fix: pentest hardening #0087 -- mktemp guard + pentest report cap + #0169 scope#163
Merged
fix: pentest hardening #0087 -- mktemp guard + pentest report cap + #0169 scope#163
Conversation
…scope - lib-agent.sh:74: add mktemp failure guard to save_prompt_snapshots; without it snap_dir="" silently disables all prompt integrity checks - daemon.sh:234: pass max_lines=80 to extract_result_summary for pentest reports; default 40-line cap was truncating builder-handoff section - docs/tasks/0169.md: scope in FEATURE/PR_URL daemon.sh extractors (also broken for Codex); acceptance criteria expanded to 5 tests - docs/tasks/.next-id: correct stale value 169->170 (0169 already created)
fazxes
added a commit
that referenced
this pull request
Apr 9, 2026
…one) Queue before: 72 pending + 9 wontfix-in-active-dir Queue after: 65 pending + 0 wontfix (all converted to done for archiving) Merged into primary tasks (5 closures): - #175 -> #174: both add tests to TestAuthFailureDetection, same PR - #163 -> #162: both are scoring module tests from PR #158 review, same PR - #124 -> #122: both validate doc snapshot consistency, same PR scope - #196 -> #173: both add entries to PROMPT_GUARD_FILES in lib-agent.sh - #180 -> #179: both touch _is_valid_eval_file() in pick-role.py, same PR Closed as obsolete (1): - #78: references non-existent "evolve.md Step 8" and the multi-agent review panel replaced by unified review in PR #107 Closed as low-value (1): - #230: _DELEGATION_ROLE_MAP covers all 8 current agent types; new agent types require major framework work making the map update obvious Converted wontfix -> done for archiving (9): - #77, #80, #107, #111, #115, #119, #127, #129, #134 All had wontfix status with rationale already documented; changed to done so daemon's archive_done_tasks() housekeeping removes them
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
lib-agent.sh:74: add mktemp failure guard tosave_prompt_snapshots; without it a full/tmpsilently disables all prompt integrity checks for the entire cycledaemon.sh:234: passmax_lines=80toextract_result_summaryfor the pentest report call site; default 40 silently truncated the builder-handoff section of longer reportsdocs/tasks/0169.md: expand scope to include FEATURE/PR_URL extractors (same Codex format bug, same fix session)docs/tasks/.next-id: corrected stale169→170Test plan
make checkpasses (1043 tests)bash -n scripts/lib-agent.sh && bash -n scripts/daemon.sh