fix(module-25): close command-injection + lab-integrity issues
- agent-job.yml: pass untrusted issue body via env (BODY), never interpolated into a run: shell line (fixes GHA expression-injection). Adds security note. - lab/.gitignore: keep propose_pr's `git add -A` from sweeping __pycache__ and copied scaffolding into the review diff. - agent_runner.py: simulated reject() now removes the agent's untracked files (git restore can't), and the Module 2 restore line only prints for the real tracked-edit path. - README: clarify --simulate uses a deterministic stand-in, not the delete issue. Closes #24 Closes #25 Closes #26 Closes #27 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
# Keep the agent's proposed diff clean (Module 25, Part B).
|
||||
#
|
||||
# propose_pr() in agent_runner.py runs `git add -A` on purpose — a real agent (Part D) may touch
|
||||
# files you can't enumerate ahead of time, so staging everything is the correct behavior. This
|
||||
# .gitignore is what keeps that honest: it excludes the Python caches and the lab scaffolding you
|
||||
# copied into tasks-app, so the commit the agent proposes is ONLY its real change (agent_demo.py and
|
||||
# its test in the simulated path) — not binary .pyc noise or the orchestrator itself.
|
||||
|
||||
# Python / tool caches
|
||||
__pycache__/
|
||||
.pytest_cache/
|
||||
.ruff_cache/
|
||||
|
||||
# Lab scaffolding copied into tasks-app for this module — not part of the agent's change.
|
||||
agent_runner.py
|
||||
issue-delete-command.md
|
||||
agent-job.yml
|
||||
Reference in New Issue
Block a user