KeiSeiKit-1.0

History

Parfii-bot 521659bbfb feat(primitives): 2 Rust verification cubes - ssh-check — parse sshd_config + drop-ins, merge last-wins, lint against hardened baseline (pw-auth=no, root=prohibit-password, maxauthtries≤3, AllowUsers whitelist, no CBC ciphers, ETM MACs, no ssh-rsa host key). 4 modules: main (clap CLI) + parse + rules + check. Tests: 9 pass (hardened baseline, password-auth-yes-fails, cbc-cipher-fails, allow-users-not-in-whitelist-fails, missing-required-fails, etc.). - firewall-diff — diff intent YAML against `ufw status numbered` output. Defensive-only (never runs ufw). Stdin or --status-file input. Parses (v6) families, normalises "Anywhere"→"any". Exit 2 on any missing/ extra rule. 4 modules: main + intent + ufw + diff. Tests: 8 pass (load-minimal-intent, exact-match-clean, missing-rule-surfaced, extra-live-rule-surfaced, inactive-ufw-fails, integration). Workspace: clap 4 + serde + serde_yaml + serde_json. release opt-level=z, LTO, strip. Constructor Pattern: largest file check.rs 213 LOC (93 non- test); every function under 30 LOC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 21:00:01 +08:00
..
src	feat(primitives): 2 Rust verification cubes	2026-04-21 21:00:01 +08:00
Cargo.toml	feat(primitives): 2 Rust verification cubes	2026-04-21 21:00:01 +08:00

Parfii-bot 521659bbfb feat(primitives): 2 Rust verification cubes

- ssh-check — parse sshd_config + drop-ins, merge last-wins, lint against
  hardened baseline (pw-auth=no, root=prohibit-password, maxauthtries≤3,
  AllowUsers whitelist, no CBC ciphers, ETM MACs, no ssh-rsa host key).
  4 modules: main (clap CLI) + parse + rules + check. Tests: 9 pass
  (hardened baseline, password-auth-yes-fails, cbc-cipher-fails,
  allow-users-not-in-whitelist-fails, missing-required-fails, etc.).

- firewall-diff — diff intent YAML against `ufw status numbered` output.
  Defensive-only (never runs ufw). Stdin or --status-file input. Parses
  (v6) families, normalises "Anywhere"→"any". Exit 2 on any missing/
  extra rule. 4 modules: main + intent + ufw + diff. Tests: 8 pass
  (load-minimal-intent, exact-match-clean, missing-rule-surfaced,
  extra-live-rule-surfaced, inactive-ufw-fails, integration).

Workspace: clap 4 + serde + serde_yaml + serde_json. release opt-level=z,
LTO, strip. Constructor Pattern: largest file check.rs 213 LOC (93 non-
test); every function under 30 LOC.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 21:00:01 +08:00

src

feat(primitives): 2 Rust verification cubes

2026-04-21 21:00:01 +08:00

Cargo.toml

feat(primitives): 2 Rust verification cubes

2026-04-21 21:00:01 +08:00