fix(shell): surface clone source in workspace context#374
Conversation
|
Warning Review limit reached
More reviews will be available in 38 minutes and 39 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughДобавлена новая утилита ChangesИнтеграция projectTerminalLabel для отображения проекта
🎯 3 (Moderate) | ⏱️ ~25 minutes Возможные связанные PRы:
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error, 1 warning)
✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/terminal/tests/core/project-terminal-label.test.ts`:
- Around line 1-31: Add property-based tests using fast-check for
projectTerminalLabel: write fc.assert(fc.property(...)) cases that verify the
invariants — label always contains displayName or repoUrl fallback, issue refs
(`issue-N`) produce "issue #", pull refs (`refs/pull/N/head`) produce "PR #",
non-empty trimmed containerName causes "container" to appear, and label.split("
| ").length >= 2. Also add properties/edge cases for GitLab MR refs
(`refs/merge-requests/N/head`), SSH/ssh:// URLs, empty displayName (fallback to
repoUrl), empty or whitespace-only containerName (should not include container),
empty repoRef and repoRef === "main" (treat as ordinary source), and non-GitHub
URLs to ensure no malformed URL output; implement these in the existing
projectTerminalLabel test suite by importing fast-check (fc) and generating
appropriate fc.record/fc.string/fc.webUrl/fc.option arbitraries that map into
calls to projectTerminalLabel and assertions of the invariants.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 49ff0e84-19ea-4a27-994a-96d03e02e26c
📒 Files selected for processing (10)
packages/api/src/services/terminal-sessions.tspackages/api/tests/terminal-sessions.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/app/src/web/app-ready-controller-context.tspackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/index.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.tsscripts/e2e/clone-auto-open-ssh.sh
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
- GitHub Check: E2E (Clone cache)
- GitHub Check: E2E (OpenCode)
- GitHub Check: Lint
- GitHub Check: E2E (Login context)
- GitHub Check: Test
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: E2E (Browser command)
- GitHub Check: E2E (Runtime volumes + SSH)
- GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tspackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example:fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example:Effect.provide(MockService), Effect.runPromise.
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/api/tests/terminal-sessions.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tspackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
**/*.{test,spec}.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/api/tests/terminal-sessions.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tsscripts/e2e/clone-auto-open-ssh.shpackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tsscripts/e2e/clone-auto-open-ssh.shpackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tsscripts/e2e/clone-auto-open-ssh.shpackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/terminal/tests/core/project-terminal-label.test.tspackages/terminal/src/core/index.tsscripts/e2e/clone-auto-open-ssh.shpackages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/src/web/app-ready-controller-context.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/terminal/src/core/project-terminal-label.tspackages/api/src/services/terminal-sessions.ts
🧠 Learnings (8)
📓 Common learnings
Learnt from: ezocomp118-source
Repo: ProverCoderAI/docker-git PR: 366
File: packages/api/src/services/skiller.ts:366-369
Timestamp: 2026-06-03T17:35:44.689Z
Learning: In ProverCoderAI/docker-git, launching Electron via `setpriv --reuid/--regid` in the controller container causes a `Trace/breakpoint trap` crash even with `--no-sandbox`. The confirmed workaround is to launch Skiller as the controller user (bash -lc) and enforce project scope at the software level via SkillerContainerScope env vars (HOME, XDG_*, DOCKER_GIT_SKILLER_CONTAINER_HOME_PATH) and the add_project tRPC call. A future fix should use gosu/su-exec or a Chromium-sandbox-compatible credential-drop mechanism instead of setpriv. See PR `#366` for full context.
📚 Learning: 2026-05-14T16:02:05.012Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: docs/integrations/skiller.md:0-0
Timestamp: 2026-05-14T16:02:05.012Z
Learning: Applies to docs/integrations/**/*.(ts|js)?(@(routes|handlers|api))* : API endpoint `POST /projects/by-key/:projectKey/terminal-sessions/:sessionId/skiller/open` must launch Skiller Electron app, register terminal session filesystem scope, and write output to ~/.docker-git/logs/skiller.log
Applied to files:
packages/app/src/web/app-ready-ssh-link-terminal.tspackages/app/tests/docker-git/open-project-ssh.test.tspackages/app/src/docker-git/open-project-ssh.tspackages/api/tests/terminal-sessions.test.tspackages/api/src/services/terminal-sessions.ts
📚 Learning: 2026-05-13T07:10:13.213Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Interop with Promise/exceptions is permitted ONLY in SHELL via `Effect.try` or `Effect.tryPromise` with typed error mapping.
Applied to files:
packages/app/src/docker-git/open-project-ssh.ts
📚 Learning: 2026-05-13T07:09:47.992Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to package.json : Dependencies must include Effect-TS (`effect: ^3.x`) for monadic effects and `effect/schema: ^0.x` for validation with strong typing.
Applied to files:
packages/app/src/docker-git/open-project-ssh.ts
📚 Learning: 2026-05-13T07:09:47.992Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.{ts,tsx} : Use monadic composition with Effect-TS for all effects: `Effect<Success, Error, Requirements>`. Compose effects through `pipe()` and `Effect.flatMap()`. Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
Applied to files:
packages/app/src/docker-git/open-project-ssh.ts
📚 Learning: 2026-05-13T07:10:13.213Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All functions must use Effect-TS for composing effects: `Effect<Success, Error, Requirements>`. No direct async/await, Promise chains, or try/catch in product logic.
Applied to files:
packages/app/src/docker-git/open-project-ssh.ts
📚 Learning: 2026-05-22T21:08:18.083Z
Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 344
File: packages/app/src/docker-git/controller-compose.ts:34-40
Timestamp: 2026-05-22T21:08:18.083Z
Learning: In this repo’s docker-git controller compose generation, `${DOCKER_GIT_CONTROLLER_BUILD_SKILLER:-1}` should be treated as standard bash parameter expansion: when `DOCKER_GIT_CONTROLLER_BUILD_SKILLER` is unset, it defaults to the string "1". There is no "-1" mode. The runtime contract enforced by `packages/app/src/docker-git/controller-compose.ts` is: unset / "1" / "true" => output "1"; "0" / "false" => output "0". If review code shows branching/behavior for "-1" or any numeric value other than this 0/1 contract, flag it. Also ensure the Dockerfile ARG `DOCKER_GIT_CONTROLLER_BUILD_SKILLER` stays consistent with default `1`.
Applied to files:
packages/app/src/docker-git/open-project-ssh.ts
📚 Learning: 2026-05-18T07:43:38.131Z
Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 313
File: packages/api/src/services/panel-cloudflare-tunnel.ts:123-135
Timestamp: 2026-05-18T07:43:38.131Z
Learning: In this repo’s ProverCoderAI/docker-git architecture, it is intentional for service modules under packages/api/src/services/ to call Node.js APIs directly (e.g., fs, child_process, fetch). Do not treat direct Node API usage in these service modules as a dependency-injection (DI) violation. This codebase provides the NodeContext at the program boundary (entry point) rather than injecting Context.Tag/Layer services into individual service modules; reviewers should only flag DI/context issues if the expected boundary setup is missing.
Applied to files:
packages/api/src/services/terminal-sessions.ts
🪛 OpenGrep (1.22.0)
packages/terminal/src/core/project-terminal-label.ts
[ERROR] 74-74: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
[ERROR] 79-79: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
[ERROR] 86-86: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
🔇 Additional comments (15)
packages/terminal/src/core/project-terminal-label.ts (5)
19-34: LGTM!
46-68: LGTM!
70-94: LGTM!
101-134: 🧹 Nitpick | 🔵 Trivial | 💤 Low valueФункция корректна, но стиль может не соответствовать guidelines в части Effect-TS.
Функция реализована как чистая функция без Effect-TS обёртки. Согласно guidelines, "All functions must use Effect-TS for composing effects", однако эта функция помечена
@effect noneи@throws Never, что указывает на отсутствие эффектов для композиции.Для чисто математических/форматирующих функций CORE-слоя без эффектов такой подход может быть приемлемым, но guidelines неоднозначны в этом вопросе.
