fix: keep new skill versions pending until VT verdict

steipete · steipete · commit 67ac1575452d · 2026-02-14T02:53:02.000+01:00
diff --git a/convex/llmEval.ts b/convex/llmEval.ts
@@ -251,23 +251,8 @@ export const evaluateWithLlm = internalAction({
       `[llmEval] Evaluated ${skill.slug}@${version.version}: ${result.verdict} (${result.confidence} confidence)`,
     )
 
-    // 10. Update moderation flags — re-read version to get the sha256hash
-    // that VT may have stored while we were evaluating (both run concurrently).
-    const freshVersion = (await ctx.runQuery(internal.skills.getVersionByIdInternal, {
-      versionId: args.versionId,
-    })) as Doc<'skillVersions'> | null
-
-    const sha256hash = freshVersion?.sha256hash ?? version.sha256hash
-    if (sha256hash) {
-      const status = verdictToStatus(result.verdict)
-      if (status === 'malicious' || status === 'suspicious' || status === 'clean') {
-        await ctx.runMutation(internal.skills.approveSkillByHashInternal, {
-          sha256hash,
-          scanner: 'llm',
-          status,
-        })
-      }
-    }
+    // Moderation visibility is finalized by VT results.
+    // LLM eval only stores analysis payload on the version.
   },
 })
 
diff --git a/convex/skills.rateLimit.test.ts b/convex/skills.rateLimit.test.ts
@@ -93,7 +93,7 @@ describe('skills anti-spam guards', () => {
     ).rejects.toThrow(/max 5 new skills per hour/i)
   })
 
-  it('auto-hides suspicious skills from low-trust publishers', async () => {
+  it('keeps suspicious skills visible for low-trust publishers', async () => {
     const patch = vi.fn(async () => {})
     const version = { _id: 'skillVersions:1', skillId: 'skills:1' }
     const skill = {
@@ -147,16 +147,17 @@ describe('skills anti-spam guards', () => {
       { db, scheduler: { runAfter: vi.fn() } } as never,
       {
         sha256hash: 'h'.repeat(64),
-        scanner: 'llm',
+        scanner: 'vt',
         status: 'suspicious',
       } as never,
     )
 
     expect(patch).toHaveBeenCalledWith(
       'skills:1',
       expect.objectContaining({
-        moderationStatus: 'hidden',
-        moderationReason: 'scanner.llm.suspicious',
+        moderationStatus: 'active',
+        moderationReason: 'scanner.vt.suspicious',
+        moderationFlags: ['flagged.suspicious'],
       }),
     )
   })
diff --git a/convex/skills.ts b/convex/skills.ts
@@ -2332,20 +2332,8 @@ export const approveSkillByHashInternal = internalMutation({
       }
 
       const now = Date.now()
-      let shouldHideSuspicious = false
-      if (isSuspicious && !alreadyBlocked && !bypassSuspicious) {
-        if (owner && !owner.deletedAt && !owner.deactivatedAt) {
-          const trustSignals = await getOwnerTrustSignals(ctx, owner, now)
-          shouldHideSuspicious = trustSignals.isLowTrust
-        }
-      }
-
       const qualityLocked = skill.moderationReason === 'quality.low' && !isMalicious
-      const nextModerationStatus = qualityLocked
-        ? 'hidden'
-        : shouldHideSuspicious
-          ? 'hidden'
-          : 'active'
+      const nextModerationStatus = qualityLocked ? 'hidden' : 'active'
       const nextModerationReason = qualityLocked
         ? 'quality.low'
         : bypassSuspicious
@@ -2354,9 +2342,7 @@ export const approveSkillByHashInternal = internalMutation({
       const nextModerationNotes = qualityLocked
         ? (skill.moderationNotes ??
           'Quality gate quarantine is still active. Manual moderation review required.')
-        : shouldHideSuspicious
-          ? 'Auto-hidden: suspicious result from low-trust publisher.'
-          : undefined
+        : undefined
 
       await ctx.db.patch(skill._id, {
         moderationStatus: nextModerationStatus,
diff --git a/convex/vt.ts b/convex/vt.ts
@@ -375,8 +375,6 @@ export const scanWithVirusTotal = internalAction({
           // File exists and has AI analysis - use the verdict
           const verdict = normalizeVerdict(aiResult.verdict)
           const status = verdictToStatus(verdict)
-          const isSafe = status === 'clean'
-
           console.log(
             `Version ${args.versionId} found in VT with AI analysis. Hash: ${sha256hash}. Verdict: ${verdict}`,
           )
@@ -393,14 +391,12 @@ export const scanWithVirusTotal = internalAction({
             },
           })
 
-          // VT is supplementary — only escalate (never override LLM verdict)
-          if (!isSafe && (status === 'malicious' || status === 'suspicious')) {
-            await ctx.runMutation(internal.skills.escalateByVtInternal, {
-              sha256hash,
-              status,
-            })
-          }
-          // Clean VT result: vtAnalysis already written above — don't touch moderation
+          // VT finalizes moderation visibility for newly published versions.
+          await ctx.runMutation(internal.skills.approveSkillByHashInternal, {
+            sha256hash,
+            scanner: 'vt',
+            status,
+          })
           return
         }
 
@@ -578,13 +574,12 @@ export const pollPendingScans = internalAction({
           },
         })
 
-        // VT is supplementary — only escalate for malicious/suspicious
-        if (status === 'malicious' || status === 'suspicious') {
-          await ctx.runMutation(internal.skills.escalateByVtInternal, {
-            sha256hash,
-            status,
-          })
-        }
+        // VT finalizes moderation visibility for newly published versions.
+        await ctx.runMutation(internal.skills.approveSkillByHashInternal, {
+          sha256hash,
+          scanner: 'vt',
+          status,
+        })
         updated++
       } catch (error) {
         console.error(`[vt:pollPendingScans] Error checking hash ${sha256hash}:`, error)
