issues Search Results · language:Dune language:JavaScript language:Python language:JavaScript language:Java
Filter by
55.2M results
Description: Since yesterday (June 17, 2026), several core features of the extension have stopped working on the YouTube
home page, likely due to a recent YouTube layout change.
Steps to reproduce / Observed ...
u31b3w6
Summary
The goal-guard shell analyzer in plugins/goal-guard/shell.js does not classify several git destructive operations as
destructive. A real agent can run git stash -u drop, git tag -d v1.0.0 v1.0.1, ...
bug
devinoldenburg
Problem
In tools/lab/server/guard-state.mjs, guardStateFile(cwd) uses cwd directly in path construction without sanitization. If
cwd contains ../, path traversal is possible, allowing reads outside the ...
plugin
security
Severity: LOW
Component: plugins/goal-guard/summary.js
The Bug
The sidebar s done determination only checks gates and dirty state:
const done = required.length 0 missing.length === 0 !state.dirty; ...
bug
Summary
The file docs/sidebar-demo.svg is shipped in the npm package via the files glob but is not referenced anywhere in the
current README or documentation. It was replaced by docs/sidebar-preview.png ...
documentation
Summary
Both ARCHITECTURE.md and CHANGELOG.md (v0.6.8 entry) claim 355 tests across 18 files. The actual count is 359 tests
across 20 files — logger.test.mjs and deep-bughunt.test.mjs are not accounted ...
documentation
Severity: LOW
Component: plugins/goal-guard/shell.js
The Bug
Inside \ command substitution, readBalanced passes \\\\ through as literal \\\\ (two chars):
if (c === \ i + 1 n) {
out += c + ...
bug
Summary
The lex() function processes input character-by-character with no maximum input length check, creating a DoS risk when
processing extremely large command strings.
Affected code
plugins/goal-guard/shell.js ...
bug
Summary
When state === none (no goal yet), the sidebar renders nothing — the native todo section shows instead. During the
window between session-open and goal-contract recording, the user sees the native ...
bug
Problem
In tools/lab/server/incidents.mjs, safety-miss detection (when the shell guard fails to block a destructive command)
reuses INCIDENT_FAMILY.COMPLETION_LEAK as the family. This should be a distinct ...
bug
plugin
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.