core/agent
8
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions
agent/pkg
History
Snider f2b6ff29bd fix(agent): tighten directory perms in .core/reference/ siblings (Athena #988) 
Mantis #324 narrowly tightened fs.go from 0644/0755→0600/0700. Athena audit
during task #20 closure-verification (2026-04-25) found sibling files in the
same directory still using 0755 for MkdirAll, leaving parent dirs world-listable
even when file content is 0600.

This commit applies the same hardening to:
- .core/reference/error.go:393 — crash-report parent dir 0755→0700
- .core/reference/embed.go:514/567/656 — workspace template extract dirs 0755→0700
- .core/reference/embed.go:595/660 — os.Create→os.OpenFile(...0600) for
  template renders + standard-file copies (default umask 0644 was leaking
  workspace-template content to other users on shared hosts)
- pkg/lib/workspace/default/.core/reference/error.go:414 — same crash-report fix
- pkg/lib/workspace/default/.core/reference/embed.go:518/571/660 — same template fixes

Workspace-template duplicates are kept in sync so newly-scaffolded workspaces
inherit the hardened perms instead of regressing to 0755/0644.

Closes Mantis #988.

Co-authored-by: Codex <noreply@openai.com>
2026-04-25 16:29:28 +01:00
..
agentic feat(agent): batch — sprint MCP tools + cmd cleanup (#142 #225 #226 #227) 2026-04-25 14:55:23 +01:00
brain feat(agent/brain): adopt shared T1 client + propagate org through actions (#177) 2026-04-25 16:22:38 +01:00
lib fix(agent): tighten directory perms in .core/reference/ siblings (Athena #988) 2026-04-25 16:29:28 +01:00
messages revert fcb9c189e5 2026-04-23 12:32:57 +01:00
monitor fix(agent/monitor): AX-6 sweep on sync.go — net/url → core.URLEncode 2026-04-25 13:32:52 +01:00
runner revert fcb9c189e5 2026-04-23 12:32:57 +01:00
setup revert fcb9c189e5 2026-04-23 12:32:57 +01:00
.DS_Store revert fcb9c189e5 2026-04-23 12:32:57 +01:00