RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge c34195aeb0 into 3bef43bc5a

This commit is contained in:
Jayesh Betala 2026-06-02 12:25:20 +05:30 committed by GitHub
parent 3bef43bc5a c34195aeb0
commit 203433c2d2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/one-way-doors.ts
View File

@ -65,7 +65,7 @@ const DESTRUCTIVE_PATTERNS: RegExp[] = [
// Credentials / auth — allow filler words ("the", "my") between verb and noun
/\brevoke\s+[\w\s]*\b(api key|token|credential|access key|password)\b/i,
/\breset\s+[\w\s]*\b(api key|token|password|credential)\b/i,
/\brotate\s+[\w\s]*\b(api key|token|secret|credential|access key)\b/i,
/\brotate\s+[\w\s]*\b(api key|token|secret|credential|access key|password)\b/i,
// Scope / architecture forks (reversible with effort — still deserve confirmation)
/\barchitectur(e|al)\s+(change|fork|shift|decision)\b/i,

13
test/plan-tune.test.ts
View File

@ -426,6 +426,19 @@ describe('one-way-doors classifier', () => {
}
});
test('rotate <credential> password is one-way (parity with revoke/reset)', () => {
const cases = [
'Rotate the database password?',
'rotate password for the service account',
];
for (const summary of cases) {
const result = classifyQuestion({ summary });
expect(result.oneWay).toBe(true);
expect(result.reason).toBe('keyword');
expect(result.matched).toBeDefined();
}
});
test('skill-category fallback fires for cso:approval and land-and-deploy:approval', () => {
expect(isOneWayDoor({ skill: 'cso', category: 'approval' })).toBe(true);
expect(isOneWayDoor({ skill: 'land-and-deploy', category: 'approval' })).toBe(true);