Safety notes
Caution
Hash-anchored line editing to reject stale edits; review override behavior before adopting.
Hash-anchored line editing to reject stale edits; review override behavior before adopting.
Static scan findings
This is a first-pass static screen, not a formal audit. It flags patterns worth reading before install.
MEDIUM · token_access
AGENTS.md
- Keep tool output token-efficient. `LINE#HASH:` already costs ~2 tokens per line, and `content[0].text` is repaid on every edit.
MEDIUM · token_access
CLAUDE.md
- Keep tool output token-efficient. `LINE#HASH:` already costs ~2 tokens per line, and `content[0].text` is repaid on every edit.
MEDIUM · token_access
CHANGELOG.md
- Slim read/edit prompt guidance and edit response text for token efficiency.
MEDIUM · spawn_shell
test/tools/edit.preview.test.ts
import { execFile } from "child_process";
MEDIUM · token_access
test/tools/edit.preview.test.ts
fg: (_token: string, text: string) => text,
MEDIUM · token_access
test/tools/edit.test.ts
fg: (token: string, text: string) => `[${token}]${text}[/${token}]`,fg: (_token: string, text: string) => text,fg: (_token: string, text: string) => text,
MEDIUM · token_access
test/tools/permission-errors.test.ts
writeFileSync(filePath, "secret content", "utf-8");
MEDIUM · spawn_shell
test/tools/file-kind.test.ts
import { execFile } from "child_process";
MEDIUM · spawn_shell
test/tools/edit.queue.test.ts
import { execFile } from "child_process";
MEDIUM · token_access
test/tools/edit.text-shape.test.ts
describe("edit tool text shape (token budget)", () => {
Package scripts captured
No package scripts captured.