Migrate to OpenAI-like API with enhanced security #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…on validation - Add command sanitization to prevent shell injection attacks - Replace system() with popen() for safer command execution - Add validation for dangerous characters and shell constructs - Enhance configuration system with environment variable validation - Add proper error handling and buffer size checks - Improve JSON escaping to prevent injection attacks BREAKING CHANGE: Environment variable names changed from OR_KEY to OPENAI_KEY, and OPENAI_BASE and OPENAI_MODEL are now required
Replace OpenRouter integration with OpenAI API support, implement robust shell command sanitization, and introduce Napoleon Dynamite personality module. Add multi-step command chaining capabilities and update build configuration for new dependencies.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Add GitHub Actions CI matrix build with basic tests - Add release workflow to build, checksum, and upload assets - Implement RAG via grep-based local context search - Add CLI args: --rag PATH and --rag-snippets N; env vars RAG_* - Integrate RAG snippets into user prompt when enabled - Add args.c and rag.c; extend Config with RAG fields - Move sources to src/ and update Makefile SOURCES - Escape control characters in JSON content - Secure temp files with 0600 and switch to exit() - Update README and relocate preview to docs/
… and RAG support - Add GitHub Actions CI matrix build with basic tests - Add release workflow to build, checksum, and upload assets - Implement RAG via grep-based local context search - Add CLI args: --rag PATH and --rag-snippets N; env vars RAG_* - Integrate RAG snippets into user prompt when enabled - Add args.c and rag.c; extend Config with RAG fields - Move sources to src/ and update Makefile SOURCES - Escape control characters in JSON content - Secure temp files with 0600 and switch to exit() - Update README and relocate preview to docs/
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Validate and sanitize path to prevent injection/traversal - Resolve paths with realpath and ensure they stay within CWD - Use resolved path in grep command - Add Windows realpath/getcwd shims and required headers
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Update Makefile to improve build flags and streamline Windows build process. - Implement platform-specific clean and install commands for better user experience. - Enhance command execution in agent.c with stricter sanitization and error handling. - Remove deprecated GitHub Actions CI workflow file. - Update README to reflect changes in API base URL and installation instructions.
| messages[sizeof(messages) - 1] = '\0'; | ||
| } else { | ||
| strcat(messages, "]"); | ||
| } |
There was a problem hiding this comment.
Bug: JSON Request Fails When Buffer Overflows
The json_request function generates malformed JSON when the messages buffer is full. If strlen(messages) + 1 >= sizeof(messages), the closing ] bracket is omitted, causing API requests to fail.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace OpenRouter integration with OpenAI-like API support, implement robust shell command sanitization, and introduce Napoleon Dynamite personality module. Add multi-step command chaining capabilities and update build configuration for new dependencies.