potiuk opened a new pull request, #495:
URL: https://github.com/apache/airflow-steward/pull/495
## Summary
Follow-up to #494 (the agent-guard `PreToolUse` dispatcher). Realises the
"**each skill owns its deterministic guards**" model on top of the discovery
mechanism that #494 shipped:
- **agent-guard now bundles only the two universal `git` hygiene guards** —
`commit-trailer` and `empty-rebase`. The engine, the `GuardContext` API,
and
`guards.d` discovery are unchanged.
- **Domain guards move to the skills that own them**, each an import-free
`guard(ctx)` file discovered at runtime:
- `skills/pr-management-triage/guards/mention.py` (denoise #491 — never
`@`-ping
a non-author in an author-directed comment; never `@`-mention in a
`gh pr edit --body` fold)
- `skills/pr-management-triage/guards/mark_ready.py` (Golden rule 1b)
- `skills/security-issue-fix/guards/security_language.py` (public-PR
scrubbing)
- **Wired once:** setup collects every `skills/*/guards/*.py` (plus the
engine's
bundled `guards.d`) into the adopter `.claude/hooks/guards.d/` and the
user-scope `~/.claude/scripts/guards.d/`. Adding/removing a skill's guard
is a
file in `guards.d` — **no `settings.json` change**.
## Type of change
- [x] Python package (`tools/*/`) — agent-guard slimmed to universal
built-ins
- [x] Skill change — `pr-management-triage` and `security-issue-fix` now
ship `guards/`
- [x] Cross-cutting / setup — adopt/upgrade/verify + isolated-setup
install/update collect skill guards
- [x] Documentation (`secure-agent-setup.md`, tool README "Contributing
guards")
## Test plan
- [x] `uv run --project tools/agent-guard pytest` — 50 tests.
`test_guards.py` covers the engine + the two bundled guards + discovery;
`test_skill_guards.py` exercises the **relocated** guards end-to-end through
the real `skills/*/guards` dirs via `STEWARD_GUARD_DIRS` (the same discovery
path an adopter uses), so it fails if a guard file is moved/renamed/broken.
- [x] ruff / ruff-format / mypy clean; `prek` workspace suite green on commit
- [x] `skill-and-tool-validate` + `check-workspace-members` green; all
cross-file links/anchors resolve
## RFC-AI-0004 compliance
- [x] **HITL** — guards block-with-reason + per-command override; never
mutate
- [x] **Sandbox** — no new host access
- [x] **Vendor neutrality** — guard code carries no project names;
ready-label is `$STEWARD_READY_LABEL`-configurable; security keyword list lives
with the security skill
- [x] **Conversational + correctable** — each guard overridable inline;
dispatcher disableable wholesale
- [x] **Write-access discipline** — strengthens it (deterministically blocks
autonomous pings / premature ready-labelling)
## Linked issues
<!-- Builds on #494. -->
## Notes for reviewers
- **Verify Check 8a / isolated-setup-update** now treat a *missing* skill
guard as "that skill's deterministic protection is silently inactive" — re-sync
via `/magpie-setup`.
- **Dogfooding in this repo:** skill guards live under `skills/*/guards/`
(not next to the hook script), so the framework's own `.claude/settings.json`
hook command must point discovery there via `STEWARD_GUARD_DIRS`. In an adopter
repo this isn't needed — setup collects them into the sibling `guards.d`.
- A guard file that fails to import is skipped (a broken contribution never
breaks the shell) — covered by a discovery test.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
