Mantis #324 narrowly tightened fs.go from 0644/0755→0600/0700. Athena audit
during task #20 closure-verification (2026-04-25) found sibling files in the
same directory still using 0755 for MkdirAll, leaving parent dirs world-listable
even when file content is 0600.
This commit applies the same hardening to:
- .core/reference/error.go:393 — crash-report parent dir 0755→0700
- .core/reference/embed.go:514/567/656 — workspace template extract dirs 0755→0700
- .core/reference/embed.go:595/660 — os.Create→os.OpenFile(...0600) for
template renders + standard-file copies (default umask 0644 was leaking
workspace-template content to other users on shared hosts)
- pkg/lib/workspace/default/.core/reference/error.go:414 — same crash-report fix
- pkg/lib/workspace/default/.core/reference/embed.go:518/571/660 — same template fixes
Workspace-template duplicates are kept in sync so newly-scaffolded workspaces
inherit the hardened perms instead of regressing to 0755/0644.
Closes Mantis #988.
Co-authored-by: Codex <noreply@openai.com>
.core/reference/fs.go (canonical) + pkg/lib/workspace/default/.core/reference/fs.go (embedded copy):
- Write/WriteAtomic/Create/Append default to 0600
- Parent directories use 0700 (was 0755)
- WriteMode reapplies the requested mode after writes so overwriting an
existing file also tightens permissions
Test (pkg/lib/lib_test.go) keeps embedded fs.go synced with canonical +
asserts extracted workspaces carry the secure permission defaults.
tests/cli/extract copy not hand-edited — that flows from regeneration.
Co-authored-by: Codex <noreply@openai.com>
Closes tasks.lthn.sh/view.php?id=324
Workspace prep now detects repo language and copies the right CODEX.md:
- Go repos get CODEX.md.tmpl (existing — Core primitives, banned imports)
- PHP repos get CODEX-PHP.md.tmpl (CorePHP patterns, lifecycle events,
Actions, BelongsToWorkspace, Flux Pro, FA Pro, UK English)
Added lib.WorkspaceFile() helper for reading individual template files.
Co-Authored-By: Virgil <virgil@lethean.io>
All dispatch prompts now instruct agents to read CODEX.md (mandatory
patterns) and .core/reference/docs/RFC.md (full API contract) before
starting work. These files were already in the workspace template but
agents were never told to read them.
Also fixes stale references: src/ → repo/, coreerr.E() → core.E().
Co-Authored-By: Virgil <virgil@lethean.io>
QA gate failed because cloned repos weren't in a Go workspace.
Extract default template (including go.work with use ./repo)
into workspace dir before cloning. Fixes go test isolation.
Co-Authored-By: Virgil <virgil@lethean.io>
Move all tests from tests/ to package root for proper coverage.
Fix Fs zero-value: path() and validatePath() default empty root
to "/" so &Fs{} works without New().
New tests: PathGlob, PathIsAbs, CleanPath, Cli.SetOutput,
ServiceShutdown, Core.Context, Fs zero-value, Fs protected
delete, Command lifecycle with implementation, error formatting
branches, PerformAsync completion/no-handler/after-shutdown,
Extract with templates, Embed path traversal.
Coverage: 76.9% → 82.3% (23 test files, 82 new test cases).
Co-Authored-By: Virgil <virgil@lethean.io>
Codex agents are sandboxed to src/ and don't get ~/Code/go.work.
This template creates a go.work with `use .` so the Go toolchain
works in workspace mode inside the sandbox.
Co-Authored-By: Virgil <virgil@lethean.io>
Was skipping directories entirely (`if entry.IsDir() { continue }`),
so .core/reference/ and its contents were never extracted.
Replaced fs.ReadDir loop with fs.WalkDir to handle nested dirs.
Added tests: CreatesFiles, CreatesSubdirectories, TemplateSubstitution.
Co-Authored-By: Virgil <virgil@lethean.io>
Inline instructions for Codex agents — no spec references,
just the actual rules with code examples. Extracted into every
workspace automatically.
Co-Authored-By: Virgil <virgil@lethean.io>
Reference files (.core/reference/) are now part of the embedded
workspace template. ExtractWorkspace extracts them automatically —
no hardcoded filesystem paths, ships with the binary.
Co-Authored-By: Virgil <virgil@lethean.io>
- Module path: dappco.re/go/agent
- Core import: dappco.re/go/core v0.4.7
- Process service re-enabled with new Core API
- Plugin bumped to v0.11.0
- Directory flattened from go/ to root
Co-Authored-By: Virgil <virgil@lethean.io>
