docs(changelog): runner GA hardening — fail-closed egress, secret redaction, SSRF pin#111
Merged
Merged
Conversation
…action, SSRF pin, proven enforcement Operator-facing entry for the M100 runner general-availability hardening. Leads with the egress fail-closed default under Upgrading (an unset RUNNER_NETWORK_POLICY no longer shares host net), then the secret-redaction, Server-Side Request Forgery (SSRF) pin, bounded-reliability, and real-kernel enforcement-proof changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
…hardening-changelog # Conflicts: # changelog.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changelog
<Update>for the M100 runner general-availability hardening (agentsfleet repo, branchfeat/m100-runner-ga-hardening).Leads with the operator-facing behavior change under Upgrading: egress now fails closed by default — an unset
RUNNER_NETWORK_POLICYno longer shares the host network (setallow_allexplicitly for the interim open posture). Then the secret-redaction (incl. cross-chunk), Server-Side Request Forgery (SSRF) tenant-pin, bounded-reliability, and real-kernel enforcement-proof changes.Pairs with the code PR in the agentsfleet repo.
🤖 Generated with Claude Code
Greptile Summary
This PR adds a changelog entry for the M100 runner general-availability hardening, covering the breaking egress-policy change and four security/reliability improvements. The new
<Update>block is correctly placed at the top of the file and follows the existing MDX structure and Mintlify conventions.RUNNER_NETWORK_POLICYunset now denies network access by default, with an explicitallow_allupgrade path; the Upgrading section communicates this prominently.Confidence Score: 5/5
Documentation-only change that adds a new changelog entry; no executable code or configuration is modified.
The change is a single
<Update>block inserted at the top of the MDX changelog. The MDX structure is valid, the new entry follows the same conventions as surrounding entries, the breaking-change upgrade path is clearly documented, and two entries sharing the same Jun 25, 2026 date is intentional and benign. No regressions are possible in a docs-only PR of this scope.No files require special attention.
Important Files Changed
<Update>block documenting the M100 runner GA-hardening security changes, including fail-closed egress, cross-chunk secret redaction, SSRF protection, bounded retries, and proven kernel enforcement; content is well-structured and follows existing changelog conventions.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Runner starts] --> B{RUNNER_NETWORK_POLICY set?} B -- "unset / unrecognized" --> C[Fail closed: no egress] B -- "allow_all" --> D[Egress permitted] A --> E[Progress frame emitted] E --> F{Secret value in frame?} F -- "no" --> G[Send frame] F -- "yes / split across chunks" --> H{Redaction successful?} H -- "yes" --> I[Replace with placeholder & send] H -- "no / memory failure" --> J[Drop frame — never sent raw] A --> K[Tool dials tenant-configured host] K --> L[Resolve address] L --> M{Private / loopback / link-local?} M -- "yes (incl. cloud metadata)" --> N[Reject before connection] M -- "no" --> O[Connect]%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A[Runner starts] --> B{RUNNER_NETWORK_POLICY set?} B -- "unset / unrecognized" --> C[Fail closed: no egress] B -- "allow_all" --> D[Egress permitted] A --> E[Progress frame emitted] E --> F{Secret value in frame?} F -- "no" --> G[Send frame] F -- "yes / split across chunks" --> H{Redaction successful?} H -- "yes" --> I[Replace with placeholder & send] H -- "no / memory failure" --> J[Drop frame — never sent raw] A --> K[Tool dials tenant-configured host] K --> L[Resolve address] L --> M{Private / loopback / link-local?} M -- "yes (incl. cloud metadata)" --> N[Reject before connection] M -- "no" --> O[Connect]Reviews (2): Last reviewed commit: "Merge remote-tracking branch 'origin/mai..." | Re-trigger Greptile