-
Notifications
You must be signed in to change notification settings - Fork 3
Hardening + 10x discovery: security audit changeset #7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
e08baee
perf(session): 10x discovery + preserve transcript layout in conversions
aytzey dbf8707
feat(mcp): default secret redaction, --allow-secrets and --read-only
aytzey 6dde4a5
fix(tui): sanitize untrusted session text at every render boundary
aytzey bb069e8
ci: coverage floors, vuln scan, lint gates, release verification
aytzey File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| * @aytzey |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| name: Bug report | ||
| description: Report reproducible incorrect behavior in showagent | ||
| title: "bug: " | ||
| labels: [bug] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: Do not include real transcripts, credentials, or private paths. Use the Security tab for vulnerabilities. | ||
| - type: input | ||
| id: version | ||
| attributes: | ||
| label: showagent version | ||
| placeholder: v0.9.0 | ||
| validations: | ||
| required: true | ||
| - type: dropdown | ||
| id: os | ||
| attributes: | ||
| label: Operating system | ||
| options: [Linux, macOS, Windows, Other] | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: providers | ||
| attributes: | ||
| label: Agent CLI and version | ||
| placeholder: codex-cli 0.144.0 | ||
| - type: textarea | ||
| id: reproduction | ||
| attributes: | ||
| label: Reproduction | ||
| description: Minimal steps using fabricated session data where possible. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: expected | ||
| attributes: | ||
| label: Expected and actual behavior | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: diagnostics | ||
| attributes: | ||
| label: Redacted diagnostics | ||
| description: Include relevant stderr or CI output; remove secrets and personal paths. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| blank_issues_enabled: false | ||
| contact_links: | ||
| - name: Security vulnerability | ||
| url: https://github.com/aytzey/showagent/security/advisories/new | ||
| about: Report vulnerabilities and sensitive data exposure privately. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| name: Feature request | ||
| description: Propose a focused improvement or provider integration | ||
| title: "feat: " | ||
| labels: [enhancement] | ||
| body: | ||
| - type: textarea | ||
| id: problem | ||
| attributes: | ||
| label: Problem | ||
| description: What workflow is blocked or unnecessarily difficult? | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: proposal | ||
| attributes: | ||
| label: Proposed behavior | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: evidence | ||
| attributes: | ||
| label: Provider or ecosystem evidence | ||
| description: Link upstream format/CLI documentation when the request concerns an agent provider. | ||
| - type: textarea | ||
| id: safety | ||
| attributes: | ||
| label: Data and safety considerations | ||
| description: Note writes, deletion, network access, credentials, or transcript exposure. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: gomod | ||
| directory: / | ||
| schedule: | ||
| interval: weekly | ||
| day: monday | ||
| groups: | ||
| go-dependencies: | ||
| patterns: ["*"] | ||
| open-pull-requests-limit: 5 | ||
|
|
||
| - package-ecosystem: github-actions | ||
| directory: / | ||
| schedule: | ||
| interval: weekly | ||
| day: monday | ||
| groups: | ||
| github-actions: | ||
| patterns: ["*"] | ||
| open-pull-requests-limit: 5 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| ## Summary | ||
|
|
||
| <!-- What user-visible problem does this solve? --> | ||
|
|
||
| ## Verification | ||
|
|
||
| - [ ] `go test ./... -race` | ||
| - [ ] `go vet ./...` | ||
| - [ ] `golangci-lint run` | ||
| - [ ] Documentation updated when behavior or trust boundaries changed | ||
|
|
||
| ## Provider safety | ||
|
|
||
| - [ ] Existing sessions are not modified unexpectedly | ||
| - [ ] Tests use temporary provider homes, not real local session stores | ||
| - [ ] Format claims identify the upstream CLI version or source reference |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # Code of Conduct | ||
|
|
||
| This project follows the [Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/). | ||
|
|
||
| Be respectful, assume good faith, keep technical disagreement focused on the | ||
| work, and do not publish another person's private session data or credentials. | ||
| Unacceptable behavior may be reported privately through the repository's | ||
| Security reporting flow when it involves sensitive information; otherwise, | ||
| contact the maintainer through their GitHub profile. Reports will be reviewed | ||
| promptly and handled consistently with the Contributor Covenant enforcement | ||
| guidelines. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Contributing to showagent | ||
|
|
||
| Thanks for helping improve showagent. Keep changes focused and preserve the | ||
| core safety contract: existing sessions are never modified by branch or | ||
| convert operations, and destructive actions require explicit user intent. | ||
|
|
||
| ## Development setup | ||
|
|
||
| Requirements: Go 1.25.12 or newer. | ||
|
|
||
| ```sh | ||
| git clone https://github.com/aytzey/showagent.git | ||
| cd showagent | ||
| go test ./... -race | ||
| go vet ./... | ||
| go run golang.org/x/vuln/cmd/govulncheck@v1.6.0 ./... | ||
| ``` | ||
|
|
||
| Run `golangci-lint run` with the version configured in | ||
| `.github/workflows/ci.yml` before opening a pull request. | ||
|
|
||
| ## Provider changes | ||
|
|
||
| A provider implements `session.ProviderImpl` and is registered in | ||
| `internal/session/provider.go`. Provider tests must use temporary homes through | ||
| the provider's environment override; never read, write, or delete the | ||
| developer's real agent store from the unit suite. | ||
|
|
||
| For format changes, include fixtures for discovery, transcript extraction, | ||
| branching, conversion, malformed input, and secret-safe previews. Describe the | ||
| upstream CLI version or source commit used to verify the format. | ||
|
|
||
| ## Pull requests | ||
|
|
||
| - Add regression tests for behavior changes. | ||
| - Update `README.md` when CLI flags, keybindings, providers, or trust | ||
| boundaries change. | ||
| - Keep generated binaries, real transcripts, credentials, and local paths out | ||
| of commits. | ||
| - Explain manual verification for changes that touch a real provider CLI. |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Per-package coverage floor can be silently bypassed by packages with no test files.
The
sedextraction at line 44 only matches lines containingcoverage:fromgo testoutput. Packages without any test files produce no coverage line, so they are silently excluded from the per-package 75% floor check. This means a package could regress to 0% coverage without failing CI.Consider adding an explicit check for packages that appear in
go list ./...but are missing from the coverage output.🛡️ Suggested addition to detect untested packages
- name: Enforce coverage floors (total 80%, per package 75%) # The per-package floor sits below the total floor on purpose: several # packages hover just above 80%, and a floor equal to the current # value turns any small refactor into a red build. run: | set -eu total="$(go tool cover -func=coverage.out | awk '$1 == "total:" { gsub("%", "", $3); print $3 }')" test -n "$total" printf 'total coverage: %s%%\n' "$total" awk -v total="$total" 'BEGIN { exit !(total + 0 >= 80) }' + # Fail if any package with test files is missing from coverage output + covered="$(sed -n 's/^\(ok\|FAIL\)\s\+\S\+.*coverage: \([0-9][0-9.]*\)%.*/\1/p' test-output.txt | sort -u)" sed -n 's/.*coverage: \([0-9][0-9.]*\)%.*/\1/p' test-output.txt | while IFS= read -r package_coverage; do printf 'package coverage: %s%%\n' "$package_coverage" awk -v coverage="$package_coverage" 'BEGIN { exit !(coverage + 0 >= 75) }' done🤖 Prompt for AI Agents