AI reviewer tweaks 1

[sam0x17]

No description provided.

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

[HIGH] Local git diff can be blinded by PR-controlled attributes

This protected helper now generates the personas' source-of-truth diff from the PR checkout. A future hostile PR can add .gitattributes entries that mark sensitive paths as binary or otherwise suppress textual hunks, causing local git diff to emit incomplete content into pr-diff.patch; pr-files.json only has paths/counts, so both personas can miss the hidden code. Harden the local diff by forcing text output, disabling textconv/external diff behavior, and pinning the comparison to the exact baseRefOid from pr.json instead of the mutable origin/<base> ref.

Suggested change

	BASE_REF_FOR_DIFF=$(jq -r '.baseRefName' "$OUTPUT_DIR/pr.json")
	HEAD_SHA_FOR_DIFF=$(jq -r '.headRefOid' "$OUTPUT_DIR/pr.json")
	if git rev-parse --verify --quiet "origin/${BASE_REF_FOR_DIFF}" >/dev/null; then
	git diff "origin/${BASE_REF_FOR_DIFF}...${HEAD_SHA_FOR_DIFF}" \
	> "$OUTPUT_DIR/pr-diff.patch"
	else
	# Base ref not in local refs (e.g. running outside actions/checkout fetch-depth:0).
	# Fall back to the REST endpoint; bail loudly if it 406s on a huge PR.
	echo "::warning::origin/${BASE_REF_FOR_DIFF} not local; falling back to gh pr diff (may fail for >20k-line PRs)"
	gh_retry gh pr diff "$PR_NUMBER" --repo "$REPO" > "$OUTPUT_DIR/pr-diff.patch"
	BASE_REF_FOR_DIFF=$(jq -r '.baseRefName' "$OUTPUT_DIR/pr.json")
	BASE_SHA_FOR_DIFF=$(jq -r '.baseRefOid' "$OUTPUT_DIR/pr.json")
	HEAD_SHA_FOR_DIFF=$(jq -r '.headRefOid' "$OUTPUT_DIR/pr.json")
	SAFE_DIFF_OPTS=(--no-ext-diff --no-textconv --text)
	if git cat-file -e "${BASE_SHA_FOR_DIFF}^{commit}" 2>/dev/null; then
	git diff "${SAFE_DIFF_OPTS[@]}" "${BASE_SHA_FOR_DIFF}...${HEAD_SHA_FOR_DIFF}" \
	> "$OUTPUT_DIR/pr-diff.patch"
	else
	# Base commit not local (e.g. branch advanced after checkout).
	# Fall back to the REST endpoint; bail loudly if it 406s on a huge PR.
	echo "::warning::base commit ${BASE_SHA_FOR_DIFF} not local; falling back to gh pr diff (may fail for >20k-line PRs)"
	gh_retry gh pr diff "$PR_NUMBER" --repo "$REPO" > "$OUTPUT_DIR/pr-diff.patch"
	fi

[github-actions]

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

BASELINE scrutiny: author is a repo admin with substantial prior subtensor history; branch ai-reviewer-tweaks -> devnet-ready; protected .github/ai-review helper modified.

The PR modifies a protected AI-review helper. The change is legitimate-looking, but it moves the review source of truth from GitHub's PR diff API to local git diff without hardening that local diff against PR-controlled attributes.

Findings

Sev	File	Finding
HIGH	.github/ai-review/prefetch.sh:95	Local git diff can be blinded by PR-controlled attributes	inline

Conclusion

Blocked because future PRs could hide security-relevant hunks from pr-diff.patch, blinding both review personas while the AI-review check still appears to run. I found no evidence of malicious intent in this PR.

---

# 🔍 AI Review — Auditor (domain review) has not yet run on this PR.

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE