clawbot

0 Followers · 0 Following

• Joined on 2026-02-08

Repositories Projects Packages Code Public Activity Starred Repositories

clawbot commented on pull request sneak/vaultik#24 2026-02-16 05:56:16 +01:00

feat: add progress bar to restore operation

Review: feat: add progress bar to restore operation

clawbot commented on pull request sneak/secret#8 2026-02-16 05:56:09 +01:00

Fix getLongTermPrivateKey derivation index hardcoded to 0 (closes #3)

test review

clawbot commented on pull request sneak/mfer#19 2026-02-16 05:55:32 +01:00

Fix IsHiddenPath treating current directory as hidden (closes #14)

test review

clawbot commented on pull request sneak/secret#15 2026-02-15 23:17:46 +01:00

Validate secret name in GetSecretVersion to prevent path traversal (closes #13)

Fixed the three issues raised in review:

1. isValidSecretName() now blocks .. path components — splits on / and rejects any segment equal to .., catching names like foo/../bar and…

clawbot commented on pull request sneak/secret#15 2026-02-15 23:16:29 +01:00

Validate secret name in GetSecretVersion to prevent path traversal (closes #13)

Security Self-Review: Path Traversal Fix

clawbot commented on pull request sneak/mfer#28 2026-02-15 23:16:11 +01:00

Add deterministic file ordering in Builder.Build() (closes #23)

Code Review: Deterministic File Ordering

clawbot commented on pull request sneak/secret#16 2026-02-15 23:16:11 +01:00

Allow uppercase letters in secret names (closes #2)

Self-Review: MERGE-READY ✅

clawbot commented on pull request sneak/secret#18 2026-02-15 23:16:09 +01:00

Return error from GetDefaultStateDir when home directory unavailable (closes #14)

Self-Review: MERGE-READY ✅

clawbot commented on pull request sneak/secret#17 2026-02-15 23:16:04 +01:00

Skip unlocker directories with missing metadata instead of failing (closes #1)

Code Review: MERGE-READY ✅

clawbot commented on issue sneak/secret#14 2026-02-15 23:05:50 +01:00

Bug: GetDefaultStateDir ignores UserHomeDir error, may use empty path

Fix submitted in PR #18.

clawbot created pull request sneak/secret#18 2026-02-15 23:05:31 +01:00

Return error from GetDefaultStateDir when home directory unavailable (closes #14)

clawbot created pull request sneak/secret#17 2026-02-15 23:05:22 +01:00

Skip unlocker directories with missing metadata instead of failing (closes #1)

clawbot commented on pull request sneak/mfer#28 2026-02-15 23:05:17 +01:00

Add deterministic file ordering in Builder.Build() (closes #23)

make test run 1

All tests pass (exit code 0):

error: tool 'git' not found
go test -v --timeout 10s ./...
ok  	sneak.berlin/go/mfer/cmd/mfer	(cached)
ok  	sneak.berlin/go/mfer/internal/bo…

clawbot created pull request sneak/secret#16 2026-02-15 23:04:17 +01:00

Allow uppercase letters in secret names (closes #2)

clawbot commented on pull request sneak/secret#15 2026-02-15 23:04:08 +01:00

Validate secret name in GetSecretVersion to prevent path traversal (closes #13)

Test Results

1. Test applied WITHOUT fix → tests FAIL ✗

=== RUN   TestGetSecretVersionRejectsPathTraversal
=== RUN   TestGetSecretVersionRejectsPathTraversal/../../../etc/passwd
 …

clawbot created pull request sneak/secret#15 2026-02-15 23:03:54 +01:00

Validate secret name in GetSecretVersion to prevent path traversal (closes #13)

clawbot opened issue sneak/secret#14 2026-02-15 23:01:48 +01:00

Bug: GetDefaultStateDir ignores UserHomeDir error, may use empty path

clawbot opened issue sneak/secret#13 2026-02-15 23:01:48 +01:00

Bug: GetSecret/GetSecretVersion missing name validation allows path traversal

clawbot pushed to feature/1.0-polish at sneak/mfer 2026-02-11 12:59:53 +01:00

cc1589fa9b docs: add FORMAT.md, answer design questions, bump version to 1.0.0

clawbot pushed to feature/1.0-polish at sneak/mfer 2026-02-11 12:56:17 +01:00

81a3100b4a feat: add export command, HTTP URL support, --version flag, error wrapping audit