cloverleaf-larry

bryan/cloverleaf-larry

Fork 0

Commit Graph

Author	SHA1	Message	Date
bj	9a2ed47785	v0.9.2: fix F-1/F-2/F-3/F-5 — regression false-PASS, PHI leak, jump guard, MRN match F-1 (HIGH — blocks regression): hl7-diff --format count always returned 0 because the early-exit in END fired before the diff loop ran. Fix: remove the early exit; suppress per-diff printf in emit() for count mode; emit DIFF_COUNT after the loop. count/text/tsv all agree (13 diffs on fixture, 0 on identical pair, exit codes correct). Ref: lib/hl7-diff.sh. F-5 (MEDIUM — PHI leak): hl7-sanitize silently passed LF-delimited HL7 through as cleartext (awk RS="\r" never split on LF). Fix: detect CR absence via python3 binary read; normalise LF/CRLF→CR via `tr` before the awk pass. Both file and stdin paths handled. CR path is a zero-overhead passthrough. Before: 0 tokens, cleartext PHI. After: 6 tokens, all PID fields replaced with [[MRN_0001]] etc. Ref: lib/hl7-sanitize.sh. F-2 (MEDIUM): nc-make-jump emitted { PORT {} } for file/ICL inbounds because the guard only tested for empty ORIG_PORT; protocol-nested returns the literal "{}" for empty blocks. Fix: case guard rejects empty, "{}", and any non-numeric value with a clear "is it a TCP listener?" error (exit 1). TCP inbounds (numeric PORT) still generate correctly. Ref: lib/nc-make-jump.sh. F-3 (MEDIUM — manual marquee example): nc-msgs mrn=<bare> returned 0 on real Epic MRNs stored as "5720501458^^^MRN". Fix: in field_matches "=" operator, when expected has no ^ and the stored repetition does, compare component-1 (text before first ^). Full-componented and mrn.1= paths unchanged. Fixture: bare mrn=5720501458 now matches 2/3 messages correctly. Ref: lib/nc-msgs.sh. All four files pass bash -n. MANIFEST regenerated (54 entries, --check=0). Tested against synthetic fixtures on .135 (no live engine required for these logic bugs). Work-box re-verify commands in audit §4-B. Co-Authored-By: Clover (claude-sonnet-4-6) <noreply@anthropic.com>	2026-06-08 10:52:57 -07:00
Bryan Johnson	111be2c744	v0.8.26: harden control-byte sanitize across the tool suite + ssh-helper traps Shared _sanitize_ctl (unconditional, nc-document) and _sanitize_ctl_tty (strips only when stdout is a terminal) now live in cygwin-safe.sh. nc-msgs, nc-parse, and the hl7-* tools route stdout through the tty-gated variant, so a terminal is protected from raw HL7/NetConfig control bytes while pipes and redirects stay byte-exact (the 0x1c framing route_test needs is preserved). Exit codes propagate via PIPESTATUS. ssh-helper _read_hidden installs its restore trap before stty -echo on every path and saves/restores the prior trap. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-28 16:35:06 -07:00
Bryan Johnson	e08f030df5	v0.3.0: initial release of Larry-Anywhere Portable AI agent for Cloverleaf integration work. Pure bash + curl + jq. Zero dependency on v1 wrapper scripts or v2 cloverleaf-tools.pyz. 27 native Anthropic tools: NetConfig parsing (read) nc_list_protocols, nc_list_processes, nc_protocol_block, nc_protocol_field, nc_protocol_nested, nc_protocol_summary, nc_destinations, nc_sources, nc_xlate_refs, nc_tclproc_refs NetConfig modification (journal-backed writes with rollback) nc_insert_protocol, nc_add_route, larry_rollback_list Workflows nc_find_inbound, nc_make_jump (3-thread jump pattern), nc_find (tbn/tbp/tbh/tbpr/where replacements), nc_document, nc_diff_interface, nc_regression Messages hl7_field, nc_msgs (smat is SQLite!), hl7_diff (with --ignore MSH.7) File system read_file, list_dir, grep_files, glob_files, write_file, bash_exec Validated against a 22-site real Cloverleaf test install. Five worked examples end-to-end: jump-thread generation, smat MRN search, system documentation, interface+connected diff, HL7-aware regression diff. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-26 09:46:20 -07:00

Author

SHA1

Message

Date

9a2ed47785

v0.9.2: fix F-1/F-2/F-3/F-5 — regression false-PASS, PHI leak, jump guard, MRN match

F-1 (HIGH — blocks regression): hl7-diff --format count always returned 0
because the early-exit in END fired before the diff loop ran. Fix: remove
the early exit; suppress per-diff printf in emit() for count mode; emit
DIFF_COUNT after the loop. count/text/tsv all agree (13 diffs on fixture,
0 on identical pair, exit codes correct). Ref: lib/hl7-diff.sh.

