[codex] Fix compact reset boundaries#14
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Caution Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional.
❌ Failed checks (1 error)
✅ Passed checks (3 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 11
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
rules-manifest.json (1)
56-68:⚠️ Potential issue | 🟠 Major | ⚡ Quick win
moduleSchema.fieldsis missing generated keys (mdcChecksum,cursorPath).The
modulesentries in this file (andscripts/sync-rule-exports.mjs) includemdcChecksumandcursorPath, but Lines 56-68 do not declare them. This creates a schema/index contract mismatch.Suggested schema update
"verify": "Shell command to verify the rule is effective in the target repo.", "checksum": "SHA-256 of the canonical module source file (populated by sync).", + "mdcChecksum": "SHA-256 of the generated Cursor .mdc twin (populated by sync).", + "cursorPath": "Repository-relative path to the generated Cursor .mdc file.", "generatedAt": "ISO timestamp of last sync run."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@rules-manifest.json` around lines 56 - 68, The moduleSchema definition in the fields object is missing documentation for two generated fields that are actually present in module entries: mdcChecksum and cursorPath. Add descriptions for both of these fields to the moduleSchema.fields object to match the actual schema contract. mdcChecksum should document that it stores the SHA-256 checksum for MDC files, and cursorPath should document the path where the Cursor version is stored.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/health.yml:
- Around line 3-9: The GitHub Actions workflow health.yml lacks concurrency
control, allowing multiple overlapping job runs for the same branch or pull
request, which wastes CI resources and increases queue contention. Add a
top-level concurrency section to the workflow (at the same indentation level as
the existing on trigger configuration) that cancels in-progress jobs when a new
run is triggered for the same ref. Use a concurrency group that combines the
workflow name or identifier with the git ref (github.ref) to ensure only one job
runs per branch/PR at a time, and set cancel-in-progress to true to
automatically cancel previously queued jobs when a newer one starts.
- Around line 17-23: Replace the mutable action tags with pinned 40-character
commit SHAs for both the checkout action on line 18 and the setup-node action on
line 21, adding version comments for readability (e.g., "# v4.x.x"). For the
checkout action, add a new configuration line with persist-credentials set to
false to prevent unnecessary credential persistence. For the setup-node action,
add a new configuration line to disable automatic package-manager caching by
setting cache to null to mitigate cache-poisoning risks.
In `@hooks/cc-pretooluse-guard.sh`:
- Line 675: The deny message on line 675 references the outdated "VIVAZ runtime"
while the gate has been migrated to use `etrnl-email`. Update the deny message
to remove or correct the "VIVAZ runtime" reference so that the guidance is
consistent with the actual commands shown (etrnl-email triage guarded-run and
etrnl-email triage verify). The message should clearly direct users to use the
etrnl-email tool without mentioning the deprecated VIVAZ runtime, as this will
prevent users from being confused when they encounter the blocked operation
error.
In `@scripts/init-project-rules.sh`:
- Around line 56-92: The Python script that parses the manifest and expands
profiles is invoked multiple times through process substitution (at lines 114,
167, 188, and 216), causing redundant parsing of the JSON manifest and file
reads for every invocation. Instead of calling the Python script multiple times,
execute it once at the beginning and capture the output in a variable (such as
MODULES_CACHE), then reuse that cached variable in all subsequent locations
where the function is currently invoked via process substitution to eliminate
redundant operations and prevent potential inconsistencies if the manifest
changes during script execution.
In `@scripts/skill-update-prompt.mjs`:
- Around line 145-155: The code is currently dropping the
`state.sourceGitWarning` value and the `promptNeeded` logic ignores warning-only
states, which can suppress degraded-source warnings when there are no actionable
update lines. Add a condition to include `state.sourceGitWarning` in the
warningLines array similar to how `state.warning` is already being added, and
update the `promptNeeded` boolean expression to also check if warningLines has
any entries, ensuring that degraded update warnings trigger the prompt output
even without actionable updates.
In `@scripts/sync-rule-exports.mjs`:
- Line 201: Remove the `codexNested` field assignments from the canonical index
at both affected locations. Since Codex has been removed from the manifest
schema and host model, delete the line containing `codexNested:
frontmatter.codexNested || '',` at line 201 and the corresponding `codexNested`
assignment at line 232 in the same file to prevent undocumented fields from
reappearing in the modules output.
- Line 229: The `generatedAt` field in sync-rule-exports.mjs at line 229 always
preserves the previous timestamp regardless of whether content has changed,
preventing the metadata from reflecting actual regeneration events. Fix this by
making the timestamp conditional: only preserve the previous `generatedAt` value
if the content checksums (both `checksum` and `mdcChecksum`) remain unchanged
compared to the previous metadata; if either checksum has changed, generate a
new timestamp using `new Date().toISOString()` to accurately reflect that the
content was regenerated.
In `@scripts/tool-stack-check.mjs`:
- Around line 27-30: The toolSpecs object allows environment variable overrides
for package sources, but the latest() function calls at lines 432 and 441 still
use hardcoded package names instead of extracting them from the actual toolSpecs
values. Extract the package name portion (without version specifier) from
toolSpecs.codegraph and toolSpecs.beads—for example, if toolSpecs.codegraph is
"`@colbymchenry/codegraph`@1.0.1", extract just "`@colbymchenry/codegraph`"—and use
these extracted names when calling latest() to ensure version checks are
performed against the same package sources that are actually being installed and
updated.
In `@skills/bundled/orpc-patterns/agents/openai.yaml`:
- Line 2: The display_name field in the agent configuration still uses "oRPC
Fullstack" while the prompt variable has been correctly updated to reference the
new skill name "orpc-patterns". Update the display_name from "oRPC Fullstack" to
"oRPC Patterns" to maintain consistency with the renamed skill and prompt
variable, ensuring the agent's display name accurately reflects the new naming
convention.
In `@skills/bundled/orpc-patterns/SKILL.md`:
- Line 2: The skill metadata has been renamed to orpc-patterns on line 2, but
the main heading still reads "# oRPC Fullstack" instead of reflecting the new
skill name. Update the heading text to match the renamed skill metadata by
changing it from "# oRPC Fullstack" to "# orpc-patterns" to ensure consistency
between the skill name and its documentation heading.
In `@tests/test-workflow-tools.sh`:
- Around line 431-433: Guard the new command substitution assignments against
silent failures by wrapping them in if-then-else blocks that properly handle
non-zero exit codes. At tests/test-workflow-tools.sh lines 431-433, wrap the
`skill_warning_json` and `skill_warning_text` assignments in an if statement
that calls `not_ok` and `finish_tests` if the node command fails. Apply the
identical guard pattern to the command substitutions at lines 465-466 (the
second set of assignments) and lines 859-860 (the third set of assignments),
ensuring each site checks the exit status of the `node
"$ROOT/scripts/skill-update-prompt.mjs"` invocation and terminates the test
gracefully with proper cleanup rather than causing an opaque hard-exit.
---
Outside diff comments:
In `@rules-manifest.json`:
- Around line 56-68: The moduleSchema definition in the fields object is missing
documentation for two generated fields that are actually present in module
entries: mdcChecksum and cursorPath. Add descriptions for both of these fields
to the moduleSchema.fields object to match the actual schema contract.
mdcChecksum should document that it stores the SHA-256 checksum for MDC files,
and cursorPath should document the path where the Cursor version is stored.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 8c6b786e-f007-4d8a-a99c-9e32951370f6
📒 Files selected for processing (60)
.github/workflows/health.yml.gitignoreCHANGELOG.mdCREDITS.mdcommands/email-triage.mddocs/adr/0003-exodia-cross-host-rules.mddocs/eternal-stack-coverage.mddocs/install.mddocs/rules.mddocs/skills.mdhooks/cc-posttoolbatch-observer.shhooks/cc-posttoolusefailure-diagnose.shhooks/cc-pretooluse-guard.shhooks/cc-stop-verifier.shhooks/cc-userprompt-router.shrules-manifest.jsonrules/eternal-saas/global/00-stack.mdrules/eternal-saas/global/10-gotchas.mdrules/eternal-saas/global/20-verify.mdrules/eternal-saas/project/auth-tenancy.mdrules/eternal-saas/project/components.mdrules/eternal-saas/project/deploy-onveloz.mdrules/eternal-saas/project/i18n.mdrules/eternal-saas/project/imports.mdrules/eternal-saas/project/local-overrides.mdrules/eternal-saas/project/money.mdrules/eternal-saas/project/next.mdrules/eternal-saas/project/orpc.mdrules/eternal-saas/project/oxlint.mdrules/eternal-saas/project/prisma.mdrules/eternal-saas/project/react.mdrules/eternal-saas/project/stack.mdrules/eternal-saas/project/tcg-contract.mdrules/eternal-saas/project/testing.mdrules/eternal-saas/project/typescript.mdrules/etrnl/domains.mdscripts/bootstrap-tools.shscripts/code-health-ledger-check.mjsscripts/deep-audit-artifact-check.mjsscripts/doctor.shscripts/init-project-rules.shscripts/install.shscripts/plan-readiness-check.mjsscripts/post-upgrade-canary.shscripts/pr-preflight.mjsscripts/skill-contract-check.mjsscripts/skill-update-prompt.mjsscripts/sync-rule-exports.mjsscripts/tool-stack-check.mjsscripts/update-check.mjsskills/bundled/better-auth/SKILL.mdskills/bundled/eternal-best-practices/SKILL.mdskills/bundled/money-vo-discipline/SKILL.mdskills/bundled/orpc-patterns/SKILL.mdskills/bundled/orpc-patterns/agents/openai.yamlskills/bundled/tenant-isolation-patterns/SKILL.mdtemplates/cursor/rules/eternal-saas/project/eternal-saas-components.mdctemplates/cursor/rules/eternal-saas/project/eternal-saas-tcg-contract.mdctests/test-hooks.shtests/test-workflow-tools.sh
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**
⚙️ CodeRabbit configuration file
**: # Claude Code
@AGENTS.md
Files:
rules/eternal-saas/project/local-overrides.mdrules/etrnl/domains.mdrules/eternal-saas/project/testing.mdrules/eternal-saas/project/money.mdrules/eternal-saas/project/prisma.mdskills/bundled/orpc-patterns/agents/openai.yamldocs/install.mdskills/bundled/orpc-patterns/SKILL.mdrules/eternal-saas/project/next.mdrules/eternal-saas/project/deploy-onveloz.mdrules/eternal-saas/global/20-verify.mddocs/eternal-stack-coverage.mdrules/eternal-saas/global/10-gotchas.mdrules/eternal-saas/project/orpc.mdskills/bundled/better-auth/SKILL.mdscripts/pr-preflight.mjsrules/eternal-saas/project/stack.mdtemplates/cursor/rules/eternal-saas/project/eternal-saas-tcg-contract.mdcCREDITS.mdscripts/install.shdocs/skills.mdrules/eternal-saas/project/imports.mdrules/eternal-saas/project/typescript.mdrules/eternal-saas/global/00-stack.mdrules/eternal-saas/project/components.mdcommands/email-triage.mdhooks/cc-posttoolusefailure-diagnose.shskills/bundled/tenant-isolation-patterns/SKILL.mdrules/eternal-saas/project/oxlint.mdskills/bundled/money-vo-discipline/SKILL.mdhooks/cc-posttoolbatch-observer.shscripts/plan-readiness-check.mjsscripts/code-health-ledger-check.mjsscripts/skill-contract-check.mjsrules/eternal-saas/project/i18n.mdrules/eternal-saas/project/auth-tenancy.mdscripts/tool-stack-check.mjsscripts/update-check.mjsscripts/deep-audit-artifact-check.mjsdocs/rules.mdtemplates/cursor/rules/eternal-saas/project/eternal-saas-components.mdcscripts/post-upgrade-canary.shhooks/cc-userprompt-router.shrules/eternal-saas/project/tcg-contract.mdrules/eternal-saas/project/react.mdscripts/bootstrap-tools.shscripts/doctor.shscripts/skill-update-prompt.mjsdocs/adr/0003-exodia-cross-host-rules.mdscripts/sync-rule-exports.mjsCHANGELOG.mdscripts/init-project-rules.shrules-manifest.jsontests/test-workflow-tools.shhooks/cc-stop-verifier.shtests/test-hooks.shskills/bundled/eternal-best-practices/SKILL.mdhooks/cc-pretooluse-guard.sh
🪛 GitHub Actions: health / 0_repo-health.txt
tests/test-workflow-tools.sh
[error] 1-1: Command failed. Process completed with exit code 1.
🪛 GitHub Actions: health / repo-health
tests/test-workflow-tools.sh
[error] 1-1: Command failed. Process completed with exit code 1 (despite all shown checks reporting 'ok').
🪛 LanguageTool
commands/email-triage.md
[style] ~11-~11: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...rite Gmail commands. Do not send email. Do not mutate Gmail outside the managed em...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
[style] ~11-~11: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...mail outside the managed email runtime. Do not run etrnl-email triage run for th...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
docs/adr/0003-exodia-cross-host-rules.md
[grammar] ~27-~27: Ensure spelling is correct
Context: ...Client-repo rollout lists stay in local gitignored planning paths. Enforcement: `rules-man...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 SkillSpector (2.1.1)
skills/bundled/eternal-best-practices/SKILL.md
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
[warning] 14: [EA1] Unrestricted Tool Access: Skill grants unrestricted tool access without appropriate constraints. An agent with unfettered tool access can perform arbitrary actions including file modification, network requests, and code execution.
Remediation: Restrict tool access to only the tools required for the skill's stated purpose. Use an explicit allowlist rather than granting blanket access.
(Excessive Agency (EA1))
[warning] 2249: [OH3] Unbounded Output: Output size or generation rate is not bounded. Unbounded output enables denial-of-service through resource exhaustion, log flooding, or context-window stuffing.
Remediation: Set explicit limits on output length, generation count, and rate. Use max_tokens and truncation to prevent unbounded output.
(Output Handling (OH3))
[error] 1200: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[error] 1201: [PE3] Credential Access: Code accesses credential files (SSH keys, AWS credentials, etc.). This could indicate credential theft attempts.
Remediation: Remove references to credential paths. Use environment variables or secrets managers. For docs, use placeholder paths (e.g., /path/to/config). Never load .env or token files in production code paths.
(Privilege Escalation (PE3))
[warning] 1219: [TM3] Unsafe Defaults: Tool defaults are unsafe or overly permissive (e.g. disabled TLS verification, no authentication, world-writable permissions). Unsafe defaults widen the attack surface.
Remediation: Override unsafe defaults with secure settings (verify=True, auth required, restrictive permissions). Review and harden all tool configurations.
(Tool Misuse (TM3))
🪛 zizmor (1.25.2)
.github/workflows/health.yml
[warning] 17-18: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 18-18: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 21-21: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 21-21: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
[info] 14-14: workflow or action definition without a name (anonymous-definition): this job
(anonymous-definition)
[warning] 3-8: insufficient job-level concurrency limits (concurrency-limits): workflow is missing concurrency setting
(concurrency-limits)
| on: | ||
| pull_request: | ||
| push: | ||
| branches: | ||
| - main | ||
| - "release/**" | ||
|
|
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | ⚡ Quick win
Add workflow-level concurrency control.
Without concurrency, rapid pushes can run overlapping full health jobs for the same ref, wasting CI time and increasing queue contention.
🔧 Suggested diff
on:
pull_request:
push:
branches:
- main
- "release/**"
+concurrency:
+ group: health-${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
permissions:
contents: read📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - "release/**" | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - "release/**" | |
| concurrency: | |
| group: health-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 3-8: insufficient job-level concurrency limits (concurrency-limits): workflow is missing concurrency setting
(concurrency-limits)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/health.yml around lines 3 - 9, The GitHub Actions workflow
health.yml lacks concurrency control, allowing multiple overlapping job runs for
the same branch or pull request, which wastes CI resources and increases queue
contention. Add a top-level concurrency section to the workflow (at the same
indentation level as the existing on trigger configuration) that cancels
in-progress jobs when a new run is triggered for the same ref. Use a concurrency
group that combines the workflow name or identifier with the git ref
(github.ref) to ensure only one job runs per branch/PR at a time, and set
cancel-in-progress to true to automatically cancel previously queued jobs when a
newer one starts.
