e43b13335e
Closes remaining MEDIUM/LOW audit findings not in v0.19.0 security wave.
M1 — marker file 0600 perms (unix)
config.rs::write() applies chmod 0o600 after write, cfg(unix) gated.
Test marker_file_has_0600_perms_on_unix asserts mode & 0o777 == 0o600.
L9 — ANSI-escape sanitization
New module display.rs (27 LOC) — sanitize_display(&str) replaces
ASCII < 0x20 OR == 0x7F with '?', leaves space + unicode alone.
Applied in status.rs + attach.rs to brain_name / brain_path /
attached_at / client_type / config_path / mcp_path before print.
Test status_sanitizes_control_chars_in_brain_name asserts
sanitize_display('evil\x1b[2Jpayload') → 'evil?[2Jpayload'.
L12 — manifest size bound
brain_validate.rs const MAX_MANIFEST_BYTES = 64 * 1024; metadata
check before read_to_string. New Error::ManifestTooLarge { size, max }
with thiserror Display impl. Test manifest_too_large_rejected
writes 100 KB manifest, asserts error + marker not written.
Dead-code cleanup:
- Error::NotAttached: #[allow(dead_code)] + comment (reserved for
future detach subcommand when no marker exists)
- config::has_client: #[allow(dead_code)] + comment (reserved for
future multi-brain support)
- mount.rs / detach.rs: dropped unused ClientAdapter import
brain.rs module doc-comment expanded — lists all v0.19 invariants:
path confinement, symlink reject, name regex, 64 KiB manifest cap,
schema v1; notes v2 (multi-platform) lands in v0.20.
Tests: 16 existing + 3 new = 19/19 pass.
cargo check -p keisei: zero warnings in keisei crate.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| _rust | ||
| templates | ||
| design-scrape.sh | ||
| figma-tokens.sh | ||
| frontend-inspect.sh | ||
| harden-base.sh | ||
| kei-ci-lint.sh | ||
| kei-docs-scaffold.sh | ||
| kei-sleep-queue.sh | ||
| kei-sleep-setup.sh | ||
| kei-sleep-sync.sh | ||
| live-preview.sh | ||
| log-ship.sh | ||
| MANIFEST.toml | ||
| metrics-scrape.sh | ||
| provision-hetzner.sh | ||
| provision-vultr.sh | ||
| README.md | ||
| screenshot-decode.sh | ||
| tomd.sh | ||
_primitives — first-class building blocks
_primitives/ holds standalone utilities that agents, hooks, and skills
(including /compose-solution) depend on. Unlike _blocks/ (behavioral
markdown) or _manifests/ (agent TOML), primitives are executable shell
programs installed at $HOME/.claude/agents/_primitives/ by install.sh.
Current primitives
| Primitive | Purpose | Invocation |
|---|---|---|
tomd.sh |
Universal non-native-format → markdown converter (PDF, DOCX, XLSX, PPTX, CSV, images, code). | ~/.claude/agents/_primitives/tomd.sh <file> |
tomd.sh is ported from the KeiAgent project (user's personal CLI
predecessor) bin/keiagent-tomd — same format matrix, KeiSeiKit-style
error tags ([tomd]), configurable cache directory (KEISEI_TOMD_CACHE).
Hook integration
hooks/tomd-preread.sh is a PreToolUse(Read) hook that auto-redirects
Claude to the converted markdown when a Read targets .docx / .doc / .xlsx / .pptx / .csv. Cached under $KEISEI_TOMD_CACHE (default
/tmp/keisei-tomd-cache).
/compose-solution discovery
Phase 3 prior-art sweep greps _primitives/ alongside _blocks/,
_manifests/, skills/, _bridges/, hooks/. If a user task involves
file-format parsing, the meta-composer surfaces tomd automatically —
reuse over rewrite (RULE "No Patching").