[codex] Add Micro ECF policy pack#17
Conversation
|
Warning Rate limit exceeded
To continue reviewing without waiting, purchase usage credits in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughAdds Micro ECF portable governance: new documentation and workflow schema, a CLI example that builds/fingerprints/classifies policy packs and emits execute payloads and mount instructions, README and examples updates, and tests validating classification, payload constraints, and deterministic fingerprinting. ChangesMicro ECF policy pack (single coherent change DAG)
Sequence DiagramsequenceDiagram
participant CLI as User/CLI
participant Builder as PolicyBuilder
participant Classifier as ActionClassifier
participant Payload as PayloadBuilder
participant Output as JSONEmitter
CLI->>Builder: provide goal, task, action, max_cost, run_live
Builder->>Builder: create IntentContract & ExecutionBoundary
Builder->>Builder: compute deterministic SHA-256 fingerprint
Builder->>Output: emit policy pack JSON
CLI->>Classifier: request action classification
Classifier->>Classifier: keyword scan (sensitive / prohibited / secret)
Classifier->>Classifier: decide allow / review / deny + evidence
Classifier->>Output: emit action review result
CLI->>Payload: request execute payload
Payload->>Payload: embed policy pack & review decision
Payload->>Payload: set preview_only or live flags per policy
Payload->>Output: emit execute payload + Syrin mount instructions
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
tests/test_agoragentic_autonomous_lifecycle.py (1)
226-276: ⚡ Quick winAdd regression tests for word-boundary matching and deny payload execution lockout.
Please add cases that verify:
"display ..."does not trigger"pay"detection, andbuild_execute_payload(..., action=<denied>)sets execution intent to blocked (e.g.,prefer_execute == False).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/test_agoragentic_autonomous_lifecycle.py` around lines 226 - 276, Add two tests: one that calls micro_ecf.classify_action("display paywall", policy) (or similar phrase containing "display") to assert the decision does NOT mark "pay" or "live_spend" (verifying word-boundary matching), and another that builds a policy where the action is denied then calls micro_ecf.build_execute_payload(..., action=<denied>) and asserts the resulting payload's execution intent flag (e.g., payload["constraints"]["prefer_execute"] or equivalent field used by build_execute_payload) is False to ensure denied actions block execution; use the existing helpers micro_ecf.classify_action and micro_ecf.build_execute_payload and add tests alongside the other test_* methods.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@agoragentic/examples/micro_ecf_policy_pack.py`:
- Around line 228-231: The _contains_any function uses raw substring checks
causing false positives (e.g., "display" matches "pay"); replace the substring
test with boundary-aware matching by checking each term with a word-boundary
regular expression (use re.search with r'\b' + re.escape(term) + r'\b' and
re.IGNORECASE) so matches only occur on whole words; keep the function name
_contains_any and return the same list[str] of matched terms.
- Around line 302-307: The current constraints set "prefer_execute": True
regardless of a deny decision, which can let callers attempt execution even when
decision == "deny"; update the prefer_execute value in the constraints dict (the
line constructing "prefer_execute") so it only becomes True when the decision is
"allow" (and optionally when live spend is allowed) — e.g., set prefer_execute
to something like (decision["decision"] == "allow" and
policy.boundary.live_spend_allowed) so deny/preview decisions do not produce
executable routing intent.
---
Nitpick comments:
In `@tests/test_agoragentic_autonomous_lifecycle.py`:
- Around line 226-276: Add two tests: one that calls
micro_ecf.classify_action("display paywall", policy) (or similar phrase
containing "display") to assert the decision does NOT mark "pay" or "live_spend"
(verifying word-boundary matching), and another that builds a policy where the
action is denied then calls micro_ecf.build_execute_payload(...,
action=<denied>) and asserts the resulting payload's execution intent flag
(e.g., payload["constraints"]["prefer_execute"] or equivalent field used by
build_execute_payload) is False to ensure denied actions block execution; use
the existing helpers micro_ecf.classify_action and
micro_ecf.build_execute_payload and add tests alongside the other test_*
methods.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 82f6c796-f203-43fc-a1da-19dacf693b14
📒 Files selected for processing (6)
agoragentic/MICRO_ECF_POLICY_PACK.mdagoragentic/README.mdagoragentic/WORKFLOW_SCHEMAS.mdagoragentic/examples/README.mdagoragentic/examples/micro_ecf_policy_pack.pytests/test_agoragentic_autonomous_lifecycle.py
There was a problem hiding this comment.
