pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

W15: workflow improvements — EXPRESS fast-path, audit→fix closed loop, metadata self-check (W15.1-W15.3)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
- W15.1 (杨帆): Add EXPRESS fast-path to §11 state machine (T17/T18, E1-E6 conditions, escalation safety valve)
- W15.2 (王测): Add §14 audit→fix closed loop — findings-registry.md, severity-driven auto-triage, CRITICAL blocking rule
- W15.3 (胡桐): Create scripts/check_agents_metadata.py (5-check: YAML parse, rating range, group/member refs, duplicate IDs)
- Fix YAML orphan bugs in 3 profiles: devops-hu, engineer-sun, security-cao (perf_log entries outside array)
- Pre-fill findings-registry.md with 10 historical findings from W11.1/W11.7 audits

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 18:19:37 +08:00
parent 102cd3e141
commit 0e41c8c6f6
8 changed files with 629 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
agents/security-cao/profile.md
View File

@@ -50,18 +50,18 @@ performance_log:
命令注入: 未发现。路径遍历: tools 确认。
评级 session:D+ / tools:D。
报告: agents/audits/W13.5-session-tools-audit.md
- date: 2026-05-27
event: "W14.3: 修复 W13.5 审计发现 — 路径遍历 + 全局状态加锁 + 9 vtable try/catch"
rating: done
detail: |
修改 session_plugin.cpp (294行) + tools_plugin.cpp (292行)。
(1) is_safe_path() 拒绝空路径、绝对路径(/或盘符)、含..段lexically_normal二次校验
builtin_file_read(L50) 和 builtin_file_write(L85) 入口调用不安全→log ERROR + 返回错误JSON。
(2) 加锁: session g_history/g_cached_history→g_session_mutex; tools g_tools→g_tools_mutex;
g_host/g_file_io→std::atomic<T*> load(acquire)/store(release)。
(3) 9 vtable try/catch 覆盖: session_add/save/load/history (session) +
tools_register_tool/unregister_tool/get_tools_json/execute/on_init (tools)。
编译: cmake --build build --config Release → 0 error 0 warning。
ctest -C Release → 4/4 pass。
- date: 2026-05-27
event: "W14.3: 修复 W13.5 审计发现 — 路径遍历 + 全局状态加锁 + 9 vtable try/catch"
rating: done
detail: |
修改 session_plugin.cpp (294行) + tools_plugin.cpp (292行)。
(1) is_safe_path() 拒绝空路径、绝对路径(/或盘符)、含..段lexically_normal二次校验
builtin_file_read(L50) 和 builtin_file_write(L85) 入口调用不安全→log ERROR + 返回错误JSON。
(2) 加锁: session g_history/g_cached_history→g_session_mutex; tools g_tools→g_tools_mutex;
g_host/g_file_io→std::atomic<T*> load(acquire)/store(release)。
(3) 9 vtable try/catch 覆盖: session_add/save/load/history (session) +
tools_register_tool/unregister_tool/get_tools_json/execute/on_init (tools)。
编译: cmake --build build --config Release → 0 error 0 warning。
ctest -C Release → 4/4 pass。
current_groups: []
---