keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_primitives/_rust
History
Parfii-bot d32ca0bc28 fix(v0.19): audit hardening — 3 security HIGH + 3 critic HIGH + 2 critic MEDIUM 
Closes consolidated findings from wave-audit (critic + security + architect):

SECURITY HIGH:
  H1 path escape — Brain::load rejects absolute mcp_server paths +
    any containing '..'; canonicalize + starts_with(root) assertion;
    new Error::PathEscape variant.
  H2 brain name validation + clobber refuse — regex ^[a-z][a-z0-9_-]{0,63}$
    enforced at Brain::load; adapters refuse to overwrite existing
    mcpServers[name] with NameConflict (unless same content).
  H3 symlink reject at canonicalize — std::fs::symlink_metadata()
    called before canonicalize; Error::BrainIsSymlink with resolved
    target path; prevents USB → $HOME pivot.

CRITIC HIGH:
  #1 rusqlite dep deleted (zero uses in src/, pulls C toolchain).
  #3 BrainPaths memory/artifacts/manifests now Option<String>
    (only mcp_server required; schema no longer lies about contract).

CRITIC MEDIUM:
  #1 _primitives/_rust/keisei/src/paths.rs (new, 23 LOC) — SSoT for
    $KEISEI_HOME/$HOME resolver; config.rs and claude_code.rs
    delegate instead of duplicating 7-line block.
  #2 canonicalize error preserves io::Error via new Error::BrainLoad
    { path, source } with #[source] attribute.
  #5 fsx::write_atomic_json rewrite via tempfile::NamedTempFile
    + persist — Windows-safe, cross-fs-fallback handling.

New module split (Constructor Pattern): brain.rs (104 → 122) now a
thin orchestrator over brain_validate.rs (108 LOC) which owns
symlink-reject / canonicalize-root / read-manifest / validate-schema
/ validate-name / check-relative-in-root / canonicalize-in-root.

Deps: regex = { workspace = true }, tempfile = "3" (runtime).
Workspace-level regex = "1.10" added.
MANIFEST.toml [primitive.keisei] deps updated.

Tests: 11 pre-existing + 5 adversarial:
  - manifest_with_absolute_mcp_server_rejected — proves /usr/bin/python3
    CANNOT land in settings.json (PathEscape + marker absent asserts)
  - manifest_with_parent_traversal_rejected — ../../etc/passwd rejected
  - manifest_with_invalid_name_rejected — 'claude-ide!' rejected
  - brain_path_is_symlink_rejected — USB → $HOME pivot blocked
  - attach_refuses_to_clobber_existing_mcp_entry — NameConflict on diff

All 16 pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:36:11 +08:00
..
firewall-diff feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
kei-artifact Merge feat/v0.16.1-polish — dynamic schema + mode matrix Phase 3.6 2026-04-22 15:13:05 +08:00
kei-auth fix(kei-auth): remove --key CLI flag (F12 HIGH — /proc/cmdline leak) 2026-04-22 13:36:17 +08:00
kei-changelog feat(primitives): kei-docs-scaffold shell + kei-changelog Rust 2026-04-21 21:01:28 +08:00
kei-chat-store chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-conflict-scan feat(primitives): 4 Rust crates for deep-sleep — conflict-scan, refactor-engine, graph-check, store 2026-04-22 08:28:22 +08:00
kei-content-store chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-crossdomain chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-curator chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-graph-check feat(primitives): 4 Rust crates for deep-sleep — conflict-scan, refactor-engine, graph-check, store 2026-04-22 08:28:22 +08:00
kei-ledger feat(primitives): kei-ledger Rust SQLite agent ledger 2026-04-21 20:52:20 +08:00
kei-memory feat(primitives): kei-memory Rust crate — offline session analyzer (Genesis-clean) 2026-04-22 00:50:04 +08:00
kei-migrate feat(primitives): kei-migrate Rust universal migration runner 2026-04-21 20:35:29 +08:00
kei-refactor-engine fix(kei-refactor-engine): retract 'git apply-ready' claim (F1 RELEASE BLOCKER) 2026-04-22 13:36:17 +08:00
kei-router chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-sage chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-search-core chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-social-store chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
kei-store fix(kei-store): path-traversal guard (F2 RELEASE BLOCKER) + S3 stub gate (F7) + GitHub RULE 0.1 guard (F8) 2026-04-22 13:36:17 +08:00
kei-task chore(rust): misc schema/main refactor in 8 crates (assorted CP splits) 2026-04-22 13:36:17 +08:00
keisei fix(v0.19): audit hardening — 3 security HIGH + 3 critic HIGH + 2 critic MEDIUM 2026-04-22 16:36:11 +08:00
mock-render refactor(mock-render): split main.rs 227 LOC into 4 cubes (F5a Constructor Pattern) 2026-04-22 13:36:17 +08:00
ssh-check feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
tokens-sync feat(primitives): 3 Rust cubes — mock-render, visual-diff, tokens-sync 2026-04-21 21:07:45 +08:00
visual-diff feat(primitives): 3 Rust cubes — mock-render, visual-diff, tokens-sync 2026-04-21 21:07:45 +08:00
.gitignore feat(primitives): 2 Rust verification cubes 2026-04-21 21:00:01 +08:00
Cargo.lock fix(v0.19): audit hardening — 3 security HIGH + 3 critic HIGH + 2 critic MEDIUM 2026-04-22 16:36:11 +08:00
Cargo.toml fix(v0.19): audit hardening — 3 security HIGH + 3 critic HIGH + 2 critic MEDIUM 2026-04-22 16:36:11 +08:00