Skip to content

Fix scope guard false positives on system paths#49

Open
AnExiledDev wants to merge 8 commits intomainfrom
fix/scope-guard-false-positives
Open

Fix scope guard false positives on system paths#49
AnExiledDev wants to merge 8 commits intomainfrom
fix/scope-guard-false-positives

Conversation

@AnExiledDev
Copy link
Owner

@AnExiledDev AnExiledDev commented Mar 5, 2026

Summary

  • Scope guard now only enforces isolation between workspace projects — paths outside /workspaces/ (/dev/null, /usr/, /etc/, $HOME/) are no longer blocked
  • Removes complex system-command exemption logic (SYSTEM_COMMANDS, SYSTEM_PATH_PREFIXES, ALLOWED_PREFIXES, is_allowlisted()) — replaced by a single is_outside_workspace() check
  • Adds TestIsOutsideWorkspace test class and updates bash scope test cases

Root cause: The guard treated every resolved path not under cwd as a violation, with a fragile allowlist/system-command exemption that missed common patterns like command 2>/dev/null.

Fix principle: If a resolved path doesn't start with /workspaces/, it's outside this guard's jurisdiction. Other guards (dangerous-command-blocker, protected-files-guard) handle system security.

Test plan

  • All 51 tests pass (python -m pytest tests/plugins/test_guard_workspace_scope.py -v)
  • command 2>/dev/null — allowed
  • echo x > /usr/local/bin/foo — allowed
  • Cross-project access (e.g. writing to /workspaces/other/) — still blocked
  • Blacklist (/workspaces/.devcontainer/) — still enforced

@AnExiledDev
Harden scope guard for worktrees and throttle Stop hook reminders
1dad59f 
Scope guard: resolve CWD with realpath to prevent symlink mismatches,
detect .claude/worktrees/ and expand scope to project root so sibling
worktrees aren't blocked, and improve error messages with resolved paths.

Stop hooks: add 5-minute per-session cooldown to commit-reminder and
spec-reminder to prevent repeated firing in team/agent scenarios.
@AnExiledDev
Fix scope guard blocking project root from subdirectory CWDs
2f0736e 
resolve_scope_root() now walks up from CWD looking for .git to find the
repository root, preventing false positives when working in subdirectories
like cli/, src/, or tests/. Safety ceiling at /workspaces prevents scope
from escaping the workspace boundary.
@AnExiledDev
Restructure as monorepo: move container to subdirectory
6f9de02 
Move .git/ to project root so the entire workspace is tracked in a
single repository. Git detects all container-root files as renames
into the container/ subdirectory. Root-level files (.github/,
LICENSE.txt, CLA.md, CONTRIBUTING.md, .gitattributes) remain at the
repository root. The docs/ package was already tracked at docs/ and
is unaffected by this change.

This is a structural reorganization — no code changes.
@AnExiledDev
Add cli package to monorepo
f2430e9 
Add codeforge-cli v0.1.0 (Bun/TypeScript) — a CLI for CodeForge
development workflows including session search, plan management,
and task tracking. The docs package was already tracked from the
previous repository structure.
@AnExiledDev
Update CI, configs, and docs for monorepo structure
2645ee1 
CI workflows:
- Add working-directory: container to all container job steps
- Add path filters (container/**, cli/**) to trigger workflows selectively
- Add test-cli job using Bun for CLI package
- Update changelog/package.json paths for container subdirectory
- Update devcontainer feature publish paths

Config:
- Add repository.directory to container and cli package.json
- Remove docs:* scripts from container (docs is now a sibling package)
- Simplify container/.gitignore (root handles shared patterns)
- Update dependabot directories for monorepo layout

Docs:
- Add root README.md with monorepo overview and package table
- Add root CLAUDE.md with branching strategy and dev rules
- Update container/CLAUDE.md to reference root for shared rules
@AnExiledDev
Fix docs changelog sync path for monorepo structure
c763769 
Update sync-changelog.mjs to read from container/.devcontainer/CHANGELOG.md
instead of the old .devcontainer/CHANGELOG.md path. Regenerate the docs
changelog page with updated source reference.
@AnExiledDev
Fix scope guard false positives on system paths
a70105c 
Scope guard now only enforces isolation between workspace projects.
Paths outside the workspace (e.g. /dev/null, /usr/, /etc/) are not
this guard's jurisdiction — other guards handle system-level security.
Removes the complex system-command exemption logic that was insufficient
and fragile.
@coderabbitai
Copy link

coderabbitai bot commented Mar 5, 2026
edited
Loading

Important

Review skipped

Too many files!

