Skip to content

fix(review): stop generic_secret_assignment from auto-closing PRs#5370

Merged
JSONbored merged 1 commit into
mainfrom
claude/pr-5346-secret-detection-cdc8ad
Jul 12, 2026
Merged

fix(review): stop generic_secret_assignment from auto-closing PRs#5370
JSONbored merged 1 commit into
mainfrom
claude/pr-5346-secret-detection-cdc8ad

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

Changes

  • src/review/secret-patterns.ts: split generic_secret_assignment out of HARD_SECRET_KINDS into a new ADVISORY_ONLY_SECRET_KINDS. Added looksLikeDescriptivePlaceholderPhrase (+ ENGLISH_FUNCTION_WORDS): a value with 5+ lowercase-only hyphen/underscore segments containing a low-entropy English function word ("not", "a", "should", "never", ...) reads as written prose describing the value, not a credential or a deliberately chosen passphrase — this independently resolves both PR feat(miner): add offline GitHub-token and coding-agent-credential presence checks to doctor (#5170) #5346 literals without weakening detection of a genuine human-chosen passphrase like correct-horse-battery-secret (diceware-style passphrases are chosen from high-entropy content words specifically because function words carry little entropy, so they essentially never contain one).
  • review-enrichment/src/analyzers/secret-scan.ts (REES): mirrored the same heuristic, per this file's existing twin-pair drift-check design with the host copy.
  • src/review/safety.ts: secretLeakFinding now only produces the unconditional-blocking secret_leak (critical) finding for concrete kinds; a generic-only hit produces a new non-blocking possible_secret_assignment (warning) finding instead.
  • src/review/content-lane/security-scan.ts: same demotion — a generic-only hit now routes to manual (never close), matching this file's own documented auto-close design principle. scanLinkedBodiesForSecrets also gained generic-hit detection (previously only reachable via HARD_SECRET_KINDS, now needs an explicit check since that set narrowed).

Test plan

  • npm run typecheck — clean
  • npm run test:coverage (full unsharded suite) — 758 passed | 2 skipped; secret-patterns.ts/safety.ts/content-lane/security-scan.ts all 100% lines + 100% branches
  • npm run test:engine-parity / npm run test:driver-parity / npm run engine-parity:drift-check — all green (mirrored REES copy keeps the twin-pair check passing)
  • npm run rees:test — 1320/1320 passing (REES's own build+drift+test gate)
  • npm run docs:drift-check / npm run manifest:drift-check — clean
  • Added regression tests reproducing both exact PR feat(miner): add offline GitHub-token and coding-agent-credential presence checks to doctor (#5170) #5346 false-positive strings, the mixed concrete+generic case (concrete still wins/blocks), and both branches of the new structural heuristic (including a preserved-detection case for a genuine diceware-style passphrase)
  • npm run test:ci (full local gate) — green aside from one confirmed-unrelated flaky test (miner-repo-clone.test.ts, a real git-clone integration test timing out under concurrent-session CPU load on this shared machine; passes in 22s in isolation, no relation to any file this PR touches)

PR #5346 (a resubmission of #5341) was auto-closed over two inert
test-fixture strings that matched the generic_secret_assignment
keyword-plus-quoted-value SHAPE but weren't real credentials -- the
same heuristic has now caused at least eight prior false-positive
incidents (#2613, #3178, #3673, #3866, #4587, #4733, plus several
fixture-rewording commits), each patched by narrowing an allowlist
rather than fixing the underlying design.

REES's own copy of this rule already rates it "medium confidence"
("catches real keys but also the occasional long opaque non-secret"),
and content-lane/security-scan.ts's own header states the design
principle this violated: a gate that auto-closes with no human queue
may only hard-close on a signal unambiguous enough that a false
positive is essentially impossible.

Split generic_secret_assignment out of HARD_SECRET_KINDS into a new
ADVISORY_ONLY_SECRET_KINDS: it still surfaces (a warning-severity
possible_secret_assignment finding / a "manual" content-lane verdict),
but never auto-blocks or auto-closes on its own. Concrete credential
formats (github_token, aws_access_key, private_key_block, ...) are
unaffected and remain unconditional hard blockers.

