Release prep: SEC-01 loopback, SECURITY.md, mcp-resources, npm release CI#1
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f7f83f4038
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if: startsWith(github.ref, 'refs/tags/v') | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: gh release create "${{ github.ref_name }}" --generate-notes |
There was a problem hiding this comment.
Avoid shell-expanding the release tag name
For a pushed tag whose name contains command substitution (for example Git accepts refs/tags/v1.2.3$(id), which matches the v*.*.* trigger), Actions substitutes github.ref_name into this script before Bash parses it; inside double quotes, $(...) and backticks still execute. In that scenario this step can run tag-controlled commands with the contents: write GH_TOKEN, so pass the ref name through an environment variable and reference that variable in the shell instead.
Useful? React with 👍 / 👎.
|
|
||
| const ASSIGNMENT_RE = | ||
| /(\b[A-Za-z0-9_.-]*(?:token|secret|password|passwd|api[_-]?key|authorization|bearer|credential)[A-Za-z0-9_.-]*\s*[=:]\s*)("[^"\r\n]*"|'[^'\r\n]*'|[^\r\n]+)/gi; | ||
| /(\b[A-Za-z0-9_.-]*(?:token|secret|password|passwd|api[_-]?key|authorization|bearer|credential)[A-Za-z0-9_.-]*\s*[=:]\s*)("[^"\r\n]*"|'[^'\r\n]*'|[^\r\n"'<>]+)/gi; |
There was a problem hiding this comment.
Redact values that contain angle brackets
By excluding </> from unquoted assignment values, log/UI text such as token=<session-secret> no longer matches this redactor at all, and authorization=Bearer <session-secret> redacts only Bearer while leaving <session-secret> intact. These strings still use secret-looking keys and can flow through the redacted logcat/UI-tree paths, so this regression can leak non-literal-format secrets.
Useful? React with 👍 / 👎.
| if (message.startsWith("No running android session")) { | ||
| return undefined; |
There was a problem hiding this comment.
Fail closed when sessions exist outside this project
When picklab android adb is run without --session/--serial from a project that has no Android session, but the same PICKLAB_HOME has running Android sessions for other projects, resolveSessionRecord filters those sessions out by projectDir and produces No running android session for this project. This startsWith check treats that as globally sessionless and runs raw untargeted adb, so the command can act on whichever device adb selects instead of failing closed while Android sessions still exist.
Useful? React with 👍 / 👎.
|
|
||
| - name: Publish @pickforge/picklab | ||
| working-directory: packages/cli | ||
| run: npm publish --access public |
There was a problem hiding this comment.
Guard npm publish to tag releases
Because this workflow also supports workflow_dispatch, manually running it from main or another non-tag ref still reaches npm publish, while the GitHub release step is skipped by its tag-only if. That can publish the current packages/cli version to npm without a corresponding tag/release (or fail after attempting to publish an already-released version), so the publish step should be gated to the same tag condition or the dispatch path should require an explicit release ref.
Useful? React with 👍 / 👎.
Pass github.ref_name through a RELEASE_TAG env var instead of interpolating it directly into the gh release shell command, preventing command substitution from a malicious pushed tag. Gate the npm publish step on a version tag so workflow_dispatch runs from non-tag refs cannot publish.
…cross-project adb Redact assignment values that are wrapped in or contain angle brackets (token=<secret>, authorization=Bearer <secret>), which previously broke the unquoted-value match and leaked the secret. Make 'android adb' without --session/--serial fail closed when the current project has no android session but other projects under the same PICKLAB_HOME do, instead of falling open to an untargeted adb call.
Release-rollout prep branch. See commits for the full set. No outward release actions (visibility/tags/publish) are part of this PR.