Skip to content

security: extend CODEOWNERS to Makefile and scripts/ (H2 mitigation)#1028

Open
microsasa wants to merge 1 commit intomainfrom
fix/h2-codeowners-extend
Open

security: extend CODEOWNERS to Makefile and scripts/ (H2 mitigation)#1028
microsasa wants to merge 1 commit intomainfrom
fix/h2-codeowners-extend

Conversation

@microsasa
Copy link
Copy Markdown
Owner

@microsasa microsasa commented Apr 20, 2026

Caps auto-merge blast radius for build/release paths without killing pipeline autonomy.

Context

Audit #92 finding H2 originally proposed adding a human-only ready-for-auto-approve label gate on quality-gate to prevent prompt-injection-driven auto-APPROVE. That fix breaks the pipeline's core value proposition (no-human-in-the-loop).

This PR implements the reframed fix: cap blast radius by path, not by approval.

Change

Extend .github/CODEOWNERS to cover:

  • /Makefile — executed by ci.yml via make ci; a malicious target runs arbitrary code in CI.
  • /scripts/ — currently contains hold-for-merge.sh and release-from-merge.sh; release-gating logic. Compromise means shipping bad artifacts.

Defense in depth (all 3 active after this merges)

  1. Option A — trusted input boundary. Only @microsasa has triage role, so only @microsasa can apply the aw label. Pipeline ignores external issues/PRs. (Verified: all 20 most recent aw issues authored by @microsasa.)
  2. Option B — runtime sanitization. gh-aw v0.68.7 applies XPIA / homoglyph (NFKC) / heredoc / steganographic-markdown filtering to issue and PR bodies before the agent sees them. Active as of PR chore(deps): bump gh-aw toolchain to v0.68.7 + pydantic 2.13.2 #1023.
  3. Option C (this PR) — path-scoped auto-merge guard. Quality-gate can auto-approve freely, but CODEOWNERS blocks auto-merge of PRs touching sensitive paths.

Pipeline impact

Zero. Quality-gate continues to auto-approve PRs touching src/, tests/, docs/, etc. Only PRs that shouldn't auto-merge anyway (touching workflows, lock files, build glue, release scripts) now require your explicit review.

Refs

Refs #92 (meta — do NOT close)

Copilot AI review requested due to automatic review settings April 20, 2026 14:44
@microsasa microsasa mentioned this pull request Apr 20, 2026
Closed
21 tasks
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Extends repository path-based CODEOWNERS protections to reduce the auto-merge blast radius for build/release-related changes (per audit finding H2 mitigation).

Changes:

  • Adds CODEOWNERS entries for /Makefile to require @microsasa review.
  • Adds CODEOWNERS entries for /scripts/ to require @microsasa review.

@microsasa microsasa force-pushed the fix/h2-codeowners-extend branch from ce9dd46 to 9d334bf Compare April 21, 2026 22:57
@microsasa
security: extend CODEOWNERS to Makefile and scripts/ (H2 mitigation)
ab4e921 
Cap auto-merge blast radius for build glue and release scripts.

## Rationale

H2 from audit #92 proposed a human-only label gate on quality-gate
to prevent prompt-injection-driven auto-APPROVE. That fix kills
pipeline autonomy (the whole point is no-human-in-the-loop).

Instead, we cap blast radius by path: let quality-gate auto-approve
PRs freely for application code (src/, tests/, docs/), but require
human review for paths where a malicious change could execute
arbitrary code during CI or release:

- /Makefile — executed by ci.yml via `make ci`; malicious target
  would run in CI with whatever privileges ci.yml has.
- /scripts/ — currently hold-for-merge.sh and release-from-merge.sh;
  release-gating logic. Compromise → bad artifacts shipped.

## Defense layers (from audit findings)

1. Option A: only @microsasa has triage role, so only @microsasa
   can apply 'aw' label → pipeline ignores external input.
2. Option B: gh-aw v0.68.7 XPIA/homoglyph/heredoc sanitization
   active as of PR #1023.
3. Option C (this PR): CODEOWNERS blocks auto-merge of changes to
   sensitive build/release paths.

Pipeline autonomy preserved for src/, tests/, docs/.

Refs #92

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 23, 2026 05:33
@microsasa microsasa force-pushed the fix/h2-codeowners-extend branch from 9d334bf to ab4e921 Compare April 23, 2026 05:33
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@microsasa