Skip to content

fix(agent-sec-core): require copilot-shell >= 2.4.0 in cosh-hook subpackage#1323

Open
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-cosh-hook-version-dep-nightly-20260704
Open

fix(agent-sec-core): require copilot-shell >= 2.4.0 in cosh-hook subpackage#1323
zhangtaibo wants to merge 1 commit into
alibaba:mainfrom
zhangtaibo:fix/agent-sec-core-cosh-hook-version-dep-nightly-20260704

Conversation

@zhangtaibo

Copy link
Copy Markdown
Contributor

Summary

Fixes #1321

The agent-sec-cosh-hook subpackage provides security hooks (prompt-scanner, pii-checker, observability-hook, etc.) for copilot-shell. Without a version dependency on copilot-shell, it can be installed against copilot-shell 2.3.0, which lacks the UserPromptSubmit safety-priority merge fix (commit 42d6cac3, first released in v2.4.0).

In copilot-shell 2.3.0, HookAggregator.mergeOutputs uses last-write-wins (mergeSimple) for UserPromptSubmit, causing a later allow decision to silently override an earlier ask security interception. This means the prompt-scanner hook's ask decision (e.g., for jailbreak detection) is overridden by pii-checker's allow.

This PR adds Requires: copilot-shell >= 2.4.0 to the agent-sec-cosh-hook subpackage to ensure the safety-priority merge logic is present.

Root Cause

In copilot-shell 2.3.0 cli.js, HookAggregator.mergeOutputs switch statement is missing case HookEventName.UserPromptSubmit: in the mergeWithOrLogic branch. It falls through to default: mergeSimple(outputs), which does { ...merged, ...output } for each output — last-write-wins.

Commit 42d6cac3 ("fix(cosh): route UserPromptSubmit through safety-priority merge") added the missing case, ensuring the most restrictive decision (ask/block) wins. This fix is in copilot-shell >= 2.4.0.

Fix

 %package -n agent-sec-cosh-hook
 Summary:        CoPilot Shell security hooks with linux-sandbox
 Requires:       agent-sec-cli = %{version}-%{release}
+Requires:       copilot-shell >= 2.4.0
 Requires:       bubblewrap

Verification

  • Applied patch on ECS (fresh clone of anolisa main 161859b9)
  • Build: source /root/.cargo/env && bash scripts/rpm-build.sh agent-sec-core → exit 0, all 8 RPMs produced
  • Verified rpm -qpR agent-sec-cosh-hook-0.7.0-1.alnx4.x86_64.rpm includes copilot-shell >= 2.4.0

This PR was automatically generated by the nightly test pipeline (run nightly-20260704-020034).

…ackage

The cosh-hook subpackage provides security hooks (prompt-scanner,
pii-checker, etc.) for copilot-shell. Without a version dependency,
it can be installed against copilot-shell 2.3.0, which lacks the
UserPromptSubmit safety-priority merge fix (commit 42d6cac).

In copilot-shell 2.3.0, HookAggregator.mergeOutputs uses
last-write-wins (mergeSimple) for UserPromptSubmit, causing a later
'allow' decision to silently override an earlier 'ask' security
interception.

Add Requires: copilot-shell >= 2.4.0 to ensure the safety-priority
merge logic is present.

Fixes alibaba#1321
@zhangtaibo zhangtaibo requested a review from yangdao479 as a code owner July 3, 2026 20:22
@github-actions github-actions Bot added the component:sec-core src/agent-sec-core/ label Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:sec-core src/agent-sec-core/

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[agent-sec-core] cosh-hook subpackage missing Requires: copilot-shell >= 2.4.0 — UserPromptSubmit safety-priority merge bypassed on old copilot-shell

1 participant