Skip to content

fix: scope architect-guarded early-return to fix backward-compat regression#959

Merged
zaxbysauce merged 5 commits into
mainfrom
copilot/fix-evidence-file-changes
May 22, 2026
Merged

fix: scope architect-guarded early-return to fix backward-compat regression#959
zaxbysauce merged 5 commits into
mainfrom
copilot/fix-evidence-file-changes

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 21, 2026
edited
Loading

Shell write enforcement had a gap: when no declared scope was present, bash/shell write paths skipped agent authority checks and could still mutate blocked targets (e.g. .swarm/evidence/*.json). This change aligns shell-write enforcement with write/edit/patch authority behavior so blocked zones remain blocked regardless of scope state.

  • Root cause addressed: scope-only gate in shell write path

    • checkShellWriteScope(...) previously returned early when declaredScope was empty, which bypassed per-agent file authority evaluation for shell commands.

  • Guardrail hardening in src/hooks/guardrails.ts

    • Enforce active-agent requirement for shell writes (fail closed when session has no active agent).
    • Apply universal deny-prefix checks to resolved shell write targets.
    • Run checkFileAuthorityWithRules(...) for each resolved shell write target before scope checks.
    • Keep declared-scope validation as an additional constraint (when scope exists), rather than the only constraint.

  • Regression coverage in tests/unit/hooks/guardrails-shell-write.test.ts

    • Added architect-specific regression cases proving blocked behavior without declared scope:
      • redirection to .swarm/evidence/5.4.json
      • interpreter-eval write attempt via python3 -c ...
const authorityCheck = checkFileAuthorityWithRules(
  shellWriteAgent,
  write.resolvedPath,
  effectiveDirectory,
  precomputedAuthorityRules,
  { declaredScope },
);
if (!authorityCheck.allowed) {
  throw new Error(
    `WRITE BLOCKED: Agent "${shellWriteAgent}" is not authorised to write "${write.resolvedPath}" (via shell). Reason: ${authorityCheck.reason}`,
  );
}

Copilot AI linked an issue May 21, 2026 that may be closed by this pull request
[Bug] Architect still finds ways to change evidence files #949
Closed
Copilot AI changed the title [WIP] Fix issue with architect changing evidence files Harden shell-write guardrails to block architect evidence-file bypasses May 21, 2026
Copilot AI requested a review from zaxbysauce May 21, 2026 21:28
Your Name added 3 commits May 21, 2026 21:45
fix: scope architect-guarded early-return to fix backward-compat regr…
60e5319 
…ession

The original PR #959 fix removed the blanket early-return from
checkShellWriteScope to close the architect evidence-file bypass, but
this broke backward compatibility for non-architect agents (coder, etc.)
who relied on 'no scope = allow all' behavior.

This commit adds an architect-guarded early-return:
- Architect agents always run full authority checks (closes bypass)
- Non-architect agents without scope preserve original behavior (backward compat)
- stripKnownSwarmPrefix handles multi-swarm prefixed names (mega_architect,
  lowtier_architect)

Test changes:
- Updated 13 'outside declared scope' expectations to match the new
  authority-before-scope error messages
- Added 4 compensating tests: positive architect, with-scope,
  mega_architect, lowtier_architect

Resolves: 15 test failures (2 backward-compat regressions + 13 error
message updates)
Merge remote-tracking branch 'origin/main' into copilot/fix-evidence-…
ba3010f 
…file-changes

# Conflicts:
#	dist/cli/index.js
#	dist/index.js
#	docs/releases/pending/shell-write-interception-regression.md
chore: rebuild dist after merge
f62bc80
@zaxbysauce zaxbysauce changed the title Harden shell-write guardrails to block architect evidence-file bypasses fix: scope architect-guarded early-return to fix backward-compat regression May 22, 2026
@zaxbysauce zaxbysauce marked this pull request as ready for review May 22, 2026 03:00
@zaxbysauce zaxbysauce merged commit 398293c into main May 22, 2026
12 of 13 checks passed
@zaxbysauce zaxbysauce deleted the copilot/fix-evidence-file-changes branch May 22, 2026 03:00
@github-actions github-actions Bot mentioned this pull request May 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zaxbysauce zaxbysauce Awaiting requested review from zaxbysauce

Assignees

@zaxbysauce zaxbysauce

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Architect still finds ways to change evidence files

2 participants

@zaxbysauce