feat(guard): native MCP transport binding and contaminated-review quarantine (Closes #695)

Bind mutation/credential paths to a process-local native MCP runtime so env
spoofing, direct imports, and offline helpers cannot reconstruct session gates
after native transport failure. Quarantine contaminated formal reviews under
controller authority and honor quarantine in review feedback, merge eligibility,
merge mutation, and canonical handoff validation. Add regression coverage for
the second (PR #694 / review 427) incident class.
This commit is contained in:
2026-07-13 05:57:42 -04:00
parent 237656702f
commit a1e5c33bfc
16 changed files with 1538 additions and 86 deletions
+21
View File
@@ -386,6 +386,27 @@ def assess_canonical_comment(
if not related or related.lower() in {"none", "n/a", "-"}:
missing.append("RELATED_PRS")
# #695 AC7: untrusted / offline approval claims cannot certify merger handoff.
try:
import review_quarantine as _rq
for claim_reason in _rq.assess_untrusted_canonical_approval_claim(text):
extra.append(claim_reason)
except Exception:
# Fail closed on import/runtime errors for approval-shaped claims only.
lower = text.lower()
if (
"state:\napproved" in lower
or "who_is_next:\nmerger" in lower
or "merge_ready: true" in lower
or "merge_ready:\ntrue" in lower
or "ready-to-merge" in lower
):
extra.append(
"canonical approval/merge-ready claim could not be verified "
"for native review proof (#695 AC7; fail closed)"
)
allowed = not missing and not vague and not extra
correction = ""
if not allowed: