forked from wesm/agentsview
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.roborev.toml
More file actions
87 lines (72 loc) · 4.38 KB
/
.roborev.toml
File metadata and controls
87 lines (72 loc) · 4.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
review_guidelines = """
agentsview is a LOCAL-ONLY developer tool. It binds to 127.0.0.1
by default and is not designed for multi-user or public deployment.
Key assumptions reviewers MUST account for:
1. NO AUTHENTICATION NEEDED: All API endpoints are unauthenticated
by design. The server listens on localhost only. Flagging missing
auth on any endpoint is a false positive.
2. XSS / SANITIZATION: Markdown rendering uses DOMPurify. The
{@html renderMarkdown(...)} pattern in Svelte is intentional and
safe because renderMarkdown() sanitizes via DOMPurify before
returning HTML. Do not flag this as XSS.
3. RATE LIMITING / DoS: As a local single-user tool, rate limiting
and concurrency caps are unnecessary. The 10-minute timeout on
AI CLI generation is intentional. Do not flag missing rate limits.
4. CORS: The CORS policy uses Allow-Origin: * because the embedded
SPA is served from the same origin. Cross-origin access from
other local tools is acceptable for a localhost-only service.
5. INPUT VALIDATION: Request body size limits are not required for
a localhost-only service. Do not flag missing MaxBytesReader or
similar unless the endpoint is exposed to untrusted networks.
6. SESSION DATA DISPLAY: The tool reads session files from the
user's own disk and displays their contents (including tool call
arguments, bash commands, prompts, file paths). This is the
tool's core purpose. Storing and rendering input_json, commands,
or other session content is NOT a credential exposure risk —
the user already has full access to these files. Do not flag
tool argument storage or display as sensitive data exposure.
7. SCHEMA VERIFICATION: The tool_calls table has an explicit
`id INTEGER PRIMARY KEY` column (schema.sql). Do not flag
ORDER BY id or references to tool_calls.id as missing-column
errors without verifying the actual schema.
8. SUBPROCESS ENVIRONMENT: Agent CLI subprocesses (claude, codex,
gemini) intentionally inherit the parent process environment.
Environment sanitization is the user's responsibility when
launching agentsview. Do not flag env var inheritance to agent
CLIs as a security issue.
9. SESSION FILE PARSING: Session files (JSONL, JSON) are produced by
agent CLIs running on the user's own machine. The parser does not
need to defend against adversarial or malicious input. Do not flag:
- Missing cycle detection in DAG/tree traversals (UUIDs are unique)
- Missing recursion depth limits (fork depth is bounded by human
interaction — each fork requires a user backtracking)
- Unreachable-node checks in DAG connectivity (degenerate structures
already fall back to linear parsing via multi-root and dangling
parentUuid checks)
10. WRITE ATOMICITY: Session data is written per-session in individual
transactions. Cross-session atomicity (e.g. writing all fork
sessions from one file in a single transaction) is not required.
A full resync recovers any partial state. Do not flag non-atomic
multi-session writes as a data corruption risk.
11. TOCTOU ON LOCAL FILES: File operations on user-owned paths inside
~/.agentsview/ (e.g. log truncation, config reads) do not need
TOCTOU protection. An attacker who can create symlinks or modify
files in the user's home directory already has equivalent access.
Do not flag Lstat-then-Truncate or similar patterns on local-only
user-owned paths as TOCTOU vulnerabilities.
12. SCHEMA NOT NULL CONSTRAINTS: Before flagging SQL NULL handling
issues (e.g. NOT IN excluding NULLs), check the schema. The
sessions table defines `relationship_type TEXT NOT NULL DEFAULT ''`
(schema.sql), so NULL values cannot exist. The NOT IN clause works
correctly for non-NULL columns. Do not flag NULL filtering issues
without verifying the actual column constraints.
13. VERIFY CONTROL FLOW BEFORE FLAGGING: When claiming a counter or
guard is incorrect, trace the actual control flow including early
returns, continue statements, and conditionals. For example, if
code has `if len(results) == 0 { continue }` before incrementing
a counter, the counter is NOT incremented for zero-result cases.
Read the code carefully before reporting logic errors.
Do NOT flag issues that only apply to public-facing, multi-tenant,
or network-exposed services. Focus on bugs, logic errors, data
corruption risks, and code quality issues.
"""