fix: prevent agent from overwriting notepad files in .sisyphus/notepads/#3688
Open
javimarttinn wants to merge 3 commits into
Open
fix: prevent agent from overwriting notepad files in .sisyphus/notepads/#3688javimarttinn wants to merge 3 commits into
javimarttinn wants to merge 3 commits into
Conversation
Added critical rules for handling NOTEPAD files and editing actions.
Add check to block overwriting notepad files in the write guard.
fix: block Write tool on notepad files to prevent data loss
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Confidence score: 2/5
- There is a high-confidence, user-impacting bug in
src/hooks/write-existing-file-guard/tool-execute-before-handler.ts: the append-only guard can be bypassed on Windows due to POSIX-only substring matching against normalized paths. - I’m scoring this as high risk because the issue affects a protection check directly, and the severity/confidence (7/10, 8/10) suggests a likely regression in real Windows environments.
- Pay close attention to
src/hooks/write-existing-file-guard/tool-execute-before-handler.ts- path handling needs platform-aware matching so the guard cannot be skipped on Windows.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="src/hooks/write-existing-file-guard/tool-execute-before-handler.ts">
<violation number="1" location="src/hooks/write-existing-file-guard/tool-execute-before-handler.ts:141">
P1: Notepad append-only guard is bypassable on Windows because path detection uses a POSIX-only substring against platform-normalized paths.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| } | ||
|
|
||
| const isSisyphusPath = canonicalPath.includes("/.sisyphus/") | ||
| const isNotepadPath = canonicalPath.includes("/.sisyphus/notepads/") |
There was a problem hiding this comment.
P1: Notepad append-only guard is bypassable on Windows because path detection uses a POSIX-only substring against platform-normalized paths.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/hooks/write-existing-file-guard/tool-execute-before-handler.ts, line 141:
<comment>Notepad append-only guard is bypassable on Windows because path detection uses a POSIX-only substring against platform-normalized paths.</comment>
<file context>
@@ -138,6 +138,18 @@ export async function handleWriteExistingFileGuardToolExecuteBefore(params: {
}
const isSisyphusPath = canonicalPath.includes("/.sisyphus/")
+ const isNotepadPath = canonicalPath.includes("/.sisyphus/notepads/")
+ if (isNotepadPath) {
+ log("[write-existing-file-guard] Blocking notepad overwrite", {
</file context>
Suggested change
| const isNotepadPath = canonicalPath.includes("/.sisyphus/notepads/") | |
| const isNotepadPath = canonicalPath.replace(/\\/g, "/").includes("/.sisyphus/notepads/") |
VoidChecksum
added a commit
to VoidChecksum/oh-my-openagent
that referenced
this pull request
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Writetool on.sisyphus/notepads/*.mdpaths to prevent irreversible overwrites of append-only decision logs.Editerror recovery reminder with explicit CRITICAL RULES for notepad files.Changes
src/hooks/write-existing-file-guard/tool-execute-before-handler.tsisNotepadPathcheck that throws a descriptive error before the existingisSisyphusPathguard allows the write.WritewhenEditfails on notepad files.src/hooks/edit-error-recovery/hook.tsCRITICAL RULES for notepad filesblock to the recovery reminder.Editwithappendmode and to ask the user before any destructive action on.sisyphus/notepads/.Testing
Verified that attempting to
Writea file under.sisyphus/notepads/now raises:Error: Notepad files (.sisyphus/notepads/*) are APPEND-ONLY. Use the Edit tool with append mode instead of Write.
Related Issues
Closes #2149
Need help on this PR? Tag
@codesmithwith what you need.Summary by cubic
Prevents overwriting append‑only notepad files under
.sisyphus/notepads/by blocking theWritetool and updatingEditrecovery rules. Closes #2149 by enforcing append-only behavior for decision logs.Writefor.sisyphus/notepads/*and throw a clear error: “Notepad files are APPEND‑ONLY. UseEditto append. Never useWrite.”Editerror recovery: never useWriteon notepads, always append withEdit, and ifEditfails again, stop and ask the user.Written for commit f2bb07a. Summary will update on new commits. Review in cubic