Skip to content

fix(reviewers): add uptime context and review root settings#7

Merged
kdegeek merged 4 commits into
mainfrom
fix/reviewer-agents-api-and-uptime-context
Jun 30, 2026
Merged

fix(reviewers): add uptime context and review root settings#7
kdegeek merged 4 commits into
mainfrom
fix/reviewer-agents-api-and-uptime-context

Conversation

@kdegeek

@kdegeek kdegeek commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Summary

  • Include Hivekeep process start and uptime context in top-level prompts.
  • Accept role-based remediation targets in the Reviewer Agents API response guard.
  • Add Settings management for code review allowed repo roots with env fallback.
  • Harden containment with realpath/symlink-safe checks and require Git repositories.

Validation

  • Pre-commit/full tests passed: 4051 pass / 92 skip / 0 fail.
  • Targeted settings, local-review, and config tests passed.
  • Typecheck and build passed.

Summary by CodeRabbit

  • New Features

    • Added a new Code Review settings section for managing allowed repository roots, including add/edit/remove, save, reset, and discard actions.
    • Added support for Code Review labels in multiple languages.
  • Bug Fixes

    • Improved repository path handling to prevent review tools from running outside approved locations.
    • Added clearer validation for non-Git directories and invalid repository paths.
    • Fixed reviewer agent handoff handling when remediation targets use different identifiers.
  • Documentation

    • Updated local review guidance with repository containment and configuration details.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes security boundaries for which host paths reviewer CLIs can access; misconfigured allowed roots could widen exposure, though validation and symlink checks reduce escape risk.

Overview
Adds repository containment for local CodeRabbit/Kilo review: repo_path is resolved with realpath, must sit inside the tool workspace or configured allowed roots, must be a Git repo, and symlink escapes are rejected before any reviewer CLI runs.

Settings → Code Review (and HIVEKEEP_CODE_REVIEW_ALLOWED_ROOTS) lets admins manage extra allowed roots via live DB override with env fallback; new GET/PUT/DELETE settings routes and docs describe the boundary.

Reviewer Agents UI now accepts remediation targets with optional role or agentSlug (not only agentSlug), with tests for the API response guard.

Agent system prompts and /api/health expose Hivekeep process start time and uptime (shared server-runtime helper), distinct from host uptime, so agents can judge config/credential freshness after restarts.

Local-review tools and reviewer-agent flows use the new validation and persist resolved repo paths in artifacts.

Reviewed by Cursor Bugbot for commit 72baec8. Configure here.

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_7c2a1939-3e76-4e29-984e-b78cd773bb37)

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@kdegeek, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 32 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d61ad310-edb8-43b8-bc4c-0653818556b8

📥 Commits

Reviewing files that changed from the base of the PR and between 72baec8 and b66b187.

📒 Files selected for processing (22)
  • src/client/locales/de.json
  • src/client/locales/en.json
  • src/client/locales/es.json
  • src/client/locales/fr.json
  • src/client/locales/it.json
  • src/client/locales/ja.json
  • src/client/locales/pl.json
  • src/client/locales/pt-BR.json
  • src/client/locales/ru.json
  • src/client/locales/zh-CN.json
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx
  • src/client/pages/settings/CodeReviewSettings.tsx
  • src/server/app.ts
  • src/server/config.test.ts
  • src/server/routes/settings.test.ts
  • src/server/routes/settings.ts
  • src/server/services/local-review.test.ts
  • src/server/services/local-review.ts
  • src/server/services/reviewer-agents.test.ts
  • src/server/services/reviewer-agents.ts
  • src/server/services/server-runtime.ts
📝 Walkthrough

Walkthrough

Adds repository containment enforcement for local code review: repo paths are resolved to real paths and validated against the workspace or a configurable allowedRepoRoots list (env var HIVEKEEP_CODE_REVIEW_ALLOWED_ROOTS or DB override). A new CodeReview Settings page manages the allowlist. A new server-runtime utility tracks process uptime, used by health endpoints and the system prompt. ReviewerAgentsPage gains an optional role field on remediation targets.

Changes

Repository Containment for Local Review

Layer / File(s) Summary
Config: allowedRepoRoots from env
src/server/config.ts, src/server/config.test.ts, src/test-helpers.ts
Adds parseDelimitedList and parses HIVEKEEP_CODE_REVIEW_ALLOWED_ROOTS into config.codeReview.allowedRepoRoots; tests cover colon/comma delimiters; mock config updated.
App-settings storage for override
src/server/services/app-settings.ts
Adds code_review_allowed_repo_roots setting key, JSON parser, and three exported functions: getCodeReviewAllowedRepoRootsOverride, getCodeReviewAllowedRepoRoots (with env fallback), setCodeReviewAllowedRepoRoots.
Local-review path validation
src/server/services/local-review.ts
Adds realpathForReview, isPathInsideOrEqual, validateReviewRepoPathWithAllowedRoots, and validateReviewRepoPathEffective (reads DB override); runLocalCodeReview uses validateReviewRepoPathEffective; ReviewInput gains optional workspaceRoot.
Local-review containment tests
src/server/services/local-review.test.ts
Adds initGitRepo helper and a new repo-validation suite covering workspace containment, allowed roots, symlink escape prevention, non-Git rejection, and separator-safe checks; existing tests switched to initGitRepo and realpathSync.
Reviewer-agents and tools: workspaceRoot propagation
src/server/services/reviewer-agents.ts, src/server/services/reviewer-agents.test.ts, src/server/tools/code-review-tools.ts
listReviewerAgents, getReviewerAgent, runReviewerAgentReview gain workspaceRoot and delegate to validateReviewRepoPathEffective; resolveRepoPath in tools becomes async; tests git-init repos and set allowedRepoRoots.
Settings API routes
src/server/routes/settings.ts, src/server/routes/settings.test.ts
Adds normalizeCodeReviewAllowedRoots validator and GET/PUT/DELETE endpoints at /api/settings/code-review/allowed-repo-roots; PUT validates absolute paths, persists, returns warnings and env fallback; DELETE resets to env fallback; tests cover all cases.
CodeReview Settings UI
src/client/pages/settings/CodeReviewSettings.tsx, src/client/pages/settings/SettingsPage.tsx, src/client/locales/*.json
New CodeReviewSettings component fetches, edits, saves, and resets the allowed-repo-roots list with inline absolute-path validation, skeleton/error states, and toast feedback; wired into SettingsPage system section; codeReview.title added to all 11 locale files.
Documentation
docs/local-review-agents.md
Adds "Repository containment" section documenting workspace/allowed-root enforcement, realpath/symlink handling, env var and Settings configuration, and Git-root validation via git rev-parse --show-toplevel.

Server Runtime Context

Layer / File(s) Summary
server-runtime utility
src/server/services/server-runtime.ts
New module: SERVER_STARTED_AT, ServerRuntimeContext interface, getServerRuntimeContext, and formatDuration.
Health/info endpoints
src/server/app.ts
/api/health uses getServerRuntimeContext().uptimeSeconds; /api/info uses SERVER_STARTED_AT for startedAt.
Prompt builder: server uptime context
src/server/services/prompt-builder.ts, src/server/services/prompt-builder.test.ts
buildSystemPrompt adds "Server process started" and "Server process uptime" lines via getServerRuntimeContext and formatDuration; test asserts the new fields.

ReviewerAgentsPage: optional role field

Layer / File(s) Summary
remediationTargets role field, guard, export, and tests
src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx, src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx
remediationTargets elements gain optional role; isRemediationTarget validates it; hasAgentsResponse is exported; React key falls back to agentSlug ?? role ?? label; tests verify acceptance and rejection of payloads with role.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

  • kdegeek/hivekeep#3: Modifies src/server/services/local-review.ts and src/server/tools/code-review-tools.ts — the same files where this PR adds containment validation and async resolveRepoPath.
  • kdegeek/hivekeep#6: Modifies ReviewerAgentsPage.tsx to harden reviewer-agent API response validation, directly related to this PR's hasAgentsResponse export and remediationTargets type extension.

