keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_primitives
History
Parfii-bot fdb6939015 fix(provision/b4): exec.rs redacts args + truncates stderr 
MEDIUM info-disclosure: run_json_strict + run_void formatted error
messages with full argv + full stderr. Today argv has no secrets
(env-only per RULE 0.8) but:
- Future refactor could pass --api-key inline → secret in logs
- vultr-cli stderr echoes request URLs with query params → enumeration

Fix:
- redact_args() → "bin_name <N args>" (argv hidden)
- truncate_stderr() → first 200 chars + "... (truncated)", UTF-8 safe
- Docstring: // DO NOT pass secrets as CLI args — env-only per RULE 0.8

Tests: 11/11 (was 8, +3: redaction asserts no argv in error, stderr
truncation + Cyrillic UTF-8 safety)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 05:30:33 +08:00
..
_rust fix(provision/b4): exec.rs redacts args + truncates stderr 2026-04-23 05:30:33 +08:00
templates fix: remove genesis-scan from public kit (internal tool, Bundle-only) 2026-04-22 14:11:22 +08:00
design-scrape.sh feat(primitives): 5 shell primitives — design-scrape, live-preview, figma-tokens, frontend-inspect, screenshot-decode 2026-04-21 21:07:45 +08:00
figma-tokens.sh feat(primitives): 5 shell primitives — design-scrape, live-preview, figma-tokens, frontend-inspect, screenshot-decode 2026-04-21 21:07:45 +08:00
frontend-inspect.sh feat(primitives): 5 shell primitives — design-scrape, live-preview, figma-tokens, frontend-inspect, screenshot-decode 2026-04-21 21:07:45 +08:00
harden-base.sh feat(primitives): 3 shell provisioning + hardening 2026-04-21 20:59:38 +08:00
kei-ci-lint.sh feat(primitives): kei-ci-lint workflow YAML validator 2026-04-21 20:56:24 +08:00
kei-docs-scaffold.sh feat(primitives): kei-docs-scaffold shell + kei-changelog Rust 2026-04-21 21:01:28 +08:00
kei-sleep-queue.sh fix: remove genesis-scan from public kit (internal tool, Bundle-only) 2026-04-22 14:11:22 +08:00
kei-sleep-setup.sh feat(primitives): kei-sleep-setup wizard + kei-sleep-sync helper + trigger template 2026-04-22 01:34:42 +08:00
kei-sleep-sync.sh feat(primitives): kei-sleep-setup wizard + kei-sleep-sync helper + trigger template 2026-04-22 01:34:42 +08:00
live-preview.sh feat(primitives): 5 shell primitives — design-scrape, live-preview, figma-tokens, frontend-inspect, screenshot-decode 2026-04-21 21:07:45 +08:00
log-ship.sh feat(primitives): metrics-scrape + log-ship shell primitives 2026-04-21 20:41:17 +08:00
MANIFEST.toml feat(v0.21): kei-store real S3 backend behind opt-in 's3' feature flag 2026-04-22 17:59:11 +08:00
metrics-scrape.sh feat(primitives): metrics-scrape + log-ship shell primitives 2026-04-21 20:41:17 +08:00
provision-hetzner.sh feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners 2026-04-23 03:43:40 +08:00
provision-vultr.sh feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners 2026-04-23 03:43:40 +08:00
README.md fix(audit-m): tomd cache path-salt; bridges respects rollback; rollback rm-rf guard; placeholder URLs; research skill role-tag note; stack frontend-gap doc 2026-04-21 20:09:24 +08:00
screenshot-decode.sh feat(primitives): 5 shell primitives — design-scrape, live-preview, figma-tokens, frontend-inspect, screenshot-decode 2026-04-21 21:07:45 +08:00
tomd.sh fix(primitives): make pandoc a per-format dep, not a core prereq 2026-04-21 19:53:05 +08:00

README.md

_primitives — first-class building blocks

_primitives/ holds standalone utilities that agents, hooks, and skills (including /compose-solution) depend on. Unlike _blocks/ (behavioral markdown) or _manifests/ (agent TOML), primitives are executable shell programs installed at $HOME/.claude/agents/_primitives/ by install.sh.

Current primitives

Primitive Purpose Invocation
tomd.sh Universal non-native-format → markdown converter (PDF, DOCX, XLSX, PPTX, CSV, images, code). ~/.claude/agents/_primitives/tomd.sh <file>

tomd.sh is ported from the KeiAgent project (user's personal CLI predecessor) bin/keiagent-tomd — same format matrix, KeiSeiKit-style error tags ([tomd]), configurable cache directory (KEISEI_TOMD_CACHE).

Hook integration

hooks/tomd-preread.sh is a PreToolUse(Read) hook that auto-redirects Claude to the converted markdown when a Read targets .docx / .doc / .xlsx / .pptx / .csv. Cached under $KEISEI_TOMD_CACHE (default /tmp/keisei-tomd-cache).

/compose-solution discovery

Phase 3 prior-art sweep greps _primitives/ alongside _blocks/, _manifests/, skills/, _bridges/, hooks/. If a user task involves file-format parsing, the meta-composer surfaces tomd automatically — reuse over rewrite (RULE "No Patching").