fix: harden scanner quality paths by limaronaldo · Pull Request #24 · aiconnai/agentshield

limaronaldo · 2026-06-20T14:36:45Z

Summary

Split the CLI command implementations into focused modules while keeping the public command surface unchanged.
Harden shell backtick parsing and SHIELD-016 unsafe deserialization detection, including comment/string/doc false-positive coverage.
Remove unused direct Rust dependencies and update parser docs for the current Python regex parser behavior.
Add a harness PR-title policy guard that rejects titles containing [codex].

rtk cargo fmt --check
rtk cargo test
rtk cargo clippy -- -D warnings
rtk cargo test --workspace --all-features
rtk cargo clippy --workspace --all-targets --all-features -- -D warnings
rtk cargo check --no-default-features --all-targets
rtk cargo check --no-default-features --features python --all-targets
rtk cargo machete
rtk npm run compile in vscode/
Targeted CLI smokes for SHIELD-001 shell backticks and SHIELD-016 pickle.loads
rtk bash docs/harness/bin/doctor.sh
rtk bash docs/harness/bin/sensors.sh docs
rtk bash docs/harness/bin/sensors.sh quick
rtk bash docs/harness/bin/pr-title-policy.sh --current-pr

limaronaldo added 2 commits June 20, 2026 11:36

fix: harden scanner quality paths

9df6d80

chore: enforce clean PR titles

daa1120

limaronaldo marked this pull request as ready for review June 20, 2026 14:51

limaronaldo merged commit 902c26b into main Jun 20, 2026
9 checks passed

limaronaldo deleted the codex/code-quality-fixes branch June 20, 2026 14:52