Skip to content

fix: telemetry path leak + REPL hardcoded block count#34

Merged
b-macker merged 1 commit into
masterfrom
fix/gemini-audit-g1-g2
Jun 14, 2026
Merged

fix: telemetry path leak + REPL hardcoded block count#34
b-macker merged 1 commit into
masterfrom
fix/gemini-audit-g1-g2

Conversation

@b-macker

@b-macker b-macker commented Jun 14, 2026

Copy link
Copy Markdown
Owner

Summary

Fixes from Gemini 30-level slop audit triage. Of ~20 findings, 15 were false positives or by-design. 2 real issues fixed here:

  • G-1 (CRITICAL): Telemetry events in governance_reports.cpp included raw absolute paths (ev["file"] = current_check_file_) forwarded unsanitized to external webhooks via telemetry_forwarder.cpp. Applied ErrorSanitizer::sanitizeFilePaths() at both emission sites (refusal attestation + check results loop).
  • G-2 (LOW): REPL printed hardcoded "24,167 blocks available" — a static number with no runtime basis. Removed.

Notable false positives from the audit

  • L9 "STANDARD sandbox too permissive" — BY DESIGN (enforce upgrades unrestricted→standard)
  • L15 "Persistent executor loses state" — FALSE (name means subprocess lifetime, not session state)
  • L27 "No retry in agent_provider" — FALSE (retry+backoff+jitter exists in agent_impl.cpp)
  • L1 "51 STUBs" — OVERSTATED 8.5x (only 5 remain, already cleaned in R8)
  • L17 "Redundant sort" — FALSE (SQL sorts by usage, C++ re-sorts by computed weighted score)

Test plan

  • Build: 0 errors
  • Security leak test: 738/738, 0 failures
  • Config fuzz test: 100/100, 0 crashes
  • Full test suite: 396/396 accounted, 0 unexpected failures

🤖 Generated with Claude Code

@claude
fix: telemetry path sanitization + REPL hardcoded block count
4187509 
G-1 (CRITICAL): Telemetry events in governance_reports.cpp included raw
absolute paths (e.g., /data/data/com.termux/files/home/...) in ev["file"]
fields. These flowed unsanitized through telemetry_forwarder to external
webhooks, leaking host directory structure. Fixed by applying
ErrorSanitizer::sanitizeFilePaths() at both emission sites (line 249
emitRefusalAttestation, line 887 writeTelemetry loop).

G-2 (LOW): REPL printed hardcoded "24,167 blocks available" — a static
number with no runtime basis. Removed.

Findings from Gemini 30-level slop audit, verified against actual code.
15 of 20 claims were false positives or by-design.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

NAAb Governance Report

Metric Count
Files checked 16
Passed 16
Failed 0

All governance checks passed!

Generated by NAAb Governance Engine v4.0

@b-macker b-macker merged commit 02754ef into master Jun 14, 2026
20 checks passed
@b-macker b-macker deleted the fix/gemini-audit-g1-g2 branch June 14, 2026 16:37
@b-macker b-macker mentioned this pull request Jun 14, 2026
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@b-macker