docs(builtins): correct enable semantics — builtins default to disabled#111
Open
punk-dev-robot wants to merge 1 commit into
Open
docs(builtins): correct enable semantics — builtins default to disabled#111punk-dev-robot wants to merge 1 commit into
punk-dev-robot wants to merge 1 commit into
Conversation
Multiple docs and the rulebook template claimed builtins are 'enabled by
default when configured' / the enabled field 'defaults to true'. The code is
the opposite: default_enabled() returns false and BuiltinsConfig::enabled_builtins()
only lists a builtin when enabled == true, so a configured-but-unenabled block
is silently inert. This mismatch makes users believe a builtin is active when
it is not.
Align the docs with the (deliberate, security-motivated) explicit-enable
default:
- builtins.rs: struct field doc comments (x10) said 'defaults to true'
- fixtures/init/base-config.yml: template header + inline notes
- docs/reference/builtin-config.md: header, inline examples, prose + example
- docs/tutorials/{claude-code,cursor,opencode}.md: builtin bullet
No behavior change; default stays false.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Several docs and the rulebook template state that builtins are enabled by
default when configured, and the
enabledstruct field is documented as"defaults to true". The code is the opposite:
BuiltinsConfig::enabled_builtins()only lists a builtin whenenabled == true,so a configured-but-unenabled block (e.g.
rulebook_security_guardrails:with amessageandprotected_pathsbut noenabled: true) is silently inert. Thedocs lead users to believe the builtin is active when it is not — a dangerous
gap for a security tool.
Fix
Align the docs with the deliberate, security-motivated explicit-enable
default (default stays
false; no behavior change):cupcake-core/src/engine/builtins.rs— 10 struct field doc comments said"defaults to true" → "defaults to false; must be set explicitly"
fixtures/init/base-config.yml— template header + inline# enabled: truenotes
docs/docs/reference/builtin-config.md— header, inline examples, and the"Enabling/Disabling Builtins" prose + example (added
enabled: true)docs/docs/tutorials/{claude-code,cursor,opencode}.md— builtin bulletVerification
cargo test -p cupcake-core --test global_builtins_config_testpasses, includingtest_global_builtins_default_values, which asserts a builtin without an explicitenabled: trueis not in the enabled set — confirming the documented behavior.