fix: security hardening, stability fixes, and audit logging#23
Open
Noopy420 wants to merge 1 commit intozebbern:mainfrom
Open
fix: security hardening, stability fixes, and audit logging#23Noopy420 wants to merge 1 commit intozebbern:mainfrom
Noopy420 wants to merge 1 commit intozebbern:mainfrom
Conversation
- fix(git): prevent command injection via branch name validation and shell escaping - fix(git): use `git worktree list --porcelain` for reliable parsing (handles spaces in paths) - fix(shell): cap output buffer at 10 MB to prevent OOM on infinite output - fix(claude): per-channel query isolation to prevent concurrent session collisions - fix(claude): add 10-minute timeout on SDK queries to prevent indefinite hangs - fix(claude): enforce Discord embed size limits with safe truncation - fix(env): handle quoted .env values containing '=' and inline comments - fix(crash): implement functional crash recovery with proper logging - feat(session): auto-archive inactive Discord threads during cleanup (addresses zebbern#19) - feat(audit): add audit logger with in-memory + JSONL file persistence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
exec(). Usesgit worktree list --porcelainfor reliable parsing that handles paths with spaces.yes,cat /dev/urandom). Appends a truncation notice when the limit is hit.activeQueryvariable with aMap<channelId, Query>so concurrent/claudecommands from different channels don't overwrite each other's sessions.executeWithErrorHandling()withPromise.race()to abort if the SDK hangs indefinitely.safeTruncate()to enforce Discord's 4096-char embed description limit, preventing API errors on large Claude responses.=— Values likeSECRET="a=b=c"now parse correctly. Also handles escape sequences in double-quoted values and inline comments in unquoted values.recoverShellProcess(),recoverWorktreeProcess(), andrecoverClaudeProcess()now properly clean up resources with structured logging instead of being stubs.cleanup()method now archives Discord threads before removing them from internal state, keeping the server tidy. Addresses Feature Req: better session management #19.util/audit-logger.tsprovides in-memory + JSONL file audit logging for all bot commands, including user, command, cost, and duration tracking.Test plan
.envconfiguration/worktreewith valid branch names (should work as before)/worktreewith malicious branch names like; rm -rf /(should be rejected)/shellwith a command that produces large output (should truncate at 10 MB)/claudecommands in different channels (should not interfere).envfile withSECRET="key=value"format (should parse correctly)🤖 Generated with Claude Code