v0.5.2
v0.5.2 — Contract-Driven Leakage Gate
What changed
The leakage gate used to hard-code a path-based denylist (/(test|val|holdout|hidden|private)/ for tabular files) that over-blocked legitimate reads. In particular, data/train.csv and data/test.csv were blocked even when the task was "predict test.csv sales" — exactly the file the agent needs to read.
The source of truth is now the Task Contract that requirements-analyst writes. The hook and the explicit aion_leakage_check tool enforce it.
Four layers, one source of truth
Layer 1 — hard-coded (always on):
- Credentials / secret paths:
.env,.pem,.key,/secrets/ - AWS / private-key / password-assignment content patterns
- Internal AION agent prompts (
.opencode/agents/*.md) — anti-extraction
Layer 2 — contract-driven (new in v0.5.2):
Read from aion.jsonc → leakage.dataBoundaries, populated by requirements-analyst:
forbiddenReads: glob list; matching path is blockedallowedReads: when NON-EMPTY, allowlist mode (anything not matching is blocked)internetAccess: whenfalse, network calls are blockedruntimeHosts: optional HTTPS host allowlistlabelColumns: columns that MUST NOT appear in feature files
Layer 3 — hook-level (separate): project-root boundary, bash command patterns (rm -rf, git push, etc.).
Layer 4 — ts-critic submission review (new in v0.5.2): three mandatory checks before allow-stop:
- Submission column-name match against contract section 4
- Training-pipeline import-graph audit (every
pd.read_csv/open/load_datasetchecked againstforbidden_reads) - Holdout-set access audit (classify every file the pipeline opens;
hidden/ground_truth/leaderboard= violation)
Prompt changes
- requirements-analyst: Task Contract schema now has 8 sections (added Data Boundaries with allowedReads / forbiddenReads / internetAccess / runtimeHosts / labelColumns / source).
- ts-critic: new Submission Leakage Review HARD GATE section with the 3 mandatory checks.
Migration
Existing user aion.jsonc files keep loading — blockHiddenSetAccess / blockPrivateData flags are now no-ops kept for compatibility. To re-enable hidden-set blocking, set:
Tests
- 584/584 tests pass, typecheck clean.
- 37 leakage tests (contract-driven + credentials + project-root).
- 5 coverage tests updated to the new model.
Files
aion-plugin-0.5.2.tar.gz— 280 KB- Source:
masterbranch at commit773e91b
Upgrade
curl -fsSL https://raw.githubusercontent.com/ztxtech/aion/master/scripts/install.sh | bash -s -- --force --version 0.5.2
{ "leakage": { "dataBoundaries": { "forbiddenReads": ["data/holdout/**", "**/private_labels.*"] } } }