chore: commit session handoffs + Chrome verify scripts + final report#42
Merged
Conversation
Adds 9 session handoffs, gap-analysis (11 docs), reddit assets, and 4 Chrome verify scripts that helped resolve the OpenAI 400 root cause. Why now: - D-9 (2026-05-18) publish window approaching, want a clean baseline before module split + demo prep land in subsequent PRs. - Scripts contain no embedded secrets — browser_cookie3 reads cookies at runtime from the user's Chrome profile (.venv-chrome-auth/ + playwright/.auth/ both gitignored). What's still untracked (intentional): - .venv-chrome-auth/ (Python venv) - playwright/ (cookies + debug captures with PII)
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
요약vibe-mod 해커톤 제출 준비 과정의 문서화, 갭 분석 종합, 그리고 자동화 검증 도구를 추가합니다. 8개 세션 핸드오프 문서는 2026-05-12부터 2026-05-14까지 진행 상황을 시간 순서로 기록하고, 11개 갭 분석 리뷰는 AutoMod 호환성부터 테스트 커버리지까지 종합합니다. 사용자 대면 HTML 도구(감사 리포트, 설정 체크리스트)와 Python 자동화 스크립트(최종 리포트 생성, Chrome UI 검증)를 통해 반복 검증 및 추적을 지원합니다. 변경 사항세션 진행 상황 및 갭 분석 문서
사용자 지향 HTML 도구 및 자동화 스크립트
🎯 2 (Simple) | ⏱️ ~12분
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request incorporates a wide range of project documentation, such as session handoffs and gap analyses, and adds automation scripts for Reddit verification and report generation. The review feedback points out a potential crash in the report-building script due to an unchecked file read, recommending a check for the file's existence to improve robustness.
| from pathlib import Path | ||
|
|
||
| ROOT = Path(__file__).resolve().parent.parent | ||
| B64 = (Path("/tmp/toast-b64-line.txt").read_text()).strip() |
There was a problem hiding this comment.
The script attempts to read from a hardcoded temporary file /tmp/toast-b64-line.txt without verifying its existence. This will lead to a FileNotFoundError if the file was not previously created by the verification script. It is safer to check if the file exists before attempting to read it.
Suggested change
| B64 = (Path("/tmp/toast-b64-line.txt").read_text()).strip() | |
| toast_b64_path = Path("/tmp/toast-b64-line.txt") | |
| B64 = toast_b64_path.read_text().strip() if toast_b64_path.exists() else "" |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 18
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@claudedocs/2026-05-13-install-debug-session-handoff.md`:
- Around line 21-24: Add a blank line immediately before and after the Markdown
table that begins with the header "| Layer | 증상 | 진단 | Fix |" (and the other
table at lines noted "Also applies to: 43-47") so there is an empty line
separating the table block from surrounding text; this will remove the
markdownlint MD058 warning — update the table surrounding whitespace in the
document sections containing that header and the similar block at the 43-47
region.
In `@claudedocs/2026-05-13-openai-400-probe-session-handoff.md`:
- Around line 26-33: The fenced code block showing the "HTTP 400 body" JSON
should include a language identifier to satisfy MD040; change the opening fence
from ``` to ```json (or ```text if preferred) so the block that contains the
HTTP 400 body JSON is explicitly marked (look for the snippet beginning with
"HTTP 400 body: {" and the following JSON payload) and update only the fence
marker.
- Around line 64-68: Add a blank line immediately before the markdown table
header line that starts with "| branch | HEAD | upstream | 비고 |" and add a blank
line immediately after the final table row (the line with
"`fix/openai-error-handling` (active) | `fa64429` | pushed | ...`"); this
ensures an empty line before and after the table block to satisfy the MD058 lint
rule.
In `@claudedocs/2026-05-13-openai-probe-v3-handoff.md`:
- Around line 22-26: The markdown tables (e.g. the table starting with "| stage
| 요청 | bodyLen | status |" and any other tables around lines 56-60) are missing
the required blank line above and below, triggering MD058; fix by inserting
exactly one empty line before the table start and one empty line after the table
end so every table is surrounded by blank lines, and run the linter to confirm
MD058 is resolved.
