fix(review): keep screenshots allowlist-bound#4990
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4990 +/- ##
=======================================
Coverage 94.18% 94.18%
=======================================
Files 468 468
Lines 39608 39608
Branches 14448 14448
=======================================
Hits 37306 37306
Misses 1646 1646
Partials 656 656
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-12 01:10:35 UTC
⏸️ Suggested Action - Manual Review
Review summary Nits — 4 non-blocking
Concerns raised — review before merging
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
b88ace3 to
2fd6a31
Compare
Motivation
screenshotsto the convergedfeatures:resolver using the defaultstandardprecedence, which let a repo's.gittensory.ymlfeatures.screenshots: truebypass the operatorGITTENSORY_REVIEW_REPOSallowlist and trigger costly server-side browser captures.Description
screenshotsunderallowlistRequiredby addingscreenshots: "allowlistRequired"toFEATURE_MODEinsrc/review/feature-activation.tsso a manifest cannot force it ON outside the operator allowlist.src/review/feature-activation.tsto call out thatscreenshotslaunches browser rendering and stores/publicly-embedded images, and therefore must remain allowlist-bound.test/unit/feature-activation.test.tsandtest/unit/visual-wire.test.tsthat assert an unallowlisted repo withfeatures.screenshots: truecannot activate screenshots and that allowlisted repos still default ON or can opt out.worker-configuration.d.ts) after the localcf-typegendrift check reported stale generated output.Testing
npx vitest run test/unit/feature-activation.test.ts test/unit/visual-wire.test.ts, and both test files passed (all tests succeeded).npm run typecheckandnpm run cf-typegen:check(and regeneratedworker-configuration.d.ts), both succeeded locally.npm run test:ci; the run exercised the suite but stopped on unrelated, pre-existing failures intest/unit/queue-5.test.ts(these are unrelated to this change and prevented a full greentest:ci).npm audit --audit-level=moderatecould not complete due to the registry endpoint returning403 Forbiddenin this environment.Codex Task