Skip to content

Remove task prompt injection#32

Merged
glittercowboy merged 2 commits intomainfrom
codex/remove-lenses-daemon
Apr 24, 2026
Merged

Remove task prompt injection#32
glittercowboy merged 2 commits intomainfrom
codex/remove-lenses-daemon

Conversation

@glittercowboy
Copy link
Copy Markdown
Contributor

@glittercowboy glittercowboy commented Apr 24, 2026
edited by coderabbitai Bot
Loading

Summary

  • remove task-level persona/system prompt handling from daemon task dispatch
  • keep normal task execution model, effort, permission mode, cwd, and resume session handling intact
  • bump protocol-go to v0.12.0

Verification

  • env GOWORK=off GOCACHE=/tmp/gsd-daemon-remove-lenses-go-cache go test ./...
  • env GOWORK=off GOCACHE=/tmp/gsd-daemon-remove-lenses-go-cache go build -o gsd-cloud .

Post-merge

  • publish the next daemon release tag

Summary by CodeRabbit

Release Notes

  • Refactor
    • Removed custom system prompt configuration from task execution. Sessions now use default system prompt settings exclusively.
    • Updated internal protocol dependencies and streamlined task dispatch architecture.
    • System prompt customization is no longer passed to Claude process invocations.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 24, 2026
edited
Loading

Warning

Rate limit exceeded

@glittercowboy has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 19 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 15 minutes and 19 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b7f73170-7412-43f3-a16a-ce6265bc451f

📥 Commits

Reviewing files that changed from the base of the PR and between 52a9599 and 4ef5aee.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod
📝 Walkthrough

Walkthrough

This pull request systematically removes system prompt configuration capabilities across the codebase by eliminating PersonaSystemPrompt fields from task structs, SystemPrompt from executor options, and all associated task dispatch and executor initialization logic.

Changes

Cohort / File(s) Summary
Dependency Update
go.mod		 Updated github.com/gsd-build/protocol-go from v0.10.0 to v0.12.0, potentially reflecting API changes related to system prompt removal.
Task Claim API
internal/api/cron_claim.go, internal/api/cron_claim_test.go		 Removed PersonaSystemPrompt field from ClaimCronTask struct and updated test mocks to match the new payload shape.
Claude Executor
internal/claude/executor.go, internal/claude/executor_test.go		 Removed SystemPrompt field from Options struct and eliminated conditional --append-system-prompt CLI flag logic; deleted associated test coverage (31 lines).
Runtime Task Handling
internal/crons/runtime.go, internal/crons/runtime_test.go		 Updated Runtime.HandleDue to no longer assign PersonaSystemPrompt when constructing protocol tasks, and updated test assertions accordingly.
Session Actor & Daemon
internal/session/actor.go, internal/session/actor_test.go, internal/loop/daemon.go		 Removed SystemPrompt from session.Options, eliminated all system prompt resolution and executor configuration logic, and deleted comprehensive test coverage (96 lines) validating per-task prompt switching behavior.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 No more personas whispering in the code,
System prompts shed like leaves on the road,
Clean structs now, streamlined and light,
Claude speaks plainly—no masquerade in sight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Remove task prompt injection' directly and clearly describes the main change: removing system prompt injection from task handling, which is the primary focus across all modified files.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/remove-lenses-daemon

Comment @coderabbitai help to get the list of available commands and usage tips.

@glittercowboy glittercowboy force-pushed the codex/remove-lenses-daemon branch from 52a9599 to 4ef5aee Compare April 24, 2026 15:08
coderabbitai[bot]
coderabbitai Bot reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
internal/crons/runtime_test.go (1)

42-50: Assert the dispatched task shape, not just TaskID.

This fixture changed specifically around the dispatch payload, but the test still only checks dispatched.TaskID later. A regression in forwarding Prompt, PermissionMode, CWD, or ClaudeSessionID—or accidental reintroduction of the removed prompt-injection field if protocol.Task still exposes it—would still pass.

Suggested test tightening 
-	if dispatched == nil || dispatched.TaskID != "task-1" {
-		t.Fatalf("expected claimed task to be dispatched, got %+v", dispatched)
-	}
+	if dispatched == nil {
+		t.Fatal("expected claimed task to be dispatched")
+	}
+	if dispatched.TaskID != "task-1" ||
+		dispatched.SessionID != "session-1" ||
+		dispatched.ChannelID != "cron-cron-1-123" ||
+		dispatched.Prompt != "run tests" ||
+		dispatched.Model != "claude-opus-4-6[1m]" ||
+		dispatched.Effort != "max" ||
+		dispatched.PermissionMode != "acceptEdits" ||
+		dispatched.CWD != "/tmp/project" ||
+		dispatched.ClaudeSessionID != "claude-session-1" {
+		t.Fatalf("unexpected dispatched task: %+v", dispatched)
+	}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@internal/crons/runtime_test.go` around lines 42 - 50, The test currently only
asserts dispatched.TaskID; update the assertion to validate the full dispatched
task shape by checking dispatched.Prompt, dispatched.PermissionMode,
dispatched.CWD, dispatched.ClaudeSessionID, dispatched.Model, dispatched.Effort,
dispatched.ChannelID and dispatched.SessionID match the fixture values and
assert that any deprecated/removed field from protocol.Task (e.g. the old
prompt-injection field) is not present or is empty; locate the dispatched
variable in the runtime_test.go test and add these explicit equality (and
absent/empty) checks against the fixture to prevent regressions.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@internal/crons/runtime_test.go`:
- Around line 42-50: The test currently only asserts dispatched.TaskID; update
the assertion to validate the full dispatched task shape by checking
dispatched.Prompt, dispatched.PermissionMode, dispatched.CWD,
dispatched.ClaudeSessionID, dispatched.Model, dispatched.Effort,
dispatched.ChannelID and dispatched.SessionID match the fixture values and
assert that any deprecated/removed field from protocol.Task (e.g. the old
prompt-injection field) is not present or is empty; locate the dispatched
variable in the runtime_test.go test and add these explicit equality (and
absent/empty) checks against the fixture to prevent regressions.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3e35952c-4d39-4531-909f-63d55a2e82d7

📥 Commits

Reviewing files that changed from the base of the PR and between 47501c2 and 52a9599.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (10)
  • go.mod
  • internal/api/cron_claim.go
  • internal/api/cron_claim_test.go
  • internal/claude/executor.go
  • internal/claude/executor_test.go
  • internal/crons/runtime.go
  • internal/crons/runtime_test.go
  • internal/loop/daemon.go
  • internal/session/actor.go
  • internal/session/actor_test.go
💤 Files with no reviewable changes (5)
  • internal/loop/daemon.go
  • internal/claude/executor.go
  • internal/session/actor_test.go
  • internal/claude/executor_test.go
  • internal/session/actor.go

@glittercowboy glittercowboy merged commit eb36fc0 into main Apr 24, 2026
2 checks passed
@glittercowboy glittercowboy deleted the codex/remove-lenses-daemon branch April 24, 2026 15:10
This was referenced Apr 27, 2026
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@glittercowboy