cloverleaf-larry

bryan/cloverleaf-larry

Fork 0

Commit Graph

Author	SHA1	Message	Date
Bryan Johnson	7434e6e8b8	v0.8.0: PHI safety quick-wins — path-block + /load HL7 routing + strict mode Three independent zero-risk patches closing V3/V4/V5/V6/V11 gaps from Vera's static PHI-leak audit. Implemented per Pax's mitigation recommendations. No new deps, no behavior change for users not handling PHI. - tool_read_file / tool_grep_files / tool_glob_files / tool_list_dir now refuse paths under $LARRY_HOME/{log,sanitize,sessions} and $LARRY_HOME/{.oauth.json,.env} with a structured JSON error the model must surface. Block-list evaluates at call time; comparison runs against both the literal and realpath-canonicalized form of both PATH and $LARRY_HOME. Closes V4 + V6 + V11 (de-sanitization key, OAuth tokens, PHI clear-text audit log). The proactive same-pattern sweep extended the block from read_file alone to grep_files/glob_files/list_dir. - /load <file> pre-routes HL7-shaped content through lib/hl7-sanitize.sh (segment-aware tokenizer) BEFORE the user_input auto-PHI pass. Closes V3 — smat dumps loaded via /load no longer rely on the lighter per-word classifier. - LARRY_AUTO_PHI=strict (fourth value alongside off/on/confirm) is the fail-closed mode. Aborts the turn when sanitizer is missing or returns empty on HL7-shaped content, or when tokenize-value fails. On the tool-result surface (can't kill an in-flight tool_use), substitutes the result with a refusal sentinel so raw HL7 NEVER reaches the model. Existing off/on/confirm semantics unchanged. /phi-auto strict toggle, /help text, and tests updated. Closes V5. Refs: Deliverables/2026-05-27-cloverleaf-larry-phi-leak-audit.md (Vera) Deliverables/2026-05-27-cloverleaf-larry-phi-mitigation-research.md (Pax) Verification: bash -n clean; path-block unit-tested with 13 cases including symlink resolution (file and dir), ../ traversal, nonexistent paths, and the empty-LARRY_HOME edge case — all pass. Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>	2026-05-27 19:38:42 -07:00
Bryan Johnson	9dd5821436	v0.7.5: OAuth CR-taint fix + mouse opt-in + CR-safety sweep - Fix bash arithmetic crash on MobaXterm/Cygwin: $(date +%s) was returning CR-tainted values landing in $(( )) operands - Mouse mode off by default; opt in via LARRY_MOUSE=1 or /mouse on - Comprehensive CR-safety sweep across lib/*.sh and larry.sh — every command-substitution result, file read, and user input that feeds an arithmetic context, case dispatcher, or path/header is now CR-stripped at the source New shared helper lib/cygwin-safe.sh defines three primitives: coerce_int VAL [DEFAULT] — for arithmetic / integer-test operands strip_cr VAL — for case patterns, regex tests, paths, headers read_clean VAR [PROMPT] — read -r wrapper that strips CR pre-assign Hardened call sites (14 files, 60+ patch points): - larry.sh: status-line date/tput, 3 y/N approvals, auth menu, API key - lib/oauth.sh: cmd_login + cmd_refresh date+%s captures - lib/nc-engine.sh: 5 y/N action prompts + find\|wc arithmetic - lib/nc-msgs.sh: parse_time_ms (4 date sites) + meta-TSV time + MSG_COUNT - lib/nc-regression.sh: tr\|wc count + hl7-diff ?-fallback arithmetic - lib/nc-smat-diff.sh: A_COUNT/B_COUNT/DIFFS_TOTAL - lib/nc-insert-protocol.sh: every awk-emitted line number → head/tail math - lib/journal.sh: _next_seq wc -l arithmetic - lib/lessons.sh: _next_id/_count + 2 y/N prompts - lib/hl7-sanitize.sh: cmd_count + clear-table y/N - lib/ssh-helper.sh: 4 local+remote wc -c integer compares - lib/nc-find.sh, lib/nc-table.sh, lib/nc-document.sh, larry-rollback.sh Reproduces the exact error Bryan hit: bash: ...: arithmetic syntax error: invalid arithmetic operator (error token is "") lib/cygwin-safe.sh added to MANIFEST so it auto-syncs on next launch. Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>	2026-05-27 19:17:48 -07:00

Author

SHA1

Message

Date

Bryan Johnson

7434e6e8b8

v0.8.0: PHI safety quick-wins — path-block + /load HL7 routing + strict mode

Three independent zero-risk patches closing V3/V4/V5/V6/V11 gaps from
Vera's static PHI-leak audit. Implemented per Pax's mitigation
recommendations. No new deps, no behavior change for users not handling PHI.

- tool_read_file / tool_grep_files / tool_glob_files / tool_list_dir now
  refuse paths under $LARRY_HOME/{log,sanitize,sessions} and
  $LARRY_HOME/{.oauth.json,.env} with a structured JSON error the model
  must surface. Block-list evaluates at call time; comparison runs against
  both the literal and realpath-canonicalized form of both PATH and
  $LARRY_HOME. Closes V4 + V6 + V11 (de-sanitization key, OAuth tokens,
  PHI clear-text audit log). The proactive same-pattern sweep extended
  the block from read_file alone to grep_files/glob_files/list_dir.

- /load <file> pre-routes HL7-shaped content through lib/hl7-sanitize.sh
  (segment-aware tokenizer) BEFORE the user_input auto-PHI pass. Closes
  V3 — smat dumps loaded via /load no longer rely on the lighter per-word
  classifier.

- LARRY_AUTO_PHI=strict (fourth value alongside off/on/confirm) is the
  fail-closed mode. Aborts the turn when sanitizer is missing or returns
  empty on HL7-shaped content, or when tokenize-value fails. On the
  tool-result surface (can't kill an in-flight tool_use), substitutes
  the result with a refusal sentinel so raw HL7 NEVER reaches the model.
  Existing off/on/confirm semantics unchanged. /phi-auto strict toggle,
  /help text, and tests updated. Closes V5.

Refs:
  Deliverables/2026-05-27-cloverleaf-larry-phi-leak-audit.md (Vera)
  Deliverables/2026-05-27-cloverleaf-larry-phi-mitigation-research.md (Pax)

Verification: bash -n clean; path-block unit-tested with 13 cases including
symlink resolution (file and dir), ../ traversal, nonexistent paths, and
the empty-LARRY_HOME edge case — all pass.

Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>

2026-05-27 19:38:42 -07:00

Bryan Johnson

9dd5821436

v0.7.5: OAuth CR-taint fix + mouse opt-in + CR-safety sweep

- Fix bash arithmetic crash on MobaXterm/Cygwin: $(date +%s) was
  returning CR-tainted values landing in $(( )) operands
- Mouse mode off by default; opt in via LARRY_MOUSE=1 or /mouse on
- Comprehensive CR-safety sweep across lib/*.sh and larry.sh — every
  command-substitution result, file read, and user input that feeds
  an arithmetic context, case dispatcher, or path/header is now
  CR-stripped at the source

New shared helper lib/cygwin-safe.sh defines three primitives:
  coerce_int VAL [DEFAULT]   — for arithmetic / integer-test operands
  strip_cr VAL               — for case patterns, regex tests, paths, headers
  read_clean VAR [PROMPT]    — read -r wrapper that strips CR pre-assign

Hardened call sites (14 files, 60+ patch points):
  - larry.sh:  status-line date/tput, 3 y/N approvals, auth menu, API key
  - lib/oauth.sh:  cmd_login + cmd_refresh date+%s captures
  - lib/nc-engine.sh:  5 y/N action prompts + find|wc arithmetic
  - lib/nc-msgs.sh:  parse_time_ms (4 date sites) + meta-TSV time + MSG_COUNT
  - lib/nc-regression.sh:  tr|wc count + hl7-diff ?-fallback arithmetic
  - lib/nc-smat-diff.sh:  A_COUNT/B_COUNT/DIFFS_TOTAL
  - lib/nc-insert-protocol.sh:  every awk-emitted line number → head/tail math
  - lib/journal.sh:  _next_seq wc -l arithmetic
  - lib/lessons.sh:  _next_id/_count + 2 y/N prompts
  - lib/hl7-sanitize.sh:  cmd_count + clear-table y/N
  - lib/ssh-helper.sh:  4 local+remote wc -c integer compares
  - lib/nc-find.sh, lib/nc-table.sh, lib/nc-document.sh, larry-rollback.sh

Reproduces the exact error Bryan hit:
  bash: ...: arithmetic syntax error: invalid arithmetic operator (error token is "")

lib/cygwin-safe.sh added to MANIFEST so it auto-syncs on next launch.

Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>

2026-05-27 19:17:48 -07:00

2 Commits