Skip to content

fix: prompt guard distinguishes PR merges from direct pushes#143

Merged
fazxes merged 1 commit intomainfrom
fix/prompt-guard-pr-merge
Apr 6, 2026
Merged

fix: prompt guard distinguishes PR merges from direct pushes#143
fazxes merged 1 commit intomainfrom
fix/prompt-guard-pr-merge

Conversation

@fazxes
Copy link
Copy Markdown
Member

@fazxes fazxes commented Apr 6, 2026

Summary

  • Breaks the bootstrap self-revert loop: check_origin_integrity now skips when all first-parent commits between snapshot and current are merge commits (PR workflow)
  • Adds .nightshift.json to PROMPT_GUARD_FILES (restores SSRF protection from reverted PR security: fix prompt-guard revert-failure and .nightshift.json SSRF #140)
  • Returns exit code 2 when revert push fails (was always 1), daemon.sh handles all 3 codes

Root cause

The guard couldn't distinguish gh pr merge --merge (creates merge commits with 2+ parents) from direct pushes (single parent). It reverted PR #140 and #142's security fixes, causing the 3 test failures on main.

Test plan

  • make check — 1012 passed, 0 failed
  • Verify daemon runs without self-reverting after PR merges

@fazxes
fix: prompt guard distinguishes PR merges from direct pushes
a68ba4c 
The check_origin_integrity function was reverting legitimate PR merges
because it couldn't tell them apart from direct-push attacks. This
caused a bootstrap loop where security fixes to the guard itself got
auto-reverted.

- Skip guard when all first-parent commits are merge commits (PR workflow)
- Add .nightshift.json to PROMPT_GUARD_FILES (SSRF protection)
- Return exit code 2 when revert push fails (was always 1)
- daemon.sh handles exit codes 0/1/2 with appropriate messaging
@fazxes fazxes merged commit e66def5 into main Apr 6, 2026
3 checks passed
@fazxes fazxes deleted the fix/prompt-guard-pr-merge branch April 6, 2026 14:39
fazxes added a commit that referenced this pull request Apr 6, 2026
@fazxes
overseer: create 2 urgent daemon tasks, close 8 stale/done tasks
13ca8f9 
Pentest found daemon.sh crashes on bash 3.2 due to `local` outside
function (PR #143 regression). Created urgent tasks #154 and #155.

Done: #116 (PR #126), #151 (tracker count fixed by PR #142)
Wontfix: #80, #107, #111, #115, #127, #134 (speculative/superseded)
@fazxes fazxes mentioned this pull request Apr 6, 2026
Merged
2 tasks
fazxes added a commit that referenced this pull request Apr 6, 2026
@fazxes
fix: daemon crash + restore security abort on revert failure (#154, #155
30dc37a 
)

PR #143 introduced `local origin_rc=$?` outside any function at both
origin-guard sites in daemon.sh. On bash 3.2 with set -u, this crashes
the daemon with "unbound variable" -- no cycle has completed since.

Also restores the exit-code-2 abort logic that PR #143 overwrote:
both pentest-preflight and post-builder guard sites now call
notify_human and break when check_origin_integrity returns 2 (revert
failed), preventing reset_repo_state from pulling tampered origin/main
and the exec self-restart from running attacker-controlled daemon.sh.
@fazxes fazxes mentioned this pull request Apr 6, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fazxes