Skip to content

feat: retry intercept script when known-error fix succeeds#302

Merged
rubberduck203 merged 4 commits into
mainfrom
lde-463-intercept-retry-on-fix
Apr 15, 2026
Merged

feat: retry intercept script when known-error fix succeeds#302
rubberduck203 merged 4 commits into
mainfrom
lde-463-intercept-retry-on-fix

Conversation

@rubberduck203
Copy link
Copy Markdown
Contributor

@rubberduck203 rubberduck203 commented Apr 14, 2026
edited
Loading

Why

`scope-intercept` is used as a shebang interpreter for setup scripts. When the wrapped command fails, it already detected known errors and showed help text — but it never ran fixes or retried the script. This meant engineers still had to manually apply the fix and re-run the script themselves.

`scope doctor` gained self-healing behaviour in #204: when a fix succeeds, the action is automatically retried. This PR extends the same behaviour to `scope-intercept`.

What changed

src/shared/mod.rs — Changed pub(crate) mod analyze to pub mod analyze so the shared fix-and-analyze infrastructure is accessible from the binary crates.

src/shared/analyze/mod.rs — Added yolo: bool to process_lines and prompt_and_run_fix. When true, known-error fix prompts are auto-approved without requiring a TTY. This is the shared fix-prompt path used by both scope-intercept and scope doctor.

src/bin/scope-intercept.rs — Added --yolo / -y flag. On command failure:

  1. Feed captured output through analyze::process_lines to match known errors, prompt, and run fixes.
  2. If the fix succeeds, re-run the entire original command.
  3. If the retry succeeds, return exit 0. If it fails, fall through to the bug-report flow.
  4. Extracted offer_bug_report() to avoid duplicating that logic across the original-failure and retry-failure paths.

src/doctor/check.rs / src/doctor/commands/run.rs — Bug fix discovered while adding --yolo to scope-intercept: scope doctor --yolo was not auto-approving known-error fix prompts that fire during check analysis (analyze_known_errors), even though it correctly auto-approved the check's own fix prompts. The yolo flag was never threaded into DefaultDoctorActionRun. Fixed by adding yolo: bool to the struct and passing args.yolo at construction.

src/analyze/cli.rs — Updated process_lines call sites to pass yolo: false; added a comment explaining why scope analyze is always interactive and doesn't expose --yolo.

Tests

7 E2E integration tests (tests/scope_intercept.rs):

  • Fix succeeds → retry succeeds (direct command and via script / shebang path)
  • Fix succeeds → retry still fails (fix resolves one error, second remains)
  • Known error found, no fix available
  • No TTY without --yolo → fix denied, command fails
  • Command succeeds on first try (no analysis triggered)
  • No known errors match → original exit code preserved

4 unit tests (src/doctor/check.rs, analyze_known_errors_spec):

  • yolo: true auto-approves the known-error fix
  • yolo: false without a TTY returns KnownErrorFoundUserDenied
  • Output not matching any pattern returns NoKnownErrorsFound
  • Pattern match with no fix configured returns KnownErrorFoundNoFixFound

🤖 Generated with Claude Code

rubberduck203 and others added 4 commits April 14, 2026 13:14
@rubberduck203 @claude
feat: retry intercept script when known-error fix succeeds
fe707e1 
When scope-intercept wraps a failing command, it now prompts the user
to run any available known-error fixes (the same fix infrastructure
used by scope doctor), and if a fix succeeds, automatically retries
the entire original command.

Previously, known errors were detected and help text was shown, but
fixes were never run and the command was never retried — the self-healing
behaviour only existed in scope doctor.

Closes LDE-463

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@rubberduck203 @claude
test: add --yolo flag, E2E and unit tests for intercept retry and doc…
00cdc75 
…tor known-error fix

- Add --yolo / -y flag to scope-intercept to auto-approve fix prompts
  (required for E2E tests since assert_cmd pipes stdin, no TTY)
- Thread yolo through process_lines and prompt_and_run_fix in
  shared::analyze so callers control whether to prompt or auto-approve
- Thread yolo from DoctorRunArgs through DefaultDoctorActionRun to
  analyze_known_errors, fixing a gap where scope doctor --yolo did not
  auto-approve known-error fix prompts triggered during check analysis
- Add comment to scope analyze explaining why yolo is not applicable there
- Add 7 E2E integration tests for scope-intercept (fix succeeds/retries,
  fix retried but still fails, no fix available, no TTY denial, succeeds
  first try, no match with exit code preserved, shebang script path)
- Add 4 unit tests for DefaultDoctorActionRun::analyze_known_errors
  (yolo auto-approves, no-TTY denied, no match, match without fix)
- Add test fixtures for intercept and doctor known-error scenarios

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@rubberduck203 @claude
style: apply cargo fmt
cb229c1 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@rubberduck203 @claude
chore: remove manual test plan
66667ee 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@rubberduck203 rubberduck203 marked this pull request as ready for review April 15, 2026 10:18
@rubberduck203 rubberduck203 requested a review from kejadlen April 15, 2026 10:18
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Apr 15, 2026

DryRun Security

This pull request introduces a critical security issue: the 'yolo' mode in scope-intercept will automatically load KnownError configurations from any .scope/ directory in the current or ancestor directories and execute commands defined there without confirmation, allowing an attacker to plant a malicious .scope/known-error.yaml in a repository and achieve arbitrary command execution with the victim's privileges. This behavior should be treated as a high-priority security fix (disable auto-execution, restrict config discovery, and require explicit user confirmation).

🔴 Arbitrary Command Execution via 'yolo' mode in src/shared/analyze/mod.rs (drs_3da5e534)
Vulnerability Arbitrary Command Execution via 'yolo' mode
Description The 'yolo' mode in scope-intercept enables automatic, non-interactive execution of commands defined in KnownError configurations. These configurations are loaded automatically from any .scope/ directory found in the current directory or its parent ancestors. An attacker can place a malicious .scope/known-error.yaml file in a repository. When a victim runs scope-intercept --yolo within that repository, the tool will parse the attacker-controlled configuration and execute the defined command automatically without further user confirmation, leading to arbitrary command execution with the user's privileges.

scope/src/shared/analyze/mod.rs

Lines 85 to 88 in 66667ee

let user_accepted = if yolo {
info!(target: "always", "{} Yes (auto-approved)", prompt_text);
if let Some(ctx) = extra_context {
info!(target: "always", "[{}]", ctx);

All finding details can be found in the DryRun Security Dashboard.

@rubberduck203 rubberduck203 merged commit a7ebe62 into main Apr 15, 2026
6 checks passed
@rubberduck203 rubberduck203 deleted the lde-463-intercept-retry-on-fix branch April 15, 2026 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kejadlen kejadlen kejadlen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rubberduck203 @kejadlen