Parfii-bot
10bc799d26
feat(primitives): genesis-scan Rust — sensitive IP leak detector (CI/pre-commit)
...
26 forbidden patterns synced with ~/.claude/hooks/genesis-leak-guard.sh.
7 exempt scopes (KeiLab/theory/ml-keilab chatlogs/keinet-cfc-eigen/keinet-gpu-wgpu).
CLI: --path, --staged, --stdin, --format=human|json|github-actions, --exit-on-hit.
Self-reference resolved via EXEMPT_SUBSTRINGS + tempfile fixtures with runtime-assembled strings.
7/7 tests pass.
2026-04-22 01:01:56 +08:00
Parfii-bot
c89352c87c
Merge branch 'feat/frontend-v040' — 4 stacks + 3 Rust + 5 shell + 17 skills + /site-create (partial)
...
Cargo.lock regenerated after 8-crate workspace merge.
2026-04-21 21:17:19 +08:00
Parfii-bot
19850e1a45
Merge branch 'feat/v0.5-vm-security' — 7 blocks + 3 shell + 2 Rust + /vm-provision
...
Workspace Cargo.toml reconciled: all 8 crates (kei-ledger, kei-migrate, kei-changelog, ssh-check, firewall-diff, mock-render, visual-diff, tokens-sync) as members.
2026-04-21 21:15:49 +08:00
Parfii-bot
e5d565a11e
Merge branch 'feat/v0.7-docs' — 5 blocks + kei-docs-scaffold + kei-changelog Rust + /docs-scaffold
2026-04-21 21:15:05 +08:00
Parfii-bot
f205a12348
Merge branch 'feat/v0.6-database' — 5 blocks + kei-migrate Rust + /schema-design
2026-04-21 21:14:50 +08:00
Parfii-bot
ebf841c7d9
feat(primitives): 3 Rust cubes — mock-render, visual-diff, tokens-sync
2026-04-21 21:07:45 +08:00
Parfii-bot
be20f5ba46
feat(primitives): kei-docs-scaffold shell + kei-changelog Rust
2026-04-21 21:01:28 +08:00
Parfii-bot
521659bbfb
feat(primitives): 2 Rust verification cubes
...
- ssh-check — parse sshd_config + drop-ins, merge last-wins, lint against
hardened baseline (pw-auth=no, root=prohibit-password, maxauthtries≤3,
AllowUsers whitelist, no CBC ciphers, ETM MACs, no ssh-rsa host key).
4 modules: main (clap CLI) + parse + rules + check. Tests: 9 pass
(hardened baseline, password-auth-yes-fails, cbc-cipher-fails,
allow-users-not-in-whitelist-fails, missing-required-fails, etc.).
- firewall-diff — diff intent YAML against `ufw status numbered` output.
Defensive-only (never runs ufw). Stdin or --status-file input. Parses
(v6) families, normalises "Anywhere"→"any". Exit 2 on any missing/
extra rule. 4 modules: main + intent + ufw + diff. Tests: 8 pass
(load-minimal-intent, exact-match-clean, missing-rule-surfaced,
extra-live-rule-surfaced, inactive-ufw-fails, integration).
Workspace: clap 4 + serde + serde_yaml + serde_json. release opt-level=z,
LTO, strip. Constructor Pattern: largest file check.rs 213 LOC (93 non-
test); every function under 30 LOC.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 21:00:01 +08:00
Parfii-bot
c801715a49
feat(primitives): kei-ledger Rust SQLite agent ledger
...
SSoT for RULE 0.12 (agent git-model). Every non-trivial Agent invocation
logs a fork row; merge ceremony validates the 6-file artefact bundle.
CLI: init / fork / done / fail / merged / list / tree / validate.
Storage: ~/.claude/agents/ledger.sqlite (override via KEI_LEDGER_DB).
Schema versioned via PRAGMA user_version.
Tests: 9/9 passing (fork+done, fail flow, tree walk, list filter,
validate missing/complete, duplicate-id reject, done idempotency,
merged transition). cargo test --release 0.01s.
Constructor Pattern: schema.rs 50, ledger.rs 170, main.rs 177,
integration.rs 147 — all under 200 LOC.
Workspace update: adds kei-ledger to _primitives/_rust members list.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:52:20 +08:00
Parfii-bot
df857923d4
feat(primitives): kei-migrate Rust universal migration runner
...
Single binary, three backends (Postgres/SQLite/MySQL) autodetected
from DATABASE_URL scheme. Sequential .sql migrations tracked in
_kei_migrations with SHA-256 checksums.
Commands:
kei-migrate up — apply pending
kei-migrate down [n] — revert last N (requires .down.sql)
kei-migrate status — list applied vs pending
kei-migrate create <name> — scaffold up+down pair with UTC ts
Constructor Pattern: 10 source files, all <90 LOC, functions <30 LOC.
Deps: sqlx 0.8 (any+postgres+sqlite+mysql, rustls), clap 4, chrono,
sha2, anyhow, tokio.
Tests: 9/9 passing (cargo test, SQLite backend).
Clippy clean: cargo clippy --all-targets -- -D warnings.
Safety features:
- checksum drift detection on applied migrations
- IRREVERSIBLE marker blocks down-revert
- duplicate version detection at scan time
- each migration in its own transaction
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:35:29 +08:00
