fix: v0.5.18 P1 follow-ups — diff guard, prompt injection, docs, timeout

[anandgupta42]

What does this PR do?

Addresses the 5 P1 issues identified during the v0.5.18 multi-persona release evaluation:

1. GitLab MR diff size guard — truncateDiffs() caps diffs at 50 files / 200KB with clear user warning, preventing context overflow errors on large MRs
2. Prompt injection mitigation — MR content (title, description, branch names, comments, diffs) is framed as untrusted data in the system prompt instruction
3. Stale GitLab docs — Complete rewrite of docs/usage/gitlab.md with correct altimate gitlab review command, CI setup, auth docs, self-hosted config, and known limitations
4. validateCredentials timeout — 15s AbortSignal timeout on the credential validation fetch, preventing indefinite TUI hang on network partition
5. Changelog wording — Fixed /login reference to correctly say "provider dialog → Altimate"

Type of change

• Bug fix
• New feature
• Test coverage
• Documentation
• Refactoring
• Infrastructure

Issue for this PR

Closes #647

How did you verify your code works?

• All existing tests pass (58 tests in gitlab + datamate suites)
• All 60 adversarial tests pass
• Typecheck passes
• Marker guard passes

Checklist

• Tests pass locally
• Marker guard passes
• Typecheck passes
• Docs updated alongside code changes

Summary by CodeRabbit

• New Features

  • MR diff truncation for very large changes to keep reviews responsive; CLI warns when truncation occurs.

• Documentation

  • Expanded GitLab integration guide: quick start, auth, model selection, CI examples, and known limitations.
  • Added a formal release procedure and updated changelog wording for provider selection instructions.

• Bug Fixes

  • Added a timeout to credential validation to improve reliability.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: c951c757-12b0-402a-8226-b5b2d61b3eb0

📥 Commits

Reviewing files that changed from the base of the PR and between 7818d32 and aef921c.

📒 Files selected for processing (2)

• docs/docs/usage/gitlab.md
• packages/opencode/src/cli/cmd/gitlab.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/opencode/src/cli/cmd/gitlab.ts
• docs/docs/usage/gitlab.md

---

📝 Walkthrough

Walkthrough

Applies v0.5.18 follow-ups: update changelog TUI text, refresh GitLab docs (quick start, auth, model selection, known limitations), add 15s AbortController timeout to credential validation, truncate large GitLab MR diffs with CLI warning, and mark MR content as untrusted in prompts.

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Adjusted provider dialog navigation text in v0.5.18 entry.
GitLab docs docs/docs/usage/gitlab.md	Rewrote usage as “GitLab”; added Quick Start, auth env vars (GITLAB_PERSONAL_ACCESS_TOKEN / GITLAB_TOKEN, GITLAB_INSTANCE_URL), model selection (--model / MODEL / ALTIMATE_MODEL), CI examples, feature list, and Known Limitations (note-only posting, truncation thresholds).
Credential validation timeout packages/opencode/src/altimate/api/client.ts	Added AbortController with 15s timeout to AltimateApi.validateCredentials; passes signal to fetch and clears timeout in .finally().
GitLab MR review: truncation & prompt safety packages/opencode/src/cli/cmd/gitlab.ts	Introduced MAX_DIFF_FILES / MAX_DIFF_BYTES and truncateDiffs() to cap diffs; buildReviewPrompt uses truncated set and inserts a “(Showing … Remaining files were omitted …)” note; CLI now warns when truncation will occur; preamble marks MR content as untrusted to mitigate prompt injection.
Release process doc .claude/commands/release.md	Added a comprehensive gated release procedure and checklist for altimate-code (new doc).

