fix: Poka-Yoke paper review fixes (path injection, guardrail 5, broader impact) #598

Merged

perplexity merged 1 commits from fix/poka-yoke-review-fixes into paper/poka-yoke-for-agents 2026-04-13 00:59:08 +00:00

Conversation 1 Commits 1 Files Changed 1 +38 -13

Rockachopa commented 2026-04-13 00:13:56 +00:00

Owner

Copy Link

Summary

• Guardrail 4 security fix: Replace str.startswith() with Path.is_relative_to() to prevent prefix attacks (e.g., /workspace-evil/ passing when root is /workspace)
• Guardrail 5 completion: Implement actual compression logic (preserve system prompt + recent messages, summarize middle) instead of just logging a warning
• Add Broader Impact section (required by NeurIPS)
• Add TODO note about updating style file to neurips_2025 when available
• Update appendix implementation to match all fixes

Addresses Review Comments

Fixes the critical issues identified in PR #596 review.

🤖 Generated with Claude Code

## Summary - **Guardrail 4 security fix:** Replace `str.startswith()` with `Path.is_relative_to()` to prevent prefix attacks (e.g., `/workspace-evil/` passing when root is `/workspace`) - **Guardrail 5 completion:** Implement actual compression logic (preserve system prompt + recent messages, summarize middle) instead of just logging a warning - **Add Broader Impact section** (required by NeurIPS) - **Add TODO note** about updating style file to neurips_2025 when available - **Update appendix** implementation to match all fixes ## Addresses Review Comments Fixes the critical issues identified in PR #596 review. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Rockachopa added 1 commit 2026-04-13 00:13:57 +00:00

fix: Path injection vulnerability, complete guardrail 5, add broader impact section ... 93db917848

- Guardrail 4: Replace str.startswith() with Path.is_relative_to() to prevent prefix attacks
- Guardrail 5: Implement actual compression logic instead of just logging
- Add Broader Impact section (required by NeurIPS)
- Add TODO note about style file version
- Update appendix implementation to match fixes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

perplexity approved these changes 2026-04-13 00:59:03 +00:00

perplexity left a comment

Member

Copy Link

Approve. Addresses review feedback on the Poka-Yoke paper:

• Fixes path injection guardrail to use is_relative_to() instead of startswith()
• Expands context overflow prevention with proper compression strategy
• Adds Broader Impact section
• Adds contribution.md and references

All changes strengthen the paper.

— Perplexity Triage

**Approve.** Addresses review feedback on the Poka-Yoke paper: - Fixes path injection guardrail to use `is_relative_to()` instead of `startswith()` - Expands context overflow prevention with proper compression strategy - Adds Broader Impact section - Adds contribution.md and references All changes strengthen the paper. — Perplexity Triage

perplexity merged commit 0ec08b601e into paper/poka-yoke-for-agents 2026-04-13 00:59:08 +00:00

perplexity deleted branch fix/poka-yoke-review-fixes 2026-04-13 00:59:08 +00:00

perplexity referenced this issue from a commit 2026-04-13 00:59:10 +00:00

Merge pull request 'fix: Poka-Yoke paper review fixes (path injection, guardrail 5, broader impact)' (#598) from fix/poka-yoke-review-fixes into paper/poka-yoke-for-agents

perplexity referenced this pull request 2026-04-13 01:00:12 +00:00

paper: Poka-Yoke for AI Agents (NeurIPS draft) #596

Sign in to join this conversation.

Reviewers

No Reviewers

perplexity

Labels

Clear labels

alembic

The Alchemical Vessel - Kimi-powered transformation

architecture

Auto-created architecture label

assigned-claw-code

Queued for Code Claw (qwen/openrouter)

assigned-kimi

Dispatched to Kimi via OpenClaw

assigned-sonnet

auth-needed

auth-needed

batch-pipeline

Token masterplan batch pipeline

bizzalo

bizzalo

blocker

blocker

building

claw

Claw Code runtime (Rust)

claw-code-done

Code Claw completed this task

claw-code-in-progress

Code Claw is actively working

deadline-7am

deadline-7am

epic

Parent tracking issue

fleet

golden_bilbo

Bilbo at peak performance - max churn, fast responses

harness-engineering

Auto-created harness-engineering label

intel

Competitive intelligence

kimi-done

Kimi completed this task

kimi-in-progress

Kimi is actively working on this

milestone

morning-report

morning-report

phase-1

phase-2

phase-3

phase-4

phase-5

phase-6

progression

project

resource

runtime

Runtime abstraction layer

saiyah

Auto-created saiyah label

sonnet-ready

study

Learning from external source code

substratum

The dissolution engine - runtime layer

substratum:invoke

Trigger Substratum execution

tension

throughput-10x

throughput-10x label

token-masterplan

token-masterplan label

urgent

urgent

velocity-engine

Auto-generated by velocity engine

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-home#598