Salvaged from PR #35130 (the safe subset of jnibarger01's security pass): - threat_patterns.py: replace unbounded (?:\w+\s+)* filler with bounded {0,8} + cap scan input at MAX_SCAN_CHARS (64KiB), and bound the .* runs in the exfil/config-mod patterns. Kills catastrophic backtracking on adversarial near-misses. - hermes_state.py: cap FTS5 query length (MAX_FTS5_QUERY_CHARS) and extract quoted phrases with a linear scan instead of a regex so pathological quote runs can't induce backtracking. - acp_adapter/edit_approval.py + agent/tool_dispatch_helpers.py: recognize '*** Move File: src -> dst' V4A headers so patch-mode edits are permissioned/traversal-checked (previously only Update/Add/Delete), and surface a proposal for mode=patch V4A calls (previously replace-only). Tests: +ReDoS-bound + FTS5-cap + Move-File-target + V4A-approval cases. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| __main__.py | ||
| auth.py | ||
| edit_approval.py | ||
| entry.py | ||
| events.py | ||
| permissions.py | ||
| provenance.py | ||
| server.py | ||
| session.py | ||
| tools.py | ||