Peter Steinberger
|
425c5b9f26
|
fix(macos): reject revoked forwarded exec approvals (#103968)
* fix(macos): reject revoked forwarded exec approvals
* fix(macos): split approval plan validation
* chore(i18n): refresh native source lines
|
2026-07-10 19:01:17 -07:00 |
|
Peter Steinberger
|
3ec2a50d6c
|
fix(exec): prevent revoked policy from authorizing delayed node runs (#103950)
* fix(cli): fail closed on exec policy rollback races
* refactor(cli): reuse canonical exec policy ordering
* fix(exec): bind delayed approvals to prepared policy
* fix(macos): revalidate delayed exec approvals
* fix(exec): align approval snapshot validation gates
|
2026-07-11 01:37:37 +01:00 |
|
Peter Steinberger
|
9b1c36d23c
|
fix: prevent exec approval revocation races (#103515)
* fix(security): serialize exec approval mutations
* fix(security): preserve additive approval writes
* test(cli): expect normalized approval shape
* fix(security): preserve exec approval compatibility
* test(security): exercise locked approval initialization
* test(security): mock serialized approval helpers
* test(exec): derive enforced command path from plan
* fix(gateway): always return approval CAS conflicts
* fix(macos): serialize exec approvals writes
* fix(security): repair approval build errors
* fix(security): serialize exec approval mutations
* fix(security): fail closed on approval persistence errors
* test(security): cover detached approval persistence failures
* fix(security): harden exec approval state
* style(macos): format exec approval sources
* fix(security): complete exec approval hardening
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(macos): preserve approved login-shell semantics
* fix(macos): keep login shell approvals one-shot
* fix(security): linearize exec authorization
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): preserve durable approval basis
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* fix(security): bind exec grants to current policy
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
* test(security): fix exec revocation fixtures
* test(security): align gateway approval fixtures
* fix(macos): return approval decisions
* chore(i18n): sync native approval strings
* test(security): align approval hardening fixtures
* test(node): authorize completed event fixture
* test(security): fix approval decision fixtures
* test(security): await durable approval visibility
* fix(exec): preserve concurrent approval grants
* fix(exec): address exact-head CI failures
* fix(exec): preserve concurrent approval promotions
* fix(exec): make Swift shutdown state explicit
* test(macos): handle approval read failures
* fix(macos): harden approval socket paths
* fix(macos): preserve exact shell payload bytes
* test(macos): make approval fixtures explicit
* test(macos): fix approval suite compilation
* fix(macos): bound approval socket JSONL reads
* chore: move exec approval note to release process
* chore: move exec approval note to release process
---------
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
|
2026-07-10 21:35:05 +01:00 |
|
Pavan Kumar Gondhi
|
fc065b2693
|
Harden macOS shell wrapper allowlist parsing [AI] (#78518)
* fix: harden shell wrapper allowlist parsing
* fix: harden shell wrapper approval binding
* docs: add changelog entry for PR merge
---------
Co-authored-by: Ishaan <ishaan@Ishaans-Mac-mini.local>
|
2026-05-08 10:18:41 +05:30 |
|
Nimrod Gutman
|
c4a4050ce4
|
fix(macos): align exec command parity (#50386)
* fix(macos): align exec command parity
* fix(macos): address exec review follow-ups
|
2026-03-19 13:51:17 +02:00 |
|
Peter Steinberger
|
4d686b47f0
|
fix: bind macOS skill trust to resolved paths
|
2026-03-13 21:00:59 +00:00 |
|
Peter Steinberger
|
e80c803fa8
|
fix(security): block shell env allowlist bypass in system.run
|
2026-02-22 12:47:05 +01:00 |
|
Peter Steinberger
|
e371da38aa
|
fix(macos): consolidate exec approval evaluation
|
2026-02-21 19:30:35 +01:00 |
|