vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-30 04:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

feat: add security triage gate for issue safety before agent processing (#734)

Browse source 
New issues are triaged by the security team before other workflows can
act on them. The triage agent checks for prompt injection, social
engineering, spam, and unsafe payloads — marking safe issues with
`safe-to-work`, closing malicious ones, or flagging unclear ones for
human review. Discovery and refactor workflows now require the
`safe-to-work` label in addition to their existing label requirements.

Co-authored-by: Sprite <noreply@sprites.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
L 2026-02-12 14:23:33 -08:00 committed by GitHub
parent 4d175ae6c7
commit 4924a7d5db
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 114 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/refactor.yml vendored
View file

@ -4,7 +4,7 @@ on:
schedule:
- cron: '*/5 * * * *'
issues:
types: [opened, reopened]
types: [opened, reopened, labeled]
workflow_dispatch:
concurrency:
@ -15,11 +15,12 @@ jobs:
trigger:
runs-on: ubuntu-latest
timeout-minutes: 90
# Only trigger on bug or cli issues (or schedule/manual)
# Only trigger on issues with safe-to-work AND (bug or cli) labels, or schedule/manual
if: >-
github.event_name != 'issues' ||
contains(github.event.issue.labels.*.name, 'bug') ||
contains(github.event.issue.labels.*.name, 'cli')
(contains(github.event.issue.labels.*.name, 'safe-to-work') &&
(contains(github.event.issue.labels.*.name, 'bug') ||
contains(github.event.issue.labels.*.name, 'cli')))
steps:
- name: Trigger and stream refactor cycle
env: