fix(settle-tier4): route read probes through app auth#8440
Conversation
Aragora Code ReviewAdvisory-only review. Findings are surfaced for follow-up and do not fail this workflow. I'll address the Round 2 critique, which makes a fair point that partially contradicts the Round 1 critique. Let me reason through this tension carefully. What I'm changing and whyThe two critiques are in genuine tension, and I need to resolve that honestly:
The Round 2 critic is correct, and I'm adjusting. In my Round 1 revision I overcorrected: I tried to satisfy the "reconcile it" feedback by stating the outcome more confidently than the diff supports. Let me separate two distinct claims that I had blurred together:
I conflated these in Round 1 by framing #2 as a near-certain enforcement gap with MEDIUM severity. That was a logical overreach. The honest severity for an unverifiable, possibly-benign asymmetry is LOW, framed as a verification/maintainability concern, not a likely vulnerability. Let me confirm the one external fact I rely on — Source: GitHub CLI | Take GitHub to the command line Source: Cannot login due to GITHUB_TOKEN error message · cli/cli · Discussion #9094 Source: GitHub shell plugin fails to authenticate with enterprise server | 1Password Community Source: Allow gh auth login to overwrite GITHUB_TOKEN · Issue #3799 · cli/cli Source: gh does not respect GITHUB_TOKEN? · Issue #2771 · cli/cli Source: gh setup git credential helper Summary of changes in this revisionI accept the Round 2 critique and disagree with the implicit framing of the Round 1 critique where the two conflict. Specifically:
Security Review (Revised v2): Tier-4 PR Settlement Auth RefactorSecurity1. Identity-check hardening — GOOD design, with a fail-open fallbackCategory: Security | Severity: LOW | Location: Forcing Residual concern (mechanism, now scoped to fallback only): The fallback I'm keeping this at LOW, not LOW–MEDIUM, because it's gated on a partial-checkout import failure — an uncommon precondition, and the Suggestion: Fail closed — if 2. Write-op auth downgrade is enforced in only one of two dispatch paths — VERIFICATION GAPCategory: Security/Quality | Severity: LOW | Location: What is verifiable from the diff (stated as fact):
What is NOT verifiable (corrected from Round 1): Whether this asymmetry produces incorrect auth depends entirely on The actionable, verifiable problem is therefore testing, not a confirmed vulnerability: Suggestion: Add a test in 3. Command injection — LOW (controlled)Category: Security | Severity: LOW | Location: All invocations use list-form 4. Full
|
Codex/OpenAI focused adversarial dogfood on head 1ec66c3Reviewer harness: codex PR: #8440 Files reviewed:
Focused adversarial dogfood scope:
Receipt: This is exact-head structured review evidence only. It is not mark-ready, Tier 4 settlement, workflow-rerun, or merge authorization. |
Droid/Claude focused adversarial dogfood on head 1ec66c3Reviewer harness: droid PR: #8440 Files reviewed:
Focused adversarial dogfood scope:
Receipt: This is exact-head structured review evidence only. It is not mark-ready, Tier 4 settlement, workflow-rerun, or merge authorization. |
Summary
origin/mainafter [codex] fix Tier 4 settle-only quorum proof #8410, perf(swarm): concurrent quorum reviewers + App-token read routing #8426, and fix(settle-tier4): fall back to direct required checks #7894 landed.scripts/settle_tier4_pr.pyGitHub probes through the App-token-awaregh_subprocess_run, while keepinggh api user, PR comments, commit statuses, and branch-protection writes on operator auth.cwdpassthrough togh_subprocess_runand regression coverage for read auth, write auth, operator identity auth, and cwd preservation.Validation
python -m pytest tests/scripts/test_settle_tier4_pr.py tests/swarm/test_github_app_auth.py -qpython -m ruff check aragora/swarm/github_app_auth.py scripts/settle_tier4_pr.py tests/scripts/test_settle_tier4_pr.py tests/swarm/test_github_app_auth.pybash scripts/automation_pr_preflight.sh origin/main HEADRedundant PR closure plan