Skip to content

Harden follow-up governance edges#302

Draft
heznpc wants to merge 1 commit into
mainfrom
codex/follow-up-lows
Draft

Harden follow-up governance edges#302
heznpc wants to merge 1 commit into
mainfrom
codex/follow-up-lows

Conversation

@heznpc

@heznpc heznpc commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Summary

  • harden HTTP Origin allow-list behavior for +origin network policies
  • fail closed for Foundation Models write-tool stubs until HITL/rate/audit routing exists
  • centralize synthetic AppEntity placeholder creation and hard-fail malformed app bundles
  • reject unknown workflow CLI flags instead of falling through to catalog output

Verification

  • npm test -- --runInBand tests/http-transport.test.js tests/cli-workflows.test.js tests/app-entities-source.test.js tests/foundation-models-bridge-source.test.js tests/bundle-app-source.test.js
  • earlier on this branch: full npm test, typecheck, gen checks, mcp validate, app build, app verify, widget builds, app verify intents fail-fast check

@heznpc
fix: harden follow-up governance edges
137fa08 
Tighten HTTP Origin checks, workflows CLI flag validation, and bundle verification.

Fail closed for Foundation Models write-tool stubs and centralize synthetic AppEntity placeholders.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@heznpc