orcs-oss/orcs-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reduce internal-only labeling noise in source comments (#355)

Browse Source 
This pass rewrites comment-only ANT-ONLY markers to neutral internal-only
language across the source tree without changing runtime strings, flags,
commands, or protocol identifiers. The goal is to lower obvious internal
prose leakage while keeping the diff mechanically safe and easy to review.

Constraint: Phase B is limited to comments/prose only; runtime strings and user-facing labels remain deferred
Rejected: Broad search-and-replace across strings and command descriptions | too risky for a prose-only pass
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Remaining ANT-ONLY hits are mostly runtime/user-facing strings and should be handled separately from comment cleanup
Tested: bun run build
Tested: bun run smoke
Tested: bun run verify:privacy
Tested: bun run test:provider
Tested: bun run test:provider-recommendation
Not-tested: Full repo typecheck (upstream baseline remains noisy)

Co-authored-by: anandh8x <test@example.com>
This commit is contained in:
Anandan
2026-04-04 23:26:14 +05:30
committed by GitHub
parent 9e84d2fddc
commit 2f162af60c
96 changed files with 160 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/utils/shell/readOnlyCommandValidation.ts
View File

@@ -3,7 +3,7 @@
*
* Exports complete command configuration maps that any shell tool can import:
* - GIT_READ_ONLY_COMMANDS: all git subcommands with safe flags and callbacks
* - GH_READ_ONLY_COMMANDS: ant-only gh CLI commands (network-dependent)
* - GH_READ_ONLY_COMMANDS: internal-only gh CLI commands (network-dependent)
* - EXTERNAL_READONLY_COMMANDS: cross-shell commands that work in both bash and PowerShell
* - containsVulnerableUncPath: UNC path detection for credential leak prevention
* - outputLimits are in outputLimits.ts
@@ -602,7 +602,7 @@ export const GIT_READ_ONLY_COMMANDS: Record<string, ExternalCommandConfig> = {
'-s': 'none', // Print size of object
'-p': 'none', // Pretty-print object contents
'-e': 'none', // Exit with zero if object exists, non-zero otherwise
// Batch mode — read-only check variant only
// Batch mode — read-only check variinternal only
'--batch-check': 'none', // For each object on stdin, print type and size (no content)
// Output control
'--allow-undetermined-type': 'none',
@@ -923,7 +923,7 @@ export const GIT_READ_ONLY_COMMANDS: Record<string, ExternalCommandConfig> = {
}
// ---------------------------------------------------------------------------
// GH_READ_ONLY_COMMANDS — ant-only gh CLI commands (network-dependent)
// GH_READ_ONLY_COMMANDS — internal-only gh CLI commands (network-dependent)
// ---------------------------------------------------------------------------
// SECURITY: Shared callback for all gh commands to prevent network exfil.