Skip to content

Make sensitive-areas gate per-project configurable#179

Merged
sebastientaggart merged 1 commit into
devfrom
feature/174-configurable-sensitive-areas
Jun 10, 2026
Merged

Make sensitive-areas gate per-project configurable#179
sebastientaggart merged 1 commit into
devfrom
feature/174-configurable-sensitive-areas

Conversation

@sebastientaggart

Copy link
Copy Markdown
Member

Makes the reviewer's "force CRITICAL on sensitive areas" rule per-project configurable via two new placeholders:

  • SENSITIVE_AREAS_GATE"true" (default) keeps the gate active; "false" removes the section entirely from the generated review-agent prompt.
  • SENSITIVE_AREAS_CATEGORIES — multi-line bulleted markdown that replaces the default 5-category list. Use a YAML block scalar (|) for multi-line content.

Defaults match current behavior, so existing projects are unaffected. Smoke-tested both states; with gate "false" the section is absent from the rendered prompt, with "true" it's present.

Adjacent fix in sync.py: Extended parse_yaml_simple to support | block scalars. The schema previously advertised this for PLATFORM_COMPLIANCE_NOTES and CONVENTIONS_NOTES but the parser didn't actually support it — multi-line bodies would parse as YAML list items under config:, breaking sync. Bundled here because SENSITIVE_AREAS_CATEGORIES needs it and the alternatives (inline \n escapes or a separate file) were worse than fixing the parser.

Files touched:

  • config.schema.yaml — schema entries for both placeholders.
  • .codecannon.yaml — defaults set so CodeCannon's own sync passes.
  • skills/github-agile/review-agent.md — section wrapped in {{#if SENSITIVE_AREAS_GATE}} with {{SENSITIVE_AREAS_CATEGORIES}} substitution.
  • skills/github-agile/setup.md — added both placeholders to the Optional config list.
  • sync.pyparse_yaml_simple extended for | block scalars.
  • Four adapter outputs regenerated.

Closes #174

@sebastientaggart

Copy link
Copy Markdown
Member Author

Review Summary

Verdict: APPROVE

Findings

  • [NOTE] PR makes the reviewer's sensitive-area gate per-project configurable via two new placeholders (SENSITIVE_AREAS_GATE, SENSITIVE_AREAS_CATEGORIES) with defaults that preserve current behavior; the rendered .claude/review-agent-prompt.md in the diff confirms the default list (auth, payments, secrets, prod config, destructive ops) is unchanged.
  • [NOTE] The bundled sync.py extension adds | block-scalar support to parse_yaml_simple, which the schema already advertised for PLATFORM_COMPLIANCE_NOTES / CONVENTIONS_NOTES; trailing-empty-line chomping and the body_indent <= indent terminator look correct, and existing simple-list / key: value parsing paths are preserved.
  • [NOTE] apply_conditionals already treats "false", "no", "0" as falsy (sync.py:195), so SENSITIVE_AREAS_GATE: "false" correctly strips the entire gate block — consistent with the PR description's smoke test.
  • [NOTE] All four adapter outputs (.agents/, .claude/, .cursor/, .gemini/) were regenerated with fresh hashes, and the setup skill's config-status block lists both new placeholders.

@sebastientaggart sebastientaggart merged commit 7f5a769 into dev Jun 10, 2026
6 checks passed
@sebastientaggart sebastientaggart deleted the feature/174-configurable-sensitive-areas branch June 10, 2026 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant