feat: add warlock v1#124
Open
sarahxsanders wants to merge 6 commits intomainfrom
Open
Conversation
🧙 Wizard CIRun the Wizard CI and test your changes against wizard-workbench example apps by replying with a GitHub comment using one of the following commands: Test all apps:
Test all apps in a directory:
Test an individual app:
Show more apps
Results will be posted here when complete. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…ring sanitization' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
edwinyjlim
reviewed
May 6, 2026
Comment on lines
+14
to
+15
| "scan": "node scripts/scan-warlock.js", | ||
| "scan:skills": "node scripts/scan-warlock.js dist/skills" |
Member
There was a problem hiding this comment.
let's rename to warlock or warlock-scan or security-scan, something that implies safety check
edwinyjlim
approved these changes
May 6, 2026
Comment on lines
+280
to
+285
| const combinedContent = [...uniqueFiles.entries()] | ||
| .map(([label, content]) => `--- ${label} ---\n${content.slice(0, 2000)}`) | ||
| .join("\n\n"); | ||
|
|
||
| const triaged = llmProvider | ||
| ? await triageMatches(combinedContent, rawMatches, llmProvider) |
Member
There was a problem hiding this comment.
might need to handle the scenario where the message becomes too large
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
merge after this one is shipped https://github.com/PostHog/warlock/pull/27
the warlock is here. wiring this up as a git dependency for now, will swap to the npm package once its published
changes
scan-warlock.js- Node.js replacement forscan-prompt-injection.shpnpm scan:skillsto scan built ZIPs andpnpm scan <file>to scan individual files locallypnpm-workspace.yamlto allow warlock's build scipt to run on installknown limitations, going to address in a follow up
test