Sequence Diagram(s)

sequenceDiagram
    participant CLI as "CLI (altimate gitlab review)"
    participant GitLab as "GitLab API"
    participant Trunc as "Diff Truncation\n(max files / bytes)"
    participant LLM as "LLM Service"

    CLI->>GitLab: fetch MR metadata, comments, changes
    GitLab-->>CLI: MR title/desc/comments/diffs
    CLI->>Trunc: evaluate changes size
    alt diff exceeds limits
        Trunc-->>CLI: truncated diffs + truncated=true
        CLI->>CLI: append <diffs> note about omitted files
        CLI->>CLI: print CLI warning about oversized MR
    else within limits
        Trunc-->>CLI: full diffs + truncated=false
    end
    CLI->>LLM: build prompt (frame MR content as untrusted) and send
    LLM-->>CLI: review output

Loading

sequenceDiagram
    participant TUI as "TUI / Client"
    participant AltimateAPI as "AltimateApi.validateCredentials"
    participant Network as "Altimate Gateway / Network"

    TUI->>AltimateAPI: validateCredentials(request)
    AltimateAPI->>Network: fetch(..., signal from AbortController)
    alt no response within 15s
        AltimateAPI->>AltimateAPI: AbortController.abort()
        Network-->>AltimateAPI: aborted/error
    else response within 15s
        Network-->>AltimateAPI: validation response
    end
    AltimateAPI-->>TUI: return validation result or error

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: add native GitLab MR review integration #622 — edits to packages/opencode/src/cli/cmd/gitlab.ts (GitLab MR review command and truncation/safety).
• feat: add Altimate provider with /login command and credential valida… #606 — edits to packages/opencode/src/altimate/api/client.ts (credential validation timeout/cancellation).
• docs: add Altimate LLM Gateway provider, expand IDE page, update quic… #607 — related documentation updates for provider/quickstart content.

Suggested reviewers

• suryaiyer95

Poem

🐰 Through the diff-size thicket I bound and peek,
Fifteen seconds watch — no more hangs to wreak,
Docs polished, quick-start ready for the crew,
Truncated diffs whispered, prompts marked untrusted too,
A carrot-hop hooray — small fixes, big view! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description lacks the required 'PINEAPPLE' token at the top (mandated for AI-generated contributions per template), though content otherwise addresses all objectives and follows the structure.	Add 'PINEAPPLE' as the first word at the very top of the PR description before the section headers, as required by the repository template.
Out of Scope Changes check	⚠️ Warning	All changes are directly tied to the five P1 issues; no unrelated scope creep detected. The new release.md file is not required by issue #647 and appears outside the stated objectives.	Clarify whether .claude/commands/release.md is in scope for this PR or should be split into a separate issue, as it exceeds the five documented P1 objectives.
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes all five P1 follow-up fixes: diff guard, prompt injection mitigation, documentation, and timeout—matching the actual changeset.
Linked Issues check	✅ Passed	All five P1 objectives from issue #647 are met: diff truncation (50 files/200KB) [gitlab.ts], prompt injection framing [gitlab.ts], docs rewrite [gitlab.md], validateCredentials timeout (15s) [client.ts], and changelog wording fix [CHANGELOG.md].

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/v0.5.18-p1-followups

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/docs/usage/gitlab.md`:
- Around line 74-77: The doc text "50+ files" is inaccurate; update the wording
to match the code behavior which truncates when totalFiles > MAX_DIFF_FILES
(i.e., more than 50 files) — reference the logic using changes.slice(0,
MAX_DIFF_FILES) and truncated = totalFiles > MAX_DIFF_FILES — so change "50+
files" to "more than 50 files" or "51+ files" to reflect the actual truncation
threshold.

In `@packages/opencode/src/cli/cmd/gitlab.ts`:
- Around line 386-390: The CLI warning only checks file count
(mrData.changes.length > MAX_DIFF_FILES) but misses byte-size truncation; call
truncateDiffs earlier on mrData.changes (using the existing truncateDiffs
function and its returned truncated flag) and change the warning condition to
use either truncated === true or mrData.changes.length > MAX_DIFF_FILES so the
UI.println message shows when truncation occurred due to MAX_DIFF_BYTES as well;
update the block around mrData.changes/truncateDiffs and the warning print to
reference the truncateDiffs result and mrData.changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 51fda3b7-221e-4e0a-89ef-d82d86523c7f

📥 Commits

Reviewing files that changed from the base of the PR and between 0d60956 and 8002a0e.

