merge: security fixes, prompt optimization, test coverage, API hygiene

- Block project config base URL overrides to prevent SSRF/exfiltration
- Cap streaming line_buffer at 1 MB in all LLM providers
- Strip URLs from reqwest error messages
- Fix subject budget to account for breaking change ! suffix
- Omit EVIDENCE section when all flags are default
- Replace emoji with text labels, add symbol marker legend
- Remove duplicate JSON schema from system prompt
- Broaden OpenAI secret pattern for service account keys
- Replace Box::leak with Cow for custom secret pattern names
- Enhance Python tree-sitter queries with decorated definitions
- Demote SymbolChangeType, GitService, Progress to pub(crate)
- Add tests for detect_primary_change, detect_metadata_breaking,
  detect_bug_evidence, Deleted/Renamed status, signature edge cases,
  classify_span_change None path, connection content assertions

* fixes/deferred-issues:
  test: add Deleted/Renamed fixtures, classify_span_change None path, HARD LIMIT check
  fix(safety): fix OpenAI pattern to not match Anthropic keys, enhance Python queries
  refactor(api): demote internal types to pub(crate)
  test: add coverage for detect_primary_change, metadata_breaking, bug_evidence, connections
  fix(safety): broaden OpenAI pattern and replace Box::leak with Cow
  fix(llm): strip URLs from reqwest error messages
  refactor(prompt): optimize for small models and fix breaking change budget
  fix(security): block base URL overrides from project config and cap streaming buffers

Author: Sephyi

src/config.rs

@@ -296,12 +296,16 @@ impl Config {
                 config.api_key = None;
             }
             if table.contains_key("openai_base_url") {
-                warn!("project .commitbee.toml overrides openai_base_url — verify this is trusted");
+                warn!("project .commitbee.toml sets openai_base_url — blocked for security");
+                config.openai_base_url = None;
             }
             if table.contains_key("anthropic_base_url") {
-                warn!(
-                    "project .commitbee.toml overrides anthropic_base_url — verify this is trusted"
-                );
+                warn!("project .commitbee.toml sets anthropic_base_url — blocked for security");
+                config.anthropic_base_url = None;
+            }
+            if table.contains_key("ollama_host") {
+                warn!("project .commitbee.toml sets ollama_host — blocked for security");
+                config.ollama_host = Config::default().ollama_host;
             }
         }
 

src/domain/context.rs

@@ -58,13 +58,14 @@ impl PromptContext {
             )
         };
 
-        // Calculate available chars for subject after type(scope): prefix
+        // Calculate available chars for subject after type(scope)[!]: prefix
         let prefix_len = self.suggested_type.as_str().len()
             + self
                 .suggested_scope
                 .as_ref()
                 .map(|s| s.len() + 2)
                 .unwrap_or(0) // "(scope)"
+            + if self.public_api_removed_count > 0 { 1 } else { 0 } // "!" for breaking
             + 2; // ": "
         let subject_budget = 72_usize.saturating_sub(prefix_len);
 
@@ -107,7 +108,7 @@ impl PromptContext {
             String::new()
         } else {
             format!(
-                "\n⚠ METADATA BREAKING CHANGES DETECTED:\n{}\n",
+                "\nWARNING: METADATA BREAKING CHANGES DETECTED:\n{}\n",
                 self.metadata_breaking_signals
                     .iter()
                     .map(|s| format!("- {}", s))
@@ -198,12 +199,22 @@ Respond with ONLY this JSON:
         }
 
         format!(
-            "\n⚠ PUBLIC API REMOVED — describe this in breaking_change field:\n    {}\n",
+            "\nWARNING: PUBLIC API REMOVED — describe this in breaking_change field:\n    {}\n",
             self.public_api_removed.replace('\n', "\n    ")
         )
     }
 
     fn format_evidence_section(&self) -> String {
+        // Skip when all flags are at default — saves ~200 chars for small models
+        if !self.is_mechanical
+            && !self.has_bug_evidence
+            && self.public_api_removed_count == 0
+            && !self.has_new_public_api
+            && !self.is_dependency_only
+        {
+            return String::new();
+        }
+
         let yn = |b: bool| if b { "yes" } else { "no" };
 
         format!(

src/domain/symbol.rs

@@ -21,8 +21,9 @@ pub enum SymbolKind {
 
 /// How a symbol was affected by the change.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+#[non_exhaustive]
 #[allow(dead_code)]
-pub enum SymbolChangeType {
+pub(crate) enum SymbolChangeType {
     /// Symbol only exists in staged content (new symbol)
     Added,
     /// Symbol only exists in HEAD content (removed symbol)
@@ -57,7 +58,7 @@ impl CodeSymbol {
     /// Determine the change type for this symbol.
     #[must_use]
     #[allow(dead_code)]
-    pub fn change_type(&self) -> SymbolChangeType {
+    pub(crate) fn change_type(&self) -> SymbolChangeType {
         match (self.is_added, self.is_whitespace_only) {
             (true, None) => SymbolChangeType::Added,
             (false, None) => SymbolChangeType::Removed,

src/queries/python.scm

@@ -4,3 +4,5 @@
 
 (function_definition name: (identifier) @name) @definition
 (class_definition name: (identifier) @name) @definition
+(decorated_definition definition: (function_definition name: (identifier) @name)) @definition
+(decorated_definition definition: (class_definition name: (identifier) @name)) @definition

src/services/analyzer.rs

@@ -636,4 +636,48 @@ mod tests {
         let sig = AnalyzerService::extract_signature(node, source);
         assert_eq!(sig.as_deref(), Some("pub trait Handler"));
     }
+
+    #[cfg(feature = "lang-rust")]
+    #[test]
+    fn extract_signature_single_line_function() {
+        let source = "fn foo() {}\n";
+        let mut parser = Parser::new();
+        parser
+            .set_language(&tree_sitter_rust::LANGUAGE.into())
+            .unwrap();
+        let tree = parser.parse(source, None).unwrap();
+        let node = tree.root_node().child(0).unwrap();
+        let sig = AnalyzerService::extract_signature(node, source);
+        assert!(
+            sig.is_some(),
+            "single-line function should have a signature"
+        );
+        assert!(
+            sig.as_ref().unwrap().contains("fn foo()"),
+            "signature should contain fn foo(), got: {:?}",
+            sig
+        );
+    }
+
+    #[cfg(feature = "lang-rust")]
+    #[test]
+    fn extract_signature_const_item_no_body() {
+        let source = "pub const MAX: usize = 100;\n";
+        let mut parser = Parser::new();
+        parser
+            .set_language(&tree_sitter_rust::LANGUAGE.into())
+            .unwrap();
+        let tree = parser.parse(source, None).unwrap();
+        let node = tree.root_node().child(0).unwrap();
+        let sig = AnalyzerService::extract_signature(node, source);
+        assert!(
+            sig.is_some(),
+            "const item should have a signature (first-line fallback)"
+        );
+        assert!(
+            sig.as_ref().unwrap().contains("MAX"),
+            "signature should contain const name, got: {:?}",
+            sig
+        );
+    }
 }

src/services/git.rs

@@ -11,7 +11,7 @@ use tokio::process::Command;
 use crate::domain::{ChangeStatus, DiffStats, FileCategory, FileChange, StagedChanges};
 use crate::error::{Error, Result};
 
-pub struct GitService {
+pub(crate) struct GitService {
     repo: gix::Repository,
     work_dir: PathBuf,
 }

src/services/llm/anthropic.rs

@@ -129,7 +129,7 @@ impl AnthropicProvider {
                 } else {
                     Error::Provider {
                         provider: "anthropic".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     }
                 }
             })?;
@@ -160,11 +160,18 @@ impl AnthropicProvider {
 
                     let chunk = chunk.map_err(|e| Error::Provider {
                         provider: "anthropic".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     })?;
 
                     line_buffer.push_str(&String::from_utf8_lossy(&chunk));
 
+                    if line_buffer.len() > MAX_RESPONSE_BYTES {
+                        return Err(Error::Provider {
+                            provider: "anthropic".into(),
+                            message: "line buffer exceeded 1 MB limit".into(),
+                        });
+                    }
+
                     while let Some(newline_pos) = line_buffer.find('\n') {
                         // Parse from slice to avoid allocating a String per line
                         let result = {

src/services/llm/mod.rs

@@ -29,7 +29,9 @@ Rules:
 - Never copy labels, field names, or evidence tags from the prompt into your output.
 - If public APIs are both added and removed, this is an API replacement (refactor), not a new feature.
 - When SYMBOLS CHANGED shows full signatures, reference the actual parameter/type names in your subject rather than generic descriptions.
-- When CONNECTIONS shows that a caller and callee both changed, mention the relationship in the body (e.g., "updates parse() signature and all call sites").
+- When CONNECTIONS shows that a caller and callee both changed, consider mentioning the relationship in the body.
+
+Symbol markers: [+] added, [-] removed, [~] modified (signature changed).
 
 Examples:
 GOOD: "replace path-only grouping with diff-shape fingerprinting"
@@ -43,8 +45,7 @@ BAD: "refactor code for better performance and add validation" — two concerns
    "[+] pub fn connect(host: &str, timeout: Duration) -> Result<Connection>"
    → subject: "add connect function with host and timeout parameters"
 
-Respond with ONLY the JSON object, nothing else:
-{"type":"<type>","scope":null,"subject":"<subject>","body":null,"breaking_change":null}
+Respond with ONLY the JSON object as specified in the user prompt.
 "#;
 
 pub mod anthropic;

src/services/llm/ollama.rs

@@ -90,7 +90,7 @@ impl OllamaProvider {
             } else {
                 Error::Provider {
                     provider: "ollama".into(),
-                    message: e.to_string(),
+                    message: e.without_url().to_string(),
                 }
             }
         })?;
@@ -162,7 +162,7 @@ impl OllamaProvider {
                 } else {
                     Error::Provider {
                         provider: "ollama".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     }
                 }
             })?;
@@ -197,12 +197,21 @@ impl OllamaProvider {
 
                     let chunk = chunk.map_err(|e| Error::Provider {
                         provider: "ollama".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     })?;
 
                     // Append chunk to buffer
                     line_buffer.push_str(&String::from_utf8_lossy(&chunk));
 
+                    // Cap line_buffer to prevent unbounded growth from servers
+                    // that send continuous bytes without newlines
+                    if line_buffer.len() > MAX_RESPONSE_BYTES {
+                        return Err(Error::Provider {
+                            provider: "ollama".into(),
+                            message: "line buffer exceeded 1 MB limit".into(),
+                        });
+                    }
+
                     // Process complete lines (newline-delimited JSON)
                     while let Some(newline_pos) = line_buffer.find('\n') {
                         // Parse from slice to avoid allocating a String per line

src/services/llm/openai.rs

@@ -93,7 +93,7 @@ impl OpenAiProvider {
             .await
             .map_err(|e| Error::Provider {
                 provider: "openai".into(),
-                message: e.to_string(),
+                message: e.without_url().to_string(),
             })?;
 
         if response.status() == reqwest::StatusCode::UNAUTHORIZED {
@@ -146,7 +146,7 @@ impl OpenAiProvider {
                 } else {
                     Error::Provider {
                         provider: "openai".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     }
                 }
             })?;
@@ -177,11 +177,18 @@ impl OpenAiProvider {
 
                     let chunk = chunk.map_err(|e| Error::Provider {
                         provider: "openai".into(),
-                        message: e.to_string(),
+                        message: e.without_url().to_string(),
                     })?;
 
                     line_buffer.push_str(&String::from_utf8_lossy(&chunk));
 
+                    if line_buffer.len() > MAX_RESPONSE_BYTES {
+                        return Err(Error::Provider {
+                            provider: "openai".into(),
+                            message: "line buffer exceeded 1 MB limit".into(),
+                        });
+                    }
+
                     while let Some(newline_pos) = line_buffer.find('\n') {
                         // Parse from slice to avoid allocating a String per line
                         let result = {