fix(security): harden checksum, pin CDN with SRI, cleanup dead code#32
Merged
Conversation
…eanup dead code Security fixes: - npm postinstall: checksum verification now hard-fails instead of warning, preventing tampered binaries from installing silently - website: pin Lucide to v1.16.0 with SHA-384 SRI hash to prevent CDN compromise Extensibility fixes: - config loader: remove hard-rejection of non-'openai' provider types, allowing custom providers via RegisterFactory() - cli: wire Config.Validate() into initConfig() to catch invalid configs early Cleanup: - remove duplicate resume validation from CLI (generator already validates) - remove dead code: StreamChunk struct, ErrKindQuota, ErrKindContentFilter, Duration.MarshalYAML(), global Register/RegisterFactory functions - remove unsupported 'logging:' section from example config - add --verbose/--quiet mutual exclusion via cobra
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 60bfdff7a6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Deploying kothaset with
|
| Latest commit: |
510ecf5
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://8a04de7e.kothaset.pages.dev |
| Branch Preview URL: | https://fix-security-and-cleanup.kothaset.pages.dev |
Validate() in initConfig() caused commands like 'validate config' and 'schema list' to fail when an invalid kothaset.yaml existed in the cwd. Move validation into runGenerate() where a usable runtime config is actually required.
A missing entry in checksums.txt (from omission or tampering) now throws instead of warning, preventing unverified binaries from installing silently.
Owner
Author
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 37ea780a47
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
- Apply gofmt to all Go files - Use fmt.Fprintf instead of WriteString(fmt.Sprintf) in classification.go and preference.go
cfg.Validate() checked raw kothaset.yaml values before CLI overrides were merged, causing commands like 'generate --schema chat' to fail when the config contained a different schema. All fields are already validated individually after resolution (schema.Get, GetProvider, etc).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Security hardening, extensibility fix, and dead code cleanup across 12 files.
Security Fixes (HIGH)
Extensibility Fixes (HIGH/MEDIUM)
Code Cleanup (MEDIUM/LOW)
Verification