From 49ea9b04578c028b596b64668bef966533ade19e Mon Sep 17 00:00:00 2001 From: Jacob Richman Date: Tue, 10 Mar 2026 09:38:26 -0700 Subject: [PATCH] Handle dirty worktrees better and warn about running scripts/review.sh on untrusted code. (#21791) --- CONTRIBUTING.md | 4 ++++ scripts/review.sh | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5d08e91455..c71fbe2e22 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -77,6 +77,10 @@ You can run the review tool in two ways: ./scripts/review.sh [model] ``` + **Warning:** If you run `scripts/review.sh`, you must have first verified + that the code for the PR being reviewed is safe to run and does not contain + data exfiltration attacks. + **Authors are strongly encouraged to run this script on their own PRs** immediately after creation. This allows you to catch and fix simple issues locally before a maintainer performs a full review. diff --git a/scripts/review.sh b/scripts/review.sh index 653fd92baf..9530e453a1 100755 --- a/scripts/review.sh +++ b/scripts/review.sh @@ -70,8 +70,10 @@ echo "review: Changing directory to $WORKTREE_PATH" cd "$WORKTREE_PATH" || exit 1 # 4. Checkout the PR -echo "review: Checking out PR $pr..." -gh pr checkout "$pr" -f -R "$REPO" +echo "review: Cleaning worktree and checking out PR $pr..." +git reset --hard +git clean -fd +gh pr checkout "$pr" --branch "review-$pr" -f -R "$REPO" # 5. Clean and Build echo "review: Clearing possibly stale node_modules..."