amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

REFAC: Shift terminology to Autonomy and harden CLI via socat

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-14 09:37:40 -04:00
parent b1656d0835
commit da0919149e
59 changed files with 201 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/rca/rca-shell-hardening.org
View File

@@ -1,6 +1,6 @@
#+TITLE: Root Cause Analysis: Shell Actuator Security Hardening
#+DATE: 2026-04-11
#+FILETAGS: :rca:security:shell:injection:psf:
#+FILETAGS: :rca:security:shell:injection:autonomy:
* Executive Summary
During the formal verification of the `org-skill-shell-actuator`, a critical command injection vulnerability was identified and patched. The previous implementation relied on a naive whitelist check that could be bypassed using shell metacharacters.
@@ -23,7 +23,7 @@ The `execute-shell-safely` function only checked the first space-delimited word
** Resolution
Added the `in-package` header to `shell-logic.lisp`.
* 3. PSF Mandate Alignment
* 3. org-agent Mandate Alignment
** Invariant Check
- *High-Integrity Memory:* The shell actuator is now formally verified with 4 new unit tests covering whitelist enforcement and injection blocking.
- *Literate Programming:* Updated `org-skill-shell-actuator.org` Phase A and Build sections to reflect the hardened logic.