This PR contains 299 files, which is 149 over the limit of 150.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9223ff76-d1cf-4016-9b4e-a63befe90d07

📥 Commits

Reviewing files that changed from the base of the PR and between 05f0f0c and cab5728.

⛔ Files ignored due to path filters (1)
  • cli/bun.lock is excluded by !**/*.lock
📒 Files selected for processing (299)
  • .devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/inject-workspace-cwd.py
  • .github/dependabot.yml
  • .github/workflows/ci.yml
  • .github/workflows/deploy-docs.yml
  • .github/workflows/docs-ci.yml
  • .github/workflows/publish-features.yml
  • .github/workflows/release.yml
  • .gitignore
  • CLAUDE.md
  • README.md
  • cli/package.json
  • cli/src/commands/plan/search.ts
  • cli/src/commands/session/list.ts
  • cli/src/commands/session/search.ts
  • cli/src/commands/session/show.ts
  • cli/src/commands/task/search.ts
  • cli/src/index.ts
  • cli/src/loaders/history-loader.ts
  • cli/src/loaders/plan-loader.ts
  • cli/src/loaders/session-meta.ts
  • cli/src/loaders/task-loader.ts
  • cli/src/output/json.ts
  • cli/src/output/plan-text.ts
  • cli/src/output/session-list.ts
  • cli/src/output/session-show.ts
  • cli/src/output/stats.ts
  • cli/src/output/task-text.ts
  • cli/src/output/text.ts
  • cli/src/schemas/history.ts
  • cli/src/schemas/plan.ts
  • cli/src/schemas/session-message.ts
  • cli/src/schemas/task.ts
  • cli/src/search/engine.ts
  • cli/src/search/filter.ts
  • cli/src/search/query-parser.ts
  • cli/src/utils/glob.ts
  • cli/src/utils/time.ts
  • cli/tests/engine.test.ts
  • cli/tests/filter.test.ts
  • cli/tests/fixtures/plans/test-plan.md
  • cli/tests/fixtures/sample.jsonl
  • cli/tests/fixtures/session-data/history.jsonl
  • cli/tests/fixtures/session-data/session-with-meta.jsonl
  • cli/tests/fixtures/tasks/test-team/1.json
  • cli/tests/fixtures/tasks/test-team/2.json
  • cli/tests/plan-search.test.ts
  • cli/tests/query-parser.test.ts
  • cli/tests/session-list.test.ts
  • cli/tests/session-meta.test.ts
  • cli/tests/session-show.test.ts
  • cli/tests/task-search.test.ts
  • cli/tests/test_bun_tests_pass.py
  • cli/tests/time.test.ts
  • cli/tsconfig.json
  • container/.codeforge/config/ccstatusline-settings.json
  • container/.codeforge/config/keybindings.json
  • container/.codeforge/config/main-system-prompt.md
  • container/.codeforge/config/orchestrator-system-prompt.md
  • container/.codeforge/config/rules/session-search.md
  • container/.codeforge/config/rules/spec-workflow.md
  • container/.codeforge/config/rules/workspace-scope.md
  • container/.codeforge/config/settings.json
  • container/.codeforge/config/writing-system-prompt.md
  • container/.codeforge/file-manifest.json
  • container/.codeforge/scripts/connect-external-terminal.ps1
  • container/.codeforge/scripts/connect-external-terminal.sh
  • container/.devcontainer/.env.example
  • container/.devcontainer/.gitignore
  • container/.devcontainer/.secrets.example
  • container/.devcontainer/CHANGELOG.md
  • container/.devcontainer/CLAUDE.md
  • container/.devcontainer/README.md
  • container/.devcontainer/devcontainer.json
  • container/.devcontainer/features/agent-browser/README.md
  • container/.devcontainer/features/agent-browser/devcontainer-feature.json
  • container/.devcontainer/features/agent-browser/install.sh
  • container/.devcontainer/features/ast-grep/README.md
  • container/.devcontainer/features/ast-grep/devcontainer-feature.json
  • container/.devcontainer/features/ast-grep/install.sh
  • container/.devcontainer/features/biome/README.md
  • container/.devcontainer/features/biome/devcontainer-feature.json
  • container/.devcontainer/features/biome/install.sh
  • container/.devcontainer/features/ccburn/README.md
  • container/.devcontainer/features/ccburn/devcontainer-feature.json
  • container/.devcontainer/features/ccburn/install.sh
  • container/.devcontainer/features/ccms/README.md
  • container/.devcontainer/features/ccms/devcontainer-feature.json
  • container/.devcontainer/features/ccms/install.sh
  • container/.devcontainer/features/ccstatusline/README.md
  • container/.devcontainer/features/ccstatusline/devcontainer-feature.json
  • container/.devcontainer/features/ccstatusline/install.sh
  • container/.devcontainer/features/ccusage/README.md
  • container/.devcontainer/features/ccusage/devcontainer-feature.json
  • container/.devcontainer/features/ccusage/install.sh
  • container/.devcontainer/features/chromaterm/README.md
  • container/.devcontainer/features/chromaterm/chromaterm.yml
  • container/.devcontainer/features/chromaterm/devcontainer-feature.json
  • container/.devcontainer/features/chromaterm/install.sh
  • container/.devcontainer/features/claude-code-native/README.md
  • container/.devcontainer/features/claude-code-native/devcontainer-feature.json
  • container/.devcontainer/features/claude-code-native/install.sh
  • container/.devcontainer/features/claude-monitor/README.md
  • container/.devcontainer/features/claude-monitor/devcontainer-feature.json
  • container/.devcontainer/features/claude-monitor/install.sh
  • container/.devcontainer/features/claude-session-dashboard/README.md
  • container/.devcontainer/features/claude-session-dashboard/devcontainer-feature.json
  • container/.devcontainer/features/claude-session-dashboard/install.sh
  • container/.devcontainer/features/dprint/README.md
  • container/.devcontainer/features/dprint/devcontainer-feature.json
  • container/.devcontainer/features/dprint/install.sh
  • container/.devcontainer/features/hadolint/README.md
  • container/.devcontainer/features/hadolint/devcontainer-feature.json
  • container/.devcontainer/features/hadolint/install.sh
  • container/.devcontainer/features/kitty-terminfo/README.md
  • container/.devcontainer/features/kitty-terminfo/devcontainer-feature.json
  • container/.devcontainer/features/kitty-terminfo/install.sh
  • container/.devcontainer/features/lsp-servers/README.md
  • container/.devcontainer/features/lsp-servers/devcontainer-feature.json
  • container/.devcontainer/features/lsp-servers/install.sh
  • container/.devcontainer/features/mcp-qdrant/CHANGES.md
  • container/.devcontainer/features/mcp-qdrant/README.md
  • container/.devcontainer/features/mcp-qdrant/devcontainer-feature.json
  • container/.devcontainer/features/mcp-qdrant/install.sh
  • container/.devcontainer/features/mcp-qdrant/poststart-hook.sh
  • container/.devcontainer/features/notify-hook/README.md
  • container/.devcontainer/features/notify-hook/devcontainer-feature.json
  • container/.devcontainer/features/notify-hook/install.sh
  • container/.devcontainer/features/ruff/README.md
  • container/.devcontainer/features/ruff/devcontainer-feature.json
  • container/.devcontainer/features/ruff/install.sh
  • container/.devcontainer/features/shellcheck/README.md
  • container/.devcontainer/features/shellcheck/devcontainer-feature.json
  • container/.devcontainer/features/shellcheck/install.sh
  • container/.devcontainer/features/shfmt/README.md
  • container/.devcontainer/features/shfmt/devcontainer-feature.json
  • container/.devcontainer/features/shfmt/install.sh
  • container/.devcontainer/features/tmux/README.md
  • container/.devcontainer/features/tmux/devcontainer-feature.json
  • container/.devcontainer/features/tmux/install.sh
  • container/.devcontainer/features/tree-sitter/README.md
  • container/.devcontainer/features/tree-sitter/devcontainer-feature.json
  • container/.devcontainer/features/tree-sitter/install.sh
  • container/.devcontainer/plugins/devs-marketplace/.claude-plugin/marketplace.json
  • container/.devcontainer/plugins/devs-marketplace/.gitignore
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/AGENT-REDIRECTION.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/REVIEW-RUBRIC.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/architect.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/bash-exec.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/claude-guide.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/debug-logs.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/dependency-analyst.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/documenter.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/explorer.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/generalist.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/git-archaeologist.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/implementer.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/investigator.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/migrator.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/perf-profiler.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/refactorer.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/researcher.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/security-auditor.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/spec-writer.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/statusline-config.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/test-writer.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/guard-readonly-bash.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/inject-cwd.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/redirect-builtin-agents.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/task-completed-check.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/teammate-idle-check.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/verify-no-regression.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/verify-tests-pass.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/agent-system/skills/debug/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/scripts/advisory-test-runner.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/scripts/collect-edited-files.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/scripts/format-on-stop.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/scripts/lint-file.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/scripts/syntax-validator.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/codeforge-lsp/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/codeforge-lsp/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/scripts/block-dangerous.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/git-workflow/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/git-workflow/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/git-workflow/skills/pr-review/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/git-workflow/skills/ship/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/notify-hook/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/notify-hook/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/notify-hook/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/prompt-snippets/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/prompt-snippets/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/prompt-snippets/skills/ps/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/scripts/guard-protected-bash.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/scripts/guard-protected.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/scripts/collect-session-edits.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/scripts/commit-reminder.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/scripts/git-state-injector.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/session-context/scripts/todo-harvester.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/scripts/skill-suggester.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/api-design/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/api-design/references/error-handling.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/api-design/references/rest-conventions.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/ast-grep-patterns/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/ast-grep-patterns/references/language-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/claude-agent-sdk/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/claude-agent-sdk/references/sdk-typescript-reference.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/claude-code-headless/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/claude-code-headless/references/cli-flags-and-output.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/claude-code-headless/references/sdk-and-mcp.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/debugging/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/debugging/references/error-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/debugging/references/log-locations.