Poem

🐇 Hopping through the repo paths with care,
Real paths resolved — no symlinks dare!
Allowed roots checked, Git tops confirmed,
The workspace boundary firmly affirmed.
Save, Reset, Discard — the Settings say,
A bunny's containment is here to stay! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 11.63% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and matches the main changes: uptime context plus review-root settings and containment improvements.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces repository containment security for local code review tools, restricting reviews to the workspace or explicitly configured allowed repository roots. It adds a new settings page, backend routes, and validation logic to manage these roots, alongside a new server runtime context tracking process uptime. The review feedback highlights three key issues: a bug where the arguments to isPathInsideOrEqual are reversed when validating the Git top-level directory, a potential crash if any configured repository root does not exist on the filesystem, and a potential TypeError in the settings API route if a literal null request body is received.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread src/server/services/local-review.ts
Comment thread src/server/services/local-review.ts Outdated
Comment thread src/server/routes/settings.ts Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🧹 Nitpick comments (1)
src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx (1)

2-2: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Use the tsconfig alias for this import.

This relative import breaks the repo’s TS/TSX import rule. Switch it to the explicit alias path for ReviewerAgentsPage.

As per coding guidelines, **/*.{ts,tsx,js,jsx}: Use absolute imports with tsconfig aliases and avoid index barrels in deep folders; prefer explicit imports.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx` at line 2, The
import in ReviewerAgentsPage.test.tsx uses a relative path instead of the
required tsconfig alias, which violates the repo’s TS/TSX import rule. Update
the import of hasAgentsResponse to use the explicit alias path for
ReviewerAgentsPage rather than a local relative reference, keeping the rest of
the test file unchanged.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx`:
- Line 665: The list item key in ReviewerAgentsPage is not guaranteed unique
because target.agentSlug ?? target.role ?? target.label can collide for
role-based targets. Update the key logic in the target rendering block to use a
composite of stable fields from the target object instead of a single fallback,
so each item in the list is uniquely identified and avoids reconciliation
issues.

In `@src/client/pages/settings/CodeReviewSettings.tsx`:
- Around line 1-10: The CodeReviewSettings page is hardcoding user-facing copy
instead of using locale keys, so non-English settings UIs will stay partially
English. Update the component to use the useTranslation() hook and replace all
visible text in CodeReviewSettings with translation lookups, then add the
missing keys to en.json and keep the same key parity across the supported locale
files. Use the existing settings.codeReview.title key as the pattern and extend
it for the rest of the section’s labels, buttons, alerts, placeholders, and
status text.
- Around line 82-116: `handleSave` and `handleReset` can run concurrently,
causing a race where the later response may overwrite the admin’s intended
state. Add a guard in `CodeReviewSettings` so either action is ignored while the
other is in flight, or consolidate `saving`/`resetting` into a single shared
busy state that both handlers check before calling `api.put` or `api.delete`.
Also disable the Save and Reset controls using that shared in-flight state so
users cannot trigger overlapping requests.

In `@src/server/config.test.ts`:
- Around line 278-280: The test for HIVEKEEP_CODE_REVIEW_ALLOWED_ROOTS is using
a hard-coded colon delimiter, but the parsing logic in loadConfigWithEnv follows
path.delimiter. Update the fixture in config.test.ts to build the path-delimited
portion with delimiter from node:path instead of assuming ":" so the assertion
stays portable across platforms.

In `@src/server/services/local-review.ts`:
- Line 646: The repo path validation currently resolves input.repoPath against
the server process cwd, which causes relative paths to point to the wrong
location when workspaceRoot is provided. Update the path resolution in the
local-review flow so validateReviewRepoPathEffective receives repoPath resolved
relative to input.workspaceRoot when present (and only falls back to
process.cwd() when workspaceRoot is absent), keeping the change localized around
the repoPath assignment in local-review.ts.

In `@src/server/services/reviewer-agents.ts`:
- Around line 210-211: listReviewerAgents is resolving a relative repoPath
against the server cwd instead of the provided workspaceRoot, so adjust the
initial path normalization to use workspaceRoot as the base when repoPath is not
absolute. Update the logic in listReviewerAgents to resolve repoPath relative to
workspaceRoot before calling validateReviewRepoPathEffective, while preserving
the existing defaults and behavior for absolute paths.

In `@src/server/services/server-runtime.ts`:
- Around line 1-25: The runtime context is using wall-clock time for uptime,
which can drift if the system clock changes. Update getServerRuntimeContext in
server-runtime.ts to keep startedAt/startedAtIso based on SERVER_STARTED_AT, but
compute uptimeMs from a monotonic source like process.uptime() or
performance.now(), and make the same monotonic change in server/app.ts wherever
uptime is reported. Reuse the existing
getServerRuntimeContext/ServerRuntimeContext symbols so the health/info/prompt
context stays consistent.

---

Nitpick comments:
In `@src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx`:
- Line 2: The import in ReviewerAgentsPage.test.tsx uses a relative path instead
of the required tsconfig alias, which violates the repo’s TS/TSX import rule.
Update the import of hasAgentsResponse to use the explicit alias path for
ReviewerAgentsPage rather than a local relative reference, keeping the rest of
the test file unchanged.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 27377218-ac49-4872-811e-5eddc325525a

📥 Commits

Reviewing files that changed from the base of the PR and between 61a3e80 and 72baec8.

📒 Files selected for processing (30)
  • docs/local-review-agents.md
  • src/client/locales/de.json
  • src/client/locales/en.json
  • src/client/locales/es.json
  • src/client/locales/fr.json
  • src/client/locales/it.json
  • src/client/locales/ja.json
  • src/client/locales/pl.json
  • src/client/locales/pt-BR.json
  • src/client/locales/ru.json
  • src/client/locales/zh-CN.json
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx
  • src/client/pages/settings/CodeReviewSettings.tsx
  • src/client/pages/settings/SettingsPage.tsx
  • src/server/app.ts
  • src/server/config.test.ts
  • src/server/config.ts
  • src/server/routes/settings.test.ts
  • src/server/routes/settings.ts
  • src/server/services/app-settings.ts
  • src/server/services/local-review.test.ts
  • src/server/services/local-review.ts
  • src/server/services/prompt-builder.test.ts
  • src/server/services/prompt-builder.ts
  • src/server/services/reviewer-agents.test.ts
  • src/server/services/reviewer-agents.ts
  • src/server/services/server-runtime.ts
  • src/server/tools/code-review-tools.ts
  • src/test-helpers.ts

Comment thread src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx Outdated
Comment thread src/client/pages/settings/CodeReviewSettings.tsx
Comment thread src/client/pages/settings/CodeReviewSettings.tsx
Comment thread src/server/config.test.ts
Comment thread src/server/services/local-review.ts Outdated
Comment thread src/server/services/reviewer-agents.ts Outdated
Comment thread src/server/services/server-runtime.ts
const envFileLine = env?.envFilePath
? `\nConfig file: ${env.envFilePath}`
: ''
const runtime = getServerRuntimeContext(now.getTime())

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Call-site not updated after the server-runtime signature change — uptime parameter now expects uptimeMs (pre-computed), not wall-clock time.

server-runtime.ts:17 was changed in this PR from getServerRuntimeContext(now = Date.now()) (the parameter was wall-clock time and the function computed now - SERVER_STARTED_AT) to getServerRuntimeContext(uptimeMs = process.uptime() * 1000) (the parameter is interpreted as already-computed uptime in ms). The companion fix in app.ts and the runtime helper itself uses the parameterless default, but this call site still passes now.getTime() — a Date.now()-style ms-since-epoch value (≈1.78e12 in 2026). That value passes Math.max(0, Math.floor(uptimeMs)), then is divided by 1000 to produce uptimeSeconds ≈1.78e9 (≈56 years), and formatDuration(runtime.uptimeMs) renders e.g. "20600d 0h". The "Server process uptime" line in every Agent's system prompt will therefore report a multi-decade value that grows by decades every second the host is up, instead of resetting when Hivekeep restarts.

The PR's own test (prompt-builder.test.ts:149-156) only asserts the substrings Server process uptime: and resets when Hivekeep restarts are present, not a plausible uptime value, so this regression is not caught by CI.

Suggested change
const runtime = getServerRuntimeContext(now.getTime())
const runtime = getServerRuntimeContext()

Reply with @kilo-code-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 1
WARNING 0
SUGGESTION 0
Issue Details (click to expand)

CRITICAL

File Line Issue
src/server/services/prompt-builder.ts 423 runLocalCodeReview calls getServerRuntimeContext(now.getTime()) after server-runtime.ts changed the parameter semantics from wall-clock now to pre-computed uptimeMs. The Agent system prompt's "Server process uptime" line will therefore display a multi-decade value (~20600d 0h) derived from Date.now(), not the actual process monotonic uptime. Drop the argument and use the default (process.uptime() * 1000) so the prompt stays consistent with /api/info and /api/health.
Files Reviewed (29 files)
  • docs/local-review-agents.md - 0 issues
  • src/client/locales/de.json - 0 issues
  • src/client/locales/en.json - 0 issues
  • src/client/locales/es.json - 0 issues
  • src/client/locales/fr.json - 0 issues
  • src/client/locales/it.json - 0 issues
  • src/client/locales/ja.json - 0 issues
  • src/client/locales/pl.json - 0 issues
  • src/client/locales/pt-BR.json - 0 issues
  • src/client/locales/ru.json - 0 issues
  • src/client/locales/zh-CN.json - 0 issues
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx - 0 issues
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx - 0 issues
  • src/client/pages/settings/CodeReviewSettings.tsx - 0 issues
  • src/client/pages/settings/SettingsPage.tsx - 0 issues
  • src/server/app.ts - 0 issues
  • src/server/config.test.ts - 0 issues
  • src/server/config.ts - 0 issues
  • src/server/routes/settings.test.ts - 0 issues
  • src/server/routes/settings.ts - 0 issues
  • src/server/services/app-settings.ts - 0 issues
  • src/server/services/local-review.test.ts - 0 issues
  • src/server/services/local-review.ts - 0 issues
  • src/server/services/prompt-builder.test.ts - 0 issues
  • src/server/services/prompt-builder.ts - 1 issue
  • src/server/services/reviewer-agents.test.ts - 0 issues
  • src/server/services/reviewer-agents.ts - 0 issues
  • src/server/services/server-runtime.ts - 0 issues
  • src/server/tools/code-review-tools.ts - 0 issues
  • src/test-helpers.ts - 0 issues

Fix these issues in Kilo Cloud


Reviewed by minimax-m3 · Input: 104.4K · Output: 17.5K · Cached: 1.3M

@kdegeek kdegeek merged commit dff2b0f into main Jun 30, 2026
2 checks passed
kdegeek pushed a commit that referenced this pull request Jun 30, 2026
The getServerRuntimeContext() signature changed to accept pre-computed
uptime in ms (defaulting to process.uptime() * 1000), but the call site
in buildContextBlock() was still passing now.getTime() — a Date.now()
epoch value (~1.78e12 ms). This caused the system prompt to report a
multi-decade server uptime (e.g. "20600d 0h") instead of the actual
process uptime.

Fix: call getServerRuntimeContext() with no arguments to use the default.

Also add a regression test that rejects epoch-scale uptime values.

Addresses kilo-code-bot review comment on PR #7.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant