feat(write): enforce path policy, secret scan, and rate limiting

Author: keithah

docs/runbooks/mentions.md

@@ -123,6 +123,22 @@ write:
   enabled: true
 ```
 
+### Write policy (allow/deny paths, secret scan, rate limit)
+
+When write-mode is enabled, the server enforces policy before committing/pushing:
+
+- `write.denyPaths`: blocks changes to matching paths (deny wins)
+- `write.allowPaths`: if set, every changed path must match an allow pattern
+- `write.secretScan.enabled`: blocks if staged diffs look like secrets (keys/tokens)
+- `write.minIntervalSeconds`: basic write request rate limiting
+
+Common refusal reasons:
+
+- `write-policy-denied-path`: staged change matches denyPaths
+- `write-policy-not-allowed`: staged change did not match allowPaths
+- `write-policy-secret-detected`: suspected secret present in staged diff
+- `rate-limited`: write requests too frequent
+
 ## 4) Verify Eyes Reaction Attempt (Non-Blocking)
 
 The handler tries to add an ":eyes:" reaction to the trigger comment.

src/handlers/mention.test.ts

@@ -447,4 +447,237 @@ describe("createMentionHandler write intent gating", () => {
 
     await workspaceFixture.cleanup();
   });
+
+  test("write intent is refused when a staged path is denied", async () => {
+    const handlers = new Map<string, (event: WebhookEvent) => Promise<void>>();
+    const workspaceFixture = await createWorkspaceFixture(
+      "mention:\n  enabled: true\nwrite:\n  enabled: true\n  denyPaths:\n    - 'README.md'\n",
+    );
+
+    const prNumber = 101;
+    const featureSha = (await $`git -C ${workspaceFixture.dir} rev-parse feature`.quiet())
+      .text()
+      .trim();
+    await $`git --git-dir ${workspaceFixture.remoteDir} update-ref refs/pull/${prNumber}/head ${featureSha}`.quiet();
+
+    let createdPr = false;
+    let replyBody: string | undefined;
+
+    const eventRouter: EventRouter = {
+      register: (eventKey, handler) => {
+        handlers.set(eventKey, handler);
+      },
+      dispatch: async () => undefined,
+    };
+
+    const jobQueue: JobQueue = {
+      enqueue: async <T>(_installationId: number, fn: () => Promise<T>) => fn(),
+      getQueueSize: () => 0,
+      getPendingCount: () => 0,
+    };
+
+    const workspaceManager: WorkspaceManager = {
+      create: async (_installationId: number, options: CloneOptions) => {
+        await $`git -C ${workspaceFixture.dir} checkout ${options.ref}`.quiet();
+        return { dir: workspaceFixture.dir, cleanup: async () => undefined };
+      },
+      cleanupStale: async () => 0,
+    };
+
+    const octokit = {
+      rest: {
+        reactions: {
+          createForPullRequestReviewComment: async () => ({ data: {} }),
+          createForIssueComment: async () => ({ data: {} }),
+        },
+        issues: {
+          listComments: async () => ({ data: [] }),
+          createComment: async () => ({ data: {} }),
+        },
+        pulls: {
+          get: async () => ({
+            data: {
+              title: "Test PR",
+              body: "",
+              user: { login: "octocat" },
+              head: { ref: "feature" },
+              base: { ref: "main" },
+            },
+          }),
+          create: async () => {
+            createdPr = true;
+            return { data: { html_url: "https://example.com/pr/123" } };
+          },
+          createReplyForReviewComment: async (params: { body: string }) => {
+            replyBody = params.body;
+            return { data: {} };
+          },
+        },
+      },
+    };
+
+    createMentionHandler({
+      eventRouter,
+      jobQueue,
+      workspaceManager,
+      githubApp: {
+        getAppSlug: () => "kodiai",
+        getInstallationOctokit: async () => octokit as never,
+      } as unknown as GitHubApp,
+      executor: {
+        execute: async (ctx: { workspace: { dir: string } }) => {
+          await Bun.write(join(ctx.workspace.dir, "README.md"), "base\nfeature\nchanged\n");
+          return {
+            conclusion: "success",
+            published: false,
+            costUsd: 0,
+            numTurns: 1,
+            durationMs: 1,
+            sessionId: "session-mention",
+          };
+        },
+      } as never,
+      logger: createNoopLogger(),
+    });
+
+    const handler = handlers.get("pull_request_review_comment.created");
+    expect(handler).toBeDefined();
+
+    await handler!(
+      buildReviewCommentMentionEvent({
+        prNumber,
+        baseRef: "main",
+        headRef: "feature",
+        headRepoOwner: "forker",
+        headRepoName: "repo",
+        commentBody: "@kodiai apply: update the README",
+      }),
+    );
+
+    expect(createdPr).toBe(false);
+    expect(replyBody).toBeDefined();
+    expect(replyBody!).toContain("Write request refused");
+    expect(replyBody!).toContain("denied path");
+
+    await workspaceFixture.cleanup();
+  });
+
+  test("write intent requests are rate-limited when configured", async () => {
+    const handlers = new Map<string, (event: WebhookEvent) => Promise<void>>();
+    const workspaceFixture = await createWorkspaceFixture(
+      "mention:\n  enabled: true\nwrite:\n  enabled: true\n  minIntervalSeconds: 60\n",
+    );
+
+    const prNumber = 101;
+    const featureSha = (await $`git -C ${workspaceFixture.dir} rev-parse feature`.quiet())
+      .text()
+      .trim();
+    await $`git --git-dir ${workspaceFixture.remoteDir} update-ref refs/pull/${prNumber}/head ${featureSha}`.quiet();
+
+    const replies: string[] = [];
+    let prCreates = 0;
+
+    const eventRouter: EventRouter = {
+      register: (eventKey, handler) => {
+        handlers.set(eventKey, handler);
+      },
+      dispatch: async () => undefined,
+    };
+
+    const jobQueue: JobQueue = {
+      enqueue: async <T>(_installationId: number, fn: () => Promise<T>) => fn(),
+      getQueueSize: () => 0,
+      getPendingCount: () => 0,
+    };
+
+    const workspaceManager: WorkspaceManager = {
+      create: async (_installationId: number, options: CloneOptions) => {
+        await $`git -C ${workspaceFixture.dir} checkout ${options.ref}`.quiet();
+        return { dir: workspaceFixture.dir, cleanup: async () => undefined };
+      },
+      cleanupStale: async () => 0,
+    };
+
+    const octokit = {
+      rest: {
+        reactions: {
+          createForPullRequestReviewComment: async () => ({ data: {} }),
+          createForIssueComment: async () => ({ data: {} }),
+        },
+        issues: {
+          listComments: async () => ({ data: [] }),
+          createComment: async () => ({ data: {} }),
+        },
+        pulls: {
+          get: async () => ({
+            data: {
+              title: "Test PR",
+              body: "",
+              user: { login: "octocat" },
+              head: { ref: "feature" },
+              base: { ref: "main" },
+            },
+          }),
+          create: async () => {
+            prCreates++;
+            return { data: { html_url: "https://example.com/pr/123" } };
+          },
+          createReplyForReviewComment: async (params: { body: string }) => {
+            replies.push(params.body);
+            return { data: {} };
+          },
+        },
+      },
+    };
+
+    let writeCount = 0;
+    createMentionHandler({
+      eventRouter,
+      jobQueue,
+      workspaceManager,
+      githubApp: {
+        getAppSlug: () => "kodiai",
+        getInstallationOctokit: async () => octokit as never,
+      } as unknown as GitHubApp,
+      executor: {
+        execute: async (ctx: { workspace: { dir: string } }) => {
+          writeCount++;
+          await Bun.write(
+            join(ctx.workspace.dir, "README.md"),
+            `base\nfeature\nchanged-${writeCount}\n`,
+          );
+          return {
+            conclusion: "success",
+            published: false,
+            costUsd: 0,
+            numTurns: 1,
+            durationMs: 1,
+            sessionId: "session-mention",
+          };
+        },
+      } as never,
+      logger: createNoopLogger(),
+    });
+
+    const handler = handlers.get("pull_request_review_comment.created");
+    expect(handler).toBeDefined();
+
+    const event = buildReviewCommentMentionEvent({
+      prNumber,
+      baseRef: "main",
+      headRef: "feature",
+      headRepoOwner: "forker",
+      headRepoName: "repo",
+      commentBody: "@kodiai apply: update the README",
+    });
+
+    await handler!(event);
+    await handler!(event);
+
+    expect(prCreates).toBe(1);
+    expect(replies).toHaveLength(2);
+    expect(replies[1]!).toContain("rate-limited");
+
+    await workspaceFixture.cleanup();
+  });
 });

src/handlers/mention.ts

@@ -14,6 +14,7 @@ import {
   fetchAndCheckoutPullRequestHeadRef,
   getGitStatusPorcelain,
   createBranchCommitAndPush,
+  WritePolicyError,
 } from "../jobs/workspace.ts";
 import {
   type MentionEvent,
@@ -46,6 +47,10 @@ export function createMentionHandler(deps: {
 }): void {
   const { eventRouter, jobQueue, workspaceManager, githubApp, executor, logger } = deps;
 
+  // Basic in-memory rate limiter for write-mode requests.
