portal/docs at b632bcbae65c4c70f0765b2c905d94aa4aca38fe - portal - Gitea: Git with a cup of tea

liderra/portal

Files

T

History

Дмитрий b632bcbae6 spec(router-gate): v3 closes 10 holes from v2 adversarial audit

V2 audit found 10 new bypasses:
- Fatal: subagent inheritance via text-prefix (no enforcement)
- Critical: hook race conditions / DoS timeout / Bash script execution
- Serious: path-deny symlinks/case / AskUser fatigue / silence off-topic
- Edge cases: parallel subagents / coverage-verify interaction / sub-shells

V3 closes all 10:
- 3.2 rewritten: env-based subagent inheritance (env vars + inheritance file),
  gate-on-subagent reads parent state via CLAUDE_GATE_INHERIT env
- 3.4 new: subagent constraints (no AskUser, no recursive Task, max 3 parallel)
- 3.5 new: atomic writes (tmp+rename) + proper-lockfile for race-free state
- 3.6 new: gate budget 2s + state cache TTL 5s + lazy transcript parsing
- 3.1 extended: path normalization (resolve + realpath + case-fold + env)
- 4.5 extended: max 2 AskUserQuestion per turn (fatigue exploit closed)
- 4.7 extended: off-topic at silence uses task_classification
- 5.1 extended: file-watcher for script execution + broad sweep sub-shell
  blacklist (backticks, command sub, process sub, heredocs)
- 5.2 new: static content scan for node/python/vitest scripts before exec
- 7.1 new: coverage-hint coordination layer between gate and coverage-verify

Implementation cost: 8.5-12h (v2) to 13.5-20h (v3). +5-8h for architectural
fixes (env-inheritance, atomic writes, static scan) + infrastructure
(gate budget, path norm, askuser counter, coverage-hint).

V2 baseline preserved as commit b510a758. V1 as 7a43c175.

cspell-words.txt += shutil / rmtree.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-29 06:30:07 +03:00

..

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

@

2026-05-17 15:19:19 +03:00

docs(arch): code-derived C4 component-layer diagram from deptrac (gap 4)

2026-05-17 11:15:34 +03:00

archive/llm-bootstrap-2026-05

chore(brain): phase-1 flags + rollback re-verify — Phase 1 closed (task 7)

2026-05-25 14:28:24 +03:00

docs(audit): RLS dev↔prod gap discovery — Phase A of hole #7

2026-05-23 10:03:14 +03:00

docs(adr): ADR-013 backend-tooling boundaries (BT1-BT9) + NightOwl deferred spike

2026-05-21 04:21:26 +03:00

chore: working tree cleanup pre-llm-first-router merge

2026-05-25 14:23:11 +03:00

docs(supplier): R-SAVE multi-flag mapping finding (Plan 3 T1 read-only verified)

2026-05-20 12:10:21 +03:00

chore(security): mask supplier phone-junk in ПИЛОТ.md + accept history FPs + fix ADR link

2026-05-23 09:47:18 +03:00

feat(a11): bootstrap docs/ml — README + promptfoo example + ADR-007

2026-05-17 17:17:20 +03:00

spec(router-gate): v3 closes 10 holes from v2 adversarial audit

2026-05-29 06:30:07 +03:00

feat(c10): bootstrap docs/process — README + worked example + ADR-008

2026-05-18 04:33:52 +03:00

feat(c9): bootstrap docs/projects + CCPM store + ADR-004

2026-05-17 09:10:44 +03:00

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

chore: working tree cleanup pre-llm-first-router merge

2026-05-25 14:23:11 +03:00

docs(supplier): closure — project channel failover epic (12 tasks)

2026-05-19 13:12:30 +03:00

spec(router-gate): v3 closes 10 holes from v2 adversarial audit

2026-05-29 06:30:07 +03:00

feat(viz): hooks-skills-plugins-map.html — карта работы Claude Code

2026-05-10 23:33:52 +03:00

Analiz_originala_v8_3.md

rebrand(v8.5→Лидерра): дизайн-handoff Платона v8 Forest + Лидпоток→Лидерра

2026-05-08 07:11:58 +03:00

audit_2026-05-09.md

docs(audit): сводный отчёт аудита проекта на 2026-05-09 — P-дефекты + O-возможности

2026-05-09 17:40:25 +03:00

audit-baseline-pa11y.md

docs(a11y): authenticated rescan baseline + findings (21/21 passing)

2026-05-14 10:08:08 +03:00

automation-graph-data.js

feat(map): C1 marketing nodes #74-83 + L16 (browser-smoke 0 errors)

2026-05-22 17:59:46 +03:00

automation-graph.html

docs(map): NODE_META + NODE_DETAILS passports for 10 C1 nodes #74-83

2026-05-22 18:19:10 +03:00

CHANGELOG_claude_md.md

docs(sync): Phase 4 cross-refs sync + CHANGELOG_claude_md.md +v2.0 entry — ruflo big-bang Day 4

2026-05-15 11:22:14 +03:00

CRM_bp-gr_Инструкция_v8_5.md

phase1(webhook): Deal/WebhookDedupKey + ProcessWebhookJob (advisory lock) — CTO-17 addendum

2026-05-08 15:24:55 +03:00

Oferta_i_Politika_v8_2.md

rebrand(v8.5→Лидерра): дизайн-handoff Платона v8 Forest + Лидпоток→Лидерра

2026-05-08 07:11:58 +03:00

Plugin_stack_rules_v1.md

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

Pravila_raboty_Claude_v1_1.md

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

README_АРХИВ_v8_5.md

docs(rules): третий аудит нормативки — закрытие 13 находок (CLAUDE.md v1.86 + PSR_v1 v1.7 + Tooling v1.15)

2026-05-10 06:32:17 +03:00

router-procedure.md

docs(routing): C1 marketing nodes + L16 marketing chain

2026-05-22 17:59:45 +03:00

routing-off-phase.md

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

Runbook_ekspluatatsii_v8_2.md

rebrand(v8.5→Лидерра): дизайн-handoff Платона v8 Forest + Лидпоток→Лидерра

2026-05-08 07:11:58 +03:00

smoke-2026-05-15-graph-highlighting-scenario2.png

docs(graph): iter3 closure — spec + plan + smoke evidence + cspell terms

2026-05-15 07:04:57 +03:00

smoke-2026-05-15-graph-highlighting-scenario9.png

docs(graph): iter3 closure — spec + plan + smoke evidence + cspell terms

2026-05-15 07:04:57 +03:00

Tooling_v8_3.md

feat(graphify): ADR-017 + ops-wiring — #86 graphifyy formalized + safe auto-update

2026-05-28 04:50:10 +03:00

Uvedomlenie_RKN_v8_2.md

rebrand(v8.5→Лидерра): дизайн-handoff Платона v8 Forest + Лидпоток→Лидерра

2026-05-08 07:11:58 +03:00

Vybor_oblaka_v8_3.md

phase1(hygiene): narrative ↔ Laravel 13 — закрытие техдолга v1.17

2026-05-08 10:35:31 +03:00

Workflow_pd_subject_requests_v8_2.md

docs(archive): add Прил. Н + CLAUDE.md, sync archive to v8.3.3

2026-05-06 04:45:22 +07:00

Админка_SaaS_v8_2.md

phase1(hygiene): narrative ↔ Laravel 13 — закрытие техдолга v1.17

2026-05-08 10:35:31 +03:00

Аудит_partii_12_15_originala_v8_3.md

rebrand(v8.5→Лидерра): дизайн-handoff Платона v8 Forest + Лидпоток→Лидерра

2026-05-08 07:11:58 +03:00

Как_перенести_данные_из_crm-bp-gr.md

feat(import): маршрут /import + сайдбар + инструкция H9

2026-05-16 20:14:04 +03:00

Объединённый_конспект.md

fix(typo): laravel/liderra → laravel/laravel в триггере фазы 1

2026-05-08 08:31:14 +03:00

Открытые_вопросы_v8_3.md

docs(security): server-hardening setup-док + SEC-1..7 статусы → факт деплоя

2026-05-22 11:11:47 +03:00

Приложение_Б_В_БД_диаграммы_v8_3.md

docs(hygiene v8.5): Часть IX конспекта + дельта v8.5 ER-диаграмм

2026-05-07 18:27:08 +03:00