KeiSeiKit-1.0

keisei/KeiSeiKit-1.0

Fork 0

Commit graph

Author	SHA1	Message	Date
Parfii-bot	fc03c98408	chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) Two related changes: 1. Author email update across the kit - All `info@greendragon.info` references replaced with `parfionovich@keilab.io` - Touched: NOTICE, README.md, _ts_packages/package.json (and 5 adapter packages), plus 90+ Cargo.toml files - Apache-2.0 attribution unchanged (Denis Parfionovich, 2026) 2. Cargo workspace.package SSoT for author/license/repository/homepage - Added to [workspace.package]: authors = ["Denis Parfionovich <parfionovich@keilab.io>"] license = "Apache-2.0" repository = "https://github.com/KeiSei84/KeiSeiKit-1.0" homepage = "https://github.com/KeiSei84/KeiSeiKit-1.0" - All ~89 member crates migrated from inline declarations to: authors.workspace = true license.workspace = true (repository/homepage where applicable) - Closes audit gap: kei-graph-stream, kei-cortex, kei-shared previously had no license field at the crate level, blocking `cargo publish` on those. Now they inherit Apache-2.0 from workspace. - kei-scheduler/Cargo.toml: removed stray duplicate `authors` line introduced by an earlier migration sweep. cargo check --workspace: clean. No code changes; metadata-only migration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 13:55:28 +08:00
Parfii-bot	913d62c280	fix(security): RCE allowlist + WebSocket auth + SSH option-injection Group D — three independent security primitives hardening (post-audit 2026-05-02). kei-runtime — atom invoke RCE allowlist: - invoke.rs: is_safe_crate_name validator (regex ^kei-[a-z][a-z0-9-]+$); rejects /, \\, .., :, absolute paths, empty, >128 chars. InvalidAtom error variant. stdout/stderr capped at 16 MiB (was unbounded). - main.rs: InvalidAtom mapped to exit code 2. - tests/invoke_exit_codes_smoke.rs: invoke_unsafe_crate_name_exits_2 added. - Closes: any user able to write atoms/*.md with crate_name: "rm" or "sudo" triggered arbitrary command execution. kei-graph-stream — WebSocket bearer + Origin: - auth.rs (new, 142 LOC): token load + bearer extraction + Origin allowlist + ConstantTimeEq compare; 8 unit tests. - ws.rs: ws_handler validates Origin + bearer before upgrade (403/401 on failure). - main.rs: --public-bind-i-accept-the-leak flag required for non-loopback bind; else bail!() with explicit error. - tests/smoke.rs: rewritten with Origin + bearer headers via connect_async_with_config. - Closes: WebSocket /stream had zero auth, zero Origin check; browser CSWSH could subscribe to agent activity broadcast; KEI_GRAPH_STREAM_BIND env silently accepted any SocketAddr. kei-compute-baremetal — SSH option injection (CVE-2023-51385 class): - ssh.rs: is_safe_user + is_safe_host validators (alphanumeric + -_.; reject leading -; max 64 chars; no @, :, /, \\, space). - ssh.rs: -- sentinel before user@host argv (OpenSSH 9.6+ stops flag parsing). - ssh.rs: StrictHostKeyChecking=yes default; KEI_BAREMETAL_ACCEPT_NEW=1 for TOFU. - error.rs: InvalidRegion variant. - provider.rs: validators applied in target_for_spec + target_for_handle. - Closes: spec.region "-oProxyCommand=evil" triggered local RCE before TCP connect. Test results: 29 passed; 0 failed across all three crates. cargo check clean. Findings: RCE allowlist (Wave-A) + WebSocket auth (Wave-B) + SSH injection (Wave-B) were unique-per-retest discoveries. None present in original wave-1 audit. Note: kei-compute-baremetal/src/provider.rs at 300 LOC (was 268; +32 from validators). Pre-existing >200 LOC violation, fix scope was security-additions only. Follow-up: split provider.rs into provider.rs (<200) + provider_tests.rs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-02 21:40:24 +08:00
Parfii-bot	a4e667de10	KeiSeiKit-public — clean state Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.	2026-05-01 12:09:03 +08:00

Author

SHA1

Message

Date

Parfii-bot

fc03c98408

chore: author email + Cargo metadata SSoT (parfionovich@keilab.io)

Two related changes:

1. Author email update across the kit
   - All `info@greendragon.info` references replaced with `parfionovich@keilab.io`
   - Touched: NOTICE, README.md, _ts_packages/package.json (and 5 adapter packages),
     plus 90+ Cargo.toml files
   - Apache-2.0 attribution unchanged (Denis Parfionovich, 2026)

2. Cargo workspace.package SSoT for author/license/repository/homepage
   - Added to [workspace.package]:
     authors    = ["Denis Parfionovich <parfionovich@keilab.io>"]
     license    = "Apache-2.0"
     repository = "https://github.com/KeiSei84/KeiSeiKit-1.0"
     homepage   = "https://github.com/KeiSei84/KeiSeiKit-1.0"
   - All ~89 member crates migrated from inline declarations to:
     authors.workspace    = true
     license.workspace    = true
     (repository/homepage where applicable)
   - Closes audit gap: kei-graph-stream, kei-cortex, kei-shared previously had no
     license field at the crate level, blocking `cargo publish` on those.
     Now they inherit Apache-2.0 from workspace.
   - kei-scheduler/Cargo.toml: removed stray duplicate `authors` line introduced
     by an earlier migration sweep.

cargo check --workspace: clean. No code changes; metadata-only migration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-03 13:55:28 +08:00

Parfii-bot

913d62c280

fix(security): RCE allowlist + WebSocket auth + SSH option-injection

Group D — three independent security primitives hardening (post-audit 2026-05-02).

kei-runtime — atom invoke RCE allowlist:
- invoke.rs: is_safe_crate_name validator (regex ^kei-[a-z][a-z0-9-]+$);
             rejects /, \\, .., :, absolute paths, empty, >128 chars.
             InvalidAtom error variant.
             stdout/stderr capped at 16 MiB (was unbounded).
- main.rs: InvalidAtom mapped to exit code 2.
- tests/invoke_exit_codes_smoke.rs: invoke_unsafe_crate_name_exits_2 added.
- Closes: any user able to write atoms/*.md with crate_name: "rm" or "sudo"
           triggered arbitrary command execution.

kei-graph-stream — WebSocket bearer + Origin:
- auth.rs (new, 142 LOC): token load + bearer extraction + Origin allowlist +
                            ConstantTimeEq compare; 8 unit tests.
- ws.rs: ws_handler validates Origin + bearer before upgrade (403/401 on failure).
- main.rs: --public-bind-i-accept-the-leak flag required for non-loopback bind;
            else bail!() with explicit error.
- tests/smoke.rs: rewritten with Origin + bearer headers via connect_async_with_config.
- Closes: WebSocket /stream had zero auth, zero Origin check; browser CSWSH could
           subscribe to agent activity broadcast; KEI_GRAPH_STREAM_BIND env silently
           accepted any SocketAddr.

kei-compute-baremetal — SSH option injection (CVE-2023-51385 class):
- ssh.rs: is_safe_user + is_safe_host validators (alphanumeric + -_.; reject leading -;
           max 64 chars; no @, :, /, \\, space).
- ssh.rs: -- sentinel before user@host argv (OpenSSH 9.6+ stops flag parsing).
- ssh.rs: StrictHostKeyChecking=yes default; KEI_BAREMETAL_ACCEPT_NEW=1 for TOFU.
- error.rs: InvalidRegion variant.
- provider.rs: validators applied in target_for_spec + target_for_handle.
- Closes: spec.region "-oProxyCommand=evil" triggered local RCE before TCP connect.

Test results: 29 passed; 0 failed across all three crates. cargo check clean.

Findings: RCE allowlist (Wave-A) + WebSocket auth (Wave-B) + SSH injection (Wave-B)
were unique-per-retest discoveries. None present in original wave-1 audit.

Note: kei-compute-baremetal/src/provider.rs at 300 LOC (was 268; +32 from validators).
Pre-existing >200 LOC violation, fix scope was security-additions only. Follow-up:
split provider.rs into provider.rs (<200) + provider_tests.rs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-02 21:40:24 +08:00

Parfii-bot

a4e667de10

KeiSeiKit-public — clean state

Single-commit clean baseline after security scrub of niche-tells,
project codenames, internal jargon, and contributor-email leaks.

Contents:
- 100 Rust crates (_primitives/_rust/)
- 37 agent manifests (_manifests/) + generated specs (_generated/)
- 67 user-invocable skills (skills/)
- 33 hooks (hooks/)
- Composition blocks (_blocks/)
- Documentation (docs/, README.md)
- TS adapter packages (_ts_packages/)
- Assembler (_assembler/)
- Roles (_roles/)
- Templates (_templates/)
- Forgejo CI (.forgejo/)

Author: Denis Parfionovich <info@greendragon.info>

License: see LICENSE.

2026-05-01 12:09:03 +08:00

3 commits