Repo-guardrails allowlist blocked legitimate files as false-positive violations
DomainDEVOPS
ImpactLow
Error Signature
Guardrail check reports false-positive violations for legitimate, already-reviewed repository files
control-plane's repo-guardrails.json is an explicit allowlist of top-level paths permitted in the repository. Several files that legitimately needed to exist were missing from this allowlist, causing the guardrail check to flag them as violations even though they were intentional, reviewed additions.
Root Cause
repo-guardrails.json enforces a closed allowlist model (anything not explicitly listed is flagged), so any new legitimate top-level file or directory must be added to the manifest in the same change that introduces it - these entries had been missed.
Solution Steps
- Add the missing legitimate paths to the topLevel.allowed array in data/manifests/repo-guardrails.json.
- Confirm the manifest is valid JSON with a real, populated allowlist.
Validation
[object Object]
Rollback
[object Object]
Ecosystem: devops
License: CC-BY-4.0
Last updated: Jul 6, 2026