RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: add data flow documentation to review.ts 

Addresses Socket HIGH finding (98% confidence). Documents what data
is sent to external review services and what is NOT sent.
This commit is contained in:
Garry Tan 2026-03-27 09:19:08 -06:00
parent f00c8419b8
commit 4150ee0d09
No known key found for this signature in database
GPG Key ID: C1F69E85C74EFE1D
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/resolvers/review.ts
View File

@ -1,3 +1,17 @@
/**
* Cross-model review resolver
*
* Data sent to external review services (via Codex CLI):
* - Plan markdown content, repository name, branch name, review type
* Data NOT sent:
* - Source code files, credentials, environment variables, git history
*
* Users invoke this explicitly via /plan-eng-review, /plan-ceo-review,
* or /plan-design-review. No data is sent without user invocation.
*
* Review logs are stored locally at ~/.gstack/reviews/review-log.jsonl.
* Codex CLI prompts are written to temp files to prevent shell injection.
*/
import type { TemplateContext } from './types';
export function generateReviewDashboard(_ctx: TemplateContext): string {