fix: v0.3.1 post-publish adversarial review#19
Merged
Conversation
Addresses 1 critical, 2 high, 5 moderate findings from Atlas's adversarial review of v0.3.0. Critical: bundle JSON schemas in npm + PyPI artifacts. High: no-network CI guard (AST-aware scanner for source, dist, packed artifact). Schema/runtime parity fixes for sentiment version, decision/goal/action ISO dates, temporal-ref range constraint, source_metadata required version. Moderate: SECURITY.md sdist overclaim, callback signature marked PROPOSED, action.due ISO enforcement, CHANGELOG test counts. 5 new conformance fixtures for schema/runtime divergence cases. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Address all 6 findings from Atlas's second adversarial review: HIGH #1 - No-network guard hardening: - Add Reflect.get on global objects detection - Add array .join("") assembling forbidden names detection - Add importlib.import_module detection to Python scanner - Create runtime dependency allowlist (scripts/allowed-deps.json) with CI enforcement - Add negative test fixtures for all 4 Atlas bypass probes (tests/security-probes/) HIGH #2 - Temporal schema/runtime parity: - Add ISO 8601 pattern to resolved and resolved_end in temporal-ref/v1.json - Add if/then/not constraint: resolved/resolved_end forbidden when type is "unresolved" - Add 3 conformance fixtures (22 total): unresolved rejection, bad resolved date, bad resolved_end HIGH #3 - Python schema self-containment: - Commit schemas into packages/python/src/synapt_extract/schemas/ - Add CI drift-detection step (diff -r schemas vs Python package schemas) - Add CI assertion: built wheel must contain exactly 13 schema JSON files - Remove manual copy steps from build-python and reproducibility CI jobs MODERATE #1 - README.md install strings updated to 0.3.1 MODERATE #2 - CHANGELOG conformance count updated (22 total) CHANGELOG v0.3.1 entry updated to cite both rounds of Atlas adversarial review Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Address Atlas round 3 findings: 1. CHANGELOG behavioral-shifts section: explicit table enumerating all 9 schema tightenings per VERSIONING.md. Each entry states what changed at the schema layer, confirms runtime validators were already this strict in v0.3.0, and identifies the only break case (third-party validators using URL-based schemas without the package runtime). 2. Commit all 4 security probe fixtures: .gitignore excluded *.js globally, so the 3 JS probes (Reflect.get, Function-no-new, array-join) were on disk but not tracked. Added !tests/security-probes/**/*.js exception. 3. Conformance count clarified: 22 validation + 2 prompt + 2 finalize = 26 total (was 14 + 2 + 2 = 18 in v0.3.0). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cloudflare blocks default curl UA from GitHub Actions datacenter IPs. Use a synapt-specific User-Agent header so the smoke gate passes in CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
HIGH #1 — CHANGELOG behavioral-shifts truth correction: Atlas verified that action.due and source_metadata.version are RUNTIME tightenings, not just schema catching up. v0.3.0 runtime accepted free-form action.due and source_metadata without version. The table now explicitly marks these 2 rows as "No. Runtime tightening." with upgrade advice for consumers to audit stored extractions. MODERATE #1 — schema-url-check Cloudflare bypass: Cloudflare blocks GitHub Actions datacenter IPs regardless of UA. Rewrote the smoke gate: in CI, validates $id URL structure and schema consistency (offline checks). Locally, also runs live CDN verification. Live CDN CI verification deferred to v0.3.2 (Cloudflare allowlist). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses all 8 findings from Atlas's adversarial review of v0.3.0 (m_aba4af9f).
Critical (1):
schemas/) in both npm and PyPI packagesHigh (2):
scripts/check-no-network.mjs,scripts/check-no-network.py) runs on source, compiled dist, and packed artifact. Catches Atlas's PoC (globalThis["fe"+"tch"](url)) with two independent detectors.sentiment/v1.json:versionnow requireddecision/v1.json:decided_atenforces ISO 8601 patterngoal/v1.json:stated_at/resolved_atenforce ISO 8601 patterntemporal-ref/v1.json:resolved_endrequired whentypeis"range"(if/then)action/v1.json:dueenforces ISO 8601 patternsource-metadata/v1.json:versionnow requiredModerate (5):
action.duevalidated as ISO 8601 in TS + Python runtimessource_metadata.versionrequired in schema, TS type, and both runtimes5 new conformance fixtures for the divergence cases.
Premium boundary: extract is OSS (pure computation library).
Closes #19
Test plan
npm packincludesschemas/tree (59 total files)schemas/**/*.json🤖 Generated with Claude Code