v0.10.0: security + cost + compliance features, availability hardening#11
Closed
codehippie1 wants to merge 3 commits into
Closed
v0.10.0: security + cost + compliance features, availability hardening#11codehippie1 wants to merge 3 commits into
codehippie1 wants to merge 3 commits into
Conversation
…ening Security: `burnwall scan` + GitHub Action for agent config files; agent skills for Claude Code/Codex; decode-then-scan + invisible-text scrubbing; canary trap; upload egress + credential-misdirection checks; per-project MCP allowlist; paranoid mode (opt-in fail-closed); image/link exfil warning; billing-flip and slow-drip monitors. Cost: per-repo/per-client CSV export; `burnwall wire-check`; cache-dead-zone warning; hourly spend brake; cheaper-model fallback; tool-output trim. Compliance: SPDX 3.0 AI-profile AIBOM + framework-labelled evidence packs; control crosswalk on blocks. Integration: [upstreams] gateway chaining ahead of OpenAI/Anthropic-compatible gateways. Resilience: graceful drain on stop/upgrade; `burnwall recover` + `burnwall guard`; abnormal-exit (antivirus-quarantine) detection at start; panics routed to the log; status-line block-count fix; Windows Defender/SmartScreen false-positive docs. Fixes: data checks scoped to tool-call args so credential-shaped strings in resent history (including a /compact summary), editor-written test fixtures, search queries, and a tool's metadata fields no longer 403 — locked with full-proxy regression tests; a genuine in-flight credential exfil still blocks.
… doctor/explain/export, rule docs, per-watcher mcp drift - statusline/ribbon/plan: context gauge no longer snaps to ~100% off a stale plan window; shows the tool's own headroom (matches /usage) marked stale. - status/nudge: report blocks and warn-only alerts separately instead of counting an alert as a block. - cli: add `doctor` (+ redacted, self-scanned `--export`), `explain <id>`, and `export --format csv|json`. - docs: RULES.md rule reference (stable ids, mirrored by `explain`), TROUBLESHOOTING.md symptom->fix, diagnostic-first bug-report template. - mcp: per-watcher seen_descriptions (was a process-global) — fixes cross-instance/ephemeral-port leakage that flaked a test; enforcement unaffected. - security: rule catalog module powering the id->explanation mapping.
…security, history Unify the human-readable output behind one design language: a "Burnwall · <command>" header, bordered stat tiles (value + sub/bar) drawn by new term.rs helpers, consistent green/yellow/red semantics, and aligned section tables. The VS Code panel gets the matching theme-aware, script-free card layout. - term.rs: Card / render_cards / fill_bar / gauge_hue, with width-alignment tests - status: Spend/Budget/Cache/Blocked tiles; notional-plan + block/alert honesty preserved - doctor: protection-verdict banner + Proxy/Routing/Security/Pricing tiles - waste: Avoidable/Per-day/Findings tiles + severity-coloured findings - security: Blocked/Alerts/Canaries tiles; friendly labels for advisory alert types - history: window tiles + per-day table + budget-pace burndown bar - vscode panel_view: native stat cards via --vscode-* theme vars (no scripts)
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A large release across security, cost, compliance, integration, and availability. Full suite +
clippy -D warnings+fmtgreen; key paths live-verified against the running daemon.Security
burnwall scan+ a GitHub Action: scan agent config files (CLAUDE.md,.cursorrules,.mcp.json,.claude/) for committed credentials and invisible-Unicode instruction smuggling, with SARIF output.burnwall skills install: install a guide so Claude Code and Codex can read state and explain blocks without weakening protection themselves.Cost
burnwall wire-check; cache-dead-zone warning; hourly spend brake; cheaper-model fallback; tool-output trim (opt-in).Compliance
Integration
[upstreams]config +--upstream-*flags to chain Burnwall ahead of an OpenAI- or Anthropic-compatible gateway.Availability / resilience
burnwall recoverandburnwall guardso a crashed or quarantined proxy can't strand routed shells.Diagnostics & docs (finalize)
burnwall doctor— a one-glance health check that names the fix, with a redacted, self-scanneddoctor --exportbundle to attach to bug reports.burnwall explain <id>— plain-language reason for any block: rule, masked preview of what matched, why that class blocks, how to proceed.burnwall export --format csv|json— a portable copy of your local metadata.docs/RULES.md(stable rule ids, mirrored byexplain),docs/TROUBLESHOOTING.md(symptom→fix), and a diagnostic-first bug-report template./usagereports), marked stale.status+ nudges report blocks and warn-only alerts separately instead of counting an alert as a block.Fixes
/compactsummary), an editor tool writing a key into a local test fixture, a search query mentioning a sensitive path, and a tool's metadata fields no longer 403 — each locked with a full-proxy regression test; a genuine in-flight credential exfil still blocks.