agent

core/agent

History

Snider f293d48006 fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324 ) .core/reference/fs.go (canonical) + pkg/lib/workspace/default/.core/reference/fs.go (embedded copy): - Write/WriteAtomic/Create/Append default to 0600 - Parent directories use 0700 (was 0755) - WriteMode reapplies the requested mode after writes so overwriting an existing file also tightens permissions Test (pkg/lib/lib_test.go) keeps embedded fs.go synced with canonical + asserts extracted workspaces carry the secure permission defaults. tests/cli/extract copy not hand-edited — that flows from regeneration. Co-authored-by: Codex <noreply@openai.com> Closes tasks.lthn.sh/view.php?id=324		2026-04-25 04:19:30 +01:00
..
flow	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
persona	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
prompt	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
task	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
workspace	fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324 )	2026-04-25 04:19:30 +01:00
.DS_Store	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib.go	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib_example_test.go	revert `fcb9c189e5`	2026-04-23 12:32:57 +01:00
lib_test.go	fix(agent): tighten workspace file perms 0644→0600 to protect extracted secrets (Cerberus #324 )	2026-04-25 04:19:30 +01:00