+  // Keyed by installation+repo; resets on process restart.
+  const lastWriteAt = new Map<string, number>();
+
   function parseWriteIntent(userQuestion: string): {
     writeIntent: boolean;
     keyword: "apply" | "change" | undefined;
@@ -313,6 +318,26 @@ export function createMentionHandler(deps: {
         const isWriteRequest = writeIntent.writeIntent;
         const writeEnabled = isWriteRequest && config.write.enabled;
 
+        if (writeEnabled && config.write.minIntervalSeconds > 0) {
+          const key = `${event.installationId}:${mention.owner}/${mention.repo}`;
+          const now = Date.now();
+          const last = lastWriteAt.get(key);
+          const minMs = config.write.minIntervalSeconds * 1000;
+
+          if (last !== undefined && now - last < minMs) {
+            const replyBody = wrapInDetails(
+              [
+                "Write request rate-limited.",
+                "",
+                `Try again in ${Math.ceil((minMs - (now - last)) / 1000)}s.`,
+              ].join("\n"),
+              "kodiai response",
+            );
+            await postMentionReply(replyBody);
+            return;
+          }
+        }
+
         if (isWriteRequest && mention.prNumber === undefined) {
           const replyBody = wrapInDetails(
             [
@@ -496,11 +521,33 @@ export function createMentionHandler(deps: {
           const branchName = `kodiai/apply/pr-${mention.prNumber}-${shortDelivery}`;
           const commitMessage = `kodiai: apply requested changes (pr #${mention.prNumber})`;
 
-          const pushed = await createBranchCommitAndPush({
-            dir: workspace.dir,
-            branchName,
-            commitMessage,
-          });
+          let pushed: { branchName: string; headSha: string };
+          try {
+            pushed = await createBranchCommitAndPush({
+              dir: workspace.dir,
+              branchName,
+              commitMessage,
+              policy: {
+                allowPaths: config.write.allowPaths,
+                denyPaths: config.write.denyPaths,
+                secretScanEnabled: config.write.secretScan.enabled,
+              },
+            });
+          } catch (err) {
+            if (err instanceof WritePolicyError) {
+              const replyBody = wrapInDetails(
+                [
+                  "Write request refused.",
+                  "",
+                  err.message,
+                ].join("\n"),
+                "kodiai response",
+              );
+              await postMentionReply(replyBody);
+              return;
+            }
+            throw err;
+          }
 
           const prTitle = `kodiai: apply changes for PR #${mention.prNumber}`;
           const prBody = [
@@ -529,6 +576,12 @@ export function createMentionHandler(deps: {
             "kodiai response",
           );
           await postMentionReply(replyBody);
+
+          // Record successful publish time for rate limiting.
+          if (config.write.minIntervalSeconds > 0) {
+            const key = `${event.installationId}:${mention.owner}/${mention.repo}`;
+            lastWriteAt.set(key, Date.now());
+          }
           return;
         }