From 4a5e5bbd1ad1768aff9c07f7768dca6d4e3c6352 Mon Sep 17 00:00:00 2001 From: "user.email" Date: Wed, 25 Mar 2026 18:58:35 +0000 Subject: [PATCH] fix(rfc-025): add path/filepath + errors to Principle 9 quality gate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit path/filepath bypasses core.Path() security boundary. errors bypasses core.NewError()/core.Is()/core.As(). Both now in the disallowed imports table. Validated by dogfooding core/go's own tests — zero filepath, zero errors imports remaining. Co-Authored-By: Virgil --- docs/specs/RFC-025-AGENT-EXPERIENCE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/specs/RFC-025-AGENT-EXPERIENCE.md b/docs/specs/RFC-025-AGENT-EXPERIENCE.md index b97bc23..ec0b9be 100644 --- a/docs/specs/RFC-025-AGENT-EXPERIENCE.md +++ b/docs/specs/RFC-025-AGENT-EXPERIENCE.md @@ -402,8 +402,9 @@ Core primitives become mechanical code review rules. An agent reviewing a diff c | `os/exec` | Bypasses Process primitive | `c.Process().Run()` | | `unsafe` | Bypasses Fs sandbox | `Fs.NewUnrestricted()` | | `encoding/json` | Bypasses Core serialisation | `core.JSONMarshal()` / `core.JSONUnmarshal()` | +| `path/filepath` | Bypasses path security boundary | `core.Path()` / `core.JoinPath()` | | `fmt.Errorf` | Bypasses error primitive | `core.E()` | -| `errors.New` | Bypasses error primitive | `core.E()` | +| `errors` | Bypasses error primitive | `core.NewError()` / `core.Is()` / `core.As()` | | `log.*` | Bypasses logging | `core.Info()` / `c.Log()` | **Rule:** If a diff introduces a disallowed import, it failed code review. The import list IS the quality gate. No subjective judgement needed — a weaker model can enforce this mechanically.