feat: detect AI disclosure in branch names#51
Conversation
Add a branchname detector for codex/* branch prefixes and wire it into the CLI, GitHub Action, and scan package. The action now scans PR head refs alongside commits and PR bodies. Fixes chaoss#50 Signed-off-by: sreedhards <8810551+sreedhards@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Pull request overview
This PR extends the disclosure detection system to scan git branch names (e.g., PR head refs) for AI-related naming patterns, specifically flagging codex/* branches as an OpenAI Codex signal. It also adds a new CLI subcommand and updates the GitHub Action to incorporate branch-scan results into the combined report.
Changes:
- Add a
branchnamedetector that flagscodex/branch prefixes (case-insensitive) with medium confidence. - Introduce
scan.ScanBranchand adisclosure branch <branch-name>CLI subcommand. - Update the GitHub Action to scan PR head branch refs and include branch findings in the combined JSON report.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
scan/scan.go |
Adds ScanBranch helper to run detectors against a branch name input. |
scan/scan_test.go |
Adds coverage for branch scanning via ScanBranch. |
detection/detection.go |
Extends detection.Input with a BranchName field. |
detection/branchname/branchname.go |
Implements branch-prefix detection for codex/ → OpenAI Codex. |
detection/branchname/branchname_test.go |
Adds unit tests for branch-name detection behavior. |
cmd/cmd.go |
Registers branch subcommand and adds detector to CLI detector set. |
action/action.yml |
Scans PR head ref and adds branch section to combined report JSON. |
README.md |
Documents new branch scanning behavior and CLI usage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| BRANCH_REPORT='{"findings":[]}' | ||
| if [ -n "${PR_HEAD_REF}" ]; then | ||
| BRANCH_REPORT=$(${{ runner.temp }}/ai-detection branch "${PR_HEAD_REF}" \ | ||
| --format=json \ | ||
| --min-confidence="${MIN_CONFIDENCE}") || BRANCH_EXIT=$? |
| var minConfFlag string | ||
|
|
||
| cmd := &cobra.Command{ | ||
| Use: "branch [branch-name]", |
| ``` | ||
| disclosure scan [--range=BASE..HEAD] [--format=json|text] [--min-confidence=low|medium|high] [repo-path] | ||
| disclosure text [--format=json|text] [--input=FILE|-] | ||
| disclosure branch [branch-name] [--format=json|text] [--min-confidence=low|medium|high] | ||
| disclosure version |
|
Needs to be rebased also id like to see if there are better UI/UX options out there that can be better than requiring the user to pass in the branch name (atlthough maybe this is moot if we do it in the github action) |
Summary
branchnamedetector that flagscodex/*branch prefixes as medium-confidence OpenAI Codex signals (case-insensitive)disclosure branch [branch-name]CLI subcommand andscan.ScanBranchhelperFixes #50
Motivation
chaoss/CollectOSS#397 was opened from a
codex/*branch. This extends disclosure detection to branch naming patterns that indicate AI involvement.Test plan
go test ./...disclosure branch codex/fix-metrics --format=jsonreturns an OpenAI Codex findingdisclosure branch main --format=jsonreturns no findingsMade with Cursor