fix: address code scanning alerts (#240)

2026-04-03 14:52:35 +05:30
parent f3a984dde1
commit 7c0ea68b65
15 changed files with 205 additions and 73 deletions
--- a/scripts/no-telemetry-plugin.ts
+++ b/scripts/no-telemetry-plugin.ts
@@ -199,15 +199,19 @@ export async function submitTranscriptShare() { return { success: false }; }
 `,
 }

+function escapeForResolvedPathRegex(modulePath: string): string {
+	return modulePath
+		.replace(/[|\\{}()[\]^$+*?.]/g, '\\$&')
+		.replace(/\//g, '[/\\\\]')
+}
+
 export const noTelemetryPlugin: BunPlugin = {
 	name: 'no-telemetry',
 	setup(build) {
 		for (const [modulePath, contents] of Object.entries(stubs)) {
 			// Build regex that matches the resolved file path on any OS
 			// e.g. "services/analytics/growthbook" → /services[/\\]analytics[/\\]growthbook\.(ts|js)$/
-			const escaped = modulePath
-				.replace(/\//g, '[/\\\\]')
-				.replace(/\./g, '\\.')
+			const escaped = escapeForResolvedPathRegex(modulePath)
 			const filter = new RegExp(`${escaped}\\.(ts|js)$`)

 			build.onLoad({ filter }, () => ({
--- a/scripts/provider-launch.ts
+++ b/scripts/provider-launch.ts
@@ -124,19 +124,15 @@ function printSummary(profile: ProviderProfile, env: NodeJS.ProcessEnv): void {
  console.log(`Launching profile: ${profile}`)
  if (profile === 'gemini') {
    console.log(`GEMINI_MODEL=${env.GEMINI_MODEL}`)
-    console.log(`GEMINI_API_KEY_SET=${Boolean(env.GEMINI_API_KEY)}`)
  } else if (profile === 'codex') {
    console.log(`OPENAI_BASE_URL=${env.OPENAI_BASE_URL}`)
    console.log(`OPENAI_MODEL=${env.OPENAI_MODEL}`)
-    console.log(`CODEX_API_KEY_SET=${Boolean(resolveCodexApiCredentials(env).apiKey)}`)
  } else if (profile === 'atomic-chat') {
    console.log(`OPENAI_BASE_URL=${env.OPENAI_BASE_URL}`)
    console.log(`OPENAI_MODEL=${env.OPENAI_MODEL}`)
-    console.log('OPENAI_API_KEY_SET=false (local provider, no key required)')
  } else {
    console.log(`OPENAI_BASE_URL=${env.OPENAI_BASE_URL}`)
    console.log(`OPENAI_MODEL=${env.OPENAI_MODEL}`)
-    console.log(`OPENAI_API_KEY_SET=${Boolean(env.OPENAI_API_KEY)}`)
  }
 }

--- a/scripts/system-check.ts
+++ b/scripts/system-check.ts
@@ -430,6 +430,7 @@ function writeJsonReport(
  options: CliOptions,
  results: CheckResult[],
 ): void {
+  const envSummary = serializeSafeEnvSummary()
  const payload = {
    timestamp: new Date().toISOString(),
    cwd: process.cwd(),
@@ -438,12 +439,24 @@ function writeJsonReport(
      passed: results.filter(result => result.ok).length,
      failed: results.filter(result => !result.ok).length,
    },
-    env: serializeSafeEnvSummary(),
+    env: envSummary,
    results,
  }

  if (options.json) {
-    console.log(JSON.stringify(payload, null, 2))
+    console.log(
+      JSON.stringify(
+        {
+          timestamp: payload.timestamp,
+          cwd: payload.cwd,
+          summary: payload.summary,
+          env: '[redacted in console JSON output; use --out-file for the full report]',
+          results: payload.results,
+        },
+        null,
+        2,
+      ),
+    )
  }

  if (options.outFile) {