Also add a structural placeholder heuristic (looksLikeDescriptive
PlaceholderPhrase, mirrored in REES): a value with 5+ lowercase-only
hyphen/underscore segments containing an English function word reads
as written prose describing the value, not a credential or a chosen
passphrase -- this independently resolves both PR #5346 literals
without weakening detection of a genuine human-chosen passphrase like
"correct-horse-battery-secret" (no function words, by design).
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.37%. Comparing base (b5db38f) to head (fe5a7a1).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5370      +/-   ##
==========================================
- Coverage   94.41%   94.37%   -0.04%     
==========================================
  Files         550      550              
  Lines       44143    44160      +17     
  Branches    14632    14637       +5     
==========================================
  Hits        41677    41677              
- Misses       1791     1808      +17     
  Partials      675      675              
Flag Coverage Δ
shard-1 43.74% <61.29%> (-0.26%) ⬇️
shard-2 34.13% <48.38%> (-0.51%) ⬇️
shard-3 32.15% <64.51%> (+0.56%) ⬆️
shard-4 31.19% <22.58%> (-0.06%) ⬇️
shard-5 33.07% <9.67%> (-0.22%) ⬇️
shard-6 43.60% <48.38%> (+0.20%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/review/content-lane/security-scan.ts 100.00% <100.00%> (ø)
src/review/safety.ts 100.00% <100.00%> (ø)
src/review/secret-patterns.ts 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@loopover-orb

loopover-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 15:24:16 UTC

8 files · 1 AI reviewer · 3 blockers · readiness 93/100 · CI green · clean

⏸️ Suggested Action - Manual Review

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
  • Possible leaked secret in the diff (generic_secret_assignment) — Remove the secret from the diff, rotate the exposed credential, then re-run the gate.

Review summary
This PR splits the keyword-plus-quoted-value `generic_secret_assignment` heuristic out of the unconditional `HARD_SECRET_KINDS` set into a new advisory-only bucket that routes to a warning/manual-review finding instead of an auto-closing critical blocker, backed by a well-reasoned `looksLikeDescriptivePlaceholderPhrase` structural check for prose-style placeholders. The change is mirrored correctly across the PR-diff gate (`safety.ts`), the content-lane submission scanner, and the standalone `review-enrichment` copy, with each call site's `manual`/`warning` routing verified by tests, and the diff is disciplined about not touching the unrelated concrete-format kinds. The one gap is that `secretLeakFinding`'s and `scanSubmissionContent`'s doc comments assert these are the ONLY two paths that decide close-vs-manual, but I can't verify from this diff alone whether any other caller (e.g. AI-review wiring or the content-lane router) still branches on the old `HARD_SECRET_KINDS` membership of `generic_secret_assignment` directly rather than going through these functions.

Nits — 5 non-blocking
  • The external brief's 'leaked secret' flags on the new test fixtures (e.g. `test/unit/secret-patterns.test.ts:190/192`, `review-enrichment/test/secret-scan.test.ts:163/170/179`) are exactly the class of false positive this PR fixes — inert fixture strings like `present-value-not-a-real-token` — not real leaks, but worth a quick human glance to be sure none of the added test literals resemble a real key format.
  • src/review/secret-patterns.ts and review-enrichment/src/analyzers/secret-scan.ts duplicate `ENGLISH_FUNCTION_WORDS` and `looksLikeDescriptivePlaceholderPhrase` verbatim (drift-checked, not imported per the existing convention) — worth double-checking both copies stay in sync on future edits since there's no shared import.
  • review-enrichment/src/analyzers/secret-scan.ts is now ~1104 lines per the size-smell scan; consider flagging for a future split, though this PR only adds ~36 lines to it so it's not this PR's burden to fix.
  • MIN_DESCRIPTIVE_PHRASE_SEGMENTS = 5 and MAX_REPORTED_SECRET_LOCATIONS constants are already named, which is good — the brief's magic-number complaints on lines like secret-patterns.ts:106 are actually already-named constants, not raw literals in the logic.
  • Add a one-line grep/lint check (or at least a comment pointer) tying the two duplicated `looksLikeDescriptivePlaceholderPhrase` copies together so a future edit to one doesn't silently drift from the other.

Concerns raised — review before merging

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
  • Possible leaked secret in the diff (generic_secret_assignment) — Remove the secret from the diff, rotate the exposed credential, then re-run the gate.
Signal Result Evidence
Code review ❌ 3 blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 476 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 476 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 44 PR(s), 476 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@loopover-orb loopover-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
@JSONbored
JSONbored merged commit 5855f8a into main Jul 12, 2026
17 checks passed
@JSONbored
JSONbored deleted the claude/pr-5346-secret-detection-cdc8ad branch July 12, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant