Block PRs that modify multiple agent directories#219
Merged
Conversation
Three independent fixes identified in scale readiness audit: 1. run_eval_pool.py: distinguish container crash (returncode != 0, no output) from bad JSON (container ran but output is garbage). Previously both showed "Invalid JSON output" — crash now shows "Container exited 137" with stderr tail, making OOM kills and segfaults debuggable by miners. 2. record_submissions.py: skip STEP files smaller than 200 bytes. The file is pre-created as 0 bytes before docker run so the container can write to it; if the container crashes mid-run the file stays empty. Storing an empty BLOB sets has_step=true for a submission with no geometry, breaking the 3D viewer for that entry. 3. score.yml: increase score-round timeout-minutes from 90 → 150. 15 specs × ~180s each + Docker overhead ≈ 50 min per round; 90 min was dangerously close to the limit for slower specs under high load. eval.yml and hidden-eval remain at 90 min (3 specs each — sufficient). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A malicious PR could include changes to agents/alice/agent.py alongside agents/bob/agent.py. CI would eval the first alphabetically, but on merge both files land in main — silently overwriting another miner's agent. Fix: in the 'Find changed agent' step, count unique agent subdirectories touched by the PR. If more than one, exit 1 with a clear error message before any eval runs. Each PR must touch exactly one agents/* directory. The template directory is already excluded from eval. Non-agent file changes (README, spec.txt) in the same PR are still allowed as before. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Attack vector being closed
A malicious miner could submit a PR that modifies both
agents/their-agent/agent.pyANDagents/someone-elses/agent.py. CI would evaluate whichever path sorts first, post a green result, and on merge silently overwrite the victim's agent in main. The victim's next merge would then run with corrupted code.Fix
In the
Find changed agentstep (eval.yml), count uniqueagents/*/directories touched by the PR. If more than one, exit 1 before any eval runs:The existing template exclusion (
grep -v '^agents/template/') is preserved. Non-agent files in the same PR (e.g. aREADME.mdinside the agent directory) are unaffected — onlyagent.pyfiles are counted.Test plan
agents/*/agent.py→ CI proceeds normallyagents/*/agent.py→ CI exits 1 with clear error before building Docker imageagents/**→ CI skips eval (found=false, unchanged behavior)🤖 Generated with Claude Code