1.8 KiB
1.8 KiB
- Added
.trellis/tasks/04-17-deep-code-review-ocswitch/review.mdto capture the full deep review output and concrete remediation guidance. - Recorded 2 high-risk items:
- concurrent config/OpenCode save paths are unsafe under concurrent writers
- proxy request body has no read timeout after headers
- Recorded 4 medium-risk items:
- streaming responses have no idle timeout
- retryable upstream failures are collapsed into a generic
502 opencode sync --set-model/--set-small-modelcan silently write invalid defaults- fixed default API key remains unsafe when binding to non-loopback addresses
- Recorded 4 low-risk or improvement items:
- alias lifecycle lacks enable/disable recovery path
- provider import docs and implementation disagree on empty
apiKey opencode syncside effects on JSONC comments and$schemaneed clearer docs- header forwarding should better handle dynamic hop-by-hop headers and narrower forwarding rules
- Implemented direct fixes for the clearly scoped items:
- added advisory file locking and atomic writes for both local config and OpenCode sync writes
- validated non-loopback server binds cannot keep the default local API key
- added routable alias validation for
opencode sync --set-modeland--set-small-model - added request body read timeout handling and stable timeout error mapping
- added stream idle timeout and last retryable upstream error passthrough for
429/5xx - narrowed forwarded request headers conservatively, including dynamic
Connection-declared hop-by-hop removal - aligned provider import behavior/docs to allow empty
apiKey - documented that OpenCode sync rewrites JSONC as normalized JSON
- Verification completed after implementation:
go test ./...go test -race ./...