KeiSeiKit-1.0

Author SHA1 Message Date

Author	SHA1	Message	Date
KeiSei84	742822a499	feat: opt-in hook packs + stack profiles + public-prep repoint (#44 ) Mirror of keigit main — Phase 2 (`abae256c`) + public-prep repoint (`518d95df`). Phase 2: safety on by default, discipline packs opt-in; stack profiles (minimal/web/ml/systems/mobile) pull packs + agent sets; SSoT in _primitives/hook-packs.toml; filter+prune via lib-hooks.sh; re-runnable via `kei configure`; 8 hooks gated via _lib/gate.sh. Public-prep: .gitmodules + README clone + plugin homepage + web-install.sh repointed to github.com/KeiSeiLab. ADR in DECISIONS.md 2026-05-25.	2026-05-26 13:26:09 +07:00
Parfii-bot	4afc85ca30	fix(hooks): post-audit hook chain hardening + 4 new defensive hooks Hook chain repairs (Group A): - alignment-check.sh: read .prompt (was .user_prompt) — hook was dead - block-dangerous.sh: jq instead of inline interpreter (RULE 0.2 + fail-open fix) - destructive-guard.sh: explicit INPUT=cat + jq guard + exit 0 — was silent no-op - numeric-claims-guard.sh: exit 1 -> exit 2 (Claude Code spec — was non-blocking) comments updated 0.17 -> 0.18 (env var name kept) - no-downgrade.sh: removed (?i) PCRE syntax — POSIX ERE matched literal text - task-timer.sh: jq -nc instead of bare printf — JSON injection on quotes/backslashes in description was corrupting RULE 0.18 evidence journal - check-error-patterns.sh: replaced with no-op stub — had hardcoded /Users/denis/... PATH LEAK in public kit, plus inline interpreter use - post-commit-audit.sh: added trailing exit 0 — grep return code was hook exit code - citation-verify.sh: ALLOW_REGEX accepts HOOK-BYPASS marker — bypass was documented but never matched - settings-snippet.json: agent-stub-scan moved PreToolUse:Agent -> PostToolUse:Agent (RULE 0.16 enforcement was firing before transcript existed) - check-error-patterns hook removed from settings-snippet.json New defensive hooks (Group H): - no-github-push.sh: PreToolUse:Bash hard deny on github.com push/create/sync/remote-add (RULE 0.1 — patent IP protection; was missing from public kit) - secrets-pre-guard.sh: PreToolUse:Edit\|Write — token-pattern scan with allowlist (RULE 0.8) - chat-numeric-prewarn.sh: UserPromptSubmit reminder when prompt mentions time/cost (RULE 0.18 chat extension) - chat-numeric-postflag.sh: Stop event scans last assistant message for naked numerics without REAL/FROM-JOURNAL/ESTIMATE-HTC markers Source: full Sonnet test-retest audit 2026-05-02 (3 parallel waves of 6 agents each) identified hook chain bugs as HIGH severity in all 3 runs independently. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-02 21:38:47 +08:00
Parfii-bot	a4e667de10	KeiSeiKit-public — clean state Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.	2026-05-01 12:09:03 +08:00

KeiSei84

742822a499

feat: opt-in hook packs + stack profiles + public-prep repoint (#44 )

Mirror of keigit main — Phase 2 (abae256c) + public-prep repoint (518d95df).

Phase 2: safety on by default, discipline packs opt-in; stack profiles
(minimal/web/ml/systems/mobile) pull packs + agent sets; SSoT in
_primitives/hook-packs.toml; filter+prune via lib-hooks.sh; re-runnable
via `kei configure`; 8 hooks gated via _lib/gate.sh.

Public-prep: .gitmodules + README clone + plugin homepage + web-install.sh
repointed to github.com/KeiSeiLab. ADR in DECISIONS.md 2026-05-25.

2026-05-26 13:26:09 +07:00

Parfii-bot

4afc85ca30

fix(hooks): post-audit hook chain hardening + 4 new defensive hooks

Hook chain repairs (Group A):
- alignment-check.sh: read .prompt (was .user_prompt) — hook was dead
- block-dangerous.sh: jq instead of inline interpreter (RULE 0.2 + fail-open fix)
- destructive-guard.sh: explicit INPUT=cat + jq guard + exit 0 — was silent no-op
- numeric-claims-guard.sh: exit 1 -> exit 2 (Claude Code spec — was non-blocking)
                          comments updated 0.17 -> 0.18 (env var name kept)
- no-downgrade.sh: removed (?i) PCRE syntax — POSIX ERE matched literal text
- task-timer.sh: jq -nc instead of bare printf — JSON injection on quotes/backslashes
                 in description was corrupting RULE 0.18 evidence journal
- check-error-patterns.sh: replaced with no-op stub — had hardcoded /Users/denis/...
                            PATH LEAK in public kit, plus inline interpreter use
- post-commit-audit.sh: added trailing exit 0 — grep return code was hook exit code
- citation-verify.sh: ALLOW_REGEX accepts HOOK-BYPASS marker — bypass was documented
                       but never matched
- settings-snippet.json: agent-stub-scan moved PreToolUse:Agent -> PostToolUse:Agent
                          (RULE 0.16 enforcement was firing before transcript existed)
- check-error-patterns hook removed from settings-snippet.json

New defensive hooks (Group H):
- no-github-push.sh: PreToolUse:Bash hard deny on github.com push/create/sync/remote-add
                      (RULE 0.1 — patent IP protection; was missing from public kit)
- secrets-pre-guard.sh: PreToolUse:Edit|Write — token-pattern scan with allowlist (RULE 0.8)
- chat-numeric-prewarn.sh: UserPromptSubmit reminder when prompt mentions time/cost
                            (RULE 0.18 chat extension)
- chat-numeric-postflag.sh: Stop event scans last assistant message for naked numerics
                             without REAL/FROM-JOURNAL/ESTIMATE-HTC markers

Source: full Sonnet test-retest audit 2026-05-02 (3 parallel waves of 6 agents each)
identified hook chain bugs as HIGH severity in all 3 runs independently.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-02 21:38:47 +08:00

Parfii-bot

a4e667de10

KeiSeiKit-public — clean state

Single-commit clean baseline after security scrub of niche-tells,
project codenames, internal jargon, and contributor-email leaks.

Contents:
- 100 Rust crates (_primitives/_rust/)
- 37 agent manifests (_manifests/) + generated specs (_generated/)
- 67 user-invocable skills (skills/)
- 33 hooks (hooks/)
- Composition blocks (_blocks/)
- Documentation (docs/, README.md)
- TS adapter packages (_ts_packages/)
- Assembler (_assembler/)
- Roles (_roles/)
- Templates (_templates/)
- Forgejo CI (.forgejo/)

Author: Denis Parfionovich <info@greendragon.info>

License: see LICENSE.

2026-05-01 12:09:03 +08:00

3 commits