Skip to content

fix(miner): honor iterate loop execution mode#5108

Open
JSONbored wants to merge 1 commit into
mainfrom
codex/fix-coding-agent-iterate-loop-vulnerability
Open

fix(miner): honor iterate loop execution mode#5108
JSONbored wants to merge 1 commit into
mainfrom
codex/fix-coding-agent-iterate-loop-vulnerability

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Motivation

  • Prevent the iterate-loop orchestrator from bypassing the operator safety gate by ensuring non-live modes never spawn the underlying coding agent.
  • The loop previously accepted a resolved CodingAgentExecutionMode but called the driver directly, which could execute expensive or prompt-injectable agent sessions in paused or dry_run modes.

Description

  • Route non-live driver invocations through the existing mode-gated helper by importing and using invokeCodingAgentDriver instead of calling driver.run() directly. (packages/gittensory-engine/src/miner/iterate-loop.ts)
  • Change runDriverSafely to accept the loop input and deps and to call invokeCodingAgentDriver when codingAgentModeExecutes(input.mode) is false, preserving logging behavior via safeAppendAttemptLogEvent.
  • Update the per-iteration call site to pass input and deps into runDriverSafely so the mode gate is enforced before any driver run.
  • Add regression tests that assert paused does not call the underlying driver and dry_run records a shadow invocation without spawning the agent. (packages/gittensory-engine/test/iterate-loop.test.ts)

Testing

  • Built the engine with npm --workspace @jsonbored/gittensory-engine run build and ran the iterare-loop unit tests via node --test packages/gittensory-engine/test/iterate-loop.test.ts, and the new regression tests passed.
  • Ran npm run test --workspace @jsonbored/gittensory-engine (package test suite) and observed all engine tests passing locally.
  • Attempted the full local gate npm run test:ci, but the run was impacted by unrelated environment issues: the cf-typegen:check reported stale worker-configuration.d.ts and npm audit --audit-level=moderate returned 403 Forbidden against the registry in this environment, so the end-to-end CI gate could not be fully completed here.

Codex Task

@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 11, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
gittensory-ui c1fcdce Commit Preview URL

Branch Preview URL
Jul 11 2026, 03:11 PM

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 11, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 11, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-11 17:27:16 UTC

2 files · 1 AI reviewer · 2 blockers · readiness 93/100 · CI green · unstable

⏸️ Suggested Action - Manual Review

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.

Review summary
This PR closes a real safety-gate bypass: `runDriverSafely` previously called `driver.run()` unconditionally regardless of `CodingAgentExecutionMode`, meaning `paused`/`dry_run` attempts could still spawn the actual coding agent. The fix routes non-executing modes through the existing `invokeCodingAgentDriver` mode-gate (already used elsewhere in the codebase per `coding-agent-invoke.ts`), and only calls `deps.driver.run()` directly when `codingAgentModeExecutes(input.mode)` is true. The two new regression tests exercise the real code path (not fabricated payloads) and match the actual logged event shapes (`attempt_aborted`/`coding_agent_paused` for paused, `attempt_shadow`/`dry_run` for dry-run) as defined in `coding-agent-invoke.ts`, and CI passed.

Blockers

  • PR fix(miner): honor iterate loop execution mode #5108 does not close or clearly link an eligible open repository issue in the provided description; please add the maintainer-authorized issue reference or explain why this is exempt from the repo's external-contributor scope rule.
Nits — 5 non-blocking
  • The updated doc comment on `runDriverSafely` (iterate-loop.ts:142-144) duplicates explanation already present in `invokeCodingAgentDriver`'s own header comment in coding-agent-invoke.ts — could just reference that module instead of re-describing the gating rationale.
  • PR description doesn't reference/link an originating issue number for this fix, unlike the surrounding code's convention of tagging issue numbers (maintainer: local create->score->self-review iterate-loop orchestrator (the control-flow core) #2333, maintainer: self-review adapter wiring iterate-loop diffs through predicted-gate + slop scoring #2334, feat(miner-hands): dry-run/no-op mode for CodingAgentDriver invocations #4313, etc.).
  • Consider adding a brief inline comment at the `runDriverSafely` call site (iterate-loop.ts:267) noting that live-mode still bypasses `invokeCodingAgentDriver`'s own attempt_started/succeeded/failed logging, so a future reader doesn't assume logging parity between live and non-live paths.
  • nit: packages/gittensory-engine/src/miner/iterate-loop.ts:143 documents thrown driver normalization for runDriverSafely, but that catch only applies to the live branch now; tighten the comment so future readers do not assume invokeCodingAgentDriver's non-live branch is wrapped by this function's catch.
  • packages/gittensory-engine/src/miner/iterate-loop.ts:143: split the doc comment into live-driver exception handling versus non-live mode gating, or point directly at invokeCodingAgentDriver for the paused/dry-run contract.

Concerns raised — review before merging

  • No linked issue detected — If this PR is intended to solve an issue, link it explicitly in the PR body.
  • Maintainer requires a linked issue — Link the relevant issue (for example Closes #123) before opening the PR.
Signal Result Evidence
Code review ❌ 2 blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 45 registered-repo PR(s), 37 merged, 414 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 45 PR(s), 414 issue(s).
Gate result ❌ Blocking Repo-configured hard blocker found.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 45 PR(s), 414 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
  • Explain no-issue PR.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask <question> answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat <question> answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot added the manual-review Gittensor contributor context label Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aardvark codex gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant