fix(squad): gate cross-squad agent @mentions on squad-assigned issues#67
Merged
Merged
Conversation
Agent-authored comments on squad-assigned issues could @mention any workspace agent the leader discovered via the A2A-bypassed `multica agent list` and silently dispatch to an outside-squad agent — the visible label canonicalized to whichever agent the leader picked, but the dispatch was never the leader's own squad members. Three layers, all server-side: - enqueueMentionedAgentTasks drops agent @mentions whose UUID is neither in squad_member nor the squad's LeaderID, with a slog.Warn. Member-authored comments and @squad mentions bypass the gate. - ListAgents honors a new ?scope=task_squad hint, narrowing the response to the issue's squad iff the request comes from an agent actor on a real leader task. No-op everywhere else. - multica agent list passes the hint by default inside a daemon-managed agent task; --all opts out. squadOperatingProtocol calls out both the silent drop and the agent-list ban so leaders stop reaching outside the roster in the first place. Tests cover gate negative / positive / leader fallback / member-author bypass / mixed-mention per-mention behavior; server scope filter on/off; CLI flag wiring with and without agent context. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the "leader silently dispatches outside the roster" failure mode the 4-layer mention canonicalization couldn't reach: that defense only enforced
label = UUID, not "is this UUID the right one to pick at all". When a squad leader (LLM, agent actor) calledmultica agent listto discover collaborators, the A2A bypass returned every workspace agent, the leader picked a same-role agent from a different squad, the canonicalized label matched perfectly — and the task got enqueued for the wrong squad's worker.enqueueMentionedAgentTasks) — onassignee_type='squad'issues with an agent author, agent-typed @mentions whose UUID is neither insquad_membernor the squad'sLeaderIDare dropped with aslog.Warn. The leader fallback covers legacy squads that predateCreateSquad's autosquad_memberinsert; transient DB errors fail open so a Postgres hiccup can't wedge legitimate dispatch.ListAgents+ newtaskSquadMemberSet) — opt-in?scope=task_squadquery param narrows the response to the issue's squad iff the request comes from an agent actor on a real leader task. No-op for member actors, worker tasks, agent-assigned issues, and one-off CLI calls.multica agent list) — passes?scope=task_squadwheneverMULTICA_AGENT_ID/MULTICA_TASK_IDare set;--allopts back into the workspace-wide view.squadOperatingProtocolnow explicitly tells the leader the server silently drops out-of-roster mentions and forbids themultica agent listdiscovery shortcut.Member-authored comments and
@squadmentions intentionally bypass the gate — humans keep their agency, and squad routing already goes through the target squad's leader.Test plan
go test ./internal/handler/— full handler suite (10s)go test ./cmd/multica/— CLI suite (3s)go test -run "TestEnqueueMentionedAgentTasks_SquadAssigned" -v— 5/5go test -run "TestListAgents_TaskSquadScope" -v— 3/3go test -run "TestRunAgentList_" -v— 3/3 (CLI flag wiring)go test -run "TestBuildSquadLeaderBriefing" -v— 5/5 (incl. newOutOfRosterGuardClauses)go build ./...+go vet ./...cleanUnknown Agent/ 张桐 worker🤖 Generated with Claude Code