Skip to content

Session PR: Security fixes + config rename + cmd alias cleanup#197

Merged
danieljustus merged 5 commits into
mainfrom
session/20260522-141622
May 22, 2026
Merged

Session PR: Security fixes + config rename + cmd alias cleanup#197
danieljustus merged 5 commits into
mainfrom
session/20260522-141622

Conversation

@danieljustus
Copy link
Copy Markdown
Owner

@danieljustus danieljustus commented May 22, 2026
edited
Loading

Batch session PR for 03-gh-go run.

Closes #193
Closes #194
Closes #195
Closes #196

@danieljustus
Restrict agent-controlled output_path to prevent arbitrary filesystem…
7519aec 
… writes

Validate output_path in handleGenerateTemplate using filepath.Rel against the vault directory. Rejects paths that escape via ../, absolute paths outside the vault, or any traversal attempt.

Closes #193
@danieljustus
Validate API template base_url against private/internal IP ranges to …
35fcfa7 
…prevent SSRF

Add parse-time host validation in apitemplates.parseTemplate that checks base_url against loopback, link-local, and RFC 1918 private ranges. Rejects templates pointing at internal addresses unless allow_private: true is set.

Closes #194
@danieljustus danieljustus changed the title Restrict agent-controlled output_path to prevent arbitrary filesystem writes Restrict agent-controlled output_path to prevent arbitrary filesystem writes (+1 more) May 22, 2026
@danieljustus
fix(config): rename envWhitelist to envAllowlist with backward-compat…
0fc943a 
…ible migration

- Rename EnvWhitelist struct field to EnvAllowlist with new yaml tag envAllowlist
- Keep EnvWhitelist as deprecated alias for backward compatibility
- Add deprecation warning when envWhitelist is detected in config
- Update merge logic, config keys, tests, and documentation
- Add tests for both new key and backward compatibility

Closes #195
@danieljustus
refactor(cmd): remove re-export aliases from cmd/root.go
2f2cca4 
Remove 25+ package-level variable aliases (var X = cli.X) from
cmd/root.go. All cmd/*.go files now import internal/cli directly
and use cli.X instead of the shim aliases.

This completes the migration that split CLI logic into internal/cli.
cmd/root.go now only contains Execute(), SetVersionInfo(),
AppVersion(), and quiet-mode print helpers.

Closes #196
@danieljustus danieljustus changed the title Restrict agent-controlled output_path to prevent arbitrary filesystem writes (+1 more) Session PR: Security fixes + config rename + cmd alias cleanup May 22, 2026
@danieljustus
Apply gofmt formatting fix
1f1dec4 
Fixes formatting in internal/config/config.go.

Refs PR #197
@danieljustus danieljustus marked this pull request as ready for review May 22, 2026 16:07
Copilot AI review requested due to automatic review settings May 22, 2026 16:07
@danieljustus danieljustus merged commit 17da975 into main May 22, 2026
18 checks passed
@danieljustus danieljustus deleted the session/20260522-141622 branch May 22, 2026 16:08
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment