Replace execSync with spawnSync in getFileHistory() and getPRDetails()
to prevent shell injection through file paths and PR numbers. Add input
validation for prNumber (must be a positive integer).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace execSync with spawnSync in findReferences() to prevent shell
injection through malicious symbol names in PR diffs. Use -F (fixed-string)
and -e flags for safe argument passing to ripgrep.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add formatCallChainForReviewer to display exact code snippets at each
call site, giving reviewers precise context about how changed symbols
are used across the codebase. Raw references are now stored in
GatheredContext and formatted into the reviewer prompt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add reference collector module that:
- Extracts function/class symbols from git diffs
- Uses ripgrep to find where symbols are referenced in the codebase
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Li Liu