Source: Linters/SAST tools
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "22" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat .github/workflows/health.ymlRepository: eternalwaitt/eternal-stack
Length of output: 1004
🌐 Web query:
GitHub Actions best practices pinning commit SHA security v4 mutable tags
💡 Result:
Pinning GitHub Actions to a full-length commit SHA is the only way to ensure the immutability of an action and protect against supply chain attacks involving mutable references [1][2][3]. Why Pinning by SHA is Required: Git tags (like v4) and branch names (like main or master) are mutable pointers [4][5][6]. They can be force-pushed or updated at any time by repository maintainers or attackers who compromise a maintainer's account [7][8][9]. When you reference an action by a tag, your workflow will automatically execute whatever code the tag currently points to, making you vulnerable to malicious code injection if that tag is retargeted [10][5][11]. Best Practices for Security: - Use Full 40-Character Commit SHAs: Always use the complete 40-character SHA [12][11]. Never use shortened SHAs or mutable tags [12][3]. - Maintain Readability with Comments: Because SHAs are not human-readable, append the original tag or version as a comment in your YAML file [6][11]. This allows automated tools like Dependabot or Renovate to identify which version the SHA corresponds to and suggest updates [13][2][6]. Example: - uses: actions/checkout@11bd719 # v4.2.2 - Automate Updates: Use dependency management tools such as Dependabot or Renovate to keep your pinned SHAs up to date [13][6]. They can be configured to automatically create pull requests when a new tag is released, ensuring you receive security patches without manually managing the SHAs [13][6]. - Enforce via Policy: GitHub allows organization and repository-level policies that can mandate the use of full-length commit SHAs, causing any workflows that use mutable references to fail [1][7][6]. - Use Audit Tools: Implement automated checks in your CI/CD pipeline, such as zizmor or custom scripts, to scan your workflow files and fail builds that contain unpinned actions [12][6][11]. Verified creator badges on GitHub Marketplace provide some assurance, but they do not eliminate the risk of account compromise or malicious tag updates; SHA pinning remains the definitive security control [1][8].
Citations:
- 1: https://docs.github.com/en/actions/reference/security/secure-use
- 2: https://nearform.com/insights/why-you-should-pin-your-github-actions-by-commit-hash/
- 3: https://github.com/ihs7/action-sha-pinned-actions
- 4: https://github.com/kubernetes/community/blob/main/github-management/github-actions-policy.md
- 5: https://www.systemshardening.com/articles/cicd/github-actions-trivy-compromise/
- 6: https://architecture.lullabot.com/adr/20260505-pin-github-actions-to-hash/
- 7: https://www.romainlespinasse.dev/posts/github-actions-commit-sha-pinning/
- 8: https://nefariousplan.com/posts/tj-actions-mutable-tags-were-always-a-lie
- 9: https://sebastion.dev/intelligence/2026-03-12-poc-supply-chain-compromise-via-mutable-git-tag-poisoning
- 10: https://nefariousplan.com/patterns/mutable-reference-as-immutable
- 11: https://pydevtools.com/handbook/how-to/how-to-pin-github-actions-by-sha-for-python-projects/index.md
- 12: https://safeguard.sh/resources/blog/how-to-pin-github-actions-to-shas-correctly
- 13: https://emmer.dev/blog/pin-your-github-actions-to-protect-against-mutability/
🌐 Web query:
actions/checkout persist-credentials false security best practice
💡 Result:
Setting persist-credentials to false in actions/checkout is considered a security best practice to minimize the exposure of repository authentication tokens during a workflow execution [1][2][3]. By default, actions/checkout is set to persist-credentials: true, which causes the action to configure the local Git environment with the provided token (typically GITHUB_TOKEN or a custom SSH key) [4][1][5]. This makes the credentials available to any subsequent steps in the same job [1][2][6]. While the token is removed during post-job cleanup, setting this to false prevents the token from being written to the Git configuration on disk in the first place, thereby reducing the risk of accidental exposure via logs, artifacts, or unauthorized access by malicious actions within the workflow [1][5][7]. It is important to note the following context: 1. How it works: When persist-credentials is true, the action writes the credentials to the local git config [4][2]. In recent versions (starting with v6), this storage location was moved to a restricted directory ($RUNNER_TEMP) to reduce the risk of accidental leaks through artifact creation [4][8][7]. 2. Limitations: Setting persist-credentials to false only affects the automatic configuration of the local git environment [2][9]. It does not revoke the job's access to the GITHUB_TOKEN, which remains available to the workflow through other standard mechanisms [6][7]. If a subsequent action (such as a git-auto-commit action) requires authenticated git operations, it may fail unless you manually reconfigure the credentials or provide them via other means [3]. 3. Recommendation: You should explicitly set persist-credentials: false unless your workflow specifically requires authenticated git commands (like pushing commits back to the repository) [1]. Even then, consider whether there are more secure ways to provide those credentials only to the specific steps that require them [2][6]. Example configuration: - uses: actions/checkout@v4 with: persist-credentials: false
Citations:
- 1: https://actsense.dev/vulnerabilities/unsafe_checkout/
- 2: Remove
persist-credentialsor change the default tofalseactions/checkout#485 - 3: Reconfigure credentials when `persist-credentials: false` is set stefanzweifel/git-auto-commit-action#356
- 4: https://github.com/actions/checkout/?tab=readme-ov-file
- 5: https://yossarian.net/til/post/actions-checkout-can-leak-github-credentials/
- 6: Remove
persist-credentialsor change the default tofalseactions/checkout#485 - 7: [security] Escalate concerning default
persist-credentials=trueplease actions/checkout#2312 - 8: actions/checkout@v5.0.1...v6.0.0
- 9: https://github.com/actions/checkout
🌐 Web query:
actions/setup-node package-manager-cache false security 2024 2025
💡 Result:
In actions/setup-node, the package-manager-cache input controls the automatic caching feature for npm [1][2]. By default, this input is set to true, which enables automatic caching if your package.json file includes a devEngines.packageManager or a top-level packageManager field set to npm, provided no explicit cache input is specified [1][2][3]. Setting package-manager-cache to false disables this automatic caching behavior [1][4]. GitHub officially recommends setting package-manager-cache: false in workflows that involve elevated privileges or access to sensitive information, such as those used for package publishing, when caching is not strictly required for performance [1][5][2]. This guidance is provided as a security measure to mitigate risks like cache poisoning, where an attacker might attempt to inject malicious code or intercept sensitive data (including tokens) via the cached dependency directory [5]. If a workflow is designed to run with elevated permissions—or if you simply want to avoid the potential security surface area of automated caching—explicitly disabling it is considered a best practice [1][6]. For example, to disable it in your GitHub Actions workflow: steps: - uses: actions/checkout@v6 - uses: actions/setup-node@v6 with: node-version: '24' package-manager-cache: false # Disables automatic npm caching [7]
Citations:
- 1: https://github.com/actions/setup-node/blob/main/README.md
- 2: https://github.com/actions/setup-node
- 3: https://github.com/actions/setup-node/tree/refs/heads/main
- 4: https://github.com/actions/setup-node/blob/v6/README.md
- 5: docs: Update caching recommendations to mitigate cache poisoning risks actions/setup-node#1567
- 6: Don't cache automatically in privileged workflows actions/setup-node#1358
- 7: https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md
Pin action revisions and harden checkout defaults.
Lines 18 and 21 use mutable tags (@v4), which are vulnerable to supply-chain attacks. Pin both actions to full 40-character commit SHAs (with version comments for readability), set persist-credentials: false on checkout to prevent unnecessary credential persistence, and disable automatic package-manager caching on setup-node to mitigate cache-poisoning risks.
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 17-18: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 18-18: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 21-21: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
[error] 21-21: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/health.yml around lines 17 - 23, Replace the mutable
action tags with pinned 40-character commit SHAs for both the checkout action on
line 18 and the setup-node action on line 21, adding version comments for
readability (e.g., "# v4.x.x"). For the checkout action, add a new configuration
line with persist-credentials set to false to prevent unnecessary credential
persistence. For the setup-node action, add a new configuration line to disable
automatic package-manager caching by setting cache to null to mitigate
cache-poisoning risks.
Source: Linters/SAST tools
|
|
||
| if cc_email_triage_active && command_is_raw_email_triage_gmail_mutation "$cmd"; then | ||
| deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the VIVAZ runtime: vivaz-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then vivaz-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue." | ||
| deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the VIVAZ runtime: etrnl-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then etrnl-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue." |
There was a problem hiding this comment.
Replace the stale runtime name in the deny guidance.
Line 675 still says “VIVAZ runtime” while this gate has been migrated to etrnl-email; that contradiction can send users down the wrong path during a blocked operation.
Suggested patch
- deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the VIVAZ runtime: etrnl-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then etrnl-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue."
+ deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the managed etrnl-email runtime: etrnl-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then etrnl-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue."📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the VIVAZ runtime: etrnl-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then etrnl-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue." | |
| deny "Raw Gmail mutation is blocked during email-triage. Phase 1 must use the managed etrnl-email runtime: etrnl-email triage guarded-run --account <id> --max-inbox 500 --apply --require-insights, then etrnl-email triage verify --latest --account <id>. Only after verified Inbox Zero, open the queue." |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@hooks/cc-pretooluse-guard.sh` at line 675, The deny message on line 675
references the outdated "VIVAZ runtime" while the gate has been migrated to use
`etrnl-email`. Update the deny message to remove or correct the "VIVAZ runtime"
reference so that the guidance is consistent with the actual commands shown
(etrnl-email triage guarded-run and etrnl-email triage verify). The message
should clearly direct users to use the etrnl-email tool without mentioning the
deprecated VIVAZ runtime, as this will prevent users from being confused when
they encounter the blocked operation error.
| python3 - "$MANIFEST_SOURCE" "$PACK_ROOT" "$CURSOR_PACK_ROOT" "$PROFILE" <<'PYEOF' | ||
| import json | ||
| import re | ||
| import sys | ||
| from pathlib import Path | ||
|
|
||
| manifest_path, pack_root, cursor_root, profile = sys.argv[1:] | ||
| manifest = json.loads(Path(manifest_path).read_text()) | ||
| profiles = manifest.get("profiles", {}) | ||
|
|
||
| def expand(name, seen=None): | ||
| seen = seen or set() | ||
| if name in seen: | ||
| raise SystemExit(f"profile cycle detected: {name}") | ||
| if name not in profiles: | ||
| raise SystemExit(f"unknown profile: {name}") | ||
| seen.add(name) | ||
| item = profiles[name] | ||
| modules = [] | ||
| if item.get("extends"): | ||
| modules.extend(expand(item["extends"], seen)) | ||
| modules.extend(item.get("modules", [])) | ||
| return modules | ||
|
|
||
| for key in expand(profile): | ||
| source = Path(pack_root) / f"{key}.md" | ||
| if not source.is_file(): | ||
| raise SystemExit(f"manifest profile {profile} references missing module: {key}") | ||
| text = source.read_text() | ||
| match = re.search(r"^id:\s*(\S+)\s*$", text, re.MULTILINE) | ||
| if not match: | ||
| raise SystemExit(f"module missing id frontmatter: {key}") | ||
| cursor = Path(cursor_root) / Path(key).parent / f"{match.group(1)}.mdc" | ||
| if not cursor.is_file(): | ||
| raise SystemExit(f"generated Cursor rule missing for module {key}: {cursor}") | ||
| print(f"{key}\t{match.group(1)}") | ||
| PYEOF |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | ⚡ Quick win
collect_modules is invoked multiple times, triggering redundant Python/JSON parsing.
The function is called at lines 114, 167, 188, and 216 via process substitution. Each invocation re-parses rules-manifest.json, re-expands profiles, and re-reads every module file to extract IDs. For large manifests this adds measurable latency.
Consider caching the output once:
MODULES_CACHE="$(collect_modules)"
# Then use: while ... done <<< "$MODULES_CACHE"This also avoids subtle inconsistencies if the manifest changes mid-run.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/init-project-rules.sh` around lines 56 - 92, The Python script that
parses the manifest and expands profiles is invoked multiple times through
process substitution (at lines 114, 167, 188, and 216), causing redundant
parsing of the JSON manifest and file reads for every invocation. Instead of
calling the Python script multiple times, execute it once at the beginning and
capture the output in a variable (such as MODULES_CACHE), then reuse that cached
variable in all subsequent locations where the function is currently invoked via
process substitution to eliminate redundant operations and prevent potential
inconsistencies if the manifest changes during script execution.
| if (state.warning) warningLines.push(`ETRNL_UPDATE_WARNING ${state.warning}`); | ||
|
|
||
| const resultOk = state.ok !== false; | ||
| const promptNeeded = Boolean(state.updateAvailable) || !resultOk || rawLines.length > 0; | ||
| const promptNeeded = Boolean( | ||
| !resultOk || | ||
| state.localUpdateAvailable || | ||
| state.remote?.updateAvailable || | ||
| missingTools.length || | ||
| toolUpdates.length || | ||
| actionLines.length, | ||
| ); |
There was a problem hiding this comment.
Preserve degraded update warnings in emitted prompt output.
state.sourceGitWarning is currently dropped, and promptNeeded ignores warning-only states. This can suppress degraded-source warnings when there are no actionable update lines.
🔧 Suggested diff
if (state.warning) warningLines.push(`ETRNL_UPDATE_WARNING ${state.warning}`);
+if (state.sourceGitWarning) warningLines.push(`ETRNL_UPDATE_WARNING ${state.sourceGitWarning}`);
const resultOk = state.ok !== false;
const promptNeeded = Boolean(
!resultOk ||
state.localUpdateAvailable ||
state.remote?.updateAvailable ||
missingTools.length ||
toolUpdates.length ||
- actionLines.length,
+ actionLines.length ||
+ warningLines.length,
);Also applies to: 167-174
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/skill-update-prompt.mjs` around lines 145 - 155, The code is
currently dropping the `state.sourceGitWarning` value and the `promptNeeded`
logic ignores warning-only states, which can suppress degraded-source warnings
when there are no actionable update lines. Add a condition to include
`state.sourceGitWarning` in the warningLines array similar to how
`state.warning` is already being added, and update the `promptNeeded` boolean
expression to also check if warningLines has any entries, ensuring that degraded
update warnings trigger the prompt output even without actionable updates.
| checksum: item.result.checksum, | ||
| mdcChecksum: item.result.mdcChecksum, | ||
| cursorPath: relative(ROOT, item.result.mdcPath).replace(/\\/g, '/'), | ||
| generatedAt: previous.generatedAt || new Date().toISOString(), |
There was a problem hiding this comment.
generatedAt is not updated on content change.
Line 229 always preserves the previous timestamp, so metadata can stay stale even when checksum/mdcChecksum change. That breaks the module-index time signal and can hide real regeneration events.
Suggested fix
function buildIndex(manifest, moduleResults, previousModules) {
const modules = {};
+ const now = new Date().toISOString();
for (const item of moduleResults) {
const profiles = moduleProfiles(manifest, item.key);
const previous = previousModules?.[item.key] || {};
+ const changed =
+ previous.checksum !== item.result.checksum ||
+ previous.mdcChecksum !== item.result.mdcChecksum;
modules[item.key] = {
id: item.result.id,
paths: item.result.paths,
globs: item.result.globs,
hosts: item.result.hosts,
profile: profiles.length === 1 ? profiles[0] : profiles,
verify: item.result.verify,
checksum: item.result.checksum,
mdcChecksum: item.result.mdcChecksum,
cursorPath: relative(ROOT, item.result.mdcPath).replace(/\\/g, '/'),
- generatedAt: previous.generatedAt || new Date().toISOString(),
+ generatedAt: changed || !previous.generatedAt ? now : previous.generatedAt,
};🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/sync-rule-exports.mjs` at line 229, The `generatedAt` field in
sync-rule-exports.mjs at line 229 always preserves the previous timestamp
regardless of whether content has changed, preventing the metadata from
reflecting actual regeneration events. Fix this by making the timestamp
conditional: only preserve the previous `generatedAt` value if the content
checksums (both `checksum` and `mdcChecksum`) remain unchanged compared to the
previous metadata; if either checksum has changed, generate a new timestamp
using `new Date().toISOString()` to accurately reflect that the content was
regenerated.
| const toolSpecs = { | ||
| codegraph: process.env.ETRNL_CODEGRAPH_NPM_SPEC || "@colbymchenry/codegraph@1.0.1", | ||
| beads: process.env.ETRNL_BEADS_NPM_SPEC || "@beads/bd@1.0.5", | ||
| }; |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, check if the file exists and get its total line count
wc -l scripts/tool-stack-check.mjsRepository: eternalwaitt/eternal-stack
Length of output: 103
🏁 Script executed:
# Read the relevant sections mentioned in the review
# Lines 27-30 for toolSpecs definition
echo "=== Lines 27-30 (toolSpecs) ==="
sed -n '27,30p' scripts/tool-stack-check.mjs
echo -e "\n=== Lines 432-443 (latest() queries) ==="
sed -n '432,443p' scripts/tool-stack-check.mjs
# Also check around these lines for context
echo -e "\n=== Context around line 27 ==="
sed -n '20,40p' scripts/tool-stack-check.mjs
echo -e "\n=== Context around line 432 ==="
sed -n '420,450p' scripts/tool-stack-check.mjsRepository: eternalwaitt/eternal-stack
Length of output: 3034
🏁 Script executed:
# Search for all occurrences of npmLatest and npmLatestWithFallback to understand the pattern
echo "=== All calls to npmLatest functions ==="
rg "npmLatest" scripts/tool-stack-check.mjs -n -A 1Repository: eternalwaitt/eternal-stack
Length of output: 681
🏁 Script executed:
# Check how installCommand and updateCommand are defined and used
echo "=== installCommand and updateCommand definitions ==="
rg "installCommand|updateCommand" scripts/tool-stack-check.mjs -n -B 2 -A 2Repository: eternalwaitt/eternal-stack
Length of output: 1743
Extract package names from overridden npm specs for consistent latest-version queries.
The toolSpecs object allows customizing package sources via ETRNL_CODEGRAPH_NPM_SPEC and ETRNL_BEADS_NPM_SPEC environment variables, and installCommand/updateCommand correctly use these overrides. However, the latest() functions at lines 432 and 441 still query the hardcoded original package names (@colbymchenry/codegraph and @beads/bd). This causes update detection to fail when custom specs point to forks or alternate packages—the tool would install from one package source but check for updates against a different one.
🔧 Suggested diff
const toolSpecs = {
codegraph: process.env.ETRNL_CODEGRAPH_NPM_SPEC || "`@colbymchenry/codegraph`@1.0.1",
beads: process.env.ETRNL_BEADS_NPM_SPEC || "`@beads/bd`@1.0.5",
};
+
+function npmPackageFromSpec(spec, fallback) {
+ const value = String(spec || "").trim();
+ if (!value) return fallback;
+ const scoped = value.match(/^(@[^/]+\/[^@]+)(?:@.+)?$/);
+ if (scoped) return scoped[1];
+ const unscoped = value.match(/^([^@][^@]*?)(?:@.+)?$/);
+ return unscoped ? unscoped[1] : fallback;
+}
+
+const latestPackages = {
+ codegraph: npmPackageFromSpec(toolSpecs.codegraph, "`@colbymchenry/codegraph`"),
+ beads: npmPackageFromSpec(toolSpecs.beads, "`@beads/bd`"),
+};Then at line 432:
- latest: () => npmLatest("`@colbymchenry/codegraph`"),
+ latest: () => npmLatest(latestPackages.codegraph),And at line 441:
- latest: () => npmLatestWithFallback("`@beads/bd`", () => brewLatest("beads")),
+ latest: () => npmLatestWithFallback(latestPackages.beads, () => brewLatest("beads")),🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/tool-stack-check.mjs` around lines 27 - 30, The toolSpecs object
allows environment variable overrides for package sources, but the latest()
function calls at lines 432 and 441 still use hardcoded package names instead of
extracting them from the actual toolSpecs values. Extract the package name
portion (without version specifier) from toolSpecs.codegraph and
toolSpecs.beads—for example, if toolSpecs.codegraph is
"`@colbymchenry/codegraph`@1.0.1", extract just "`@colbymchenry/codegraph`"—and use
these extracted names when calling latest() to ensure version checks are
performed against the same package sources that are actually being installed and
updated.
| @@ -1,6 +1,6 @@ | |||
| interface: | |||
| display_name: "oRPC Fullstack" | |||
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | ⚡ Quick win
Update agent display_name to match renamed skill and prompt variable.
Line 4 correctly updates the prompt variable from $orpc-fullstack to $orpc-patterns, but the agent's display_name on line 2 still reads "oRPC Fullstack". For clarity, both should reflect the new name.
✏️ Proposed fix
interface:
- display_name: "oRPC Fullstack"
+ display_name: "oRPC Patterns"Also applies to: 4-4
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@skills/bundled/orpc-patterns/agents/openai.yaml` at line 2, The display_name
field in the agent configuration still uses "oRPC Fullstack" while the prompt
variable has been correctly updated to reference the new skill name
"orpc-patterns". Update the display_name from "oRPC Fullstack" to "oRPC
Patterns" to maintain consistency with the renamed skill and prompt variable,
ensuring the agent's display name accurately reflects the new naming convention.
| @@ -1,5 +1,5 @@ | |||
| --- | |||
| name: orpc-fullstack | |||
| name: orpc-patterns | |||
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | ⚡ Quick win
Update heading to match renamed skill metadata.
Line 2 correctly renames the skill to orpc-patterns, but the heading on line 6 still reads "# oRPC Fullstack". This creates a visual inconsistency—the heading should reflect the skill's new name.
✏️ Proposed fix
-# oRPC Fullstack
+# oRPC PatternsAlso applies to: 6-6
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@skills/bundled/orpc-patterns/SKILL.md` at line 2, The skill metadata has been
renamed to orpc-patterns on line 2, but the main heading still reads "# oRPC
Fullstack" instead of reflecting the new skill name. Update the heading text to
match the renamed skill metadata by changing it from "# oRPC Fullstack" to "#
orpc-patterns" to ensure consistency between the skill name and its
documentation heading.
| skill_warning_json="$(ETRNL_UPDATE_CHECK_SCRIPT="$skill_warning_update" node "$ROOT/scripts/skill-update-prompt.mjs" --agent codex --skill etrnl-audit-excellence --json)" | ||
| assert_json_expr "skill update prompt surfaces degraded warning-only checks" "$skill_warning_json" '.ok == false and .promptNeeded == true and .warnings[0] == "ETRNL_UPDATE_WARNING source-root-missing" and (.rawUpdateOutput | contains("ETRNL_UPDATE_WARNING source-root-missing"))' | ||
| skill_warning_text="$(ETRNL_UPDATE_CHECK_SCRIPT="$skill_warning_update" node "$ROOT/scripts/skill-update-prompt.mjs" --agent codex --skill etrnl-audit-excellence)" |
There was a problem hiding this comment.
Guard new command substitutions under set -e to prevent opaque CI hard-exits.
At Line 431, Line 465, and Line 859, new $(node ...) assignments are unguarded. If any command exits non-zero, the script terminates immediately (before not_ok/finish_tests), which aligns with the reported “exit code 1 despite all shown checks reporting ok” failure mode.
Proposed fix pattern
-skill_warning_json="$(ETRNL_UPDATE_CHECK_SCRIPT="$skill_warning_update" node "$ROOT/scripts/skill-update-prompt.mjs" --agent codex --skill etrnl-audit-excellence --json)"
-assert_json_expr "skill update prompt surfaces degraded warning-only checks" "$skill_warning_json" '.ok == false and .promptNeeded == true and .warnings[0] == "ETRNL_UPDATE_WARNING source-root-missing" and (.rawUpdateOutput | contains("ETRNL_UPDATE_WARNING source-root-missing"))'
+if skill_warning_json="$(ETRNL_UPDATE_CHECK_SCRIPT="$skill_warning_update" node "$ROOT/scripts/skill-update-prompt.mjs" --agent codex --skill etrnl-audit-excellence --json 2>&1)"; then
+ assert_json_expr "skill update prompt surfaces degraded warning-only checks" "$skill_warning_json" '.ok == false and .promptNeeded == true and .warnings[0] == "ETRNL_UPDATE_WARNING source-root-missing" and (.rawUpdateOutput | contains("ETRNL_UPDATE_WARNING source-root-missing"))'
+else
+ not_ok "skill update prompt degraded warning fixture command failed: $skill_warning_json"
+fiApply the same if ...; then ... else not_ok ... fi guard to the new substitutions at Line 465 and Line 859.
Also applies to: 465-466, 859-860
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@tests/test-workflow-tools.sh` around lines 431 - 433, Guard the new command
substitution assignments against silent failures by wrapping them in
if-then-else blocks that properly handle non-zero exit codes. At
tests/test-workflow-tools.sh lines 431-433, wrap the `skill_warning_json` and
`skill_warning_text` assignments in an if statement that calls `not_ok` and
`finish_tests` if the node command fails. Apply the identical guard pattern to
the command substitutions at lines 465-466 (the second set of assignments) and
lines 859-860 (the third set of assignments), ensuring each site checks the exit
status of the `node "$ROOT/scripts/skill-update-prompt.mjs"` invocation and
terminates the test gracefully with proper cleanup rather than causing an opaque
hard-exit.
Source: Pipeline failures
eternalwaitt
force-pushed
the
codex/root-cause-hardening
branch
12 times, most recently
from
307d45a to
e703c7e
Compare
eternalwaitt
changed the title
eternalwaitt
force-pushed
the
codex/root-cause-hardening
branch
from
e703c7e to
3dd11b2
Compare
eternalwaitt
force-pushed
the
codex/root-cause-hardening
branch
from
3dd11b2 to
d8ec72e
Compare
eternalwaitt
changed the title
2 participants
Summary
SessionStartevents, including/newand/clear, as durable compact-reset boundaries.source=compactas the only path that restores compact handoff context.workflow-health --sessioncompact status to the active session instead of global latest compact state./new,/clear, stop-status, and workflow-health compact projections.Root Cause
Compact handoff state was session-scoped only by
session_id. When Claude reused a session id after/newor/clear, stale compact events from before the reset could still make the stack prompt for stale verification or handoff recovery even early in the fresh session.Validation
tests/test-workflow-tools.shpassed 409 checkstests/test-hooks.shpassed 455 checkstests/test-install.shpassed 465 checksscripts/doctor.sh --jobs 4passed, including heavy hook/workflow/install/read-stdin/replay checksnode --check scripts/lib/etrnl-state-core.mjsnode --check scripts/workflow-health.mjsbash -n hooks/cc-sessionstart-restore.shgit diff --check