RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(learnings): fail closed when cross-project row lacks trusted field 

The --cross-project trust gate used a denylist (e.trusted === false), so
rows with no trusted field (legacy rows written before the field existed
in #988, hand-edited rows, or rows from other tools) were admitted because
undefined === false is false. Switch to an allowlist (e.trusted !== true)
to match the documented intent: cross-project learnings load only when
explicitly trusted. Current-format rows are unaffected.
This commit is contained in:
Jayesh Betala 2026-05-27 13:25:26 +05:30
parent a6fb31726c
commit b79a5281aa
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bin/gstack-learnings-search
View File

@ -90,10 +90,13 @@ for (const taggedLine of lines) {
const isCrossProject = sourceTag === 'cross';
e._crossProject = isCrossProject;
// Trust gate: cross-project learnings only loaded if trusted (user-stated)
// This prevents prompt injection from one project's AI-generated learnings
// silently influencing reviews in another project.
if (isCrossProject && e.trusted === false) continue;
// Trust gate: cross-project learnings only loaded if explicitly trusted
// (user-stated). This prevents prompt injection from one project's
// AI-generated learnings silently influencing reviews in another project.
// Fail closed: rows missing the trusted field (legacy entries written
// before the field existed, hand-edited rows, or rows from other tools)
// are treated as untrusted rather than admitted by default.
if (isCrossProject && e.trusted !== true) continue;
entries.push(e);
} catch {}