Open
Conversation
Adds a capability baseline file and a GitHub Actions workflow that uses Google's capslock tool to detect if any new capabilities (file access, network, syscalls, etc.) are introduced by code changes. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Replace the full JSON baseline with a simple text file listing capability names per package. Add caps.sh script to generate and check the baseline. Document in CONTRIBUTING.md and AGENTS.md that PRs increasing capabilities are unlikely to be accepted. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
The baseline was generated with Go 1.24 and capslock v0.3.1. Pin both in CI to ensure consistent analysis results, since different Go versions can change which capabilities capslock detects. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Rework caps.sh to detect new capabilities rather than requiring an exact match, so the baseline works across Go versions. Add a forbidden capabilities list (UNSAFE_POINTER, NETWORK, CGO, EXEC) that will always fail the check. Use Go 1.26 and capslock@latest in CI. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Go 1.26 with capslock reports CAPABILITY_UNSAFE_POINTER for most packages (likely from stdlib unsafe usage in reflect). Add it to the baseline so CI passes, and remove it from the forbidden list. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
go-toml has no direct unsafe imports. Go 1.26 causes capslock to report CAPABILITY_UNSAFE_POINTER because it traces through stdlib internals (reflect -> unsafe). Use -capabilities flag to exclude it from analysis, and keep it on the forbidden list so any actual unsafe usage in go-toml code would still be caught at review time. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Capslock reports CAPABILITY_UNSAFE_POINTER as a false positive with Go 1.26 because it traces through unclassified stdlib reflect functions (Append, Copy, MakeMap, MakeSlice, New, Zero) into reflect internals that use unsafe.Pointer. This is not a real capability of go-toml — it has zero direct unsafe imports. Instead of using capslock's -capabilities flag (which would hide real unsafe usage too), filter CAPABILITY_UNSAFE_POINTER from the comparison and add a direct source check: grep for "unsafe" imports in go-toml's own .go files. This catches actual unsafe usage while ignoring the false positive from stdlib. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Only analyze the go-toml/v2 library package (./), not ./... which included cmd/ binaries. The library itself only needs REFLECT and UNANALYZED — FILES and MODIFY_SYSTEM_STATE were from the CLI tools. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Now that capslock is scoped to just the library package (.), CAPABILITY_UNSAFE_POINTER no longer appears as a false positive. Add it to FORBIDDEN_CAPS instead, and remove the source-level unsafe import check and all the grep -v filtering. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
Go 1.26 changes how capslock traces through stdlib internals (reflect, encoding/json), causing it to report UNSAFE_POINTER for any package that uses reflection. This is a transitive artifact — go-toml does not import "unsafe" directly. Include it in the baseline so the check passes on both Go 1.24 and 1.26, and remove it from FORBIDDEN_CAPS. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
capability_baseline.jsonfile capturing the current set of capabilities (FILES, REFLECT, MODIFY_SYSTEM_STATE, UNANALYZED) for all packagesHow it works
The
capslocktool performs static analysis to determine what system-level capabilities (file access, network, syscalls, etc.) each package uses. Thecomparemode diffs the current state against the checked-in baseline and returns a non-zero exit code if new capabilities are detected.To intentionally add a new capability, update
capability_baseline.jsonby running:Test plan
capslock -output=comparereturns exit code 0 against the baseline locallyhttps://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn