Skip to content

Remove Codebox runtime tool policy leakage#2772

Merged
chubes4 merged 2 commits into
mainfrom
fix/remove-codebox-policy-leakage
Jun 22, 2026
Merged

Remove Codebox runtime tool policy leakage#2772
chubes4 merged 2 commits into
mainfrom
fix/remove-codebox-policy-leakage

Conversation

@chubes4

@chubes4 chubes4 commented Jun 22, 2026

Copy link
Copy Markdown
Member

Summary

  • Remove the legacy wp-codebox/sandbox-tool-policy/v1 transport alias from host tool policy normalization.
  • Use the neutral agents-api/runtime-tool-policy/v1 transport schema for list-shaped runtime tool policy payloads.
  • Add a production inc/ boundary guard against Codebox vocabulary while keeping the broader downstream vocabulary smoke intact.

Tests

  • php tests/pipeline-tool-policy-snapshot-smoke.php
  • php tests/boundary-forbidden-names-smoke.php

AI assistance

  • AI assistance: Yes
  • Tool(s): openai/gpt-5.5 via opencode
  • Used for: Implementing the production policy cleanup, updating smoke coverage, running targeted verification, and drafting this PR description.

@homeboy-ci

homeboy-ci Bot commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Homeboy Results — data-machine

Lint

lint — passed

Deep dive: homeboy lint data-machine --changed-since 8422fe6

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-lint-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-lint-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27922304254

Test

test — passed

ℹ️ No impacted tests found for --changed-since 8422fe6
ℹ️ Run full suite if needed: homeboy test data-machine
Deep dive: homeboy test data-machine --changed-since 8422fe6

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-test-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-test-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27922304254

Audit

audit — passed

Deep dive: homeboy audit data-machine --changed-since 8422fe6

Artifacts and drill-down
  • CI results artifact: homeboy-ci-results-data-machine-audit-quality-Linux-node24 contains immediate command JSON for this action invocation.
  • Observation artifact: homeboy-observations-data-machine-audit-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
  • Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
  • Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27922304254
Tooling versions
  • Homeboy CLI: homeboy 0.249.0+f05a14e58a41+0942e995
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: f369690a
  • Action: unknown@unknown

@chubes4 chubes4 merged commit d106948 into main Jun 22, 2026
5 checks passed
@chubes4 chubes4 deleted the fix/remove-codebox-policy-leakage branch June 22, 2026 00:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chubes4