Safety fixes: parent-done guard, verification nullsafe, metadata inheritance, role leak#69
Open
krandder wants to merge 1 commit into
Open
Safety fixes: parent-done guard, verification nullsafe, metadata inheritance, role leak#69krandder wants to merge 1 commit into
krandder wants to merge 1 commit into
Conversation
…ritance, role leak 1. Parent-done guard (verifyCompletion): - Layer 1: block marking parent done if any children are non-terminal - Layer 2: block if completionRule=and and not all terminal children are done - Layer 3: block if metadata.repo set but stateRef missing/zeroed 2. Role_mismatch identity leak: remove agent ID and assignee/reviewer names from error messages to prevent agents from learning who to impersonate 3. Metadata inheritance in decompose handlers: children now inherit all parent metadata (minus bookkeeping fields like claimedAt, claimedBy, etc.) instead of only priority/assignee/reviewer 4. applyLeaseGranted ts fallback: use Date.now() when event.ts is missing to prevent leaseExpiresAt = NaN from external tool events 5. Type fixes (pre-existing compilation errors): - Add "file" to ArtifactKind union + path/sizeBytes to ArtifactEvidence - Add optional source to TaskCompleted and TaskFailed interfaces
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Defensive improvements that prevent real bugs hit in production. Independent of the review/context/journal endpoints PR.
verifyCompletion()function blocks marking a parent task done while children are still active (Layer 1: non-terminal children rejected, Layer 2: completionRule=and requires all children done, Layer 3: metadata.repo requires valid stateRef)role_mismatcherror no longer includes the assigned agent's ID or the claimer's ID, preventing agents from learning who to impersonateapplyLeaseGranted()usesDate.now()whenevent.tsis missing, preventingleaseExpiresAt = NaNfrom external tool events"file"toArtifactKind,path/sizeBytestoArtifactEvidence, optionalsourcetoTaskCompleted/TaskFailedNot included
role_mismatchhint (fix Clarify journal.md as primary reviewer artifact #6 from spec):dist/is gitignored in this repo. Workspace-only patch.task.verification?.requiredModenullsafe fix (fix Add JSONL persistence backend #2 from spec):requiredModedoes not exist in the taskcore repo's type system. N/A.Verification
npx tsc --noEmitpasses (0 errors, down from 6 pre-existing errors on main)npx vitest run)Test plan
children_pendingerrornpx tsc --noEmitpassesnpx vitest run— 100 tests pass, 0 fail