keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_primitives/_rust
History
Parfii-bot 71f17337fe fix(security): cortex /term env_clear + bind guard, agent-stub-scan stdin, magiclink revoke 
Three independent security hardenings from cross-cutting audits.

1. cortex /term PTY env leak + bind guard (HIGH — Sonnet Cross-cutting + Opus)
   - kei-cortex/src/handlers/term_pty.rs: PTY spawn was inheriting daemon's
     full process env (KEI_AUTH_KEY, ANTHROPIC_API_KEY, FAL_KEY, etc.) into
     every authenticated /term shell. Combined with default cors_origin =
     https://keisei.app, one stored XSS on keisei.app + one bearer token =
     full local shell with all daemon secrets.
     Added apply_safe_env() helper: env_clear() + re-set only HOME, PATH,
     USER, LANG, TERM. Spawn helper invokes it before spawn_command.
   - kei-cortex/src/main.rs: extracted build_config() helper; added
     enforce_loopback_or_local_cors() guard called before serve.bind. Refuses
     to start if bind addr is non-loopback AND cors_origin is a public
     domain — prevents the XSS-to-shell scenario in production.

2. agent-stub-scan.sh stdin parsing (HIGH — multiple audits)
   - hooks/agent-stub-scan.sh: previously read $CLAUDE_AGENT_TRANSCRIPT env
     var which Claude Code does NOT set on PostToolUse:Agent. Hook silently
     exited 0 — RULE 0.16 enforcement was dead-code in production.
     Rewrote to read stdin JSON via jq, flatten .tool_response recursively
     (string|array|object via the same pattern as agent-event-done.sh),
     guard on .tool_name == "Agent" and command -v jq. Maintained WARN-tier
     exit-0 with TODO marker for ENFORCE flip on 2026-05-05 (per RULE 0.16
     §2 ladder).

3. magiclink revoke() silent no-op (HIGH — Opus Rust + Sonnet Cross-cutting)
   - kei-auth-magiclink/src/{error,provider}.rs: revoke() previously returned
     Ok(()) without doing anything. Operators expecting "revoke a session"
     semantics from the AuthProvider trait got false success. Stolen magic-
     link URLs remained valid until the 15-minute TTL.
     Added Error::Unsupported variant. revoke() now returns
     Err(Unsupported(...)) with explicit guidance: "rotate KEI_MAGICLINK_HMAC_
     KEY to invalidate all live tokens, or maintain a deny-list at the caller
     layer". Test provider_revoke_returns_unsupported_error confirms the
     error variant is wired.

Tests: cargo check + cargo test both PASS. 444 functional tests across
kei-cortex (428 lib) + kei-auth-magiclink (16 lib + smoke). Pre-existing
openai_loop_wiring.rs 502 failures in routes/openai/{chat,responses}.rs are
NOT introduced by these fixes — separate unrelated triage.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 15:38:23 +08:00
..
firewall-diff chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
frustration-matrix chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-agent-runtime chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-artifact chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-atom-discovery chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-auth chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-auth-apple chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-auth-google chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-auth-magiclink fix(security): cortex /term env_clear + bind guard, agent-stub-scan stdin, magiclink revoke 2026-05-03 15:38:23 +08:00
kei-auth-webauthn chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-backend-daytona chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-brain-view chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-cache chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-capability chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-changelog chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-chat-store chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-compute-baremetal chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-compute-digitalocean chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-compute-linode chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-compute-vultr chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-conflict-scan chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-content-store chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-cortex fix(security): cortex /term env_clear + bind guard, agent-stub-scan stdin, magiclink revoke 2026-05-03 15:38:23 +08:00
kei-cron-scheduler chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-crossdomain chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-curator chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-db-contract chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-decision chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-decompose chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-diff chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-discover chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-dna-index chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-entity-store chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-export-trajectories chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-forge chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-fork chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-frustration-loop chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-gateway chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-gdrive-import chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-git-bitbucket chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-git-forgejo chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-git-gitea chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-git-gitlab chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-graph-check chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-graph-export chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-graph-stream chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-hibernate chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-import-project chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-leak-matrix chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-ledger chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-ledger-sign chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-llm-bridge-mlx chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-llm-llamacpp chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-llm-mlx chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-llm-ollama chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-llm-router chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-machine-probe chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-mcp chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-memory chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-memory-postgres chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-memory-redis chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-memory-sled chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-memory-sqlite chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-migrate chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-model chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-model-router chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-net-ipsec chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-net-openvpn chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-net-wireguard chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-notify-discord chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-notify-slack chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-notify-sms chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-notify-telegram chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-pet chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-ping chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-pipe chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-projects-index chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-projects-watcher chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-provision chore: strip dangling sibling refs from Cargo.toml descriptions 2026-05-03 15:37:33 +08:00
kei-prune chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-refactor-engine chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-registry chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-replay chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-router chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-runtime chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-runtime-core chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-sage chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-scheduler chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-search-core chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-shared chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-skill-importer chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-skills chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-social-store chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-spawn chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-store chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-svc-systemd chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-task chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-tlog chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-token-tracker chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-tty chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
kei-watch chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
keisei chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
mock-render chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
ssh-check chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
tokens-sync chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
visual-diff chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00
.gitignore KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
Cargo.lock chore(workspace): SSoT inheritance + version unification 2026-05-02 21:40:46 +08:00
Cargo.toml chore: author email + Cargo metadata SSoT (parfionovich@keilab.io) 2026-05-03 13:55:28 +08:00