Gate x-callback recall to exportable memories#10
Merged
bob-codedaptive merged 1 commit intoJul 6, 2026
Merged
Conversation
Contributor
|
All contributors have signed the CLA. Thank you. |
Member
Author
|
I have read the CLA Document and I hereby sign the CLA |
bob-codedaptive
pushed a commit
that referenced
this pull request
Jul 6, 2026
…#10, #70) #10: Resolve the claude binary from known install locations (/usr/local/bin/claude, ~/.claude/local/claude) before falling back to unqualified PATH lookup. Prevents a malicious binary named "claude" earlier in PATH from being executed (Rust). #70: Plugin registration now fails closed when settings.json exists but can't be parsed as JSON. Previously fell back to empty dict and overwrote the user's settings. Now skips the write and relies on the backup already created (Swift). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
bob-codedaptive
pushed a commit
that referenced
this pull request
Jul 7, 2026
…#10) appendSensitivityAuditEntry was a no-op after the in-memory audit log removal. Grant lifecycle (issued/denied/revoked) and read-under- grant events were silently lost — ADR-025/FUP-C's guarantee that restricted/secret reads under a grant are auditable was broken. Now constructs an AuditEvent with the sensitivity verb and writes it through storage.auditLog.append(). The entries appear in the durable _storagekit_audit table and are visible via auditLog(for:). Rust: no change needed — sensitivity audit verbs are Swift-only (ADR-025 unlock not yet ported to Rust). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
recallroute allowed unauthenticated callers to invokemoot_memory_searchand receive non-public memory previews and IDs because no public/exportable filter was enforced.Description
filter = "exportable"for inbound x-callback-urlrecallrequests inMootURLRouter.route(_:using:)before calling the substrate, overriding any caller-supplied filter.recall verb forces exportable filter before routingtoIntentToolCallTests.swiftthat seeds a private default drawer and a public drawer then asserts the x-callback recall only returns the public/exportable drawer.recallverb routing logic.Testing
git diff --checkto validate whitespace and basic diffs (passed).swift test --filter URLRouterTests, but the test run was blocked by SwiftPM dependency fetch failures (HTTP 403 CONNECT tunnel errors) in the execution environment, so repository unit tests could not be fully executed here.Codex Task