Conversation
…etection (closes #1202) Adds `stripCommandWrappers()` to the AAB normalization pipeline so that commands like `rtk git push origin main` and `timeout 30 git merge feature` are correctly classified as `git.push` / `git.merge` instead of being left as `shell.exec` or falling through to `unknown`. Addresses Gap A from issue #1202. Gap B (compound pipeline detection) and Gap C (UnknownActionType WARNING event) are out of Tier C scope. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jpleva91
added a commit
that referenced
this pull request
Mar 28, 2026
…200 merged, #179 P0 4th cycle - Removed kernel-aab-normalization blocker: kernel #1202 CLOSED (rtk-prefix fix landed in #1252) - Merged workspace PRs #200 (README fix), #199 (schema+profiles — 2 sprint goals delivered), #195 (prev EM report); closed #198 (superseded) - Senior #1251 delivered: schema cross-validation tests + fixed real bug in squad-manifest.default.yaml - Triaged #201 (P1: real quota metrics), #202/#203 (P2: research, defer to April) - #179 (Option A default-deny, April 4 P0) unassigned for 4th consecutive cycle — HUMAN ESCALATION Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jpleva91
added a commit
that referenced
this pull request
Mar 28, 2026
Sprint complete: #1202 merged (PR #1252 aab prefix-strip), #1208 merged (PR #1238 heredoc body strip), #1086 merged (PR #1264 go-kernel event bus). PR #1255 (safe-subshell allowlist, closes #1139) rebased by EM — CI pending. Health upgraded to green. Next sprint: #1113 (security_reminder_hook warning fix) + KE-2 Canonical ActionContext foundation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jpleva91
pushed a commit
that referenced
this pull request
Mar 28, 2026
…no blockers - #1202 (KE-2 AAB normalization) closed via PR #1252 — eliminates ~700/day unintended denials - #1208 (heredoc false positive) closed via PR #1238 — merged 18:42Z - #1139 → PR #1255: PASS review, CI re-running (3/3 in_progress) - Prior pr-1238-rebase blocker CLEARED (resolved externally, escalation worked) - Health: GREEN. No escalations. 1 sprint issue remaining (#1139 in final CI run) - Corrected stale intel: #179 referenced as P0 in HQ EM report is closed (2026-03-11) https://claude.ai/code/session_017SHEB2c4dupKDpGeDGRHaF
jpleva91
added a commit
that referenced
this pull request
Mar 28, 2026
…print near-complete (#1263) * chore(marketing-em): EM report 2026-03-28T20:15Z — site stats fixed, v2.9.x sprint - PR #1258: 10 stale stats fixed in site/index.html (invariants 24, patterns 93, event kinds 47) - Issues #1259, #1260 filed: swarm audit + v2.9.x announcement - Sprint updated: v2.9.x announcement + swarm audit as primary goals - Content agent blocker (#995) entering 5th cycle — escalation warning set - Dogfood: clean run, 0 governance denials Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(studio-em): EM report 2026-03-29T02:15Z — #1202 resolved, #199/#200 merged, #179 P0 4th cycle - Removed kernel-aab-normalization blocker: kernel #1202 CLOSED (rtk-prefix fix landed in #1252) - Merged workspace PRs #200 (README fix), #199 (schema+profiles — 2 sprint goals delivered), #195 (prev EM report); closed #198 (superseded) - Senior #1251 delivered: schema cross-validation tests + fixed real bug in squad-manifest.default.yaml - Triaged #201 (P1: real quota metrics), #202/#203 (P2: research, defer to April) - #179 (Option A default-deny, April 4 P0) unassigned for 4th consecutive cycle — HUMAN ESCALATION Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(hq-em): EM report 2026-03-28T21:30Z — v2.9.1 released, kernel sprint near-complete Actions this cycle: - Closed #1229 (v2.9.0 npm publish race — superseded by v2.9.1 success) - Identified PR #1258 MERGEABLE pending review (site stats sync, all green) - Identified PR #1255 blocked by CodeQL failure (safe-subshell allowlist) - Added new P1 dogfood #1254 to sprint tracking Escalations: - P0: Swarm health #1186 (4th cycle, human required) - P0: KE-2 #917 unstarted 4th cycle (director/kernel-sr) - P1: kernel squad — invariant false positive #1254 scope fix - P2: cloud squad — upgrade 2.9.0→2.9.1, human reviewer for PR #1258 Dogfood: No-Governance-Self-Modification blocks both gh issue --body (analytics agents) and EM squad state writes to .agentguard/squads/ — invariant scope too broad. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
jpleva91
added a commit
that referenced
this pull request
Mar 28, 2026
…ves (closes #1139) (#1274) * fix(matchers): add safe-subshell allowlist to prevent $(date) false positives (closes #1139) Adds `stripSafeSubshells()` preprocessing step in `CommandScanner.scanDestructive()` that strips known read-only, side-effect-free subshell expressions before destructive pattern scanning. The dogfood case: agents embedding `$(date -u +%Y-%m-%dT%H:%M:%SZ)` in `gh pr comment --body` arguments were blocked by governance. The `date` command is a pure clock read with no side effects; its substitution form should not trigger pattern scans. Allowlisted safe subshells: date, pwd, whoami, hostname, uname, id, arch, uptime, git rev-parse / git describe. Security constraint: `[^)(]*` in the argument slot rejects nested subshells (e.g. `$(date $(rm -rf /))`), preventing bypass. Destructive commands that happen to contain safe subshells are still detected: `rm -rf /tmp/backup-$(date +%Y%m%d)` → strips date → `rm -rf /tmp/backup-` → blocked ✓ ReDoS-safe: patterns use `[^)(]*` directly instead of `(?:\s+[^)(]*)?\s*` which creates polynomial backtracking risk via ambiguous whitespace overlap (CodeQL fix vs PR #1255 which had this issue). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(kernel-sr): update senior state — #1139 PR #1274 created, #1202 confirmed closed - #1202 was already merged via PR #1252 (confirmed in this run) - #1139 implemented: PR #1274 open, supersedes #1255 (CodeQL/ReDoS fix) - Closed stale PR #1255 - Health updated to green (all sprint issues have active PRs) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
jpleva91
pushed a commit
that referenced
this pull request
Mar 29, 2026
… next Sprint fully closed: all 4 false-positive fix issues resolved (#1209, #1202, #1208, #1139 via PRs #1243, #1252, #1238, #1274). Tests 4442/4442 passing. 0 open PRs. Next sprint: KE-2 ActionContext (#917) → senior; hook exit bug (#1276) → copilot-cli. P0 swarm credit exhaustion (#1289) escalated to ops. https://claude.ai/code/session_01BzmcPyyRR7mfa8dJd52Q7V
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1202
Implementation Summary
What changed:
stripCommandWrappers(command)function topackages/kernel/src/aab.tsthat strips known transparent tool wrapper prefixes (rtk,time,timeout N) before git/github action pattern matchingnormalizeIntentso thatrtk git push origin mainis classified asgit.push, not left asshell.execstripCommandWrappersunit behaviour and 6 fornormalizeIntentwithrtk/timeout-prefixed git/github commandsHow to verify:
pnpm test --filter=@red-codes/kernel— 906 tests pass (up from 893)normalizeIntent({ tool: 'Bash', command: 'rtk git push origin main' })returns{ action: 'git.push', branch: 'main' }normalizeIntent({ tool: 'Bash', command: 'timeout 60 git merge feature' })returns{ action: 'git.merge' }Scope note:
This addresses Gap A from #1202. Gap B (git worktree commands in compound pipelines) and Gap C (emit
UnknownActionTypeWARNING event) are outside Tier C scope — both require changes to the command scanner architecture or event schema.Tier C scope check:
Tier C implementation by copilot-cli — AgentGuard three-tier governance