keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
380 commits 3 branches 11 tags 12 MiB
Commit graph

5 commits

Author SHA1 Message Date
Parfii-bot
5f7a5b2639 fix(wave18): 8 HIGH audit findings closed + three-role pipeline actually built 
47 crates, 801 tests green (up from 771 at v0.34.0). Wave 18 audit
found 8 HIGH findings across architect/critic/security/validator. All
closed. Three-role pipeline REBUILT after validator discovered Wave 16
commit was a half-commit (files claimed but never tracked).

## A. Three-role pipeline (REBUILD — was missing from v0.33.0 despite
      CHANGELOG claim)

Files validator flagged absent: _roles/auditor.toml + merger.toml,
4 _capabilities/{policy/git-ops-scope,output/verdict,output/merge-result,
verify/fork-audit}/text.md, kei-spawn/src/{pipeline,precedent}.rs,
pipeline_smoke.rs + pipeline_unit.rs tests. ALL NOW REAL (verified by
git log --all and `ls`).

- auditor role: claude-subagent-type=critic, handoff=[merger]
- merger role: git-ops scope, claude-subagent-type=infra-implementer,
  leaf (empty handoff)
- 5 capability text.md (+ capability.toml for each) defining contracts
- kei-spawn pipeline.rs (171 LOC): pipeline_from_role, derive_steps,
  emit_pipeline_json, scaffold_downstream_tasks
- kei-spawn precedent.rs (118 LOC): env-gated advisory shell-out
- --pipeline flag on spawn subcommand
- +11 tests (pipeline_smoke + pipeline_unit)

## B. kei-fork — 4 HIGH fixes (Critic F1+F7a, Security #3+#4)

- `git add -A` → explicit path list from ls-untracked + ls-modified,
  with exclusion filter for .DONE / .KEI_FORK_META.toml / _archive/ /
  _forks/. No more merge bleed. +1 regression test.
- create() rollback: on write_meta or ledger_fork failure, worktree
  + branch cleaned. +1 test via KEI_FORK_FORCE_LEDGER_FAIL=1.
- worktree_add arg injection: added `--` sentinel + is_safe_refname()
  validator (refuses dash-leading, NUL, ..). +3 tests.
- PATH hijack: KEI_FORK_GIT_BIN env override for all Command::new(git).
  +1 test.

## C. kei-spawn — 2 HIGH fixes (Security #1+#2)

- HTTP body unbounded DoS: MAX_BODY_BYTES=10MiB + content-length
  pre-check + streamed cap (io::Read::take) for chunked encoding.
  +2 feature-gated tests.
- PATH hijack: KEI_LEDGER_BIN env override already existed at
  ledger_sh.rs:15; documented precedence + added 4 regression tests
  locking the 3-tier lookup order.

## D. kei-ledger-sign — 1 HIGH fix (Security #2)

- save_keypair atomic POSIX open(2) O_CREAT|O_EXCL + mode 0o600 +
  rename(2) into place. No race window where key is world-readable.
  +2 tests.

## E. spawn_from_task rollback (Critic F7b)

- register_in_ledger helper: on ledger fork failure, rollback_task_dir
  before error propagation. +1 test spawn_rolls_back_task_dir_on_ledger_fail.

## Audit summary

- architect: GO conditional (taxonomy 19% — defer)
- critic: HIGH closed, MEDIUM debt logged
- security: 4 HIGH closed; MEDIUM (tar symlink, watcher symlink) tracked
- validator: CHANGELOG no longer lies — three-role pipeline is real
- patent-compliance: GO / LOW risk unchanged

All 8 HIGH blockers from Wave 18 consolidated audit → GREEN.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 20:54:59 +08:00
Parfii-bot
e6ed7f8b8e feat(w9a): bulk-tag 25 primitives with taxonomy facets 
8 capabilities (output/quality/safety/scope/tools) + 12 manifests +
5 roles. Consistent classification per W9-A rules.

Deprecated-alias stubs (tools::cargo-only-bash, tools::read-only)
skipped — no [gate]/[verify] sections.

facet-query results:
  kingdom=capability         → 11 hits (was 3)
  kingdom=capability gate    → 6 hits (was 2)
  kingdom=manifest           → 12 hits (was 0)

Roles tagged but not reachable by current facet_query (walker scans
_capabilities + _manifests). Forward-compat for walker extension.

cargo test -p kei-atom-discovery: 16/16 preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 13:34:16 +08:00
Parfii-bot
e418f1247c feat(tx1): taxonomy + lineage facets schema extension 
Optional [taxonomy] + [lineage] TOML sections on capability.toml and
atom .md frontmatter. Backward-compat — all fields optional, existing
files parse unchanged.

TaxonomyFacets struct (7 facets): kingdom, mechanism, domain, layer,
stage, stability, language.
Lineage struct: parents[], creator, created, fork_from.

AtomMeta extended with taxonomy: Option<TaxonomyFacets> + lineage:
Option<Lineage>.

docs/TAXONOMY.md — canonical vocabulary. Graph-based (DAG with typed
edges), not tree. Multi-faceted nodes allowed.

3 pilot primitives tagged: policy::no-git-ops, quality::cargo-check-green,
tools::bash-allowlist.

Tests: 16/16 (was 12, +4: full/partial/no-facets/parents-array).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 06:10:58 +08:00
Parfii-bot
e4b64418fc feat(convergence/u2): capability renames + back-compat aliases 
Pre-unlock wave U2. Task 3 from CONVERGENCE-PLAN — rename misleading
capability names, keep old names as deprecated aliases.

Renames:
- tools::read-only → tools::deny-tools (mechanism is tool-name denial,
  not "read-only" metaphor)
- tools::cargo-only-bash → tools::bash-allowlist (mechanism is Bash
  pattern allow-list; cargo-only is one config value)

Back-compat via registry.resolve_alias():
- Old dir _capabilities/tools/{read-only,cargo-only-bash}/ retained with
  capability.toml-only stub: `alias = "<new-name>"` + `deprecated` field
- registry.rs loads alias stubs, redirects lookup before dispatch
- warn_deprecated_once() emits single-shot stderr per alias per process
  via OnceLock<Mutex<HashSet>>
- Zero breaking change to existing manifests / task.toml referencing
  old names

Rust impl files renamed in place:
- gates/tools_read_only.rs → gates/tools_deny_tools.rs (struct
  DenyTools)
- gates/tools_cargo_only_bash.rs → gates/tools_bash_allowlist.rs
  (struct BashAllowlist)
- gates/mod.rs + registry.rs + gate_smoke.rs updated

Roles updated (3): read-only.toml, explorer.toml, edit-local.toml —
reference new names directly.

Tests: kei-agent-runtime 41/41 (was 40, +1 deprecated_aliases_resolve
_to_new_names), _assembler 40/40 unchanged (substrate role expansion
follows new paths).

Docs updated: AGENT-ROLES.md, AGENT-SUBSTRATE-SCHEMA.md, 4 _manifests
referencing the old names (comment-only annotations).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 03:43:40 +08:00
Parfii-bot
c0c3483f02 feat(agent-substrate/phase-1): capability library — 11 declarative bundles 
22 files per locked §Initial capability atom inventory:

policy/no-git-ops/               (gate: PreToolUse:Bash, bypass ORCHESTRATOR_META)
scope/files-whitelist/           (gate + verify worktree)
scope/files-denylist/            (gate + verify worktree)
quality/constructor-pattern/     (verify worktree)
quality/cargo-check-green/       (verify both — worktree short-circuit + simulated-merge)
quality/tests-green/             (verify both)
safety/no-dep-bump/              (gate + verify both)
output/report-format/            (verify worktree)
output/severity-grade/           (verify worktree)
tools/read-only/                 (gate: deny Edit/Write)
tools/cargo-only-bash/           (gate: Bash allowlist)

All capability.toml share [capability]/[restricts]/[parameterized]/[text]/
[gate]/[verify] section layout. rust-module paths pre-wired to match
phase-3 file layout. All text.md under 200 words, imperative,
self-contained (composer concatenates with --- separator).

Cross-refs to rule files preserved:
- policy::no-git-ops → RULE 0.13 (orchestrator-branch-first.md)
- quality::constructor-pattern → RULE ZERO (code-style.md)
- output::severity-grade → debugging.md §Security Review
- safety::no-dep-bump → supply-chain rationale

Agent attempted wc -w for word counts — sandbox correctly denied Bash
per RULE 0.13, observable reinforcement of the very policy this
capability encodes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 02:35:52 +08:00