Install gate, Phase 1: core gate — corgea pip|npm install <named targets>#111
Open
juangaitanv wants to merge 3 commits into
Open
Install gate, Phase 1: core gate — corgea pip|npm install <named targets>#111juangaitanv wants to merge 3 commits into
juangaitanv wants to merge 3 commits into
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
juangaitanv
added a commit
that referenced
this pull request
Jun 12, 2026
…gistry Addresses Cursor review on #111. - npm `--tag <value>` now resolves the named dist-tag for a bare spec (`npm install --tag beta pkg` gates the beta release, not latest), so a fresh/vulnerable beta/canary no longer bypasses both blocks. Explicit pins/tags still win. - pip `--pre` makes prereleases eligible: PypiVersion now parses PEP 440 prereleases (dev<a<b<rc, all below the plain release) and the resolver includes them only when `--pre` is set, so the gate verdicts the prerelease pip would install instead of the latest stable. - a custom registry/index flag (`--registry`, `-i`, `--index-url`, `--extra-index-url`) now prints a loud warning that the gate resolves against the default registry and can't vouch the mirrored artifact — full mirror resolution / allow-listing stays out of scope (documented limitation, separate PRD).
juangaitanv
force-pushed
the
install-gate-phase-1
branch
from
68dbba9 to
5a99db0
Compare
juangaitanv
added a commit
that referenced
this pull request
Jun 12, 2026
…gistry Addresses Cursor review on #111. - npm `--tag <value>` now resolves the named dist-tag for a bare spec (`npm install --tag beta pkg` gates the beta release, not latest), so a fresh/vulnerable beta/canary no longer bypasses both blocks. Explicit pins/tags still win. - pip `--pre` makes prereleases eligible: PypiVersion now parses PEP 440 prereleases (dev<a<b<rc, all below the plain release) and the resolver includes them only when `--pre` is set, so the gate verdicts the prerelease pip would install instead of the latest stable. - a custom registry/index flag (`--registry`, `-i`, `--index-url`, `--extra-index-url`) now prints a loud warning that the gate resolves against the default registry and can't vouch the mirrored artifact — full mirror resolution / allow-listing stays out of scope (documented limitation, separate PRD).
juangaitanv
force-pushed
the
install-gate-phase-1
branch
from
5a99db0 to
ddd215b
Compare
Harvested from the install-vuln-gate spike (dfac68e), trimmed to named-target paths: no tree resolution, no uv/yarn/pnpm, no --json, no token auth — public fail-open mode only. - corgea npm|pip wrap their package manager: install verbs (found behind global flags) gate named targets; everything else passes through with the manager's own exit code - two independent blocks: publish recency (-t, default 2d) and the vuln-api verdict on each resolved version - refusal output built for agent self-correction: per-advisory "fixed in <version>" lines and a "→ safe version:" steer naming the highest fix covering every advisory - --force overrides everything; --no-fail demotes recency only - git/URL/path/editable specs are noted, never blocked; -r files and bare installs noted, not gated - public mode fails open: vuln-api outages warn and continue - pip→pip3 binary fallback; pip3/pip-add "did you mean" guidance - SKILL.md: install-wrapper section with limitations + staging targets Verified end-to-end: all four deterministic staging targets (axios@0.21.0, minimist@0.0.8, node-fetch@2.6.0, mezzanine==6.0.0) block with exit 1 and steer to the fixed version; installing the steered version passes.
…gistry Addresses Cursor review on #111. - npm `--tag <value>` now resolves the named dist-tag for a bare spec (`npm install --tag beta pkg` gates the beta release, not latest), so a fresh/vulnerable beta/canary no longer bypasses both blocks. Explicit pins/tags still win. - pip `--pre` makes prereleases eligible: PypiVersion now parses PEP 440 prereleases (dev<a<b<rc, all below the plain release) and the resolver includes them only when `--pre` is set, so the gate verdicts the prerelease pip would install instead of the latest stable. - a custom registry/index flag (`--registry`, `-i`, `--index-url`, `--extra-index-url`) now prints a loud warning that the gate resolves against the default registry and can't vouch the mirrored artifact — full mirror resolution / allow-listing stays out of scope (documented limitation, separate PRD).
…tag, no resolution guessing - pypi resolution adopts the registry's canonical spelling (info.name, guarded to PEP 503-equivalent values so a hostile mirror can't redirect the verdict to another package's identity). The vuln-api keys advisories by lowercase(canonical), so checking a user-typed variant (Flask_Cors) would miss the flask-cors row and fail open. - npm --tag is last-wins like npm's own config parser; gating the first of two --tag flags verdicts the wrong dist-tag. - pick_latest_stable no longer guesses by upload time when nothing parses as PEP 440 (could pick a prerelease without --pre); a visible resolution error replaces the silent wrong pick. - Resolution-error output now states the target is ungated.
juangaitanv
force-pushed
the
install-gate-phase-1
branch
from
ddd215b to
5fb3e5d
Compare
juangaitanv
requested review from
Ibrahimrahhal,
asadeddin,
leenk7991 and
yhoztak
leenk7991
reviewed
Jun 15, 2026
| key("pypi", "oldpkg", "1.0.0"), | ||
| vulnerable_body("pypi", "oldpkg", "1.0.0", "MAL-2024-0001", Some("2.0.0")), | ||
| ); | ||
| let mut h = pip_harness(checks, HashMap::new(), 0); |
There was a problem hiding this comment.
should we add npm_harness and mirror the same test coverage we have for pip here
leenk7991
reviewed
Jun 15, 2026
| | `--force` | | Proceed despite all findings (vulnerable, recent). Findings still print. | | ||
|
|
||
| Overrides for testing: `CORGEA_PYPI_REGISTRY`, `CORGEA_NPM_REGISTRY`, | ||
| `CORGEA_VULN_API_URL`. |
There was a problem hiding this comment.
should we tell the agents what the overrides are expected to be?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR is Phase 1 of the install-gate feature for the Corgea CLI.
Phase 1 is the first user-facing slice:
corgea npm install <target>andcorgea pip install <target>now gate named install targets before delegating to the real package manager.The gate resolves the concrete package version that would install, checks publish recency, checks Corgea's vuln-api verdict, and prints refusal output that an agent can use to self-correct to a safe version. This phase is public mode only: no token is sent, and vuln-api outages warn and continue.
Stacked on #110. Base branch:
install-gate-phase-0. Review this PR's diff in isolation; it contains the Phase 1 slice.What Phase 1 Includes
npm --loglevel silent install xis still gated because the verb is found outside flag values.--tag, PEP 440 specifiers, wildcards, post-releases, and pip--pre.-t, default2d) and vuln-api verdict.fixed in <version>lines and asafe versionsteer that names the highest version covering every advisory.--forcebypasses all install-gate blocks;--no-faildemotes recency failures only.name @ url, and npmuser/repospecs pass through with a note and are not blocked.skills/corgea/SKILL.mddocuments the wrapper behavior and limitations.Deliberately Out Of Scope
Later phases add:
npm ci--jsonExit Criteria - Met
Verified end-to-end against the live staging worker through loopback registry and vuln-api proxies with real npm/pip resolution:
axios@0.21.0axios@0.21.2minimist@0.0.8minimist@1.2.2node-fetch@2.6.0node-fetch@2.6.7mezzanine==6.0.0Installing the steered
axios@0.21.2passes the gate../harness checkpasses.