Widen bypass closures: destructuring, alias imports, PR head clone_url and merge ref#22
Merged
Conversation
v0.7.0 adds report envelope, mergeFindings, OTel gen_ai.conversation.id interop, matchSecret, applyExceptions. Lockfile only on this branch — leaving the action-bundle rebuild for when the widen-bypass-closures feature work lands.
…l and merge ref Extends #20's bypass closures with the next wave of evasions surfaced by external inspection. - JS destructuring (`const { API_TOKEN } = process.env`) and renamed destructuring (`const { API_TOKEN: t } = process.env`) now track the secret variable. addSecretVariable handles both direct and destructured forms. - Python aliased env imports: `from os import getenv as g` / `environ as e` (and the unaliased `from os import getenv` form already supported in #20) build a per-file alias map, then the secret-variable regex is generated dynamically from the alias union. Closes `token = g("API_TOKEN")` bypass. - Workflow referencesPullRequestHead now covers github.event.pull_request.head.repo.clone_url and standalone refs/pull/<n>/merge references — the two custom-shell patterns agents use when actions/checkout would attract review attention. - README: new "Detection limits" section documenting same-line URL requirement, no cross-file taint, no Python dep manifests yet, with a pointer to test/fixtures/bypasses/. - test/fixtures/bypasses/ established as the bypass-corpus pattern, with one fixture per closure and a CLI integration test per fixture. Adds 10 tests (80 total on this branch). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Re-opening the #21 work after the stacked merge of #19 and #20 closed it automatically. Same scope, now based directly on
main(rebased clean). No source-level changes vs. the original PR.Extends the bypass closures from #20 with the next wave of evasions:
const { API_TOKEN } = process.envand the renamed formconst { API_TOKEN: t } = process.envnow track the secret variable (or alias).from os import getenv as g/environ as ebuild a per-file alias map, then the secret-variable regex is generated from the alias union. Closestoken = g("API_TOKEN")bypass.head.repo.clone_urlandrefs/pull/<n>/mergenow flag underpull_request_target.test/fixtures/bypasses/corpus — bypass fixtures are first-class, one per closure plus a CLI integration test.Deferred (tracked as follow-up issues)
agent-gov-core 0.7.0 added several integration surfaces that aren't wired up here. Four follow-up issues filed to track those separately.
Test plan
npm test— 89 passing (79 from main + 10 new for this PR)npm run build— clean tsc + ncc bundle (73kB on agent-gov-core 0.7.0)test/fixtures/bypasses/README.md— comfortable with the convention?🤖 Generated with Claude Code