Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,10 @@
5. DoS ์™„ํ™”๋ฅผ ์œ„ํ•ด `return(1L)` ๊ฐ™์€ ๊ธฐ๋ณธ ์Šน์ธ๊ฐ’์„ ๋„ฃ์„ ๋•Œ๋Š” ์ถ”์ • ๊ธฐ์ค€์ฒ™๋„, anchor/common item, true parameter ์žฌํ˜„ ๊ณ„์•ฝ์„ ์šฐํšŒํ•˜์ง€ ์•Š๋Š”์ง€ ๋จผ์ € ๊ฒ€์ฆํ•ฉ๋‹ˆ๋‹ค.
6. Fail-secure ์—๋Ÿฌ ๋ฉ”์‹œ์ง€๋Š” ํ…Œ์ŠคํŠธ์˜ ์ผ๋ถ€๋กœ ์ทจ๊ธ‰ํ•ฉ๋‹ˆ๋‹ค. ๋ณด์•ˆ ํ…Œ์ŠคํŠธ๋Š” ์‹ค์ œ ๊ตฌํ˜„ ๋ฉ”์‹œ์ง€์™€ ๋งž์•„์•ผ ํ•˜๋ฉฐ, ์˜ค๋ž˜๋œ `"Interactive prompt is not available"` ๊ฐ™์€ ๋ณ„๋„ ๋ฌธ๊ตฌ๋ฅผ ์ƒˆ๋กœ ๋งŒ๋“ค์ง€ ์•Š์Šต๋‹ˆ๋‹ค.
7. Prompt DoS ํšŒ๊ท€ ํ…Œ์ŠคํŠธ๋Š” ๋ชจ๋ธ ์ถ”์ • ์‹คํŒจ์— ๊ธฐ๋Œ€์ง€ ๋ง๊ณ , common-item confirmation guard์ฒ˜๋Ÿผ ์ทจ์•ฝํ•œ ์ž…๋ ฅ ๊ฒฝ๊ณ„์—์„œ ๋ฐ”๋กœ ๋ฐœ์ƒํ•˜๋Š” fail-secure ์—๋Ÿฌ๋ฅผ ๊ฒ€์ฆํ•ฉ๋‹ˆ๋‹ค.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH OpenCode could not establish approval sufficiency

  • Problem: the model pool exhausted without a valid current-head review control block, so this changed line cannot be approved from deterministic check state alone.
  • Impact: PR-intent mismatches, missing files, robustness bugs, UX/DX regressions, and CodeGraph-backed flow changes could be missed.
  • Fix: rerun OpenCode after model availability recovers, or add the missing source/test/docs/generated verification evidence needed for a source-backed approval.
  • Verification: rerun the OpenCode Review workflow and confirm it emits APPROVE or source-backed REQUEST_CHANGES for this head SHA.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH OpenCode could not establish approval sufficiency

  • Problem: the model pool exhausted without a valid current-head review control block, so this changed line cannot be approved from deterministic check state alone.
  • Impact: PR-intent mismatches, missing files, robustness bugs, UX/DX regressions, and CodeGraph-backed flow changes could be missed.
  • Fix: rerun OpenCode after model availability recovers, or add the missing source/test/docs/generated verification evidence needed for a source-backed approval.
  • Verification: rerun the OpenCode Review workflow and confirm it emits APPROVE or source-backed REQUEST_CHANGES for this head SHA.

## 2024-06-30 - ์ถ”์ • ์‹คํŒจ ์‹œ ๋ฌดํ•œ ์žฌ์‹œ๋„๋กœ ์ธํ•œ ๋ฆฌ์†Œ์Šค ๊ณ ๊ฐˆ(DoS) ์ทจ์•ฝ์ 
**Vulnerability:** ๋ฐ์ดํ„ฐ ์ฒ˜๋ฆฌ ๊ณผ์ • ์ค‘ ๋ชจ๋ธ ์ถ”์ •์ด ์‹คํŒจํ–ˆ์„ ๋•Œ(์˜ˆ: `mirt` ํŒจํ‚ค์ง€์˜ MHRM ์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ์ด์šฉํ•œ oldFormModel, newFormModel ์ถ”์ •), ๋ณ€์ˆ˜๊ฐ€ ์„ฑ๊ณต์ ์œผ๋กœ ์ƒ์„ฑ๋  ๋•Œ๊นŒ์ง€ `while(!exists('oldFormModel'))`๊ณผ ๊ฐ™์€ ํƒˆ์ถœ ์กฐ๊ฑด(exit condition)์ด ์—†๋Š” ๋ฌดํ•œ ๋ฃจํ”„๊ฐ€ ์ฝ”๋“œ ๋‚ด์— ์กด์žฌํ–ˆ์Šต๋‹ˆ๋‹ค.
**Learning:** ์‹คํŒจ ์‹œ ๋ฌดํ•œ ๋ฃจํ”„๋Š” ์ž๋™ํ™”๋œ ํ™˜๊ฒฝ(CI/CD, ๋ฌถ์Œ ์ฒ˜๋ฆฌ ์„œ๋ฒ„ ๋“ฑ)์—์„œ ์ž‘์—…์ด ์ ˆ๋Œ€ ๋๋‚˜์ง€ ์•Š๊ณ  CPU์™€ ๋ฉ”๋ชจ๋ฆฌ ๋“ฑ ์‹œ์Šคํ…œ ๋ฆฌ์†Œ์Šค๋ฅผ ๊ณ„์† ์ ์œ ํ•˜๊ฒŒ ๋งŒ๋“ค์–ด ์„œ๋น„์Šค ๊ฑฐ๋ถ€(DoS) ์ƒํƒœ๋ฅผ ์œ ๋ฐœํ•ฉ๋‹ˆ๋‹ค. ์™ธ๋ถ€ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ(ํŒจํ‚ค์ง€) ํ˜ธ์ถœ ์‹คํŒจ๋ฅผ ๋ฌดํ•œ์ • ์žฌ์‹œ๋„ํ•˜๋Š” ๊ฒƒ์€ ๋งค์šฐ ์œ„ํ—˜ํ•ฉ๋‹ˆ๋‹ค.
**Prevention:**
1. ์–ด๋– ํ•œ ํ˜•ํƒœ์˜ ์žฌ์‹œ๋„ ๋ฃจํ”„๋“  ๊ฐ„์— ๋ฐ˜๋“œ์‹œ ์ตœ๋Œ€ ์žฌ์‹œ๋„ ํšŸ์ˆ˜(`max_retries`) ์ œํ•œ์„ ๋‘์–ด ๋ฌดํ•œ ๋ฃจํ”„์— ๋น ์ง€์ง€ ์•Š๋„๋ก ๋ฐฉ์–ด์ ์ธ ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
2. ์ตœ๋Œ€ ์žฌ์‹œ๋„ ํšŸ์ˆ˜์— ๋„๋‹ฌํ–ˆ์„ ๋•Œ์—๋Š” `stop()` ํ•จ์ˆ˜ ๋“ฑ์„ ์‚ฌ์šฉํ•ด ๋ช…์‹œ์ ์ธ ์˜ˆ์™ธ๋ฅผ ๋ฐœ์ƒ์‹œํ‚ค๊ณ  ์•ˆ์ „ํ•˜๊ฒŒ ์‹คํŒจํ•˜๋„๋ก(fail-secure) ์ฒ˜๋ฆฌํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
86 changes: 60 additions & 26 deletions R/aFIPC.R
Original file line number Diff line number Diff line change
@@ -1,3 +1,21 @@
.fit_mhrm_with_retries <- function(model_name, max_retries, fit) {
for (attempt in seq_len(max_retries)) {
result <- try(fit(), silent = TRUE)
if (!inherits(result, "try-error")) {
return(result)
}
}

stop(
"Estimation failed for ",
model_name,
" after ",
max_retries,
" MHRM retries. Please check test quality.",
call. = FALSE
)
}

#' automated fixed item parameter linking
#'
#' @import mirt
Expand Down Expand Up @@ -184,8 +202,9 @@ autoFIPC <-

if (tryFitwholeOldItems == T) {
if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
Comment thread
Copilot marked this conversation as resolved.
message(
'Estimation failed. estimating new parameters with no prior distribution using quasi-Monte Carlo EM estimation. please be patient.'
Expand All @@ -208,17 +227,20 @@ autoFIPC <-
}

if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. estimating new parameters with no prior distribution using Cai\'s (2010) Metropolis-Hastings Robbins-Monro (MHRM) algorithm. please be patient.'
)

try(rm(oldFormModel))
while (!exists('oldFormModel')) {
try(
oldFormModel <-
max_retries <- 3L
oldFormModel <-
.fit_mhrm_with_retries(
"oldFormModel",
max_retries,
function() {
mirt::mirt(
data = oldformYDataK,
1,
Expand All @@ -229,14 +251,15 @@ autoFIPC <-
technical = list(NCYCLES = 1e+5, MHRM_SE_draws = 200000),
GenRandomPars = F
)
}
)
}
}
}

if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics'
Expand All @@ -253,8 +276,9 @@ autoFIPC <-
}

if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics by normal MMLE/EM'
Expand All @@ -272,8 +296,9 @@ autoFIPC <-
}

if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics by MMLE/QMCEM'
Expand All @@ -291,8 +316,9 @@ autoFIPC <-
}

if (
exists("oldFormModel") &&
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics by MMLE/MHRM'
Expand All @@ -310,8 +336,8 @@ autoFIPC <-
}

if (
!oldFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
(!exists("oldFormModel") || !oldFormModel@OptimInfo$secondordertest) &&
itemtype != 'ideal'
) {
stop('Estimation failed. Please check test quality.')
}
Expand Down Expand Up @@ -396,8 +422,9 @@ autoFIPC <-

if (tryFitwholeNewItems) {
if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. estimating new parameters with no prior distribution using quasi-Monte Carlo EM estimation. please be patient.'
Expand All @@ -420,17 +447,20 @@ autoFIPC <-
}

if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. estimating new parameters with no prior distribution using Cai\'s (2010) Metropolis-Hastings Robbins-Monro (MHRM) algorithm. please be patient.'
)

try(rm(newFormModel))
while (!exists('newFormModel')) {
try(
newFormModel <-
max_retries <- 3L
newFormModel <-
.fit_mhrm_with_retries(
"newFormModel",
max_retries,
function() {
mirt::mirt(
data = newformXDataK,
1,
Expand All @@ -441,14 +471,15 @@ autoFIPC <-
technical = list(NCYCLES = 1e+5, MHRM_SE_draws = 200000),
GenRandomPars = F
)
}
)
}
}
}

if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics'
Expand All @@ -465,8 +496,9 @@ autoFIPC <-
}

if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics again by normal MMLE/EM'
Expand All @@ -484,8 +516,9 @@ autoFIPC <-
}

if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics again by MMLE/QMCEM'
Expand All @@ -503,8 +536,9 @@ autoFIPC <-
}

if (
exists("newFormModel") &&
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
itemtype != 'ideal'
) {
message(
'Estimation failed. trying to remove weird items by itemfit statistics again by MMLE/MHRM'
Expand All @@ -522,8 +556,8 @@ autoFIPC <-
}

if (
!newFormModel@OptimInfo$secondordertest &&
!itemtype == 'ideal'
(!exists("newFormModel") || !newFormModel@OptimInfo$secondordertest) &&
itemtype != 'ideal'
) {
stop('Estimation failed. Please check test quality.')
}
Expand Down
47 changes: 47 additions & 0 deletions tests/testthat/test-MHRM-failure-dos.R
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
test_that("autoFIPC fails safely when oldFormModel estimation input is invalid", {
skip_if_not_installed("mirt")

old_data <- data.frame(item1 = rep(0, 100))
new_data <- data.frame(item1 = rep(0, 100))

expect_error(
aFIPC::autoFIPC(
oldformYData = old_data,
newformXData = new_data,
itemtype = '2PL',
oldformCommonItemNames = "item1",
newformCommonItemNames = "item1",
confirmCommonItems = TRUE
),
"Estimation failed. Please check test quality."
)
Comment thread
seonghobae marked this conversation as resolved.
})

test_that("MHRM retry helper fails after the retry limit", {
attempts <- 0L

expect_error(
aFIPC:::.fit_mhrm_with_retries("oldFormModel", 3L, function() {
attempts <<- attempts + 1L
stop("forced failure")
}),
"Estimation failed for oldFormModel after 3 MHRM retries"
)

expect_equal(attempts, 3L)
})

test_that("MHRM retry helper returns a successful retry result", {
attempts <- 0L

result <- aFIPC:::.fit_mhrm_with_retries("newFormModel", 3L, function() {
attempts <<- attempts + 1L
if (attempts < 2L) {
stop("forced failure")
}
"ok"
})

expect_equal(result, "ok")
expect_equal(attempts, 2L)
})
Loading