Harden KAG export artifact admission#493
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d65d0f2bc1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| for raw in ( | ||
| os.environ.get("ABYSS_MACHINE_REPO_ROOT"), | ||
| os.environ.get("ABYSS_MACHINE_PACKAGE_ROOT"), | ||
| "/srv/AbyssOS/abyss-machine", | ||
| ): |
There was a problem hiding this comment.
Sanitize the same abyss-machine roots the importer uses
When abyss-machine is discovered through the built-in adjacent or home checkout fallbacks in _candidate_abyss_machine_roots() (for example /workspace/abyss-machine or ~/src/abyss-machine), _import_artifact_bundles() passes that root into the verifier, but this new sanitizer only redacts env-provided roots and /srv/AbyssOS/abyss-machine. If the generated sidecars or registry payloads contain the selected abyss_repo_root, those common fallback layouts are left unsanitized and the later public-leak assertion against abyss_machine_root still rejects the bundle instead of producing the portable redaction this change is meant to guarantee.
Useful? React with 👍 / 👎.
What changed
abyss-machineroots before public KAG-export bundle signing and gatingWhy
The KAG export validator could retain host-specific verifier paths and did not fully constrain the consumer admission response. The updated boundary is portable and explicit.
Validation
python scripts/ci_gate.py --mode source-fastpython scripts/release_check.pyincluding part-local and mechanics suites