Skip to content

Gate x-callback recall to exportable memories#10

Merged
bob-codedaptive merged 1 commit into
stable/1.0.xfrom
codex/fix-unauthenticated-recall-vulnerability
Jul 6, 2026
Merged

Gate x-callback recall to exportable memories#10
bob-codedaptive merged 1 commit into
stable/1.0.xfrom
codex/fix-unauthenticated-recall-vulnerability

Conversation

@bob-codedaptive

Copy link
Copy Markdown
Member

Motivation

  • The x-callback-url recall route allowed unauthenticated callers to invoke moot_memory_search and receive non-public memory previews and IDs because no public/exportable filter was enforced.
  • The change enforces the same public/exportable privacy gate used by the App Intent path so that cross-app callbacks cannot leak private/default memories.

Description

  • Force filter = "exportable" for inbound x-callback-url recall requests in MootURLRouter.route(_:using:) before calling the substrate, overriding any caller-supplied filter.
  • Add a regression test recall verb forces exportable filter before routing to IntentToolCallTests.swift that seeds a private default drawer and a public drawer then asserts the x-callback recall only returns the public/exportable drawer.
  • Preserve existing verb allowlist and callback-scheme gating; the change only applies to the recall verb routing logic.

Testing

  • Ran git diff --check to validate whitespace and basic diffs (passed).
  • Added and ran the URL router regression test group via swift test --filter URLRouterTests, but the test run was blocked by SwiftPM dependency fetch failures (HTTP 403 CONNECT tunnel errors) in the execution environment, so repository unit tests could not be fully executed here.
  • The new unit test exercises the router against the in-memory TestBridge and is included for CI to validate in a network-enabled environment.

Codex Task

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

All contributors have signed the CLA. Thank you.
Posted by the CLA Assistant Lite bot.

@bob-codedaptive

Copy link
Copy Markdown
Member Author

I have read the CLA Document and I hereby sign the CLA

@bob-codedaptive bob-codedaptive merged commit 74930cf into stable/1.0.x Jul 6, 2026
@bob-codedaptive bob-codedaptive deleted the codex/fix-unauthenticated-recall-vulnerability branch July 6, 2026 14:45
bob-codedaptive pushed a commit that referenced this pull request Jul 6, 2026
…#10, #70)

#10: Resolve the claude binary from known install locations
(/usr/local/bin/claude, ~/.claude/local/claude) before falling
back to unqualified PATH lookup. Prevents a malicious binary
named "claude" earlier in PATH from being executed (Rust).

#70: Plugin registration now fails closed when settings.json exists
but can't be parsed as JSON. Previously fell back to empty dict
and overwrote the user's settings. Now skips the write and relies
on the backup already created (Swift).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
bob-codedaptive pushed a commit that referenced this pull request Jul 7, 2026
…#10)

appendSensitivityAuditEntry was a no-op after the in-memory audit
log removal. Grant lifecycle (issued/denied/revoked) and read-under-
grant events were silently lost — ADR-025/FUP-C's guarantee that
restricted/secret reads under a grant are auditable was broken.

Now constructs an AuditEvent with the sensitivity verb and writes
it through storage.auditLog.append(). The entries appear in the
durable _storagekit_audit table and are visible via auditLog(for:).

Rust: no change needed — sensitivity audit verbs are Swift-only
(ADR-025 unlock not yet ported to Rust).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant