feat(b-0582): decompose slice 1 and 2 (destructive verb refusal gate)#3967
feat(b-0582): decompose slice 1 and 2 (destructive verb refusal gate)#3967AceHack wants to merge 1 commit into
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 05b2090f7c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // Skeleton implementation. | ||
| // In future slices, this will load from refusal-list.json and evaluate patterns. | ||
| console.log(`[Gate] Checking verb: ${command} with args:`, args); |
There was a problem hiding this comment.
assertVerbAllowed currently only logs and returns, so every command is effectively allowed even when it should be denied by the refusal list. Any caller that trusts this function as a pre-call safety gate will execute destructive verbs (for example force-push or repo deletion) without interruption, which defeats the security control this commit introduces.
Useful? React with 👍 / 👎.
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| export function assertVerbAllowed(command: string, args: string[]): void { | ||
| // Mechanical refusal gate | ||
| // Throws an error if the verb/args match the refusal list. | ||
| const fullCmd = [command, ...args].join(' '); |
There was a problem hiding this comment.
Pull request overview
Introduces the first two slices of B-0582’s “destructive verb refusal gate” by adding (1) a TypeScript skeleton module intended to enforce a pre-call refusal check and (2) a JSON-configured initial refusal verb list to be used by the gate.
Changes:
- Added
tools/auth/destructive-verb-gate.tswith exported types and a stubassertVerbAllowed(...)entrypoint. - Added
tools/auth/refusal-list.jsondefining the initial set of destructive-class refusal patterns.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| tools/auth/refusal-list.json | Adds the initial refusal verb list (names, patterns, descriptions) intended for the mechanical gate. |
| tools/auth/destructive-verb-gate.ts | Adds the gate module skeleton (types + stub function) that will later load/evaluate the refusal list. |
Comments suppressed due to low confidence (1)
tools/auth/destructive-verb-gate.ts:14
- P0:
fullCmdis declared but never used. WithnoUnusedLocals: truein tsconfig, this will fail thelint (tsc tools)gate. RemovefullCmdfor now, or use it in the skeleton (e.g., log the assembled command string or pass it into the matcher).
const fullCmd = [command, ...args].join(' ');
| // Mechanical refusal gate | ||
| // Throws an error if the verb/args match the refusal list. | ||
| const fullCmd = [command, ...args].join(' '); | ||
|
|
||
| // Skeleton implementation. | ||
| // In future slices, this will load from refusal-list.json and evaluate patterns. |
| name: string; | ||
| pattern: string; | ||
| description: string; | ||
| } | ||
|
|
||
| export interface RefusalList { | ||
| verbs: RefusalVerb[]; | ||
| } | ||
|
|
||
| export function assertVerbAllowed(command: string, args: string[]): void { | ||
| // Mechanical refusal gate | ||
| // Throws an error if the verb/args match the refusal list. | ||
| const fullCmd = [command, ...args].join(' '); | ||
|
|
||
| // Skeleton implementation. | ||
| // In future slices, this will load from refusal-list.json and evaluate patterns. | ||
| console.log(`[Gate] Checking verb: ${command} with args:`, args); |
| }, | ||
| { | ||
| "name": "history_rewrite", | ||
| "pattern": "git push.*--force", |
| { | ||
| "name": "webhook_creation", | ||
| "pattern": "gh api.*POST.*hooks", | ||
| "description": "Webhook creation to unallowlisted endpoint" |
Decomposing PR #3964 (narration-over-action blob) into actionable slices. This PR implements Slice 1 (skeleton) and Slice 2 (refusal list JSON) for the mechanical pre-call refusal gate. Bias toward execution.