fix: replace Qwen fork-leftovers blocking a 1.0#471
Conversation
…ndbox image, cli name, cron env)
Batches the trivial rebrand blockers surfaced by the 1.0-readiness audit —
each is a leftover from the Qwen/Gemini fork that would embarrass a 1.0:
- SECURITY.md routed vulnerability reports to Alibaba's Aliyun portal → now
GitHub private vulnerability reporting for this repo.
- sandboxImageUri pointed at ghcr.io/qwenlm/qwen-code (Qwen's registry, a tag
that doesn't exist) → ghcr.io/protolabsai/protocli, the image this repo
actually publishes per release. Fixed in both root and cli package.json;
scripts/version.js already keeps the tag in sync. Docs updated to match
(use-sandbox.md, divergence-from-upstream.md).
- Dockerfile CMD was ["qwen"] (couldn't launch the proto binary) → ["proto"];
SANDBOX_NAME arg likewise.
- CLI printed "qwen" usage: yargs .scriptName('qwen') → 'proto'.
- PROTO_ENABLE_CRON was documented to users but the code only read
QWEN_CODE_ENABLE_CRON, so the documented switch did nothing. Now reads
PROTO_ENABLE_CRON (primary) with QWEN_CODE_ENABLE_CRON kept as a back-compat
alias; settings description updated.
Typecheck (cli + core) clean; cron/nonInteractive tests pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
👀 Quinn is reviewing — verdict (PASS / WARN / FAIL) + findings to follow. |
|
Warning Review limit reached
Next review available in: 2 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (9)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Code Coverage Summary
CLI Package - Full Text ReportCore Package - Full Text ReportFor detailed HTML reports, please see the 'coverage-reports-22.x-ubuntu-latest' artifact from the main CI run. |
First batch from the 1.0-readiness audit — the trivial Qwen/Gemini fork-leftovers that would embarrass a 1.0. Each is verified against the code.
Changes
SECURITY.mdrouted vuln reports to Alibaba's Aliyun portalsandboxImageUri: ghcr.io/qwenlm/qwen-code:*(Qwen's registry, nonexistent tag)ghcr.io/protolabsai/protocli:*— the image this repo actually publishes per releaseDockerfileCMD ["qwen"](can't launch the binary)CMD ["proto"](+SANDBOX_NAMEarg)proto --helpprintedqwenusage.scriptName('proto')PROTO_ENABLE_CRONdocumented to users but code only readQWEN_CODE_ENABLE_CRON(switch did nothing)PROTO_ENABLE_CRON(primary),QWEN_CODE_ENABLE_CRONkept as back-compat aliaspackages/cli/package.json;scripts/version.jsalready bumps the tag each release, so it stays in sync. Docs updated to match (use-sandbox.md,divergence-from-upstream.md).Notes / scope
getCustomExcludes). Not in this PR.Verification
Typecheck (cli + core) clean;
loopCommand+nonInteractiveClitests pass (56 tests). No test asserts the CLI scriptName.🤖 Generated with Claude Code