Files
Kill_LIFE/tools/mistral/scope_allowlists.py
T
Clément SAILLANT ccbeb68937 feat(mistral): introduce Mistral integration for safe patch generation and indexing
- Added new tools for generating and applying safe patches using Mistral.
- Implemented a local embedding index for repository files to facilitate search functionality.
- Created a schema for validating patch JSON structure.
- Developed various prompts for different agent roles (Architect, PM, QA, etc.) to guide Mistral's output.
- Established a set of scope allowlists to ensure safe application of patches.
- Included documentation for agents and systems correspondence.
- Added requirements for Mistral dependencies in requirements-mistral.txt.
2026-02-19 04:40:13 +01:00

76 lines
1.6 KiB
Python

"""
Local scope allowlists for applying patches safely.
This is NOT a replacement for CI scope guards; it is a local "pre-flight" safety net.
"""
from __future__ import annotations
import fnmatch
from typing import List
DENY_GLOBS = [
".git/**",
".github/workflows/**",
".github/actions/**",
"**/.env",
"**/*.key",
"**/*secret*",
"**/*token*",
]
ALLOWED_BY_SCOPE = {
"ai:spec": [
"specs/**",
"docs/**",
"README.md",
".github/copilot-instructions.md",
".github/copilot/**",
".github/prompts/**",
],
"ai:plan": [
"specs/**",
"docs/**",
"README.md",
],
"ai:tasks": [
"specs/**",
"docs/**",
],
"ai:docs": [
"docs/**",
"README.md",
".github/copilot-instructions.md",
".github/copilot/**",
".github/prompts/**",
],
"ai:impl": [
"firmware/**",
"docs/**",
"specs/**",
"tools/**",
],
"ai:qa": [
"firmware/**",
"tools/**",
"docs/**",
"specs/**",
],
}
def _matches_any(path: str, globs: List[str]) -> bool:
return any(fnmatch.fnmatch(path, g) for g in globs)
def is_path_allowed(scope: str, path: str) -> bool:
path = path.replace("\\", "/").lstrip("/")
if _matches_any(path, DENY_GLOBS):
return False
allow = ALLOWED_BY_SCOPE.get(scope)
if not allow:
return False
return _matches_any(path, allow)
def explain_scope(scope: str) -> str:
allow = ALLOWED_BY_SCOPE.get(scope, [])
return f"{scope} allows: " + ", ".join(allow)