Skip to content

fix(sec-core): resolve Skill Ledger FUSE and unmanaged roots#1141

Merged
edonyzpc merged 5 commits into
alibaba:mainfrom
1570005763:codex/skill-ledger-user-decision
Jun 26, 2026
Merged

fix(sec-core): resolve Skill Ledger FUSE and unmanaged roots#1141
edonyzpc merged 5 commits into
alibaba:mainfrom
1570005763:codex/skill-ledger-user-decision

Conversation

@1570005763

Copy link
Copy Markdown
Collaborator

Description

Fix Skill Ledger runtime exposure for SkillFS/FUSE-visible skill paths and unmanaged skill roots.

  • resolve user-visible FUSE paths to the managed source/backing root before running live-root checks or writing activation state
  • keep default skill directories out of live-root source resolution so FUSE views are not trusted as managed roots
  • make skill-ledger show return an unmanaged diagnostic with exit 0 for roots the current daemon cannot manage
  • keep hooks silent for unmanaged roots because message is null, while preserving normal risk prompts for managed roots

Related Issue

closes #1115

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional change)
  • Performance improvement
  • CI/CD or build changes

Scope

  • cosh (copilot-shell)
  • sec-core (agent-sec-core)
  • skill (os-skills)
  • sight (agentsight)
  • tokenless (tokenless)
  • ckpt (ws-ckpt)
  • memory (agent-memory)
  • anolisa (anolisa-cli)
  • skillfs (SkillFS)
  • Multiple / Project-wide

Checklist

  • I have read the Contributing Guide
  • My code follows the project's code style
  • I have added tests that prove my fix is effective or that my feature works
  • I have updated the documentation accordingly
  • For cosh: Lint passes, type check passes, and tests pass
  • For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
  • For sec-core (Python): Ruff format and pytest pass
  • For skill: Skill directory structure is valid and shell scripts pass syntax check
  • For sight: cargo clippy -- -D warnings and cargo fmt --check pass
  • For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
  • For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
  • For anolisa: cargo clippy --all-targets --locked -- -D warnings, cargo fmt --all --check, and cargo test --locked pass
  • For skillfs: cargo fmt --all --check, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace pass
  • Lock files are up to date (package-lock.json / Cargo.lock)

Testing

  • uv run --project src/agent-sec-core/agent-sec-cli pytest src/agent-sec-core/tests/unit-test/skill_ledger src/agent-sec-core/tests/integration-test/skill-ledger/test_skill_ledger_integration.py src/agent-sec-core/tests/unit-test/security_middleware/backends/test_skill_ledger_backend.py src/agent-sec-core/tests/unit-test/cosh_hooks/test_skill_ledger_hook.py src/agent-sec-core/tests/unit-test/hermes-plugin/test_skill_ledger.py src/agent-sec-core/tests/unit-test/daemon/test_skill_ledger_activation.py -q
  • make python-code-pretty from src/agent-sec-core
  • uv run --project src/agent-sec-core/agent-sec-cli ruff check --config src/agent-sec-core/agent-sec-cli/pyproject.toml src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/core/live_root.py src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/core/decision.py src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/skill_ledger/config.py
  • git diff --check

Additional Notes

This PR intentionally leaves SkillFS activation schema unchanged and keeps SkillFS unaware of scan status or user decisions.

@github-actions github-actions Bot added the component:sec-core src/agent-sec-core/ label Jun 25, 2026
@1570005763 1570005763 requested a review from casparant as a code owner June 26, 2026 02:55
@1570005763 1570005763 requested a review from edonyzpc June 26, 2026 02:58

@edonyzpc edonyzpc left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@edonyzpc edonyzpc merged commit 499ce94 into alibaba:main Jun 26, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:sec-core src/agent-sec-core/

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[skillfs] SkillFS: restrict .skill-meta access to trusted processes and expose live metadata for trusted access

2 participants