Restore SecurityValidator pattern shipping and yaml manifest (#158)#159
Merged
virtualian merged 1 commit intomainfrom Apr 26, 2026
Merged
Restore SecurityValidator pattern shipping and yaml manifest (#158)#159virtualian merged 1 commit intomainfrom
virtualian merged 1 commit intomainfrom
Conversation
Two independent regressions had silently fail-opened SecurityValidator since v4.0.0+:
1. yaml package not resolvable from ~/.pai/hooks/ — Bun resolves dynamic
await import('yaml') relative to the script file. PR #156 silenced the
import-time crash with lazy-load + try/catch, but parseYaml permanently
resolved to null, so loadPatterns() returned the empty fail-open config.
2. patterns.example.yaml was no longer shipped under Releases/v4.0.3+/.
Last canonical copy lived under Releases/v3.0/.claude/skills/PAI/.
Even with yaml resolvable, getPatternsPath() returned null and
loadPatterns() fell through to the no-patterns fail-open branch.
This commit is the runtime/Releases-backport scope (option 1 of three).
Restores both shipping artefacts and adds a behaviour-test harness so the
regression cannot return silently. Installer wiring (a new step that copies
package.json to the runtime root and runs bun install there, plus
materializing the PAI/PAISECURITYSYSTEM/ subtree) is deferred to a follow-up
issue.
Files:
- Releases/v4.0.3+/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml
(restored verbatim from Releases/v3.0/, version 1.0; path mirrors
codePath('PAI', 'PAISECURITYSYSTEM', ...) under the v4 two-root layout)
- Releases/v4.0.3+/.claude/package.json (declares yaml ^2.0.0)
- Tools/verify-security-validator.sh (8 checks: 4 prerequisites, 4 hook
scenarios — block, zero-access, allow, confirm)
Verified locally: harness reports PASS=8 FAIL=0; filesystem-destruction
patterns block with exit 2, Read of zero-access SSH key paths blocks with
exit 2, safe commands continue, force-push patterns prompt for
confirmation. Fail-open paths from #156 still degrade gracefully when
yaml or patterns.example.yaml is missing.
SecurityValidator.hook.ts itself is unchanged.
Refs #156 #157
3 tasks
virtualian
added a commit
that referenced
this pull request
Apr 27, 2026
…) (#161) Closes the regression chain #156 → #157 → #158 → #159 → #160. New `migratePaiRuntime` helper copies `~/.claude/{package.json,bun.lock}` and `~/.claude/PAI/PAISECURITYSYSTEM/` into `~/.pai/`, then runs `bun install` if `node_modules/yaml/` is absent or the manifest was just refreshed. Adds `tryExecAt` (structured cwd, no shell) to `exec.ts`. Tracks `Releases/v4.0.3+/.claude/bun.lock` for reproducible installs (pins yaml@2.8.3). Soft-fails per sub-routine — failures surface via `Tools/verify-security-validator.sh` rather than aborting the install. After this lands, a fresh-machine install passes the verify script PASS=8 FAIL=0 with no manual setup. - New: `Releases/v4.0.3+/.claude/PAI-Install/engine/pai-runtime-migration.ts` - New: `Releases/v4.0.3+/.claude/bun.lock` - Edit: `actions.ts` — invoke from `runRepository` after `migratePerPackCommands`, both fresh-install and upgrade paths - Edit: `exec.ts` — add `tryExecAt` for shell-free subprocess calls
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #158. SecurityValidator has been silently fail-open since v4.0.0+ due to two independent regressions: (a) the
yamlpackage was not resolvable from~/.pai/hooks/, soparseYamlpermanently returnednull; and (b)patterns.example.yamlwas no longer shipped, soloadPatterns()returned the no-patterns fail-open config. Either alone leaves the hook permissive; both must be fixed.This PR is the runtime/Releases backport scope (option 1 of three considered). It restores both shipping artefacts so that future installs ship the right files, and adds a behaviour-test harness so the regression cannot return silently. Installer wiring (the new step that would copy
package.jsonto~/.pai/and runbun installthere) is deferred to a follow-up issue, since the existing installer architecture has no PAI/-tree materialization mechanism today.Changes
Releases/v4.0.3+/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml— restored fromReleases/v3.0/.claude/skills/PAI/PAISECURITYSYSTEM/patterns.example.yaml(verbatim, version 1.0). Path mirrorscodePath('PAI', 'PAISECURITYSYSTEM', 'patterns.example.yaml')under the v4 two-root layout.Releases/v4.0.3+/.claude/package.json— minimal manifest declaring"yaml": "^2.0.0". Lands at~/.pai/package.json(under the deferred installer wiring);bun installthen materializes~/.pai/node_modules/which Bun's parent-directory module resolution finds from~/.pai/hooks/SecurityValidator.hook.ts.Tools/verify-security-validator.sh— behaviour-test harness. Verifies prerequisites and exercises four hook scenarios (block, zero-access, allow, confirm). Payloads are routed via tmpfile stdin so the script's own command line never contains a blocked-pattern substring (otherwise the hook trips on the wrapper invocation itself).Not changed
SecurityValidator.hook.ts(already carries the lazy-import fix from SecurityValidator hook fires PreToolUse:Read error: missing 'yaml' package in ~/.pai/ #156; this PR is purely packaging).Test plan
bash Tools/verify-security-validator.shafter install — expectPASS=8 FAIL=0exit 0.~/.pai/PAI/PAISECURITYSYSTEM/patterns.example.yamlis present.~/.pai/package.jsonis present and~/.pai/node_modules/yaml/exists.Follow-up
A separate issue will track the installer wiring (idempotent step that copies
~/.claude/package.json→~/.pai/package.json, runsbun installin~/.pai/, and materializes~/.claude/PAI/PAISECURITYSYSTEM/→~/.pai/PAI/PAISECURITYSYSTEM/).