Логика функции корректна:
- Обработка пустых значений через trim и fallback ✓
- Детерминированное форматирование контекста issue/PR/MR ✓
- Опциональное добавление containerName ✓
- Сложность O(n) соответствует заявленной ✓
⛔ Skipped due to learnings
Learnt from: CR Repo: ProverCoderAI/docker-git PR: 0 File: CLAUDE.md:0-0 Timestamp: 2026-05-13T07:09:47.992Z Learning: Applies to **/*.{ts,tsx} : Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).Learnt from: CR Repo: ProverCoderAI/docker-git PR: 0 File: AGENTS.md:0-0 Timestamp: 2026-05-13T07:10:13.213Z Learning: Applies to **/*.{ts,tsx,js,jsx} : Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
8-10: Regex-паттерны дляrepoRefсоответствуют форматам, которые формирует/обрабатывает docker-git
^issue-(\d+)$соответствуетrepoRef: "issue-<n>", который используется в парсинге issue.^refs/pull/(\d+)/head$соответствуетrepoRef: \refs/pull//head`, который генерируется в коде и ожидается в bash-шаблонах (refs/pull/*/head`).^refs/merge-requests/(\d+)/head$соответствуетrepoRef: \refs/merge-requests//head`, который генерируется и проверяется в шаблонах (refs/merge-requests/*/head`).packages/terminal/src/core/index.ts (1)
3-3: LGTM!packages/app/src/web/app-ready-controller-context.ts (2)
1-1: LGTM!
28-28: Проверьте совместимость типовProjectSummaryиProjectTerminalLabelInputв вызовеprojectTerminalLabel()
ProjectTerminalLabelInputтребуетdisplayName,repoUrl,repoRef, иcontainerName?.ApiProjectSummaryсодержит эти поля с теми же типами. НоDashboardDataописываетprojects: ReadonlyArray<ProjectSummary>, поэтому нужно посмотреть, что именно такоеProjectSummary(совпадает ли по полям/типам сApiProjectSummary) и чтоselectedProjectSummaryкорректно приводится кProjectTerminalLabelInputвprojectTerminalLabel().packages/app/src/web/app-ready-ssh-link-terminal.ts (2)
1-1: LGTM!
140-140: Проверка совместимостиDashboardProjectсProjectTerminalLabelInput
DashboardProject(DashboardData["projects"][number]) содержит все требуемые поля дляProjectTerminalLabelInput:displayName,repoRef,repoUrlи опциональноеcontainerName, поэтому вызовprojectTerminalLabel(project)на этом месте типобезопасен.packages/api/src/services/terminal-sessions.ts (1)
30-30: LGTM!Also applies to: 1403-1403, 1425-1425
packages/api/tests/terminal-sessions.test.ts (1)
417-417: LGTM!packages/app/src/docker-git/open-project-ssh.ts (1)
4-4: LGTM!Also applies to: 160-160, 207-207, 209-209, 245-245
packages/app/tests/docker-git/open-project-ssh.test.ts (1)
72-72: LGTM!Also applies to: 74-74
scripts/e2e/clone-auto-open-ssh.sh (1)
249-250: LGTM!
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/terminal/src/core/project-terminal-label.ts`:
- Around line 62-70: The label currently returns raw repoUrl (via
trimmedUrl/repoRef) which can leak tokens; update the code that builds the
terminal label (the block using repoUrl/trimmedUrl and repoRef/trimmedRef) to
sanitize repoUrl first by parsing and removing userinfo and query string—e.g.,
use the URL constructor to set username/password='' and search='' and then use
the sanitized URL in the existing return logic; if URL parsing fails, fallback
to redacting anything before/after an '@' or strip query string so no
credentials or query params are included (also apply the same sanitization where
repoUrl is used at the other site mentioned around lines 137-138).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: b88ee859-920c-43a2-9b7c-446cc82adfa3
📒 Files selected for processing (3)
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: E2E (OpenCode)
- GitHub Check: E2E (Login context)
- GitHub Check: E2E (Clone cache)
- GitHub Check: E2E (Runtime volumes + SSH)
🧰 Additional context used
📓 Path-based instructions (9)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example:fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example:Effect.provide(MockService), Effect.runPromise.
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.{test,spec}.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
**
⚙️ CodeRabbit configuration file
**: РОЛЬ: Математик-программист, специализирующийся на формально верифицируемой функциональной архитектуре.ЦЕЛЬ: Создавать математически доказуемые решения через функциональную парадигму с полным разделением чистых вычислений и контролируемых эффектов.
МОДЕЛЬ РАССУЖДЕНИЯ:
- Не выдавать “личные мнения”. Формировать вывод как результат симуляции профессионального обсуждения релевантных ролей
(архитектор Effect/FP, ревьюер типов, страж CORE↔SHELL, тест-инженер).- Если запрос сформулирован как “что думаешь”, отвечать в терминах аргументов ролей и выбирать решение
по критериям инвариантов, типовой безопасности и тестируемости (если пользователь явно просит выбор — выбрать и обосновать).ПРАВИЛО ПРОЦЕССА (НЕ ФОРМАТ ОТВЕТА):
В начале работы (внутренне) формулировать Deep Research вопрос:
"I am looking for code that does , is there existing code that can do this?"
Далее:
- если доступен проект/код — сперва искать и переиспользовать существующие паттерны (минимальный корректный diff),
- если проект недоступен — опираться на предоставленный контекст и явно фиксировать допущения,
- код писать только после формального понимания задачи (типы/инварианты → архитектура → код → тесты),
- источники указывать только если реально использован внешний материал; иначе
SOURCE: n/a.ИНСТРУМЕНТАЛЬНОЕ ПОВЕДЕНИЕ (ОБЯЗАТЕЛЬНО, НЕ ФОРМАТ ОТВЕТА):
- Агент всегда использует доступные инструменты среды (терминал, поиск по проекту, запуск тестов/скриптов, анализ сборки, web-ресёрч при необходимости)
для ресёрча, проверки гипотез и выполнения действий. Приоритет: проверяемость, воспроизводимость, минимальный риск.- Агент не предлагает “гайд” как замену действия. Если действие возможно выполнить инструментами — агент выполняет его сам,
затем сообщает, что было сделано и как повторить.- Любые инструкции (команды/процедуры) агент даёт только после собственной проверки на доступной среде.
Если проверить невозможно — явно фиксирует ограничение и перечисляе...
Files:
packages/app/tests/docker-git/open-project-ssh.test.tspackages/terminal/src/core/project-terminal-label.tspackages/terminal/tests/core/project-terminal-label.test.ts
🧠 Learnings (5)
📚 Learning: 2026-05-14T16:02:05.012Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: docs/integrations/skiller.md:0-0
Timestamp: 2026-05-14T16:02:05.012Z
Learning: Applies to docs/integrations/**/*.(ts|js)?(@(routes|handlers|api))* : API endpoint `POST /projects/by-key/:projectKey/terminal-sessions/:sessionId/skiller/open` must launch Skiller Electron app, register terminal session filesystem scope, and write output to ~/.docker-git/logs/skiller.log
Applied to files:
packages/app/tests/docker-git/open-project-ssh.test.ts
📚 Learning: 2026-05-13T07:10:13.213Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{test,spec}.{ts,tsx} : Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Applied to files:
packages/terminal/tests/core/project-terminal-label.test.ts
📚 Learning: 2026-05-13T07:09:47.992Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.test.{ts,tsx} : Implement property-based testing using fast-check for mathematical properties and invariants. Example: `fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages)))`.
