cleveragents/cleveragents-core
cleveragents/cleveragents-core
3
0
Fork 0
Code Issues 17 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Security issues in CleverAgents... #7

New issue
Open
opened 2025-10-06 01:01:43 +00:00 by brent.edwards · 0 comments
brent.edwards commented 2025-10-06 01:01:43 +00:00
Member
Copy link

Here are some security problems found within commit 4947b17521, which is the current master branch of cleveragents-core.

Bandit has found security problems. (I consider using eval with a user-supplied function to be a high-severity security problem, not medium.)

Here are results:

agents/base.py

One basic memory lock is used in AgentWithMemory for _process_wrapper, update_memory, and get_memory.

I don't think Lock is a reentrant lock. If _process_wrapper calls a method that eventually calls get_memory, would there be a deadlock?

agents/composite.py

claude-3.7-sonnet reports the following:

Component Isolation (High Risk)

• The CompositeAgent combines multiple agents, graphs, and streams without clear isolation boundaries.
• If one component is compromised, it could potentially affect others within the same composite.
• Recommendation: Implement stronger isolation between components, possibly using separate execution contexts or sandboxing.

agents/llm.py

If we ever allow outside programs as agents here, we should be much more careful with self.config.get("api_key"). For now, that should be okay.

agents/tool.py

From bandit:

>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: agents/tool.py:11:0
10      import logging
11      import subprocess
12      import sys

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_calls.html#b307-eval
   Location: agents/tool.py:228:21
227                 }
228                 result = eval(expression, allowed_names)
229                 return str(result)

The eval function is critical to fix.

Lines 153-159 read:

        if self.safe_mode:
            # Basic safety checks
            dangerous_commands = ["rm", "del", "format", "shutdown", "reboot", "kill"]
            if any(cmd in command.lower() for cmd in dangerous_commands):
                raise ExecutionError(
                    f"Dangerous command '{command}' blocked in safe mode"
                )

This is emphatically not enough security. If I recall correctly, you wrote a bunch of examples of bad things that could be done. You should change this code so that bad examples do not get through.

This part of the code is going to be very, very important when the software goes out. It should be easy to change and modify and fix.

The method _http_request_tool makes me very nervous. It can be used to get any http resource that the agent can reach. In particular:

  1. If the agent is run inside a private network but accessible from the Internet, it could return any files from inside the network. (This was a real problem for Amazon.) (Server-side request forgery)
  2. The agent could be used to send malicious requests to other services or used in a denial-of-service attack from our servers.
  3. The agent could request our IAM security credentials.

Lines 277-285 read:

        if self.safe_mode:
            # Always block directory traversal attempts
            if ".." in filepath:
                raise ExecutionError("Unsafe file path blocked in safe mode")
            # Block absolute paths unless in unsafe mode
            if filepath.startswith("/") and not (
                context and context.get("_unsafe_mode", False)
            ):
                raise ExecutionError("Unsafe file path blocked in safe mode")

I don't think that's enough security for safe mode. It doesn't stop safe mode from following soft links. If the user could create a soft link to /, then the whole file system could be read from safe mode.

There's the chance that this code will run on Windows. The filepath should be compared against both / and drive letters in Windows.

langgraph/nodes.py

From bandit:

--------------------------------------------------
>> Issue: [B112:try_except_continue] Try, Except, Continue detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b112_try_except_continue.html
   Location: langgraph/nodes.py:128:20
127                             return await self.execute(state)
128                         except Exception:
129                             continue
130

templates/base.py

From bandit:

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html
   Location: templates/base.py:250:24
249                                 return json.loads(json_str)
250                             except:
251                                 pass
252

templates/graph_templates.py

From bandit:

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html
   Location: templates/graph_templates.py:93:20
92                                  )
93                          except:
94                              # Not a local reference, probably a global agent name
95                              pass
96

templates/inline_jinja_handler.py

From bandit:

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/inline_jinja_handler.py:38:19
37          def __init__(self):
38              self.env = Environment(
39                  block_start_string="{%",
40                  block_end_string="%}",
41                  variable_start_string="{{",
42                  variable_end_string="}}",
43                  comment_start_string="{#",
44                  comment_end_string="#}",
45                  trim_blocks=True,
46                  lstrip_blocks=True,
47              )
48

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/inline_yaml_jinja.py:38:19
37              # Configure Jinja2 to work well with YAML
38              self.env = Environment(
39                  block_start_string="{%",
40                  block_end_string="%}",
41                  variable_start_string="{{",
42                  variable_end_string="}}",
43                  comment_start_string="{#",
44                  comment_end_string="#}",
45              )
46

templates/jinja_yaml_preprocessor.py:

From bandit:

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/jinja_yaml_preprocessor.py:35:19
34          def __init__(self):
35              self.env = Environment(
36                  block_start_string="{%",
37                  block_end_string="%}",
38                  variable_start_string="{{",
39                  variable_end_string="}}",
40                  comment_start_string="{#",
41                  comment_end_string="#}",
42                  trim_blocks=True,
43                  lstrip_blocks=True,
44              )
45

templates/renderer.py:

From bandit:

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/renderer.py:98:30
97
98                      self.engine = jinja2.Environment(
99                          autoescape=False, trim_blocks=True, lstrip_blocks=True
100                     )
101                 except ImportError:

--------------------------------------------------
>> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval.
   Severity: Medium   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_calls.html#b307-eval
   Location: templates/renderer.py:129:20
128                 # This enables support for constructs like `context.get('key', default)`
129                 value = eval(expr, {"__builtins__": {}}, context)  # noqa: S307
130                 return "" if value is None else str(value)

templates/stream_templates.py:

From bandit:

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html
   Location: templates/stream_templates.py:109:20
108                                 )
109                         except:
110                             # Not a local reference
111                             pass
112

--------------------------------------------------
>> Issue: [B110:try_except_pass] Try, Except, Pass detected.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html
   Location: templates/stream_templates.py:131:20
130                                 )
131                         except:
132                             # Not a local reference
133                             pass
134

templates/yaml_jinja_loader.py:

From bandit:

>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/yaml_jinja_loader.py:33:19
32          def __init__(self):
33              self.env = Environment(
34                  block_start_string="{%",
35                  block_end_string="%}",
36                  variable_start_string="{{",
37                  variable_end_string="}}",
38                  comment_start_string="{#",
39                  comment_end_string="#}",
40                  trim_blocks=True,
41                  lstrip_blocks=True,
42              )
43

templates/yaml_preprocessor.py

From bandit:

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/yaml_preprocessor.py:34:19
33          def __init__(self):
34              self.env = Environment(
35                  block_start_string="{%",
36                  block_end_string="%}",
37                  variable_start_string="{{",
38                  variable_end_string="}}",
39                  comment_start_string="{#",
40                  comment_end_string="#}",
41                  trim_blocks=True,
42                  lstrip_blocks=True,
43              )
44

templates/yaml_template_engine.py

From bandit:

--------------------------------------------------
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
   Severity: High   Confidence: High
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html
   Location: templates/yaml_template_engine.py:37:19
36              # Configure Jinja2 for YAML-friendly output
37              self.env = Environment(
38                  block_start_string="{%",
39                  block_end_string="%}",
40                  variable_start_string="{{",
41                  variable_end_string="}}",
42                  comment_start_string="{#",
43                  comment_end_string="#}",
44                  trim_blocks=False,  # Don't trim to preserve structure
45                  lstrip_blocks=False,  # Don't strip to preserve indentation
46                  keep_trailing_newline=True,
47              )
48
Here are some security problems found within commit 4947b17521482615d87, which is the current `master` branch of cleveragents-core. Bandit has found security problems. (I consider using `eval` with a user-supplied function to be a high-severity security problem, not medium.) Here are results: # agents/base.py One basic memory lock is used in `AgentWithMemory` for `_process_wrapper`, `update_memory`, and `get_memory`. I don't think `Lock` is a reentrant lock. If `_process_wrapper` calls a method that eventually calls `get_memory`, would there be a deadlock? # agents/composite.py `claude-3.7-sonnet` reports the following: Component Isolation (High Risk) • The CompositeAgent combines multiple agents, graphs, and streams without clear isolation boundaries. • If one component is compromised, it could potentially affect others within the same composite. • Recommendation: Implement stronger isolation between components, possibly using separate execution contexts or sandboxing. # agents/llm.py If we ever allow outside programs as agents here, we should be much more careful with `self.config.get("api_key")`. For now, that should be okay. # agents/tool.py From bandit: ``` >> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module. Severity: Low Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_imports.html#b404-import-subprocess Location: agents/tool.py:11:0 10 import logging 11 import subprocess 12 import sys -------------------------------------------------- >> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval. Severity: Medium Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_calls.html#b307-eval Location: agents/tool.py:228:21 227 } 228 result = eval(expression, allowed_names) 229 return str(result) ``` The `eval` function is critical to fix. Lines 153-159 read: ``` if self.safe_mode: # Basic safety checks dangerous_commands = ["rm", "del", "format", "shutdown", "reboot", "kill"] if any(cmd in command.lower() for cmd in dangerous_commands): raise ExecutionError( f"Dangerous command '{command}' blocked in safe mode" ) ``` This is emphatically not enough security. If I recall correctly, you wrote a bunch of examples of bad things that could be done. You should change this code so that bad examples do not get through. This part of the code is going to be very, very important when the software goes out. It should be easy to change and modify and fix. --- The method `_http_request_tool` makes me very nervous. It can be used to get any http resource that the agent can reach. In particular: 1. If the agent is run inside a private network but accessible from the Internet, it could return any files from inside the network. (This was a real problem for Amazon.) (Server-side request forgery) 2. The agent could be used to send malicious requests to other services or used in a denial-of-service attack from our servers. 3. The agent could request our IAM security credentials. --- Lines 277-285 read: ``` if self.safe_mode: # Always block directory traversal attempts if ".." in filepath: raise ExecutionError("Unsafe file path blocked in safe mode") # Block absolute paths unless in unsafe mode if filepath.startswith("/") and not ( context and context.get("_unsafe_mode", False) ): raise ExecutionError("Unsafe file path blocked in safe mode") ``` I don't think that's enough security for safe mode. It doesn't stop safe mode from following soft links. If the user could create a soft link to `/`, then the whole file system could be read from safe mode. There's the chance that this code will run on Windows. The filepath should be compared against both `/` and drive letters in Windows. # langgraph/nodes.py From bandit: ``` -------------------------------------------------- >> Issue: [B112:try_except_continue] Try, Except, Continue detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b112_try_except_continue.html Location: langgraph/nodes.py:128:20 127 return await self.execute(state) 128 except Exception: 129 continue 130 ``` # templates/base.py From bandit: ``` -------------------------------------------------- >> Issue: [B110:try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html Location: templates/base.py:250:24 249 return json.loads(json_str) 250 except: 251 pass 252 ``` # templates/graph_templates.py From bandit: ``` -------------------------------------------------- >> Issue: [B110:try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html Location: templates/graph_templates.py:93:20 92 ) 93 except: 94 # Not a local reference, probably a global agent name 95 pass 96 ``` # templates/inline_jinja_handler.py From bandit: ``` -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/inline_jinja_handler.py:38:19 37 def __init__(self): 38 self.env = Environment( 39 block_start_string="{%", 40 block_end_string="%}", 41 variable_start_string="{{", 42 variable_end_string="}}", 43 comment_start_string="{#", 44 comment_end_string="#}", 45 trim_blocks=True, 46 lstrip_blocks=True, 47 ) 48 -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/inline_yaml_jinja.py:38:19 37 # Configure Jinja2 to work well with YAML 38 self.env = Environment( 39 block_start_string="{%", 40 block_end_string="%}", 41 variable_start_string="{{", 42 variable_end_string="}}", 43 comment_start_string="{#", 44 comment_end_string="#}", 45 ) 46 ``` # templates/jinja_yaml_preprocessor.py: From bandit: ``` -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/jinja_yaml_preprocessor.py:35:19 34 def __init__(self): 35 self.env = Environment( 36 block_start_string="{%", 37 block_end_string="%}", 38 variable_start_string="{{", 39 variable_end_string="}}", 40 comment_start_string="{#", 41 comment_end_string="#}", 42 trim_blocks=True, 43 lstrip_blocks=True, 44 ) 45 ``` # templates/renderer.py: From bandit: ``` -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Use autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/renderer.py:98:30 97 98 self.engine = jinja2.Environment( 99 autoescape=False, trim_blocks=True, lstrip_blocks=True 100 ) 101 except ImportError: -------------------------------------------------- >> Issue: [B307:blacklist] Use of possibly insecure function - consider using safer ast.literal_eval. Severity: Medium Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.8.5/blacklists/blacklist_calls.html#b307-eval Location: templates/renderer.py:129:20 128 # This enables support for constructs like `context.get('key', default)` 129 value = eval(expr, {"__builtins__": {}}, context) # noqa: S307 130 return "" if value is None else str(value) ``` # templates/stream_templates.py: From bandit: ``` -------------------------------------------------- >> Issue: [B110:try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html Location: templates/stream_templates.py:109:20 108 ) 109 except: 110 # Not a local reference 111 pass 112 -------------------------------------------------- >> Issue: [B110:try_except_pass] Try, Except, Pass detected. Severity: Low Confidence: High CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b110_try_except_pass.html Location: templates/stream_templates.py:131:20 130 ) 131 except: 132 # Not a local reference 133 pass 134 ``` # templates/yaml_jinja_loader.py: From bandit: ``` >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/yaml_jinja_loader.py:33:19 32 def __init__(self): 33 self.env = Environment( 34 block_start_string="{%", 35 block_end_string="%}", 36 variable_start_string="{{", 37 variable_end_string="}}", 38 comment_start_string="{#", 39 comment_end_string="#}", 40 trim_blocks=True, 41 lstrip_blocks=True, 42 ) 43 ``` # templates/yaml_preprocessor.py From bandit: ``` -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/yaml_preprocessor.py:34:19 33 def __init__(self): 34 self.env = Environment( 35 block_start_string="{%", 36 block_end_string="%}", 37 variable_start_string="{{", 38 variable_end_string="}}", 39 comment_start_string="{#", 40 comment_end_string="#}", 41 trim_blocks=True, 42 lstrip_blocks=True, 43 ) 44 ``` # templates/yaml_template_engine.py From bandit: ``` -------------------------------------------------- >> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Severity: High Confidence: High CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html) More Info: https://bandit.readthedocs.io/en/1.8.5/plugins/b701_jinja2_autoescape_false.html Location: templates/yaml_template_engine.py:37:19 36 # Configure Jinja2 for YAML-friendly output 37 self.env = Environment( 38 block_start_string="{%", 39 block_end_string="%}", 40 variable_start_string="{{", 41 variable_end_string="}}", 42 comment_start_string="{#", 43 comment_end_string="#}", 44 trim_blocks=False, # Don't trim to preserve structure 45 lstrip_blocks=False, # Don't strip to preserve indentation 46 keep_trailing_newline=True, 47 ) 48 ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
mypy-pylint-fixed
tests/unit-tests
feat/multi-agent
latest/poetry-generator
poetry-generator
config/contract-metadata-extractor
docs/readme-yaml-syntax
config/memory-yaml
fix/double-response
brent-additions
intel_2_demo
No results found.
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

  
Blocked

A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
Should have feature in order to satisfy the epic/legendary.

  
Needs feedback

There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
1 man-hours worth of work for an expert with no learning curve.

  
Points
13
13 man-hours worth of work for an expert with no learning curve.

  
Points
2
2 man-hours worth of work for an expert with no learning curve.

  
Points
21
21 man-hours worth of work for an expert with no learning curve.

  
Points
3
3 man-hours worth of work for an expert with no learning curve.

  
Points
34
34 man-hours worth of work for an expert with no learning curve.

  
Points
5
5 man-hours worth of work for an expert with no learning curve.

  
Points
55
55 man-hours worth of work for an expert with no learning curve.

  
Points
8
8 man-hours worth of work for an expert with no learning curve.

  
Points
88
88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
This ticket has backlogged priority and is not to be worked on yet

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Signed-off: Owner

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike

A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
A ticket that represents the same content as an existing ticket.

  
State
In Progress
A ticket that is actively being developed.

  
State
In Review
A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Bug
Something that doesnt work as intended.

  
Type
Discussion
Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
An error or improvement needed in the documentation.

  
Type
Epic
Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
Some new functionality not present.

  
Type
Legendary
A type of Epic which will contain other Epics.

  
Type
Support
Someone needs help using the project.

  
Type
Task
A generic task that doesnt fit into the other type categories.

  
Type
Testing
Work exclusively focusing on fixing or expanding testing.

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: cleveragents/cleveragents-core#7
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?