Skip to content

ai-review: handle PRs over the 300-file diff cap in prefetch#2845

Open
unarbos wants to merge 3 commits into
mainfrom
fix/ai-review-prefetch-large-pr-diff
Open

ai-review: handle PRs over the 300-file diff cap in prefetch#2845
unarbos wants to merge 3 commits into
mainfrom
fix/ai-review-prefetch-large-pr-diff

Conversation

@unarbos

@unarbos unarbos commented Jul 9, 2026

Copy link
Copy Markdown

Summary

  • gh pr diff uses the .diff media type, which GitHub hard-caps at 300 changed files; on larger PRs it returns HTTP 406 no matter how many times it is retried, leaving the required skeptic check permanently red (currently blocking Bittensor monorepo consolidation: SDK, py-sp-core, website, docs, clones, CI, and release train #2841, which touches 1000+ files).
  • prefetch.sh now tries gh pr diff first and, on failure, reconstructs the unified diff from the paginated Files API (no file-count cap), emitting the same diff --git hunk stream the personas normally see. Binary/oversized files get a placeholder hunk.
  • Must land on main to take effect: ai-review.yml intentionally runs the trusted copy of this script from the base branch, never from the PR head.

Test plan

Made with Cursor

The .diff media type is hard-capped at 300 changed files; on larger PRs
gh pr diff returns HTTP 406 forever, leaving the required skeptic check
permanently red. Reconstruct the unified diff from the paginated Files
API in that case. The workflow runs the trusted copy of this script from
the base branch, so the fix must land on main to take effect.

Co-authored-by: Cursor <cursoragent@cursor.com>
@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Error Error Jul 9, 2026 9:01pm

Request Review

@github-actions github-actions Bot added the hotfix This PR needs to be merged very quickly and will likely skip testing on devnet and testnet label Jul 9, 2026
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🚨🚨🚨 HOTFIX DETECTED 🚨🚨🚨

It looks like you are trying to merge a hotfix PR into main. If this isn't what you wanted to do, and you just wanted to make a regular PR, please close this PR, base your changes off the devnet-ready branch and open a new PR into devnet ready.

If you are trying to merge a hotfix PR, please complete the following essential steps:

  1. go ahead and get this PR into main merged, so we can get the change in as quickly as possible!
  2. merge main into testnet, bumping spec_version
  3. deploy testnet
  4. merge testnet into devnet, bumping spec_version
  5. deploy devnet
  6. merge devnet into devnet-ready

If you do not complete these steps, your hotfix may be inadvertently removed in the future when branches are promoted to main, so it is essential that you do so.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/ai-review/prefetch.sh Outdated
Comment on lines +120 to +123
if [[ -n "$patch" ]]; then
printf '%s\n' "$patch"
else
printf '@@ (no textual patch — binary or file exceeded diff size limit) @@\n'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Fallback silently omits security-sensitive file contents

The Files API omits patch for oversized textual files as well as binaries. On a >300-file PR, an attacker can make a sensitive change individually large enough to land here; the Skeptic then receives only this placeholder and may return SAFE without seeing the change. Because this modifies the trusted .github/ai-review/ pipeline and creates a steady-state review bypass, fail closed when any patch is missing or fetch the base/head blobs and reconstruct the complete textual diff.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

BASELINE scrutiny: write-permission contributor with substantial activity, no known Gittensor association; direct-to-main hotfix is explicitly justified.

The oversized-diff fallback now reconstructs the complete patch locally and fails closed on checkout, head, or merge-base mismatches.

Findings

Sev File Finding
HIGH .github/ai-review/prefetch.sh:92 Protected AI-review security helper modified inline

Prior-comment reconciliation

  • 6e0c9076: not addressed — The protected AI-review helper remains modified, so the policy-mandated HIGH finding still applies.

Conclusion

The fallback vulnerability is fixed, but this PR still modifies a protected AI-review security helper. The required independent validation remains outstanding.


📜 Previous run (superseded)
Sev File Finding Status
HIGH .github/ai-review/prefetch.sh:92 Protected AI-review security helper modified ➡️ Carried forward to current findings
The protected AI-review helper remains modified, so the policy-mandated HIGH finding still applies.

# 🔍 AI Review — Auditor (domain review) has not yet run on this PR.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

…ut, fail closed.

Skeptic flagged the Files API fallback: it omits `patch` for
individually-oversized textual files, so a placeholder hunk would be a
review blind spot. Compute the diff with local git instead (the workflow
runs prefetch inside a fetch-depth-0 checkout of the PR head), guarded so
any mismatch or failure aborts rather than emitting a partial diff.

Co-authored-by: Cursor <cursoragent@cursor.com>
unarbos added a commit that referenced this pull request Jul 9, 2026
…ut, fail closed (mirrors PR #2845).

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

# back to computing the same diff from the local PR checkout, which has no
# file-count cap.
reconstruct_diff_locally() {
# The Files API alternative is unsuitable: it omits `patch` for binary AND

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Protected AI-review security helper modified

This changes a protected .github/ai-review/* helper that determines the exact code shown to the security personas. Once merged, this base-branch copy becomes trusted and executes on future PRs; any defect could create a steady-state review bypass. Per the protected-file policy, nucleus must independently validate the complete fallback and fail-closed behavior before merge.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

…cts new regressions only.

Mirrors the list already on the monorepo branch, plus five advisories
(bytes/time/quinn-proto/rustls-webpki duplicates) that only exist in
main's pre-monorepo Cargo.lock; drop those once the consolidated
lockfile lands.

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

# back to computing the same diff from the local PR checkout, which has no
# file-count cap.
reconstruct_diff_locally() {
# The Files API alternative is unsuitable: it omits `patch` for binary AND

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Protected AI-review security helper modified

This changes the trusted helper that determines exactly what code the security personas review. Policy requires every modification under .github/ai-review/ to be flagged at least HIGH; independent nucleus validation of the complete trusted-file diff is required before merge.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

hotfix This PR needs to be merged very quickly and will likely skip testing on devnet and testnet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant