Problem
Several security properties are currently conventions with no mechanical
enforcement: actions pinned to commit SHAs, no pull_request_target, no
secrets assigned to eval bindings in review components, downloaded binaries
checksum-verified (EnsureOxlint style).
Proposal
Add CI gates plus the matching agent rules:
- Run
zizmor over .github/workflows/ (unpinned actions,
pull_request_target, injection patterns, missing permissions).
- Custom checks zizmor does not cover: fail when an eval block under
.reviews/ or core/components/ assigns process.env.<SECRET> to a
binding, and when a component downloads a binary without an adjacent sha256
verification.
- Add the corresponding security rules to AGENTS.md so agents follow the
conventions the gates enforce.
Problem
Several security properties are currently conventions with no mechanical
enforcement: actions pinned to commit SHAs, no
pull_request_target, nosecrets assigned to eval bindings in review components, downloaded binaries
checksum-verified (
EnsureOxlintstyle).Proposal
Add CI gates plus the matching agent rules:
zizmorover.github/workflows/(unpinned actions,pull_request_target, injection patterns, missing permissions)..reviews/orcore/components/assignsprocess.env.<SECRET>to abinding, and when a component downloads a binary without an adjacent sha256
verification.
conventions the gates enforce.