Skip to content

Fix security audit findings and add license, MCP, scan modules#53

Merged
sheeki03 merged 12 commits intomainfrom
security-audit-fixes
Feb 24, 2026
Merged

Fix security audit findings and add license, MCP, scan modules#53
sheeki03 merged 12 commits intomainfrom
security-audit-fixes

Conversation

@sheeki03
Copy link
Owner

@sheeki03 sheeki03 commented Feb 24, 2026
edited by macroscopeapp bot
Loading

Summary

  • Fix security audit findings: fail-safe exit codes, interpreter allowlist, hardening
  • Add license, MCP, and scan modules with improved error handling
  • Bug fixes for schemeless URL detection, tokenizer, doctor, shell hooks

Test plan

  • All existing tests pass

🤖 Generated with Claude Code

Note

Adjust whitespace in security audit, license, MCP, and scan modules to address audit findings

Modify blank lines only across security audit, license, MCP, and scan modules.

📍Where to Start

Start with the primary entry point of the security audit module in security/audit/index.py.

Macroscope summarized d7a708e.

sheeki03 and others added 9 commits February 7, 2026 02:00
@sheeki03
Fix security audit findings: fail-safe exit codes, interpreter allowl…
9f2984c 
…ist, and hardening

Six security fixes from external audit:

- SEC-CRIT-01: Handle unexpected tirith exit codes in all shell hooks.
  Bash enter mode degrades to preexec; zsh/fish/PS warn+execute;
  all paste paths fail-closed (discard).
- SEC-HIGH-01: Interpreter allowlist in runner.rs — two-tier matching
  (exact names + versioned families like python3.11). Check runs before
  user confirmation prompt.
- SEC-HIGH-03: Bounded stdin read in paste.rs — 1 MiB cap via Read::take().
- SEC-HIGH-04: File permissions 0600 on audit log, receipts, cache, and
  last-trigger files (new files + legacy hardening via set_permissions).
- SEC-MED-03: SHA256 hex validation in receipt load/save/verify —
  prevents path traversal via crafted hash values.
- Short-hash panic guard: safe truncation via truncate_bytes() replaces
  all &sha256[..12] slice operations.

Also includes Issue #20 bash enter mode infrastructure (bind-x override,
startup health gate, persistent safe mode, degrade-to-preexec) and
CR normalization improvements from prior work on this branch.

Additional fixes:
- Fix audit test env var race (test OpenOptions pattern directly)
- Trim whitespace from XDG_STATE_HOME in state_dir()
- Bump version to 0.1.9

230 tests passing (148 unit + 44 integration + 18 golden + 17 policy + 3 CLI).
@sheeki03 @claude
Add --interactive flag to shell hooks for correct bypass policy
c8b0ba4 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Add inline bypass detection and self-invocation guard to engine
88dc267 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Fix doctor to check fish conf.d and all profile candidates
1cbe7ea 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Fix tokenizer to skip leading env assignments for command resolution
d5a1a54 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Fix schemeless URL false positives on output filenames
6922cfe 
Add command-aware output-flag skipping for curl (-o/--output) and wget
(-O/-OFILE/--output-document). Extract URLs from command+args instead
of raw segment text to avoid matching URLs in env-prefix values.

Add conservative non-TLD file extensions (.png, .jpg, .mp4, etc.) to
schemeless host exclusion list. Fixes issue #33.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Format bug fix code
db830c0 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 @claude
Fix schemeless detection false-negative for TLD-overlap domains with …
410e24f 
…paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03
Add license, MCP, and scan modules with improved error handling
cfb7d6a 
Add license tier system, MCP dispatcher, and file scan modules. Replace
silent `let _ =` error suppression with diagnostic eprintln messages in
audit logging and CLI output writers.
macroscopeapp[bot]
macroscopeapp bot reviewed Feb 24, 2026
View reviewed changes
sheeki03 and others added 2 commits February 24, 2026 22:42
@sheeki03
Merge remote-tracking branch 'origin/main' into security-audit-fixes
de444c8 
# Conflicts:
#	crates/tirith-core/src/audit.rs
#	crates/tirith-core/src/extract.rs
#	crates/tirith/assets/shell/lib/bash-hook.bash
#	shell/lib/bash-hook.bash
@sheeki03 @claude
Fix PR #53 review findings and merge main
c25f666 
- Merge origin/main (glibc fix, PowerShell panic fix, Chocolatey cleanup)
- Fix single & segment boundary in split_raw_words (security)
- Use exact match == "TIRITH=0" (prevents TIRITH=00 bypass)
- Skip flags in resolve_command_wrapper
- Remove dead code in is_tirith_command
- Remove quote-stripping from is_env_assignment
- Add sync_all before rename in receipt.rs
- Move rename inside write success block in last_trigger.rs
- Fix TOCTOU in doctor.rs reset_safe_mode

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
macroscopeapp[bot]
macroscopeapp bot reviewed Feb 24, 2026
View reviewed changes
@sheeki03 @claude
Merge main into security-audit-fixes, resolve conflicts
d7a708e 
Resolved 19 conflicts by keeping main's improved code. Replaced
engine.rs with main's version to fix duplicate function definitions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sheeki03 sheeki03 merged commit 901f0dd into main Feb 24, 2026
9 checks passed
@sheeki03 sheeki03 deleted the security-audit-fixes branch February 24, 2026 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sheeki03