clawdforge

Author SHA1 Message Date

Author	SHA1	Message	Date
Kayos	cb1d8c2c54	clients/bash: v0.2 multi-turn session subcommands - cf session new / turn / close / list / get - --json flag mirrors v0.1 convention - close is idempotent (exit 0 on already-closed) - Bearer hygiene preserved (regression guard test) - tests/test_session.sh: ~18 tests, 44 assertions - README "Sessions (v0.2)" section v0.1 subcommands unchanged. Spec: memory/spec-clawdforge-v0.2.md Server core: `940861f`	2026-04-29 07:00:40 -07:00
Kayos	7ba7058cd5	clients/bash: apply audit findings — security hardening + correctness fixes (`347fdde` → new) Security: - S1: bearer via tmpfile/--config, not cmdline arg (no /proc/<pid>/cmdline leak) - S2/S3: JSON-escape user input in --files, --ip-cidrs, token name - S4: URL-encode token name in revoke - S5: refuse to source cf.env unless 0600/0400 + owner-matched - S6: reject ; in upload paths to defeat curl @ filename injection Correctness: - B1: refuse cf run - on TTY stdin - B2: replace fragile files splice with proper JSON-array composer (raw: passthrough in _json_obj_from_assoc) - B3: disable glob on comma-split (set -f around loop) - B4: only create stdin tmpfile when actually used - B5: EXIT trap (was RETURN; missed _die exit) - B6/B7: --max-time + stderr capture on uploads - B8: drop bare Bearer header on healthz when no token - B9: validate admin subcommand before token - B10: wire _extract_error into HTTP-error path - U3: dedicated '# --- end help ---' sentinel for cmd_help New: clients/bash/test/test_cf.sh (curl wrapper mock + 23 assertions covering all of the above; fully shellcheck-clean). Audit: memory/clawdforge-audits/bash-347fdde.md	2026-04-28 23:09:06 -07:00

Kayos

cb1d8c2c54

clients/bash: v0.2 multi-turn session subcommands

- cf session new / turn / close / list / get
- --json flag mirrors v0.1 convention
- close is idempotent (exit 0 on already-closed)
- Bearer hygiene preserved (regression guard test)
- tests/test_session.sh: ~18 tests, 44 assertions
- README "Sessions (v0.2)" section

v0.1 subcommands unchanged.

Spec: memory/spec-clawdforge-v0.2.md
Server core: 940861f

2026-04-29 07:00:40 -07:00

Kayos

7ba7058cd5

clients/bash: apply audit findings — security hardening + correctness fixes (347fdde → new)

Security:
- S1: bearer via tmpfile/--config, not cmdline arg (no /proc/<pid>/cmdline leak)
- S2/S3: JSON-escape user input in --files, --ip-cidrs, token name
- S4: URL-encode token name in revoke
- S5: refuse to source cf.env unless 0600/0400 + owner-matched
- S6: reject ; in upload paths to defeat curl @ filename injection

Correctness:
- B1: refuse cf run - on TTY stdin
- B2: replace fragile files splice with proper JSON-array composer (raw: passthrough in _json_obj_from_assoc)
- B3: disable glob on comma-split (set -f around loop)
- B4: only create stdin tmpfile when actually used
- B5: EXIT trap (was RETURN; missed _die exit)
- B6/B7: --max-time + stderr capture on uploads
- B8: drop bare Bearer header on healthz when no token
- B9: validate admin subcommand before token
- B10: wire _extract_error into HTTP-error path
- U3: dedicated '# --- end help ---' sentinel for cmd_help

New: clients/bash/test/test_cf.sh (curl wrapper mock + 23 assertions covering
all of the above; fully shellcheck-clean).

Audit: memory/clawdforge-audits/bash-347fdde.md

2026-04-28 23:09:06 -07:00

2 commits