audit(spec): 51 findings + 8 MUST critical fixes inline
Adversarial audit condensed router-gate spec через 3 parallel
Sonnet adversaries (9 attack zones). 51 finding total:
10 BYPASS-COMPLETE + 17 PARTIAL + 9 DOS + 15 INFO. Spec
заявление «hard wall полный» НЕ выдерживает.
8 MUST critical inline fixes applied:
- §5.1 Bash: <<< here-string, node REPL/stdin block,
< input redirect, tokenizer per-arg path-deny check
(closes CRITICAL-9/8/6 + PARTIAL-15)
- §3.1 path normalization: UNC \?\ prefix strip,
8.3 short names expand via GetLongPathName,
unresolved $VAR fail-CLOSE
(closes CRITICAL-3/4/5)
- §4 Поведение 1: source restriction — detector проверяет
только organic root user prompt, НЕ AskUser chosen_label
(closes CRITICAL-1 design flaw)
- §8 Implementation order matrix: Этап 2.3 branch-switch
rewrite MUST complete BEFORE Этап 3 enforce-mode
(closes CRITICAL-10 S8 migration regression)
- §1.4: gate-config.json protected с Этапа 1.4 ранее
(closes DOS D-1 tiny-budget patch attack window)
5 SHOULD-FIX + 5 DOS-MUST-ADDRESS deferred в writing-plans
(§9 «Audit findings deferred» documented для plan pickup).
Audit report saved at:
docs/superpowers/audits/2026-05-29-router-gate-condensed-
adversarial-audit.md
cspell-words.txt: +UNC, +EACCES (valid technical terms).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Дмитрий
71b07e52eb