fix(cli): preserve familiar agent access precedence#27
Open
BunsDev wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes a security precedence mismatch between the interactive /agents familiar picker and runtime agent resolution, where project settings.json agent definitions could shadow a user familiar ID and thereby change the effective tool-access tier.
Changes:
- Introduces
default_agents_with_familiars_and_config()to merge built-ins, settings-defined agents, and familiars while preventing settings from shadowing familiar IDs (built-ins still block familiar ID collisions as before). - Switches CLI agent resolution (both
--agentand interactive agent-mode changes) to use the new merge helper so selection and runtime resolution align. - Adds regression tests to lock in the intended precedence rules (familiars over settings for the same ID; settings can still override built-ins).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src-rust/crates/core/src/coven_shared.rs |
Adds a new merge helper enforcing familiar-vs-settings precedence and adds regression tests for the shadowing scenario and builtin-override behavior. |
src-rust/crates/cli/src/main.rs |
Updates headless and interactive agent-definition resolution to use the new helper, aligning picker and runtime behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
/agentspicker returned a familiar id but runtime resolution merged projectsettings.jsonagents over familiars, allowing an untrusted project agent to shadow a user familiar and escalate tool access.Description
default_agents_with_familiars_and_config()insrc-rust/crates/core/src/coven_shared.rsto merge built-ins, settings-defined agents, and familiars while preventing project settings from shadowing familiar ids (built-ins still win where intended).--agentresolution and interactive agent-mode switching insrc-rust/crates/cli/src/main.rsso the picker selection and runtime agent definition resolve to the same trusted familiar access tier.default_agents_with_familiars_and_config_keeps_familiar_over_settings_shadowanddefault_agents_with_familiars_and_config_preserves_settings_builtin_overrideinclaurst-coreto prevent reintroduction of the shadowing bug.Testing
cargo test --package claurst-core coven_shared; the unit tests (including the two new regressions) passed successfully.cargo check --workspaceandcargo clippy --workspace --all-targets -- -D warnings, but both were blocked by a missing system dependency (alsa.pcrequired byalsa-sys) in the environment.cargo fmt --all --checkreported pre-existing workspace formatting diffs unrelated to this change (formatting issues already present outside the modified files).Codex Task