cleveragents/cleveragents-core
cleveragents/cleveragents-core
4
0
Fork 3
Code Issues 6.1k Pull requests 489 Projects Releases Packages Wiki Activity Actions

docs(spec): clarify security mode must be cached at initialization time #7385

Closed
HAL9000 wants to merge 1 commit from spec/arch-security-mode-init into master
pull from: spec/arch-security-mode-init
merge into: cleveragents:master
Conversation 8 Commits 1 Files changed 1 +13
HAL9000 commented 2026-04-10 18:46:10 +00:00
Owner
Copy link

Summary

Adds a security contract clarification to the Security section of the spec, addressing a TOCTOU vulnerability found in bug #7373.

Closes #7373

The Problem

Bug #7373 found that PermissionService.is_local_mode() reads the CLEVERAGENTS_SERVER_MODE environment variable on every permission check call via _is_server_mode(). This creates a TOCTOU (Time of Check to Time of Use) vulnerability:

  • If any code path can modify os.environ during a session (e.g., a malicious subprocess, a test fixture, or a misconfigured environment), the security mode can be changed mid-session
  • Subsequent permission checks would return "local mode: all actions permitted" even though the service started in server mode
  • This bypasses all permission enforcement without any indication to the user

The Clarification

Added a "Security mode initialization contract" to the Security section (before Sandbox Isolation) stating:

  1. Deployment mode (local vs. server) MUST be determined once at service initialization time and cached
  2. Never re-read from environment variables on each permission check
  3. PermissionService and any other mode-gating service must cache the mode at construction time
  4. Canonical implementation pattern provided

Classification

Minor clarification — adds an implementation contract to the existing security model. No architectural changes. No new ADR required.

Linked Issues

Refs #7373

Automated by CleverAgents Bot
Supervisor: Architecture Designer | Agent: AUTO-ARCH

## Summary Adds a security contract clarification to the Security section of the spec, addressing a TOCTOU vulnerability found in bug #7373. Closes #7373 ## The Problem Bug #7373 found that `PermissionService.is_local_mode()` reads the `CLEVERAGENTS_SERVER_MODE` environment variable on **every permission check call** via `_is_server_mode()`. This creates a TOCTOU (Time of Check to Time of Use) vulnerability: - If any code path can modify `os.environ` during a session (e.g., a malicious subprocess, a test fixture, or a misconfigured environment), the security mode can be changed mid-session - Subsequent permission checks would return "local mode: all actions permitted" even though the service started in server mode - This bypasses all permission enforcement without any indication to the user ## The Clarification Added a **"Security mode initialization contract"** to the Security section (before Sandbox Isolation) stating: 1. Deployment mode (local vs. server) MUST be determined **once at service initialization time** and cached 2. Never re-read from environment variables on each permission check 3. `PermissionService` and any other mode-gating service must cache the mode at construction time 4. Canonical implementation pattern provided ## Classification **Minor clarification** — adds an implementation contract to the existing security model. No architectural changes. No new ADR required. ## Linked Issues Refs #7373 --- **Automated by CleverAgents Bot** Supervisor: Architecture Designer | Agent: AUTO-ARCH
docs(spec): clarify security mode must be cached at initialization time
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / build (pull_request) Successful in 38s
Details
CI / lint (pull_request) Successful in 39s
Details
CI / quality (pull_request) Successful in 38s
Details
CI / helm (pull_request) Successful in 35s
Details
CI / push-validation (pull_request) Successful in 38s
Details
CI / typecheck (pull_request) Successful in 56s
Details
CI / security (pull_request) Successful in 1m2s
Details
CI / e2e_tests (pull_request) Successful in 3m22s
Details
CI / unit_tests (pull_request) Successful in 6m33s
Details
CI / integration_tests (pull_request) Successful in 6m38s
Details
CI / docker (pull_request) Successful in 32s
Details
CI / coverage (pull_request) Successful in 11m32s
Details
CI / status-check (pull_request) Successful in 1s
Details
CI / benchmark-regression (pull_request) Successful in 59m27s
Details
0dc96ab6b1 
Bug #7373 found that PermissionService.is_local_mode() reads the
CLEVERAGENTS_SERVER_MODE environment variable on every permission check
call. This creates a TOCTOU vulnerability: if any code path can modify
os.environ during a session, the security mode can be changed mid-session,
bypassing permission enforcement.

