Skip to content

feat(safety): add baked safety profiles#536

Merged
steipete merged 10 commits intomainfrom
feat/build-safety-profiles
Apr 29, 2026
Merged

feat(safety): add baked safety profiles#536
steipete merged 10 commits intomainfrom
feat/build-safety-profiles

Conversation

@steipete
Copy link
Copy Markdown
Collaborator

@steipete steipete commented Apr 28, 2026

Summary

  • add build-time baked safety-profile enforcement before command execution
  • add build-safe.sh, make build-safe, and preset agent-safe, readonly, and full profiles
  • document the execution boundary and add regression tests that runtime flags cannot re-enable baked-out commands

This is the smaller-design alternative to #366: keep Kong command structs unchanged, bake an immutable policy into the binary, and fail closed at execution time. It addresses the Gmail draft-without-send use case from #239 without the generated command-struct conflicts.

Verification

  • go test ./internal/cmd ./cmd/bake-safety-profile
  • make test
  • make lint
  • make ci
  • ./build-safe.sh safety-profiles/agent-safe.yaml -o bin/gog-agent-safe-test
  • ./build-safe.sh safety-profiles/readonly.yaml -o bin/gog-readonly-test
  • ./build-safe.sh safety-profiles/full.yaml -o bin/gog-full-test
  • ./bin/gog-agent-safe-test gmail drafts send draft-1 exits 2 with baked profile block

Co-authored-by: Drew Burchfield 1084679+drewburchfield@users.noreply.github.com

@steipete @drewburchfield
feat(safety): add baked safety profiles
451da8b 
Co-authored-by: Drew Burchfield <1084679+drewburchfield@users.noreply.github.com>
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 451da8b085

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread safety-profiles/readonly.yaml Outdated
gmail:
search: true
get: true
messages: true
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Deny gmail messages modify in readonly profile

messages: true currently allows the parent gmail.messages path, and the baked policy matcher is prefix-based, so gmail messages modify is treated as allowed. That subcommand (GmailMessagesModifyCmd) performs label updates on messages, which is a mailbox mutation and contradicts the readonly profile guarantee that mutations are blocked. Please split this into explicit subcommand rules (allow search, deny modify) or add an explicit deny for gmail.messages.modify.

Useful? React with 👍 / 👎.

@steipete steipete merged commit f26af3a into main Apr 29, 2026
9 checks passed
@steipete steipete deleted the feat/build-safety-profiles branch April 29, 2026 02:35
@drewburchfield drewburchfield mentioned this pull request Apr 30, 2026
Merged
@steipete steipete mentioned this pull request May 4, 2026
Closed
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@steipete