Skip to content

Commit 58596e0

Browse files
Brian KrafftCopilot
andcommitted
fix: resolve R2 /collab findings — SECURITY.md org URL, CHANGELOG P7 test count, review_round
- GPT-5.4 + Opus P1: SECURITY.md advisory URL → Deepfreezechill/OpenSpace (not HKUDS) - GPT-5.4 P2: CHANGELOG Phase 7 header test count 2,056 → 2,174 - Opus P2: RUNBOOK review_round 1 → 2 - GPT-5.4 P1 pushback: frontend/showcase 0.1.0 are separate packages (not Python openspace) - Opus correctly dismissed showcase 0.1.0 as intentional example content Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 3d59da8 commit 58596e0

3 files changed

Lines changed: 3 additions & 3 deletions

File tree

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ _4 epics · PRs #50–#53 · 1,957 tests passing_
103103
- **DX polish** — Rich `--help` with examples/env vars, `--version`, preflight checks (bearer token, skill store, port, Python version), platform-aware suggestions (PowerShell on Windows, bash on Unix), errors write to `sys.__stderr__` for console visibility (Epic 6.4, PR #53)
104104

105105
### Phase 7 — Safety & Launch
106-
_3 epics · PRs #54#55 · 2,056 tests passing_
106+
_3 epics · PRs #54#56 · 2,174 tests passing_
107107

108108
- **ReviewGate** — 5-layer security gate for skill evolution: path traversal detection, extension allowlist, size limits, HIGH+CRITICAL AST blocking, lineage validation. Windows drive-relative paths and reserved device names handled. 63 tests (45 adversarial), 3 review rounds with 12 agent-reviews (Epic 7.1, PR #54)
109109
- **SkillGuard** — pre-persist quality gates wrapping ReviewGate + SkillStore. All skill mutations (evolve_fix, evolve_derived, evolve_captured) routed through guard. Deep disk rollback via rglob snapshot on rejection. **40+ AST blocklist patterns** covering: `builtins` bypass, `__builtins__` attribute access, `sys.modules` manipulation, `os.exec*`/`os.spawn*`, `pty`/`code` modules, HTTP exfiltration, `marshal`/`runpy`, `asyncio.subprocess`, `signal`, `webbrowser`, `multiprocessing`, `shutil`, filesystem destructors, `os.chmod`/`os.chown`. Bare-name alias bypass prevention (Epic 7.2, PR #55)

RUNBOOK.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -649,7 +649,7 @@ epics:
649649
status: in_review
650650
branch: epic/7.3-launch-checklist
651651
pr: 56
652-
review_round: 1
652+
review_round: 2
653653
description: 'Final security audit, documentation completeness, release notes, changelog,
654654
license verification, dependency audit clean.
655655

SECURITY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ If you discover a security vulnerability in OpenSpace, please report it responsi
1313

1414
1. **Do NOT open a public GitHub issue.**
1515
2. Email the maintainers at the address listed in the repository's GitHub Security Advisories tab.
16-
3. Alternatively, use [GitHub's private vulnerability reporting](https://github.com/HKUDS/OpenSpace/security/advisories/new).
16+
3. Alternatively, use [GitHub's private vulnerability reporting](https://github.com/Deepfreezechill/OpenSpace/security/advisories/new).
1717

1818
### What to include
1919

0 commit comments

Comments
 (0)