Conversation
…ling-connections Fix dangling connection deletes
…e-1129 Revert staging backport of issue 1129
This reverts commit e85da38.
…play-avatar-height Fix roleplay panel avatars clipping on short messages
…rom-staging Revert issue 1272 from staging
…alpha-workflow Register pre-alpha build workflow on default branch
✅ Bunny Review CompletedTip Review posted. The specimen has left the observation table.
|
🐰 Bunny ReviewBunny Merge Signal: Review IncompleteCaution REVIEW INCOMPLETE
Note Mode: 🧭 Specimen Summary
🔎 Isolated DefectsCaution No model findings are available because Bunny Review failed before completing inspection. 🧹 Nitpicks
✅ Control Checks
🧪 Observations
🧰 CI Status
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| # This pull_request_target workflow is intentionally a dispatcher only. | ||
| # It must not checkout, install, or execute code from the pull request. | ||
| gh workflow run bunny-review.yml \ | ||
| --repo "${{ github.repository }}" \ |
There was a problem hiding this comment.
[blocking] Dispatch targets an absent reviewer workflow
The dispatcher invokes bunny-review.yml, but the inspected repository context establishes no such workflow file and no matching workflow_dispatch contract. This specimen therefore reaches a dead control path: GitHub rejects the dispatch before review begins. The command dispatcher repeats the same target, so both entry points inherit the same failure mode.
Suggested fix: Add the trusted bunny-review.yml workflow on refactor with the declared inputs, or retarget both dispatchers to an existing workflow.
Prompt for AI Agents
Verify each Bunny finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate.
In `@.github/workflows/bunny-review-auto.yml` around line 33:
- Dispatch targets an absent reviewer workflow
The dispatcher invokes `bunny-review.yml`, but the inspected repository context establishes no such workflow file and no matching `workflow_dispatch` contract. This specimen therefore reaches a dead control path: GitHub rejects the dispatch before review begins. The command dispatcher repeats the same target, so both entry points inherit the same failure mode.
Suggested fix: Add the trusted `bunny-review.yml` workflow on `refactor` with the declared inputs, or retarget both dispatchers to an existing workflow.
| pull-requests: read | ||
|
|
||
| jobs: | ||
| dispatch: |
There was a problem hiding this comment.
[medium] Slash dispatch is not bound to the PR base branch
The command gate verifies that the issue is a pull request, the comment starts with the command, and the commenter is trusted. It never inspects the pull request base branch, while the dispatch pins the reviewer workflow to refactor. A command on a PR targeting another branch can therefore misclassify the baseline and policy surface.
Suggested fix: Fetch the PR metadata in the command job and reject unless base.ref == TARGET_REF, or derive the dispatched ref from the PR base explicitly.
Prompt for AI Agents
Verify each Bunny finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate.
In `@.github/workflows/bunny-review-command.yml` around line 14:
- Slash dispatch is not bound to the PR base branch
The command gate verifies that the issue is a pull request, the comment starts with the command, and the commenter is trusted. It never inspects the pull request base branch, while the dispatch pins the reviewer workflow to `refactor`. A command on a PR targeting another branch can therefore misclassify the baseline and policy surface.
Suggested fix: Fetch the PR metadata in the command job and reject unless `base.ref == TARGET_REF`, or derive the dispatched ref from the PR base explicitly.
| jobs: | ||
| dispatch: | ||
| if: > | ||
| github.event.issue.pull_request && |
There was a problem hiding this comment.
[low] Command prefix accepts malformed invocations
The trigger accepts any comment whose first bytes are /bunny-review. Inputs such as /bunny-reviewer or /bunny-review-full enter the dispatch path and collapse into auto mode. The command contract therefore admits unintended aliases.
Suggested fix: Require an exact command token, such as /bunny-review alone or /bunny-review followed by whitespace.
Prompt for AI Agents
Verify each Bunny finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate.
In `@.github/workflows/bunny-review-command.yml` around line 16:
- Command prefix accepts malformed invocations
The trigger accepts any comment whose first bytes are `/bunny-review`. Inputs such as `/bunny-reviewer` or `/bunny-review-full` enter the dispatch path and collapse into `auto` mode. The command contract therefore admits unintended aliases.
Suggested fix: Require an exact command token, such as `/bunny-review` alone or `/bunny-review` followed by whitespace.
| stats["context_searches"] += 1 | ||
| try: | ||
| body = search_repo(pattern) | ||
| except Exception as exc: |
There was a problem hiding this comment.
🔥 HIGH: Extra context escapes the redaction chamber
Location: .github/bunny-review/bunny_review.py:735
A splendid little privacy leak: the main review packet is passed through
redact_for_model, but requested extra context is appended after raw file reads and repository searches. The path guard blocks only a narrow set of basenames, so env-shaped CI artifacts, credential-bearing config, or secret-looking values in ordinary files can still be delivered to the model. The apparatus constructs a mask, then removes it for the second experiment.
Tip
Suggested fix: Route every extra-context file body and search result through the same redaction and sensitive-path policy before insertion into the model-bound packet.
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| BASE=$(gh pr view "$PR_NUM" --json baseRefName -q .baseRefName) |
There was a problem hiding this comment.
🔥 HIGH: Trusted workflow trusts an unbounded PR base
Location: .github/workflows/bunny-review.yml:68
A charming breach in the quarantine: the dispatched reviewer resolves the PR base and then uses that branch as the source of executable review tooling. The outer dispatchers restrict bases to
refactorandmain, but the innerworkflow_dispatchentry point repeats none of that discipline. A manual dispatch can therefore aim at a PR whose base branch supplies its ownbunny_review.py, and the apparatus calls the scalpel trusted while letting the specimen choose it.
Tip
Suggested fix: Make the trusted workflow enforce the same exact base allowlist before any fetch, git show, or Python execution can touch branch-provided tooling.
| check_runs = json.load(handle).get("check_runs", []) | ||
| control = {"expected": expected, "passing": [], "pending": [], "failed": [], "missing": []} | ||
| for name in expected: | ||
| matches = [check for check in check_runs if check.get("name") == name] |
There was a problem hiding this comment.
⚠️ MEDIUM: Stale duplicate check runs poison CI verdicts
Location: .github/workflows/bunny-review.yml:224
The CI collector treats every check run with a matching name as current evidence. GitHub can retain multiple check runs for the same commit and job name after reruns, so an obsolete failed run can sit beside the successful rerun and still be counted as failure. Bunny's final status can condemn a PR whose current required checks are green, an elegant little autopsy of the wrong corpse.
Tip
Suggested fix: Select the latest check run per expected name before classifying pass, pending, or failure.
| if status != "completed": | ||
| control["pending"].append(name) | ||
| elif conclusion in {"success", "skipped"}: | ||
| control["passing"].append(name) |
There was a problem hiding this comment.
⚠️ MEDIUM: Skipped required checks are embalmed as success
Location: .github/workflows/bunny-review.yml:234
The CI gate declares checks marked
required: always, then calmly files askippedconclusion besidesuccess. That is a delightful contradiction: a required validation job can avoid running and still feed Bunny a passing control record. The resulting status can advertise safety where no validation actually occurred.
Tip
Suggested fix: Treat skipped as missing or failed for required: always checks unless the check configuration explicitly grants a skip policy.
* Fix mobile composer text input collapse (Pasta-Devs#1136) * Fix tracker aliases, avatars, HUD temps, and changelog (Pasta-Devs#1137) Resolve tracker characters through active-chat names, aliases, title/comment aliases, and bracketed aliases so group chats can match card names that differ from tracker names. Preserve uploaded NPC tracker avatars and portrait focus across agent refreshes, including first snapshot writes, without copying manual avatars onto real character-card IDs. Reuse the shared temperature display helpers in the roleplay HUD so the tracker temperature unit setting applies there too. Backfill changelog entries for recent Xel PRs and record the tracker hotfix under 1.6.1. * Reduce chat startup and focus refetch lag * Revert "Reduce chat startup and focus refetch lag" This reverts commit e85da38. * Register pre-alpha workflow on default branch * Add Bunny review command bootstrap (Pasta-Devs#1821) * Register Bunny auto review dispatcher on main (Pasta-Devs#1872) * Enable Bunny dispatch for draft PRs (Pasta-Devs#2026) * Update Bunny auto dispatch bootstrap (Pasta-Devs#2261) * Enable Bunny review bootstrap on main (Pasta-Devs#2406) * Fix Bunny main CI check names --------- Co-authored-by: Xel <Xelvanas@gmail.com> Co-authored-by: Spicy_Marinara <mgrabower97@gmail.com> Co-authored-by: munimunigamer <munimunigamer@protonmail.com> Co-authored-by: Promansis <damon.kyle.walling@gmail.com>
5 participants
Linked issue
Closes #
Why this change
What changed
Validation
pnpm checkpasses locallyCONTRIBUTING.mdManual verification notes
Docs and release impact
UI evidence (if applicable)