keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/SECURITY.md
KeiSei84 1dd4bad97a fix(install): make fresh install actually complete + ship tamagotchi (#26) 
Root causes found by reproducing a clean install from keigit:

1. PROFILE_PRIMS resolved only inside check_prereqs → unbound for
   --no-execute (plan showed 0 prims for every profile) and silently
   empty for --skip-prereqs. Now resolved unconditionally in install.sh
   before any reader (SSoT).

2. Every profile (even minimal, advertised "no Rust compile") fell back
   to a 5-15 min `cargo build --workspace` because no prebuilt release
   binaries exist. Auto-set KEI_SKIP_RUST for profiles with no rust
   primitives → minimal installs in ~18s (assembler only). cargo stays a
   hard prereq because the agent assembler always compiles.

3. The assembler aborted the WHOLE install on any single bad manifest
   (set -e). generate_agents is now tolerant: bad manifests print FAIL
   but hooks/skills/settings still land. Commit-time validate stays strict.

4. Data bugs that broke the assembler:
   - duplicate [taxonomy] table in _roles/{auditor,merger}.toml
   - fal-ai-runner handoff → keimd-expert (not shipped in kit)
   - infra-implementer-cicd forbidden_domain literal `${{ secrets.NAME }}`
     collided with assembler ${{ }} placeholder detection

5. Metadata: KeiSei84 (nonexistent GitHub org) → KeiSeiLab/KeiSeiKit-1.0
   across plugin manifests, bootstrap, README, docs, Cargo/npm metadata.
   .claude-plugin/{plugin,marketplace}.json 0.16.0 → 0.38.0. SECURITY.md
   supported version 0.14.x → 0.38.x.

feat: ship KeiSei tamagotchi statusline into the kit
   - scripts/keisei-pet{,-update}.sh (portable, state under ~/.claude/pet/)
   - install copies them to ~/.claude/scripts/
   - settings-snippet adds statusLine (set-if-absent, never clobbers an
     existing one) + 4 pet-update hooks (prompt/rust_write/github_block/sleep)

Verified: clean minimal install RC=0, zero FAIL, 38 agents + 52 hooks +
68 skills, settings valid, statusLine wired, pet renders, idempotent re-run.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 01:40:50 +08:00

1.7 KiB
Raw Blame History

Security Policy

Reporting a vulnerability

Email parfionovich@keilab.io with a description and reproduction steps. PGP key available on request.

Threat model

  • Secrets handling: see RULE 0.8 — all tokens via env vars, hardcoding blocked at PreToolUse:Edit by hooks/secrets-pre-guard.sh and Rust binary _primitives/_rust/secrets-guard/.
  • Banned-project leak guard: _primitives/_rust/kei-leak-matrix/ runs on every push attempt to flag known patent / IP markers.
  • Public-push gate: RULE 0.1 triple-confirm via hooks/no-github-push.sh before any push to publicly-reachable remote.

Supported versions

Latest v0.38.x tag. Older versions accept fixes for CVEs only.

Audit

See docs/SECURITY.md for the secret-pattern detector regex set used by secrets-guard.

Known transitive-dependency advisories (2026-05-12 audit)

cargo audit flags 9 RUSTSEC advisories from transitive deps (not used directly):

  • rsa 0.9.10 — RUSTSEC-2023-0071 (Marvin Attack timing sidechannel). Path: vendored RSA used by S3/auth crates.
  • rustls-webpki 0.101.7 + 0.102.8 — RUSTSEC-2026-{0049,0098,0099,0104}. Path: TLS in HTTP/auth deps.
  • sqlx 0.8.0 — RUSTSEC-2024-0363 (Binary Protocol Misinterpretation). Path: postgres clients.
  • async-std 1.13.2 — RUSTSEC-2025-0052 (discontinued).
  • lru 0.12.5 — RUSTSEC-2026-0002 (unsound IterMut).
  • fxhash 0.2.1, instant 0.1.13 — unmaintained.

Resolution requires major-version bumps in direct deps (sqlx 0.9, rustls 0.23+, rsa 0.10). Tracked separately; non-blocker for current dev usage (no untrusted RSA-decrypt path, no untrusted TLS-cert validation against malicious URI/wildcard names in current code-paths).