ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-02 20:43:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(protection): implement multi-layered protection for feature_list.json

Browse Source 
Introduces a comprehensive strategy to safeguard the feature_list.json file from accidental modifications. Key enhancements include:

1. **Prompt-Level Warnings**: Added explicit warnings in agent prompts to prevent direct modifications.
2. **Dedicated MCP Tool**: Implemented the UpdateFeatureStatus tool for safe feature updates.
3. **File-Level Validation & Auto-Backup**: Added validation checks and automatic backups before modifications to prevent data loss.
4. **Tool Access Control**: Restricted agent access to critical tools, ensuring only the designated MCP tool can modify the feature list.

This update significantly reduces the risk of catastrophic data loss and ensures a robust feature management process.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
This commit is contained in:
Cody Seibert
2025-12-09 19:47:10 -05:00
parent 7cee3bbd9f
commit ac5b562f7a
15 changed files with 855 additions and 370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/electron/agent-service.js
View File

@@ -441,13 +441,28 @@ class AgentService {
return `You are an AI assistant helping users build software. You are part of the Automaker application,
which is designed to help developers plan, design, and implement software projects autonomously.
**🚨 CRITICAL FILE PROTECTION 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on .automaker/feature_list.json
- Use the Edit tool on .automaker/feature_list.json
- Use any Bash command that writes to .automaker/feature_list.json
- Attempt to read and rewrite .automaker/feature_list.json
**CATASTROPHIC CONSEQUENCES:**
Directly modifying .automaker/feature_list.json can erase all project features permanently.
This file is managed by specialized tools only. NEVER touch it directly.
Your role is to:
- Help users define their project requirements and specifications
- Ask clarifying questions to better understand their needs
- Suggest technical approaches and architectures
- Guide them through the development process
- Be conversational and helpful
- Write, edit, and modify code files as requested
- Write, edit, and modify code files as requested (EXCEPT .automaker/feature_list.json)
- Execute commands and tests
- Search and analyze the codebase
@@ -459,10 +474,10 @@ When discussing projects, help users think through:
- Testing strategies
You have full access to the codebase and can:
- Read files to understand existing code
- Write new files
- Edit existing files
- Run bash commands
- Read files to understand existing code (including .automaker/feature_list.json for viewing only)
- Write new files (NEVER .automaker/feature_list.json)
- Edit existing files (NEVER .automaker/feature_list.json)
- Run bash commands (but never commands that modify .automaker/feature_list.json)
- Search for code patterns
- Execute tests and builds

55
app/electron/services/feature-loader.js
View File

@@ -38,7 +38,51 @@ class FeatureLoader {
* @param {string} [summary] - Optional summary of what was done
*/
async updateFeatureStatus(featureId, status, projectPath, summary) {
const featuresPath = path.join(
projectPath,
".automaker",
"feature_list.json"
);
// 🛡️ SAFETY: Create backup before any modification
const backupPath = path.join(
projectPath,
".automaker",
"feature_list.backup.json"
);
try {
const originalContent = await fs.readFile(featuresPath, "utf-8");
await fs.writeFile(backupPath, originalContent, "utf-8");
console.log(`[FeatureLoader] Created backup at ${backupPath}`);
} catch (error) {
console.warn(`[FeatureLoader] Could not create backup: ${error.message}`);
}
const features = await this.loadFeatures(projectPath);
// 🛡️ VALIDATION: Ensure we loaded features successfully
if (!Array.isArray(features)) {
throw new Error("CRITICAL: features is not an array - aborting to prevent data loss");
}
if (features.length === 0) {
console.warn(`[FeatureLoader] WARNING: Feature list is empty. This may indicate corruption.`);
// Try to restore from backup
try {
const backupContent = await fs.readFile(backupPath, "utf-8");
const backupFeatures = JSON.parse(backupContent);
if (Array.isArray(backupFeatures) && backupFeatures.length > 0) {
console.log(`[FeatureLoader] Restored ${backupFeatures.length} features from backup`);
// Use backup features instead
features.length = 0;
features.push(...backupFeatures);
}
} catch (backupError) {
console.error(`[FeatureLoader] Could not restore from backup: ${backupError.message}`);
}
}
const feature = features.find((f) => f.id === featureId);
if (!feature) {
@@ -55,11 +99,6 @@ class FeatureLoader {
}
// Save back to file
const featuresPath = path.join(
projectPath,
".automaker",
"feature_list.json"
);
const toSave = features.map((f) => {
const featureData = {
id: f.id,
@@ -87,8 +126,14 @@ class FeatureLoader {
return featureData;
});
// 🛡️ FINAL VALIDATION: Ensure we're not writing an empty array
if (!Array.isArray(toSave) || toSave.length === 0) {
throw new Error("CRITICAL: Attempted to save empty feature list - aborting to prevent data loss");
}
await fs.writeFile(featuresPath, JSON.stringify(toSave, null, 2), "utf-8");
console.log(`[FeatureLoader] Updated feature ${featureId}: status=${status}${summary ? `, summary="${summary}"` : ""}`);
console.log(`[FeatureLoader] Successfully saved ${toSave.length} features to feature_list.json`);
}
/**

44
app/electron/services/prompt-builder.js
View File

@@ -385,6 +385,28 @@ Begin by exploring the project structure.`;
getCodingPrompt() {
return `You are an AI coding agent working autonomously to implement features.
**🚨 CRITICAL FILE PROTECTION - READ THIS FIRST 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on feature_list.json
- Use the Edit tool on feature_list.json
- Use any Bash command that writes to feature_list.json (echo, sed, awk, etc.)
- Attempt to read and rewrite feature_list.json
- UNDER ANY CIRCUMSTANCES touch this file directly
**CATASTROPHIC CONSEQUENCES:**
Directly modifying feature_list.json can:
- Erase all project features permanently
- Corrupt the project state beyond recovery
- Destroy hours/days of planning work
- This is a FIREABLE OFFENSE - you will be terminated if you do this
**THE ONLY WAY to update features:**
Use the mcp__automaker-tools__UpdateFeatureStatus tool with featureId, status, and summary parameters.
Your role is to:
- Implement features exactly as specified
- Write production-quality code
@@ -455,6 +477,28 @@ Focus on one feature at a time and complete it fully before finishing. Always de
getVerificationPrompt() {
return `You are an AI implementation and verification agent focused on completing features and ensuring they work.
**🚨 CRITICAL FILE PROTECTION - READ THIS FIRST 🚨**
THE FOLLOWING FILE IS ABSOLUTELY FORBIDDEN FROM DIRECT MODIFICATION:
- .automaker/feature_list.json
**YOU MUST NEVER:**
- Use the Write tool on feature_list.json
- Use the Edit tool on feature_list.json
- Use any Bash command that writes to feature_list.json (echo, sed, awk, etc.)
- Attempt to read and rewrite feature_list.json
- UNDER ANY CIRCUMSTANCES touch this file directly
**CATASTROPHIC CONSEQUENCES:**
Directly modifying feature_list.json can:
- Erase all project features permanently
- Corrupt the project state beyond recovery
- Destroy hours/days of planning work
- This is a FIREABLE OFFENSE - you will be terminated if you do this
**THE ONLY WAY to update features:**
Use the mcp__automaker-tools__UpdateFeatureStatus tool with featureId, status, and summary parameters.
Your role is to:
- **Continue implementing features until they are complete** - don't stop at the first failure
- Check if feature.skipTests is true - if so, skip automated testing and don't commit