curo/Pyra - Pyra - Gitea: Git with a cup of tea

curo/Pyra

Fork 0

Commit Graph

Author	SHA1	Message	Date
curo1305	6e138bcec2	fix: remove self-defeating assert_safe_path from vault modules, clarify traversal test scope vault/reader.py, vault/writer.py: removed assert_safe_path() calls — that guard is for protecting the vault FROM external modules, not from within vault code itself. Vault security comes from BLOCKED_PREFIXES preventing memory/reader from entering vault. test_path_traversal.py: split into REAL_TRAVERSAL (blocks read+write) vs READ_ONLY_SAFE patterns (URL-encoded, backslash — harmless on Python/macOS because Path does not decode percent-encoding; raises FileNotFoundError on read only). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 12:59:59 +02:00
curo1305	251e509ee0	test: comprehensive test suite Unit tests: - test_security_boundaries.py: vault block, vault lock sentinel - test_security_injection.py: all 4 injection categories, case-insensitive - test_vault_rw.py: roundtrip, file permissions (chmod 400), no key in config - test_config.py: schema roundtrip, no api_key field, chmod 600 on config.yaml - test_memory_reader.py: list, read, sandboxing, context loading - test_memory_writer.py: write, append, index update, traversal blocked, chmod 600 - test_providers.py: required fields, unique IDs, litellm prefix format - test_renderer.py: key redaction for sk-ant-, sk-, AIza patterns Security tests: - test_vault_ai_isolation.py: 7 traversal patterns blocked via memory read/write - test_path_traversal.py: 20+ traversal patterns — all rejected for read and write - test_prompt_injection.py: 21-item corpus + 5 clean texts (no false positives) Integration tests: - test_lmstudio.py: live call to localhost:1234, streaming, full stack session, injection scan on real output (skips if LM Studio not running) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 12:55:06 +02:00

Author

SHA1

Message

Date

curo1305

6e138bcec2

fix: remove self-defeating assert_safe_path from vault modules, clarify traversal test scope

vault/reader.py, vault/writer.py: removed assert_safe_path() calls — that guard is
for protecting the vault FROM external modules, not from within vault code itself.
Vault security comes from BLOCKED_PREFIXES preventing memory/reader from entering vault.

test_path_traversal.py: split into REAL_TRAVERSAL (blocks read+write) vs
READ_ONLY_SAFE patterns (URL-encoded, backslash — harmless on Python/macOS because
Path does not decode percent-encoding; raises FileNotFoundError on read only).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-17 12:59:59 +02:00

curo1305

251e509ee0

test: comprehensive test suite

Unit tests:
- test_security_boundaries.py: vault block, vault lock sentinel
- test_security_injection.py: all 4 injection categories, case-insensitive
- test_vault_rw.py: roundtrip, file permissions (chmod 400), no key in config
- test_config.py: schema roundtrip, no api_key field, chmod 600 on config.yaml
- test_memory_reader.py: list, read, sandboxing, context loading
- test_memory_writer.py: write, append, index update, traversal blocked, chmod 600
- test_providers.py: required fields, unique IDs, litellm prefix format
- test_renderer.py: key redaction for sk-ant-, sk-, AIza patterns

Security tests:
- test_vault_ai_isolation.py: 7 traversal patterns blocked via memory read/write
- test_path_traversal.py: 20+ traversal patterns — all rejected for read and write
- test_prompt_injection.py: 21-item corpus + 5 clean texts (no false positives)

Integration tests:
- test_lmstudio.py: live call to localhost:1234, streaming, full stack session,
  injection scan on real output (skips if LM Studio not running)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-17 12:55:06 +02:00

2 Commits