Conversation
git commit on an initial commit under a Chinese locale outputs: [master(根提交) fb597ec] Initial commit The old code found the first space and sliced line[1..hash_start], yielding "master(根提交)" (21 bytes). hash.len() >= 7 was true, so it tried &hash[..7] — but byte 7 falls inside the 3-byte '(' character, causing a panic. Two bugs were present: 1. Logic: the code grabbed the token *before* the first space (branch name), not the commit hash. The hash is always the last whitespace-separated token inside the [...] brackets. 2. Safety: raw byte slicing on a potentially non-ASCII string. Fix: find ']', extract the bracket content, split_whitespace() and take next_back() to get the hash. Use chars().take(7) for the short-hash slice so it is always char-boundary-safe.
…yte branch names Extracts parse_commit_output into a testable helper function and adds 7 comprehensive unit tests covering: - Normal branch names - Root-commit annotations - Multibyte branch names (Chinese, Thai) — regression test for the panic fix - Edge cases (no bracket, short hash, empty input) Tests verify the fix handles UTF-8 safely by anchoring on ']' and using char-safe slicing. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
rtk uses `str::floor_char_boundary()` (src/cmds/system/pipe_cmd.rs:140)
which was stabilized in Rust 1.91.0. Without `rust-version` in
Cargo.toml, packagers on older toolchains hit a confusing
`use of unstable library feature` error from rustc.
With this declaration, cargo gives the expected friendly diagnostic
up-front:
error: rustc 1.88.0 is not supported by the following packages:
rtk@0.34.3 requires rustc 1.91
Verified locally by switching toolchains:
- cargo +1.88 check → fails with the new clear MSRV error (intended)
- cargo +1.93 fmt/clippy/test → 1909 passed, zero warnings
Fixes #1402
Single-file `rtk grep` returned synthetic `[file] N` buckets when a matching line contained `:`. ripgrep emits `<line>:<content>` for single-file searches; the parser used `splitn(3, ':')` length to disambiguate, which fails when content has `:` (e.g. `Foo::bar(...)`). Force `--with-filename` on rg (`-H` on the grep fallback) so output is always `file:line:content`, and replace the inline parser with a regex-based `parse_match_line` that also handles paths with embedded `:` (Windows drive letters). Fixes the parser/rendering portion of #1436. The BRE-translation portion is addressed in a follow-up PR. Signed-off-by: Artiom Tofan <arto@queue-it.com>
- rg: switch to `-nH --null` for robust file/content separation - grep fallback: switch to `-rnHZ` to match rg's --null contract - Parser regex: `^([^\x00]+)\x00(\d+):(.*)$` so filenames or content containing `:digits:` (e.g. `badly_named:52:file.txt`, `debug: counter is :42: now`) can no longer fool the parser - Use `Captures::extract` for cleaner destructuring Adds tests for the badly-named-filename and digit-colons-in-content cases; updates existing tests to use NUL-separated fixtures. Addresses review on #1554. Signed-off-by: Artiom Tofan <arto@queue-it.com>
Closes #1564. `rtk hook check` rejected commands that began with a bash line continuation (`\<NL>`) because the matcher saw the literal `\` as the first token and bailed out: $ rtk hook check $'\\\ngit diff HEAD~1' No rewrite for: \\ngit diff HEAD~1 Bash collapses `\<NL>` (and `\<CRLF>`) plus surrounding horizontal whitespace to a single space before dispatching the command, so the matcher should do the same. Internal continuations (e.g. `git diff \<NL>HEAD~1`) are equally common when Claude Code formats long invocations. Add a small `collapse_line_continuations` helper that runs a single regex over the input before `cmd.trim()`. The regex eats the trailing whitespace on the previous line and the leading indentation on the next line so the no-double-space invariant holds. The fast path returns `Cow::Borrowed` when no continuation is present, so commands without `\<NL>` allocate nothing. Six regression tests pin: leading \\<NL\>, leading \\<CRLF\>, internal \\<NL\> between subcommand and args, \\<NL\> followed by indentation, the no-op fast path, and the helper-level Cow::Borrowed contract.
fix(pkg): rtk is Apache 2.0 and no MIT
fix(docs): replace remaining MIT license references with Apache 2.0
Closes #1672 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Sai Asish Y <say.apm35@gmail.com>
Signed-off-by: Sai Asish Y <say.apm35@gmail.com>
fix(cicd): MIT to Apache 2.0
fix(provider): sanatize more chars when encoding claude code project pathes
…ashes in args Fixes #1669
atomic_write() replaced symlinked settings.json with a regular file. Now resolves symlink targets before the tempfile+rename so the link itself is preserved and the real file gets updated. Covers both absolute and relative symlink targets. Closes #653
Simplify resolve_atomic_target() per review feedback — fs::canonicalize handles chained symlinks, relative paths, and all edge cases. Co-authored-by: Roopesh <roopesh1724989@gmail.com>
When `filter_markdown_body()` strips a PR or issue body to empty (body contained only badges, images, HTML comments, or horizontal rules), `format_pr_view` and `format_issue_view` previously skipped the body section silently. Users had no indication that body content had been present and filtered. Now both views emit a fallback note when the filtered body is empty but the raw body was not: PR view: (body contained only badges/images/comments) Issue view: Description: (body contained only badges/images/comments) The 4 added tests cover: - PR body with only badges/images/comments -> fallback note appears - PR body with real content -> no fallback note (sanity) - PR body empty (raw) -> no fallback note (no signal to give) - Issue body badges-only -> fallback note appears Closes #235 Co-authored-by: polaminggkub-debug <polaminggkub-debug@users.noreply.github.com>
Gate go build success output on the child exit code and surface unrecognized non-zero build output instead of reporting success. Closes #2185.
Contributor
|
Heads up: this release carries a The new Reproduction (real repo, file named Confirmed regression: |
fix(go): respect build failure exit status
chore(cargo): declare MSRV via rust-version = "1.91"
…e or positional arg
fix(grep): command token duplication in output withsame value filename or positional arg
Contributor
fix(git): fix panic on multibyte chars in commit output
- Decompose compound commands for permission checks (newline, background &, subshell `( )`) in addition to &&, ||, ;, | so hidden segments are checked.
- `contains_unattestable_construct`: flag command/process substitution and file-target redirects (fd-dup `2>&1` and /dev/null exempt) — RTK can't decompose these, so they are never auto-allowed.
- Route every host hook (Claude, VS Code, Gemini, Cursor, Copilot CLI) through a single decision flow. Precedence: Deny → (defer if unattestable) → Allow → Ask → Default. Auto-allow only on a positive Allow; otherwise defer to the host's own engine.
- Gemini: ask_user instead of hardcoded allow. Cursor: empty `{}` delegation, since permission:"ask" is not enforced on its sandboxed shell.
fix(security): port permission hardening from master + Copilot CLI adaptation
chore: merge master into develop
Contributor
|
LGTM |
aeppling
approved these changes
Jun 5, 2026
KuSh
approved these changes
Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Feats
Fix
defeats command rewrite Hook matcher: leading backslash-newline defeats command rewrite #1564
Other
rtk init#2173