core/agent
8
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions
agent/pkg
History
Snider f293d48006 fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324) 
.core/reference/fs.go (canonical) + pkg/lib/workspace/default/.core/reference/fs.go (embedded copy):
- Write/WriteAtomic/Create/Append default to 0600
- Parent directories use 0700 (was 0755)
- WriteMode reapplies the requested mode after writes so overwriting an
  existing file also tightens permissions

Test (pkg/lib/lib_test.go) keeps embedded fs.go synced with canonical +
asserts extracted workspaces carry the secure permission defaults.

tests/cli/extract copy not hand-edited — that flows from regeneration.

Co-authored-by: Codex <noreply@openai.com>
Closes tasks.lthn.sh/view.php?id=324
2026-04-25 04:19:30 +01:00
..
agentic fix(agent): purge sync.Once from pkg/agentic via core.Once (§14A) 2026-04-25 00:58:49 +01:00
brain feat(ax-10): bring agent to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:48:34 +01:00
lib fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324) 2026-04-25 04:19:30 +01:00
messages revert fcb9c189e5 2026-04-23 12:32:57 +01:00
monitor feat(ax-10): bring agent to v0.8.0-alpha.1 + CLI test scaffold 2026-04-24 23:48:34 +01:00
runner revert fcb9c189e5 2026-04-23 12:32:57 +01:00
setup revert fcb9c189e5 2026-04-23 12:32:57 +01:00
.DS_Store revert fcb9c189e5 2026-04-23 12:32:57 +01:00