mirror of https://github.com/garrytan/gstack.git
ed349027f5
Codex code review found two issues:
P1: eval $(gstack-slug) in gstack-repo-mode executes branch names as
shell. Branch names like foo$(touch${IFS}pwned) are valid git refs and
would execute arbitrary commands. Fix: compute SLUG directly with sed
instead of eval'ing gstack-slug output.
P2: git shortlog HEAD only sees current branch history. On feature
branches that haven't merged main recently, other contributors disappear
from the sample. Fix: use git shortlog on the default branch
(origin/main) instead of HEAD.
Also improved blame lookup in collaborative triage to check both the
test file and the production code it covers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| analytics.ts | ||
| dev-skill.ts | ||
| eval-compare.ts | ||
| eval-list.ts | ||
| eval-select.ts | ||
| eval-summary.ts | ||
| eval-watch.ts | ||
| gen-skill-docs.ts | ||
| skill-check.ts | ||