mirror of
https://github.com/garrytan/gstack.git
synced 2026-06-17 15:20:11 +02:00
Garry Tan
b89b911a4a
The Claude adversarial subagent in /review and /ship was told to "think like an
attacker" over the full diff. When the diff includes the repo's own security
regression fixtures (real attack payloads, by design), reasoning adversarially
over that material triggered Anthropic's real-time usage-policy safeguards and
the subagent call was denied — blocking the review.
Fix at the prompt's source of truth (scripts/resolvers/review.ts {{ADVERSARIAL_STEP}}):
- Authorized-defensive-testing framing: declares this is the maintainer's own repo
and that attack-pattern strings inside test/fixture paths are the project's own
regression corpus to analyze, not material to expand on.
- Fixture summary-mode diff: full content for non-fixture source, --stat/--name-status
for test/fixture files, so raw exploit bytes aren't fed into adversarial reasoning.
The subagent must state fixtures were reviewed in summary mode (no silent coverage cut).
Reported by @bmajewski. Regenerated review/SKILL.md + ship/sections/adversarial.md.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>