Address seven review findings across detectors, CLI, and CI#48
Merged
Conversation
Contract-hardening patch: 5 P0/P1 fixes from external review. Lockfile only on this branch — leaving the in-flight fix/review-findings work untouched. ^0.7.0 absorbs the patch so no package.json change needed.
- mcp-risk: package-range detection now recognizes ^, ~, >=, *, and
bare names. Previously `@vendor/pkg@^1.2.3` slipped past the unpinned
check because the looksLikePackageName regex didn't admit range
operators.
- codex-config: walk the parsed TOML tree for sandbox/approval/network
keys so inline tables like `sandbox_workspace_write = { network_access
= true }` and `windows = { sandbox = "danger-full-access" }` surface
findings instead of returning rating: "none".
- git-snapshot: wrap rev-parse failures in a ScopeTrailError that names
the unresolvable ref and hints at fetch-depth: 0 — no more raw Node
stack traces escaping to user output.
- package.json + CI: declare engines.node >=20 (agent-gov-core@>=0.7
requires it) and test the supported Node range (20, 22, 24).
- tests: move codex-config-drift temp dirs out of node_modules and use
os.tmpdir(); the tmpdir import was already there but unused.
- CLI: add --fail-on so non-GitHub CI users get the same threshold gate
the Action has. action.yml now defers to the CLI (exit 1 on threshold
trip) instead of reimplementing the rank table in bash.
- repo hygiene: .gitignore now keeps .mcp.json and /.claude/ out at the
root (matching the existing /.codex/ rule) so the demo-PR fix can't
silently regress; package-surface test enforces the same.
npm test 66/66, tsc --noEmit 0, npm pack 17 files unchanged,
npm audit --omit=dev 0 vulnerabilities.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the seven follow-ups from the review pass. Each is independently testable and lands with a focused regression test.
mcp-risk.tsnow treats@vendor/pkg@^1.2.3,~1.2.3,>=1.2.3,*, and bare names as unpinned. The previouslooksLikePackageNameregex rejected range operators entirely so these slipped past thenpx/bunx/uvx/pipxunpinned check.detectCodexConfigDriftwalks theparseTomltree forsandbox/approval/networkkeys, so inline tables likesandbox_workspace_write = { network_access = true }andwindows = { sandbox = "danger-full-access" }produce findings instead of ratingnone. The split between regex parsing (sandbox/approval/network) andparseToml(trusted projects) is gone.git-snapshot.tsexports aScopeTrailError;verifyGitRefwrapsrev-parsefailures with a concise message that names the ref and hints atfetch-depth: 0. Caught inmain()so the CLI exits 2 with that message instead of leaking a Node stack trace.package.jsondeclaresengines.node: ">=20"(matchingagent-gov-core@>=0.7's requirement), and CI matrices Node 20/22/24.test/codex-config-drift.test.mjsuseos.tmpdir()(the import was already there, unused) instead of writing undernode_modules/.--fail-onin CLI — threshold logic moved intosrc/index.tsviameetsFailOnThresholdinreport.ts.action.ymlnow passes--fail-on $fail_onto the CLI and captures exit status, removing the bash rank table.74f3f52already untracked the demo.mcp.json/.claude/settings.json. This PR adds.gitignorerules matching the existing/.codex/pattern and a regression test intest/package-surface.test.mjsso the live demo files can't come back unnoticed.Five new tests added; one CI workflow assertion updated for the Node matrix. The action wrapper drops the bash rank helper in favor of the CLI gate.
Test plan
npm test— 66/66 pass (was 59/59)npx tsc -p tsconfig.json --noEmit— exit 0npm pack --dry-run --json— 17 packaged files, no changenpm audit --omit=dev— 0 vulnerabilities🤖 Generated with Claude Code