feat: add vibe-files and vibe-prompt modules #75
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add foundational utility module for vibe functionality: - HTTP fetch with timeout and retry logic - Exponential backoff for transient failures - URL validation and security checks - Verbose logging utilities - Error handling with error-causes This is the first module in the vibe command implementation, providing shared functionality for authentication, file handling, code generation, and publishing modules. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add authentication module for Vibecodr API access: - PKCE (Proof Key for Code Exchange) flow support - Token storage with secure file permissions - Automatic token refresh with configurable buffer - Windows permission remediation for credential files - Session state management Depends on: vibe-utils Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add file handling and prompt construction modules: vibe-files: - File validation with size and type checks - Bundle collection with glob patterns - Security filtering for sensitive files - HTML/JavaScript entry point detection vibe-prompt: - AI prompt template construction - Context aggregation for code generation - Structured prompt formatting Depends on: vibe-utils (#73) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This was referenced Jan 8, 2026
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 265732bed1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Two security fixes for vibe-utils: 1. fetchWithTimeout - AbortSignal combination (P2) - Previously overwrote caller-provided signals with timeout signal - Now uses AbortSignal.any() to combine timeout and external signals - External cancellation (user abort) is now properly respected - Distinguishes timeout aborts from external aborts in error handling 2. isPathSafe - UNC path detection (P2) - Previously only checked for Unix and Windows drive letter absolute paths - UNC paths like \server\share bypassed validation - Now detects UNC paths (\\) as absolute paths and rejects them Both fixes include comprehensive test coverage. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Extends absolute path detection to catch single-backslash root-relative paths like \Windows\System32 which resolve to the current drive's root on Windows. Previous check only caught: - Unix absolute: /etc/passwd - Drive letter: C:\Windows - UNC paths: \server\share Now also catches: - Root-relative: \Windows\System32 - Any path starting with backslash TDD approach: tests written first (RED), then implementation (GREEN). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SECURITY: Prevent credential exfiltration via malicious apiBase. The exchangeForVibecodrToken function now validates apiBase against trusted origins before sending the Clerk access token. A tampered apiBase (from CLI args, env vars, or config file) could have allowed an attacker to steal the access token. Changes: - Add validateApiBase call before token exchange - Add SecurityBlockError type for security validation failures - Ensure security errors propagate directly (not wrapped as AUTH_EXPIRED) - Add test for malicious apiBase rejection Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
vibe-filesmodule for file validation and bundle collectionvibe-promptmodule for AI prompt constructionPR 3 of 5 - Vibe Command Implementation
Series:
Test plan
🤖 Generated with Claude Code