KeiSeiKit-1.0

keisei/KeiSeiKit-1.0

Fork 0

Commit graph

Author	SHA1	Message	Date
Parfii-bot	15bf40196b	feat(stream-g): kei-sage rules integration — atoms + rules unified graph Unify atoms and rules in kei-sage's graph. Previously [[rules/...]] wikilinks were filtered (explicit Stream C scope-deferral). Now they resolve to rule-node units with rule_ref edges. kei-atom-discovery extension (non-breaking): - WikilinkTarget enum: Atom(String) \| Rule(String) \| Other(String) - classify_wikilink(inner: &str) -> WikilinkTarget — exposed via lib.rs - parse_wikilink unchanged for backwards-compat; new callers use classify for richer semantics kei-sage additions: - rule_index.rs (129 LOC) — RuleRecord + discover_rules walking flat *.md + extract_h1 for display name + index_rules (unit_type="rule", vault_path="rule:<slug>") + index_rule_edges (walks atom.related, emits rule_ref edges atom → rule node) - atom_cli.rs: cmd_rules_discover + default_rules_root - main.rs: AtomsRulesDiscover subcommand with --rules-root flag - tests/rules_smoke.rs: 5 tests (discovery, heading extraction, slug fallback for headingless files, empty-dir, atom→rule edge persistence) Tests: 12/12 kei-atom-discovery (+3 classify_wikilink), 28/28 kei-sage (+5 rules_smoke + unit tests now counted). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 01:21:00 +08:00
Parfii-bot	990f5e3711	fix(substrate): E1 — kei-atom-discovery shared crate + 4 critical security fixes Extracts authoritative atom discovery + frontmatter parsing into new crate _primitives/_rust/kei-atom-discovery/. kei-sage and kei-runtime now both consume the same implementation, eliminating Frontmatter drift. Resolved findings: - F-3/crit#3: path traversal via md_dir.join() — safe_join helper rejects absolute paths + .. components + post-canonicalise escapes (4 sites) - crit#6/architect P0-a: Frontmatter drift — single AtomMeta struct - SA supply-chain: serde_yaml archived — migrated to serde_yaml_ng 0.10 - crit#2: JSON Schema $ref SSRF — jsonschema 0.17→0.18 with resolve-file feature only, custom LocalFileResolver denies non-file:// schemes - F-4: symlink traversal — walkdir follow_links(false) explicit everywhere - F-5: YAML billion-laughs — 64 KiB pre-parse cap Tests: 9/9 new crate + 23/23 sage + 2/2 runtime + 7/7 kei-task = 41/41 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 00:49:49 +08:00

Author

SHA1

Message

Date

Parfii-bot

15bf40196b

feat(stream-g): kei-sage rules integration — atoms + rules unified graph

Unify atoms and rules in kei-sage's graph. Previously [[rules/...]]
wikilinks were filtered (explicit Stream C scope-deferral). Now they
resolve to rule-node units with rule_ref edges.

kei-atom-discovery extension (non-breaking):
- WikilinkTarget enum: Atom(String) | Rule(String) | Other(String)
- classify_wikilink(inner: &str) -> WikilinkTarget — exposed via lib.rs
- parse_wikilink unchanged for backwards-compat; new callers use
  classify for richer semantics

kei-sage additions:
- rule_index.rs (129 LOC) — RuleRecord + discover_rules walking flat
  *.md + extract_h1 for display name + index_rules (unit_type="rule",
  vault_path="rule:<slug>") + index_rule_edges (walks atom.related,
  emits rule_ref edges atom → rule node)
- atom_cli.rs: cmd_rules_discover + default_rules_root
- main.rs: AtomsRulesDiscover subcommand with --rules-root flag
- tests/rules_smoke.rs: 5 tests (discovery, heading extraction,
  slug fallback for headingless files, empty-dir, atom→rule edge
  persistence)

Tests: 12/12 kei-atom-discovery (+3 classify_wikilink),
28/28 kei-sage (+5 rules_smoke + unit tests now counted).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-23 01:21:00 +08:00

Parfii-bot

990f5e3711

fix(substrate): E1 — kei-atom-discovery shared crate + 4 critical security fixes

Extracts authoritative atom discovery + frontmatter parsing into new crate
_primitives/_rust/kei-atom-discovery/. kei-sage and kei-runtime now both
consume the same implementation, eliminating Frontmatter drift.

Resolved findings:
- F-3/crit#3: path traversal via md_dir.join() — safe_join helper rejects
  absolute paths + .. components + post-canonicalise escapes (4 sites)
- crit#6/architect P0-a: Frontmatter drift — single AtomMeta struct
- SA supply-chain: serde_yaml archived — migrated to serde_yaml_ng 0.10
- crit#2: JSON Schema $ref SSRF — jsonschema 0.17→0.18 with resolve-file
  feature only, custom LocalFileResolver denies non-file:// schemes
- F-4: symlink traversal — walkdir follow_links(false) explicit everywhere
- F-5: YAML billion-laughs — 64 KiB pre-parse cap

Tests: 9/9 new crate + 23/23 sage + 2/2 runtime + 7/7 kei-task = 41/41 green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-23 00:49:49 +08:00

2 commits