keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/SECURITY.md
KeiSei84 1dd4bad97a fix(install): make fresh install actually complete + ship tamagotchi (#26) 
Root causes found by reproducing a clean install from keigit:

1. PROFILE_PRIMS resolved only inside check_prereqs → unbound for
   --no-execute (plan showed 0 prims for every profile) and silently
   empty for --skip-prereqs. Now resolved unconditionally in install.sh
   before any reader (SSoT).

2. Every profile (even minimal, advertised "no Rust compile") fell back
   to a 5-15 min `cargo build --workspace` because no prebuilt release
   binaries exist. Auto-set KEI_SKIP_RUST for profiles with no rust
   primitives → minimal installs in ~18s (assembler only). cargo stays a
   hard prereq because the agent assembler always compiles.

3. The assembler aborted the WHOLE install on any single bad manifest
   (set -e). generate_agents is now tolerant: bad manifests print FAIL
   but hooks/skills/settings still land. Commit-time validate stays strict.

4. Data bugs that broke the assembler:
   - duplicate [taxonomy] table in _roles/{auditor,merger}.toml
   - fal-ai-runner handoff → keimd-expert (not shipped in kit)
   - infra-implementer-cicd forbidden_domain literal `${{ secrets.NAME }}`
     collided with assembler ${{ }} placeholder detection

5. Metadata: KeiSei84 (nonexistent GitHub org) → KeiSeiLab/KeiSeiKit-1.0
   across plugin manifests, bootstrap, README, docs, Cargo/npm metadata.
   .claude-plugin/{plugin,marketplace}.json 0.16.0 → 0.38.0. SECURITY.md
   supported version 0.14.x → 0.38.x.

feat: ship KeiSei tamagotchi statusline into the kit
   - scripts/keisei-pet{,-update}.sh (portable, state under ~/.claude/pet/)
   - install copies them to ~/.claude/scripts/
   - settings-snippet adds statusLine (set-if-absent, never clobbers an
     existing one) + 4 pet-update hooks (prompt/rust_write/github_block/sleep)

Verified: clean minimal install RC=0, zero FAIL, 38 agents + 52 hooks +
68 skills, settings valid, statusLine wired, pet renders, idempotent re-run.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 01:40:50 +08:00

32 lines
1.7 KiB
Markdown
Raw Blame History

# Security Policy
## Reporting a vulnerability
Email `parfionovich@keilab.io` with a description and reproduction steps. PGP key available on request.
## Threat model
- Secrets handling: see RULE 0.8 — all tokens via env vars, hardcoding blocked at PreToolUse:Edit by `hooks/secrets-pre-guard.sh` and Rust binary `_primitives/_rust/secrets-guard/`.
- Banned-project leak guard: `_primitives/_rust/kei-leak-matrix/` runs on every push attempt to flag known patent / IP markers.
- Public-push gate: RULE 0.1 triple-confirm via `hooks/no-github-push.sh` before any push to publicly-reachable remote.
## Supported versions
Latest `v0.38.x` tag. Older versions accept fixes for CVEs only.
## Audit
See `docs/SECURITY.md` for the secret-pattern detector regex set used by `secrets-guard`.
### Known transitive-dependency advisories (2026-05-12 audit)
`cargo audit` flags 9 RUSTSEC advisories from transitive deps (not used directly):
- `rsa 0.9.10` — RUSTSEC-2023-0071 (Marvin Attack timing sidechannel). Path: vendored RSA used by S3/auth crates.
- `rustls-webpki 0.101.7 + 0.102.8` — RUSTSEC-2026-{0049,0098,0099,0104}. Path: TLS in HTTP/auth deps.
- `sqlx 0.8.0` — RUSTSEC-2024-0363 (Binary Protocol Misinterpretation). Path: postgres clients.
- `async-std 1.13.2` — RUSTSEC-2025-0052 (discontinued).
- `lru 0.12.5` — RUSTSEC-2026-0002 (unsound `IterMut`).
- `fxhash 0.2.1`, `instant 0.1.13` — unmaintained.
Resolution requires major-version bumps in direct deps (sqlx 0.9, rustls 0.23+, rsa 0.10). Tracked separately; non-blocker for current dev usage (no untrusted RSA-decrypt path, no untrusted TLS-cert validation against malicious URI/wildcard names in current code-paths).
Reference in a new issue View git blame Copy permalink