Slipstream/auto_review
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 27 Packages Activity Actions

fix(opencode): harden RGR edit guardrails #257

Merged
jwilger merged 2 commits from fix/rgr-state-machine-guardrails into main 2026-05-18 13:37:08 -07:00
Conversation 1 Commits 2 Files changed 3 +203 -22
jwilger commented 2026-05-18 13:34:30 -07:00
Owner
Copy link

Why:

  • RGR edit gates must not be bypassable through shell/interpreter file writes.
  • Rejected multi-file edit attempts must not consume the single implementation-edit allowance.
  • Project opencode permissions should deny external directory access by default.

What:

  • Block shell commands that attempt to write production Rust files during RGR via inline Python, redirection, or similar write patterns.
  • Keep read-only shell access to production Rust files allowed.
  • Validate production Rust edit paths before mutating RGR state so rejected multi-file edits are transactional.
  • Set external_directory permission to deny.

Validation:

  • just opencode-test
Why: - RGR edit gates must not be bypassable through shell/interpreter file writes. - Rejected multi-file edit attempts must not consume the single implementation-edit allowance. - Project opencode permissions should deny external directory access by default. What: - Block shell commands that attempt to write production Rust files during RGR via inline Python, redirection, or similar write patterns. - Keep read-only shell access to production Rust files allowed. - Validate production Rust edit paths before mutating RGR state so rejected multi-file edits are transactional. - Set `external_directory` permission to `deny`. Validation: - `just opencode-test`
Why:
- RGR gates must not be bypassable through inline shell or interpreter file writes.

What:
- Reject shell commands that write production Rust files during RGR and cover inline Python and redirection cases.

Validation:
- node --test .opencode/plugins/auto-review-discipline-rgr.test.ts --test-name-pattern 'distinguishes read-only open from cat write redirection in shell bypass guard'
- just opencode-test
fix(opencode): make RGR edit gating transactional
All checks were successful
CI / Clippy (pull_request) Has been skipped
Details
CI / Format check (pull_request) Has been skipped
Details
CI / Classify changed paths (pull_request) Successful in 3s
Details
CI / Test (pull_request) Has been skipped
Details
CI / Dependency policy (pull_request) Has been skipped
Details
CI / Build (pull_request) Has been skipped
Details
CI / opencode plugin tests (pull_request) Successful in 7s
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
auto_review auto_review: no findings
CI / Build PR artifacts (no token) (pull_request) Has been skipped
Details
e391b81d35
 
Why:
- Rejected multi-file edit attempts must not consume the RGR implementation edit allowance.
- Project permissions should deny external directory access by default.

What:
- Validate production Rust edit paths before mutating RGR state and add regression coverage.
- Set opencode external_directory permission to deny.

Validation:
- node --test .opencode/plugins/auto-review-discipline-rgr.test.ts --test-name-pattern 'does not consume implementationEditToken when a multi-file apply_patch is rejected'
auto-review approved these changes 2026-05-18 13:36:52 -07:00
auto-review left a comment
Copy link

The PR enhances the RGR edit guardrails by blocking shell commands that attempt to write to production Rust files and ensuring rejected multi-file edits do not consume the edit allowance. It also updates project permissions to deny external directory access by default.

Walkthrough

  • .opencode/plugins/auto-review-discipline-rgr.test.ts: Added tests to ensure shell commands cannot bypass RGR guardrails to write to production Rust files.
  • .opencode/plugins/auto-review-discipline.ts: Implemented logic to detect and block shell commands that attempt to write to production Rust files during RGR.
  • opencode.json: Changed external_directory permission from ask to deny to enhance security.
The PR enhances the RGR edit guardrails by blocking shell commands that attempt to write to production Rust files and ensuring rejected multi-file edits do not consume the edit allowance. It also updates project permissions to deny external directory access by default. ## Walkthrough - **.opencode/plugins/auto-review-discipline-rgr.test.ts**: Added tests to ensure shell commands cannot bypass RGR guardrails to write to production Rust files. - **.opencode/plugins/auto-review-discipline.ts**: Implemented logic to detect and block shell commands that attempt to write to production Rust files during RGR. - **opencode.json**: Changed `external_directory` permission from `ask` to `deny` to enhance security.
jwilger deleted branch fix/rgr-state-machine-guardrails 2026-05-18 13:37:08 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels   
bug

   
discussion

   
enhancement
  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
discussion
enhancement
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Slipstream/auto_review!257
No description provided.