clawdforge

Author SHA1 Message Date

Author	SHA1	Message	Date
Kayos	cb1d8c2c54	clients/bash: v0.2 multi-turn session subcommands - cf session new / turn / close / list / get - --json flag mirrors v0.1 convention - close is idempotent (exit 0 on already-closed) - Bearer hygiene preserved (regression guard test) - tests/test_session.sh: ~18 tests, 44 assertions - README "Sessions (v0.2)" section v0.1 subcommands unchanged. Spec: memory/spec-clawdforge-v0.2.md Server core: `940861f`	2026-04-29 07:00:40 -07:00
Kayos	7ba7058cd5	clients/bash: apply audit findings — security hardening + correctness fixes (`347fdde` → new) Security: - S1: bearer via tmpfile/--config, not cmdline arg (no /proc/<pid>/cmdline leak) - S2/S3: JSON-escape user input in --files, --ip-cidrs, token name - S4: URL-encode token name in revoke - S5: refuse to source cf.env unless 0600/0400 + owner-matched - S6: reject ; in upload paths to defeat curl @ filename injection Correctness: - B1: refuse cf run - on TTY stdin - B2: replace fragile files splice with proper JSON-array composer (raw: passthrough in _json_obj_from_assoc) - B3: disable glob on comma-split (set -f around loop) - B4: only create stdin tmpfile when actually used - B5: EXIT trap (was RETURN; missed _die exit) - B6/B7: --max-time + stderr capture on uploads - B8: drop bare Bearer header on healthz when no token - B9: validate admin subcommand before token - B10: wire _extract_error into HTTP-error path - U3: dedicated '# --- end help ---' sentinel for cmd_help New: clients/bash/test/test_cf.sh (curl wrapper mock + 23 assertions covering all of the above; fully shellcheck-clean). Audit: memory/clawdforge-audits/bash-347fdde.md	2026-04-28 23:09:06 -07:00
Kayos	347fddea0f	clients/bash: cf — single-file bash CLI for clawdforge Tiny curl wrapper so cron jobs, deploy scripts, and shell pipes can drive clawdforge without dragging in Python or Go. Surface mirrors the server: cf healthz cf run "<prompt>" [--model] [--system] [--timeout] [--files t1,t2] cf run - # prompt via stdin (long prompts) cf upload <path> [--ttl 3600] cf admin token-mint <name> [--ip-cidrs cidr1,cidr2] cf admin token-list cf admin token-revoke <name> Configuration via env or ~/.config/clawdforge/cf.env: CLAWDFORGE_URL, CLAWDFORGE_TOKEN, CLAWDFORGE_ADMIN_TOKEN Output: JSON to stdout (pipe to jq freely), errors to stderr, exit codes 0/1/2/3/4/5 mapping clearly to transport/usage/auth/4xx/5xx. No deps beyond curl + POSIX tools. jq is optional (only used for prettier error output if available). Smoke-tested against live clawdforge on Lucy: healthz green, /run with small prompt returns parsed JSON in 2-7s, /run with stdin large prompts relies on clawdforge's server-side stdin path (>64KB), admin token-list returns the cauldron token row. Build/install: sudo install -m 755 clients/bash/cf /usr/local/bin/cf	2026-04-28 22:25:50 -07:00

Kayos

cb1d8c2c54

clients/bash: v0.2 multi-turn session subcommands

- cf session new / turn / close / list / get
- --json flag mirrors v0.1 convention
- close is idempotent (exit 0 on already-closed)
- Bearer hygiene preserved (regression guard test)
- tests/test_session.sh: ~18 tests, 44 assertions
- README "Sessions (v0.2)" section

v0.1 subcommands unchanged.

Spec: memory/spec-clawdforge-v0.2.md
Server core: 940861f

2026-04-29 07:00:40 -07:00

Kayos

7ba7058cd5

clients/bash: apply audit findings — security hardening + correctness fixes (347fdde → new)

Security:
- S1: bearer via tmpfile/--config, not cmdline arg (no /proc/<pid>/cmdline leak)
- S2/S3: JSON-escape user input in --files, --ip-cidrs, token name
- S4: URL-encode token name in revoke
- S5: refuse to source cf.env unless 0600/0400 + owner-matched
- S6: reject ; in upload paths to defeat curl @ filename injection

Correctness:
- B1: refuse cf run - on TTY stdin
- B2: replace fragile files splice with proper JSON-array composer (raw: passthrough in _json_obj_from_assoc)
- B3: disable glob on comma-split (set -f around loop)
- B4: only create stdin tmpfile when actually used
- B5: EXIT trap (was RETURN; missed _die exit)
- B6/B7: --max-time + stderr capture on uploads
- B8: drop bare Bearer header on healthz when no token
- B9: validate admin subcommand before token
- B10: wire _extract_error into HTTP-error path
- U3: dedicated '# --- end help ---' sentinel for cmd_help

New: clients/bash/test/test_cf.sh (curl wrapper mock + 23 assertions covering
all of the above; fully shellcheck-clean).

Audit: memory/clawdforge-audits/bash-347fdde.md

2026-04-28 23:09:06 -07:00

Kayos

347fddea0f

clients/bash: cf — single-file bash CLI for clawdforge

Tiny curl wrapper so cron jobs, deploy scripts, and shell pipes can drive
clawdforge without dragging in Python or Go.

Surface mirrors the server:
  cf healthz
  cf run "<prompt>"  [--model] [--system] [--timeout] [--files t1,t2]
  cf run -                                        # prompt via stdin (long prompts)
  cf upload <path>   [--ttl 3600]
  cf admin token-mint <name>   [--ip-cidrs cidr1,cidr2]
  cf admin token-list
  cf admin token-revoke <name>

Configuration via env or ~/.config/clawdforge/cf.env:
  CLAWDFORGE_URL, CLAWDFORGE_TOKEN, CLAWDFORGE_ADMIN_TOKEN

Output: JSON to stdout (pipe to jq freely), errors to stderr,
exit codes 0/1/2/3/4/5 mapping clearly to transport/usage/auth/4xx/5xx.

No deps beyond curl + POSIX tools. jq is optional (only used for prettier
error output if available).

Smoke-tested against live clawdforge on Lucy: healthz green, /run with
small prompt returns parsed JSON in 2-7s, /run with stdin large prompts
relies on clawdforge's server-side stdin path (>64KB), admin token-list
returns the cauldron token row.

Build/install:
  sudo install -m 755 clients/bash/cf /usr/local/bin/cf

2026-04-28 22:25:50 -07:00

3 commits