agent

core/agent

History

Snider f2b6ff29bd fix(agent): tighten directory perms in .core/reference/ siblings (Athena #988 ) Mantis #324 narrowly tightened fs.go from 0644/0755→0600/0700. Athena audit during task #20 closure-verification (2026-04-25) found sibling files in the same directory still using 0755 for MkdirAll, leaving parent dirs world-listable even when file content is 0600. This commit applies the same hardening to: - .core/reference/error.go:393 — crash-report parent dir 0755→0700 - .core/reference/embed.go:514/567/656 — workspace template extract dirs 0755→0700 - .core/reference/embed.go:595/660 — os.Create→os.OpenFile(...0600) for template renders + standard-file copies (default umask 0644 was leaking workspace-template content to other users on shared hosts) - pkg/lib/workspace/default/.core/reference/error.go:414 — same crash-report fix - pkg/lib/workspace/default/.core/reference/embed.go:518/571/660 — same template fixes Workspace-template duplicates are kept in sync so newly-scaffolded workspaces inherit the hardened perms instead of regressing to 0755/0644. Closes Mantis #988. Co-authored-by: Codex <noreply@openai.com>		2026-04-25 16:29:28 +01:00
..
flow	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
persona	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
prompt	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
task	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
workspace	fix(agent): tighten directory perms in .core/reference/ siblings (Athena #988 )	2026-04-25 16:29:28 +01:00
.DS_Store	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib.go	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib_example_test.go	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib_test.go	fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324 )	2026-04-25 04:19:30 +01:00