zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-13 21:33:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: cubic-dev-ai round 2 — 3 issues across SKILL.md + pruning

Browse Source 
P1: Gate message asked for raw production data records — changed to
    "redacted or synthetic values" to prevent sensitive data exfiltration

P2: SKILL.md description now includes MultiEdit (was missing after
    MultiEdit gate was added in previous commit)

P2: Session key pruning now caps __prefixed keys at 50 to prevent
    unbounded growth even in theoretical edge cases

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
seto
2026-04-13 16:11:33 +09:00
parent 5540282dcb
commit 4dbed5ff5b
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/hooks/gateguard-fact-force.js
View File

@@ -64,7 +64,10 @@ function saveState(state) {
if (state.checked.length > MAX_CHECKED_ENTRIES) {
const sessionKeys = state.checked.filter(k => k.startsWith('__'));
const fileKeys = state.checked.filter(k => !k.startsWith('__'));
state.checked = [...sessionKeys, ...fileKeys.slice(-(MAX_CHECKED_ENTRIES - sessionKeys.length))];
// Cap session keys at 50 to prevent unbounded growth
const cappedSession = sessionKeys.length > 50 ? sessionKeys.slice(-50) : sessionKeys;
const remaining = MAX_CHECKED_ENTRIES - cappedSession.length;
state.checked = [...cappedSession, ...fileKeys.slice(-Math.max(remaining, 0))];
}
fs.mkdirSync(STATE_DIR, { recursive: true });
// Atomic write: temp file + rename prevents partial reads

6
skills/gateguard/SKILL.md
View File

@@ -1,6 +1,6 @@
---
name: gateguard
description: Fact-forcing gate that blocks Edit/Write/Bash and demands concrete investigation (importers, data schemas, user instruction) before allowing the action. Measurably improves output quality by +2.25 points vs ungated agents.
description: Fact-forcing gate that blocks Edit/MultiEdit/Write/Bash and demands concrete investigation (importers, data schemas, user instruction) before allowing the action. Measurably improves output quality by +2.25 points vs ungated agents.
origin: community
---
@@ -52,8 +52,8 @@ Before editing {file_path}, present these facts:
1. List ALL files that import/require this file (use Grep)
2. List the public functions/classes affected by this change
3. If this file reads/writes data files, cat one real record
and show actual field names, structure, and date format
3. If this file reads/writes data files, show field names, structure,
and date format (use redacted or synthetic values, not raw production data)
4. Quote the user's current instruction verbatim
```