keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
388 commits 3 branches 11 tags 12 MiB
Commit graph

5 commits

Author SHA1 Message Date
Parfii-bot
5f7a5b2639 fix(wave18): 8 HIGH audit findings closed + three-role pipeline actually built 
47 crates, 801 tests green (up from 771 at v0.34.0). Wave 18 audit
found 8 HIGH findings across architect/critic/security/validator. All
closed. Three-role pipeline REBUILT after validator discovered Wave 16
commit was a half-commit (files claimed but never tracked).

## A. Three-role pipeline (REBUILD — was missing from v0.33.0 despite
      CHANGELOG claim)

Files validator flagged absent: _roles/auditor.toml + merger.toml,
4 _capabilities/{policy/git-ops-scope,output/verdict,output/merge-result,
verify/fork-audit}/text.md, kei-spawn/src/{pipeline,precedent}.rs,
pipeline_smoke.rs + pipeline_unit.rs tests. ALL NOW REAL (verified by
git log --all and `ls`).

- auditor role: claude-subagent-type=critic, handoff=[merger]
- merger role: git-ops scope, claude-subagent-type=infra-implementer,
  leaf (empty handoff)
- 5 capability text.md (+ capability.toml for each) defining contracts
- kei-spawn pipeline.rs (171 LOC): pipeline_from_role, derive_steps,
  emit_pipeline_json, scaffold_downstream_tasks
- kei-spawn precedent.rs (118 LOC): env-gated advisory shell-out
- --pipeline flag on spawn subcommand
- +11 tests (pipeline_smoke + pipeline_unit)

## B. kei-fork — 4 HIGH fixes (Critic F1+F7a, Security #3+#4)

- `git add -A` → explicit path list from ls-untracked + ls-modified,
  with exclusion filter for .DONE / .KEI_FORK_META.toml / _archive/ /
  _forks/. No more merge bleed. +1 regression test.
- create() rollback: on write_meta or ledger_fork failure, worktree
  + branch cleaned. +1 test via KEI_FORK_FORCE_LEDGER_FAIL=1.
- worktree_add arg injection: added `--` sentinel + is_safe_refname()
  validator (refuses dash-leading, NUL, ..). +3 tests.
- PATH hijack: KEI_FORK_GIT_BIN env override for all Command::new(git).
  +1 test.

## C. kei-spawn — 2 HIGH fixes (Security #1+#2)

- HTTP body unbounded DoS: MAX_BODY_BYTES=10MiB + content-length
  pre-check + streamed cap (io::Read::take) for chunked encoding.
  +2 feature-gated tests.
- PATH hijack: KEI_LEDGER_BIN env override already existed at
  ledger_sh.rs:15; documented precedence + added 4 regression tests
  locking the 3-tier lookup order.

## D. kei-ledger-sign — 1 HIGH fix (Security #2)

- save_keypair atomic POSIX open(2) O_CREAT|O_EXCL + mode 0o600 +
  rename(2) into place. No race window where key is world-readable.
  +2 tests.

## E. spawn_from_task rollback (Critic F7b)

- register_in_ledger helper: on ledger fork failure, rollback_task_dir
  before error propagation. +1 test spawn_rolls_back_task_dir_on_ledger_fail.

## Audit summary

- architect: GO conditional (taxonomy 19% — defer)
- critic: HIGH closed, MEDIUM debt logged
- security: 4 HIGH closed; MEDIUM (tar symlink, watcher symlink) tracked
- validator: CHANGELOG no longer lies — three-role pipeline is real
- patent-compliance: GO / LOW risk unchanged

All 8 HIGH blockers from Wave 18 consolidated audit → GREEN.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 20:54:59 +08:00
Parfii-bot
0ea429054f feat(wave14): 5 bio-inspired primitives + phase2 cleanup + substrate dogfood 
## Wave 14 — 5 new primitives (44 crates total, 713 tests green)

All specs written as task.toml → passed through kei-agent-runtime prepare
→ composed prompts via capability fragments → Agent tool invocation.
First fully-dogfooded wave.

- kei-prune (9 tests): biological pruning. `candidates(idle_days)` +
  `mark_retired(id)` on sidecar `prune_retirements` table (agents.status
  CHECK precluded 'retired' value).
- kei-discover (8 tests): federated marketplace discovery stub. UNIQUE
  slug via custom migration + FTS5 on slug+description. Engine-native
  via kei-entity-store. Typed DuplicateSlug error.
- kei-brain-view (6-8 tests): stdout visualizer for ledger taxonomy
  graph + agent lineage. Tree / stats / lineage subcommands. NO_COLOR
  env respected. No kei-entity-store dep (direct rusqlite).
- kei-hibernate (6 tests): whole-brain tar.zst export/import. Manifest
  with sha256 per-file, version gate, safe_join on extract, dry-run
  mode. tar 0.4 + zstd 0.13.
- kei-ledger-sign (7 tests): ed25519 creator attestation. keygen / sign /
  verify CLI. Canonical message `dna|spec_sha|creator_id` with pipe
  rejection. chmod 600 on key storage (unix). Tamper-detection on load
  via pubkey re-derivation.

## Phase 2 cleanup shipped in same commit

- LOC splits: walk.rs 221→91 (path_safety.rs + wikilink.rs extracted),
  prepare.rs 228→199 (dead build_ledger_row removed, fn helpers split).
- Clippy pass: 6 warnings fixed (derivable_impls, manual_contains,
  type_complexity x2, doc_overindented_list_items x2) in
  kei-entity-store, kei-ledger, kei-spawn.
- DNA eprintln removed from kei-agent-runtime/src/dna.rs (stderr
  pollution from library parse).
- kei-pipe integrations: hot_reload.rs (kei-watch wrapper, sync API,
  50ms debounce) + scheduler_bridge.rs (kei-scheduler executor, shell
  exec documented). +6 tests.
- Workspace [workspace.dependencies] centralised: rusqlite/chrono/
  anyhow/thiserror/tempfile/toml — future crates opt in via
  `.workspace = true`. Existing pins preserved.

## Substrate dogfood verified

task.toml → `kei-agent-runtime prepare` → DNA + composed prompt from
capability fragments → Agent tool invocation. kei-spawn also tested
end-to-end (prompt.md written to tasks/<agent-id>/, ledger row created).

Verified: cargo check --workspace clean, 713 tests passing,
substrate_integration.sh ✓, hook_wiring_integration.sh ✓.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 17:19:25 +08:00
Parfii-bot
c1556f505a fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 
Closes the remaining v0.29.0 follow-ups + post-audit MEDIUMs.

## HttpDriver (kei-spawn http-driver feature)
- Real reqwest::blocking POST to api.anthropic.com/v1/messages
- Feature flag `http-driver = ["dep:reqwest"]` (default off, zero breaking)
- KEI_ANTHROPIC_KEY read at invoke time (rotation-friendly)
- 5 httpmock tests (missing key, 200, 4xx, 5xx, malformed json)
- Endpoint override via KEI_ANTHROPIC_ENDPOINT env for tests
- Files: drive.rs, drive_http.rs (new), drive_http_parse.rs (new), tests/http_driver.rs

## agent_id path-traversal validator (HIGH)
- New validate.rs with validate_agent_id() — whitelist grammar, 64-char cap,
  rejects /, \, .., leading dot/dash, NUL, :, whitespace, non-ASCII,
  Windows-reserved (CON/PRN/AUX/NUL/COM1-9/LPT1-9)
- Wired into all 5 agent_id→path sinks: load_task, resolve_agent_id,
  prepare, simulated_merge, verify_task
- autogen_agent_id moved to validate.rs with slugify_role helper —
  output passes validator by construction (100-draw property test)
- 33 new tests in agent_id_validator.rs

## safe_join symlink escape (MEDIUM)
- Base must canonicalize (nonexistent → Canonicalize error)
- Joined must start_with base_canon OR joined.parent() must start_with base_canon
- Blocks symlink-to-outside-base with non-existent tail file
- walk.rs refactored into 5 ≤17-LOC helpers
- 7 new tests in safe_join_hardening.rs

## entity-store 4 MEDIUM fixes
- ddl.rs: panic on unsupported FieldKind → typed DdlError::UnsupportedExtraColumn
  propagated through Store::open as VerbError::InvalidInput (exit 2).
  Extracted ddl_edge.rs + ddl_error.rs modules. Backward-compat shim preserved.
- search.rs: FTS5 empty-tokenization → typed InvalidInput on queries with
  no alphanumeric tokens (was opaque rusqlite error). Unicode-aware via
  char::is_alphanumeric.
- engine.rs: WAL pragma failure now logged to stderr with path + rusqlite
  source; fallback to rollback journal preserved (exit-code contract intact).
- bug_fixes_smoke: added fts5_phrase_quoting_preserves_legitimate_queries —
  catches over-broad sanitizer that passes injection test alone.

## Verified
- cargo check --workspace clean (both with and without http-driver feature)
- cargo test --workspace: 668 tests green (up from 620)
- substrate_integration.sh ✓, hook_wiring_integration.sh ✓

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 16:16:24 +08:00
Parfii-bot
6562b581f7 feat(w9d): kei-spawn drive subcommand + AnthropicDriver trait stub 
kei-spawn drive <task.toml> internally calls spawn pipeline, emits
SpawnOutput JSON to stdout, returns exit 64 (NotImplemented) from
ManualDriver with stderr instruction to use manual Agent-tool path.

AnthropicDriver trait: ManualDriver (current) + HttpDriver (future
reqwest+tokio+KEI_ANTHROPIC_KEY). Extensibility preserved without
breaking-change deps.

Tests: 10/10 (was 6, +4: 2 drive unit + 2 drive_smoke binary integration).

Exit code contract: 0 success, 1 spawn-fail, 2 verify-fail, 64
NotImplemented (matches kei-runtime::invoke NotImplemented convention).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 13:34:16 +08:00
Parfii-bot
02451f5f49 feat(sp1): NEW kei-spawn crate — automation envelope 
spawn <task.toml> internally calls prepare + ledger fork, emits
JSON ready for Agent tool invocation. verify wraps post-return
check+ledger update. list-pending shows running forks.

kei-ledger invoked via subprocess (no lib.rs in kei-ledger).
KEI_SPAWN_LEDGER_NOOP=1 test escape hatch for CI without binary.

spec_sha = SHA-256 of task.toml bytes (workspace sha2 dep).

Tests: 6/6 integration (happy, explicit-id, unknown-role, non-spawnable,
verify-missing, end-to-end roundtrip).

Step 3 (Anthropic API) stays with orchestrator — next iteration adds
kei-spawn drive <task.toml> for HTTP automation.

Workspace Cargo.toml: +kei-spawn member.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 10:21:45 +08:00