fix(security): isolate issue task execution#5495
Open
WhinoDo wants to merge 26 commits into
Open
Conversation
|
@WhinoDo is attempting to deploy a commit to the IndexLabs Team on Vercel. A member of the Team first needs to authorize it. |
c255806 to
614228a
Compare
Bind task roots, cwd, and executable identities before launch, recheck them immediately before Start, and keep Linux mounts on open descriptors while reserving leading ExtraFiles for Pi session FD handoff. Darwin remains pathname-based and fails closed on identity replacement.
Close the race where automatic Desktop restarts could diagnose and stop separately, and ensure idle-required shutdown acquires the claim barrier before process exit so tasks cannot be claimed mid-restart.
1a16465 to
ea844d4
Compare
Author
Ready for maintainer mergeCandidate SHA:
Independent Reviewer (exact SHA): APPROVED for What this landsIssue-task execution scope isolation + daemon lifecycle serialization:
Why we cannot self-merge
Post-merge request for AThink local canaryAfter merge, we will:
Thank you. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Restrict daemon-issued issue task capabilities to their bound issue/task and repository work root. Task tokens cannot read or mutate workspace/project/repository management configuration, agents, runtimes, autopilot, skills, squads, foreign issues/tasks, sibling state, or daemon-owner credentials/files. Human PAT/JWT operator administration remains unchanged.
Candidate identity
ea8511340e6949436c04edea00dabeeebba342339eed256821eca342efe8d4d0c88a65e9c68932d9d30dd9a5d03a50e59046b3181a4bf17d3706456fVerification
go test ./internal/daemon ./pkg/agent -count=1go vet ./internal/daemon ./pkg/agentgo test ./... -count=1go vet ./...go test -race ./internal/daemon -count=1go test -race -p 1 ./... -count=1pkg/agentgit diff --checkand gofmt checksA fully parallel race run produced four fixed-timeout failures under host load; all four passed three isolated race runs, and the complete serial race suite passed.
Independent review
Independent read-only Codex reviewer
019f67b4-ff28-78c2-a95b-ec305f05c850reviewed the exact candidate/tree above and returnedAPPROVEDwith no P0/P1 findings.Nonblocking findings:
issue rerunandissue runs, while the server rejects them.No canary or downstream AThink work will be treated as unlocked until this candidate is merged, deployed, and a real task-token canary proves byte-identical management configuration before/after.