Skip to content

fix: remediate all 56 adversarial-audit findings (2026-07-08)#127

Merged
arzafran merged 1 commit into
mainfrom
fix/adversarial-audit-2026-07-08
Jul 8, 2026
Merged

fix: remediate all 56 adversarial-audit findings (2026-07-08)#127
arzafran merged 1 commit into
mainfrom
fix/adversarial-audit-2026-07-08

Conversation

@arzafran

@arzafran arzafran commented Jul 8, 2026

Copy link
Copy Markdown
Member

What this does

Fixes everything the 2026-07-08 adversarial codebase audit found — the failed-install data-loss trap, the engine switch that silently never applied, handoffs that saved empty stubs and bled across projects, and ~40 smaller correctness, security-honesty, and doc-drift defects. The full audit report ships in this PR (docs/audits/codebase-audit-2026-07-08.md) with a stable ID per finding; every change below cites its ID.

Summary

Installer/merge — H7: --rollback backup now snapshots every directory cleanOldConfig wipes. H8/H9: CC_CODE_INTEL_ENGINE changes now propagate on re-install (stale cc-settings output no longer masquerades as a user edit) and settings.json + ~/.claude.json get the same tldr definition. M10/L8: light-tier strip is per-command with canonicalKey identity. M9: array-default merge gap documented as a known limitation.

Hooks — H6: all statusline git spawns timeout-bounded. M7: pre-edit-validate header matches its Edit-only wiring (Write inputs lack old_string; wiring it would break new-file creation). M8/L4/L5/L6: threshold text derived from the env var, correct session-id fallback, schema-validated cache reads, most-recent-20 file cap.

Scripts — H10: hook-driven handoffs auto-populate branch/files/commits and are marked source: auto; skill doc now states auto-vs-manual content. H11: handoff store project-scoped with legacy-path fallback (plus session-start cleanup and post-compact lookup updated to the new layout). M17/M18/M20/L11/L12/L13: regex, exit-code, gate-output-capture, and listing-resilience fixes.

Security — H12: SECURITY.md states the fingerprint's true scope (hooks block only) and audit:hooks now also scans env and mcpServers against the suspicious patterns. M21/M22: deny rules added for git push --force/git branch -D and Edit/MultiEdit on settings.json. M19/M23: one canonical src/lib/redact.ts (superset patterns) replaces three divergent redactors; falsy-zero parseInt fixed.

Definitions — H2/H13/H14/M2: maestro, oracle, qa, deslopper can now execute their own documented workflows (tool grants fixed; oracle's explore binding removed so its fork keeps the full toolset). H3/H4: reviewer + security-reviewer no longer use isolation: worktree, which made them blind to the diff they review. L1: profiles pin opus[1m].

Schemas/linters — M11/M12/M15/L10: typed agent fields, one shared slug regex, angle-bracket scan for agents+profiles, shared frontmatter regex. Generated schemas re-emitted.

Docs — H1/H5/M3/M4/M5/M6/M14/M16/M24/L2/L3/L7/L9/M13: tables and claims re-synced to reality (hooks reference, model routing incl. codex-verifier, skill counts 37, Sanity MCP moved to optional, guardrails claim tsc-only, upstream scanner described honestly).

Tests/CI — M25/M26/L14/L15/L16: behavioral tests for pre-edit-validate + delegation-detector, dead manual-sync.sh deleted, lint:knowledge CI step now lints a real fixture, two test-truth fixes. Net +10 test files.

Deferred by design (documented in the report's design tensions): provenance-manifest merge redesign (T1), fingerprint scope extension (T2), upstream-scanner live fetch. A Codex cross-model pass was attempted but the CLI hung; the report is Claude-verified only (every finding independently re-traced by a second adversarial pass before fixing).

Test Plan

  • bun run typecheck clean
  • bun test — 843 pass / 0 fail (was 777; +66 from new coverage)
  • bun run lint — exit 0, only the 4 pre-existing warnings
  • bun run lint:skills / lint:agents / lint:profiles — 0 errors
  • bun run compose + bun run schemas:emit — clean, regenerated output committed
  • config/40-hooks.json untouched — no fingerprint churn for existing installs

…se audit

Fixes every CONFIRMED/PLAUSIBLE finding from docs/audits/codebase-audit-2026-07-08.md
(committed alongside): 14 high, 26 medium, 16 low, IDs cited per-change in the PR.

Highlights: --rollback backup now covers everything cleanOldConfig wipes (H7);
code-intel engine swaps propagate past the first install and both MCP surfaces
agree (H8/H9); handoffs are project-scoped with auto-populated content (H10/H11);
statusline git spawns are all timeout-bounded (H6); SECURITY.md now states the
fingerprint's true scope and audit:hooks scans env+mcpServers too (H12);
reviewer/security-reviewer lost their diff-blinding worktree isolation (H3/H4);
maestro/oracle/qa/deslopper tool grants match their documented workflows
(H2/H13/H14/M2); one shared redactSecrets supersedes three divergent pattern
sets (M23); shared slug regex across all schemas (M12); doc tables re-synced to
reality across MANUAL, README, hooks-reference, agent-models,
frontmatter-reference (H1/H5/M3-M6/M24/L2/L3).

Deferred by design (documented in the report): the provenance-manifest merge
redesign (tension T1), fingerprint scope extension (T2), and upstream-scanner
live fetch (M13) — docs now state actual behavior.
@arzafran arzafran merged commit a3c21a8 into main Jul 8, 2026
15 checks passed
@arzafran arzafran deleted the fix/adversarial-audit-2026-07-08 branch July 8, 2026 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant