commit 72bb7c7d2285588304478f784cbd4913a61929a9
parent a356e3f83d0a017a0753be0596ab4e44b59e2c54
Author: andrewlaack-collab <andrew.laack@imbue.com>
Date: Wed, 11 Feb 2026 16:55:58 +0000
Document security consideration for history loading (#60)
* Added a security note about the history loader. Updated path for license in readme.
* Updated development messaging
Diffstat:
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -79,3 +79,7 @@ from vet.imbue_core.log_utils import ensure_core_log_levels_configured
ensure_core_log_levels_configured()
```
+
+### README links
+
+The README is rendered on PyPI which does not resolve relative links that otherwise work on GitHub. Always use full URLs when linking to resources from the README.
diff --git a/README.md b/README.md
@@ -111,6 +111,10 @@ done
This places the skill in `~/.agents/skills/vet/`, `~/.opencode/skills/vet/`, `~/.claude/skills/vet/`, and `~/.codex/skills/vet/`, so it is discovered by OpenCode, Claude Code, and Codex.
+### Security note
+
+The `--history-loader` option executes the specified shell command as the current user to load the conversation history. It is important to review history loader commands and shared config presets before use.
+
## How it works
Vet snapshots the repo and diff, optionally adds a goal and agent conversation, runs LLM checks, then filters/deduplicates findings into a final list of issues.
@@ -192,4 +196,4 @@ See [the example](https://github.com/imbue-ai/vet/blob/main/vet.toml) in this pr
## License
-This project is licensed under the [GNU Affero General Public License v3.0 (AGPL-3.0-only)](LICENSE).
+This project is licensed under the [GNU Affero General Public License v3.0 (AGPL-3.0-only)](https://github.com/imbue-ai/vet/blob/main/LICENSE).
