fix(skill): bicameral-report-bug — config.yaml keys-only by default (#200 A4)#204
Merged
Conversation
…200 A4) Closes A4 of #200's audit findings (privacy hardening). The current bug-report skill (post #201) does Read on .bicameral/config.yaml and dumps <contents> verbatim into the issue body. Workspace IDs, tokens, allowlists, and env-specific values leak into GitHub issues — exactly the kind of "presence not value" data the user's "transparency + accuracy + minimum data shared" directive flagged. Changes (skills/bicameral-report-bug/SKILL.md, three edits): 1. Step 2 §config.yaml: default extraction is now top-level keys only (sorted, one per line, no values / nested keys / comments). Sufficient diagnostic signal for "is this bug in the config loader?" while leaking zero values by default. 2. Step 3 body-assembly template: replace the verbatim ```yaml <contents> ``` block with the keys-only shape. Add a "values redacted by default — opt in via Step 3.5 to include verbatim" sentinel line. 3. Step 3.5 transparency preview: add the explicit verbatim toggle as a new option in the AskUserQuestion. When the operator picks "Yes, but include config.yaml verbatim", the body regenerates with the verbatim block and the preview re-displays with the new shape so the operator sees what's actually being shipped before clicking through. Update the Auto-redacted summary block to print the chosen shape. Defense-in-depth: the secret-redaction regex (api_key|token|secret| password|bearer) still runs on verbatim contents. Other findings status: - A1 (python3 portability) — closed by #201 (full bash removal) - A6 (browser-open success) — closed by #201 (URL printed, user clicks) - A7 (telemetry transparency) — partially closed by #201 (rationale field dropped from skill_begin telemetry) Test functionality carve-out justified per doctrine-test-functionality and the precedent across plan-156 PR A Phase 2, plan-156b Phase 1, plan-187 Phase 2, plan-197 Phase 1: skill markdown is LLM-consumed agent-instruction, not pytest-invocable. Plan-grounding lint (#114) self-test exit 0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Knapp-Kevin
added
flow:feature
Knapp-Kevin
had a problem deploying
to
recording-approval
GitHub Actions
Failure
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Knapp-Kevin
had a problem deploying
to
recording-approval
GitHub Actions
Failure
Knapp-Kevin
added a commit
that referenced
this pull request
May 6, 2026
… to research brief (#205) Addresses Codex first-pass review notes #1, #2, #3, #7, #8, #9 from the brief's review block. Tier C items + the subsequent Kilo / Gemini / Codex-2nd-pass review layers are tracked as follow-ups (will be surfaced in the PR thread for direction). Changes: - § 1.4 ingest pipeline: adds explicit "Risk amplification (durable-feedback-loop)" paragraph framing ingest as the durable write-surface that propagates poisoned content through preflight back into the agent's reasoning context. Strengthens LLM-01 + LLM-04 P0 defensibility (Codex #2). - § 1.8 skills surface: adds worked before/after example contrasting instruction-only `bicameral-report-bug` keys-only commitment vs the deterministic `_resolve_signer_email` gate that replaced it in #204. Makes the doctrine concrete for non-agent-systems readers (Codex #3). - § 1.9 team-server: rewrites the dangling "TEAM-NN gaps in § 4" promise to "intentionally not enumerated; activation PR authors TEAM-NN IDs against actual activated topology" (Codex #8). - § 2.6 EU AI Act: removes unilateral "limited risk" claim. Now describes bicameral-mcp as an AI-adjacent developer-tool component whose risk-tier classification properly attaches to the integrated system + deployment context, requiring counsel review for any specific tier claim (Codex #7). - § 5 gap synthesis: adds Deployment trigger column (`all` / `local-OK` / `team/hosted` / `pre-team` / `hosted`) so severity is defensible per deployment shape. SOC2-01 reclassified as pre-team/hosted P0 with local-only boundary statement; GDPR-05 reclassified as team/hosted P1 with local single-user P2; OWASP-03 reclassified as hosted P1 with local P2 (uv/pipx provides install-time lock); OWASP-02 trigger narrowed to team/hosted (Codex #1). - Appendix method notes: softens "every claim should be verifiable by re-reading the cited file at the cited line range" to acknowledge that most findings cite components rather than path:line, and defers a line-level evidence appendix as a follow-up improvement (Codex #9). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.bicameral/config.yamlverbatim leak). Companion PR to feat(mcp): MCP UX improvement #201 (just merged) which closed A1 + A6 + part of A7 by going bash-free.Linked issues
Closes A4 in #200 (A1 + A6 + partial A7 closed by #201)
Test plan
python scripts/lint_plan_grounding.py plan-200-config-yaml-redaction.md— exit 0 (PR feat(#114): CI grounding lint — plan paths + PR-body refs #121's plan-grounding lint accepts this plan)grep -n "<contents>" skills/bicameral-report-bug/SKILL.md— single match, on line 240 inside the documented opt-in path (Step 3.5's "Yes, but include config.yaml verbatim" outcome handler). Default body assembly no longer references<contents>.grep -nE "config\.yaml.*verbatim|keys only" skills/bicameral-report-bug/SKILL.md— 5 matches across Step 2 instruction, Step 3 template note, Step 3.5 redaction summary, and both AskUserQuestion option descriptions + outcome handlers.Notes for review
upstream/dev(post-feat(mcp): MCP UX improvement #201 merge).doctrine-test-functionalitycarve-out for LLM-consumed agent-instructions (precedent: plan-156 PR A Phase 2, plan-156b Phase 1, plan-187 Phase 2, plan-197 Phase 1, this PR). The runtime preview IS the validation; static substring lints would be presence-only by construction.api[_-]?key|token|secret|password|bearer) still runs as a backstop.🤖 Generated with Claude Code