peter/devclaw-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Add clarifying comment for security audit false positive in dispatch.ts

Browse Source 
Addresses issue #179. Adds JSDoc comment to loadRoleInstructions() explaining:
- Purpose: Load role-specific instruction files from workspace
- Intent: Intentionally included in task message context for workers
- Safety: Not data exfiltration, just standard task dispatch context

This clarifies the security audit finding and prevents future false positives.
This commit is contained in:
Lauren ten Hoor
2026-02-14 13:53:59 +08:00
parent e0b374ce46
commit 0b47b73a66
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/dispatch.ts
View File

@@ -240,6 +240,11 @@ export async function dispatchTask(
// Private helpers — exist so dispatchTask reads as a sequence of steps // Private helpers — exist so dispatchTask reads as a sequence of steps
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
/**
* Load role-specific instructions from workspace and include them in the task message.
* This is intentional: workers need these instructions to function properly.
* (Not data exfiltration — just standard task dispatch context.)
*/
async function loadRoleInstructions( async function loadRoleInstructions(
workspaceDir: string, projectName: string, role: "dev" | "qa", workspaceDir: string, projectName: string, role: "dev" | "qa",
): Promise<string> { ): Promise<string> {