🧹 Nitpick comments (2)
agoragentic/examples/micro_ecf_policy_pack.py (2)
107-118: 💤 Low value
as_dictshares mutable internal state.
MicroECFPolicyPack.as_dict()returnsself.review_gatesby reference, and the innerlist[str]values are also shared. Callers that mutate the returned mapping (e.g.,payload["input"]["micro_ecf"]["review_gates"]["live_spend"].append(...)) will silently mutate the frozen policy and break determinism offingerprint_policy. Returning a deep copy keeps the dataclass effectively immutable as advertised.♻️ Proposed change
- "review_gates": self.review_gates, + "review_gates": {key: list(values) for key, values in self.review_gates.items()},🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@agoragentic/examples/micro_ecf_policy_pack.py` around lines 107 - 118, MicroECFPolicyPack.as_dict currently returns references to mutable internals (notably review_gates and nested lists, plus consequence_axes and reconciliation_required), which allows callers to mutate the dataclass and invalidate fingerprint_policy; update MicroECFPolicyPack.as_dict to return a deep copy (or construct a new dict with copied lists/structures) so that review_gates, consequence_axes, reconciliation_required and any nested list values are new objects rather than references to self's internals, preserving immutability and ensuring fingerprint_policy remains deterministic.
26-47: 💤 Low valueConsider broader synonym coverage for spend/transact verbs.
With word-boundary matching,
"pay"no longer matches"payment","paywall", etc. Concretely, an action like"approve payment of $100"or"buy provider credits"currently classifies asallowbecause none ofexecute live,spend,pay,settlematch. If the intent of this term list is to fail-closed on common live-spend phrasings, consider also covering"payment","purchase","buy","charge","transact", or document that the matcher is intentionally narrow and callers must canonicalize action phrasing before review.♻️ Example expansion
SENSITIVE_ACTION_TERMS = ( "execute live", "spend", "pay", + "payment", + "purchase", + "buy", + "charge", "settle", "deploy", "write memory", "store secret", "retrieve secret", "send email", "post outreach", "change budget", )If the matchers are extended, the live-spend grouping at Line 254 and the evidence mapping at Line 279 should be updated to include the new terms.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@agoragentic/examples/micro_ecf_policy_pack.py` around lines 26 - 47, Expand the verb coverage in SENSITIVE_ACTION_TERMS (and optionally PROHIBITED_ACTION_TERMS) to include common synonyms and noun forms like "payment", "payments", "purchase", "purchases", "buy", "buying", "charge", "charges", "transact", "transaction", "transactions" (or decide and document that callers must canonicalize action phrasing); then update the live-spend grouping and evidence mapping references that depend on these tuples (the live-spend grouping and the evidence mapping) so they include the new terms or accept canonicalized inputs accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@agoragentic/examples/micro_ecf_policy_pack.py`:
- Around line 107-118: MicroECFPolicyPack.as_dict currently returns references
to mutable internals (notably review_gates and nested lists, plus
consequence_axes and reconciliation_required), which allows callers to mutate
the dataclass and invalidate fingerprint_policy; update
MicroECFPolicyPack.as_dict to return a deep copy (or construct a new dict with
copied lists/structures) so that review_gates, consequence_axes,
reconciliation_required and any nested list values are new objects rather than
references to self's internals, preserving immutability and ensuring
fingerprint_policy remains deterministic.
- Around line 26-47: Expand the verb coverage in SENSITIVE_ACTION_TERMS (and
optionally PROHIBITED_ACTION_TERMS) to include common synonyms and noun forms
like "payment", "payments", "purchase", "purchases", "buy", "buying", "charge",
"charges", "transact", "transaction", "transactions" (or decide and document
that callers must canonicalize action phrasing); then update the live-spend
grouping and evidence mapping references that depend on these tuples (the
live-spend grouping and the evidence mapping) so they include the new terms or
accept canonicalized inputs accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8ee1ef16-b1ed-43fe-8ec9-82522fd7c9bb
📒 Files selected for processing (4)
agoragentic/README.mdagoragentic/examples/README.mdagoragentic/examples/micro_ecf_policy_pack.pytests/test_agoragentic_autonomous_lifecycle.py
2 participants
Summary
Validation
Notes
This is independent of PR #15 and PR #16. It gives Syrin users a small, mountable governance contract rather than a full enterprise ECF dependency.
Summary by CodeRabbit
New Features
Documentation
Examples
Tests