Tags: hongymagic/q
Tags
refactor: remove JSDoc blocks per project convention AGENTS.md prohibits JSDoc and module headers because the function names + types are already self-documenting. Stripped all /** */ blocks across src/, keeping only the WHY content as plain // comments where the reasoning was non-obvious (security justifications, behavioural contracts, edge-case explanations). Files cleaned: - src/ansi.ts, src/sensitive.ts, src/stdin.ts - src/providers/index.ts, src/providers/portkey.ts - src/config/index.ts (interpolateValue header) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
feat(config): enable zero-config provider setup (#108) Add built-in provider defaults and first-run detection so q works with local Ollama or a single API key. Keep config.toml optional for simple setups while preserving advanced overrides.
chore: integrate queued security and maintenance updates Fold vetted open PR changes directly into main so the dependency, workflow, and redaction backlog lands together and the duplicate PR queue can be closed cleanly.
chore(deps): bump github/gh-aw from 0.57.2 to 0.59.0 (#86) Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.57.2 to 0.59.0. - [Release notes](https://github.com/github/gh-aw/releases) - [Commits](github/gh-aw@v0.57.2...v0.59.0) --- updated-dependencies: - dependency-name: github/gh-aw dependency-version: 0.59.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
feat: q self-evolving system (#68) * docs: add CONSTITUTION.md governance rules and EVOLUTION.md tracking log Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * chore: add performance-guardian, coverage-expander, usability-reviewer agents and skills Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * feat(workflows): add performance-weekly, coverage-weekly, usability-weekly, and self-evolve-fortnightly agentic workflows Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * refactor(workflows): add governance refs and cross-assessment dimensions to existing workflows Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * ci: add coverage and build jobs to CI pipeline Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * docs: update AGENTS.md and README.md for self-evolving system Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * chore: compile all gh-aw workflows (8 workflows, 0 errors) Co-authored-by: David Hong <hongymagic@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix secret leakage in debug logs via unfiltered arrays (#66) Refactored `filterSensitiveFields` to use `JSON.stringify` custom replacer, ensuring nested objects within arrays are safely redacted. Reverted to robust substring matching to prevent leaking common secrets like `access_token` or `client_secret`. Added a comprehensive array test and updated `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: hongymagic <302730+hongymagic@users.noreply.github.com>
fix: secret leakage in Debug Logs via JSON.stringify (#59) * 🛡️ Sentinel: [CRITICAL] Fix secret leakage in JSON.stringify logs The `formatValue` function in `src/logging.ts` serialized objects using `JSON.stringify(value, null, 2)` without any redaction logic. Any nested objects containing sensitive fields (like `Authorization`, `password`, `token`, or keys ending in `_key`) would be exposed in plaintext in debug and failure logs. This commit fixes the vulnerability by using a custom replacer function in `JSON.stringify` to scrub sensitive fields before they hit the disk or console. Co-authored-by: hongymagic <302730+hongymagic@users.noreply.github.com> * test(logging): cover secret redaction diagnostics (#63) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: hongymagic <302730+hongymagic@users.noreply.github.com> --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: hongymagic <302730+hongymagic@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
fix(cli): improve failure handling and terminal feedback (#53) Keep provider and config failures concise while still writing full logs and interactive recovery hints, so q surfaces actionable errors without dumping raw SDK output. Also add a small TTY loading indicator to reassure users while the first response token is pending.
PreviousNext