security: Harden CI/CD and repo for open-source safety#458
Merged
Conversation
- Fix broken reasoning framework: complete Ordering field and Necessity scale - Remove OpenAI attribution from description; add invocation example block - Restrict tools to Read only (text-transformation agent needs no writes) - Add XML Structure and CoT Opportunity dimensions to reasoning template - Move meta-instruction NOTE out of output template, place as agent directive - Fix stray markdown bold markers on Reasoning Before Conclusions guideline - Integrate orphaned examples bullet into the Examples guideline line - Add concrete worked example section (classify customer feedback) Automated review cycle | Co-Authored-By: Claude Code <noreply@anthropic.com>
- Add --ignore-scripts to all npm ci/install in CI workflows and predeploy script - Fix shell injection in discord-release-notification (use env vars + jq for payload) - Add explicit permissions to all workflows (least privilege principle) - Add root .npmrc with ignore-scripts=true - Add .github/dependabot.yml for automated dependency security updates - Add .github/CODEOWNERS to protect workflows, scripts, and API paths - Expand .gitignore with *.pem, *.key, credentials.json patterns
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
| Metric | Count |
|---|---|
| Total Components | 753 |
| ✅ Passed | 360 |
| ❌ Failed | 393 |
| 999 |
❌ Failed Components (Top 5)
| Component | Errors | Warnings | Score |
|---|---|---|---|
vercel-edge-function |
3 | 4 | 81/100 |
prompt-engineer |
2 | 0 | 90/100 |
neon-expert |
2 | 2 | 88/100 |
agent-overview |
2 | 1 | 89/100 |
unused-code-cleaner |
2 | 1 | 89/100 |
...and 388 more failed component(s)
📊 View Full Report for detailed error messages and all components
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 11 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="cli-tool/components/agents/data-ai/prompt-engineer.md">
<violation number="1" location="cli-tool/components/agents/data-ai/prompt-engineer.md:111">
P3: The example uses a fenced code block even though the guidelines now prohibit code blocks. This creates conflicting instructions and may lead the agent to emit code fences despite the rule.</violation>
</file>
<file name=".github/workflows/deploy.yml">
<violation number="1" location=".github/workflows/deploy.yml:9">
P2: `permissions: {}` removes repo access, so `actions/checkout` won't be able to read repository contents and the workflow will fail. Grant at least `contents: read` at the workflow level.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Comment on lines
+111
to
+124
| ``` | ||
| <reasoning> | ||
| - Simple Change: (no) | ||
| - Reasoning: (no) | ||
| - Structure: (no) | ||
| - Examples: (no) | ||
| - Complexity: (1) Task: (2) Necessity: (2) prompt lacks any schema or label definition | ||
| - XML Structure: (yes) wrapping the feedback input in <feedback> tags reduces ambiguity | ||
| - CoT Opportunity: (no) classification is direct enough without chain of thought | ||
| - Specificity: (1) | ||
| - Prioritization: [Specificity, Structure, Output Format] | ||
| - Conclusion: Define the label set, specify the input format, and require JSON output. | ||
| </reasoning> | ||
| ``` |
Contributor
There was a problem hiding this comment.
P3: The example uses a fenced code block even though the guidelines now prohibit code blocks. This creates conflicting instructions and may lead the agent to emit code fences despite the rule.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At cli-tool/components/agents/data-ai/prompt-engineer.md, line 111:
<comment>The example uses a fenced code block even though the guidelines now prohibit code blocks. This creates conflicting instructions and may lead the agent to emit code fences despite the rule.</comment>
<file context>
@@ -65,10 +94,49 @@ The final prompt you output should adhere to the following structure below. Do n
+
+**Reasoning block:**
+
+```
+<reasoning>
+- Simple Change: (no)
</file context>
Suggested change
| ``` | |
| <reasoning> | |
| - Simple Change: (no) | |
| - Reasoning: (no) | |
| - Structure: (no) | |
| - Examples: (no) | |
| - Complexity: (1) Task: (2) Necessity: (2) prompt lacks any schema or label definition | |
| - XML Structure: (yes) wrapping the feedback input in <feedback> tags reduces ambiguity | |
| - CoT Opportunity: (no) classification is direct enough without chain of thought | |
| - Specificity: (1) | |
| - Prioritization: [Specificity, Structure, Output Format] | |
| - Conclusion: Define the label set, specify the input format, and require JSON output. | |
| </reasoning> | |
| ``` | |
| <reasoning> | |
| - Simple Change: (no) | |
| - Reasoning: (no) | |
| - Structure: (no) | |
| - Examples: (no) | |
| - Complexity: (1) Task: (2) Necessity: (2) prompt lacks any schema or label definition | |
| - XML Structure: (yes) wrapping the feedback input in <feedback> tags reduces ambiguity | |
| - CoT Opportunity: (no) classification is direct enough without chain of thought | |
| - Specificity: (1) | |
| - Prioritization: [Specificity, Structure, Output Format] | |
| - Conclusion: Define the label set, specify the input format, and require JSON output. | |
| </reasoning> |
Cubic correctly flagged that permissions: {} blocks actions/checkout.
Contributor
|
| Metric | Count |
|---|---|
| Total Components | 755 |
| ✅ Passed | 360 |
| ❌ Failed | 395 |
| 999 |
❌ Failed Components (Top 5)
| Component | Errors | Warnings | Score |
|---|---|---|---|
vercel-edge-function |
3 | 4 | 81/100 |
prompt-engineer |
2 | 0 | 90/100 |
neon-expert |
2 | 2 | 88/100 |
agent-overview |
2 | 1 | 89/100 |
unused-code-cleaner |
2 | 1 | 89/100 |
...and 390 more failed component(s)
📊 View Full Report for detailed error messages and all components
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
npm ci/npm installin CI workflows and predeploy script to prevent malicious postinstall scriptsdiscord-release-notification.yml— all GitHub event data now passes throughenv:vars, payload built withjq -npermissions: {},contents: read, etc.).npmrcwithignore-scripts=trueas default for contributors.github/dependabot.ymlfor automated npm + GitHub Actions dependency updates.github/CODEOWNERSprotecting.github/,scripts/, API endpoints.gitignoreexpanded with*.pem,*.key,credentials.json,service-account*.jsonTest plan
deploy.ymlstill deploys correctly (no npm install step affected)update-json-data.ymlcron run succeeds with--ignore-scriptscomponent-security-validation.ymlcan still comment on PRs with new permissionsSummary by cubic
Strengthens CI/CD to reduce supply‑chain and injection risks, and refines the
prompt-engineercomponent for clearer, safer use. Areas affected: components (cli-tool/components/) and CI workflows (.github/workflows/).--ignore-scriptsacross installs; safe Discord payload via env +jq; explicit least‑privilege permissions (incl.contents: readin deploy so checkout works); root.npmrcwithignore-scripts=true..gitignorefor keys/creds.prompt-engineer(clearer description; fixed Ordering + 1–5 Necessity; add XML/CoT checks; tools set to Read; add invocation + worked example; set modelsonnet; stricter output rules).DISCORD_WEBHOOK_URL. No new components; catalog (docs/components.json) does not need regeneration.Written for commit cead64b. Summary will update on new commits.