fix(security): patent-leak + classical-safety audit fixes

PATENT-LEAK (HIGH):
- hooks/no-python-without-approval.sh: genesis-verify пример → my-project
- docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR»
PATENT-LEAK (MEDIUM):
- CHANGELOG: project-vortex → reduced scope
- _blocks/registries (submodule bump): убраны имена приватных
  project-specialists из комментария agent-profiles.toml
- docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL

CLASSICAL-SAFETY (MEDIUM):
- install/lib-preflight.sh: eval "$version_cmd" → bash -c "..."
  (защита от инъекции если providers.toml расширят)
- _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp
  (устраняет symlink TOCTOU race)
- web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log
  (Forgejo admin creds + токены в логе)
- scripts/regen-counts.sh: eval "$1" → bash -c

NOT FIXED (требуют действий юзера):
- HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat
  возможен пока не задан NPM_TOKEN и не сделан publish
- HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен
- LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo
  файлах — intentional contact, оставлен

Локальный git author установлен на parfionovich@keilab.io вместо
parfionovichd@icloud.com (только для будущих коммитов в этом репо).

CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes are tagged via `git tag v*`. This file tracks unreleased wor
 
 ## Unreleased
 
-- `chore(docs)`: regenerate DNA-INDEX without project-vortex (`302ca661`)
+- `chore(docs)`: regenerate DNA-INDEX (reduced scope) (`302ca661`)
 - `fix(kei-conflict-scan)`: close 3 backlog bugs + Phase C draft emission (`f354aacc`)
 - `feat(kei-buddy)`: conversational LLM-driven flow + kei-sage retrieval graph-RAG (`b61b17ea`)
 - `feat(contacts)`: glue sync + Google pagination + Apple discovery + folding (`06bcce99`)

_blocks/registries

@@ -1 +1 @@
-Subproject commit afe0c6f1183deaf4d3947bb6a4bf279a6bf9418e
+Subproject commit c5590658ee636398c512ce2b25d8aedb3212a9b6

_primitives/provision-hetzner.sh

@@ -108,9 +108,12 @@ cmd_create() {
   [ -n "$user_data" ] && { [ -r "$user_data" ] || die "user-data not readable: $user_data" 1; args+=(--user-data-from-file "$user_data"); }
 
   log "creating '$name' ($type @ $location, image=$image)…"
-  hcloud "${args[@]}" -o json >/tmp/provision-hetzner-$$.json
-  local ip; ip=$(jq -r '.server.public_net.ipv4.ip' /tmp/provision-hetzner-$$.json)
-  rm -f /tmp/provision-hetzner-$$.json
+  # mktemp вместо /tmp/$$ — устраняет symlink-race TOCTOU (security MEDIUM
+  # audit 2026-05-18).
+  local tmpf; tmpf=$(mktemp /tmp/provision-hetzner.XXXXXX.json) || return 1
+  hcloud "${args[@]}" -o json >"$tmpf"
+  local ip; ip=$(jq -r '.server.public_net.ipv4.ip' "$tmpf")
+  rm -f "$tmpf"
   [ "$ip" != "null" ] && [ -n "$ip" ] || die "create returned no IPv4 (check stderr)"
   log "created '$name' → $ip"
   echo "$ip"

_primitives/provision-vultr.sh

@@ -130,9 +130,12 @@ cmd_create() {
   fi
 
   log "creating '$label' ($plan @ $region, os=$os_id)…"
-  vultr-cli "${args[@]}" -o json >/tmp/provision-vultr-$$.json
-  local ip; ip=$(jq -r '.instance.main_ip' /tmp/provision-vultr-$$.json)
-  rm -f /tmp/provision-vultr-$$.json
+  # mktemp вместо /tmp/$$ — устраняет symlink-race TOCTOU (security MEDIUM
+  # audit 2026-05-18).
+  local tmpf; tmpf=$(mktemp /tmp/provision-vultr.XXXXXX.json) || return 1
+  vultr-cli "${args[@]}" -o json >"$tmpf"
+  local ip; ip=$(jq -r '.instance.main_ip' "$tmpf")
+  rm -f "$tmpf"
   # Vultr assigns IP asynchronously — re-poll if empty.
   if [ "$ip" = "" ] || [ "$ip" = "null" ] || [ "$ip" = "0.0.0.0" ]; then
     log "IP pending — polling instance status up to 60s…"

