Skip to content

Epic B: Harden + fix — P0/P1/P2 pre-release security and stability #43

Description

@espetro

Summary

Post–Epic A hardening pass: path-traversal fixes at install, symlink safety, integrity verification, continueWith iteration cap, missing tests, SSRF-redirect fix.

Plan: .agents/plans/2026-06-26-epic-a-architecture-epic-b-harden.md
Depends on: #42 (Epic A)

P0 — Release-blocking

  • B2a: sanitizeName() at install — reject non-kebab/..// (store.ts:471,475,537)
  • B2b: sanitizeJoin() for nativeCopies.from/to (cli/build.ts:120-124)
  • B3: Changeset + bump all pkgs to 0.4.0 + write ## v0.4.0 CHANGELOG entry

P1

  • B5: lstatSync guard — only unlinkSync symlinks, never rmSync(recursive) on real dirs
  • B6: sanitizeName() on SKILL.md name: frontmatter before symlinking
  • B7: Wire capabilities:['subprocess'] gate (currently inert) — feed real handler source in build/add
  • B8: Factor unlinkAll() for idempotent installPlugin
  • B9: Collect symlink errors, warn summary, exit 1
  • B10: Iteration cap in emitted continueWith stop block; fix continueWithSafetyRule lint path
  • B11: pimono adapter tests (command-handler, nativeEntry, continueWith, path-traversal)

P2

  • B16: Re-validate each redirect hop in safe-fetch vs allow-list + private-IP
  • B17: Call verifyIntegrity() on install when manifest declares integrity
  • B18: Run script-policy + integrity on add/import --write
  • B20: Validate GitHub URL before cloneRepo interpolation
  • B21: Mark sidecar experimental in schema/docs
  • B22: Test gaps (linkPluginSkills, multi-artifact, continueWithSafetyRule)

Trust model

Community plugin add installs attacker-controlled manifests. All path-traversal/injection = arbitrary delete/write/RCE. P0 items are release-blocking.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingeffort-l

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions