Skip to content

fix(miner): clamp repo AMS policy defaults#5499

Closed
JSONbored wants to merge 1 commit into
mainfrom
codex/propose-fix-for-ams-policy-vulnerability
Closed

fix(miner): clamp repo AMS policy defaults#5499
JSONbored wants to merge 1 commit into
mainfrom
codex/propose-fix-for-ams-policy-vulnerability

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Motivation

  • Prevent target repositories from loosening an operator's execution-risk policy by supplying permissive .gittensory-ams.yml content; repo-controlled values must not be allowed to enable live submission or raise resource caps above operator-safe defaults.

Description

  • Clamp repo-provided AMS policy fields before they become effective by adding clampRepoAmsPolicySpec and helpers (SLOP_THRESHOLD_RANK, clampNumberToDefault) and applying it to repo fallbacks in resolveAmsPolicy in packages/gittensory-miner/lib/ams-policy.js.
  • Keep the operator's local policy authoritative and unchanged, and document that repo files can only propose a more restrictive fallback.
  • Add regression/unit tests in test/unit/miner-ams-policy.test.ts that assert permissive repo policies are clamped, restrictive repo policies are allowed, and local files still fully replace repo content.

Testing

  • Ran the unit test file npx vitest run test/unit/miner-ams-policy.test.ts --pool=forks --reporter=verbose and all tests in that file passed (10/10).
  • Verified npm run build:miner and git diff --check completed successfully in this environment.
  • Attempted full local gate via npm run test:ci but the run could not complete due to an environment/registry issue (worker-configuration.d.ts drift requiring npm run cf-typegen and npm audit failing with a registry 403 Forbidden).

Codex Task

@JSONbored JSONbored self-assigned this Jul 12, 2026
@JSONbored JSONbored marked this pull request as draft July 12, 2026 23:11
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 12, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
gittensory-ui 3e030a7 Commit Preview URL

Branch Preview URL
Jul 12 2026, 11:13 PM

@gittensory-orb

gittensory-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 23:39:13 UTC

2 files · 2 blockers · readiness 89/100 · CI pending · dirty

⏸️ Suggested Action - Manual Review

Concerns raised — review before merging

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
📋 Copy for AI agents — paste into your coding agent
Fix the following blocker(s) from this PR review:

1. No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.

2. Maintainer requires a linked issue — Link the relevant issue (for example `Closes #123`) before opening the PR.
Signal Result Evidence
Code review ❌ 2 blockers No AI review summary
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (draft PR; no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 424 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 424 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 44 PR(s), 424 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Mark ready when done.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask <question> answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat <question> answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@JSONbored

Copy link
Copy Markdown
Owner Author

Closing: this reverts deliberate, same-day work rather than fixing a live gap.

The vulnerability this targets (a target-repo .gittensory-ams.yml loosening operator-side AMS execution policy) was already fixed — more thoroughly — in #5351 (commit 5f28519, merged ~82 minutes before this PR's commit). That fix removed fetchRepoAmsPolicyContent/AMS_POLICY_SPEC_FILENAMES/the outbound fetch of target-repo content entirely, so repo-provided policy is never read at all (resolveAmsPolicy on main is fully operator-local with no repo-content code path). It also added a standing regression test asserting fetchImpl is never called.

This PR's diff is built against a pre-#5351 snapshot and reintroduces the fetch/clamp machinery that fix deliberately deleted — merging it would be a functional regression to a strictly weaker mitigation (clamping repo-provided values) for a threat model #5351 already closed off entirely (never trusting repo-provided values at all). Its CONFLICTING mergeable state against main reflects exactly this: main no longer has the symbols this diff's hunks reference.

@JSONbored JSONbored closed this Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aardvark codex gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant