security-guidance plugin: commit reviewer Reads foreign/non-local paths from diffs, looping on 'File does not exist'

Open 💬 0 comments Opened Jul 2, 2026 by d56de

Environment

  • Claude Code CLI: 2.1.198
  • Plugin: security-guidance 2.0.6 (claude-plugins-official; latest available)
  • Provider: 1P subscription (api.anthropic.com)
  • OS: macOS (Darwin 25.5.0, Apple Silicon)

Bug

The agentic commit reviewer receives changed-file paths that don't resolve in the local checkout and repeatedly fails Read with File does not exist. Note: your current working directory is …, burning several turns per review.

Three variants observed:

  1. Foreign absolute paths from commits authored in other environments. When reviewing commits that were originally authored elsewhere (CI containers, another contributor's machine, cloud sandboxes), the reviewer attempts to Read the original absolute paths, e.g.:

``
/home/user/App/gisterApp.swift
/home/user/App/Tests/SchemaMigrationTests.swift
/Users/<other-dev>/code/<other-dev>/<Project>/App/Persistence/Schema/SchemaV1.swift
/Users/<other-dev>/code/<other-dev>/<Project>/project.yml
``

  1. Root-anchored repo-relative paths, e.g. /TaxEngine/Package.swift, /.swiftlint.yml — the repo-relative path with a leading /, resolved against filesystem root instead of the repo root.
  2. Relative paths failing against the session cwd.

Frequency

Across ~30 repos' session transcripts from June 2026: present in every repo with automated commit reviews that I checked (7/7), e.g. 30 occurrences / 18 review sessions in one repo, 22/13 in another, 19/11 in a third.

Expected

Normalize changed-file paths against the repo root (e.g. from git diff --name-only relative paths joined to the worktree root) before handing them to the reviewer, and/or instruct the reviewer to treat diff paths as repo-relative only. A guard against absolute paths outside the worktree would also prevent the reviewer from attempting to read unrelated files.

Notes

The plugin's ~/.claude/security/log.txt does not record these failures; they're only visible in the review sessions' transcripts as is_error tool_results.

View original on GitHub ↗