From fcf4659bbc1161825432c8560d1b76df3cc14ee0 Mon Sep 17 00:00:00 2001 From: citizen204 Date: Fri, 19 Jun 2026 15:17:49 +0930 Subject: [PATCH] fix(sdd): add -C DIR flag to review-package for harness allowlisting Without -C, every caller whose cwd isn't the target repo must prefix the invocation with cd ; review-package ..., which harnesses cannot statically allowlist because the worktree path and BASE SHA vary on every run. The optional leading -C DIR lets callers pass a stable single-command form that can be pre-approved via a prefix rule. Fully backward-compatible: omitting -C preserves the existing behavior. Fixes #1799 --- .../scripts/review-package | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/skills/subagent-driven-development/scripts/review-package b/skills/subagent-driven-development/scripts/review-package index 33bb20f73c..f2dfa98028 100755 --- a/skills/subagent-driven-development/scripts/review-package +++ b/skills/subagent-driven-development/scripts/review-package @@ -4,13 +4,23 @@ # call. Using the recorded per-task BASE (not HEAD~1) keeps multi-commit # tasks intact. # -# Usage: review-package BASE HEAD [OUTFILE] +# Usage: review-package [-C DIR] BASE HEAD [OUTFILE] # Default OUTFILE: /.superpowers/sdd/review-...diff # (named per range, so a re-review after fixes gets a distinct fresh file). set -euo pipefail +# Optional leading "-C DIR": run as if invoked from DIR, so callers whose +# cwd isn't the repo don't need a `cd DIR ; review-package ...` compound. +# (That compound can't be allowlisted by harnesses because BASE and the +# worktree path vary on every run.) +if [ "${1:-}" = "-C" ]; then + [ -d "${2:-}" ] || { echo "bad -C dir: ${2:-}" >&2; exit 2; } + cd "$2" + shift 2 +fi + if [ $# -lt 2 ] || [ $# -gt 3 ]; then - echo "usage: review-package BASE HEAD [OUTFILE]" >&2 + echo "usage: review-package [-C DIR] BASE HEAD [OUTFILE]" >&2 exit 2 fi