passepartout/lisp at v0.3.1 - passepartout - Gitea: Git with a cup of tea

amr/passepartout

Files

History

Amr Gharbeia a31f19045a

Deploy (Gitea) / deploy (push) Failing after 3s

Details

v0.3.1: eliminate RCE via *read-eval* nil (Parser RCE Elimination)

Wrap read-from-string/read with (let ((*read-eval* nil)) ...) at three
untrusted-input code paths:

1. think() in core-loop-reason — LLM output parsing. LLM output is
   untrusted by definition; #.(shell ...) in a response must not execute.

2. action-system-execute in core-loop-act — :system :eval path processes
   untrusted payload code from the signal pipeline.

3. load-memory-from-disk in core-memory — memory.snap file could be
   corrupted or planted in ~/, must not execute #. reader macros.

Adds test-read-eval-rce-blocked to pipeline-reason-suite: mocks a
backend returning malicious output containing #.(setf ...), verifies
no side effects occur and safe fallback is returned.

RED proof recorded: *read-eval* T + #.(setf ...) → :PWNED (RCE active)
GREEN proof:    *read-eval* NIL → reader-error caught (RCE blocked)

Test: reason 12/0, full suite 88/0

2026-05-06 16:38:59 -04:00

..

core-communication.lisp

Release v0.3.0 — Event Orchestration, Human-in-the-Loop, Daily-Driver TUI

2026-05-06 15:50:20 -04:00

core-context.lisp

docs: add Contract sections + tag tests to contract items (Tier 2 — 10 files)

2026-05-05 12:19:25 -04:00

core-defpackage.lisp

v0.3.0: finish Async Embedding Gateway — mark-vector-stale, cron, defskill, ROADMAP updates

2026-05-05 18:24:08 -04:00

core-loop-act.lisp

v0.3.1: eliminate RCE via *read-eval* nil (Parser RCE Elimination)

2026-05-06 16:38:59 -04:00

core-loop-perceive.lisp

docs: add Contract sections + tag tests to contract items (Tier 2 — 10 files)

2026-05-05 12:19:25 -04:00

core-loop-reason.lisp

v0.3.1: eliminate RCE via *read-eval* nil (Parser RCE Elimination)

2026-05-06 16:38:59 -04:00

core-loop.lisp

docs: add Contract sections + tag tests to contract items (Tier 2 — 10 files)

2026-05-05 12:19:25 -04:00

core-memory.lisp

v0.3.1: eliminate RCE via *read-eval* nil (Parser RCE Elimination)

2026-05-06 16:38:59 -04:00

core-skills.lisp

fix: skill loader preserves test-package in-package forms, un-jail security-dispatcher

2026-05-05 19:16:57 -04:00

gateway-cli.lisp

Release v0.3.0 — Event Orchestration, Human-in-the-Loop, Daily-Driver TUI

2026-05-06 15:50:20 -04:00

gateway-messaging.lisp

fix: 12 pre-existing test bugs — 180/185 pass

2026-05-05 20:06:21 -04:00

gateway-tui-main.lisp

Release v0.3.0 — Event Orchestration, Human-in-the-Loop, Daily-Driver TUI

2026-05-06 15:50:20 -04:00

gateway-tui-model.lisp

fix: 6 quality-of-life fixes — 0 remaining failures in core suites

2026-05-06 11:40:08 -04:00

gateway-tui-view.lisp

v0.3.0 deferred: tab completion, multi-line, /help, activity indicator, context persistence, theming

2026-05-05 18:02:50 -04:00

programming-lisp.lisp

tier3: contracts + tests for 12 remaining modules (all 39 files now have Contracts)

2026-05-05 12:36:42 -04:00

programming-literate.lisp

fix: final 4 pre-existing test bugs — 184/0, 0 failures

2026-05-05 20:48:58 -04:00

programming-org.lisp

fix: pre-existing paren imbalances in programming-org and system-archivist tests

2026-05-05 16:25:28 -04:00

programming-repl.lisp

fix: 12 pre-existing test bugs — 180/185 pass

2026-05-05 20:06:21 -04:00

programming-standards.lisp

tests: fix dead test suite (export list, stale duplicates, 14/14 pass)

2026-05-05 09:36:17 -04:00

security-dispatcher.lisp

security: contracts + tests for all 5 security modules (87→123 checks)

2026-05-05 12:08:12 -04:00

security-permissions.lisp

security: contracts + tests for all 5 security modules (87→123 checks)

2026-05-05 12:08:12 -04:00

security-policy.lisp

security: contracts + tests for all 5 security modules (87→123 checks)

2026-05-05 12:08:12 -04:00

security-validator.lisp

security: contracts + tests for all 5 security modules (87→123 checks)

2026-05-05 12:08:12 -04:00

security-vault.lisp

security: contracts + tests for all 5 security modules (87→123 checks)

2026-05-05 12:08:12 -04:00

system-actuator-shell.lisp

feat(v0.3.0): Event Orchestrator skill

2026-05-02 22:36:39 -04:00

system-archivist.lisp

fix: final 4 pre-existing test bugs — 184/0, 0 failures

2026-05-05 20:48:58 -04:00

system-config.lisp

fix: setup wizard non-interactive safe, TUI script daemon detection + timing

2026-05-05 14:26:27 -04:00

system-context-manager.lisp

fix: 12 pre-existing test bugs — 180/185 pass

2026-05-05 20:06:21 -04:00

system-diagnostics.lisp

fix: final 4 pre-existing test bugs — 184/0, 0 failures

2026-05-05 20:48:58 -04:00

system-event-orchestrator.lisp

remediation: backfill v0.1.0/v0.2.0 gaps (P0+P1)

2026-05-03 10:43:14 -04:00

system-integration-tests.lisp

tests: TUI integration + cascade parsing — precise LLM diagnostics

2026-05-06 08:56:07 -04:00

system-memory.lisp

fix: add (in-package :passepartout) to 5 skill files missing it

2026-05-04 18:34:33 -04:00

system-model-embedding.lisp

v0.3.0: finish Async Embedding Gateway — mark-vector-stale, cron, defskill, ROADMAP updates

2026-05-05 18:24:08 -04:00

system-model-explorer.lisp

tier3: contracts + tests for 12 remaining modules (all 39 files now have Contracts)

2026-05-05 12:36:42 -04:00

system-model-provider.lisp

fix: cl-dotenv quote contamination breaks provider cascade parsing

2026-05-06 08:26:57 -04:00

system-model-router.lisp

fix: cl-dotenv quote contamination breaks provider cascade parsing

2026-05-06 08:26:57 -04:00

system-model.lisp

rename gateway-* → system-model-* + gateway-messaging, de-ollama, add system-model-explorer

2026-05-04 09:58:59 -04:00

system-self-improve.lisp

fix: system-self-improve — complete self-edit with tangle+reload, fix self-repair

2026-05-03 14:49:13 -04:00