docs/encyclopedia/rust-crates-H-N.md

@@ -8,7 +8,7 @@ Alphabetically-indexed catalogue of production Rust crates in `_primitives/_rust
 |-------|-----------------|-----------------|-------------|----------------------|
 | **kei-hibernate** | Whole-brain export/import — tar.zst bundle of KeiSeiKit state (Wave 14) | `export()`, `import()`, `inspect()`, `HibernateManifest` | Full system backup/restore across machines; preserving SQLite stores + capabilities + roles + agents + skills + hooks | tar, zstd, rusqlite, sha2 |
 | **kei-import-project** | Foreign project ingestion runtime — clone repo, walk tree, identify language modules, register in kei-registry | `identify_modules()`, `walk_repo()`, `build_plan()`, `render_gap_report()`, `extract_skills()`, `register_modules()` | Onboarding external codebases into KeiSei; composition with kei-registry / kei-decompose / kei-skill-importer for architecture mapping and migration planning | kei-shared, kei-registry, kei-decompose, walkdir, regex |
-| **kei-leak-matrix** | Single source of truth for content protection rules — scanner, substituter, lint, list | `scan_file()`, `scan_tree()`, `scan_string()`, `substitute()`, `Matrix`, `Violation` | Security pre-commit scanning (Genesis IP, patent terms, credentials, ITAR); enforces `security/leak-matrix.toml` SSoT across hooks (no-github-push, sync-public.sh, secrets-guard) | regex, walkdir, clap |
+| **kei-leak-matrix** | Single source of truth for content protection rules — scanner, substituter, lint, list | `scan_file()`, `scan_tree()`, `scan_string()`, `substitute()`, `Matrix`, `Violation` | Security pre-commit scanning (proprietary-term scanning, credentials, compliance rules); enforces `security/leak-matrix.toml` SSoT across hooks (no-github-push, sync-public.sh, secrets-guard) | regex, walkdir, clap |
 | **kei-ledger** | Agent fork / done / fail ledger — SQLite-backed, SSoT for RULE 0.12 (v0.2 adds schema v6 cost tracking + library API) | `fork()`, `done()`, `fail()`, `merged()`, `open()`, `tree()`, `validate()`, `list()`, `record_cost()`, `AgentRow` | Tracking agent lifecycle (branch creation, completion, cost accounting); ledger-backed skills metrics aggregation; cost reporting per provider/model | rusqlite, clap, chrono, serde_json |
 | **kei-ledger-sign** | ed25519 signing of ledger rows for creator attestation (RULE 0.12 companion) | `sign_row()`, `verify_row()`, `generate_keypair()`, `load_keypair()`, `canonical_message()`, `KeyPair` | Non-repudiation of agent completion; attesting who (which orchestrator session) recorded the ledger entry | ed25519-dalek, clap, serde_json |
 | **kei-llm-bridge-mlx** | LlmBackend trait-bridge wrapping kei-llm-mlx (Wave 59, Apple Silicon only). Wave 4 atomar. | `MlxBridge`, bridged trait impl `LlmBackend` | Abstracting `kei-llm-mlx` shell-out behind the generic `LlmBackend` trait for kei-runtime-core consumers; macOS-only gate | kei-llm-mlx, kei-runtime-core, kei-shared, async-trait |

docs/encyclopedia/skills-and-agents.md

@@ -105,7 +105,7 @@
 | 19 | infra-implementer-container | Container specialist. Docker, Podman, multi-stage, image optimization, registry, scanning, K8s workloads. | Containerized projects | NOT CI-only, NOT IaC-only |
 | 20 | infra-implementer-iac | Infrastructure-as-code specialist. Terraform, Ansible, CloudFormation, state management, drift detection. | All infrastructure projects | NOT manual ops, NOT CI-only |
 | 21 | infra-implementer-secrets | Secrets + credentials management. Vault, sealed-secrets, env rotations, compliance (GDPR, SOC2, HIPAA). | All projects handling sensitive data | NOT code-writing, NOT deployment gates |
-| 22 | ml-implementer | ML training/inference implementation. Modal jobs, experiment runners, Math-First paradigm, Pre-Experiment Check, observability-first. | ML/RL/CfC projects | NOT physics, NOT code-writing generically, NOT infra-only |
+| 22 | ml-implementer | ML training/inference implementation. Modal jobs, experiment runners, Math-First paradigm, Pre-Experiment Check, observability-first. | ML/RL projects | NOT physics, NOT code-writing generically, NOT infra-only |
 | 23 | ml-researcher | ML research specialist. Paper analysis, experiment design, architecture search, hyperparameter optimization, literature synthesis. | ML/RL projects | NOT production training, NOT code-writing |
 | 24 | modal-runner | Modal infrastructure orchestration. Job spawning, volume management, GPU selection, cost estimation, result collection. | Modal-based ML/compute projects | NOT code-writing, NOT training logic |
 | 25 | researcher | Open-ended research. Literature, web, code analysis. Evidence grading E1-E6. | All research-heavy projects | NOT code-writing, NOT decision-making |

hooks/no-python-without-approval.sh

@@ -37,7 +37,7 @@ RULE 0.2 Rust First:
   node, или существующий Rust-код в проекте.
 
 Approved alternatives BEFORE retrying:
-  • Rust one-shot:  write genesis-verify/examples/xxx.rs, cargo run
+  • Rust one-shot:  write my-project/examples/foo.rs, cargo run
   • Shell math:     awk 'BEGIN{printf "%.10f\n", ...}'
   • Arbitrary prec: bc -l / dc
   • JSON munge:     jq '.path.to.value'

install/lib-preflight.sh

@@ -70,7 +70,9 @@ preflight_check_cli() {
     # После install проверяем что бинарь появился в PATH.
     command -v "$bin" >/dev/null 2>&1 || return 1
   fi
-  echo "  ✓ $label: $(eval "$version_cmd" 2>&1 | head -1)" >&2
+  # bash -c вместо eval: explicit subshell, не word-splitится в текущем
+  # процессе (security MEDIUM-3 audit 2026-05-18).
+  echo "  ✓ $label: $(bash -c "$version_cmd" 2>&1 | head -1)" >&2
   return 0
 }
 

scripts/regen-counts.sh

@@ -44,7 +44,7 @@ count_profile() {
   ' "$MANIFEST"
 }
 
-count_files() { eval "$1" | wc -l | tr -d ' '; }
+count_files() { bash -c "$1" | wc -l | tr -d ' '; }   # bash -c вместо eval (security audit LOW 2026-05-18)
 
 RUST_CRATES=$(count_rust_crates)
 RUST_PRIMITIVES=$(count_primitive_kind rust)

web-install.sh

@@ -39,6 +39,10 @@ done
 
 LOG="$HOME/.keisei-install.log"
 mkdir -p "$(dirname "$LOG")"
+# chmod 600 чтобы Forgejo admin creds в логе не были world-readable
+# (security MEDIUM audit 2026-05-18).
+( umask 077 && : > "$LOG" )
+chmod 600 "$LOG" 2>/dev/null || true
 exec > >(tee -a "$LOG") 2>&1
 
 say() { printf "\033[1;36m[web-install]\033[0m %s\n" "$*"; }