Skip to content

fix: isolate AI review secrets from pull request code#193

Merged
NianJiuZst merged 1 commit into
mainfrom
codex/ci-secret-isolation
Jul 14, 2026
Merged

fix: isolate AI review secrets from pull request code#193
NianJiuZst merged 1 commit into
mainfrom
codex/ci-secret-isolation

Conversation

@NianJiuZst

Copy link
Copy Markdown
Collaborator

Summary

  • run typecheck, tests, and lint in a separate job that has no repository secrets
  • keep the AI review job on the trusted base commit and provide the PR only as inert diff data
  • remove MINIMAX_API_KEY and Bash access from the secret-bearing review step
  • remove two stale unused test symbols so the newly enforced lint check is green

Root cause

The review job checked out the PR head, injected MINIMAX_API_KEY, allowed Bash, and instructed the agent to run the PR's tests. A same-repository branch could therefore execute attacker-controlled test code in the secret-bearing process.

Impact

PR code still receives normal automated checks, but it no longer executes in the job that holds the review provider credential and a pull-request write token. Live MiniMax smoke tests are intentionally removed from this untrusted workflow.

Validation

  • bun test — 376 passed
  • bun run typecheck
  • bun run lint — 0 errors
  • workflow YAML parse
  • confirmed the workflow contains neither MINIMAX_API_KEY nor Bash in the reviewer tool allowlist
  • git diff --check

@NianJiuZst NianJiuZst marked this pull request as ready for review July 14, 2026 10:38
@NianJiuZst NianJiuZst merged commit 5708a06 into main Jul 14, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant