Skip to content

fix(ai): explicit allow-list for ask-loop approval (refactor-safety)#1265

Merged
ocervell merged 1 commit into
ai-resiliencyfrom
fix/explicit-approval-allowlist
Jul 2, 2026
Merged

fix(ai): explicit allow-list for ask-loop approval (refactor-safety)#1265
ocervell merged 1 commit into
ai-resiliencyfrom
fix/explicit-approval-allowlist

Conversation

@ocervell

@ocervell ocervell commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Round-2 backlog item #2 from the AI-task review. The permission ask-loop in actions.py approved on any non-deny answer (deny-list shape). Both backends normalize to exactly allow/deny today, so this is behavior-neutral now — but a new backend or a refactored token could slip through the gap.

Flips the three prompt sites (shell/target/path) to an explicit allow-list via a small _is_approved() helper: only a normalized allow proceeds; None, deny, or any unexpected token denies (fail closed).

Tests: test_ai_actions.py 75→79 (+4: allow proceeds, deny denies, unexpected token denies, None denies). No regressions.

Folds into the aggregate #1241.

The permission ask-loop treated any non-"deny" answer as approval
(`response.get("answer") == "deny"` → deny, else proceed). Both backends
currently normalize to exactly "allow"/"deny", so this is behavior-neutral
today — but it's deny-list shaped: a new backend or a refactored answer
vocabulary could silently approve through a "not deny" gap.

Flip the three prompt sites (shell/target/path) to an explicit allow-list via
`_is_approved()`: only a normalized "allow" answer proceeds; None, "deny", or
any unexpected token denies (fail closed). Surfaced during the AI-task review
(round 2 backlog, item 2).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d0efa57b-780e-4a8b-a07d-67fbed3e61a1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/explicit-approval-allowlist

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@ocervell ocervell merged commit f8a7aa2 into ai-resiliency Jul 2, 2026
1 check passed
@ocervell ocervell deleted the fix/explicit-approval-allowlist branch July 2, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant