Skip to content

2026-07-11 audit follow-up: CSDK-112/CREW-109/VAI-009 defenses, AG2-004 GroupChat anchor#19

Open
jhumel-code wants to merge 1 commit into
mainfrom
fix/rules-audit-2026-07-11-followup
Open

2026-07-11 audit follow-up: CSDK-112/CREW-109/VAI-009 defenses, AG2-004 GroupChat anchor#19
jhumel-code wants to merge 1 commit into
mainfrom
fix/rules-audit-2026-07-11-followup

Conversation

@jhumel-code

Copy link
Copy Markdown
Collaborator

Rulebook side of the 2026-07-11 audit follow-up (pairs with trustabl-rules#35).

Changes

  • Full defense blocks for the three new rules: CSDK-112 (subagent WebSearch), CREW-109 (CrewAI file-write tools), VAI-009 (Vercel provider web-retrieval tools) — each with what-we-detect, severity/confidence defense, FP/evasion gaps, and OWASP references.
  • AG2-004 rationale updated for the GroupChat anchor (why the manager must not be matched) and its prose confidence corrected to 0.6 to match the shipped YAML.
  • CSDK-111 (MultiEdit/NotebookEdit), PYD-103 (WebSearchTool), VAI-006 (textEditor) widenings documented; deliberate exclusions (DirectoryRead/SearchTool, openai fileSearch) recorded in the what-this-does-not-cover sections.
  • POLICY_INDEX.md files regenerated from the 190-rule pack.

tools/check_rulebook.py green (190 rules, 84 docs, 0 warnings) against the rules follow-up branch.

🤖 Generated with Claude Code

…, AG2-004 GroupChat anchor, index regen

Full defense blocks for the three new rules; AG2-004 rationale updated for the GroupChat anchor (and its prose confidence corrected to 0.6); CSDK-111 and PYD-103 needle widenings documented; indexes regenerated from the 190-rule pack.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant