Skip to content

fix(taskrunner): security hardening, bug fixes, quality#326

Open
herjarsa wants to merge 8 commits intoGentleman-Programming:mainfrom
herjarsa:fix/autonomous-taskrunner-hardening
Open

fix(taskrunner): security hardening, bug fixes, quality#326
herjarsa wants to merge 8 commits intoGentleman-Programming:mainfrom
herjarsa:fix/autonomous-taskrunner-hardening

Conversation

@herjarsa
Copy link
Copy Markdown

@herjarsa herjarsa commented Apr 18, 2026

Summary

Applies critical security hardening and bug fixes to PR #274 based on repo owner review.

Security fixes (CRITICAL — required for merge)

  • Shell denylist: 13 dangerous patterns blocked by default (rm -rf, sudo, mkfs, dd, pipe-to-shell, chmod 777, fork bombs, etc.)
  • Path traversal confinement: all file ops validated against WorkDir via filepath.EvalSymlinks
  • --dangerous flag: opt-in bypass for legitimate power users on both gentle-ai task and gentle-ai sdd-autonomous

Bug fixes

  • RunConfig.Validate() now uses pointer receiver — mutations persist
  • executeEditFile uses strings.Replace with count=1 — single occurrence replacement

Quality

  • New security.go + security_test.go: denylist enforcement + path validation with full table-driven test coverage
  • New phase_runner_test.go: mock engine, happy/error/timeout/safety tests
  • executor_test.go: +11 new tests (path traversal, shell security, single-replace)
  • app_test.go: --dangerous flag integration tests
  • engram.go: marked as development status

Cleanup

  • Deleted: gh.zip, .claude/settings.local.json, scripts/autoupdate.ps1
  • .gitignore: added .claude/ and *.local.json patterns

Checklist

  • go test ./internal/taskrunner/... — all pass
  • go test ./internal/sdd/autonomous/... — all pass
  • go vet ./... — no warnings
  • No Co-Authored-By in commits
  • Conventional commits format

Closes #274

herjarsa and others added 8 commits April 3, 2026 09:42
@herjarsa
Create autoupdate.ps1
e7b3b0b
@herjarsa
Merge branch 'main' of https://github.com/Gentleman-Programming/gentl…
24808ad 
…e-ai
@herjarsa @claude
feat(taskrunner): implement autonomous agentic loop with error learning
b952d71 
Add taskrunner package for one-shot task execution without user intervention:

- types.go: Action types, StepRecord, Report, RunConfig
- executor.go: Shell, write_file, read_file, edit_file execution
- prompt.go: BuildTurnPrompt with system instructions and history
- loop.go: Main agentic loop (Plan→Execute→Observe→Decide)
- report.go: Final report rendering
- engram.go: Engram integration for persistence
- lessons.go: Error lesson extraction and learning from failures

Features:
- Auto-selects available AI engine (claude, opencode, gemini, codex)
- Self-correcting loop with error recovery
- Learns from errors: extracts lessons and includes them in future prompts
- Saves execution history to Engram for cross-session learning
- Verbose mode for debugging
- Comprehensive test coverage

CLI usage:
  gentle-ai task "create a Python script"
  gentle-ai task --verbose --save-to-engram "setup a Go project"

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@herjarsa @claude
feat(sdd): implement autonomous mode with mini-loops per phase
928c406 
Add sdd/autonomous package for running SDD phases with autonomous mini-loops:

- phase_runner.go: Runs individual SDD phases (explore, propose, spec, etc.)
  using taskrunner loop internally
- orchestrator.go: Coordinates all phases with accumulated context
- cli.go: Command-line interface and complexity detection
- orchestrator_test.go: Tests for phase ordering and complexity detection

Features:
- Each SDD phase runs autonomously with its own Plan→Execute→Observe→Decide loop
- Context accumulates from previous phases
- Auto-detects task complexity to choose between taskrunner (simple) or SDD (complex)
- Can start/end at any phase for resuming workflows
- Verbose mode for debugging

New CLI commands:
  gentle-ai task "simple task"           # One-shot simple task
  gentle-ai sdd-autonomous "complex feature"  # Full SDD with mini-loops

Integration:
- Uses existing taskrunner package for the inner loop
- Integrates with agentbuilder.GenerationEngine for AI generation
- Follows SDD phase order: explore → propose → spec → design → tasks → apply → verify → archive

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@herjarsa @claude
feat(integration): add taskrunner integration to SDD orchestrator
0e571fd 
Add automatic complexity detection and routing:

- Update CLAUDE.md with taskrunner integration section
- Update internal/assets/generic/sdd-orchestrator.md with same rules
- Create skills/autonomous-executor/SKILL.md for skill-based usage
- Document automatic mode selection (simple vs complex tasks)
- Provide clear routing logic:
  * Simple tasks → gentle-ai task (one-shot)
  * Complex tasks → gentle-ai sdd-autonomous (mini-loops)
  * Manual control → /sdd-new (traditional)

The orchestrator now automatically chooses the right execution mode
based on task complexity keywords.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@herjarsa @claude
feat(gentleman): add autonomous execution to Gentleman mode
7133a99 
Add taskrunner integration to Gentleman output style:

- Update ~/.claude/output-styles/gentleman.md with complexity detection
- Update testdata/golden/persona-claude-gentleman.golden
- Document automatic routing rules:
  * Simple tasks → gentle-ai task
  * Complex tasks → gentle-ai sdd-autonomous
- Explain choices in Gentleman style ("Dale, esto es simple")

Now BOTH modes (Gentleman and SDD Orchestrator) automatically
detect and route to the appropriate execution mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@herjarsa
fix(engram): resolve deadlock between engram protocol and OpenCode an…
5f2b99f 
…ti-loop guard

The Engram protocol required calling mem_session_summary after compaction,
but OpenCode's anti-loop guard blocked tool calls during summary generation.

Changed AFTER COMPACTION protocol to:
1. Write summary as structured text output (always safe)
2. Call mem_session_summary only when tools are available
3. Call mem_context for context recovery

This allows the system to capture the summary regardless of whether
tool calls are blocked by orchestration guards.
@herjarsa
fix(taskrunner): security hardening, bug fixes, and quality improvements
0a546e3 
SECURITY (critical):
- Add CommandDenylist with 13 dangerous patterns (rm -rf, sudo, mkfs, dd, pipe-to-shell, chmod 777, fork bombs, etc.)
- IsCommandAllowed() check in executeShell() — blocked unless --dangerous flag set
- validatePath() on all file ops — WorkDir confinement via EvalSymlinks
- --dangerous flag on both gentle-ai task and gentle-ai sdd-autonomous

BUG FIXES:
- RunConfig.Validate() now uses *RunConfig pointer receiver — mutations persist
- executeEditFile uses strings.Replace(s, old, new, 1) — single replacement

QUALITY:
- New security_test.go: table-driven denylist + path traversal tests
- New phase_runner_test.go: mock engine, happy/error/path/coverage tests
- New security.go: CommandDenylist + IsCommandAllowed()
- executor_test.go: +11 new tests (path traversal, shell security, single-replace)
- app_test.go: --dangerous flag integration tests
- engram.go: mark integration as 'development' status

CLEANUP:
- .gitignore: add .claude/ and *.local.json patterns
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@herjarsa