From 45166d121896f2b13eaca5673f77e0b8f9d71721 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 14:52:47 +0000 Subject: [PATCH 01/10] fix: patch xml2js prototype pollution, route OpenCode review through hush MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add npm override for xml2js ^0.6.2 (fixes Dependabot alert #1, prototype pollution in transitive dep blessed-contrib → map-canvas → xml2js) - Integrate hush@0.1.7 into the OpenCode AI review workflow: install and start the hush gateway on :4000, copy the hush plugin, configure opencode.json to route API calls through the proxy. Defense-in-depth: plugin blocks sensitive file reads, proxy redacts PII from normal file content before it reaches the model. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 31 +++++++++++++++++++++++---- package-lock.json | 10 ++++----- package.json | 3 +++ 3 files changed, 35 insertions(+), 9 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index b032395..1ca0308 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -69,16 +69,39 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi + - name: Setup Node.js + if: steps.check_changes.outputs.skip != 'true' + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Start Hush Gateway + if: steps.check_changes.outputs.skip != 'true' + run: | + npm install -g @aictrl/hush@0.1.7 + PORT=4000 HUSH_HOST=127.0.0.1 hush & + # Wait for gateway to be ready + for i in $(seq 1 20); do + curl -sf http://127.0.0.1:4000/health > /dev/null 2>&1 && break + sleep 0.5 + done + echo "Hush gateway running on :4000" + - name: Setup OpenCode if: steps.check_changes.outputs.skip != 'true' env: ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Use GITHUB_TOKEN to avoid rate limits when fetching version info + # Install OpenCode curl -fsSL https://opencode.ai/install | bash -s -- --no-modify-path echo "$HOME/.opencode/bin" >> $GITHUB_PATH + # Configure OpenCode to route through hush proxy + hush plugin + mkdir -p .opencode/plugins + cp examples/team-config/.opencode/plugins/hush.ts .opencode/plugins/hush.ts + printf '%s\n' '{"provider":{"zai-coding-plan":{"options":{"baseURL":"http://127.0.0.1:4000/api/coding/paas/v4"}}},"plugin":[".opencode/plugins/hush.ts"]}' > opencode.json + - name: Direct OpenCode Review if: steps.check_changes.outputs.skip != 'true' env: @@ -87,7 +110,7 @@ jobs: run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} echo "Starting review with GLM-5 for SHA $SHA..." - + $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. Focus areas: @@ -95,7 +118,7 @@ jobs: 2. **Streaming Integrity**: Check that the SSE/streaming proxy logic doesn't buffer unnecessarily or break the rehydration flow. 3. **Security**: Look for potential PII leaks or insecure token handling in the vault. 4. **Reliability**: Ensure the proxy handles upstream errors gracefully. - + Keep the summary concise but technical. Post findings as a markdown comment on the PR. - + **CRITICAL**: Include the string 'Reviewed SHA: $SHA' at the very end of your comment so I can track which commits have been reviewed." diff --git a/package-lock.json b/package-lock.json index 66b2e35..7db1326 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@aictrl/hush", - "version": "0.1.6", + "version": "0.1.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@aictrl/hush", - "version": "0.1.6", + "version": "0.1.7", "license": "Apache-2.0", "dependencies": { "@modelcontextprotocol/sdk": "^1.27.1", @@ -4197,9 +4197,9 @@ } }, "node_modules/xml2js": { - "version": "0.4.23", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", - "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "integrity": "sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA==", "license": "MIT", "dependencies": { "sax": ">=0.6.0", diff --git a/package.json b/package.json index e5a2d73..166353d 100644 --- a/package.json +++ b/package.json @@ -52,6 +52,9 @@ "pino": "^10.3.1", "pino-pretty": "^13.1.3" }, + "overrides": { + "xml2js": "^0.6.2" + }, "devDependencies": { "@types/blessed": "^0.1.27", "@types/cors": "^2.8.19", From 534ecc79d926477fcbda224d5590e177aeb15135 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 15:05:06 +0000 Subject: [PATCH 02/10] fix: use global npm bin path for hush in CI review workflow Running bare `hush` in the repo checkout resolves to the local package.json bin entry (dist/cli.js) which doesn't exist in CI since this workflow doesn't build. Use $(npm prefix -g)/bin/hush to reliably invoke the globally-installed binary. Also adds a health-check with ::error:: annotation so the job fails fast with a clear message if the gateway doesn't start. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 1ca0308..7536b76 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -79,12 +79,14 @@ jobs: if: steps.check_changes.outputs.skip != 'true' run: | npm install -g @aictrl/hush@0.1.7 - PORT=4000 HUSH_HOST=127.0.0.1 hush & + HUSH_BIN="$(npm prefix -g)/bin/hush" + PORT=4000 HUSH_HOST=127.0.0.1 "$HUSH_BIN" & # Wait for gateway to be ready for i in $(seq 1 20); do curl -sf http://127.0.0.1:4000/health > /dev/null 2>&1 && break sleep 0.5 done + curl -sf http://127.0.0.1:4000/health || { echo "::error::Hush gateway failed to start"; exit 1; } echo "Hush gateway running on :4000" - name: Setup OpenCode From 60b0940ff647179073ddace4a1532d4cb4cebd09 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 16:03:17 +0000 Subject: [PATCH 03/10] fix: add 10m timeout and debug logging to OpenCode review step Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 7536b76..bf68912 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -106,12 +106,15 @@ jobs: - name: Direct OpenCode Review if: steps.check_changes.outputs.skip != 'true' + timeout-minutes: 10 env: ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} echo "Starting review with GLM-5 for SHA $SHA..." + echo "opencode.json:"; cat opencode.json + echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable" $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. From b50a99ee59da34d389e4c7c132d5cdd47a862cfd Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 16:15:44 +0000 Subject: [PATCH 04/10] fix: bump OpenCode review timeout to 15m (was timing out mid-review) Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index bf68912..a1cb55f 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -106,7 +106,7 @@ jobs: - name: Direct OpenCode Review if: steps.check_changes.outputs.skip != 'true' - timeout-minutes: 10 + timeout-minutes: 15 env: ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 25befab6ee330ef2cc1332a6918fde1074bf3954 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 16:28:32 +0000 Subject: [PATCH 05/10] fix: add build step to review workflow so tests pass when OpenCode runs them Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index a1cb55f..2eaa1a7 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -89,6 +89,10 @@ jobs: curl -sf http://127.0.0.1:4000/health || { echo "::error::Hush gateway failed to start"; exit 1; } echo "Hush gateway running on :4000" + - name: Build project + if: steps.check_changes.outputs.skip != 'true' + run: npm ci && npm run build + - name: Setup OpenCode if: steps.check_changes.outputs.skip != 'true' env: From f43c082828e068dbf1ca1392a6eaae22161b41fe Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 16:29:45 +0000 Subject: [PATCH 06/10] fix: tell OpenCode reviewer not to run tests, just read code and post comment Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 2eaa1a7..71223af 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -122,12 +122,14 @@ jobs: $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. + **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs. + Focus areas: 1. **Redaction Logic**: Ensure PII patterns are robust and handle edge cases in tool outputs (like JSON or CLI tables). 2. **Streaming Integrity**: Check that the SSE/streaming proxy logic doesn't buffer unnecessarily or break the rehydration flow. 3. **Security**: Look for potential PII leaks or insecure token handling in the vault. 4. **Reliability**: Ensure the proxy handles upstream errors gracefully. - Keep the summary concise but technical. Post findings as a markdown comment on the PR. + Keep the summary concise but technical. Post findings as a single markdown comment on the PR using gh pr comment, then stop. **CRITICAL**: Include the string 'Reviewed SHA: $SHA' at the very end of your comment so I can track which commits have been reviewed." From eab204510dccbe4d1216ff496865ad46ff72595f Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 17:13:56 +0000 Subject: [PATCH 07/10] fix: use custom provider to route OpenCode through hush proxy OpenCode's built-in providers ignore options.baseURL from opencode.json (anomalyco/opencode#5674). Define a custom "hush-zhipu" provider with npm adapter @ai-sdk/openai-compatible so the baseURL is actually respected and all LLM traffic routes through the hush gateway. Verified locally: hush logs show requests at /api/coding/paas/v4/chat/completions with tokenCount > 0 (PII redaction active). Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 12 ++++++++---- examples/team-config/opencode.json | 11 +++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 71223af..eb5be14 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -103,10 +103,14 @@ jobs: curl -fsSL https://opencode.ai/install | bash -s -- --no-modify-path echo "$HOME/.opencode/bin" >> $GITHUB_PATH - # Configure OpenCode to route through hush proxy + hush plugin + # Configure OpenCode with custom provider routing through hush proxy. + # NOTE: Overriding baseURL on built-in providers (zai-coding-plan) does not + # work — OpenCode's bundled @ai-sdk/openai-compatible ignores options.baseURL + # (see anomalyco/opencode#5674). Instead, we define a new custom provider + # "hush-zhipu" that explicitly sets baseURL via the npm adapter. mkdir -p .opencode/plugins cp examples/team-config/.opencode/plugins/hush.ts .opencode/plugins/hush.ts - printf '%s\n' '{"provider":{"zai-coding-plan":{"options":{"baseURL":"http://127.0.0.1:4000/api/coding/paas/v4"}}},"plugin":[".opencode/plugins/hush.ts"]}' > opencode.json + printf '%s\n' '{"provider":{"hush-zhipu":{"npm":"@ai-sdk/openai-compatible","name":"Hush ZhipuAI Proxy","options":{"baseURL":"http://127.0.0.1:4000/api/coding/paas/v4","apiKey":"{env:ZHIPU_API_KEY}"},"models":{"glm-5":{"name":"GLM 5"},"glm-4.7-flash":{"name":"GLM 4.7 Flash"}}}},"plugin":[".opencode/plugins/hush.ts"]}' > opencode.json - name: Direct OpenCode Review if: steps.check_changes.outputs.skip != 'true' @@ -116,11 +120,11 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} - echo "Starting review with GLM-5 for SHA $SHA..." + echo "Starting review with hush-zhipu/glm-5 for SHA $SHA..." echo "opencode.json:"; cat opencode.json echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable" - $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. + $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs. diff --git a/examples/team-config/opencode.json b/examples/team-config/opencode.json index 059a077..27baff8 100644 --- a/examples/team-config/opencode.json +++ b/examples/team-config/opencode.json @@ -1,8 +1,15 @@ { "provider": { - "zai-coding-plan": { + "hush-zhipu": { + "npm": "@ai-sdk/openai-compatible", + "name": "Hush ZhipuAI Proxy", "options": { - "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4" + "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4", + "apiKey": "{env:ZHIPU_API_KEY}" + }, + "models": { + "glm-5": { "name": "GLM 5" }, + "glm-4.7-flash": { "name": "GLM 4.7 Flash" } } } }, From 54675cbad8cc7d4bb7809762389445088f16b980 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 17:32:00 +0000 Subject: [PATCH 08/10] fix: switch review model to glm-4.7-flash for CI speed GLM-5 takes 3-8 minutes per inference, making it impossible to complete a multi-file code review within the 15-minute timeout. GLM-4.7-flash responds in seconds and is sufficient for code review quality. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index eb5be14..6fd4791 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -120,11 +120,13 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} - echo "Starting review with hush-zhipu/glm-5 for SHA $SHA..." + echo "Starting review with hush-zhipu/glm-4.7-flash for SHA $SHA..." echo "opencode.json:"; cat opencode.json echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable" - $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-5 "Review the changes in this PR for the Hush Semantic Gateway. + # Use glm-4.7-flash for speed — glm-5 takes 3-8 min per inference and + # can't complete a multi-file review within the 15-minute timeout. + $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-4.7-flash "Review the changes in this PR for the Hush Semantic Gateway. **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs. From 5215f0de393a6d85378fd2273aa62fe956dc2675 Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 17:50:06 +0000 Subject: [PATCH 09/10] fix: pass PR number explicitly and bump proxy timeout to 120s MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenCode wasted 12 minutes trying to discover the PR number via `gh pr view` (fails in detached HEAD) and `gh pr list --branch` (flag not available in CI's gh version). Pass $PR_NUMBER directly in the prompt so it can post the comment immediately. Also bump the proxy fetch timeout from 30s to 120s — LLM first-token latency can exceed 30s for large prompts. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 12 +++++++----- src/index.ts | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 6fd4791..926e278 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -120,13 +120,12 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} - echo "Starting review with hush-zhipu/glm-4.7-flash for SHA $SHA..." + PR_NUMBER=${{ github.event.pull_request.number }} + echo "Starting review with hush-zhipu/glm-4.7-flash for PR #$PR_NUMBER SHA $SHA..." echo "opencode.json:"; cat opencode.json echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable" - # Use glm-4.7-flash for speed — glm-5 takes 3-8 min per inference and - # can't complete a multi-file review within the 15-minute timeout. - $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-4.7-flash "Review the changes in this PR for the Hush Semantic Gateway. + $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-4.7-flash "Review the changes in PR #$PR_NUMBER for the Hush Semantic Gateway. **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs. @@ -136,6 +135,9 @@ jobs: 3. **Security**: Look for potential PII leaks or insecure token handling in the vault. 4. **Reliability**: Ensure the proxy handles upstream errors gracefully. - Keep the summary concise but technical. Post findings as a single markdown comment on the PR using gh pr comment, then stop. + Keep the review concise. Post findings as a single markdown comment using: + gh pr comment $PR_NUMBER --body \"\" + + Do NOT try to auto-detect the PR number — use exactly $PR_NUMBER. **CRITICAL**: Include the string 'Reviewed SHA: $SHA' at the very end of your comment so I can track which commits have been reviewed." diff --git a/src/index.ts b/src/index.ts index 0f4cd24..297a6e1 100644 --- a/src/index.ts +++ b/src/index.ts @@ -105,7 +105,7 @@ async function proxyRequest( method: req.method, headers: fetchHeaders, body: hasBody ? JSON.stringify(redactedBody) : undefined, - signal: AbortSignal.timeout(30000), // 30s timeout + signal: AbortSignal.timeout(120000), // 120s timeout (LLM first-token can be slow) }); // Handle Upstream Errors (4xx, 5xx) From 37a0e99f51c3d0f3060e5b8a8ee8fd2e1af4fe3b Mon Sep 17 00:00:00 2001 From: AICtrl Bot Date: Mon, 2 Mar 2026 18:19:45 +0000 Subject: [PATCH 10/10] fix: switch review model back to glm-5 Co-Authored-By: Claude Opus 4.6 --- .github/workflows/opencode-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml index 926e278..d519936 100644 --- a/.github/workflows/opencode-review.yml +++ b/.github/workflows/opencode-review.yml @@ -121,11 +121,11 @@ jobs: run: | SHA=${{ github.event.pull_request.head.sha || github.sha }} PR_NUMBER=${{ github.event.pull_request.number }} - echo "Starting review with hush-zhipu/glm-4.7-flash for PR #$PR_NUMBER SHA $SHA..." + echo "Starting review with hush-zhipu/glm-5 for PR #$PR_NUMBER SHA $SHA..." echo "opencode.json:"; cat opencode.json echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable" - $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-4.7-flash "Review the changes in PR #$PR_NUMBER for the Hush Semantic Gateway. + $HOME/.opencode/bin/opencode run --model hush-zhipu/glm-5 "Review the changes in PR #$PR_NUMBER for the Hush Semantic Gateway. **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs.