keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_primitives/_rust
History
Parfii-bot c1556f505a fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 
Closes the remaining v0.29.0 follow-ups + post-audit MEDIUMs.

## HttpDriver (kei-spawn http-driver feature)
- Real reqwest::blocking POST to api.anthropic.com/v1/messages
- Feature flag `http-driver = ["dep:reqwest"]` (default off, zero breaking)
- KEI_ANTHROPIC_KEY read at invoke time (rotation-friendly)
- 5 httpmock tests (missing key, 200, 4xx, 5xx, malformed json)
- Endpoint override via KEI_ANTHROPIC_ENDPOINT env for tests
- Files: drive.rs, drive_http.rs (new), drive_http_parse.rs (new), tests/http_driver.rs

## agent_id path-traversal validator (HIGH)
- New validate.rs with validate_agent_id() — whitelist grammar, 64-char cap,
  rejects /, \, .., leading dot/dash, NUL, :, whitespace, non-ASCII,
  Windows-reserved (CON/PRN/AUX/NUL/COM1-9/LPT1-9)
- Wired into all 5 agent_id→path sinks: load_task, resolve_agent_id,
  prepare, simulated_merge, verify_task
- autogen_agent_id moved to validate.rs with slugify_role helper —
  output passes validator by construction (100-draw property test)
- 33 new tests in agent_id_validator.rs

## safe_join symlink escape (MEDIUM)
- Base must canonicalize (nonexistent → Canonicalize error)
- Joined must start_with base_canon OR joined.parent() must start_with base_canon
- Blocks symlink-to-outside-base with non-existent tail file
- walk.rs refactored into 5 ≤17-LOC helpers
- 7 new tests in safe_join_hardening.rs

## entity-store 4 MEDIUM fixes
- ddl.rs: panic on unsupported FieldKind → typed DdlError::UnsupportedExtraColumn
  propagated through Store::open as VerbError::InvalidInput (exit 2).
  Extracted ddl_edge.rs + ddl_error.rs modules. Backward-compat shim preserved.
- search.rs: FTS5 empty-tokenization → typed InvalidInput on queries with
  no alphanumeric tokens (was opaque rusqlite error). Unicode-aware via
  char::is_alphanumeric.
- engine.rs: WAL pragma failure now logged to stderr with path + rusqlite
  source; fallback to rollback journal preserved (exit-code contract intact).
- bug_fixes_smoke: added fts5_phrase_quoting_preserves_legitimate_queries —
  catches over-broad sanitizer that passes injection test alone.

## Verified
- cargo check --workspace clean (both with and without http-driver feature)
- cargo test --workspace: 668 tests green (up from 620)
- substrate_integration.sh ✓, hook_wiring_integration.sh ✓

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 16:16:24 +08:00
..
firewall-diff feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
kei-agent-runtime fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 2026-04-23 16:16:24 +08:00
kei-artifact Merge feat/v0.16.1-polish — dynamic schema + mode matrix Phase 3.6 2026-04-22 15:13:05 +08:00
kei-atom-discovery fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 2026-04-23 16:16:24 +08:00
kei-auth fix(kei-auth): remove --key CLI flag (F12 HIGH — /proc/cmdline leak) 2026-04-22 13:36:17 +08:00
kei-cache feat(r2): new kei-cache crate — deterministic result cache 2026-04-23 05:55:13 +08:00
kei-capability feat(e2): kei-capability fork subcommand + lineage stamping 2026-04-23 10:21:45 +08:00
kei-changelog feat(primitives): kei-docs-scaffold shell + kei-changelog Rust 2026-04-21 21:01:28 +08:00
kei-chat-store feat(a): Store::open multi-schema — kei-chat-store sessions fully engine-owned 2026-04-23 14:27:15 +08:00
kei-conflict-scan feat(primitives): 4 Rust crates for deep-sleep — conflict-scan, refactor-engine, graph-check, store 2026-04-22 08:28:22 +08:00
kei-content-store feat(w12a): sister re-migration — content-store campaigns promoted to engine 2026-04-23 14:44:31 +08:00
kei-crossdomain feat(a): Store::open multi-schema — kei-chat-store sessions fully engine-owned 2026-04-23 14:27:15 +08:00
kei-curator chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-diff feat(wave13): kei-diff + kei-scheduler + kei-watch primitives 2026-04-23 15:51:42 +08:00
kei-entity-store fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 2026-04-23 16:16:24 +08:00
kei-forge feat(stream-f): kei-forge pure-Rust templating — eliminate shell-out 2026-04-23 01:21:00 +08:00
kei-graph-check feat(primitives): 4 Rust crates for deep-sleep — conflict-scan, refactor-engine, graph-check, store 2026-04-22 08:28:22 +08:00
kei-ledger fix(ledger): DNA UNIQUE constraint + v5 migration (HIGH audit) 2026-04-23 15:45:43 +08:00
kei-memory feat(primitives): kei-memory Rust crate — offline session analyzer (Genesis-clean) 2026-04-22 00:50:04 +08:00
kei-migrate feat(primitives): kei-migrate Rust universal migration runner 2026-04-21 20:35:29 +08:00
kei-pipe feat(p-pipe-cache): wire kei-cache into kei-pipe DAG executor 2026-04-23 14:26:11 +08:00
kei-provision fix(provision/b4): exec.rs redacts args + truncates stderr 2026-04-23 05:30:33 +08:00
kei-refactor-engine fix(kei-refactor-engine): retract 'git apply-ready' claim (F1 RELEASE BLOCKER) 2026-04-22 13:36:17 +08:00
kei-replay feat(w9e): NEW kei-replay crate — reconstruct spawn from DNA 2026-04-23 13:34:16 +08:00
kei-router chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-runtime fix(p1-integration): validate.rs allows _schemas/fragments $ref + drop additionalProperties on fragment-composed atom schemas 2026-04-23 04:53:26 +08:00
kei-sage feat(a): Store::open multi-schema — kei-chat-store sessions fully engine-owned 2026-04-23 14:27:15 +08:00
kei-scheduler feat(wave13): kei-diff + kei-scheduler + kei-watch primitives 2026-04-23 15:51:42 +08:00
kei-search-core chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-social-store feat(w12a): sister re-migration — content-store campaigns promoted to engine 2026-04-23 14:44:31 +08:00
kei-spawn fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 2026-04-23 16:16:24 +08:00
kei-store refactor(v0.22): kei-store AsyncBackend trait + shared tokio runtime (Track B) 2026-04-22 21:06:50 +08:00
kei-task feat(a): Store::open multi-schema — kei-chat-store sessions fully engine-owned 2026-04-23 14:27:15 +08:00
kei-watch feat(wave13): kei-diff + kei-scheduler + kei-watch primitives 2026-04-23 15:51:42 +08:00
keisei fix(tests): repair 2 missing closing braces from v0.22 Track-A↔Track-C merge 2026-04-22 21:16:22 +08:00
mock-render refactor(mock-render): split main.rs 227 LOC into 4 cubes (F5a Constructor Pattern) 2026-04-22 13:36:17 +08:00
ssh-check feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
tokens-sync feat(primitives): 3 Rust cubes — mock-render, visual-diff, tokens-sync 2026-04-21 21:07:45 +08:00
visual-diff feat(primitives): 3 Rust cubes — mock-render, visual-diff, tokens-sync 2026-04-21 21:07:45 +08:00
.gitignore feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
Cargo.lock fix: Wave 13 cleanup — HttpDriver + agent_id validator + safe_join + 4 MEDIUM 2026-04-23 16:16:24 +08:00
Cargo.toml feat(wave13): kei-diff + kei-scheduler + kei-watch primitives 2026-04-23 15:51:42 +08:00