From ab4e92122fa734b6bc34cdc21fb6e4b8a0ef17ad Mon Sep 17 00:00:00 2001 From: Sasa Junuzovic Date: Mon, 20 Apr 2026 07:43:40 -0700 Subject: [PATCH] security: extend CODEOWNERS to Makefile and scripts/ (H2 mitigation) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cap auto-merge blast radius for build glue and release scripts. ## Rationale H2 from audit #92 proposed a human-only label gate on quality-gate to prevent prompt-injection-driven auto-APPROVE. That fix kills pipeline autonomy (the whole point is no-human-in-the-loop). Instead, we cap blast radius by path: let quality-gate auto-approve PRs freely for application code (src/, tests/, docs/), but require human review for paths where a malicious change could execute arbitrary code during CI or release: - /Makefile — executed by ci.yml via `make ci`; malicious target would run in CI with whatever privileges ci.yml has. - /scripts/ — currently hold-for-merge.sh and release-from-merge.sh; release-gating logic. Compromise → bad artifacts shipped. ## Defense layers (from audit findings) 1. Option A: only @microsasa has triage role, so only @microsasa can apply 'aw' label → pipeline ignores external input. 2. Option B: gh-aw v0.68.7 XPIA/homoglyph/heredoc sanitization active as of PR #1023. 3. Option C (this PR): CODEOWNERS blocks auto-merge of changes to sensitive build/release paths. Pipeline autonomy preserved for src/, tests/, docs/. Refs #92 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/CODEOWNERS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 939ae19..6c23275 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -16,3 +16,9 @@ # Dependency manifests — lockfile tampering or dep confusion risk /pyproject.toml @microsasa /uv.lock @microsasa + +# Build glue and release scripts — executed by CI (`make ci`) and by humans. +# Malicious changes here bypass application-layer review since they run +# during build/test and could exfiltrate secrets or publish bad artifacts. +/Makefile @microsasa +/scripts/ @microsasa