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/dependency-management/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/dependency-management/references/ecosystem-commands.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/dependency-management/references/license-compliance.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker-py/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker-py/references/container-lifecycle.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker-py/references/resources-and-security.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker/references/compose-services.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/docker/references/dockerfile-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/documentation-patterns/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/documentation-patterns/references/api-doc-templates.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/documentation-patterns/references/docstring-formats.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/fastapi/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/fastapi/references/middleware-and-lifespan.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/fastapi/references/pydantic-models.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/fastapi/references/routing-and-dependencies.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/fastapi/references/sse-and-streaming.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/git-forensics/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/git-forensics/references/advanced-commands.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/git-forensics/references/investigation-playbooks.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/migration-patterns/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/migration-patterns/references/javascript-migrations.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/migration-patterns/references/python-migrations.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/performance-profiling/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/performance-profiling/references/interpreting-results.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/performance-profiling/references/tool-commands.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/pydantic-ai/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/pydantic-ai/references/agents-and-tools.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/pydantic-ai/references/models-and-streaming.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/refactoring-patterns/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/refactoring-patterns/references/safe-transformations.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/refactoring-patterns/references/smell-catalog.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/security-checklist/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/security-checklist/references/owasp-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/security-checklist/references/secrets-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/skill-building/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/skill-building/references/cross-vendor-principles.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/skill-building/references/patterns-and-antipatterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/skill-building/references/skill-authoring-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/sqlite/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/sqlite/references/advanced-queries.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/sqlite/references/javascript-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/sqlite/references/python-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/sqlite/references/schema-and-pragmas.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/ai-sdk-svelte.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/component-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/layercake.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/migration-guide.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/runes-and-reactivity.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/spa-and-routing.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/svelte5/references/svelte-dnd-action.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/team/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/testing/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/testing/references/fastapi-testing.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/testing/references/svelte-testing.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/worktree/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/worktree/references/manual-worktree-commands.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/worktree/references/parallel-workflow-patterns.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/.claude-plugin/plugin.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/README.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/hooks/hooks.json
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/scripts/spec-reminder.py
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-build/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-build/references/review-checklist.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-check/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-init/SKILL.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-init/references/backlog-template.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-init/references/milestones-template.md
  • container/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-init/references/roadmap-template.md

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/scope-guard-false-positives

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Comment @coderabbitai help to get the list of available commands and usage tips.

@AnExiledDev
Remove system directory write blocks from dangerous-command-blocker
cab5728 
The redirect patterns matched text content inside command arguments
(e.g. PR body text containing example paths), causing false positives.
Write location enforcement is the scope guard's responsibility, not
the dangerous-command-blocker's.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AnExiledDev