Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
Hey The PR description is thorough, each change is traceable to a named requirement or test ID, and the RFC 2119 keyword statement added to the model-alias spec is a nice normative clarity touch. This looks ready for review. 🚀
|
PR Triage
Breakdown: SPDD batch 4 — adds safeguards/norms/sync-notes to spec files and MCP access-control compliance fixtures. 583 add / 4 del. Draft. Docs/spec-only changes, no production code impact. Low urgency. Next: Queue for human spec review when batch-4 SPDD sprint is scheduled.
|
Five specs reviewed in batch 4 of the daily SPDD rotation had gaps in Safeguards, Sync Notes, Norms, and compliance test coverage. Addresses all nine checklist items.
scratchpad/guard-policies-specification.md## Entities— normative definitions forGitHubReposScope,GitHubIntegrityLevel,GitHubToolConfigguard-policy fields, and a formal deprecation block for the legacyreposalias (migration viagh aw fix, removal target v2.0.0)## Safeguards— five MUST requirements (GP-S001–GP-S005): empty-allowlist rejection, lockdown supremacy,allowed-repos+min-integrityco-requirement, legacy-field isolation, absent-policy-is-not-permissive## Sync Notes— maps spec sections topkg/workflow/mcp_github_config.go,tools_validation_github.go,tools_types.go, andsafeoutputs_guard_policy_test.godocs/src/content/docs/specs/repository-package-manifest-specification.mdfilesentries containing../or resolving outside the package root must be rejecteddocs/src/content/docs/specs/model-alias-specification.mdmodel_alias_validation_test.go); informative error-message format addedscratchpad/github-mcp-access-control-specification.md+specs/github-mcp-access-control-compliance/exact-match-allow.yamlwildcard-deny.yamlrole-deny.yamlprivate-repo-block.yamlprivate-repos: falseblocks private, passes publicintegrity-level-block.yamlmin-integritythreshold enforcement + no-policy pass-through