Migrate to OpenAI-like API with enhanced security #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…on validation - Add command sanitization to prevent shell injection attacks - Replace system() with popen() for safer command execution - Add validation for dangerous characters and shell constructs - Enhance configuration system with environment variable validation - Add proper error handling and buffer size checks - Improve JSON escaping to prevent injection attacks BREAKING CHANGE: Environment variable names changed from OR_KEY to OPENAI_KEY, and OPENAI_BASE and OPENAI_MODEL are now required
Replace OpenRouter integration with OpenAI API support, implement robust shell command sanitization, and introduce Napoleon Dynamite personality module. Add multi-step command chaining capabilities and update build configuration for new dependencies.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Add GitHub Actions CI matrix build with basic tests - Add release workflow to build, checksum, and upload assets - Implement RAG via grep-based local context search - Add CLI args: --rag PATH and --rag-snippets N; env vars RAG_* - Integrate RAG snippets into user prompt when enabled - Add args.c and rag.c; extend Config with RAG fields - Move sources to src/ and update Makefile SOURCES - Escape control characters in JSON content - Secure temp files with 0600 and switch to exit() - Update README and relocate preview to docs/
… and RAG support - Add GitHub Actions CI matrix build with basic tests - Add release workflow to build, checksum, and upload assets - Implement RAG via grep-based local context search - Add CLI args: --rag PATH and --rag-snippets N; env vars RAG_* - Integrate RAG snippets into user prompt when enabled - Add args.c and rag.c; extend Config with RAG fields - Move sources to src/ and update Makefile SOURCES - Escape control characters in JSON content - Secure temp files with 0600 and switch to exit() - Update README and relocate preview to docs/
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Validate and sanitize path to prevent injection/traversal - Resolve paths with realpath and ensure they stay within CWD - Use resolved path in grep command - Add Windows realpath/getcwd shims and required headers
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Update Makefile to improve build flags and streamline Windows build process. - Implement platform-specific clean and install commands for better user experience. - Enhance command execution in agent.c with stricter sanitization and error handling. - Remove deprecated GitHub Actions CI workflow file. - Update README to reflect changes in API base URL and installation instructions.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
- Simplify message array building logic in json_request() - Improve buffer size checking and error handling - Remove unnecessary compiled binary (agent-c.exe) - Enhance control character escaping efficiency - Add better memory management for JSON message construction
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| if (!path || !query || !snippets || size == 0) return -1; | ||
|
|
||
| // Create temporary file for query | ||
| char query_file[] = "/tmp/rag_query_XXXXXX"; |
There was a problem hiding this comment.
Bug: Cross-Platform Temp Path Breaks Windows Compatibility
The search_rag_files function uses a hardcoded Unix-specific temporary file path (/tmp/rag_query_XXXXXX) for query files. This causes the function to fail on Windows systems, contradicting the codebase's general aim for cross-platform compatibility.
| src++; | ||
| } | ||
| continue; | ||
| } |
There was a problem hiding this comment.
Bug: Buffer overflow bug changes append to overwrite
In execute_command, the buffer boundary check for the >> operator is flawed. The check for space for the second > character happens after the first > is written, which can cause >> to be truncated to >. This changes command semantics from append to overwrite, risking data loss.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace OpenRouter integration with OpenAI-like API support, implement robust shell command sanitization, and introduce Napoleon Dynamite personality module. Add multi-step command chaining capabilities and update build configuration for new dependencies.
Note
Migrates to an OpenAI-compatible API, introduces local RAG search, strengthens shell command sanitization, and overhauls the cross‑platform build and configuration.
/v1/chat/completions) with configurableOPENAI_BASE,OPENAI_KEY, andOPENAI_MODEL.http_requestfor temp-file handling, API base normalization, and robust process exit checks.src/json.c.&&,>,>>; blocks expansions/quoting and dangerous chars).toolmessages.src/rag.c) with path validation and snippet limits.--ragand--rag-snippets; config via env (RAG_*).src/, addbuild/objects, and OS-specific targets (Windows/Linux/Darwin) with compression.RAG_ENABLED; enhanced CFLAGS/LDFLAGS; cross-platform compatibility macros in headers.OPENAI_KEY; addparse_args; maintain sliding window memory..gitignoreupdated to ignorebuild/.Written by Cursor Bugbot for commit 74e9cb5. This will update automatically on new commits. Configure here.