Skip to content

fix(scheduler): adversarial policy bypass for list_tasks + #[non_exhaustive] on 17 enums#4536

Merged
bug-ops merged 2 commits into
mainfrom
4529-scheduler-policy-bypass
May 28, 2026
Merged

fix(scheduler): adversarial policy bypass for list_tasks + #[non_exhaustive] on 17 enums#4536
bug-ops merged 2 commits into
mainfrom
4529-scheduler-policy-bypass

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented May 28, 2026

Summary

  • Add list_tasks to AdversarialPolicyConfig::default_exempt_tools() so /scheduler list is never blocked by the adversarial probe gate when the embed provider is unavailable and fail_open=false
  • Add #[non_exhaustive] to 17 extensible pub enums across zeph-orchestration, zeph-subagent, and zeph-scheduler to prevent downstream exhaustive match breakage on future variant additions

Changes

Fix #4529 — adversarial policy bypass:

  • crates/zeph-config/src/tools.rs: list_tasks added to default_exempt_tools(); read-only scheduler intrinsics bypass the ShadowProbeExecutor unconditionally
  • crates/zeph-tools/src/config.rs: regression test asserting list_tasks is in the exempt list

Fix #4527#[non_exhaustive] on 17 enums:

  • zeph-orchestration: TaskStatus, GraphStatus, ExecutionMode, TaskClass, TopologyHint, Topology, DispatchStrategy, LineageKind
  • zeph-subagent: SubAgentState, AgentsCommand, AgentCommand, FleetSessionStatus, GrantKind, HookError
  • zeph-scheduler: SchedulerMessage, TaskKind, TaskMode
  • Wildcard arms added at 5 match sites in zeph-core and the binary

Test plan

  • cargo +nightly fmt --check — OK
  • cargo clippy (affected crates) — 0 errors, 0 warnings
  • cargo nextest run --workspace --lib --bins — 10108 passed, 21 skipped

Closes #4529
Closes #4527

@github-actions github-actions Bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate bug Something isn't working labels May 28, 2026
@bug-ops bug-ops enabled auto-merge (squash) May 28, 2026 16:45
@bug-ops bug-ops force-pushed the 4529-scheduler-policy-bypass branch from a9cc4e9 to 5472fcd Compare May 28, 2026 16:45
@github-actions github-actions Bot added the size/S Small PR (11-50 lines) label May 28, 2026
bug-ops added 2 commits May 28, 2026 18:48
@bug-ops
fix(scheduler): exempt list_tasks from adversarial policy gate
c0f8881 
When the embed provider is unavailable and fail_open=false, the
ShadowProbeExecutor times out and blocks read-only scheduler commands.
Add list_tasks to AdversarialPolicyConfig::default_exempt_tools() so
/scheduler list is never subject to the adversarial probe.

Closes #4529
@bug-ops
arch(orchestration,subagent,scheduler): add #[non_exhaustive] to 17 p…
5083c96 
…ub enums

Prevents downstream exhaustive match breakage when new variants are
added to extensible FSM and command enums across zeph-orchestration,
zeph-subagent, and zeph-scheduler. Adds wildcard arms at 5 match sites
in zeph-core and the binary.

Closes #4527
@bug-ops bug-ops force-pushed the 4529-scheduler-policy-bypass branch from 5472fcd to 5083c96 Compare May 28, 2026 16:48
@bug-ops bug-ops merged commit 5160389 into main May 28, 2026
32 checks passed
@bug-ops bug-ops deleted the 4529-scheduler-policy-bypass branch May 28, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working core zeph-core crate documentation Improvements or additions to documentation rust Rust code changes size/S Small PR (11-50 lines)

Projects

None yet

Milestone

No milestone

1 participant

@bug-ops