Bug fixes:
- Fix box() calls: set color-pair before box, pass ACS default chtype integers
- Fix markdown functions: move to passepartout.channel-tui package where
Croatoan is imported; use add-attributes/remove-attributes instead of
:bold/:underline kwargs to add-string; call theme-color in gate-trace-lines
to convert theme keys to Croatoan colors
- Fix sandbox: remove dex:get/dex:post from restricted symbols
(blocked neuro-provider from loading)
- Export *log-lock* from passepartout (was unbound in jailed skill packages)
- Fix configure: always deploy to XDG, skip cp when source==dest
- Fix bash crash handler format string (~~ escaping)
- Revert test reorder in 28 files (caused package leakage in skill loader)
Design cleanup:
- Extract tui-run-screen from tui-main for clean separation
- Remove inject-stimulus alias
- Merge *backend-registry* into *probabilistic-backends*
- Fix read-framed-message whitespace DoS (4096-iteration max)
- Add *read-eval* nil to dispatcher-approvals-process read-from-string
audit-verify-hash counts total objects and those with missing/empty
hashes. /audit verify uses it to report VERIFY PASS or MISSING
HASHES count. fboundp-guarded.
- core-memory: audit-verify-hash fn, 1 test
- channel-tui-main: updated /audit verify handler
- Core: 90/90 TUI Main: 102/102
Wrap read-from-string/read with (let ((*read-eval* nil)) ...) at three
untrusted-input code paths:
1. think() in core-loop-reason — LLM output parsing. LLM output is
untrusted by definition; #.(shell ...) in a response must not execute.
2. action-system-execute in core-loop-act — :system :eval path processes
untrusted payload code from the signal pipeline.
3. load-memory-from-disk in core-memory — memory.snap file could be
corrupted or planted in ~/, must not execute #. reader macros.
Adds test-read-eval-rce-blocked to pipeline-reason-suite: mocks a
backend returning malicious output containing #.(setf ...), verifies
no side effects occur and safe fallback is returned.
RED proof recorded: *read-eval* T + #.(setf ...) → :PWNED (RCE active)
GREEN proof: *read-eval* NIL → reader-error caught (RCE blocked)
Test: reason 12/0, full suite 88/0
- Added ;; REPL-VERIFIED: comments to all 164 definition blocks across 30 org files
- Split 32 multi-definition blocks into one-per-block (one function per block)
- Added Org headlines to 45 blocks missing prose-before-code
- verify-repl now returns PASS on entire org/ directory
- system-context-manager (new skill): stack-based project focusing with
push-context/pop-context, path resolution relative to base path, and
scope-aware memory queries via context-scoped-query.
- core-memory: add :scope slot to memory-object struct (default :memex).
- core-memory: ingest-ast accepts &key (scope :memex), propagates to children.
- core-context: context-query accepts :scope parameter for filtering.
- DEFECT FIX: renamed org-object-* accessors to memory-object-*
across core-context, security-dispatcher, tests, and defpackage exports.
The struct was renamed but accessor references were never updated —
the code referenced nonexistent functions.
- New system-event-orchestrator skill with hook registry, cron registry, and tier classifier
- Three dispatch tiers: :reflex (no LLM), :cognition (light), :reasoning (full)
- Org-mode timestamp parsing for repeat patterns (+1w, +1d, +1m)
- Registers on heartbeat via defskill, dispatches due cron jobs
- Fix all remaining harness-log → log-message references across org files
