Skip to content

fix: follow-up for PR #89 review comments#90

Merged
RyshMan merged 1 commit intomainfrom
codex/pr-comments-followup-89
Mar 5, 2026
Merged

fix: follow-up for PR #89 review comments#90
RyshMan merged 1 commit intomainfrom
codex/pr-comments-followup-89

Conversation

@RyshMan
Copy link
Contributor

@RyshMan RyshMan commented Mar 5, 2026

Summary

This follow-up PR addresses actionable review comments from merged PR #89.

Original PR: #89

Implemented comment refs:

Changes

  • Fix privilege-budget context correlation to resolve instance-scoped agent metadata when tool-level and instance-level agent IDs differ.
  • Preserve secret-presence fail-closed behavior for agent_prod_write_human_gate evaluations in mixed agent + secret findings.
  • Make agent_auto_deploy_gate satisfiable by deriving/accepting deployment gate evidence deterministically (deployment_gate support in agent framework detector plus evaluator fallback).
  • Add focused tests for all addressed paths.

Validation

  • go test ./core/aggregate/privilegebudget ./core/policy/eval ./core/detect/agentframework
  • make lint-fast
  • make test-fast
  • make test-contracts
  • make prepush-full
  • ./.tmp/wrkr scan --path . --json
  • ./.tmp/wrkr regress init --baseline ./.wrkr/last-scan.json --output ./.tmp/pr89-regress-baseline.json --json
  • ./.tmp/wrkr regress run --baseline ./.tmp/pr89-regress-baseline.json --json

@RyshMan RyshMan merged commit d9e7119 into main Mar 5, 2026
7 checks passed
@RyshMan RyshMan deleted the codex/pr-comments-followup-89 branch March 5, 2026 21:39
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 5, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6b3005ed5c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

core/aggregate/privilegebudget/budget.go
merged.BindingEvidenceKeys = dedupeSorted(append(append([]string(nil), merged.BindingEvidenceKeys...), incoming.BindingEvidenceKeys...))
merged.MissingBindings = dedupeSorted(append(append([]string(nil), merged.MissingBindings...), incoming.MissingBindings...))
merged.DeploymentStatus = mergeDeploymentStatus(merged.DeploymentStatus, incoming.DeploymentStatus)
merged.DeploymentArtifacts = dedupeSorted(append(append([]string(nil), merged.DeploymentArtifacts...), incoming.DeploymentArtifacts...))
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve deployment artifact path casing during context merge

mergeAgentContext now routes deployment artifacts through dedupeSorted, which lowercases every token before returning it. For repos that use case-sensitive artifact names (for example Deploy.yml), this changes the recorded evidence path and can make the emitted deployment_artifacts/deployment_evidence_keys no longer match real files, reducing auditability of the privilege map output.

Useful? React with 👍 / 👎.

@RyshMan RyshMan mentioned this pull request Mar 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RyshMan