - Comprehensive test suite covers: scanner integration, notifications, batching, config loading, auto-approval, workflow, and report generation Verified: - pytest collection succeeds: 3880 items collected - All dependency update tests pass: 19/19 - No import errors during test execution - No module-level side effects blocking pytest QA Fix Session: 1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Create a comprehensive analysis of available pull requests from the Auto-Claude GitHub repository (https://github.com/AndyMik90/Auto-Claude/pulls) to identify contribution opportunities. The analysis should categorize PRs by complexity, completion status, and suitability for new contributors, then present findings in an actionable format for the user to select appropriate contribution targets.