Summary
The signals public/private boundary treats /Users/, /home/, and /tmp/ (and Windows …\Users\…) as local filesystem paths that must never reach a public GitHub surface, but it does not recognize /root/ — the root user's home directory. A contributor who runs local branch analysis from a /root/... working tree (common in containers, CI, and devcontainers) can leak that absolute local path onto public surfaces.
The project already considers /root/ a local path elsewhere: src/services/miner-dashboard-recommendations.ts redacts it.
// src/services/miner-dashboard-recommendations.ts
const LOCAL_PATH = /(?:\/(?:Users|home|root|tmp|var)\/[^\s,;:)]+|[A-Za-z]:\\Users\\[^\s,;:)]+)/g;
So the intent is established; the canonical boundary primitive and its sibling have simply drifted.
Affected code (this issue's scope)
src/signals/redaction.ts — PUBLIC_UNSAFE_PATTERN, the canonical isPublicSafeText boundary that governs PR/issue comments, check annotations, notifications, badge, and extension payloads. Its alternation lists /Users/|/home/|/tmp/ but omits /root/.src/signals/local-branch.ts — safeRepoPath, which redacts changed file paths rendered into the public PR packet (Changed Paths). Same ^(/Users/|/home/|/tmp/|…) denylist, also missing /root/. This is the most likely place a /root/... path appears, since it formats real changed-file paths.
Repro
import { isPublicSafeText } from "./src/signals/redaction";
isPublicSafeText("/root/project/src/index.ts"); // returns true (should be false)A changed file at /root/work/src/cache.ts is rendered verbatim into the public PR packet's Changed Paths instead of [local path hidden].
Proposed fix
Add /root/ to both denylists so the signals boundary treats the root home directory like the other local paths, matching the existing miner-dashboard-recommendations.ts behavior. Add tests for the new case in test/unit/redaction.test.ts and test/unit/local-branch.test.ts.
Scope
Narrow, behavior-preserving for every existing input (only adds /root/ detection). Other surfaces that keep their own context-specific path denylists (control-panel-roles.ts, weekly-value-report.ts, db/repositories.ts, agent-action-explanation-card.ts, focus-manifest.ts) can be aligned in a follow-up; this issue is scoped to the canonical signals boundary primitive and the changed-file-path redactor.
Summary
The signals public/private boundary treats
/Users/,/home/, and/tmp/(and Windows…\Users\…) as local filesystem paths that must never reach a public GitHub surface, but it does not recognize/root/— the root user's home directory. A contributor who runs local branch analysis from a/root/...working tree (common in containers, CI, and devcontainers) can leak that absolute local path onto public surfaces.The project already considers
/root/a local path elsewhere:src/services/miner-dashboard-recommendations.tsredacts it.So the intent is established; the canonical boundary primitive and its sibling have simply drifted.
Affected code (this issue's scope)
src/signals/redaction.ts—PUBLIC_UNSAFE_PATTERN, the canonicalisPublicSafeTextboundary that governs PR/issue comments, check annotations, notifications, badge, and extension payloads. Its alternation lists/Users/|/home/|/tmp/but omits/root/.src/signals/local-branch.ts—safeRepoPath, which redacts changed file paths rendered into the public PR packet (Changed Paths). Same^(/Users/|/home/|/tmp/|…)denylist, also missing/root/. This is the most likely place a/root/...path appears, since it formats real changed-file paths.Repro
A changed file at
/root/work/src/cache.tsis rendered verbatim into the public PR packet'sChanged Pathsinstead of[local path hidden].Proposed fix
Add
/root/to both denylists so the signals boundary treats the root home directory like the other local paths, matching the existingminer-dashboard-recommendations.tsbehavior. Add tests for the new case intest/unit/redaction.test.tsandtest/unit/local-branch.test.ts.Scope
Narrow, behavior-preserving for every existing input (only adds
/root/detection). Other surfaces that keep their own context-specific path denylists (control-panel-roles.ts,weekly-value-report.ts,db/repositories.ts,agent-action-explanation-card.ts,focus-manifest.ts) can be aligned in a follow-up; this issue is scoped to the canonicalsignalsboundary primitive and the changed-file-path redactor.