feat: add wildcard accept ["*"] for write-sink guards#1868
Merged
Conversation
Add WildcardTag ("*") support to DIFC label subset checks. When the
superset side of a flow check contains "*", the check passes regardless
of what tags the other side has.
This enables write-sink accept=["*"] for repos="all" and repos="public"
configurations where the agent has no secrecy tags but still needs a
write-sink to prevent noop guard integrity violations.
Changes:
- Add WildcardTag constant and wildcard logic to checkFlowHelper,
SecrecyLabel.CanFlowTo, and IntegrityLabel.CanFlowTo
- Update ValidateWriteSinkPolicy to accept ["*"] as sole entry
- Reject "*" mixed with other accept entries
- Update WriteSinkAcceptRules godoc and WriteSinkGuard docstring
- Update README accept rules table: repos="all"/"public" → ["*"]
- Add 20+ tests: DIFC wildcard flow checks, write-sink evaluation
with wildcard accept, and validation edge cases
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds wildcard tag ("*") support to DIFC label subset checks, enabling accept: ["*"] in write-sink guard configuration for repos="all" and repos="public" scenarios where agents have no secrecy tags but still need write-sink guards to prevent noop guard integrity violations.
Changes:
- Introduces
WildcardTagconstant and wildcard logic in DIFC flow checks (checkFlowHelper,SecrecyLabel.CanFlowTo,IntegrityLabel.CanFlowTo) - Adds validation that
["*"]is accepted as sole entry in write-sink accept config, rejecting mixed usage - Updates documentation and tests to reflect that write-sink is now required for all output servers
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| internal/difc/labels.go | Adds WildcardTag constant and wildcard bypass in flow checks |
| internal/difc/labels_test.go | 20+ tests for wildcard tag behavior in secrecy/integrity flows |
| internal/config/guard_policy.go | Validation for ["*"] wildcard accept + updated godoc |
| internal/config/config_guardpolicies_test.go | Validation tests for wildcard accept |
| internal/guard/write_sink.go | Updated docstring with wildcard examples |
| internal/guard/write_sink_test.go | Updated tests to use wildcard accept for repos="all"/"public" |
| README.md | Updated accept rules table and key rules |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
…ions Update README and config.example.toml to document that write-sink is required for ALL output servers when DIFC guards are enabled, not just for scoped repos. Add examples showing correct accept values for every GitHub guard policy option: - repos="all" / repos="public" → accept=["*"] (wildcard) - repos=["owner/*"] → accept=["private:owner"] - repos=["owner/repo"] → accept=["private:owner/repo"] - repos=["owner/prefix*"] → accept=["private:owner/prefix*"] README changes: - Rewrite write-sink section to lead with "required for ALL" emphasis - Add separate JSON/TOML examples for scoped vs broad access - Add "*" wildcard as first entry in accept format list - Update "When to use" to say required, not optional config.example.toml changes: - Add "IMPORTANT: Write-sink is REQUIRED" note - Show both wildcard and scoped accept examples - Add quick reference table mapping repos → accept Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Mar 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
WildcardTag("*") support to DIFC label subset checks, enablingaccept: ["*"]in write-sink guard configuration.Problem
When DIFC guards are enabled, output servers like
safeoutputsneed a write-sink guard to prevent noop guard integrity violations. Forrepos="all"andrepos="public"configurations (where the agent has no secrecy tags), there was no clear accept value to use — the write-sink is needed purely to classify operations as writes.Solution
"*", the subset check passes unconditionally. This is implemented incheckFlowHelper,SecrecyLabel.CanFlowTo, andIntegrityLabel.CanFlowTo.accept: ["*"]is accepted as a sole entry;"*"mixed with other entries is rejected.repos="all"/repos="public"now map toaccept: ["*"](previously documented as "not required").Accept Rules Table (updated)
allow-only.reposwrite-sink.accept"all"[](none)["*"](wildcard)"public"[](none)["*"](wildcard)["owner/repo"]["private:owner/repo"]["private:owner/repo"]["owner/*"]["private:owner"]["private:owner"]["owner/prefix*"]["private:owner/prefix*"]["private:owner/prefix*"]Changes
internal/difc/labels.go—WildcardTagconstant + wildcard logic in flow checksinternal/difc/labels_test.go— 20+ wildcard flow testsinternal/config/guard_policy.go— Validation for["*"], updated godocinternal/config/config_guardpolicies_test.go— Wildcard validation testsinternal/guard/write_sink.go— Updated docstringinternal/guard/write_sink_test.go— Wildcard DIFC evaluation testsREADME.md— Updated accept rules table and key rulesTesting
All existing + new tests pass via
make agent-finished.