Skip to content

fix: use shallow clone to prevent reward hacking via git history#114

Open
neubig wants to merge 3 commits intocommit-0:mainfrom
neubig:fix-reward-hacking-git-history
Open

fix: use shallow clone to prevent reward hacking via git history#114
neubig wants to merge 3 commits intocommit-0:mainfrom
neubig:fix-reward-hacking-git-history

Conversation

@neubig
Copy link

@neubig neubig commented Feb 17, 2026

Summary

Use --depth 1 when cloning repositories to prevent agents from accessing git history and exploiting it to retrieve original function implementations.

Fixes #113

Use --depth 1 when cloning repositories to prevent agents from accessing
git history and exploiting it to retrieve original function implementations
that were stripped out.

This addresses a reward hacking vulnerability where agents can use
git log/diff/show commands to find and copy original implementations
instead of writing them from scratch.

For Commit0Spec, also fetch the specific env_setup_commit with --depth 1
before resetting to it, since shallow clone only gets the default branch tip.

Co-authored-by: openhands <openhands@all-hands.dev>
The shallow clone only fetches the latest commit, but the setup scripts
need access to both env_setup_commit (reference_commit) and base_commit
for the git reset operations.

- Commit0Spec: Fetch both env_setup_commit and base_commit before
  removing remote
- SWEBenchSpec: Fetch base_commit needed for eval script reset

Co-authored-by: openhands <openhands@all-hands.dev>
Modal requires authentication tokens that aren't available to fork PRs.
Using the local Docker backend allows CI to run without Modal credentials.

Co-authored-by: openhands <openhands@all-hands.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Reward hacking vulnerability: git history exposes original implementations

2 participants

Comments