Skip to content

fix(miner): keep AMS policy operator-local#5351

Merged
JSONbored merged 1 commit into
mainfrom
codex/propose-fix-for-target-repo-ams-policy-issue
Jul 12, 2026
Merged

fix(miner): keep AMS policy operator-local#5351
JSONbored merged 1 commit into
mainfrom
codex/propose-fix-for-target-repo-ams-policy-issue

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Motivation

  • Prevent untrusted target repositories from influencing operator-side execution-risk knobs (maxIterations, maxTurnsPerIteration, slopThreshold, submissionMode) that can cause excessive agent invocation or operator resource/quota exhaustion.
  • The previous resolution allowed falling back to a repo-scoped .gittensory-ams.yml; this change enforces that operator policy remains local-only and defaults are used otherwise.

Description

  • Stop fetching/parsing a target repository's .gittensory-ams.yml as a fallback and instead only read the operator's local file or return safe defaults; this removes the repo-sourced policy path from resolveAmsPolicy in packages/gittensory-miner/lib/ams-policy.js.
  • Update the public resolver type to remove the "repo" source and tighten the options shape in packages/gittensory-miner/lib/ams-policy.d.ts.
  • Update docs and the example .gittensory-ams.yml.example and packages/gittensory-engine/src/ams-policy-spec.ts explanations to state the operator-local trust boundary clearly.
  • Add/adjust unit tests (test/unit/miner-ams-policy.test.ts) to cover the regression that target-repo policy fetch hooks are never called and to preserve existing local-file behavior.

Testing

  • Ran unit tests: npx vitest run test/unit/miner-ams-policy.test.ts test/unit/miner-attempt-cli.test.ts test/unit/miner-loop-cli.test.ts, and all targeted tests passed.
  • Built the miner and package checks: npm run build:miner and npm run test:miner-pack completed successfully.
  • Full local gate: npm run test:ci was attempted but failed due to pre-existing environment/drift issues (stale worker-configuration.d.ts / cf-typegen check) and unrelated typecheck errors in other files, not caused by these changes.
  • npm run typecheck reported unrelated type errors elsewhere in the repo; npm audit --audit-level=moderate was blocked by the npm registry returning 403 Forbidden during this run.

Codex Task

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 12, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
gittensory-ui 1718d28 Commit Preview URL

Branch Preview URL
Jul 12 2026, 02:50 PM

@JSONbored JSONbored marked this pull request as draft July 12, 2026 14:49
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 21:48:08 UTC

6 files · 1 AI reviewer · 2 blockers · readiness 93/100 · CI green · clean

⏸️ Suggested Action - Manual Review

Review summary
This PR removes the target-repo fallback fetch path from resolveAmsPolicy, making the AMS execution policy strictly operator-local (only local file or engine defaults), which correctly closes a real trust-boundary gap where a malicious target repo could loosen an operator's execution-risk knobs. The change is well-scoped: it deletes the fetch/parse-repo-file code, the AMS_POLICY_SPEC_FILENAMES import used only for that fetch, the DEFAULT_RAW_CONTENT_BASE_URL constant, and updates the .d.ts, docs, example file, and tests to match, with new regression tests asserting fetchImpl is never called. One inconsistency: the .d.ts still exposes an unused fetchImpl?: unknown option even though the .js implementation no longer reads or forwards it anywhere.

Nits — 5 non-blocking
  • packages/gittensory-miner/lib/ams-policy.d.ts:15 still declares `fetchImpl?: unknown` in the options type even though ams-policy.js's `normalizeOptions` no longer reads or uses it at all — either drop it from the type or note why it's kept for caller compatibility.
  • test/unit/miner-ams-policy.test.ts passes a `fetchImpl` option to `resolveAmsPolicy` in several tests even though the resolver never accepts/uses it anymore; the tests pass only because it's silently ignored, so consider simplifying by removing the now-meaningless `fetchImpl` from test calls that don't specifically test the d.ts option shape.
  • packages/gittensory-miner/lib/ams-policy.js:52 keeps `repoFullName` as a required parameter with a `void repoFullName;` no-op purely for signature compatibility — worth a one-line note on which caller(s) still pass this positionally so a future reader knows it's not dead weight to remove.
  • Consider removing `fetchImpl` entirely from ams-policy.d.ts's options type in a follow-up once you've confirmed no external caller still passes it, to avoid the type suggesting a capability that no longer exists.
  • In .gittensory-ams.yml.example (diff), you dropped the 'Discovery order' comment block — worth double-checking no other docs/README section still references `.github/gittensory-ams.yml` or `.gittensory-ams.json` as valid repo-side fallback paths for AMS policy specifically (as opposed to MinerGoalSpec, which legitimately still uses multi-path discovery).

Concerns raised — review before merging

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
📋 Copy for AI agents — paste into your coding agent
Fix the following blocker(s) from this PR review:

1. No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.

2. Maintainer requires a linked issue — Link the relevant issue (for example `Closes #123`) before opening the PR.
Signal Result Evidence
Code review ❌ 2 blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 435 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 435 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: Python, TypeScript, Ruby, Go, JavaScript, MDX, Shell, Solidity
  • Official Gittensor activity: 44 PR(s), 435 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask <question> answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat <question> answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.71%. Comparing base (ecb18c1) to head (7388bc4).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5351      +/-   ##
==========================================
- Coverage   94.71%   94.71%   -0.01%     
==========================================
  Files         555      555              
  Lines       44526    44508      -18     
  Branches    14664    14664              
==========================================
- Hits        42172    42154      -18     
  Misses       1619     1619              
  Partials      735      735              
Flag Coverage Δ
shard-1 44.04% <0.00%> (+0.01%) ⬆️
shard-2 35.24% <0.00%> (+0.01%) ⬆️
shard-3 32.02% <0.00%> (+0.01%) ⬆️
shard-4 32.05% <100.00%> (-0.04%) ⬇️
shard-5 32.74% <0.00%> (+0.01%) ⬆️
shard-6 43.49% <0.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
packages/gittensory-engine/src/ams-policy-spec.ts 100.00% <ø> (ø)
packages/gittensory-miner/lib/ams-policy.js 93.33% <100.00%> (-3.64%) ⬇️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@JSONbored JSONbored self-assigned this Jul 12, 2026
@JSONbored JSONbored force-pushed the codex/propose-fix-for-target-repo-ams-policy-issue branch from 1718d28 to 7388bc4 Compare July 12, 2026 21:29
@JSONbored JSONbored marked this pull request as ready for review July 12, 2026 21:29
@gittensory-orb gittensory-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
@JSONbored JSONbored merged commit 5f28519 into main Jul 12, 2026
18 checks passed
@JSONbored JSONbored deleted the codex/propose-fix-for-target-repo-ams-policy-issue branch July 12, 2026 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aardvark codex gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

Development

Successfully merging this pull request may close these issues.

1 participant