zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-23 08:31:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff4a5656138d11023a96a6de1cf79f5b712bbd92
everything-claude-code/skills/continuous-learning-v2
T
History
Affaan Mustafa ff4a565613 fix(clv2): harden registry writes and project deletion (#2294, #2297) 
Two security-priority fixes in continuous-learning-v2/scripts/instinct-cli.py:

- #2294: _write_registry wrote projects.json without the advisory lock that
  _update_registry holds, so concurrent 'projects delete/gc/merge' could race an
  observe-time update and corrupt the registry. Extract the lock into a shared
  _registry_lock() context manager and use it in both writers.

- #2297: _remove_project_storage called shutil.rmtree on PROJECTS_DIR/project_id
  with no containment check. Add defense-in-depth: resolve the path and refuse to
  delete anything that is not strictly inside PROJECTS_DIR (or is the root
  itself), so a relaxed validator or future caller can never cause an
  arbitrary-directory delete.

Adds 5 pytest regression tests (atomic write under lock, contained delete,
missing-dir no-op, traversal refused, root refused). Node integration suite
(tests/scripts/instinct-cli-projects.test.js) green 9/9.
2026-06-21 21:49:33 -04:00
..
agents
fix(observer): auto-scale max_turns by analysis batch size (#2062)
2026-06-07 13:25:29 +08:00
hooks
fix(continuous-learning): eliminate _SECRET_RE catastrophic backtracking + orphaned-CPU hang (#2278)
2026-06-18 16:34:11 -04:00
scripts
fix(clv2): harden registry writes and project deletion (#2294, #2297)
2026-06-21 21:49:33 -04:00
config.json
feat: project-scoped instinct isolation
2026-03-01 12:07:13 -08:00
SKILL.md
fix(skills): move top-level origin frontmatter key under metadata
2026-06-11 21:12:21 +09:00