In `@claudedocs/2026-05-13-platform-bug-session-handoff.md`:
- Around line 26-32: The fenced code block showing the stack trace currently has
no language specified and triggers MD040; update that triple-backtick block that
contains the Error/stack trace (the block with lines like "Error: undefined
undefined: undefined" and "at callErrorFromStatus...") to include an explicit
language token such as "text" or "console" (e.g., change ``` to ```text) so the
Markdown linter recognizes the language.
- Around line 46-50: The Markdown table starting with the header line "| 가설 | 액션
| 결과 |" is missing surrounding blank lines causing MD058 warnings; add a single
blank line immediately before the table and a single blank line immediately
after the table (apply the same fix to the other table instance referenced
around the same section, the one at the second occurrence noted in the comment)
so both tables are separated from surrounding text and the linter rule MD058 is
satisfied.
In `@claudedocs/2026-05-13-reddit-setup-session-handoff.md`:
- Around line 48-51: Add a blank line before and after the Markdown table that
starts with the row "| branch | 상태 |" (the table containing "HEAD `3c0fa1e`
(Merge `#22`). Working tree clean — 단 `claudedocs/` 가 untracked") so the table is
separated by an empty line on both sides to satisfy the MD058 rule; update the
surrounding text to ensure there is exactly one empty line above the table and
one empty line below it.
In `@claudedocs/gap-analysis/07-moderator-ux.md`:
- Line 74: Remove the leading space inside the inline code span ` r_x: …`
(change it to `r_x: …`) to satisfy MD038 (no-space-in-code); locate the code
span in the "Active rules"/description text (the inline backtick-delimited token
containing `r_x: …`) and delete only the initial space character so the rest of
the markdown and indentation remain unchanged.
In `@claudedocs/gap-analysis/08-devvit-idiom.md`:
- Around line 71-72: Escape the Markdown headings that start with literal hash
characters so MD018 (no-missing-space-atx) stops interpreting them as headings:
locate the occurrences of the sequences `#2/#3/#4` and `#5` in the file and
either prepend a backslash (e.g. `\#2`), wrap them in inline code backticks
(e.g. `#2`), or surround them with parentheses/brackets so they render as normal
text instead of ATX headings; update the two offending sentences accordingly.
In `@claudedocs/gap-analysis/11-test-coverage.md`:
- Line 24: Replace the inline code span that contains a trailing space ("`> `")
with a trimmed span ("`>`") at the occurrences flagged (the inline code `> ` in
the Circuit-breaker threshold boundary line and the other occurrence at line 59)
so the Markdown no longer violates MD038 (no-space-in-code).
In `@claudedocs/reddit-setup-checklist.html`:
- Line 73: Update every anchor using target="_blank" (e.g., the <a
href="https://developers.reddit.com/apps/vibe-mod" target="_blank"> in the
snippet and the other occurrences at lines referenced) to include rel="noopener
noreferrer"; locate all anchors with target="_blank" in
claudedocs/reddit-setup-checklist.html and add rel="noopener noreferrer" to each
tag to mitigate tabnabbing.
- Around line 346-350: navigator.clipboard.writeText(getText()) currently has no
error handling; add a .catch handler on that promise to set a visible failure
state on btn (e.g., change btn.textContent to an error message like '복사 실패', add
a failure class such as 'copy-failed', and use setTimeout to revert the
text/class similar to the success path) and optionally log the error; ensure you
still keep the existing success branch that sets '✓ 복사됨' and class 'copied'.
- Line 319: The JSON.parse of localStorage.getItem(LSKEY) can throw if the
stored value is corrupted; wrap the parse in a try/catch (around the retrieval
and JSON.parse used to create the saved constant) and on error fall back to an
empty object (and optionally remove the corrupted LSKEY or log the error) so the
script doesn't crash when localStorage contains invalid JSON.
In `@scripts/build-final-report.py`:
- Around line 6-9: The top-level immediate execution of ROOT, B64 and OUT causes
crashes on missing files; move the computation/IO into a new or existing main()
function so imports don't trigger I/O: compute ROOT, set OUT and read the B64
file inside main(), wrap the B64 file read in a try/except that catches
FileNotFoundError/IOError and prints a clear user-friendly error message
(include the filename "/tmp/toast-b64-line.txt" and exit non-zero), and call
main() under the usual if __name__ == "__main__": guard so failures are handled
explicitly rather than during module import.
- Line 7: The code currently reads an arbitrary /tmp file into B64 and injects
it into HTML; restrict input to repository artifacts and validate the content as
base64 before use by: replace direct read of Path("/tmp/toast-b64-line.txt")
used to set B64 with a lookup that only accepts files from the repo artifact
directory (e.g., a configured ARTIFACTS_DIR) and canonicalizes/joins the path to
prevent traversal, then perform a base64 decode/validate step (attempt
base64.b64decode and confirm re-encoding matches or catch errors) before
embedding; update any HTML generation points that use B64 (the B64 variable and
related report generation logic) to use the validated/decoded data or
refuse/fail with a clear error if validation fails.
In `@scripts/chrome-reddit-v2.py`:
- Line 42: STATE.write_text(...) can raise FileNotFoundError because the parent
directory may not exist; before calling STATE.write_text, ensure the directory
is created by invoking AUTH_DIR.mkdir(parents=True, exist_ok=True) (or check
AUTH_DIR.exists() and create it) so the STATE path's directory exists; place
this creation right before the STATE.write_text call referenced in the script.
- Line 191: page.get_by_role currently passes a lambda as the name argument (in
the assignment to submit) which Playwright Python does not accept; replace the
callable with a regex Pattern (e.g., use re.compile to match
'submit|compile|create') so page.get_by_role(name=...) receives a Pattern, and
ensure the module imports re if not already present; update the expression that
defines submit (the page.get_by_role call) and add the re import.
In `@scripts/chrome-reddit-verify.py`:
- Around line 236-248: The script currently writes verification output to
/tmp/chrome-verify-result.json which risks PII/session leaks; update the write
path in scripts/chrome-reddit-verify.py (the block that opens
"/tmp/chrome-verify-result.json") to a repository-internal, gitignored auth
folder (e.g. "playwright/.auth/chrome-verify-result.json"), ensure the
"playwright/.auth" directory exists before writing (create it if missing), and
set secure file permissions (owner-only, e.g. chmod 600) when creating the file
so console_tail and session hints aren't exposed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 5e1152d2-7124-4e1e-9ec4-885b878832b6
⛔ Files ignored due to path filters (7)
claudedocs/reddit-assets/community-banner-1920x384.pngis excluded by!**/*.pngclaudedocs/reddit-assets/community-icon-256-bg.pngis excluded by!**/*.pngclaudedocs/reddit-assets/community-icon-256.pngis excluded by!**/*.pngclaudedocs/reddit-assets/community-icon-512.pngis excluded by!**/*.pngclaudedocs/reddit-assets/socialseed-original-apple-icon.pngis excluded by!**/*.pngclaudedocs/reddit-assets/socialseed-original-icon.pngis excluded by!**/*.pngclaudedocs/reddit-assets/sprout-logo.svgis excluded by!**/*.svg
📒 Files selected for processing (28)
.gitignoreclaudedocs/2026-05-12-session-handoff.mdclaudedocs/2026-05-13-install-debug-session-handoff.mdclaudedocs/2026-05-13-openai-400-probe-session-handoff.mdclaudedocs/2026-05-13-openai-probe-v3-handoff.mdclaudedocs/2026-05-13-platform-bug-session-handoff.mdclaudedocs/2026-05-13-reddit-setup-session-handoff.mdclaudedocs/2026-05-13-session-handoff.mdclaudedocs/2026-05-14-openai-400-final-report.htmlclaudedocs/2026-05-14-openai-400-resolved-handoff.mdclaudedocs/gap-analysis/00-SUMMARY.mdclaudedocs/gap-analysis/01-automod-parity.mdclaudedocs/gap-analysis/02-competitive-landscape.mdclaudedocs/gap-analysis/03-hackathon-judging.mdclaudedocs/gap-analysis/04-security-abuse.mdclaudedocs/gap-analysis/05-code-architecture.mdclaudedocs/gap-analysis/06-reliability-failure-modes.mdclaudedocs/gap-analysis/07-moderator-ux.mdclaudedocs/gap-analysis/08-devvit-idiom.mdclaudedocs/gap-analysis/09-rule-expressiveness.mdclaudedocs/gap-analysis/10-demo-storytelling.mdclaudedocs/gap-analysis/11-test-coverage.mdclaudedocs/hackathon-audit-20260512-reddit-mod-tools.htmlclaudedocs/reddit-setup-checklist.htmlscripts/build-final-report.pyscripts/chrome-reddit-v2.pyscripts/chrome-reddit-v3.pyscripts/chrome-reddit-verify.py
Comment on lines
+21
to
+24
| | Layer | 증상 | 진단 | Fix | | ||
| |---|---|---|---| | ||
| | **B-1 (이전 세션)** | `devvit upload` 자체가 거부 | `devvit.json` 스키마 4건 (top-level `version`, `dev.subreddit` 하이픈, `openaiApiKey` defaultValue, `server.entry` 경로) | PR #20 | | ||
| | **B-2** | `devvit install` → "context canceled" | `onAppInstall` trigger handler가 cold-start + Redis writes 인라인 → Devvit RPC 데드라인 미스 | try/catch + scheduler.runJob 분리 = PR #24 — **그래도 실패** → handler를 bare-minimum (`return {status:'ok'}`)으로 줄여도 실패 → **결국 devvit.json에서 트리거 선언 자체를 제거** = PR #25. install 성공 (v0.0.5). | |
There was a problem hiding this comment.
테이블 전후에 빈 줄을 넣어 MD058 경고를 해소해 주세요.
현재 표 블록 앞뒤 공백 줄이 없어 markdownlint 경고가 발생합니다. 표 위/아래에 한 줄씩 비우면 해결됩니다.
Also applies to: 43-47
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 21-21: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@claudedocs/2026-05-13-install-debug-session-handoff.md` around lines 21 - 24,
Add a blank line immediately before and after the Markdown table that begins
with the header "| Layer | 증상 | 진단 | Fix |" (and the other table at lines noted
"Also applies to: 43-47") so there is an empty line separating the table block
from surrounding text; this will remove the markdownlint MD058 warning — update
the table surrounding whitespace in the document sections containing that header
and the similar block at the 43-47 region.
Comment on lines
+26
to
+33
| ``` | ||
| HTTP 400 body: { | ||
| "error": { | ||
| "message": "We could not parse the JSON body of your request. ...", | ||
| "type": "invalid_request_error", "param": null, "code": null | ||
| } | ||
| } | ||
| ``` |
There was a problem hiding this comment.
코드 펜스에 언어 식별자를 지정해 주세요.
펜스 코드 블록에 언어가 없어 MD040 경고가 발생합니다. text 또는 json 같은 식별자를 추가해 주세요.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 26-26: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@claudedocs/2026-05-13-openai-400-probe-session-handoff.md` around lines 26 -
33, The fenced code block showing the "HTTP 400 body" JSON should include a
language identifier to satisfy MD040; change the opening fence from ``` to
```json (or ```text if preferred) so the block that contains the HTTP 400 body
JSON is explicitly marked (look for the snippet beginning with "HTTP 400 body:
{" and the following JSON payload) and update only the fence marker.
Comment on lines
+64
to
+68
| | branch | HEAD | upstream | 비고 | | ||
| |---|---|---|---| | ||
| | `main` (local stale) | `daf8a7a` | (behind) | `git pull` 필요 | | ||
| | `origin/main` | `5c73199` (Merge #31) | — | 모든 PR 머지된 ground truth | | ||
| | `fix/openai-error-handling` (active) | `fa64429` | pushed | 4 commits ahead of local main, **2 commits (probe v1+v2) ahead of origin/main** = 미머지 | |
There was a problem hiding this comment.
테이블 앞뒤 빈 줄을 추가해 주세요.
테이블 블록 전후 공백 줄이 없어 MD058 경고가 발생합니다.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 64-64: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@claudedocs/2026-05-13-openai-400-probe-session-handoff.md` around lines 64 -
68, Add a blank line immediately before the markdown table header line that
starts with "| branch | HEAD | upstream | 비고 |" and add a blank line immediately
after the final table row (the line with "`fix/openai-error-handling` (active) |
`fa64429` | pushed | ...`"); this ensures an empty line before and after the
table block to satisfy the MD058 lint rule.
