c1556f505a
Closes the remaining v0.29.0 follow-ups + post-audit MEDIUMs. ## HttpDriver (kei-spawn http-driver feature) - Real reqwest::blocking POST to api.anthropic.com/v1/messages - Feature flag `http-driver = ["dep:reqwest"]` (default off, zero breaking) - KEI_ANTHROPIC_KEY read at invoke time (rotation-friendly) - 5 httpmock tests (missing key, 200, 4xx, 5xx, malformed json) - Endpoint override via KEI_ANTHROPIC_ENDPOINT env for tests - Files: drive.rs, drive_http.rs (new), drive_http_parse.rs (new), tests/http_driver.rs ## agent_id path-traversal validator (HIGH) - New validate.rs with validate_agent_id() — whitelist grammar, 64-char cap, rejects /, \, .., leading dot/dash, NUL, :, whitespace, non-ASCII, Windows-reserved (CON/PRN/AUX/NUL/COM1-9/LPT1-9) - Wired into all 5 agent_id→path sinks: load_task, resolve_agent_id, prepare, simulated_merge, verify_task - autogen_agent_id moved to validate.rs with slugify_role helper — output passes validator by construction (100-draw property test) - 33 new tests in agent_id_validator.rs ## safe_join symlink escape (MEDIUM) - Base must canonicalize (nonexistent → Canonicalize error) - Joined must start_with base_canon OR joined.parent() must start_with base_canon - Blocks symlink-to-outside-base with non-existent tail file - walk.rs refactored into 5 ≤17-LOC helpers - 7 new tests in safe_join_hardening.rs ## entity-store 4 MEDIUM fixes - ddl.rs: panic on unsupported FieldKind → typed DdlError::UnsupportedExtraColumn propagated through Store::open as VerbError::InvalidInput (exit 2). Extracted ddl_edge.rs + ddl_error.rs modules. Backward-compat shim preserved. - search.rs: FTS5 empty-tokenization → typed InvalidInput on queries with no alphanumeric tokens (was opaque rusqlite error). Unicode-aware via char::is_alphanumeric. - engine.rs: WAL pragma failure now logged to stderr with path + rusqlite source; fallback to rollback journal preserved (exit-code contract intact). - bug_fixes_smoke: added fts5_phrase_quoting_preserves_legitimate_queries — catches over-broad sanitizer that passes injection test alone. ## Verified - cargo check --workspace clean (both with and without http-driver feature) - cargo test --workspace: 668 tests green (up from 620) - substrate_integration.sh ✓, hook_wiring_integration.sh ✓ Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
28 lines
1 KiB
Rust
28 lines
1 KiB
Rust
//! kei-entity-store — Layer A verb-template engine.
|
|
//!
|
|
//! Provides a schema-driven store that 6 sibling kei-*-store crates can
|
|
//! plug into instead of hand-rolling their own `Store::open` + CRUD
|
|
//! helpers. An `EntitySchema` declaratively describes one entity table
|
|
//! (fields, FTS columns, edge table, enabled verbs); verb modules
|
|
//! (`create`, `get`, `list`, `search`, `update`, `delete`, `link`,
|
|
//! `rank`) consume the schema and run parameterized SQL.
|
|
//!
|
|
//! Pilot target: `kei-task` (see its `schema.rs` for an example usage).
|
|
//! Follow-up waves: kei-chat-store, kei-content-store, kei-social-store,
|
|
//! kei-sage, kei-crossdomain.
|
|
//!
|
|
//! Per substrate schema v1 this crate stays library-only — no CLI, no
|
|
//! `bin`. Each sibling crate remains the user-facing binary.
|
|
|
|
pub mod ddl;
|
|
pub mod ddl_edge;
|
|
pub mod ddl_error;
|
|
pub mod engine;
|
|
pub mod error;
|
|
pub mod field;
|
|
pub mod schema;
|
|
pub mod verbs;
|
|
|
|
pub use engine::Store;
|
|
pub use error::VerbError;
|
|
pub use schema::{EdgeKeyKind, EntitySchema, FieldDef, FieldKind};
|