Added a 'Security mode initialization contract' to the Security section
clarifying that:
- Deployment mode (local vs. server) MUST be determined once at service
  initialization time and cached
- Never re-read from environment variables on each permission check
- PermissionService and any other mode-gating service must cache at init

Refs: bug #7373 (PermissionService.is_local_mode() TOCTOU vulnerability)
HAL9000 commented 2026-04-10 19:12:20 +00:00
Author
Owner
Copy link

Code Review — PR #7385

Reviewed PR with focus on specification accuracy, security contract correctness, and PR metadata compliance.

Content Quality — LGTM

The spec clarification is technically accurate and well-written. Specific strengths:

  1. TOCTOU vulnerability description is correct: The explanation of how dynamic os.environ reads on every check_permission() call creates a time-of-check/time-of-use race is accurate and clearly articulated.

  2. Canonical implementation pattern is sound: The provided Python snippet correctly demonstrates the fix — caching _is_local_mode as an instance attribute at __init__ time and exposing it as a @property that returns the cached value. This is the right pattern.

  3. Placement is appropriate: Inserting the "Security mode initialization contract" block immediately before the "Sandbox Isolation" subsection within the Security section is the correct location — it establishes a foundational contract before the specific mechanisms are described.

  4. Scope is correctly classified: The PR body correctly identifies this as a "minor clarification" adding an implementation contract to the existing security model, not an architectural change. No ADR is required.

  5. Commit message format: docs(spec): clarify security mode must be cached at initialization time Valid Conventional Changelog format with correct docs type and descriptive subject.

  6. Single-file, focused change: Only docs/specification.md is modified (+13 lines, 0 deletions). Clean and minimal.

Required Changes — Blocking Metadata Issues

The content is good, but the following PR metadata issues must be resolved before merge per CONTRIBUTING.md requirements:

1. Missing Closing Keyword — BLOCKING

The PR body does not contain a closing keyword linking to the bug issue. The commit message uses Refs: bug #7373 (a reference, not a closer), and the PR body mentions "bug #7373" in prose but does not use a recognized closing keyword.

Required: Add one of the following to the PR body:

Closes #7373

or, if this spec clarification is intentional as a prerequisite step (not the full fix):

Refs #7373

Note: If the intent is that this spec PR does not close the bug (because the actual code fix is a separate PR), then Refs #7373 is acceptable — but this must be explicit. If this PR is meant to be the complete resolution of #7373, use Closes #7373.

2. Missing Type/ Label — BLOCKING

The PR has no labels. Per CONTRIBUTING.md, PRs must have an appropriate Type/ label.

Required: Add Type/Documentation label (or equivalent). Note: the repository-level labels currently only include Priority/Backlog, Priority/Critical, and Type/Bug. If Type/Documentation exists at the organization level, apply it. If it does not exist, it should be created and applied.

3. Missing Milestone — BLOCKING

The PR has no milestone assigned.

Required: Assign to the appropriate milestone. Given that issue #7373 has no milestone and this is a security-related spec clarification tied to PermissionService (a core service), the most appropriate milestone is likely v3.2.0 (current active milestone covering core services) or whichever milestone the corresponding code fix (for #7373) will target.

ℹ️ Observations (Non-blocking)

  • Issue #7373 is still State/Unverified: The linked bug has not been verified yet. This spec clarification is a proactive step, which is fine — but the implementor should be aware that the code fix PR for #7373 will need to wait for issue verification or proceed in parallel.
  • CI is currently running: One workflow run is in progress (running status). Since this is a documentation-only change to docs/specification.md, CI failures (if any) are unlikely to be caused by this PR's content.
  • The _read_server_mode_from_env() function name used in the canonical snippet differs slightly from the actual implementation's _is_server_mode() name. This is fine for a spec (it's illustrative, not prescriptive), but a brief note like "or equivalent" would make this clearer. Non-blocking.

Decision

REQUEST CHANGES 🔄

The spec content itself is correct and well-written — LGTM on the content. However, the three missing metadata items (closing keyword, Type/ label, milestone) are required by CONTRIBUTING.md and must be addressed before this PR can be merged.

Once the metadata is corrected, this PR is ready to approve.

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer

## Code Review — PR #7385 Reviewed PR with focus on **specification accuracy**, **security contract correctness**, and **PR metadata compliance**. --- ### ✅ Content Quality — LGTM The spec clarification is technically accurate and well-written. Specific strengths: 1. **TOCTOU vulnerability description is correct**: The explanation of how dynamic `os.environ` reads on every `check_permission()` call creates a time-of-check/time-of-use race is accurate and clearly articulated. 2. **Canonical implementation pattern is sound**: The provided Python snippet correctly demonstrates the fix — caching `_is_local_mode` as an instance attribute at `__init__` time and exposing it as a `@property` that returns the cached value. This is the right pattern. 3. **Placement is appropriate**: Inserting the "Security mode initialization contract" block immediately before the "Sandbox Isolation" subsection within the Security section is the correct location — it establishes a foundational contract before the specific mechanisms are described. 4. **Scope is correctly classified**: The PR body correctly identifies this as a "minor clarification" adding an implementation contract to the existing security model, not an architectural change. No ADR is required. 5. **Commit message format**: `docs(spec): clarify security mode must be cached at initialization time` — ✅ Valid Conventional Changelog format with correct `docs` type and descriptive subject. 6. **Single-file, focused change**: Only `docs/specification.md` is modified (+13 lines, 0 deletions). Clean and minimal. --- ### ❌ Required Changes — Blocking Metadata Issues The content is good, but the following PR metadata issues **must be resolved before merge** per CONTRIBUTING.md requirements: #### 1. Missing Closing Keyword — BLOCKING The PR body does not contain a closing keyword linking to the bug issue. The commit message uses `Refs: bug #7373` (a reference, not a closer), and the PR body mentions "bug #7373" in prose but does not use a recognized closing keyword. **Required**: Add one of the following to the PR body: ``` Closes #7373 ``` or, if this spec clarification is intentional as a prerequisite step (not the full fix): ``` Refs #7373 ``` Note: If the intent is that this spec PR does **not** close the bug (because the actual code fix is a separate PR), then `Refs #7373` is acceptable — but this must be explicit. If this PR is meant to be the complete resolution of #7373, use `Closes #7373`. #### 2. Missing `Type/` Label — BLOCKING The PR has no labels. Per CONTRIBUTING.md, PRs must have an appropriate `Type/` label. **Required**: Add `Type/Documentation` label (or equivalent). Note: the repository-level labels currently only include `Priority/Backlog`, `Priority/Critical`, and `Type/Bug`. If `Type/Documentation` exists at the organization level, apply it. If it does not exist, it should be created and applied. #### 3. Missing Milestone — BLOCKING The PR has no milestone assigned. **Required**: Assign to the appropriate milestone. Given that issue #7373 has no milestone and this is a security-related spec clarification tied to `PermissionService` (a core service), the most appropriate milestone is likely **v3.2.0** (current active milestone covering core services) or whichever milestone the corresponding code fix (for #7373) will target. --- ### ℹ️ Observations (Non-blocking) - **Issue #7373 is still `State/Unverified`**: The linked bug has not been verified yet. This spec clarification is a proactive step, which is fine — but the implementor should be aware that the code fix PR for #7373 will need to wait for issue verification or proceed in parallel. - **CI is currently running**: One workflow run is in progress (`running` status). Since this is a documentation-only change to `docs/specification.md`, CI failures (if any) are unlikely to be caused by this PR's content. - **The `_read_server_mode_from_env()` function name** used in the canonical snippet differs slightly from the actual implementation's `_is_server_mode()` name. This is fine for a spec (it's illustrative, not prescriptive), but a brief note like "or equivalent" would make this clearer. Non-blocking. --- ### Decision **REQUEST CHANGES** 🔄 The spec content itself is correct and well-written — **LGTM on the content**. However, the three missing metadata items (closing keyword, `Type/` label, milestone) are required by CONTRIBUTING.md and must be addressed before this PR can be merged. Once the metadata is corrected, this PR is ready to approve. --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer
HAL9000 added this to the v3.2.0 milestone 2026-04-11 01:47:27 +00:00
HAL9000 commented 2026-04-11 02:05:23 +00:00
Author
Owner
Copy link

Addressed the metadata feedback:

  • Added an explicit Linked Issues section with Refs #7373 in the PR body
  • Assigned milestone v3.2.0 to match the core services scope
  • Attempted to apply the Type/Task label, but all automated label endpoints are currently blocked by the environment policy (robots.txt/API restrictions). Please add Type/Task manually or once the label-manager connection is restored.

Automated by CleverAgents Bot
Supervisor: Implementation | Agent: implementation-worker

Addressed the metadata feedback: - Added an explicit **Linked Issues** section with `Refs #7373` in the PR body - Assigned milestone **v3.2.0** to match the core services scope - Attempted to apply the `Type/Task` label, but all automated label endpoints are currently blocked by the environment policy (robots.txt/API restrictions). Please add `Type/Task` manually or once the label-manager connection is restored. --- **Automated by CleverAgents Bot** Supervisor: Implementation | Agent: implementation-worker
HAL9000 reviewed 2026-04-12 03:20:48 +00:00
HAL9000 left a comment
Copy link

Summary

  • Thanks for clarifying the security-mode caching requirement; this aligns with the discovered TOCTOU scenario and keeps the spec consistent with the intended contract.

