fix: security & correctness hardening (v2.39.0)#21
Merged
Conversation
A multi-agent audit of C3 surfaced a hook-enforcement bypass, edit-ledger and session-store data-loss races, Windows line-ending/subprocess bugs across the c3 tools, installer config-merge data-loss risks, and three Oracle security gaps. Security: - Oracle POST /api/config now requires the Bearer token + key allowlist (was unauthenticated; could disable Discovery auth or repoint ollama_base_url). - Oracle GET /api/apikey returns a masked token unless authenticated (was leaking the raw token). - Oracle Discovery project_path validated against discovered projects. Fixed: - Enforcement bypass: a read-only c3_* call unlocked native Edit/Write; writes now require c3_edit/c3_edits/c3_agent. MultiEdit/NotebookEdit are now enforced+logged. - c3_edit preserves original line endings on Windows (was rewriting LF->CRLF) and no longer writes/logs on a no-op batch. - Edit ledger: tag_edit appends under lock (was a lock-free rewrite), log_edit is locked, edit ids carry a random suffix; sessions.json writes atomically and no longer wipes the catalog on a corrupt read. - c3_delegate(claude) fixed (tuple-unpack bug); CLI runners decode UTF-8 + kill the process tree on timeout. - JS/TS exported symbols are now indexed; c3_compress renders classes per-language; c3_read no longer truncates on braces in strings/comments; file_memory lazy index is lock-guarded. - Installer: merge_c3_block, global CLAUDE.md, and upsert_toml_section no longer corrupt/lose user config on re-install. - Plus smaller c3_read/c3_validate/c3_memory/web_security/context_snapshot fixes. All 474 tests pass; new tests added for each area. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
A multi-agent audit of C3 surfaced a hook-enforcement bypass, several edit-ledger /
session-store data-loss races, Windows line-ending and subprocess bugs across the c3
tools, installer config-merge data-loss risks, and three Oracle security gaps. This PR
fixes all of them and bumps the release to v2.39.0.
Security
POST /api/configwas unauthenticated — any local process couldPOST {"api_require_auth": false}to disable Discovery auth or repointollama_base_url. Now requires the Bearer token + an allowlisted key set.GET /api/apikeyleaked the raw token — now masked unless authenticated.project_pathwas unvalidated — now checked against discoveredprojects.
Correctness
c3_*call unlocked nativeEdit/Write; writesnow require
c3_edit/c3_edits/c3_agent.MultiEdit/NotebookEditare nowenforced + logged.
c3_editpreserves original line endings on Windows (was rewriting LF→CRLF) and nolonger writes/logs on a no-op batch.
tag_editappends under lock;log_editlocked;collision-resistant edit ids;
sessions.jsonwrites atomically and no longer wipes thecatalog on a corrupt read.
c3_delegate(claude)fixed (was 100% broken); CLI runners decode UTF-8 + kill theprocess tree on timeout.
brace-in-string read truncation fixed;
file_memorylazy index lock-guarded.merge_c3_block, globalCLAUDE.md, andupsert_toml_sectionno longercorrupt/lose user config on re-install.
c3_read/c3_validate/c3_memory/web_security/context_snapshotfixes.See
CHANGELOG.mdfor the full list.Testing
python -m pytest -q→ 474 passed.test_edit_ledger_hook.py,test_oracle_security_fixes.py,test_service_durability.py, plus additions to enforcement / edit-normalization /mcp_toml / claude_md_merge / web_security / activity_reporter suites.
Release
Merging this and pushing tag
v2.39.0triggersrelease.yml→ build → PyPI (TrustedPublishing) → GitHub Release.
🤖 Generated with Claude Code