issues Search Results · language:Edge language:Python language:JavaScript language:Java language:Python language:JavaScript
Filter by
55.2M results
Summary
The goal-commentator and goal-doc-writer agents have edit: allow with no file pattern restrictions. Their system prompts
say they should only edit comments/docs, but the permission layer does ...
bug
devinoldenburg
Problem
In tools/lab/server/orchestrator.mjs, line ~182:
computeOutcome(run, lastGuard, task, noprogress , store.getEvents(run.id))
computeOutcome is defined to accept 4 parameters: (run, guard, task, ...
bug
plugin
Summary
The word test is mapped to goal-test-reviewer in CONTEXTUAL_GATES. Since test appears in nearly every software
development goal description (e.g., write tests , test the feature , run tests ), ...
bug
Severity: LOW
Component: plugins/goal-guard/summary.js
The Bug
evidenceMatchesCriterion() requires an EXACT case-insensitive string match:
function evidenceMatchesCriterion(entry, criterion) {
return ...
bug
Summary
The ensureReviewClient function in review-runner.js has an HTTP fallback path using fetch() that sends no Authorization
header. If the OpenCode server requires authentication, the review runner ...
bug
security
Severity: MEDIUM
Component: plugins/goal-guard/guard.js
The Bug
resolveIdleSession() wraps its entire body in a try/catch that silently swallows ALL exceptions:
async function resolveIdleSession(sessionID) ...
bug
Summary
The shell analyzer s known command sets (NETWORK_FETCHERS and DECODERS) are missing several common tools, allowing their
dangerous usage patterns to go undetected.
Missing Network Fetchers (NETWORK_FETCHERS) ...
bug
Which bot?
agent-8s
How are you specifying the new version?
tag (easiest)
Tag, Digest, or pause
v1.2.0
Notes (optional)
No response
hfcRed
Summary
The installer s COMPONENT_DIRS includes plugins which recursively copies everything under plugins/, including
plugins/package.json ({ type : module }). This file lands at target /plugins/package.json. ...
bug
Problem
In tools/lab/server/server.mjs, readBody has no max body size limit. A malicious client could send gigabytes of data in
a POST request and OOM the process.
Additionally:
- No CORS headers ...
plugin
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.