F-5 (MEDIUM — PHI leak): hl7-sanitize silently passed LF-delimited HL7
through as cleartext (awk RS="\r" never split on LF). Fix: detect CR
absence via python3 binary read; normalise LF/CRLF→CR via `tr` before
the awk pass. Both file and stdin paths handled. CR path is a zero-overhead
passthrough. Before: 0 tokens, cleartext PHI. After: 6 tokens, all PID
fields replaced with [[MRN_0001]] etc. Ref: lib/hl7-sanitize.sh.

F-2 (MEDIUM): nc-make-jump emitted { PORT {} } for file/ICL inbounds
because the guard only tested for empty ORIG_PORT; protocol-nested returns
the literal "{}" for empty blocks. Fix: case guard rejects empty, "{}", and
any non-numeric value with a clear "is it a TCP listener?" error (exit 1).
TCP inbounds (numeric PORT) still generate correctly. Ref: lib/nc-make-jump.sh.

F-3 (MEDIUM — manual marquee example): nc-msgs mrn=<bare> returned 0 on
real Epic MRNs stored as "5720501458^^^MRN". Fix: in field_matches "="
operator, when expected has no ^ and the stored repetition does, compare
component-1 (text before first ^). Full-componented and mrn.1= paths
unchanged. Fixture: bare mrn=5720501458 now matches 2/3 messages correctly.
Ref: lib/nc-msgs.sh.

All four files pass bash -n. MANIFEST regenerated (54 entries, --check=0).
Tested against synthetic fixtures on .135 (no live engine required for these
logic bugs). Work-box re-verify commands in audit §4-B.

Co-Authored-By: Clover (claude-sonnet-4-6) <noreply@anthropic.com>

2026-06-08 10:52:57 -07:00

Bryan Johnson

111be2c744

v0.8.26: harden control-byte sanitize across the tool suite + ssh-helper traps

Shared _sanitize_ctl (unconditional, nc-document) and _sanitize_ctl_tty
(strips only when stdout is a terminal) now live in cygwin-safe.sh. nc-msgs,
nc-parse, and the hl7-* tools route stdout through the tty-gated variant, so a
terminal is protected from raw HL7/NetConfig control bytes while pipes and
redirects stay byte-exact (the 0x1c framing route_test needs is preserved).
Exit codes propagate via PIPESTATUS. ssh-helper _read_hidden installs its
restore trap before stty -echo on every path and saves/restores the prior trap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-28 16:35:06 -07:00

Bryan Johnson

e08f030df5

v0.3.0: initial release of Larry-Anywhere

Portable AI agent for Cloverleaf integration work. Pure bash + curl + jq.
Zero dependency on v1 wrapper scripts or v2 cloverleaf-tools.pyz.

27 native Anthropic tools:

NetConfig parsing (read)
  nc_list_protocols, nc_list_processes, nc_protocol_block,
  nc_protocol_field, nc_protocol_nested, nc_protocol_summary,
  nc_destinations, nc_sources, nc_xlate_refs, nc_tclproc_refs

NetConfig modification (journal-backed writes with rollback)
  nc_insert_protocol, nc_add_route, larry_rollback_list

Workflows
  nc_find_inbound, nc_make_jump (3-thread jump pattern), nc_find
  (tbn/tbp/tbh/tbpr/where replacements), nc_document, nc_diff_interface,
  nc_regression

Messages
  hl7_field, nc_msgs (smat is SQLite!), hl7_diff (with --ignore MSH.7)

File system
  read_file, list_dir, grep_files, glob_files, write_file, bash_exec

Validated against a 22-site real Cloverleaf test install. Five worked
examples end-to-end: jump-thread generation, smat MRN search, system
documentation, interface+connected diff, HL7-aware regression diff.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-26 09:46:20 -07:00

3 Commits