From bcf4775ad71b8327f0dcccebd703c8662807b7bf Mon Sep 17 00:00:00 2001
From: LearningCircuit <185559241+LearningCircuit@users.noreply.github.com>
Date: Wed, 12 Nov 2025 19:49:47 +0100
Subject: [PATCH 1/2] fix: pass prompt via temp file to avoid jq argument limit

The previous fix moved the issue from curl to jq - the large PROMPT
variable still exceeded the argument size limit when passed via --arg.

Now writing PROMPT to a temp file and using --rawfile to read it,
completely avoiding command-line argument size limits.
---
 ai-reviewer.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ai-reviewer.sh b/ai-reviewer.sh
index 917b717..dd5423b 100644
--- a/ai-reviewer.sh
+++ b/ai-reviewer.sh
@@ -259,9 +259,13 @@ rm -f "$DIFF_FILE"
 REFERER_URL="https://github.com/${REPO_FULL_NAME:-unknown/repo}"
 
 # Build JSON payload and pipe to curl to avoid "Argument list too long" error
+# Write prompt to temp file to avoid passing large content as command-line argument
+PROMPT_FILE=$(mktemp)
+echo "$PROMPT" > "$PROMPT_FILE"
+
 JSON_PAYLOAD=$(jq -n \
     --arg model "$AI_MODEL" \
-    --arg content "$PROMPT" \
+    --rawfile content "$PROMPT_FILE" \
     --argjson temperature "$AI_TEMPERATURE" \
     --argjson max_tokens "$AI_MAX_TOKENS" \
     '{
@@ -276,6 +280,9 @@ JSON_PAYLOAD=$(jq -n \
       "max_tokens": $max_tokens
     }')
 
+# Clean up prompt file
+rm -f "$PROMPT_FILE"
+
 RESPONSE=$(echo "$JSON_PAYLOAD" | curl -s -X POST "https://openrouter.ai/api/v1/chat/completions" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $API_KEY" \

From ee5777261248922576aa7eb43adb5709e34d2b9b Mon Sep 17 00:00:00 2001
From: LearningCircuit <185559241+LearningCircuit@users.noreply.github.com>
Date: Wed, 12 Nov 2025 20:57:36 +0100
Subject: [PATCH 2/2] fix: add security and robustness improvements for temp
 file handling

- Set chmod 600 on temp files to prevent unauthorized access
- Add trap to ensure cleanup even on script failure or interruption
- Add error handling for mktemp and file write operations
- Remove manual cleanup since trap handles it automatically

Addresses security concerns raised in AI review about temp file
permissions and guaranteed cleanup.
---
 ai-reviewer.sh | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/ai-reviewer.sh b/ai-reviewer.sh
index dd5423b..65c6681 100644
--- a/ai-reviewer.sh
+++ b/ai-reviewer.sh
@@ -134,8 +134,12 @@ fi
 
 # Create the JSON request with proper escaping using jq
 # Write diff to temporary file to avoid "Argument list too long" error
-DIFF_FILE=$(mktemp)
-echo "$DIFF_CONTENT" > "$DIFF_FILE"
+DIFF_FILE=$(mktemp) || { echo "Failed to create temporary file for diff"; exit 1; }
+chmod 600 "$DIFF_FILE"
+echo "$DIFF_CONTENT" > "$DIFF_FILE" || { echo "Failed to write diff to temporary file"; rm -f "$DIFF_FILE"; exit 1; }
+
+# Set up trap to ensure temp file cleanup on exit/error
+trap 'rm -f "$DIFF_FILE"' EXIT
 
 # Build the user prompt using the diff file
 PROMPT_PREFIX="Please analyze this code diff and provide a comprehensive review in markdown format.
@@ -250,18 +254,18 @@ $PROMPT_PREFIX
 
 $DIFF_CONTENT"
 
-
-# Clean up diff file
-rm -f "$DIFF_FILE"
-
 # Make API call to OpenRouter with simple JSON
 # Use generic or repo-specific referer
 REFERER_URL="https://github.com/${REPO_FULL_NAME:-unknown/repo}"
 
 # Build JSON payload and pipe to curl to avoid "Argument list too long" error
 # Write prompt to temp file to avoid passing large content as command-line argument
-PROMPT_FILE=$(mktemp)
-echo "$PROMPT" > "$PROMPT_FILE"
+PROMPT_FILE=$(mktemp) || { echo "Failed to create temporary file for prompt"; exit 1; }
+chmod 600 "$PROMPT_FILE"
+echo "$PROMPT" > "$PROMPT_FILE" || { echo "Failed to write prompt to temporary file"; rm -f "$PROMPT_FILE"; exit 1; }
+
+# Update trap to cleanup both temp files
+trap 'rm -f "$DIFF_FILE" "$PROMPT_FILE"' EXIT
 
 JSON_PAYLOAD=$(jq -n \
     --arg model "$AI_MODEL" \
@@ -280,9 +284,6 @@ JSON_PAYLOAD=$(jq -n \
       "max_tokens": $max_tokens
     }')
 
-# Clean up prompt file
-rm -f "$PROMPT_FILE"
-
 RESPONSE=$(echo "$JSON_PAYLOAD" | curl -s -X POST "https://openrouter.ai/api/v1/chat/completions" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer $API_KEY" \