KeiSeiKit-1.0

keisei/KeiSeiKit-1.0

Fork 0

Commit graph

Author	SHA1	Message	Date
KeiSei84	9bf575f94e	docs: catch up README + CHANGELOG + encyclopedia to v0.45 (mirror of keigit fdb84f24)	2026-05-27 00:49:37 +08:00
Denis Parfionovich	e185af7116	fix(security): patent-leak + classical-safety audit fixes PATENT-LEAK (HIGH): - hooks/no-python-without-approval.sh: genesis-verify пример → my-project - docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR» PATENT-LEAK (MEDIUM): - CHANGELOG: project-vortex → reduced scope - _blocks/registries (submodule bump): убраны имена приватных project-specialists из комментария agent-profiles.toml - docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL CLASSICAL-SAFETY (MEDIUM): - install/lib-preflight.sh: eval "$version_cmd" → bash -c "..." (защита от инъекции если providers.toml расширят) - _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp (устраняет symlink TOCTOU race) - web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log (Forgejo admin creds + токены в логе) - scripts/regen-counts.sh: eval "$1" → bash -c NOT FIXED (требуют действий юзера): - HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat возможен пока не задан NPM_TOKEN и не сделан publish - HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен - LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo файлах — intentional contact, оставлен Локальный git author установлен на parfionovich@keilab.io вместо parfionovichd@icloud.com (только для будущих коммитов в этом репо).	2026-05-18 12:05:25 +08:00
Parfii-bot	f34f6abfb2	chore(prod-prep): root docs (CHANGELOG/CONTRIBUTING/SECURITY) + cargo update Root-level docs added per production-readiness audit: - CHANGELOG.md — unreleased + pointer to git tags - CONTRIBUTING.md — setup + PR checklist + Constructor Pattern - SECURITY.md — reporting channel + threat model + known RUSTSEC list cargo update applied: 19 patch/minor bumps (base64urlsafedata, blake3, cc, crc-catalog, digest, filetime, h2, hashbrown, hybrid-array, idna_adapter, js-sys, kqueue-sys, libc, nix, openssl, openssl-sys, pin-project, pin-project-internal, redox_syscall). 9 RUSTSEC advisories from transitive deps remain (rsa 0.9 Marvin, rustls-webpki x5, sqlx 0.8 Binary Protocol, async-std discontinued, lru unsound IterMut, fxhash/instant unmaintained) — require major-version bumps in direct deps, tracked in SECURITY.md "Known advisories" section.	2026-05-12 20:41:13 +08:00

Author

SHA1

Message

Date

KeiSei84

9bf575f94e

docs: catch up README + CHANGELOG + encyclopedia to v0.45 (mirror of keigit fdb84f24)

2026-05-27 00:49:37 +08:00

Denis Parfionovich

e185af7116

fix(security): patent-leak + classical-safety audit fixes

PATENT-LEAK (HIGH):
- hooks/no-python-without-approval.sh: genesis-verify пример → my-project
- docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR»
PATENT-LEAK (MEDIUM):
- CHANGELOG: project-vortex → reduced scope
- _blocks/registries (submodule bump): убраны имена приватных
  project-specialists из комментария agent-profiles.toml
- docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL

CLASSICAL-SAFETY (MEDIUM):
- install/lib-preflight.sh: eval "$version_cmd" → bash -c "..."
  (защита от инъекции если providers.toml расширят)
- _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp
  (устраняет symlink TOCTOU race)
- web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log
  (Forgejo admin creds + токены в логе)
- scripts/regen-counts.sh: eval "$1" → bash -c

NOT FIXED (требуют действий юзера):
- HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat
  возможен пока не задан NPM_TOKEN и не сделан publish
- HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен
- LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo
  файлах — intentional contact, оставлен

Локальный git author установлен на parfionovich@keilab.io вместо
parfionovichd@icloud.com (только для будущих коммитов в этом репо).

2026-05-18 12:05:25 +08:00

Parfii-bot

f34f6abfb2

chore(prod-prep): root docs (CHANGELOG/CONTRIBUTING/SECURITY) + cargo update

Root-level docs added per production-readiness audit:
- CHANGELOG.md — unreleased + pointer to git tags
- CONTRIBUTING.md — setup + PR checklist + Constructor Pattern
- SECURITY.md — reporting channel + threat model + known RUSTSEC list

cargo update applied: 19 patch/minor bumps (base64urlsafedata, blake3, cc,
crc-catalog, digest, filetime, h2, hashbrown, hybrid-array, idna_adapter,
js-sys, kqueue-sys, libc, nix, openssl, openssl-sys, pin-project,
pin-project-internal, redox_syscall).

9 RUSTSEC advisories from transitive deps remain (rsa 0.9 Marvin,
rustls-webpki x5, sqlx 0.8 Binary Protocol, async-std discontinued,
lru unsound IterMut, fxhash/instant unmaintained) — require major-version
bumps in direct deps, tracked in SECURITY.md "Known advisories" section.

2026-05-12 20:41:13 +08:00

3 commits