KeiSeiKit-1.0

keisei/KeiSeiKit-1.0

Fork 0

Commit graph

Author	SHA1	Message	Date
Denis Parfionovich	e185af7116	fix(security): patent-leak + classical-safety audit fixes PATENT-LEAK (HIGH): - hooks/no-python-without-approval.sh: genesis-verify пример → my-project - docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR» PATENT-LEAK (MEDIUM): - CHANGELOG: project-vortex → reduced scope - _blocks/registries (submodule bump): убраны имена приватных project-specialists из комментария agent-profiles.toml - docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL CLASSICAL-SAFETY (MEDIUM): - install/lib-preflight.sh: eval "$version_cmd" → bash -c "..." (защита от инъекции если providers.toml расширят) - _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp (устраняет symlink TOCTOU race) - web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log (Forgejo admin creds + токены в логе) - scripts/regen-counts.sh: eval "$1" → bash -c NOT FIXED (требуют действий юзера): - HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat возможен пока не задан NPM_TOKEN и не сделан publish - HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен - LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo файлах — intentional contact, оставлен Локальный git author установлен на parfionovich@keilab.io вместо parfionovichd@icloud.com (только для будущих коммитов в этом репо).	2026-05-18 12:05:25 +08:00
Parfii-bot	368df5b918	docs: add 6-file substrate encyclopedia (1739 LOC) Generated by parallel Haiku writer agents during 4-wave audit; covers the substrate at the top-down explanatory level the reviewer asked for. - substrate-overview.md (425 LOC) — top-down: what runs at install, daily, nightly; data-flow ASCII diagrams; how the 4 layers fit - hooks-and-blocks.md (394 LOC) — every hook + every assembler block, with trigger event + severity + rule reference - rust-crates-A-G.md (507 LOC) — first third of the 106 crates, one paragraph per crate - rust-crates-H-N.md (194 LOC) — middle third - rust-crates-O-Z.md (59 LOC) — last third (smaller because alphabet) - skills-and-agents.md (160 LOC) — 67 skills + 43 agent manifests, one row each Encyclopedia complements the auto-generated DNA-INDEX.md: that file is mechanical (count + DNA prefix + sha8), this is narrative (what does this thing do, when does it fire, how to use it). Username-path leaks scrubbed via sed pre-commit: - /Users/<user>/Projects/KeiSeiKit-public/ → <repo>/ - /Users/<user>/ → <home>/ Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 17:00:28 +08:00

Author

SHA1

Message

Date

Denis Parfionovich

e185af7116

fix(security): patent-leak + classical-safety audit fixes

PATENT-LEAK (HIGH):
- hooks/no-python-without-approval.sh: genesis-verify пример → my-project
- docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR»
PATENT-LEAK (MEDIUM):
- CHANGELOG: project-vortex → reduced scope
- _blocks/registries (submodule bump): убраны имена приватных
  project-specialists из комментария agent-profiles.toml
- docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL

CLASSICAL-SAFETY (MEDIUM):
- install/lib-preflight.sh: eval "$version_cmd" → bash -c "..."
  (защита от инъекции если providers.toml расширят)
- _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp
  (устраняет symlink TOCTOU race)
- web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log
  (Forgejo admin creds + токены в логе)
- scripts/regen-counts.sh: eval "$1" → bash -c

NOT FIXED (требуют действий юзера):
- HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat
  возможен пока не задан NPM_TOKEN и не сделан publish
- HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен
- LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo
  файлах — intentional contact, оставлен

Локальный git author установлен на parfionovich@keilab.io вместо
parfionovichd@icloud.com (только для будущих коммитов в этом репо).

2026-05-18 12:05:25 +08:00

Parfii-bot

368df5b918

docs: add 6-file substrate encyclopedia (1739 LOC)

Generated by parallel Haiku writer agents during 4-wave audit; covers the
substrate at the top-down explanatory level the reviewer asked for.

- substrate-overview.md (425 LOC) — top-down: what runs at install,
  daily, nightly; data-flow ASCII diagrams; how the 4 layers fit
- hooks-and-blocks.md (394 LOC) — every hook + every assembler block,
  with trigger event + severity + rule reference
- rust-crates-A-G.md (507 LOC) — first third of the 106 crates, one
  paragraph per crate
- rust-crates-H-N.md (194 LOC) — middle third
- rust-crates-O-Z.md (59 LOC) — last third (smaller because alphabet)
- skills-and-agents.md (160 LOC) — 67 skills + 43 agent manifests,
  one row each

Encyclopedia complements the auto-generated DNA-INDEX.md: that file
is mechanical (count + DNA prefix + sha8), this is narrative
(what does this thing do, when does it fire, how to use it).

Username-path leaks scrubbed via sed pre-commit:
- /Users/<user>/Projects/KeiSeiKit-public/ → <repo>/
- /Users/<user>/                            → <home>/

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-03 17:00:28 +08:00

2 commits