CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-18 07:40:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(ship,document-*): redaction scan-at-sink on PR bodies + generated docs

Browse Source 
- /ship: scan the composed PR body + title before create AND edit, from a temp
  file (exact bytes scanned = bytes sent). HIGH blocks the PR (no skip); MEDIUM
  confirms per finding. Codex/Greptile/eval sections go in tool-attributed fences
  so example credentials those tools quote WARN-degrade instead of blocking the
  PR — a live-format credential inside the fence still blocks.
- /document-release: scan the PR-body temp file before gh pr edit.
- /document-generate: scan the staged doc diff (added lines) before commit —
  generated docs often carry example credentials; a live-format secret blocks.

Tests: ship-template-redaction (incl. tool-fence WARN-degrade contract),
document-skills-redaction. All skills stay under the v1.47 size budget.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-05-29 07:21:48 -07:00
parent 7bae40c40d
commit dd4dd9e1f5
8 changed files with 205 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/document-skills-redaction.test.ts
+37
View File
@@ -0,0 +1,37 @@
/**
* /document-release + /document-generate redaction wiring (T6/T7).
*/
import { describe, test, expect } from "bun:test";
import * as fs from "fs";
import * as path from "path";
const ROOT = path.resolve(import.meta.dir, "..");
const RELEASE = fs.readFileSync(path.join(ROOT, "document-release", "SKILL.md.tmpl"), "utf-8");
const GENERATE = fs.readFileSync(path.join(ROOT, "document-generate", "SKILL.md.tmpl"), "utf-8");
describe("/document-release redaction", () => {
test("scans the PR-body temp file before gh pr edit", () => {
const scanIdx = RELEASE.indexOf("gstack-redact --from-file /tmp/gstack-pr-body");
const editIdx = RELEASE.indexOf("gh pr edit --body-file /tmp/gstack-pr-body");
expect(scanIdx).toBeGreaterThan(-1);
expect(editIdx).toBeGreaterThan(scanIdx);
});
test("HIGH blocks the edit", () => {
expect(RELEASE).toMatch(/exit 3 \(HIGH\).*do NOT edit/i);
});
});
describe("/document-generate redaction", () => {
test("scans staged doc diff before commit", () => {
const scanIdx = GENERATE.indexOf("gstack-redact --repo-visibility");
const commitIdx = GENERATE.indexOf("git commit -m");
expect(scanIdx).toBeGreaterThan(-1);
expect(commitIdx).toBeGreaterThan(scanIdx);
});
test("scans added lines of the staged diff", () => {
expect(GENERATE).toMatch(/git diff --cached[\s\S]{0,80}gstack-redact/);
});
test("HIGH blocks the commit", () => {
expect(GENERATE).toMatch(/Do NOT commit/i);
});
});
test/ship-template-redaction.test.ts
+54
View File
@@ -0,0 +1,54 @@
/**
* /ship redaction wiring (T5/T11). The PR body + title are scanned at-sink before
* create AND edit; tool output goes in attributed fences so example credentials
* WARN-degrade instead of blocking; create/edit file from the scanned temp file.
*/
import { describe, test, expect } from "bun:test";
import * as fs from "fs";
import * as path from "path";
import { scan } from "../lib/redact-engine";
const ROOT = path.resolve(import.meta.dir, "..");
const TMPL = fs.readFileSync(path.join(ROOT, "ship", "SKILL.md.tmpl"), "utf-8");
describe("/ship redaction wiring", () => {
test("scans the PR body via the shared bin before create", () => {
expect(TMPL).toContain("gstack-redact --from-file");
expect(TMPL).toMatch(/Redaction scan \(PR body \+ title\)/);
});
test("creates from the scanned temp file (exact bytes)", () => {
expect(TMPL).toMatch(/gh pr create[\s\S]{0,120}--body-file "\$PR_BODY_FILE"/);
});
test("edit path also scans before sending", () => {
expect(TMPL).toMatch(/gh pr edit --body-file "\$PR_BODY_FILE"/);
expect(TMPL).toMatch(/same redaction scan-at-sink.*before editing/i);
});
test("HIGH blocks the PR (exit 3), no skip", () => {
expect(TMPL).toMatch(/BLOCKED — credential in PR body/);
});
test("instructs wrapping tool output in attributed fences (TENSION-3)", () => {
expect(TMPL).toMatch(/tool-attributed fences/);
expect(TMPL).toMatch(/codex-review/);
expect(TMPL).toMatch(/greptile/);
});
test("scans the title too", () => {
expect(TMPL).toMatch(/scan the title/i);
});
});
describe("tool-attributed fence behavior (engine contract /ship relies on)", () => {
test("a doc-example credential inside a tool fence WARN-degrades, does not block", () => {
const body = "## Codex review\n```codex-review\nflagged your_aws_key AKIAIOSFODNN7EXAMPLE\n```";
const r = scan(body, { repoVisibility: "public" });
expect(r.counts.HIGH).toBe(0);
});
test("a live-format credential inside a tool fence STILL blocks", () => {
const body = "```codex-review\nleaked AKIA1234567890ABCDEF\n```";
const r = scan(body, { repoVisibility: "public" });
expect(r.counts.HIGH).toBe(1);
});
test("a credential in plain PR prose (no fence) blocks", () => {
const body = "We hardcoded AKIA1234567890ABCDEF in the config";
expect(scan(body, { repoVisibility: "public" }).counts.HIGH).toBe(1);
});
});