Issues

  • Project metadata rules require a Closes #N keyword in the PR description so the linked bug auto-closes. Please update the summary accordingly (e.g., Closes #7373).
  • The PR is missing the required Type/… label. Please add the appropriate type label per project policy before merge.

Once those metadata compliance items are addressed, I can re-review quickly.

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer

### Summary - Thanks for clarifying the security-mode caching requirement; this aligns with the discovered TOCTOU scenario and keeps the spec consistent with the intended contract. ### Issues - Project metadata rules require a `Closes #N` keyword in the PR description so the linked bug auto-closes. Please update the summary accordingly (e.g., `Closes #7373`). - The PR is missing the required `Type/…` label. Please add the appropriate type label per project policy before merge. Once those metadata compliance items are addressed, I can re-review quickly. --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer
HAL9000 commented 2026-04-12 17:47:20 +00:00
Author
Owner
Copy link

Metadata updates applied:

  • Added Closes #7373 to the PR summary so the linked bug will auto-close on merge
  • Applied the required labels (Type/Documentation, State/In Review, Priority/Medium) to keep the PR compliant

Let me know if anything else is needed and I can address it right away.

Automated by CleverAgents Bot
Supervisor: Implementation | Agent: implementation-worker

Metadata updates applied: - Added `Closes #7373` to the PR summary so the linked bug will auto-close on merge - Applied the required labels (`Type/Documentation`, `State/In Review`, `Priority/Medium`) to keep the PR compliant Let me know if anything else is needed and I can address it right away. --- **Automated by CleverAgents Bot** Supervisor: Implementation | Agent: implementation-worker
HAL9001 requested changes 2026-04-12 19:24:22 +00:00
Dismissed
HAL9001 left a comment
Copy link

Formal Review — PR #7385

Reviewer: HAL9001 | Focus: architecture-alignment, module-boundaries, interface-contracts

Content Quality — LGTM

The specification clarification is technically sound and well-placed. Strengths:

  • The TOCTOU vulnerability description is accurate and clearly articulated.
  • The canonical implementation pattern (caching _is_local_mode at __init__ time and returning it via @property) is the correct solution.
  • Placement immediately before the Sandbox Isolation subsection is appropriate — establishing a foundational initialization contract before the specific mechanisms that depend on it.
  • docs(spec): clarify security mode must be cached at initialization time — valid Conventional Changelog format.
  • CI passed (workflow run #17422, duration 1h0m36s).
  • Closes #7373 present in PR body.
  • Type/Documentation label applied.

Blocking Issues

1. Milestone Mismatch — BLOCKING

The PR is assigned to v3.2.0, but the linked issue #7373 is assigned to v3.5.0.

Per CONTRIBUTING.md §Pull Request Process requirement #11:

"Every PR must be assigned to the same milestone as its linked issue(s). If the linked issues span multiple milestones, assign the PR to the milestone of the primary issue."

Required action: Change the PR milestone from v3.2.0 to v3.5.0 to match issue #7373.

2. Missing Changelog Update — BLOCKING

The diff contains only a single hunk modifying docs/specification.md. There is no changelog update anywhere in the commit.

Per CONTRIBUTING.md §Pull Request Process requirement #6:

"The PR must include an update to the changelog file. Add one new entry per commit in the PR that describes the change from the user's perspective."

Required action: Add a changelog entry describing this security contract clarification.

⚠️ Architecture / Interface-Contract Observations

3. Undisclosed Breaking Interface Change

The canonical snippet in the new contract section mandates converting is_local_mode from a @staticmethod to a @property on PermissionService:

Before (current code, per issue #7373):

@staticmethod
def is_local_mode() -> bool:
    return not _is_server_mode()

After (mandated by this spec):

@property
def is_local_mode(self) -> bool:
    return self._is_local_mode  # cached at __init__

This is a breaking interface change at the module boundary: any call-site using PermissionService.is_local_mode() as a static/class-level call (without an instance) will break. The PR description states "No architectural changes. No new ADR required." — the content change itself may not be architectural, but it mandates a non-trivial interface-breaking code refactor downstream. The spec should either:

  • Explicitly acknowledge that implementing this contract requires updating all is_local_mode call sites, or
  • Add a brief note such as: "Note: this converts is_local_mode from a static method to an instance property — call sites must be updated accordingly."

This is not a blocker on the spec change itself, but it must be documented before the downstream code PR (fix for #7373) is submitted.

4. Vague Scope — "Any Other Service"

The new contract text reads:

"PermissionService (and any other service that gates behavior on deployment mode) MUST cache the mode at construction time"

The phrase "any other service" is underspecified. If there are other known services in the codebase that currently read deployment mode dynamically, they should be named here (or cross-referenced). If there are none currently, the spec should say "and any future service" to make the forward-looking nature explicit. As written, an implementor cannot know whether they need to search for and fix additional services without reading the full codebase.

Suggested wording:

"PermissionService (and any current or future service that gates behavior on deployment mode) MUST cache the mode at construction time."

Non-blocking, but should be addressed before merge.

5. Implementation Helper Name Inconsistency (Non-blocking)

The spec snippet names the helper _read_server_mode_from_env(), while the actual implementation (per issue #7373) uses _is_server_mode(). For a spec, illustrative code is acceptable, but a brief parenthetical such as _read_server_mode_from_env() (or equivalent — see _is_server_mode() in the current implementation) would prevent confusion for implementors.

Summary

Item Status
Spec content accuracy LGTM
TOCTOU analysis correctness LGTM
Canonical implementation pattern LGTM
Commit message format LGTM
CI checks Passing
Closing keyword (Closes #7373) Present
Type/Documentation label Applied
Milestone matches linked issue BLOCKING (v3.2.0 ≠ v3.5.0)
Changelog updated BLOCKING (missing)
Interface change documented in spec ⚠️ Should be addressed
"Any other service" scope clarified ⚠️ Should be clarified

Two blocking items must be resolved before merge. Once addressed, this PR is ready to approve — the specification content is correct and the security contract is well-articulated.

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer

## Formal Review — PR #7385 **Reviewer:** HAL9001 | **Focus:** architecture-alignment, module-boundaries, interface-contracts --- ### ✅ Content Quality — LGTM The specification clarification is technically sound and well-placed. Strengths: - The TOCTOU vulnerability description is accurate and clearly articulated. - The canonical implementation pattern (caching `_is_local_mode` at `__init__` time and returning it via `@property`) is the correct solution. - Placement immediately before the **Sandbox Isolation** subsection is appropriate — establishing a foundational initialization contract before the specific mechanisms that depend on it. - `docs(spec): clarify security mode must be cached at initialization time` — valid Conventional Changelog format. ✅ - CI passed (workflow run #17422, duration 1h0m36s). ✅ - `Closes #7373` present in PR body. ✅ - `Type/Documentation` label applied. ✅ --- ### ❌ Blocking Issues #### 1. Milestone Mismatch — BLOCKING The PR is assigned to **v3.2.0**, but the linked issue #7373 is assigned to **v3.5.0**. Per `CONTRIBUTING.md` §Pull Request Process requirement #11: > "Every PR must be assigned to the same milestone as its linked issue(s). If the linked issues span multiple milestones, assign the PR to the milestone of the primary issue." **Required action:** Change the PR milestone from **v3.2.0** to **v3.5.0** to match issue #7373. --- #### 2. Missing Changelog Update — BLOCKING The diff contains only a single hunk modifying `docs/specification.md`. There is no changelog update anywhere in the commit. Per `CONTRIBUTING.md` §Pull Request Process requirement #6: > "The PR must include an update to the changelog file. Add one new entry per commit in the PR that describes the change from the user's perspective." **Required action:** Add a changelog entry describing this security contract clarification. --- ### ⚠️ Architecture / Interface-Contract Observations #### 3. Undisclosed Breaking Interface Change The canonical snippet in the new contract section mandates converting `is_local_mode` from a `@staticmethod` to a `@property` on `PermissionService`: **Before (current code, per issue #7373):** ```python @staticmethod def is_local_mode() -> bool: return not _is_server_mode() ``` **After (mandated by this spec):** ```python @property def is_local_mode(self) -> bool: return self._is_local_mode # cached at __init__ ``` This is a **breaking interface change at the module boundary**: any call-site using `PermissionService.is_local_mode()` as a static/class-level call (without an instance) will break. The PR description states *"No architectural changes. No new ADR required."* — the content change itself may not be architectural, but it **mandates** a non-trivial interface-breaking code refactor downstream. The spec should either: - Explicitly acknowledge that implementing this contract requires updating all `is_local_mode` call sites, **or** - Add a brief note such as: *"Note: this converts `is_local_mode` from a static method to an instance property — call sites must be updated accordingly."* This is not a blocker on the spec change itself, but it must be documented before the downstream code PR (fix for #7373) is submitted. --- #### 4. Vague Scope — "Any Other Service" The new contract text reads: > "`PermissionService` (and any other service that gates behavior on deployment mode) MUST cache the mode at construction time" The phrase "any other service" is underspecified. If there are other known services in the codebase that currently read deployment mode dynamically, they should be named here (or cross-referenced). If there are none currently, the spec should say "and any future service" to make the forward-looking nature explicit. As written, an implementor cannot know whether they need to search for and fix additional services without reading the full codebase. **Suggested wording:** > "`PermissionService` (and any current or future service that gates behavior on deployment mode) MUST cache the mode at construction time." Non-blocking, but should be addressed before merge. --- #### 5. Implementation Helper Name Inconsistency (Non-blocking) The spec snippet names the helper `_read_server_mode_from_env()`, while the actual implementation (per issue #7373) uses `_is_server_mode()`. For a spec, illustrative code is acceptable, but a brief parenthetical such as `_read_server_mode_from_env()` *(or equivalent — see `_is_server_mode()` in the current implementation)* would prevent confusion for implementors. --- ### Summary | Item | Status | |---|---| | Spec content accuracy | ✅ LGTM | | TOCTOU analysis correctness | ✅ LGTM | | Canonical implementation pattern | ✅ LGTM | | Commit message format | ✅ LGTM | | CI checks | ✅ Passing | | Closing keyword (`Closes #7373`) | ✅ Present | | `Type/Documentation` label | ✅ Applied | | Milestone matches linked issue | ❌ BLOCKING (v3.2.0 ≠ v3.5.0) | | Changelog updated | ❌ BLOCKING (missing) | | Interface change documented in spec | ⚠️ Should be addressed | | "Any other service" scope clarified | ⚠️ Should be clarified | **Two blocking items must be resolved before merge.** Once addressed, this PR is ready to approve — the specification content is correct and the security contract is well-articulated. --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer
HAL9001 requested changes 2026-04-13 03:25:55 +00:00
Dismissed
HAL9001 left a comment
Copy link

Review Summary

  • Thanks for tightening the spec language around caching deployment mode at initialization time.
  • Verified this PR is documentation-only and the latest commit (0dc96ab6b1) has a fully green CI matrix.

Checklist

  • CI status: all checks succeeded for 0dc96ab6b1.
  • Conventional commit format: docs(spec): clarify security mode must be cached at initialization time.
  • PR description includes Closes #7373.
  • Type label present (Type/Documentation).
  • Docs-only change — changelog update not required.
  • Milestone alignment: Issue #7373 remains assigned to milestone v3.5.0 while this PR is on v3.2.0. CONTRIBUTING.md §Pull Request Process #11 requires the PR and its primary linked issue to share the same milestone.

Required Change

  1. Align the PR milestone with issue #7373. Either move this PR to v3.5.0 or retarget the issue to v3.2.0, but they must match before this can merge.

Suggestions (non-blocking)

  • Consider clarifying the phrase "any other service" to "any current or future service that gates behavior on deployment mode" so implementors understand the scope.
  • The illustrative helper _read_server_mode_from_env() could mention it corresponds to the existing _is_server_mode() helper to avoid confusion.

Testing

  • Not run (documentation-only change)

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer

## Review Summary - Thanks for tightening the spec language around caching deployment mode at initialization time. - Verified this PR is documentation-only and the latest commit (0dc96ab6b1a6ea39eddbfc55fc50f1e725798054) has a fully green CI matrix. ### Checklist - ✅ CI status: all checks succeeded for 0dc96ab6b1a6ea39eddbfc55fc50f1e725798054. - ✅ Conventional commit format: `docs(spec): clarify security mode must be cached at initialization time`. - ✅ PR description includes `Closes #7373`. - ✅ Type label present (`Type/Documentation`). - ✅ Docs-only change — changelog update not required. - ❌ Milestone alignment: Issue #7373 remains assigned to milestone **v3.5.0** while this PR is on **v3.2.0**. CONTRIBUTING.md §Pull Request Process #11 requires the PR and its primary linked issue to share the same milestone. ### Required Change 1. Align the PR milestone with issue #7373. Either move this PR to **v3.5.0** or retarget the issue to **v3.2.0**, but they must match before this can merge. ### Suggestions (non-blocking) - Consider clarifying the phrase "any other service" to "any current or future service that gates behavior on deployment mode" so implementors understand the scope. - The illustrative helper `_read_server_mode_from_env()` could mention it corresponds to the existing `_is_server_mode()` helper to avoid confusion. ### Testing - Not run (documentation-only change) --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer
HAL9001 requested changes 2026-04-13 04:02:56 +00:00
Dismissed
HAL9001 left a comment
Copy link

Review Summary

The clarification in the security section reads well and directly addresses the TOCTOU vulnerability described in #7373. Thank you for capturing the caching contract explicitly in the spec.

Blocking Issues

  1. Milestone mismatch – The PR is targeted at milestone v3.2.0, while issue #7373 is assigned to v3.5.0. The contributing guidelines require the PR and its linked issue to share the same milestone. Please align one side so they match.
  2. Missing CHANGELOG entry – Contributing guidance mandates a CHANGELOG update for every PR. Please add a brief note under the appropriate release section summarizing this security-spec clarification.
  3. Missing CONTRIBUTORS update – The checklist also calls for updating CONTRIBUTORS.md. Please add yourself (or the responsible author) in the correct alphabetical slot.

Once those items are addressed, I’ll be happy to take another look.

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer

## Review Summary The clarification in the security section reads well and directly addresses the TOCTOU vulnerability described in #7373. Thank you for capturing the caching contract explicitly in the spec. ## Blocking Issues 1. **Milestone mismatch** – The PR is targeted at milestone `v3.2.0`, while issue #7373 is assigned to `v3.5.0`. The contributing guidelines require the PR and its linked issue to share the same milestone. Please align one side so they match. 2. **Missing CHANGELOG entry** – Contributing guidance mandates a CHANGELOG update for every PR. Please add a brief note under the appropriate release section summarizing this security-spec clarification. 3. **Missing CONTRIBUTORS update** – The checklist also calls for updating `CONTRIBUTORS.md`. Please add yourself (or the responsible author) in the correct alphabetical slot. Once those items are addressed, I’ll be happy to take another look. --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer
HAL9001 requested changes 2026-04-14 06:14:17 +00:00
HAL9001 left a comment
Copy link

Review Summary

  • Thank you for adding the security-mode initialization contract; the TOCTOU context and canonical caching pattern are clearly explained and well placed in the Security Model section.

Blocking Issues

  1. Milestone mismatch — blocking: This PR’s milestone is set to v3.2.0 while the linked issue #7373 remains on v3.5.0. CONTRIBUTING.md §Pull Request Process item 11 requires the PR and its linked issues to share the same milestone. Please align the milestone before we can approve.
  2. Changelog entry missing — blocking: The diff only touches docs/specification.md; there is no corresponding update to CHANGELOG.md. CONTRIBUTING.md §Pull Request Process item 6 mandates adding a changelog entry for every PR. Please add an entry summarizing this clarification.

Suggestions (non-blocking)

  • Consider rephrasing "any other service that gates behavior on deployment mode" to "any current or future service ..." so the required scope is unambiguous to implementors.
  • The illustrative helper is named _read_server_mode_from_env(), while the current implementation uses _is_server_mode(). A parenthetical note mapping the names would avoid confusion when engineers cross-reference the code.

Testing

  • Not run (documentation-only change)

Automated by CleverAgents Bot
Supervisor: PR Review Pool | Agent: pr-reviewer [AUTO-REV-7385]

## Review Summary - Thank you for adding the security-mode initialization contract; the TOCTOU context and canonical caching pattern are clearly explained and well placed in the Security Model section. ### Blocking Issues 1. **Milestone mismatch — blocking**: This PR’s milestone is set to **v3.2.0** while the linked issue [#7373](https://git.cleverthis.com/cleveragents/cleveragents-core/issues/7373) remains on **v3.5.0**. CONTRIBUTING.md §Pull Request Process item 11 requires the PR and its linked issues to share the same milestone. Please align the milestone before we can approve. 2. **Changelog entry missing — blocking**: The diff only touches `docs/specification.md`; there is no corresponding update to `CHANGELOG.md`. CONTRIBUTING.md §Pull Request Process item 6 mandates adding a changelog entry for every PR. Please add an entry summarizing this clarification. ### Suggestions (non-blocking) - Consider rephrasing "any other service that gates behavior on deployment mode" to "any current or future service ..." so the required scope is unambiguous to implementors. - The illustrative helper is named `_read_server_mode_from_env()`, while the current implementation uses `_is_server_mode()`. A parenthetical note mapping the names would avoid confusion when engineers cross-reference the code. ### Testing - Not run (documentation-only change) --- **Automated by CleverAgents Bot** Supervisor: PR Review Pool | Agent: pr-reviewer [AUTO-REV-7385] ---
HAL9000 scheduled this pull request to auto merge when all checks succeed 2026-04-14 17:29:47 +00:00
freemo closed this pull request 2026-04-15 15:45:27 +00:00
All checks were successful
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / build (pull_request) Successful in 38s
Required
Details
CI / lint (pull_request) Successful in 39s
Required
Details
CI / quality (pull_request) Successful in 38s
Required
Details
CI / helm (pull_request) Successful in 35s
Details
CI / push-validation (pull_request) Successful in 38s
Details
CI / typecheck (pull_request) Successful in 56s
Required
Details
CI / security (pull_request) Successful in 1m2s
Required
Details
CI / e2e_tests (pull_request) Successful in 3m22s
Details
CI / unit_tests (pull_request) Successful in 6m33s
Required
Details
CI / integration_tests (pull_request) Successful in 6m38s
Required
Details
CI / docker (pull_request) Successful in 32s
Required
Details
CI / coverage (pull_request) Successful in 11m32s
Required
Details
CI / status-check (pull_request) Successful in 1s
Details
CI / benchmark-regression (pull_request) Successful in 59m27s
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
HAL9001
Labels
Clear labels   
auto/needs-reevaluation
Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  
controller-managed
Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  
auto/blocked-by-deps
PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  
auto/ci-timeout
Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  
auto/claimed-implementer
Currently being processed by an implementer worker.

  
auto/claimed-merge
Currently being processed by the merge driver.

  
auto/claimed-reviewer
Currently being processed by a reviewer worker.

  
auto/driver-down
Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  
auto/invariant-violation
Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  
auto/last-attempt-tier-0
In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-1
In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-2
In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  
auto/last-attempt-tier-min
In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  
Automation Tracking
Tracking issues used by the AI Automation system for agents to communicate and report.

  
auto/needs-conflict-resolution
Rebase conflict needs LLM conflict-resolver.

  
auto/needs-implementer
Failing CI needs implementer attention.

  
auto/postmortem
Documenting a driver incident or rollback.

  
auto/ready-to-merge
Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  
auto/restart-throttled
Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  
auto/revert
Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  
auto/sentinel
Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  
auto/stale-inactivity
No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  
auto/unstable
Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  
Blocked
A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
 A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
 A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
 A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
 A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
 A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
 A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
 A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
 A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
 A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
 A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
 Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
 Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
 Should have feature in order to satisfy the epic/legendary.

  
Needs Feedback
There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
 1 man-hours worth of work for an expert with no learning curve.

  
Points
13
 13 man-hours worth of work for an expert with no learning curve.

  
Points
2
 2 man-hours worth of work for an expert with no learning curve.

  
Points
21
 21 man-hours worth of work for an expert with no learning curve.

  
Points
3
 3 man-hours worth of work for an expert with no learning curve.

  
Points
34
 34 man-hours worth of work for an expert with no learning curve.

  
Points
5
 5 man-hours worth of work for an expert with no learning curve.

  
Points
55
 55 man-hours worth of work for an expert with no learning curve.

  
Points
8
 8 man-hours worth of work for an expert with no learning curve.

  
Points
88
 88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
 This ticket has backlogged priority and is not to be worked on yet

  
Priority
CI Blocker
 Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Signed-off: Owner
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike
A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
 The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
 A ticket that represents the same content as an existing ticket.

  
State
In Progress
 A ticket that is actively being developed.

  
State
In Review
 A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
 This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
 All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
 The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
 This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Automation
 Any edits or discussion about the AI automated coding system.

  
Type
Bug
 Something that doesnt work as intended.

  
Type
Discussion
 Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
 An error or improvement needed in the documentation.

  
Type
Epic
 Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
 Some new functionality not present.

  
Type
Legendary
 A type of Epic which will contain other Epics.

  
Type
Refactor
 A code change that restructures existing code without changing its external behavior.

  
Type
Support
 Someone needs help using the project.

  
Type
Task
 A generic task that doesnt fit into the other type categories.

  
Type
Testing
 Work exclusively focusing on fixing or expanding testing.

No labels
auto/needs-reevaluation
controller-managed
auto/blocked-by-deps
auto/ci-timeout
auto/claimed-implementer
auto/claimed-merge
auto/claimed-reviewer
auto/driver-down
auto/invariant-violation
auto/last-attempt-tier-0
auto/last-attempt-tier-1
auto/last-attempt-tier-2
auto/last-attempt-tier-min
Automation Tracking
auto/needs-conflict-resolution
auto/needs-implementer
auto/postmortem
auto/ready-to-merge
auto/restart-throttled
auto/revert
auto/sentinel
auto/stale-inactivity
auto/unstable
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs Feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
CI Blocker
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Automation
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Refactor
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
v3.2.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
cleveragents/cleveragents-core!7385
No description provided.