Skip to content

fix: reconcile cloud remote approval scopes#1313

Merged
kantorcodes merged 1 commit into
mainfrom
guard-cloud-remote-approval-20260705
Jul 5, 2026
Merged

fix: reconcile cloud remote approval scopes#1313
kantorcodes merged 1 commit into
mainfrom
guard-cloud-remote-approval-20260705

Conversation

@kantorcodes

Copy link
Copy Markdown
Member

Summary

  • preserve local request recommended scope when applying signed Cloud approval commands
  • allow one-time require-reapproval requests through the headless remote-once path
  • add command queue regression coverage for one-time allow/block reconciliation

Verification

  • python3 -m ruff check src/codex_plugin_scanner/guard/runtime/command_executors.py src/codex_plugin_scanner/guard/daemon/server.py tests/test_guard_command_queue.py
  • python3 -m pytest tests/test_guard_command_queue.py::test_executor_resolves_one_time_scope_with_allow tests/test_guard_command_queue.py::test_executor_resolves_one_time_scope_with_block -v
  • python3 -m py_compile src/codex_plugin_scanner/guard/runtime/command_executors.py src/codex_plugin_scanner/guard/daemon/server.py

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@greptile-apps

greptile-apps Bot commented Jul 5, 2026

Copy link
Copy Markdown

Greptile Summary

This PR updates Guard Cloud remote approval handling for local queue and headless daemon flows. The main changes are:

  • Preserves the local recommended_scope when applying signed remote approvals.
  • Allows one-time require-reapproval requests through the headless remote-once path.
  • Rejects unsupported remote approval scopes in the command executor.
  • Refreshes entitlement fixture timestamps in affected tests.
  • Adds command queue tests for one-time allow and block resolution.

Confidence Score: 4/5

Safe to merge after fixing the invalid decision handling in the headless remote-once path.

The command executor scope reconciliation is focused and covered by tests. One contained approval-flow bug remains in the daemon path.

src/codex_plugin_scanner/guard/daemon/server.py

T-Rex T-Rex Logs

What T-Rex did

  • Reproduced the focused daemon API pytest that starts the real GuardDaemonServer and posts to /v1/requests/remote-once with a repository-helper-signed remote approval envelope containing decision 'deny'.
  • Observed HTTP 200 OK from the endpoint and a final stored request showing resolution_action 'allow' for the invalid signed decision.
  • Validated the final verification command queue log captured during verification, showing exact commands, working directory, timestamps, exit codes, and test outputs.

View all artifacts

T-Rex Ran code and verified through T-Rex

Important Files Changed

Filename Overview
src/codex_plugin_scanner/guard/daemon/server.py Expands headless remote-once eligibility to one-time scopes, but still coerces invalid signed decisions to allow.
src/codex_plugin_scanner/guard/runtime/command_executors.py Preserves artifact/one-time recommended scope for signed remote approval resolution and rejects broader scopes before receipt claim.
tests/test_guard_command_queue.py Adds tests for unsupported remote approval scopes and one-time allow/block command resolution.
tests/test_guard_connect_flow.py Updates entitlement fixture timestamps in connect-flow tests.
tests/test_guard_headless_daemon_api.py Updates entitlement fixture timestamps and remote-once test formatting; invalid daemon decisions remain uncovered.
tests/test_guard_package_shims_cli.py Updates the package shim entitlement fixture timestamp.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant Cloud as Guard Cloud
participant Daemon as Headless daemon / Command executor
participant Store as GuardStore
Cloud->>Daemon: signed remote approval envelope
Daemon->>Store: get_approval_request(request_id)
Store-->>Daemon: pending request with policy_action + recommended_scope
Daemon->>Daemon: validate signature, binding, action, and scope
Daemon->>Store: claim_remote_once_receipt(receipt_id)
Daemon->>Store: "resolve_request_with_signed_remote_result(scope = recommended_scope)"
Store-->>Daemon: resolved_request
Daemon-->>Cloud: completed / not_resolved
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant Cloud as Guard Cloud
participant Daemon as Headless daemon / Command executor
participant Store as GuardStore
Cloud->>Daemon: signed remote approval envelope
Daemon->>Store: get_approval_request(request_id)
Store-->>Daemon: pending request with policy_action + recommended_scope
Daemon->>Daemon: validate signature, binding, action, and scope
Daemon->>Store: claim_remote_once_receipt(receipt_id)
Daemon->>Store: "resolve_request_with_signed_remote_result(scope = recommended_scope)"
Store-->>Daemon: resolved_request
Daemon-->>Cloud: completed / not_resolved
Loading

Comments Outside Diff (1)

  1. src/codex_plugin_scanner/guard/daemon/server.py, line 2450 (link)

    P1 Validate envelope decision
    The headless remote-once path treats every signed decision other than block as allow. validated_remote_approval_envelope only checks the signature/hash and scope, so a signed envelope with decision: "deny" or a misspelled value reaches this line and resolves the request as allowed; the queue executor now rejects non-allow_once/block decisions, but this daemon path still applies them.

