Skip to content

add --self gate to /do:next: claim only issues you filed#97

Merged
atomantic merged 4 commits into
mainfrom
do-next-self-gate
Jun 29, 2026
Merged

add --self gate to /do:next: claim only issues you filed#97
atomantic merged 4 commits into
mainfrom
do-next-self-gate

Conversation

@atomantic

@atomantic atomantic commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Summary

Adds a --self / --no-self security flag to /do:next and a persistent self key to /do:config. When --self is on, /do:next --issues only claims GitHub issues whose author is the authenticated account (@me) and never considers an issue filed by anyone else — so on a shared/multi-contributor tracker the agent never picks up (or acts on the instructions embedded in) a third party's issue.

It's a hard security boundary applied to all three claim paths:

  • Auto-pick — filtered at the API via gh issue list --author "@me", so other people's issues never load.
  • --swarm batch — Phase A applies the same filter; the orchestrator's resolved self mode is threaded to each worker as an explicit --self/--no-self so a per-run override beats a saved default.
  • Explicit #<num> — the author is verified before claiming; an issue filed by someone else is refused, not overridden. This is the one skip a deliberate cherry-pick cannot cross.

Scoped to issues mode (PLAN.md items have no author) and GitHub (issue mode already is). Persist with /do:config --self (global or per-repo --project); --no-self overrides a saved default for one run.

Files: commands/do/next.md, commands/do/config.md, lib/review-config-defaults.md, README.md, .changelogs/NEXT.md.

Test plan

  • npm test — 156/156 pass (no code paths changed; these are prompt-instruction docs).
  • Local review gate + two-reviewer loop (claude, codex, series): both clean after fixes — corrected an override-summary contradiction, propagated the resolved self mode into swarm workers, and set ISSUE_NUM before the explicit-#num ownership check.
  • Flag/key consistency verified across argument-hints, the unknown-option error, --unset valid-keys lists, the show-config blocks, the README tables, and the lib precedence doc.

atomantic added 4 commits June 29, 2026 07:07
@atomantic
add --self gate to /do:next: claim only issues you filed
edec43c 
A security feature for issue mode: /do:next --issues --self restricts every
claim (auto-pick, --swarm batch, and explicit #num) to issues whose author is
the running gh account (@me), so on a shared tracker the agent never picks up
or acts on the instructions embedded in an issue filed by someone else.

Auto-pick filters others out at the API (--author @me); an explicit number for
another user's issue is refused, not overridden -- the one skip a deliberate
cherry-pick can't cross, because it's a security boundary not a curation
preference. Persisted via /do:config --self (global or per-project).
@atomantic
address review (claude): note --self exception in the explicit-#num o…
b60cdf8 
…verride summary
@atomantic
address review (codex): propagate resolved --self/--no-self into swar…
ff6c473 
…m workers so a per-run override beats the saved self default
@atomantic
address review (codex): set ISSUE_NUM before the explicit-#num --self…
1bf5088 
… ownership check so a fresh run doesn't read an empty var
@atomantic atomantic merged commit 141ab50 into main Jun 29, 2026
4 checks passed
@atomantic atomantic deleted the do-next-self-gate branch June 29, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@atomantic