Comment on lines
+22
to
+26
| | stage | 요청 | bodyLen | status | | ||
| |---|---|---|---| | ||
| | (a) | `GET /v1/models` (auth-only) | 0 | **200 OK** — `text-embedding-ada-002`, `gpt-4o`, … 모델 리스트 반환 | | ||
| | (b) | `POST /v1/chat/completions` minimal | 121 B | **200 OK** — `chatcmpl-...`, `model: gpt-5.4-nano-2026-03-17`, `content: "ok"`, `usage.prompt_tokens: 12` | | ||
| | (c) | `POST callOpenAI` full production | ~6000 B | **400** — `"We could not parse the JSON body of your request"` | |
There was a problem hiding this comment.
테이블 블록 전후 공백 줄을 일관되게 넣어 주세요.
여러 표에서 MD058(blanks-around-tables) 경고가 발생합니다. 각 표의 위/아래를 한 줄씩 비워 주세요.
Also applies to: 56-60
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 22-22: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
[warning] 26-26: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@claudedocs/2026-05-13-openai-probe-v3-handoff.md` around lines 22 - 26, The
markdown tables (e.g. the table starting with "| stage | 요청 | bodyLen | status
|" and any other tables around lines 56-60) are missing the required blank line
above and below, triggering MD058; fix by inserting exactly one empty line
before the table start and one empty line after the table end so every table is
surrounded by blank lines, and run the linter to confirm MD058 is resolved.
Comment on lines
+26
to
+32
| ``` | ||
| Error: undefined undefined: undefined | ||
| at callErrorFromStatus (/srv/index.cjs:4437:21) | ||
| at GenericPluginClient.GetSettings (/srv/index.cjs:136515:93) | ||
| at MY.get (main.js:9:74830) | ||
| code: undefined, details: undefined, metadata: _Metadata { Map(0) } | ||
| ``` |
There was a problem hiding this comment.
코드 블록에 언어를 명시해 주세요.
펜스 코드 블록에 언어 지정이 없어 MD040 경고가 발생합니다.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 26-26: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@claudedocs/2026-05-13-platform-bug-session-handoff.md` around lines 26 - 32,
The fenced code block showing the stack trace currently has no language
specified and triggers MD040; update that triple-backtick block that contains
the Error/stack trace (the block with lines like "Error: undefined undefined:
undefined" and "at callErrorFromStatus...") to include an explicit language
token such as "text" or "console" (e.g., change ``` to ```text) so the Markdown
linter recognizes the language.
Comment on lines
+6
to
+9
| ROOT = Path(__file__).resolve().parent.parent | ||
| B64 = (Path("/tmp/toast-b64-line.txt").read_text()).strip() | ||
| OUT = ROOT / "claudedocs" / "2026-05-14-openai-400-final-report.html" | ||
|
|
There was a problem hiding this comment.
모듈 import 시점 즉시 실행 구조는 실패 복구가 어렵습니다.
입력 파일 읽기/출력 경로 계산이 top-level에서 즉시 수행되어, 파일 부재 시 사용자 친화적 오류 처리 없이 바로 크래시 납니다. main() + 명시적 예외 메시지로 감싸 주세요.
🧰 Tools
🪛 Ruff (0.15.12)
[error] 7-7: Probable insecure usage of temporary file or directory: "/tmp/toast-b64-line.txt"
(S108)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/build-final-report.py` around lines 6 - 9, The top-level immediate
execution of ROOT, B64 and OUT causes crashes on missing files; move the
computation/IO into a new or existing main() function so imports don't trigger
I/O: compute ROOT, set OUT and read the B64 file inside main(), wrap the B64
file read in a try/except that catches FileNotFoundError/IOError and prints a
clear user-friendly error message (include the filename
"/tmp/toast-b64-line.txt" and exit non-zero), and call main() under the usual if
__name__ == "__main__": guard so failures are handled explicitly rather than
during module import.
| from pathlib import Path | ||
|
|
||
| ROOT = Path(__file__).resolve().parent.parent | ||
| B64 = (Path("/tmp/toast-b64-line.txt").read_text()).strip() |
There was a problem hiding this comment.
/tmp 입력을 신뢰하고 그대로 HTML에 주입하는 부분이 위험합니다.
Line 7/534 조합은 (1) 누구나 쓸 수 있는 /tmp 파일을 신뢰하고, (2) base64 검증 없이 <img src="...">에 바로 넣습니다. 생성 리포트 깨짐/주입 리스크가 있습니다. 입력 경로를 리포지토리 내부 아티팩트로 제한하고 base64 유효성 검증 후 주입하세요.
🔧 제안 패치
+import base64
from pathlib import Path
@@
-B64 = (Path("/tmp/toast-b64-line.txt").read_text()).strip()
+SRC = ROOT / "playwright" / ".auth" / "toast-b64-line.txt"
+raw = SRC.read_text(encoding="utf-8").strip()
+try:
+ base64.b64decode(raw, validate=True)
+except Exception as exc:
+ raise ValueError("Invalid base64 screenshot payload") from exc
+B64 = rawAlso applies to: 534-534
🧰 Tools
🪛 Ruff (0.15.12)
[error] 7-7: Probable insecure usage of temporary file or directory: "/tmp/toast-b64-line.txt"
(S108)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/build-final-report.py` at line 7, The code currently reads an
arbitrary /tmp file into B64 and injects it into HTML; restrict input to
repository artifacts and validate the content as base64 before use by: replace
direct read of Path("/tmp/toast-b64-line.txt") used to set B64 with a lookup
that only accepts files from the repo artifact directory (e.g., a configured
ARTIFACTS_DIR) and canonicalizes/joins the path to prevent traversal, then
perform a base64 decode/validate step (attempt base64.b64decode and confirm
re-encoding matches or catch errors) before embedding; update any HTML
generation points that use B64 (the B64 variable and related report generation
logic) to use the validated/decoded data or refuse/fail with a clear error if
validation fails.
| } | ||
| for c in cj | ||
| ] | ||
| STATE.write_text(json.dumps({"cookies": cookies, "origins": []}, indent=2)) |
There was a problem hiding this comment.
쿠키 상태 파일 쓰기 전에 디렉터리 생성이 필요합니다.
Line 42에서 STATE.write_text(...)를 호출하지만 AUTH_DIR.mkdir(...)가 없어, 첫 실행 환경에서는 FileNotFoundError로 실패할 수 있습니다.
🔧 제안 패치
def ensure_cookies():
cj = browser_cookie3.chrome(domain_name="reddit.com")
+ AUTH_DIR.mkdir(parents=True, exist_ok=True)
cookies = [🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/chrome-reddit-v2.py` at line 42, STATE.write_text(...) can raise
FileNotFoundError because the parent directory may not exist; before calling
STATE.write_text, ensure the directory is created by invoking
AUTH_DIR.mkdir(parents=True, exist_ok=True) (or check AUTH_DIR.exists() and
create it) so the STATE path's directory exists; place this creation right
before the STATE.write_text call referenced in the script.
| print(f"[v2] form fill failed: {e!r}") | ||
| return | ||
|
|
||
| submit = page.get_by_role("button", name=lambda s: s and any(k in s.lower() for k in ["submit", "compile", "create"])).first |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Playwright Python의 page.get_by_role(name=...) 파라미터는 callable(lambda)를 지원하나요? 공식 문서 기준 허용 타입(str/regex 등)을 확인해 주세요.
💡 Result:
Playwright Python의 page.get_by_role(name=...) 파라미터는 callable(lambda)을 지원하지 않습니다. 공식 문서에 따르면 name 파라미터의 허용 타입은 str 또는 Pattern(정규표현식)입니다.[1][2]
Citations:
- 1: https://playwright.dev/python/docs/api/class-page
- 2: https://playwright.dev/python/docs/api/class-locator
get_by_role(name=...)에 callable을 전달할 수 없습니다.
Playwright Python의 page.get_by_role(name=...)는 str 또는 Pattern(정규식) 타입만 지원하며, lambda 같은 callable을 전달하면 런타임 에러가 발생합니다. 정규식으로 변경하세요:
name=re.compile(r'submit|compile|create')
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/chrome-reddit-v2.py` at line 191, page.get_by_role currently passes a
lambda as the name argument (in the assignment to submit) which Playwright
Python does not accept; replace the callable with a regex Pattern (e.g., use
re.compile to match 'submit|compile|create') so page.get_by_role(name=...)
receives a Pattern, and ensure the module imports re if not already present;
update the expression that defines submit (the page.get_by_role call) and add
the re import.
Comment on lines
+236
to
+248
| with open("/tmp/chrome-verify-result.json", "w") as f: | ||
| json.dump( | ||
| { | ||
| "url": page.url, | ||
| "title": title, | ||
| "logged_in_hint": logged_in_hint, | ||
| "toast": toast_text, | ||
| "console_tail": console_msgs[-50:], | ||
| }, | ||
| f, | ||
| indent=2, | ||
| ensure_ascii=False, | ||
| ) |
There was a problem hiding this comment.
검증 결과를 /tmp에 쓰는 기본값은 PII/세션 정보 노출 위험이 있습니다.
Line 236-248에서 콘솔 tail 포함 결과를 /tmp에 기록하면 같은 호스트의 다른 프로세스/사용자 노출 가능성이 생깁니다. playwright/.auth 내부(이미 .gitignore 처리)로 저장 경로를 통일하세요.
🔧 제안 패치
- with open("/tmp/chrome-verify-result.json", "w") as f:
+ result_path = AUTH_DIR / "chrome-verify-result.json"
+ with result_path.open("w", encoding="utf-8") as f:
json.dump(
{
@@
ensure_ascii=False,
)
+ print(f"[verify] wrote {result_path}")📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| with open("/tmp/chrome-verify-result.json", "w") as f: | |
| json.dump( | |
| { | |
| "url": page.url, | |
| "title": title, | |
| "logged_in_hint": logged_in_hint, | |
| "toast": toast_text, | |
| "console_tail": console_msgs[-50:], | |
| }, | |
| f, | |
| indent=2, | |
| ensure_ascii=False, | |
| ) | |
| result_path = AUTH_DIR / "chrome-verify-result.json" | |
| with result_path.open("w", encoding="utf-8") as f: | |
| json.dump( | |
| { | |
| "url": page.url, | |
| "title": title, | |
| "logged_in_hint": logged_in_hint, | |
| "toast": toast_text, | |
| "console_tail": console_msgs[-50:], | |
| }, | |
| f, | |
| indent=2, | |
| ensure_ascii=False, | |
| ) | |
| print(f"[verify] wrote {result_path}") |
🧰 Tools
🪛 Ruff (0.15.12)
[error] 236-236: Probable insecure usage of temporary file or directory: "/tmp/chrome-verify-result.json"
(S108)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/chrome-reddit-verify.py` around lines 236 - 248, The script currently
writes verification output to /tmp/chrome-verify-result.json which risks
PII/session leaks; update the write path in scripts/chrome-reddit-verify.py (the
block that opens "/tmp/chrome-verify-result.json") to a repository-internal,
gitignored auth folder (e.g. "playwright/.auth/chrome-verify-result.json"),
ensure the "playwright/.auth" directory exists before writing (create it if
missing), and set secure file permissions (owner-only, e.g. chmod 600) when
creating the file so console_tail and session hints aren't exposed.
2 tasks
ComBba
added a commit
that referenced
this pull request
May 15, 2026
…acts chore: commit session handoffs + Chrome verify scripts + final report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
claudedocs/scripts/chrome-reddit-{v2,v3,verify}.py+build-final-report.py) that helped resolve the OpenAI 400 root cause via browser_cookie3 + Playwright.gitignore:.venv-chrome-auth/(Python venv) +playwright/(cookies + debug captures with PII)Why now
browser_cookie3reads cookies at runtime from the user's Chrome profile.Verification
npm run check4/4 gates greendist/(docs + diagnostic scripts only)Test plan
.gitignoreignores cookies + venv🤖 Generated with Claude Code
Summary by CodeRabbit
릴리스 노트
Documentation
Chores