You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overall posture: Tier B — Open With Conditions, with one Tier C (restricted) area — the signed-commit push engine — that must be patched before continued production use. Active hardening (safe-output fallback, blocked-command loop, token budget exhaustion) is visible and appropriate.
Asset Graph
Asset
Surface
Asset-Tier
safe-outputs-engine
actions/setup/js/
A
workflow-compiler-go
pkg/workflow/
A
cicd-privileged-workflows
.github/workflows/*.lock.yml
B
q-workflow-agent-runtime
Q compiled workflows
B
agent-skills-designer
.github/skills/
C
go-cli-toolchain
cmd/, internal/
C
docs-content
docs/
D
Control Verification
Domain
Status
Key Gap
Ownership
⚠️ Partial
Single-wildcard CODEOWNERS — no per-path owners for actions/setup/js/ or pkg/workflow/
1. Patch signed-commit push shallow-checkout race (Issue #36934)
File: actions/setup/js/push_signed_commits.cjs — diff-tree is computed against a stale first-parent bundle; when base branch advances, fileChanges silently reverts 178+ upstream commits and bypasses protected_files. Fix: deepen clone before diff-tree or abort if git merge-base detects base-branch delta. Owner: @dsyme
2. Fix unsafe-quoting in pkg/workflow/awf_helpers.go:161 (Alert #600)
Rule: go/unsafe-quoting (CWE-078/089/094) — JSON values embedded in quoted shell strings without escaping. Fix: replace with JSON-safe quoting helper. Owner: @pelikhan
🟠 High — 1 sprint
3. Pin all unpinned GitHub Actions to commit SHAs — Alerts #611 (azure/login@v2), #610 (actions/checkout@v4), #585 (untrusted-checkout/high in q.lock.yml). For #585, evaluate restructuring the issue_comment trigger to avoid secrets-capable checkout of fork code.
4. Add runtime fail-fast for safe_outputs permission denial — A 403 in the safe_outputs job surfaces as generic failure; AI agents may misinterpret as transient and retry. Emit structured error to prevent loops.
🟡 Medium — 2 sprints
5. Post-restore validation for sub-agent activation artifacts — No preflight check before agent step; silent absence leads to hallucinated tool availability.
6. Replace token budget magic sentinels — 0=default (25M), <0=disabled are invisible to YAML authors; no upper-bound guard. Replace with explicit null/omitempty + validator capped at 50M.
7. Per-path CODEOWNERS for high-risk subdirectories — Add entries for actions/setup/js/, pkg/workflow/, .github/workflows/*.lock.yml.
🟢 Low — Ongoing
8. Integer-narrowing guard pkg/workflow/compilerenv/manager.go:97 (Alert #609, CWE-190/681). 9. Add IR runbook and rollback playbook to SECURITY.md. 10. Confirm and document secret scanning push-protection enforcement.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
7-day window 2026-05-28 → 2026-06-04 | 374 commits | 143 security-signal commits | 13 open security issues | 7 code scanning alerts | 0 secret scanning alerts.
Overall posture: Tier B — Open With Conditions, with one Tier C (restricted) area — the signed-commit push engine — that must be patched before continued production use. Active hardening (safe-output fallback, blocked-command loop, token budget exhaustion) is visible and appropriate.
Asset Graph
actions/setup/js/pkg/workflow/.github/workflows/*.lock.yml.github/skills/cmd/,internal/docs/Control Verification
actions/setup/js/orpkg/workflow/Risk-Scoring Table
Exposure/Fragility: higher = worse. Patchability/Detectability/Ownership: higher = better.
Remediation Queue
🔴 Critical — 72 hours
1. Patch signed-commit push shallow-checkout race (Issue #36934)
File:
actions/setup/js/push_signed_commits.cjs—diff-treeis computed against a stale first-parent bundle; when base branch advances, fileChanges silently reverts 178+ upstream commits and bypassesprotected_files. Fix: deepen clone beforediff-treeor abort ifgit merge-basedetects base-branch delta. Owner:@dsyme2. Fix unsafe-quoting in
pkg/workflow/awf_helpers.go:161(Alert #600)Rule:
go/unsafe-quoting(CWE-078/089/094) — JSON values embedded in quoted shell strings without escaping. Fix: replace with JSON-safe quoting helper. Owner:@pelikhan🟠 High — 1 sprint
3. Pin all unpinned GitHub Actions to commit SHAs — Alerts #611 (
azure/login@v2), #610 (actions/checkout@v4), #585 (untrusted-checkout/high inq.lock.yml). For #585, evaluate restructuring theissue_commenttrigger to avoid secrets-capable checkout of fork code.4. Add runtime fail-fast for safe_outputs permission denial — A 403 in the safe_outputs job surfaces as generic failure; AI agents may misinterpret as transient and retry. Emit structured error to prevent loops.
🟡 Medium — 2 sprints
5. Post-restore validation for sub-agent activation artifacts — No preflight check before agent step; silent absence leads to hallucinated tool availability.
6. Replace token budget magic sentinels —
0=default (25M),<0=disabled are invisible to YAML authors; no upper-bound guard. Replace with explicit null/omitempty + validator capped at 50M.7. Per-path CODEOWNERS for high-risk subdirectories — Add entries for
actions/setup/js/,pkg/workflow/,.github/workflows/*.lock.yml.🟢 Low — Ongoing
8. Integer-narrowing guard
pkg/workflow/compilerenv/manager.go:97(Alert #609, CWE-190/681).9. Add IR runbook and rollback playbook to SECURITY.md.
10. Confirm and document secret scanning push-protection enforcement.
Exception Register
q.lock.ymluntrusted-checkout (Alert #585)Operational Metrics Baseline
References: §26965119536 · Issue #36934 · Alert #600
Beta Was this translation helpful? Give feedback.
All reactions