[chore][ci] memory-slug leak guard + clean 6 P0 references#274
Merged
Conversation
Why === Several agents that contribute to this repo use a private file-based memory store indexed by `[[short-kebab-name]]` slugs. Those slugs are agent-internal — they only resolve inside that private store, so when they leak into committed source / docs the public OSS ends up with dangling reference markers and exposes internal process slang. A baseline scan found 63 such references across 17 files. Most live in the documentation trees (docs/sop/, docs/rfcs/, docs/research/, docs/troubleshooting/, docs/tests/) where the references are intentional design context that needs an owner-level audit before rewriting. The 6 references in production source + the user-facing feishu quickstart are unambiguous leaks and are cleaned here as part of the same change. What ==== .github/scripts/check-no-memory-slugs.py Pure-Python grep guard. Scans .ts/.tsx/.js/.jsx/.mjs/.cjs/.md/.yml/.yaml for the pattern `\[\[(feedback|project|reference|user)_<slug>\]\]`. Skips node_modules / dist / build / .git / memory stores. Allowlists docs/sop/, docs/rfcs/, docs/research/, docs/troubleshooting/, docs/tests/ for the initial rollout — those trees are tracked under a separate backlog audit. Self-allowlists this file + its workflow. .github/workflows/no-memory-slugs.yml CI hook that runs the Python guard on every PR + main push. 2 min timeout, concurrency cancel on non-main branches. Python (not in-yml bash) per the existing CI-guard pattern. Source cleanup (6 references, 4 files) - agent-node/src/cli.ts:1663 - agent-network/bin/cli.ts:1324 + :8199 - agent-network/docs/feishu-quickstart.md:98 (×2) - server/src/db-adapter.ts:237 Each rewrite drops the `[[slug]]` reference but keeps the surrounding rationale intact (the underlying rule is restated inline). Verification ============ - Guard returns exit 0 on the cleaned tree - agent-node bun test src/ — 274 / 0 - agent-network bun test — feishu suite green - server bun test (COMMHUB_DB=/tmp/...) — 131 / 0 Follow-up (separate) ==================== 57 references remain in the documentation trees noted above. Will open a backlog issue so the doc owners can audit + rewrite at their own pace. As each tree is audited, drop the corresponding prefix from the ALLOWLIST_PATH_PREFIXES list in check-no-memory-slugs.py.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9c7a261a5b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # - closing `\]\]` | ||
| SLUG_RE = re.compile(r"\[\[(feedback|project|reference|user)_[a-z0-9_-]+(?:\.md)?\]\]") | ||
|
|
||
| EXTENSIONS = {".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".md", ".yml", ".yaml"} |
There was a problem hiding this comment.
When a leak lands in other tracked public text files, this extension allowlist skips it entirely; I checked the repo and there are public docs-site Vue components and shell installer scripts, while the workflow path filter also omits those suffixes, so a .vue/.sh-only PR would not even run the guard. That leaves internal [[feedback_*]]-style slugs able to pass CI outside the listed TS/JS/Markdown/YAML files, despite the job being intended to block leaks in public OSS files.
Useful? React with 👍 / 👎.
Comment on lines
+81
to
+85
| "docs/sop/", | ||
| "docs/rfcs/", | ||
| "docs/research/", | ||
| "docs/troubleshooting/", | ||
| "docs/tests/", |
There was a problem hiding this comment.
Because these entire documentation trees are skipped, any new [[feedback_*]]-style slug added under docs/rfcs/, docs/sop/, docs/research/, docs/troubleshooting/, or docs/tests/ will pass the new guard along with the existing legacy references; I verified the scanner returns no finding for a fresh docs/rfcs/new.md leak. If the goal is to stop new leaks while old docs are audited later, this needs a baseline/diff-based exemption rather than a whole-tree skip.
Useful? React with 👍 / 👎.
23 tasks
s2agi
added a commit
that referenced
this pull request
Jun 28, 2026
* release(v0.11-preview1): bump 3 packages + release notes + PINNED audit Versions ======== - @sleep2agi/agent-network 2.2.22-preview.4 → 2.3.0-preview.0 - @sleep2agi/agent-node 2.4.15-preview.2 → 2.5.0-preview.0 - @sleep2agi/commhub-server 0.8.8 → 0.9.0-preview.0 PINNED_SERVER_VERSION (agent-network/bin/cli.ts) bumped to "0.9.0-preview.0" so `anet hub start` lazy-fetches the matching hub binary. Without this pin update, hub start silently hangs (#194 class) because npx resolves to a published version that no longer matches what the CLI expects. Release notes ============= docs/tests/release-v2.3.0-preview.0.md — contains the required ## Install (new user) and ## Upgrade (existing user) sections for the release-gate Gate 3 check. Lists every change in this preview: - P0-1 feishu worker supervised re-fork (#263) - P0-2 hub default credentials randomised + must_change_password (#264) - Runtime utils — withTimeout + classifyRuntimeResult (#272) - 429/quota fast-fail + empty-result soft-fail (folded into #272) - Cross-tenant write blocker (#275) - SSE memory-leak fix - B1 telegram allowFrom fail-closed (#276 — lands in preview1 batch) - B2 .anet/ auto-gitignore (#278 — lands in preview1 batch) - Slug guard + 6 P0 cleanups (#274) - Release-gate workflow (#270) - 5 onboarding robustness fixes - Feishu quickstart docs Migration callout: telegram empty/missing allowFrom now fail-closed (was: allow-all). Recovery is `"allowFrom": ["*"]` in access.json. Boot-time warn surfaces the new posture on first message. Verification (pre-publish) ========================== - Docker clean install: node:22-bookworm-slim + bun, 3 tarballs from absolute paths, `anet --version` → 2.3.0-preview.0; component resolution shows all 3 versions; `commhub-server` boots and serves /health at the new version - Docker post-publish: `anet hub start` lazy-fetches the published commhub-server@0.9.0-preview.0 and serves /health with version 0.9.0-preview.0; admin token saved at mode 600 with random bootstrap password (P0-2 verified live) - PINNED audit: source / Docker / npm all agree on 0.9.0-preview.0 - npm publish --tag preview from absolute tarball paths (no github short-link resolution risk) dist-tags after publish ======================= @sleep2agi/agent-network { latest: 2.2.21, preview: 2.3.0-preview.0 } @sleep2agi/agent-node { latest: 2.4.13, preview: 2.5.0-preview.0 } @sleep2agi/commhub-server { latest: 0.8.8, preview: 0.9.0-preview.0 } @latest is unchanged; promotion is a separate manual step after Vincent sign-off on the preview1 channel. * docs(release-v2.3.0-preview.0): inline tag literals + Install heading versions for release-gate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Author
Agent: 通信工程马
Refs: drive-by from #272 reviewer pass — the same scan that caught my own slug leak also surfaced 5 pre-existing leaks on main + 57 in documentation trees
Why
Several agents that contribute to this repo use a private file-based memory store indexed by
[[short-kebab-name]]slugs. Those slugs are agent-internal — they only resolve inside that private store, so when they leak into committed source / docs the public OSS ends up with dangling reference markers and exposes internal process slang. release.yml + the SSE PR have already burned us once on this class of leak.A repo-wide scan found 63 such references across 17 files. Distribution:
agent-network/docs/feishu-quickstart.md)The 57 references in the documentation trees are intentional design context — many RFCs cite the slug as the source of a design decision and the SOP doc lists agent-memory categories by name. Bulk-deleting them would erase the historical rationale and likely trigger pushback from RFC authors. Owner-paced audit is the right path; this PR sets the guard up to flag new leaks immediately while the documentation areas get cleaned offline.
Changes (6 files, +207 / -11)
.github/scripts/check-no-memory-slugs.py(new, 137 LOC)Pure-Python grep guard. Pattern:
Requires the leading
[[, the category prefix, and the underscore-slug body so ordinary markdown reflinks ([label][ref]) don't false-positive. Scans every.ts/.tsx/.js/.jsx/.mjs/.cjs/.md/.yml/.yamlunder the repo root. Skipsnode_modules//dist//build//.git//memory//.claude/. Self-allowlists itself + its workflow file (talks about the pattern by design).Path-prefix allowlist (initial rollout — remove entries as their tree is audited):
.github/workflows/no-memory-slugs.yml(new, 59 LOC)CI hook. Triggers on every PR + main push when any source / docs / yml changes. 2 min timeout, concurrency cancel on non-main branches. Single step:
python3 .github/scripts/check-no-memory-slugs.py ..Python (not in-yml bash sed loop) per the team's CI-guard pattern — multi-pattern scans on large repos can run pathologically slow under bash on Windows runners; a small Python script is portable and easy to extend (each new exemption is one line in the allowlist).
Source cleanup (6 references, 4 files)
Each rewrite drops the
[[slug]]reference but keeps the surrounding rationale intact — the underlying rule is restated inline so a reader doesn't need to follow a broken link.agent-node/src/cli.ts:1663—(per [[feedback_new_node_codex_default]])→ rewritten to state the rule directlyagent-network/bin/cli.ts:1324—(Vincent's "cli 不用改" + [[feedback_default_flags]])→ kept Vincent quote, dropped slugagent-network/bin/cli.ts:8199—(see [[feedback_vendor_verify_before_hardcode]])→ rewritten as imperative ("requires a real end-to-end API call against the vendor — do not copy parameters from another vendor's preset")agent-network/docs/feishu-quickstart.md:98(×2) — rewritten as a single self-contained sentence in Chineseserver/src/db-adapter.ts:237—(memory ([[feedback_no_prod_db_access.md]]))→ rewritten as "(never read or write the production hub database) is documented in CLAUDE.md"Verification
python3 .github/scripts/check-no-memory-slugs.py .→OK: no internal memory-slug references found(exit 0)agent-node && bun test src/→ 274 / 0 passagent-network && bun test→ feishu bridge suite greenserver && COMMHUB_DB=/tmp/test-X.db bun test→ 131 / 0 passTest plan (reviewer)
python3 .github/scripts/check-no-memory-slugs.py .from repo root → exit 0// see [[feedback_test_marker]]to any non-allowlisted.tsfile and re-run → exit 1 with the line surfacedFollow-up (separate, backlog)
57 references remain in the documentation trees noted above. I'll open a backlog issue so the doc owners can audit + rewrite at their own pace. As each tree is audited, drop its prefix from
ALLOWLIST_PATH_PREFIXESin the script.🤖 Generated with Claude Code