Fixed
- Treat sensitive filesystem reads as governed actions:
.env, private-key, cloud credential, SSH, and secret-like paths now force an ASK before content can be exposed throughfs.read. - Extended Hermes and proxy tool mapping for web aliases such as
web_extract,fetch_url,extract_url, andbrowser_navigateso they resolve toweb.fetchinstead of falling through to conservativehost.tool.*. - Reduced dogfood false positives for read-only diagnostics: path-qualified Python binaries, versioned
python3.x, safepython -m pipread-only commands, and Zeus module probes now classify as read-only when appropriate.
Added
zeus statusnow separates standing grants, replay authorizations, approval queue state, and the operator inbox so active authority is not confused with resolved approval history.- Replay authorization rows are queryable from the control-plane store for status and cockpit surfaces.
Evidence
ruffclean.- Product test suite passed without private live-host eval files:
.venv/bin/python -m pytest --ignore=tests/test_live_host_eval_tree.pypassed:1915tests. - Editable install smoke passed:
zeus-agent 1.0.0a3. - Fresh
zeus statussmoke renderedgrant_inventory,approval_queue, andoperator_inbox.
Private live-host eval scaffolding is intentionally not included in this release.