Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
361 commits
Select commit Hold shift + click to select a range
b45f838
Clean up evidence-log state on end
gnanirahulnutakki Jun 8, 2026
384c0b9
test: cover shareable path redaction
gnanirahulnutakki Jun 9, 2026
21f36cf
fix: harden redaction and daemon session ownership
gnanirahulnutakki Jun 10, 2026
1843a2b
fix: harden personal hub token comparison
gnanirahulnutakki Jun 11, 2026
f7ebc02
feat: add no-key provider adapter fixtures
gnanirahulnutakki Jun 11, 2026
64aa177
fix: harden daemon session status authorization
gnanirahulnutakki Jun 12, 2026
d4f4e26
docs: align adapter fixture public claims
gnanirahulnutakki Jun 12, 2026
ef4bcf4
fix: harden personal hub state writes
gnanirahulnutakki Jun 13, 2026
15940e8
fix: require cgroup id for daemon sessions
gnanirahulnutakki Jun 14, 2026
551afe3
feat: add Claude project-context fixture coverage
gnanirahulnutakki Jun 15, 2026
5f11d22
fix: harden personal hub atomic state writes
gnanirahulnutakki Jun 16, 2026
0bda5e5
test: avoid permissive open-mode helper
gnanirahulnutakki Jun 16, 2026
2b62032
fix: add Claude Code doctor remediation hints
gnanirahulnutakki Jun 16, 2026
b4c4aff
feat: guide empty Claude Code report output
gnanirahulnutakki Jun 16, 2026
8bb0c8b
docs: add host report next steps
gnanirahulnutakki Jun 16, 2026
0384b95
feat: add posture scan next steps
gnanirahulnutakki Jun 16, 2026
4a4b702
Improve doctor setup next steps
gnanirahulnutakki Jun 17, 2026
a28470c
feat(personal): add status next steps
gnanirahulnutakki Jun 17, 2026
9cd7634
Improve ardur run setup recovery guidance
gnanirahulnutakki Jun 17, 2026
af2862b
docs: use placeholder in Personal Hub status example
gnanirahulnutakki Jun 17, 2026
ce68bd3
docs: normalize bearer placeholder examples
gnanirahulnutakki Jun 17, 2026
974b05d
Improve claude-code protect missing-scope guidance
gnanirahulnutakki Jun 17, 2026
1ab3c76
docs: align Claude Code get-started protect snippet
gnanirahulnutakki Jun 17, 2026
89fcfd9
docs: add host source semantic vector fixtures
gnanirahulnutakki Jun 17, 2026
0fc059b
fix: add desktop observe hub recovery hints
gnanirahulnutakki Jun 17, 2026
9f24ab7
Improve personal native host recovery guidance
gnanirahulnutakki Jun 17, 2026
b161140
docs: document native host recovery hints
gnanirahulnutakki Jun 17, 2026
94b46c6
fix: add kill-switch recovery hints
gnanirahulnutakki Jun 18, 2026
8eaff67
fix: add profile init recovery hints
gnanirahulnutakki Jun 18, 2026
7b6a80d
docs: document profile init recovery guidance
gnanirahulnutakki Jun 18, 2026
dcbe219
fix: narrow cleanup exception handling
gnanirahulnutakki Jun 18, 2026
d20beb8
feat: add uninstall dry-run preview
gnanirahulnutakki Jun 18, 2026
c80425b
docs: document desktop-observe recovery hints
gnanirahulnutakki Jun 18, 2026
0777c43
fix: add verify and attest failure JSON
gnanirahulnutakki Jun 18, 2026
73b08e8
feat(cli): add uninstall dry-run safety guidance
gnanirahulnutakki Jun 18, 2026
fe1c2fd
fix: add claude plugin recovery hints
gnanirahulnutakki Jun 18, 2026
022eb15
fix(cli): add posture report input recovery guidance
gnanirahulnutakki Jun 19, 2026
07ea580
docs: align posture input error guidance
gnanirahulnutakki Jun 19, 2026
66d51fe
fix: clarify Codex app-server report next steps
gnanirahulnutakki Jun 19, 2026
66184b5
docs: align Codex app-server report next steps
gnanirahulnutakki Jun 19, 2026
28d4f1e
fix: add codex app-server event input recovery
gnanirahulnutakki Jun 19, 2026
fa27727
fix: add Gemini CLI hook input recovery
gnanirahulnutakki Jun 19, 2026
3e0754c
docs: document Gemini hook input recovery
gnanirahulnutakki Jun 19, 2026
4f3f107
Add Claude hook input-error recovery next steps
gnanirahulnutakki Jun 19, 2026
6548aff
Harden shareable path redaction
gnanirahulnutakki Jun 19, 2026
9a96452
Fix RWT origin preflight prefix handling
gnanirahulnutakki Jun 19, 2026
9338d9a
docs: align RWT expected-origin prefix guidance
gnanirahulnutakki Jun 19, 2026
4456f17
fix: add ardur run missing-command next steps
gnanirahulnutakki Jun 19, 2026
a1497cc
fix: redact ardur doctor setup paths
gnanirahulnutakki Jun 19, 2026
4c5bae8
fix: redact claude report empty paths
gnanirahulnutakki Jun 20, 2026
43a394f
fix: keep redaction placeholder suffixes private
gnanirahulnutakki Jun 20, 2026
942a2ce
fix: add personal-native-host once-json recovery
gnanirahulnutakki Jun 20, 2026
cc62a85
fix: add native-host framed input recovery
gnanirahulnutakki Jun 20, 2026
0a902ac
fix: structure protect policy input errors
gnanirahulnutakki Jun 20, 2026
3eff7ec
fix: restrict kill switch TLS bypass to loopback
gnanirahulnutakki Jun 20, 2026
a8f2b81
chore: clean CodeQL source note warnings
gnanirahulnutakki Jun 20, 2026
437f517
chore: clean CodeQL test script notes
gnanirahulnutakki Jun 20, 2026
606070b
chore: clean remaining CodeQL test imports
gnanirahulnutakki Jun 20, 2026
0da346a
refactor: reduce policy backend import cycles
gnanirahulnutakki Jun 20, 2026
8c14e1c
fix: reduce Claude hook daemon import cycle
gnanirahulnutakki Jun 20, 2026
efdcec2
Fix Claude daemon CodeQL unused imports
gnanirahulnutakki Jun 21, 2026
87649b4
Validate personal native manifest extension ids
gnanirahulnutakki Jun 21, 2026
306ac8f
Validate personal native manifest host paths
gnanirahulnutakki Jun 21, 2026
7b5413c
fix(personal): structure unsupported native-host message guidance
gnanirahulnutakki Jun 21, 2026
af07ed2
fix: harden native host framing and secret scan
gnanirahulnutakki Jun 21, 2026
c0e7f30
fix(personal): handle invalid native host hub URLs
gnanirahulnutakki Jun 21, 2026
849605a
fix(personal): validate native host hub URLs
gnanirahulnutakki Jun 21, 2026
31261a5
docs(personal): align native host Hub URL recovery
gnanirahulnutakki Jun 21, 2026
f55f301
fix: add invalid Hub URL recovery guidance
gnanirahulnutakki Jun 21, 2026
af09026
fix: add desktop-observe invalid Hub URL guidance
gnanirahulnutakki Jun 21, 2026
476e42a
fix: add kill-switch invalid proxy URL guidance
gnanirahulnutakki Jun 22, 2026
89485c2
docs: add OpenAI Agents SDK source vector
gnanirahulnutakki Jun 22, 2026
b711df9
chore: pin checkout action to v7
gnanirahulnutakki Jun 22, 2026
cf1340c
fix: sync workflow source mirrors
gnanirahulnutakki Jun 22, 2026
69995e4
docs: align protect policy input docs
gnanirahulnutakki Jun 22, 2026
a9536ce
fix: handle profile init path write failures
gnanirahulnutakki Jun 22, 2026
71d91ed
fix: harden personal hub and ringbuf cleanup
gnanirahulnutakki Jun 22, 2026
79ccc7d
docs: document profile init path recovery
gnanirahulnutakki Jun 22, 2026
f1bc89c
fix: handle missing Claude profile paths
gnanirahulnutakki Jun 22, 2026
a08b874
ci: add pytest timeout diagnostics
gnanirahulnutakki Jun 22, 2026
181174f
fix: validate issue budget inputs
gnanirahulnutakki Jun 23, 2026
5106812
docs: document issue budget recovery guidance
gnanirahulnutakki Jun 23, 2026
979f722
fix: structure issue budget type errors
gnanirahulnutakki Jun 23, 2026
5cd2c13
docs: add Codex 0.142 and Claude source vectors
gnanirahulnutakki Jun 23, 2026
d9ef919
ci: avoid model-name scan in source vector id
gnanirahulnutakki Jun 23, 2026
20724ba
fix: stream receipt log readers
gnanirahulnutakki Jun 23, 2026
502c629
ci: update upload-artifact runtime pin
gnanirahulnutakki Jun 23, 2026
7990f50
docs: sync Hugo source mirror for upload-artifact pin
gnanirahulnutakki Jun 23, 2026
fae2e06
test: cover protect policy input file recovery
gnanirahulnutakki Jun 23, 2026
288a21b
fix: fail closed on invalid Cedar protect policy
gnanirahulnutakki Jun 23, 2026
1f07882
fix: validate Cedar entities input for protect setup
gnanirahulnutakki Jun 24, 2026
2fe3a57
fix(cli): validate fixture project-dir paths
gnanirahulnutakki Jun 24, 2026
7800fea
Validate issue TTL failures
gnanirahulnutakki Jun 24, 2026
c01eb00
fix: preserve Claude hook policy decisions
gnanirahulnutakki Jun 24, 2026
a61952a
docs: align issue ttl validation reference
gnanirahulnutakki Jun 24, 2026
84a5858
docs: add host adoption source vectors
gnanirahulnutakki Jun 24, 2026
702290c
Add ToolHive 0.31 source vector
gnanirahulnutakki Jun 24, 2026
0ae6d62
fix(cli): handle start mission file errors
gnanirahulnutakki Jun 25, 2026
34a8868
docs: document start mission-file failures
gnanirahulnutakki Jun 25, 2026
66f4921
docs: add Claude Code source vector v2191
gnanirahulnutakki Jun 25, 2026
b3fef39
fix: reject invalid hub content lengths
gnanirahulnutakki Jun 25, 2026
c876b92
Add Codex 0.142.2 source vector
gnanirahulnutakki Jun 25, 2026
81c87d6
fix(cli): sanitize doctor claude-code diagnostics
gnanirahulnutakki Jun 25, 2026
74a70a3
fix: correct hook p95 latency claim to per-platform reality (#51)
gnanirahulnutakki Jun 25, 2026
a699fb2
ci(go): add govulncheck CVE gate (A7) (#54)
gnanirahulnutakki Jun 25, 2026
f0ad540
feat(mission): lower effect/flow/lineage bounds to Biscuit (#43) (#56)
gnanirahulnutakki Jun 25, 2026
780c11c
fix: sanitize Claude plugin validation diagnostics
gnanirahulnutakki Jun 25, 2026
51133b4
ci: align Go CVE scan toolchain
gnanirahulnutakki Jun 25, 2026
e26245b
Fail closed on invalid Claude Code plugin content
gnanirahulnutakki Jun 25, 2026
989153b
docs: align protect plugin validation guidance
gnanirahulnutakki Jun 26, 2026
2d2173c
ci: remediate Go CVE scan dependency
gnanirahulnutakki Jun 26, 2026
1fa9d10
docs: add Gemini CLI source vector
gnanirahulnutakki Jun 26, 2026
34f2e60
docs: add Claude Action token-cleanup source vector
gnanirahulnutakki Jun 26, 2026
f63866e
fix: add missing passport recovery next steps
gnanirahulnutakki Jun 26, 2026
027f30f
docs: document missing passport recovery
gnanirahulnutakki Jun 26, 2026
50b0753
docs: add action manifest policy source vectors
gnanirahulnutakki Jun 26, 2026
3a35246
fix: fail closed on invalid personal home path
gnanirahulnutakki Jun 27, 2026
c4730f6
docs: document Personal home file validation
gnanirahulnutakki Jun 27, 2026
372cb02
docs: add Claude WatchSource source vector
gnanirahulnutakki Jun 27, 2026
8863d1e
security: avoid logging sink for CLI JSON output
gnanirahulnutakki Jun 27, 2026
1572e66
security: document CLI JSON stdout sink
gnanirahulnutakki Jun 27, 2026
b6e97f3
security: isolate CLI home failure condition output
gnanirahulnutakki Jun 27, 2026
98eeebe
security: mark CLI stdout response as non-log sink
gnanirahulnutakki Jun 27, 2026
e1d5fb9
security: remove sensitive-name flow from CLI JSON helper
gnanirahulnutakki Jun 27, 2026
f53db7f
security: avoid sensitive marker in CLI home errors
gnanirahulnutakki Jun 27, 2026
1ec261b
security: use neutral path code for CLI setup errors
gnanirahulnutakki Jun 27, 2026
0b42fbe
security: keep CLI setup response helpers neutral
gnanirahulnutakki Jun 27, 2026
39e2038
fix(personal): fail closed on file home paths
gnanirahulnutakki Jun 27, 2026
fbcb4fb
fix(cli): fail closed for file keys-dir inputs
gnanirahulnutakki Jun 27, 2026
bd76158
fix(cli): fail closed on state-dir files
gnanirahulnutakki Jun 27, 2026
93fdbef
fix(cli): fail closed for directory log paths
gnanirahulnutakki Jun 27, 2026
4510189
fix(cli): validate start port range
gnanirahulnutakki Jun 28, 2026
4f65f77
docs(cli): document invalid start port recovery
gnanirahulnutakki Jun 28, 2026
de58100
docs: clarify hosted site freshness boundary
gnanirahulnutakki Jun 28, 2026
77c9739
fix(cli): fail closed on invalid start TLS material
gnanirahulnutakki Jun 28, 2026
fb55f66
docs(cli): document start TLS material validation
gnanirahulnutakki Jun 28, 2026
0c6c8cf
fix(kernelcapture): keep ringbuf polling responsive
gnanirahulnutakki Jun 28, 2026
121a63e
fix(cli): sanitize run failure support output
gnanirahulnutakki Jun 28, 2026
1f056f7
Fix receipt stderr CodeQL flow
gnanirahulnutakki Jun 28, 2026
6b91d9e
fix(cli): fail closed on invalid start host
gnanirahulnutakki Jun 28, 2026
b7fc526
docs: align start host TLS guidance
gnanirahulnutakki Jun 28, 2026
53f48c4
fix(cli): validate start mission before artifacts
gnanirahulnutakki Jun 28, 2026
8059e84
fix(cli): validate start write targets before artifacts
gnanirahulnutakki Jun 29, 2026
c4c52a4
fix(cli): reject dangling symlink start parents
gnanirahulnutakki Jun 29, 2026
6248149
Validate attest state and log parents before artifacts
gnanirahulnutakki Jun 29, 2026
a56c56f
docs: document attest state and log fail-closed behavior
gnanirahulnutakki Jun 29, 2026
ba2b34c
fix: harden resource scope traversal checks
gnanirahulnutakki Jun 29, 2026
cdb2bf1
fix: fail closed attest session validation
gnanirahulnutakki Jun 29, 2026
8cedeb1
fix: avoid daemon socket startup race
gnanirahulnutakki Jun 29, 2026
2cac539
fix: fail closed on corrupt attest sessions
gnanirahulnutakki Jun 29, 2026
dc7e319
docs: align attest session validation contract
gnanirahulnutakki Jun 29, 2026
4be5446
fix(cli): reject malformed verify tokens before keys
gnanirahulnutakki Jun 29, 2026
47c6e39
fix: keep verify read-only for invalid tokens
gnanirahulnutakki Jun 30, 2026
b443613
Handle corrupt public key verify failures
gnanirahulnutakki Jun 30, 2026
e473ec9
fix: recover verify public-key path errors
gnanirahulnutakki Jun 30, 2026
043f3d7
docs: add Claude ReportFindings source vector
gnanirahulnutakki Jun 30, 2026
bb7679a
Fix ReportFindings Hugo source mirror
gnanirahulnutakki Jun 30, 2026
a4de6cf
fix: harden proxy request parsing and path redaction
gnanirahulnutakki Jun 30, 2026
ec13d8d
fix(kernelcapture): harden evidence-log symlink prevalidation
gnanirahulnutakki Jun 30, 2026
1423e4d
Harden daemon peer process identity binding
gnanirahulnutakki Jun 30, 2026
87d609b
docs: align daemon peer process identity claims
gnanirahulnutakki Jun 30, 2026
b4a6d41
fix(cli): recover invalid hub bind inputs
gnanirahulnutakki Jul 1, 2026
9006cf7
docs: add Codex trace-redaction source vector
gnanirahulnutakki Jul 1, 2026
529728c
test: stabilize daemon socket readiness test
gnanirahulnutakki Jul 1, 2026
7b8f610
feat(daemon): ardur-kernelcaptured Slice 1 — always-on eBPF daemon (#82)
gnanirahulnutakki Jul 1, 2026
d52065a
feat(run): zero-setup governance bridge for launched agents (Epic A) …
gnanirahulnutakki Jul 1, 2026
e1c1d15
docs: align ardur run governance bridge reference
gnanirahulnutakki Jul 1, 2026
528cbae
feat(run): add missing-command next steps
gnanirahulnutakki Jul 1, 2026
17c8825
fix: clear security static-analysis findings
gnanirahulnutakki Jul 1, 2026
56a5eb7
Harden kernel receipt path prevalidation
gnanirahulnutakki Jul 1, 2026
fff92b2
feat(enforce): add Slice 4.0+4.1 BPF policy lowering foundation (#83)
gnanirahulnutakki Jul 1, 2026
09fded9
feat(trust): wire per-tier egress NetworkPolicy + live telemetry inge…
gnanirahulnutakki Jul 1, 2026
6d3525c
ci: make go-cve gate blocking (remove continue-on-error) (#84)
gnanirahulnutakki Jul 1, 2026
2d49e48
deps(python)(deps-dev): update spiffe requirement in /python (#36)
dependabot[bot] Jul 1, 2026
d0313bb
ci(deps): bump github/codeql-action from 4.36.0 to 4.36.2 (#29)
dependabot[bot] Jul 1, 2026
e8db771
ci(deps): bump actions/setup-python from 6.2.0 to 6.3.0 (#61)
dependabot[bot] Jul 1, 2026
13443f1
ci(deps): bump actions/cache from 5.0.5 to 6.1.0 (#62)
dependabot[bot] Jul 1, 2026
d31df33
deps(go)(deps): bump k8s.io/client-go from 0.36.0 to 0.36.2 in /go (#26)
dependabot[bot] Jul 1, 2026
ae3942a
deps(go)(deps): bump github.com/sigstore/sigstore-go in /go (#28)
dependabot[bot] Jul 1, 2026
40a5d8a
fix: restore CodeQL and Hugo CI hygiene
gnanirahulnutakki Jul 1, 2026
c8aeabb
docs: align testing guide with CodeQL pin authority
gnanirahulnutakki Jul 1, 2026
2d3704d
ci: remove stale CodeQL pin lineage comment
gnanirahulnutakki Jul 1, 2026
9690d60
fix: re-scope unicode confusable check, restore 22/22 Phase-2 conform…
gnanirahulnutakki Jul 1, 2026
535db33
feat(benchmark): AuditBench eval harness — B1 runnable baseline (#53)
gnanirahulnutakki Jul 1, 2026
a82d6ed
feat(daemon): Slice 2 — privileged installer, systemd service, sd_not…
gnanirahulnutakki Jul 1, 2026
f807835
docs: align daemon slice 2 claim boundary
gnanirahulnutakki Jul 2, 2026
c838874
Add Claude Code 2.1.198 source vector mirror
gnanirahulnutakki Jul 2, 2026
8e303fe
fix: validate setup host and port
gnanirahulnutakki Jul 2, 2026
734552c
docs: document setup host and port validation
gnanirahulnutakki Jul 2, 2026
d10bc5e
fix: prevent caching hub json responses
gnanirahulnutakki Jul 2, 2026
6b7db97
fix: prevent caching hub html responses
gnanirahulnutakki Jul 2, 2026
fdfde48
fix: prevent caching hub metrics response
gnanirahulnutakki Jul 2, 2026
0355bd0
fix(profile): reject directory init paths
gnanirahulnutakki Jul 2, 2026
07e9609
docs: align profile init recovery reference
gnanirahulnutakki Jul 2, 2026
27b0f8a
fix(benchcheck): gitignore bench-results and fix make clean's output …
gnanirahulnutakki Jul 2, 2026
4c59da1
feat(benchcheck): mark oracle arms machine-readable in results.json (…
gnanirahulnutakki Jul 2, 2026
93ab101
fix(kernelcapture): wire pinned eBPF restart path to the correct ring…
gnanirahulnutakki Jul 2, 2026
fe138a4
feat(enforce): sequence, hash-chain, and attest kernel enforce_events…
gnanirahulnutakki Jul 2, 2026
3a1d6b0
fix: classify unwritable profile parent paths
gnanirahulnutakki Jul 2, 2026
2db40fd
fix(enforcement): compile-fix Slice 4.2 BPF-LSM, add double-buffer + …
gnanirahulnutakki Jul 2, 2026
dd902e4
deps(go)(deps): bump golang.org/x/sys from 0.45.0 to 0.46.0 in /go (#24)
dependabot[bot] Jul 2, 2026
2624362
deps(go)(deps): bump github.com/cedar-policy/cedar-go in /go (#31)
dependabot[bot] Jul 2, 2026
86271ca
deps(python)(deps): update cryptography requirement in /python (#32)
dependabot[bot] Jul 2, 2026
4b9576b
feat(run): wire lowered BPF policy plans to the kernelcapture daemon …
gnanirahulnutakki Jul 2, 2026
4c54e7b
fix(run): default --max-tool-calls/--max-duration-s so ardur run does…
gnanirahulnutakki Jul 3, 2026
55f274a
fix(enforcement): restore file-path allowlist enforcement at the BPF-…
gnanirahulnutakki Jul 3, 2026
eb2a7a2
feat(enforce): seccomp user-notify enforcement tier (E4) (#103)
gnanirahulnutakki Jul 3, 2026
86f35d8
feat(sensor): Slice 2 remainder — macOS packaging, sensor lifecycle, …
gnanirahulnutakki Jul 3, 2026
91aefe9
docs(demo): ardur run --enforce BPF-LSM end-to-end demo + offline evi…
gnanirahulnutakki Jul 3, 2026
500bd5a
fix(profile): validate profile path for whitespace and traversal safety
gnanirahulnutakki Jul 3, 2026
eaa42a4
fix: remove dead code flagged by CodeQL static analysis
gnanirahulnutakki Jul 3, 2026
4d46f7d
docs: align profile-init CLI reference with whitespace/traversal vali…
gnanirahulnutakki Jul 3, 2026
c73c0b9
fix(profile): reject non-regular files as path_invalid before --force…
gnanirahulnutakki Jul 3, 2026
dd48bcc
docs(roadmap): Epic B — transparent auto-detection & auto-governance …
gnanirahulnutakki Jul 3, 2026
c1400ea
docs(research): Epic B policy selection for un-wrapped agents (#116)
gnanirahulnutakki Jul 3, 2026
9aa8dee
docs(research): Epic B cost + false-positive/negative budget (the Cro…
gnanirahulnutakki Jul 3, 2026
44d1fa6
docs(site): regenerate source-backed Hugo mirror for Epic B docs (#118)
gnanirahulnutakki Jul 3, 2026
cfddf89
fix(enforce): close enforcement-surface authz + stale-policy findings…
gnanirahulnutakki Jul 3, 2026
445b4c9
fix(ci): exclude bot-blocking domains from lychee link check
gnanirahulnutakki Jul 3, 2026
7f97b09
fix(ci): exclude bot-blocking domains from lychee link check
gnanirahulnutakki Jul 3, 2026
e351209
fix(ci): exclude all bot-blocking domains from lychee link check
gnanirahulnutakki Jul 3, 2026
0a1b9d4
docs(testing): align link-check excludes prose with actual workflow
gnanirahulnutakki Jul 4, 2026
4d98a01
fix(kill-switch): reject empty-string --proxy-url instead of silent d…
gnanirahulnutakki Jul 4, 2026
f53578d
fix(issue): reject empty/whitespace agent-id and mission before key g…
gnanirahulnutakki Jul 4, 2026
2ba8384
fix: remove unused TYPE_CHECKING import of MissionPassport
gnanirahulnutakki Jul 4, 2026
c5a55de
fix(protect): reject empty/whitespace --scope before key generation
gnanirahulnutakki Jul 4, 2026
7a27f17
docs(cli): document protect_scope_invalid recovery contract
gnanirahulnutakki Jul 4, 2026
5aaad1f
fix(cli): reject empty/whitespace path args before key/state creation
gnanirahulnutakki Jul 5, 2026
6964c8e
docs(cli): document path_arg_invalid recovery contract
gnanirahulnutakki Jul 5, 2026
bb87283
fix(passport): defer DEFAULT_HOME mkdir from import to first use
gnanirahulnutakki Jul 5, 2026
0b79a1a
Remove unused 'stat' import in test_default_home_lazy_import.py
gnanirahulnutakki Jul 5, 2026
05ec053
fix(cli): reject empty/whitespace setup --home before key/config/plis…
gnanirahulnutakki Jul 5, 2026
2b29c9c
docs(cli): document setup_home_invalid recovery contract
gnanirahulnutakki Jul 5, 2026
2010655
fix: reject empty/whitespace --agent-id/--mission on protect claude-code
gnanirahulnutakki Jul 5, 2026
eb3773e
docs: document protect_agent_id_invalid and protect_mission_invalid r…
gnanirahulnutakki Jul 5, 2026
603f256
fix(run): reject empty/whitespace --mission before key generation
gnanirahulnutakki Jul 6, 2026
cfae910
docs: document run_mission_invalid recovery contract in CLI reference
gnanirahulnutakki Jul 6, 2026
962e1df
fix(start): return start_mission_path_invalid for empty/whitespace --…
gnanirahulnutakki Jul 6, 2026
78a89c4
fix(protect): reject empty/whitespace --home before key/passport crea…
gnanirahulnutakki Jul 6, 2026
4ea2d16
fix(protect): reject empty/whitespace --keys-dir before key creation
gnanirahulnutakki Jul 6, 2026
11108bc
fix(run): validate --max-tool-calls/--max-duration-s before key gener…
gnanirahulnutakki Jul 7, 2026
f57eea9
docs(cli): document run budget validation in CLI reference
gnanirahulnutakki Jul 7, 2026
db4cd4c
fix: remove unused imports in test_run_bridge.py
gnanirahulnutakki Jul 7, 2026
ea3cb89
fix(start): reject empty/whitespace --api-token before key generation
gnanirahulnutakki Jul 7, 2026
01a02ec
docs(cli): document start --api-token flag and start_api_token_invali…
gnanirahulnutakki Jul 7, 2026
5de370e
fix(fixture): structured path validation for gemini-cli-fixture and c…
gnanirahulnutakki Jul 7, 2026
7d83477
fix(enforce): verify register_session cgroup ownership against realit…
gnanirahulnutakki Jul 7, 2026
0006d9b
fix(enforce): stop advertising bpf_lsm once detached; pin guard for r…
gnanirahulnutakki Jul 7, 2026
a16426d
fix(enforce): wire ardur run to actually invoke the seccomp shim (#10…
gnanirahulnutakki Jul 7, 2026
7f1e39a
docs(site): regenerate stale kernel-enforce.yml Hugo mirror
gnanirahulnutakki Jul 7, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
65 changes: 50 additions & 15 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -1,17 +1,52 @@
.git
__pycache__
*.pyc
*.pyo
.pytest_cache
.ruff_cache
.mypy_cache
site/
media/
reports/
tooling/
*.egg-info
.venv
# Dockerignore for Ardur builds

# Python
__pycache__/
*.py[cod]
*.egg-info/
.venv/
venv/
dist/
build/
*.egg

# Go
go/bin/
go/pkg/mod/

# Git
.git/
.gitignore
.gitattributes

# CI/CD
.github/

# IDE
.vscode/
.idea/
*.swp
*.swo

# Agent state (local-only)
.ardur/
.vibap/
.context/
.agents/
.ai-context/
.agent-context/
.codex/
.claude/
.local-skills/

# Tests
.pytest_cache/
.coverage
htmlcov/
python/tests/test-results/

# Misc
node_modules/
*.log
*.jsonl
*.jsonl.gz
.env
.env.*
11 changes: 5 additions & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
outputs:
languages: ${{ steps.detect.outputs.languages }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

- id: detect
name: Detect supported languages present in the tree
Expand Down Expand Up @@ -62,13 +62,12 @@ jobs:
matrix:
language: ${{ fromJSON(needs.detect-languages.outputs.languages) }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

# v3 is an annotated tag (tag-object 865f5f5c... → commit ce64ddcb...).
# Pin to the commit SHA per the same discipline as the other
# workflows; comment shows the human-readable version.
- name: Initialize CodeQL
uses: github/codeql-action/init@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3 (commit)
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 (commit)
with:
languages: ${{ matrix.language }}
# `security-and-quality` is the broadest pack — covers
Expand All @@ -79,9 +78,9 @@ jobs:
queries: security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3 (commit)
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 (commit)

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3 (commit)
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 (commit)
with:
category: "/language:${{ matrix.language }}"
5 changes: 4 additions & 1 deletion .github/workflows/hugo-site.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
HUGO_VERSION: 0.161.1
HUGO_PARAMS_SOURCEREF: ${{ github.sha }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

- name: Verify source-backed Hugo mirrors
run: |
Expand Down Expand Up @@ -71,6 +71,9 @@ jobs:
exit 1
fi

# Dev pushes validate and build the site only. The public hosted site is
# refreshed from main after reviewed release/main-promotion work, so the
# rendered source commit on github.io is the public freshness boundary.
- name: Upload Pages artifact
if: github.ref == 'refs/heads/main'
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
Expand Down
Loading
Loading