Applied to files:
packages/terminal/tests/core/project-terminal-label.test.ts
📚 Learning: 2026-05-13T07:10:13.213Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
Applied to files:
packages/terminal/tests/core/project-terminal-label.test.ts
📚 Learning: 2026-05-13T07:09:47.992Z
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.{ts,tsx} : Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Applied to files:
packages/terminal/tests/core/project-terminal-label.test.ts
🔇 Additional comments (2)
packages/terminal/tests/core/project-terminal-label.test.ts (1)
1-214: LGTM!packages/app/tests/docker-git/open-project-ssh.test.ts (1)
72-75: LGTM!
| const trimmedUrl = repoUrl.trim() | ||
| const trimmedRef = repoRef.trim() | ||
| if (trimmedUrl.length === 0) { | ||
| return trimmedRef.length === 0 || trimmedRef === "main" ? "" : trimmedRef | ||
| } | ||
| return trimmedRef.length === 0 || trimmedRef === "main" | ||
| ? trimmedUrl | ||
| : `${trimmedUrl} (${trimmedRef})` | ||
| } |
There was a problem hiding this comment.
Не выводите сырой repoUrl в терминальный лейбл — возможна утечка токенов.
На Line 62-70 и Line 137-138 в label попадает repoUrl без санитизации. Если URL содержит userinfo/query (например PAT), секрет окажется в UI/прогрессе/персистентных записях сессий.
💡 Минимальный фикс
+const sanitizeRepoUrlForLabel = (value: string): string =>
+ value
+ .trim()
+ .replace(/^(https?:\/\/)[^/@\s]+@/u, "$1")
+ .split(/[?#]/u, 1)[0] ?? ""
const renderSourceContext = (repoUrl: string, repoRef: string): string => {
- const trimmedUrl = repoUrl.trim()
+ const trimmedUrl = sanitizeRepoUrlForLabel(repoUrl)
const trimmedRef = repoRef.trim()
if (trimmedUrl.length === 0) {
return trimmedRef.length === 0 || trimmedRef === "main" ? "" : trimmedRef
}
return trimmedRef.length === 0 || trimmedRef === "main"
? trimmedUrl
: `${trimmedUrl} (${trimmedRef})`
}
...
export const projectTerminalLabel = (project: ProjectTerminalLabelInput): string => {
...
const displayName = project.displayName.trim()
- return displayName.length === 0 ? project.repoUrl.trim() : displayName
+ return displayName.length === 0 ? sanitizeRepoUrlForLabel(project.repoUrl) : displayName
}As per coding guidelines: Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output.
Also applies to: 137-138
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/terminal/src/core/project-terminal-label.ts` around lines 62 - 70,
The label currently returns raw repoUrl (via trimmedUrl/repoRef) which can leak
tokens; update the code that builds the terminal label (the block using
repoUrl/trimmedUrl and repoRef/trimmedRef) to sanitize repoUrl first by parsing
and removing userinfo and query string—e.g., use the URL constructor to set
username/password='' and search='' and then use the sanitized URL in the
existing return logic; if URL parsing fails, fallback to redacting anything
before/after an '@' or strip query string so no credentials or query params are
included (also apply the same sanitization where repoUrl is used at the other
site mentioned around lines 137-138).
1 participant
Source TZ / Issues
d02ecf8.Summary
Requirements Alignment
Verification
bun run --filter @effect-template/api testbun run --filter @prover-coder-ai/docker-git-terminal testbun run --filter @prover-coder-ai/docker-git-terminal lintbun run --filter @prover-coder-ai/docker-git-terminal typecheckbun run --filter @prover-coder-ai/docker-git testbun run --filter @prover-coder-ai/docker-git-session-sync testbun run --filter @effect-template/lib testbun run buildbun run typecheckbun run lint:effectbun run --filter @effect-template/api lintbun run --filter @effect-template/api typecheckbun run --filter @effect-template/api buildbun run check:dist-deps-prunebun run --cwd packages/app build:web:strictgit diff --checkbun ./packages/app/dist/src/docker-git/main.js --helpbun ./packages/docker-git-session-sync/dist/docker-git-session-sync.js --helpMathematical Guarantees
issue-nmaps toissue #nand a GitHub issue URL when repoUrl is a GitHub remote.refs/pull/n/headmaps toPR #nand a GitHub PR URL when repoUrl is a GitHub remote.refs/merge-requests/n/headmaps toMR #n.mainrefs render source context without an extra ref suffix.containerNameis preserved in terminal labels after trimming.