Skip to content

fix(egress): wire reviewer-mode L2 import-audit (ast-based)#3

Open
kicrazom wants to merge 1 commit into
mainfrom
fix/egress-guard-l2-wire
Open

fix(egress): wire reviewer-mode L2 import-audit (ast-based)#3
kicrazom wants to merge 1 commit into
mainfrom
fix/egress-guard-l2-wire

Conversation

@kicrazom

@kicrazom kicrazom commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Makes egress_guard Level 2 real (was scaffolded but unwired, and status() falsely reported it "active"). Chosen over deletion: keep the defense-in-depth roadmap, make it enforce.

Changes

  • audit_imports → AST. The old line-regex missed dotted (from urllib.request import x), comma (import os, socket), and aliased imports — a reviewer-path script could pull network capability undetected. ast.parse + walk catches all import forms (top-level module, absolute only). Drops _IMPORT_RE/re.
  • assert_local_imports(paths, mode) — Level-2 companion to assert_local_only; in reviewer-mode raises EgressViolation if any audited script imports a network module; no-op otherwise.
  • Wired in kb/query.py — reviewer-mode now audits the dispatched provider's source file before running it (inspect.getsourcefile). folder/obsidian are clean, so local reviewer queries still succeed.
  • Level 3 (run_sandboxed) left scaffolded — no reviewer subprocess chokepoint wires it yet; docstring says so honestly.

Tests

+4: AST catches dotted/comma imports; assert_local_imports blocks network in reviewer / allows clean+author; reviewer+folder e2e still ok. Full suite green; ruff clean. Manually verified a leaky provider is blocked in reviewer mode, allowed in author mode.

Not included

permutation_test / multiple_testing reimplement scipy/statsmodels — deliberate deterministic-core, kept.

🤖 Generated with Claude Code

egress_guard: audit_imports rewritten on ast (catches dotted `from a.b import`,
  comma `import a, b`, aliased imports the line-regex missed); add assert_local_imports
  (reviewer-mode; no-op otherwise); drop _IMPORT_RE/re; docstring L2 wired, L3 scaffolded
kb/query.py: reviewer-mode audits dispatched provider source via assert_local_imports (L2)
tests: dotted/comma audit, assert_local_imports reviewer/author, reviewer+folder e2e ok

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant