Skip to content

v0.5.2

Choose a tag to compare

@ztxtech ztxtech released this 14 Jun 12:42

v0.5.2 — Contract-Driven Leakage Gate

What changed

The leakage gate used to hard-code a path-based denylist (/(test|val|holdout|hidden|private)/ for tabular files) that over-blocked legitimate reads. In particular, data/train.csv and data/test.csv were blocked even when the task was "predict test.csv sales" — exactly the file the agent needs to read.

The source of truth is now the Task Contract that requirements-analyst writes. The hook and the explicit aion_leakage_check tool enforce it.

Four layers, one source of truth

Layer 1 — hard-coded (always on):

  • Credentials / secret paths: .env, .pem, .key, /secrets/
  • AWS / private-key / password-assignment content patterns
  • Internal AION agent prompts (.opencode/agents/*.md) — anti-extraction

Layer 2 — contract-driven (new in v0.5.2):
Read from aion.jsonc → leakage.dataBoundaries, populated by requirements-analyst:

  • forbiddenReads: glob list; matching path is blocked
  • allowedReads: when NON-EMPTY, allowlist mode (anything not matching is blocked)
  • internetAccess: when false, network calls are blocked
  • runtimeHosts: optional HTTPS host allowlist
  • labelColumns: columns that MUST NOT appear in feature files

Layer 3 — hook-level (separate): project-root boundary, bash command patterns (rm -rf, git push, etc.).

Layer 4 — ts-critic submission review (new in v0.5.2): three mandatory checks before allow-stop:

  1. Submission column-name match against contract section 4
  2. Training-pipeline import-graph audit (every pd.read_csv / open / load_dataset checked against forbidden_reads)
  3. Holdout-set access audit (classify every file the pipeline opens; hidden / ground_truth / leaderboard = violation)

Prompt changes

  • requirements-analyst: Task Contract schema now has 8 sections (added Data Boundaries with allowedReads / forbiddenReads / internetAccess / runtimeHosts / labelColumns / source).
  • ts-critic: new Submission Leakage Review HARD GATE section with the 3 mandatory checks.

Migration

Existing user aion.jsonc files keep loading — blockHiddenSetAccess / blockPrivateData flags are now no-ops kept for compatibility. To re-enable hidden-set blocking, set:

{
  "leakage": {
    "dataBoundaries": {
      "forbiddenReads": ["data/holdout/**", "**/private_labels.*"]
    }
  }
}

Tests

  • 584/584 tests pass, typecheck clean.
  • 37 leakage tests (contract-driven + credentials + project-root).
  • 5 coverage tests updated to the new model.

Files

  • aion-plugin-0.5.2.tar.gz — 280 KB
  • Source: master branch at commit 773e91b

Upgrade

curl -fsSL https://raw.githubusercontent.com/ztxtech/aion/master/scripts/install.sh | bash -s -- --force --version 0.5.2