release-28-06-26#218
Conversation
…213) * feat(augment): discover Augment Code across Auggie CLI, VS Code, JetBrains Add Augment Code (label "augment") to the coding-discovery scanner as a single cross-surface detector returning per-surface rows (Auggie CLI, Augment (VS Code), Augment (<JetBrains IDE>)) that share one ~/.augment config. Mirrors the GitHub Copilot cross-surface pattern. Extraction parity with claude_code/copilot_cli: - settings/permissions: toolPermissions -> allow/deny/ask; hooks preserved in raw_settings (user/managed/project/local scopes) - MCP servers: top-level mcpServers + augment.advanced.mcpServers + flat form - rules/guidelines: .augment-guidelines, .augment/rules/*.{md,mdx}, ~/.augment/rules, ~/.augment/user-guidelines.md, hierarchical AGENTS.md/CLAUDE.md - skills/commands: ~/.augment/skills/<name>/SKILL.md, .augment/commands/*.md Shared ~/.augment config is attached to a single canonical surface (Auggie CLI > VS Code > JetBrains) to avoid duplication; non-canonical surfaces emit bare detection rows. macOS holds the logic; Windows/Linux are thin OS-seam subclasses. Part of WEB-4950 (discovery half). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): address review findings (cross-user skills, rules dup, settings scope) - Owner-key user-scope skills by file_path so a user's skill content can't leak onto another user's row under a root all-users scan (mirrors _copilot_skill_owner_home) - Guard the rules project walk against re-collecting ~/.augment/rules as project scope, matching the settings/skills extractors' user-dir guards - Settings: extract user + managed only; drop the unsurfaceable project/local filesystem walk; include managed scope in the permissions filter - Skip symlinked dirs before the .augment branch in the rules walk - Memo parity for _get_augment_mcp; settings docstring fix - Add regression tests for the cross-user skills leak and rules duplication Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment tests): pin _filesystem_root in project-walk tests for Windows The rules/skills project-walk tests instantiate the macOS extractor and patched only _iter_top_level_dirs, leaving _filesystem_root at "/". On Windows the walk's item.relative_to("/") raises ValueError for a C:\ temp path, so every subdirectory was skipped and project rules/skills were never collected (8 Windows-only unittest failures, all in the rules/skills suites). Pin _filesystem_root to the temp ancestor so relative_to works cross-platform. Production is unaffected: real Windows uses the Windows*AugmentExtractor with the correct filesystem root. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): address PR-bot findings (per-user canonical, MCP memo, dedup, symlink, ownership) Cursor + Greptile inline review follow-ups: - G: canonical Augment surface is now chosen PER USER (keyed by _config_path), not a single global name. A root multi-user scan picks a winner for each user's ~/.augment independently, so a VS Code-only user no longer gets a bare row that drops their config when another user has the CLI. - F: managed-scope-only permissions (org-wide /etc/augment) no longer manufacture a phantom Augment row for a non-owner under root scans (_augment_owned_by_user no longer counts managed permissions as user-owned data). - B: MCP accessor memoization uses a distinct UNSET sentinel so a legitimate cached None (no MCP configured) short-circuits instead of re-running the full MCP walk on every surface. - C: emit at most one "Augment (VS Code)" row per user (prefer stable over nightly) so stable+nightly installs don't create duplicate canonical rows. - A: skills walk skips symlinked dirs before the .augment handling (mirrors the rules/mcp/settings walks) so a symlinked .augment can't be followed. - E: Windows skills walk also skips other-tool config dirs (parity with the macOS base + Windows rules walk). D (Linux rules per-user error guard) was already covered by the macOS base _extract_user_rules try/except that the Linux subclass inherits. Adds per-user-canonical, managed-ownership, MCP-memo, dual-extension, and symlink regression tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): attribute JetBrains rows to the IDE owner under root scans (H2) Under a root MDM all-users scan, MacOSJetBrainsDetector returns every user's IDEs, but the Augment JetBrains row stamped _config_path from the outer scan home — so an IDE owned by user B could be attributed to user A's ~/.augment (wrong permissions/config). Run JetBrains detection once and derive each IDE's owning user from the IDE's own config path (longest-prefix match against the scanned homes), falling back to the scoped/current home. This also removes the prior N-times-redundant rescan. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment tests): make H2 JetBrains-owner assertion separator-agnostic The new H2 regression test hardcoded "/Users/bob/.augment", but production stringifies a Path, so on Windows _config_path is "\\Users\\bob\\.augment" and the literal-POSIX assertion failed (Windows CI). Build the expected value via Path so the separator matches the host OS. Test-only; production is correct. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): guard each user in Linux rules _scan_all_user_homes (Greptile) Parity with LinuxAugmentSkillsExtractor: wrap each per-user extract_for_user in try/except (PermissionError, OSError) so one unreadable home can't abort the whole multi-user rules scan. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): stop duplicate MCP servers from the workspace walk (Greptile) The MCP workspace walk descended into user homes and re-read ~/.augment/settings.json as PROJECT scope — the same servers already collected as USER scope — emitting duplicate MCP servers under two project paths (~/.augment as "user" + the home dir as "project"). Record each user-home ~/.augment collected as user scope and skip it in the workspace walk, matching the rules/settings/skills user-dir guards. Genuine project .augment dirs are still collected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(augment): collect .claude/.agents skills; group user skills by config dir Two follow-ups from dogfooding the Auggie CLI: 1. Auggie loads skills/commands from .augment, .claude AND .agents (per docs.augmentcode.com/cli/skills, in both workspace and home) and honors .claude/commands for Claude compatibility. The Augment skills extractor now sources all three marker dirs (user + project). The same .claude/.agents item is reported under Claude Code / Copilot CLI AND Augment by design — each tool reports what it loads; the backend dedups per (tool, home_user). 2. Group user-scope skills under their CONFIG DIR (~/.augment, ~/.claude, ~/.agents) instead of the bare home. The backend keys an AIToolProject per project path, so the old bare-home key surfaced a spurious "~" project separate from the ~/.augment rules/MCP project; now ~/.augment skills coalesce with that row's rules/MCP, while ~/.claude/~/.agents skills group under their own dir. Still owner-scoped (home is in the path) so the per-user filter prevents cross-user skill leakage under root scans. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(augment): guard symlinked skills/commands subdir in the skills walk The skills project walk symlink-checks the parent .augment dir but then used type_dir.is_dir() on the skills/commands subdir, which follows symlinks — so under a root MDM scan a user could point .augment/skills at an arbitrary dir and have the scanner traverse it. Add the matching `not type_dir.is_symlink()` guard (mirrors the parent-dir guard in the same method). All OSes via the inherited macOS walk. Adds a regression test (symlinked .augment/skills not traversed; real one still collected). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: thatcatfromspace <fake-fam-20260623-0332-e7f7@nonexistent.invalid> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want reviews to match your repository better? Bugbot Learning can learn team-specific rules from PR activity. A team admin can enable Learning in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 48b6cda. Configure here.
