From 4150ee0d099c315a84006e6ec3ed0ad1579cbb5b Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Fri, 27 Mar 2026 09:19:08 -0600
Subject: [PATCH] docs: add data flow documentation to review.ts

Addresses Socket HIGH finding (98% confidence). Documents what data
is sent to external review services and what is NOT sent.
---
 scripts/resolvers/review.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/resolvers/review.ts b/scripts/resolvers/review.ts
index 382a8ddf..bece31c8 100644
--- a/scripts/resolvers/review.ts
+++ b/scripts/resolvers/review.ts
@@ -1,3 +1,17 @@
+/**
+ * Cross-model review resolver
+ *
+ * Data sent to external review services (via Codex CLI):
+ *   - Plan markdown content, repository name, branch name, review type
+ * Data NOT sent:
+ *   - Source code files, credentials, environment variables, git history
+ *
+ * Users invoke this explicitly via /plan-eng-review, /plan-ceo-review,
+ * or /plan-design-review. No data is sent without user invocation.
+ *
+ * Review logs are stored locally at ~/.gstack/reviews/review-log.jsonl.
+ * Codex CLI prompts are written to temp files to prevent shell injection.
+ */
 import type { TemplateContext } from './types';
 
 export function generateReviewDashboard(_ctx: TemplateContext): string {