Skip to content

fix(reviewers): add uptime context and review root settings#8

Merged
kdegeek merged 5 commits into
mainfrom
fix/reviewer-agents-api-and-uptime-context
Jun 30, 2026
Merged

fix(reviewers): add uptime context and review root settings#8
kdegeek merged 5 commits into
mainfrom
fix/reviewer-agents-api-and-uptime-context

Conversation

@kdegeek

@kdegeek kdegeek commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Fixes the remaining review comment from PR #7.

Changes

  • src/server/services/prompt-builder.ts: Fixed getServerRuntimeContext() call site that was passing now.getTime() (epoch milliseconds ≈ 1.78e12) as the uptimeMs parameter after the signature changed to expect pre-computed uptime in ms. This caused the system prompt to report a multi-decade server uptime (e.g. "20600d 0h") instead of the actual process uptime. Now calls getServerRuntimeContext() with no arguments to use the default process.uptime() * 1000.

  • src/server/services/prompt-builder.test.ts: Added a regression test that rejects epoch-scale uptime values (days > 1), which would have caught the original bug.

Addresses kilo-code-bot review comment on PR #7.

kdegeek and others added 5 commits June 29, 2026 15:43
The getServerRuntimeContext() signature changed to accept pre-computed
uptime in ms (defaulting to process.uptime() * 1000), but the call site
in buildContextBlock() was still passing now.getTime() — a Date.now()
epoch value (~1.78e12 ms). This caused the system prompt to report a
multi-decade server uptime (e.g. "20600d 0h") instead of the actual
process uptime.

Fix: call getServerRuntimeContext() with no arguments to use the default.

Also add a regression test that rejects epoch-scale uptime values.

Addresses kilo-code-bot review comment on PR #7.
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes security boundaries for which host paths reviewer CLIs can touch and how settings are persisted; misconfigured allowed roots could expose sensitive repos to agent-driven reviews.

Overview
Adds server process runtime via getServerRuntimeContext() so /api/health, /api/info, and agent system prompts report real process start time and uptime (from process.uptime()), fixing mistaken epoch-scale uptime when callers passed wall-clock ms. A regression test guards against multi-day bogus uptime in prompts.

Introduces configurable repository containment for local CodeRabbit/Kilo review: paths are realpath-resolved, must sit under the tool workspace or allowedRepoRoots, and must be inside a Git worktree (git rev-parse --show-toplevel). Env HIVEKEEP_CODE_REVIEW_ALLOWED_ROOTS seeds defaults; admins manage live overrides in Settings → Code Review (GET/PUT/DELETE /api/settings/code-review/allowed-repo-roots) with docs updated accordingly.

Reviewer Agents API validation now accepts remediation targets with optional role or agentSlug (not only slug), with list keys and a small hasAgentsResponse unit test.

Reviewed by Cursor Bugbot for commit a7698ce. Configure here.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@kdegeek, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 2 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e6611b6b-692a-442f-ae88-49adbfaa6e22

📥 Commits

Reviewing files that changed from the base of the PR and between 61a3e80 and a7698ce.

📒 Files selected for processing (30)
  • docs/local-review-agents.md
  • src/client/locales/de.json
  • src/client/locales/en.json
  • src/client/locales/es.json
  • src/client/locales/fr.json
  • src/client/locales/it.json
  • src/client/locales/ja.json
  • src/client/locales/pl.json
  • src/client/locales/pt-BR.json
  • src/client/locales/ru.json
  • src/client/locales/zh-CN.json
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx
  • src/client/pages/settings/CodeReviewSettings.tsx
  • src/client/pages/settings/SettingsPage.tsx
  • src/server/app.ts
  • src/server/config.test.ts
  • src/server/config.ts
  • src/server/routes/settings.test.ts
  • src/server/routes/settings.ts
  • src/server/services/app-settings.ts
  • src/server/services/local-review.test.ts
  • src/server/services/local-review.ts
  • src/server/services/prompt-builder.test.ts
  • src/server/services/prompt-builder.ts
  • src/server/services/reviewer-agents.test.ts
  • src/server/services/reviewer-agents.ts
  • src/server/services/server-runtime.ts
  • src/server/tools/code-review-tools.ts
  • src/test-helpers.ts

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_586477f6-0608-4113-b196-ce1099f00cad)

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces repository containment security for local review tools, allowing administrators to configure allowed host repository roots outside the workspace via a new settings page. It also adds server process uptime context to the system prompt. The code review feedback highlights several key areas for improvement: a security vulnerability where parent Git repositories could allow containment escape, a potential server crash on invalid timezone configurations, an inaccurate server start time calculation, a client-server path validation mismatch on Windows, and the inclusion of untranslated English strings in non-English locale files.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +194 to +197
const gitTopLevel = gitTopLevelForRepo(repoRealPath)
if (!gitTopLevel || !isPathInsideOrEqual(gitTopLevel, repoRealPath)) {
throw new Error(`repo_path must be a Git repository root or contain a Git worktree: ${repoPath}`)
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

Security Vulnerability: Containment Escape via Git Parent Repository

If a parent directory of the allowed root or workspace is a Git repository, git -C will traverse up to find it. Since gitTopLevel is not validated against the allowed roots, any Git operations executed by the local review tools can access and expose files outside the allowed containment boundary (e.g., reading sensitive files in the parent Git repository).

To prevent this containment escape, we must ensure that the resolved gitTopLevel is also inside or equal to either the workspace root or one of the configured allowed roots.

  const gitTopLevel = gitTopLevelForRepo(repoRealPath)
  if (!gitTopLevel || !isPathInsideOrEqual(gitTopLevel, repoRealPath)) {
    throw new Error('repo_path must be a Git repository root or contain a Git worktree: ' + repoPath)
  }
  const gitTopLevelAllowed = [workspaceRealPath, ...allowedRoots].some((root) => isPathInsideOrEqual(root, gitTopLevel))
  if (!gitTopLevelAllowed) {
    throw new Error('Git repository root must resolve inside the current tool workspace/worktree or a configured code-review allowed root')
  }

Comment on lines +423 to +433
const runtime = getServerRuntimeContext()
const serverStarted = runtime.startedAt.toLocaleString('en-US', {
year: 'numeric',
month: 'long',
day: 'numeric',
hour: '2-digit',
minute: '2-digit',
second: '2-digit',
timeZone: tz,
timeZoneName: 'short',
})

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Robustness: Potential Crash on Invalid Timezone Configuration

If the user configures an invalid timezone in HIVEKEEP_TIMEZONE or TZ, toLocaleString will throw a RangeError: Invalid time zone specified, crashing the prompt builder and preventing the agent from starting or responding.

We should wrap this in a try-catch block to gracefully fall back to 'UTC' if the configured timezone is invalid.

  const runtime = getServerRuntimeContext()
  let serverStarted = ''
  try {
    serverStarted = runtime.startedAt.toLocaleString('en-US', {
      year: 'numeric',
      month: 'long',
      day: 'numeric',
      hour: '2-digit',
      minute: '2-digit',
      second: '2-digit',
      timeZone: tz,
      timeZoneName: 'short',
    })
  } catch {
    serverStarted = runtime.startedAt.toLocaleString('en-US', {
      year: 'numeric',
      month: 'long',
      day: 'numeric',
      hour: '2-digit',
      minute: '2-digit',
      second: '2-digit',
      timeZone: 'UTC',
      timeZoneName: 'short',
    })
  }

@@ -0,0 +1,40 @@
export const SERVER_STARTED_AT = Date.now()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Correctness: Inaccurate Process Start Time

SERVER_STARTED_AT is initialized to Date.now() when the module is loaded, which can be slightly after the actual process start time due to module loading delays.

To accurately represent the process start time, we should subtract the process uptime from the current time.

Suggested change
export const SERVER_STARTED_AT = Date.now()
export const SERVER_STARTED_AT = Date.now() - process.uptime() * 1000

Comment on lines +32 to +34
function isAbsolutePath(value: string): boolean {
return value.startsWith('/') || /^[A-Za-z]:[\\/]/.test(value)
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Correctness: Platform-Dependent Path Validation Mismatch

On Windows, paths starting with a single slash (e.g., /foo) are considered drive-relative and not fully absolute. Node's path.isAbsolute('/foo') returns false on Windows, whereas the client-side isAbsolutePath helper returns true because of value.startsWith('/').

This causes a validation mismatch where the client allows saving /foo on Windows, but the server subsequently rejects it with a 400 Bad Request error.

Comment on lines +2418 to +2420
"codeReview": {
"title": "Code Review",
"description": "Configure host repository roots that local CodeRabbit and Kilo reviewer tools may access outside the current Agent workspace.",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Internationalization (i18n): Untranslated English Strings in Non-English Locales

Adding untranslated English strings directly to non-English locale files (such as de.json, es.json, fr.json, it.json, ja.json, pl.json, pt-BR.json, ru.json, zh-CN.json) violates internationalization best practices. It pollutes translation files and makes it difficult for translation tools or contributors to identify which keys actually need translation.

Instead, these keys should only be added to en.json and omitted from non-English files so they can gracefully fall back to the English locale via i18next's fallback mechanism.

"source": "Source: {{source}}",
"sourceSettings": "Settings override",
"sourceEnv": "environment fallback",
"rootPlaceholder": "/Users/kdegeek/hivekeep",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Developer-specific home path shipped as a placeholder to all users in all 10 locales.

/Users/kdegeek/hivekeep is the macOS home directory of the PR author (matches kdegeek <nate@kdegeek.com> in the commit log). It is duplicated byte-for-byte into de.json, es.json, fr.json, it.json, ja.json, pl.json, pt-BR.json, ru.json, and zh-CN.json, so every install on every OS sees this path as the example. On non-macOS hosts /Users/... is invalid, and the literal leak is avoidable.

Use a generic, OS-agnostic example such as /path/to/repo-root or /home/me/repos.

Suggested change
"rootPlaceholder": "/Users/kdegeek/hivekeep",
"rootPlaceholder": "/path/to/repo-root",

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

</p>
</div>

<Alert className="border-amber-500/30 bg-amber-500/5 text-amber-900 dark:text-amber-100">

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Hardcoded amber Tailwind colors bypass the 18-palette design system.

The security Alert uses literal border-amber-500/30 bg-amber-500/5 text-amber-900 dark:text-amber-100 instead of semantic tokens. Per project rule #3, UI must look correct across all 18 palettes (aurora, ocean, forest, sunset, monochrome, sakura, neon, lavender, midnight, copper, jade, crimson, galaxy, amber, slate, rose, mint, citrus) in both light and dark modes; this Alert will always render amber regardless of the active palette. Use a semantic token (e.g. text-warning / border-warning) or a palette-aware Alert variant so the security callout respects the user's chosen palette.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 1
Issue Details (click to expand)

WARNING

File Line Issue
src/client/locales/en.json 2431 Developer-specific home path /Users/kdegeek/hivekeep shipped as placeholder to all users in all 10 locales

SUGGESTION

File Line Issue
src/client/pages/settings/CodeReviewSettings.tsx 157 Hardcoded amber Tailwind colors bypass the 18-palette design system
Files Reviewed (30 files)
  • docs/local-review-agents.md - 0 issues
  • src/client/locales/*.json (10 files) - 1 issue (en.json placeholder)
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.tsx - 0 issues
  • src/client/pages/reviewer-agents/ReviewerAgentsPage.test.tsx - 0 issues
  • src/client/pages/settings/CodeReviewSettings.tsx - 1 issue (palette bypass)
  • src/client/pages/settings/SettingsPage.tsx - 0 issues
  • src/server/app.ts - 0 issues
  • src/server/config.ts - 0 issues
  • src/server/config.test.ts - 0 issues
  • src/server/routes/settings.ts - 0 issues
  • src/server/routes/settings.test.ts - 0 issues
  • src/server/services/app-settings.ts - 0 issues
  • src/server/services/local-review.ts - 0 issues
  • src/server/services/local-review.test.ts - 0 issues
  • src/server/services/prompt-builder.ts - 0 issues (core fix verified)
  • src/server/services/prompt-builder.test.ts - 0 issues
  • src/server/services/reviewer-agents.ts - 0 issues
  • src/server/services/reviewer-agents.test.ts - 0 issues
  • src/server/services/server-runtime.ts - 0 issues
  • src/server/tools/code-review-tools.ts - 0 issues
  • src/test-helpers.ts - 0 issues

Fix these issues in Kilo Cloud


Reviewed by minimax-m3 · Input: 113K · Output: 17.8K · Cached: 986.2K

@kdegeek kdegeek merged commit cd26510 into main Jun 30, 2026
3 checks passed
@kdegeek kdegeek deleted the fix/reviewer-agents-api-and-uptime-context branch June 30, 2026 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant