Skip to content

feat(b-0582): decompose slice 1 and 2 (destructive verb refusal gate) #3967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
AceHack wants to merge 1 commit into from
Closed

feat(b-0582): decompose slice 1 and 2 (destructive verb refusal gate) #3967

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions tools/auth/destructive-verb-gate.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
export interface RefusalVerb {
name: string;
pattern: string;
description: string;
}

export interface RefusalList {
verbs: RefusalVerb[];
}

export function assertVerbAllowed(command: string, args: string[]): void {
// Mechanical refusal gate
// Throws an error if the verb/args match the refusal list.
const fullCmd = [command, ...args].join(' ');

// Skeleton implementation.
// In future slices, this will load from refusal-list.json and evaluate patterns.
Comment on lines +12 to +17
console.log(`[Gate] Checking verb: ${command} with args:`, args);
Comment on lines +16 to +18
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Implement refusal matching before allowing commands

assertVerbAllowed currently only logs and returns, so every command is effectively allowed even when it should be denied by the refusal list. Any caller that trusts this function as a pre-call safety gate will execute destructive verbs (for example force-push or repo deletion) without interruption, which defeats the security control this commit introduces.

Useful? React with 👍 / 👎.

Comment on lines +2 to +18
}
34 changes: 34 additions & 0 deletions tools/auth/refusal-list.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"verbs": [
{
"name": "repository_deletion",
"pattern": "gh (repo delete|api.*DELETE.*repos/)",
"description": "Repository deletion"
},
{
"name": "history_rewrite",
"pattern": "git push.*--force",
"description": "History rewrite on protected refs"
},
{
"name": "org_membership_mutation",
"pattern": "gh api.*(PUT|DELETE).*orgs/.*/memberships/",
"description": "Org membership mutation"
},
{
"name": "webhook_creation",
"pattern": "gh api.*POST.*hooks",
"description": "Webhook creation to unallowlisted endpoint"
},
{
"name": "audit_log_mutation",
"pattern": "gh api.*(DELETE|PATCH).*audit-log",
"description": "Audit-log mutation"
},
{
"name": "repository_visibility",
"pattern": "gh api.*PATCH.*repos/.*private.*false",
"description": "Repository visibility change to public"
}
]
}
Loading