fix(selfhost): remove Claude reviewer tools#5105
Conversation
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5105 +/- ##
=======================================
Coverage 94.20% 94.20%
=======================================
Files 470 470
Lines 39722 39722
Branches 14493 14493
=======================================
Hits 37421 37421
Misses 1645 1645
Partials 656 656
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-11 17:27:12 UTC
⏸️ Suggested Action - Manual Review
Review summary Blockers
Nits — 5 non-blocking
Concerns raised — review before merging
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Motivation
--permission-mode bypassPermissionswith a brittle mutating-tool denylist, allowing unlisted tools (including MCP tools) to run via prompt injection.Description
--tools "",--strict-mcp-config, and using--disallowedTools mcp__*when spawning theclaudesubprocess.--permission-mode bypassPermissionsfor headless operation but remove all built-in tools and prevent user/home MCP config from loading as a defense-in-depth boundary.--append-system-prompt-file(no change in behavior) and keep the one-shot JSON review flow intact.plan,--tools "",--strict-mcp-config, and--disallowedTools mcp__*).Testing
npm run selfhost:env-reference:checkand it passed.npx vitest run test/unit/selfhost-ai.test.ts -t "Claude Code"andnpx vitest run test/unit/selfhost-ai.test.ts, both completed successfully (tests passing for the changed path).npm run typecheckand it passed.npm run test:coverage(full suite) but the broader suite exceeded the available execution window in this environment and was not completed.npm audit --audit-level=moderatebut the registry audit endpoint returned403 Forbiddenin this execution environment, so the audit did not complete.Codex Task