| best, best_len = home, len(home_norm) | ||
| if best is not None: | ||
| return best | ||
| return self.user_home or Path.home() |
There was a problem hiding this comment.
JetBrains rows misassigned per user
High Severity
During per-user MDM scans, _detect_jetbrains_all_users can incorrectly attribute JetBrains IDEs belonging to other users. The JetBrains detector returns all system IDEs, but _augment_owner_home_for_path only considers the currently scanned user's home for ownership. This can lead to an IDE's _config_path pointing to the wrong ~/.augment directory, potentially corrupting inventory.
Reviewed by Cursor Bugbot for commit 48b6cda. Configure here.
| if binary is not None: | ||
| try: | ||
| return _parse_cli_version( | ||
| run_command([str(binary), "--version"], VERSION_TIMEOUT) |
There was a problem hiding this comment.
🔒 Agentic Security Review
Severity: CRITICAL
The detector executes a user-home auggie binary (run_command([binary, "--version"])) during root/admin all-users scans after resolving candidates from user-writable paths like ~/.local/bin, ~/.bun/bin, and ~/.nvm/....
This creates a privilege-boundary break where an unprivileged local user can place a malicious binary and have it executed by the privileged scanner.
Impact: Local privilege escalation to the scanner identity (root/administrator), with potential full host compromise.
Reviewed by Cursor Security Reviewer for commit 48b6cda. Configure here.
🛡️ Automated Security Review (consensus)1 finding — 1 high-confidence, 0 to triage. Reviewers: Cursor, Claude, Semgrep, Gitleaks. 🔴 Privileged execution of user-controlled
|




Production release: staging → main
Promotes the one commit on
stagingahead ofmain:CI was green on PR #213 before merge to staging. No other commits included.
Note: the
Merge to maindeploy workflow failed becausemainnow requires changes via PR (repository rulesetGH013); raising this release PR instead.🤖 Generated with Claude Code
Note
Medium Risk
Large new discovery surface with whole-disk walks and multi-user attribution; failures are mostly fail-safe, but bugs could mis-attribute config or duplicate/leak inventory across users on MDM/root scans.
Overview
Adds end-to-end discovery for Augment Code (Auggie CLI, VS Code extension, JetBrains plugin) in the coding discovery agent, aligned with the existing Copilot CLI pattern.
Detection & routing: New OS-specific detectors emit one inventory row per surface, all keyed to each user’s
~/.augmentvia_config_path.process_single_toolroutes Augment surfaces through_process_augment_toolbefore the generic JetBrains handler so Augment JetBrains rows are not misclassified.Shared config without duplication: MCP, rules, skills/commands, and user/managed permissions are extracted once per scan (memoized with an unset sentinel so legitimate
NoneMCP results still cache). Only the canonical surface per_config_pathcarries that payload (preference: Auggie CLI → VS Code → JetBrains); other surfaces stay bare rows. Multi-user/root scans pick a canonical winner per user and apply_augment_owned_by_userso non-owners do not get phantom rows (managed-only org policy does not count as per-user data).Extractors: New macOS implementations plus thin Windows/Linux subclasses for MCP (
settings.json/ nestedmcpServers), rules/guidelines,toolPermissionssettings (user + managed; hooks inraw_settings), and skills/commands under.augment,.claude, and.agents. User-scope skills are keyed by config dir fromfile_pathto avoid cross-user leaks under all-users scans.Tests: Broad unit/integration coverage for detection, routing, canonical split, ownership, MCP nesting, rules/skills/settings behavior, and discovery-flow registration/fail-safe behavior.
Reviewed by Cursor Bugbot for commit 48b6cda. Bugbot is set up for automated code reviews on this repo. Configure here.
Greptile Summary
This PR adds Augment Code discovery across supported developer surfaces. The main changes are:
Confidence Score: 1/5
This looks safe to merge.
Important Files Changed
.augment,.claude, and.agentsdirectories.Reviews (1): Last reviewed commit: "Discover Augment Code (Auggie CLI + VS C..." | Re-trigger Greptile
Context used:
Learned From
websentry-ai/ai-gateway-data#448