Skip to content

Exec: add deterministic gh/git guardrails#42

Open
dgarson wants to merge 1 commit intodgarson/forkfrom
codex/implement-deterministic-gating-for-gh-commands
Open

Exec: add deterministic gh/git guardrails#42
dgarson wants to merge 1 commit intodgarson/forkfrom
codex/implement-deterministic-gating-for-gh-commands

Conversation

@dgarson
Copy link
Owner

@dgarson dgarson commented Feb 21, 2026

Motivation

  • Prevent accidental or malicious git/gh actions from agents (push to protected branches, opening PRs against upstream) by enforcing deterministic, local guardrails before commands reach the host.

Description

  • Add a new guard implementation validateGhCommandGuard in src/agents/bash-tools.gh-guard.ts that parses shell segments and enforces rules for git push and gh pr create (protected branches, required --repo/-R, allowed PR target repos).
  • Wire the guard into exec preflight by invoking it from createExecTool in src/agents/bash-tools.exec.ts so checks run before host dispatch for sandbox/gateway/node hosts.
  • Expose configuration surface under tools.exec.ghGuard and thread it through runtime and tool construction by updating src/config/types.tools.ts, src/config/zod-schema.agent-runtime.ts, and src/agents/pi-tools.ts so settings can be global or per-agent.
  • Thread the guard into chat/bash flow by passing ghGuard into createExecTool in src/auto-reply/reply/bash-command.ts and add unit tests validating behavior directly and via the exec tool in src/agents/bash-tools.gh-guard.test.ts and src/agents/bash-tools.exec.script-preflight.test.ts.
  • Update docs docs/tools/exec.md and config/label/help mappings to document how to enable and configure tools.exec.ghGuard.

Testing

  • Ran the new unit tests with: pnpm vitest src/agents/bash-tools.gh-guard.test.ts src/agents/bash-tools.exec.script-preflight.test.ts; all tests passed (8/8).
  • Ran formatting via: pnpm exec oxfmt --write ... and formatting completed successfully.
  • Tried full TypeScript check: pnpm tsgo (note: this failed due to an unrelated, pre-existing type error in src/discord/send.components.test.ts, not introduced by these changes).

Codex Task

@dgarson
Copy link
Owner Author

dgarson commented Feb 21, 2026

Starting review — Tim

@dgarson
Copy link
Owner Author

dgarson commented Feb 21, 2026

Architecture pass complete. Guardrail direction is good; please verify edge-case command parsing behavior stays deterministic under shell quoting variations. — Tim

@dgarson dgarson changed the base branch from main to dgarson/fork February 21, 2026 22:37
dgarson added a commit that referenced this pull request Feb 22, 2026
@dgarson
feat(horizon): view #42 AlertCenter
adee907 
8 seed alerts, 7 alert rules, master/detail, acknowledge/resolve actions
Tabs: Alerts + Rules. Severity/status filters. Rule toggle switches.

Sprint total: 42 views
@dgarson dgarson force-pushed the codex/implement-deterministic-gating-for-gh-commands branch from 2423cce to 45c7c0f Compare February 23, 2026 00:26
@dgarson dgarson changed the base branch from dgarson/fork to feat/evaluation-harness February 23, 2026 14:05
@dgarson
Copy link
Owner Author

dgarson commented Feb 23, 2026

⚠️ Architecture Review — Targeting Issue (Tim)

Current Target: feat/evaluation-harness
Correct Target: dgarson/fork or dedicated security megabranch

The Problem:
This PR adds gh/git guardrails to the exec tool (security feature) but is targeting the evaluation harness megabranch. The security guardrails are orthogonal to the evaluation harness work.

Content (2,017 files, +106K/-49K):
The actual implementation is:

  • src/agents/bash-tools.gh-guard.ts — Guard implementation
  • src/agents/bash-tools.exec.ts — Preflight integration
  • src/config/types.tools.ts, src/config/zod-schema.agent-runtime.ts — Config surface
  • Tests and docs

The massive file count suggests this branch may have been rebased/reset against a different base, pulling in unrelated changes.

Required Action:

  1. Verify the branch is based on the correct target
  2. If the guardrails feature is standalone, retarget to dgarson/fork
  3. If it's part of a larger security initiative, create a feat/exec-security megabranch
  4. Ensure only the guardrail changes are included (not 2K files)

Verdict: 🚫 DO NOT MERGE — Wrong target and likely contaminated branch. Needs retargeting and cleanup.

@dgarson dgarson force-pushed the codex/implement-deterministic-gating-for-gh-commands branch from 45c7c0f to 5631613 Compare February 24, 2026 00:38
@dgarson dgarson changed the base branch from feat/evaluation-harness to dgarson/fork February 24, 2026 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dgarson