    Artifacts

    Repro: focused daemon API pytest for signed invalid remote-once decision

    • Contains supporting evidence from the run (text/x-python; charset=utf-8).

    Repro: verbose pytest output showing HTTP 200 OK and final allow resolution

    • Keeps the command output available without making the summary code-heavy.

    View artifacts

    T-Rex Ran code and verified through T-Rex

    Fix in Codex

Fix All in Codex

Reviews (4): Last reviewed commit: "fix: reconcile cloud remote approval sco..." | Re-trigger Greptile

Comment thread src/codex_plugin_scanner/guard/runtime/command_executors.py Outdated
@kilo-code-bot

kilo-code-bot Bot commented Jul 5, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 3 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 2
WARNING 1
Issue Details (click to expand)

CRITICAL

File Line Issue
src/codex_plugin_scanner/guard/daemon/server.py 2408 Invalid policy_action value "pause" - not a valid GuardAction type. Type definition at models.py:9 restricts values to allow, warn, review, block, sandbox-required, require-reapproval.
src/codex_plugin_scanner/guard/daemon/server.py 2410 Invalid scope value "one-time" - not a valid DecisionScope type. Type definition at models.py:11 restricts values to global, harness, workspace, artifact, publisher.

WARNING

File Line Issue
tests/test_guard_command_queue.py 4 Unnecessary import reordering mixed with actual changes. The import urllib.error was moved from line 7 to line 4 and a blank line was removed.
Files Reviewed (6 files)
  • src/codex_plugin_scanner/guard/daemon/server.py
  • src/codex_plugin_scanner/guard/runtime/command_executors.py
  • tests/test_guard_command_queue.py
  • tests/test_guard_connect_flow.py
  • tests/test_guard_headless_daemon_api.py
  • tests/test_guard_package_shims_cli.py

Fix these issues in Kilo Cloud

Previous Review Summary (commit d529f62)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit d529f62)

Status: 3 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 2
WARNING 1
Issue Details (click to expand)

CRITICAL

File Line Issue
src/codex_plugin_scanner/guard/daemon/server.py 2408 Invalid policy_action value "pause" added to allowed set - not a valid GuardAction type. The validation intentionally restricts values to a subset that differs from the type definition, creating a type mismatch. Either update GuardAction in models.py:9 to include "pause" or refactor the validation.
src/codex_plugin_scanner/guard/daemon/server.py 2410 Invalid scope value "one-time" added - not a valid DecisionScope type. The validation set at server.py:2408-2411 includes "one-time" which is not in the DecisionScope type in models.py:11.

WARNING

File Line Issue
tests/test_guard_command_queue.py 4 Unnecessary import reordering mixed with actual changes. The import urllib.error moved from line 7 to line 4 and a blank line was removed, appearing to be an accidental formatting change combined with actual test additions.
Files Reviewed (3 files)
  • src/codex_plugin_scanner/guard/daemon/server.py - 2 issues
  • src/codex_plugin_scanner/guard/runtime/command_executors.py - 0 issues (FIXED - validation added)
  • tests/test_guard_command_queue.py - 1 issue

Fix these issues in Kilo Cloud

Previous review (commit 3394aee)

Status: Issues Found | Recommendation: Address before merge

The previous WARNING about unconstrained recommended_scope in command_executors.py has been addressed in this commit by adding validation at lines 323-329.



Reviewed by laguna-m.1-20260312:free · Input: 147.3K · Output: 12.1K · Cached: 674.8K

Comment thread src/codex_plugin_scanner/guard/daemon/server.py
Comment thread src/codex_plugin_scanner/guard/daemon/server.py
Comment thread tests/test_guard_command_queue.py
@kantorcodes kantorcodes force-pushed the guard-cloud-remote-approval-20260705 branch 2 times, most recently from d529f62 to 3394aee Compare July 5, 2026 04:08
Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
@kantorcodes kantorcodes force-pushed the guard-cloud-remote-approval-20260705 branch from 3394aee to 26e87cd Compare July 5, 2026 04:29
@kantorcodes kantorcodes merged commit 4ae7b7b into main Jul 5, 2026
21 of 22 checks passed
@kantorcodes kantorcodes deleted the guard-cloud-remote-approval-20260705 branch July 5, 2026 04:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant