Skip to content

Public launch

Latest
Marketplace
Latest
Marketplace

Choose a tag to compare

View all tags
@techarrow12 techarrow12 released this 15 May 08:38
v0.1.3
0a02029

Full Changelog: v0.1.2...v0.1.3

Superbus Contract Action

  • v0.1.3

No AI PR without a contract.

This release hardens the public GitHub Action and simplifies the onboarding path for developers installing Superbus for the first time.
contract-violated-homepage jpeg

Added

  • Adversarial edge-case test coverage for path normalization and contract bypass attempts
  • Tests for path traversal, Windows path separators, leading slashes, mixed-case paths, and blocked-scope overrides
  • Tests for observe mode and enforce mode behavior
  • README product visual for the contract violation PR comment

Changed

  • Simplified README onboarding around two files:
    • .superbus/agent-contract.json
    • .github/workflows/superbus-contract-check.yml
  • Improved violation comments to show the matched blocked_scope pattern
  • Removed duplicate outside-scope noise when a blocked file already explains the violation
  • Neutralized examples to avoid app-specific/private domain language
  • Removed unnecessary source map output from the published action bundle

Security and privacy

  • The action checks PR changed-file paths only
  • It does not fetch source file contents
  • It does not inspect diffs
  • It does not upload source code
  • It does not call external APIs other than GitHub

Usage

- uses: techarrow12/superbus-contract-action@v0.1.3
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
Assets 2
Loading