keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/scripts
History
KeiSei84 155d187699 refactor(kei-mcp): v0.46 — decompose safe_tools + fix CRITICAL Grok bypass 
ARCHITECTURAL FIXES (Constructor Pattern — file >200 LOC):

1. safe_tools.rs (738 LOC god-object) → safe_tools/ module (5 files):
   - mod.rs       (99 LOC) — descriptors + dispatch
   - env_guard.rs (79 LOC) — KillPgGuard RAII + apply_safe_env
   - path_guard.rs (166 LOC) — validate_path + canonicalize walk-up
   - chain_runner.rs (159 LOC) — hook chain loader/runner
   - exec.rs (222 LOC) — handle_bash/edit/write with O_NOFOLLOW

2. CRITICAL Grok bypass closed (Claude critic finding):
   - REMOVED env-based chain skip (CLAUDECODE / GROKCODE checks)
   - The skip assumed native PreToolUse would catch the call, but
     PreToolUse matchers fire on tool_name="Bash"|"Edit"|"Write" while
     MCP tools are named kei_bash/kei_edit/kei_write — so native hooks
     NEVER fire on MCP tool calls. The skip created an auth-bypass hole.
   - Chain now ALWAYS runs for kei_bash/kei_edit/kei_write.
   - Wire scripts (kei-mcp-wire-claude.sh + -grok.sh) updated: empty
     env block + comment explaining v0.46 rationale.

3. Fail-closed defaults (architecturally correct, not bandaid):
   - validate_path: empty allowed_roots() → ERROR (was silent disable)
   - load_chain: missing/empty section → ERROR unless KEI_POLICY_CHAIN_OPTIONAL=1

4. RAII guard for process-group cleanup:
   - KillPgGuard fires killpg on ANY exit path (success, error, timeout,
     panic) until explicitly disarmed. Replaces error-path-only killpg.

5. validate_path moved off tokio worker via spawn_blocking — was blocking
   syscalls in async context.

VERIFIED:
- cargo build --release → clean
- cargo test -p kei-mcp --release → 2 passed
- MCP smoke: chain fires under CLAUDECODE=1, GROKCODE=1, and no env
  (all three previously skipped; all three now block kei_bash on
  forbidden git push patterns).
- Safe commands still pass (kei_bash echo HELLO → HELLO returned).

README: substrate counts refreshed (105→110 Rust crates, v0.45→v0.46).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 14:00:16 +08:00
..
install-actionlint.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
kei-agent-cli.sh refactor(kei-mcp): v0.46 — decompose safe_tools + fix CRITICAL Grok bypass 2026-05-27 14:00:16 +08:00
kei-configure.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
kei-limits.sh feat(v0.44): pre-release audit — 1 CRITICAL + 4 HIGH + 4 MEDIUM patched (mirror of keigit 3b54f0b5) 2026-05-26 23:02:26 +08:00
kei-mcp-wire-agy.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
kei-mcp-wire-claude.sh refactor(kei-mcp): v0.46 — decompose safe_tools + fix CRITICAL Grok bypass 2026-05-27 14:00:16 +08:00
kei-mcp-wire-copilot.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
kei-mcp-wire-grok.sh refactor(kei-mcp): v0.46 — decompose safe_tools + fix CRITICAL Grok bypass 2026-05-27 14:00:16 +08:00
kei-mcp-wire-kimi.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
kei-mcp-wire.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
kei-message.sh feat(msg): /msg skill — read/write cross-session mailbox by @id (#42) 2026-05-24 14:38:26 +07:00
kei-onboard.sh feat(v0.45): onboarding wizard + 5 prod-install bugs (mirror of keigit 4bc40e8e) 2026-05-26 23:20:24 +08:00
kei-pick.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
keisei-pet-update.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
keisei-pet.sh fix(prod): restore exec bit on 14 scripts via git Data API (gh api PUT loses mode) 2026-05-26 22:05:32 +08:00
lint-workflows.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
new-atom.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
pre-commit-workflow-lint.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
precommit-counts-check.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00
regen-counts.sh fix(security): patent-leak + classical-safety audit fixes 2026-05-18 12:05:25 +08:00
validate-workflow-shas.sh KeiSeiKit-public — clean state 2026-05-01 12:09:03 +08:00