📒 Files selected for processing (4)

• CHANGELOG.md
• docs/docs/usage/gitlab.md
• packages/opencode/src/altimate/api/client.ts
• packages/opencode/src/cli/cmd/gitlab.ts

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/commands/release.md:
- Line 344: The fenced code block containing the "## Release Summary:
v{NEXT_VERSION}" header lacks a language identifier and triggers MD040; update
the opening fence from ``` to ```markdown so the block is labeled as markdown
(leave the block contents and closing fence unchanged) to satisfy the linter.
- Around line 253-254: The changelog format in .claude/commands/release.md
requires bold section headers (Added/Fixed/Changed) with an em-dash style
description, but script/changelog.ts currently emits area-based sections (##
Core, ## TUI, etc.), so update the generator in script/changelog.ts (the
function that assembles changelog entries / generateChangelog or
buildChangelogEntries) to group entries into the three bold categories (Added,
Fixed, Changed), convert each summarized commit into a single bullet using the
"Bold Title — description" pattern, and include the persona Step 4 feedback text
when present; ensure the output format exactly matches the release.md
requirement (bold title + em-dash description), update any unit/integration
tests for script/changelog.ts to expect the new format, and keep area grouping
only as optional sub-context inside those three categories if needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 75f28e2f-7b09-4010-b39d-2cfb6b4547ea

📥 Commits

Reviewing files that changed from the base of the PR and between 8002a0e and 7818d32.

📒 Files selected for processing (1)

• .claude/commands/release.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Changelog instructions here conflict with the current generator behavior.

This file mandates Added/Fixed/Changed and “bold title + em-dash” style, but script/changelog.ts currently groups by area (## Core, ## TUI, ## Desktop, ## SDK, ## Extensions) and builds bullet entries from summarized commits. This mismatch can cause release-process drift and inconsistent release notes.

Suggested alignment patch

-### 8b: Write the changelog entry
-
-Categorize into **Added**, **Fixed**, **Changed**. Use bold title + em-dash description matching existing style. Incorporate release notes feedback from the Step 4 persona reviews.
+### 8b: Write the changelog entry
+
+Follow the current generated format used by `script/changelog.ts`:
+- Group by code area sections (for example: `## Core`, `## TUI`, `## Desktop`, `## SDK`, `## Extensions`)
+- Keep concise bullet entries under each section
+- Incorporate release notes feedback from the Step 4 persona reviews

-10. **Changelog entries must match existing style.** Bold titles with em-dash descriptions.
+10. **Changelog entries must match existing generated style.** Group entries under area sections with concise bullets.

Also applies to: 379-380

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/commands/release.md around lines 253 - 254, The changelog format in
.claude/commands/release.md requires bold section headers (Added/Fixed/Changed)
with an em-dash style description, but script/changelog.ts currently emits
area-based sections (## Core, ## TUI, etc.), so update the generator in
script/changelog.ts (the function that assembles changelog entries /
generateChangelog or buildChangelogEntries) to group entries into the three bold
categories (Added, Fixed, Changed), convert each summarized commit into a single
bullet using the "Bold Title — description" pattern, and include the persona
Step 4 feedback text when present; ensure the output format exactly matches the
release.md requirement (bold title + em-dash description), update any
unit/integration tests for script/changelog.ts to expect the new format, and
keep area grouping only as optional sub-context inside those three categories if
needed.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a language to the fenced block to satisfy markdown linting.

The fenced code block starting on this line has no language identifier (MD040).

Suggested lint fix

-```
+```markdown
 ## Release Summary: v{NEXT_VERSION}
 ...
-```
+```

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 344-344: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/commands/release.md at line 344, The fenced code block containing
the "## Release Summary: v{NEXT_VERSION}" header lacks a language identifier and
triggers MD040; update the opening fence from ``` to ```markdown so the block is
labeled as markdown (leave the block contents and closing fence unchanged) to
satisfy the linter.