orcs-code

orcs-oss/orcs-code

Fork 0

Commit Graph

Author	SHA1	Message	Date
Anandan	8fc40ee8c4	Neutralize internal Anthropic prose in explanatory comments (#357 ) This is a small prose-only follow-up that rewrites clearly internal or explanatory Anthropic comment language to neutral wording in a handful of high-confidence files. It avoids runtime strings, flags, command labels, protocol identifiers, and provider-facing references. Constraint: Keep this pass narrowly scoped to comments/documentation only Rejected: Broader Anthropic comment sweep across functional API/protocol references \| too ambiguous for a safe prose-only PR Confidence: high Scope-risk: narrow Reversibility: clean Directive: Leave functional Anthropic references (API behavior, SDKs, URLs, provider labels, protocol docs) for separate reviewed passes Tested: bun run build Tested: bun run smoke Tested: bun run verify:privacy Tested: bun run test:provider Tested: bun run test:provider-recommendation Not-tested: Full repo typecheck (upstream baseline remains noisy) Co-authored-by: anandh8x <test@example.com>	2026-04-04 23:35:03 +05:30
gnanam1990	942d09ca9c	security: fix 5 findings from issue #42 — env leak, ant gate, depth DoS, URL parse, CA cert Finding 1 [CRITICAL] — sessionRunner leaks full process.env to child Extract buildChildEnv() with an explicit allowlist of safe OS/runtime vars. Child process no longer inherits ANTHROPIC_API_KEY, OPENAI_API_KEY, DB credentials, or any other secret present in the parent shell environment. Only CLAUDE_CODE_* bridge vars, PATH, HOME, and standard OS env are passed. Finding 2 [HIGH] — USER_TYPE=ant activatable by external users Add isAntEmployee() -> false constant in src/utils/buildConfig.ts. Replace all three direct process.env.USER_TYPE === 'ant' checks in setup.ts and onChangeAppState.ts so no external user can activate Anthropic-internal code paths (commit attribution, system prompt clearing, dangerously-skip-permissions bypass) by setting USER_TYPE in their shell. Finding 3 [HIGH] — memoryScan.ts unlimited directory walk Add MAX_DEPTH=3 guard on readdir({ recursive: true }) results. Deep or symlink-looped memory directories no longer cause an unbounded blocking walk before the MAX_MEMORY_FILES cap takes effect. Finding 5 [HIGH] — buildSdkUrl uses string.includes for protocol detection Replace apiBaseUrl.includes('localhost') with new URL(apiBaseUrl).hostname comparison so a remote URL containing 'localhost' in its path no longer incorrectly gets ws:// (unencrypted) instead of wss://. Finding 6 [HIGH] — upstream proxy writes unvalidated CA cert to disk Add isValidPemContent() validation before writeFile in the CA cert download path. A compromised proxy sending non-PEM data (HTML, JSON, scripts) is now rejected before it can be appended to the system CA bundle. Each fix is covered by new unit tests (25 tests across 5 new test files). All 52 tests pass. Build verified clean on v0.1.7. Fixes #42 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-02 21:04:10 +05:30

Author

SHA1

Message

Date

Anandan

8fc40ee8c4

Neutralize internal Anthropic prose in explanatory comments (#357 )

This is a small prose-only follow-up that rewrites clearly internal or
explanatory Anthropic comment language to neutral wording in a handful of
high-confidence files. It avoids runtime strings, flags, command labels,
protocol identifiers, and provider-facing references.

Constraint: Keep this pass narrowly scoped to comments/documentation only
Rejected: Broader Anthropic comment sweep across functional API/protocol references | too ambiguous for a safe prose-only PR
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Leave functional Anthropic references (API behavior, SDKs, URLs, provider labels, protocol docs) for separate reviewed passes
Tested: bun run build
Tested: bun run smoke
Tested: bun run verify:privacy
Tested: bun run test:provider
Tested: bun run test:provider-recommendation
Not-tested: Full repo typecheck (upstream baseline remains noisy)

Co-authored-by: anandh8x <test@example.com>

2026-04-04 23:35:03 +05:30

gnanam1990

942d09ca9c

security: fix 5 findings from issue #42 — env leak, ant gate, depth DoS, URL parse, CA cert

Finding 1 [CRITICAL] — sessionRunner leaks full process.env to child
Extract buildChildEnv() with an explicit allowlist of safe OS/runtime vars.
Child process no longer inherits ANTHROPIC_API_KEY, OPENAI_API_KEY, DB
credentials, or any other secret present in the parent shell environment.
Only CLAUDE_CODE_* bridge vars, PATH, HOME, and standard OS env are passed.

Finding 2 [HIGH] — USER_TYPE=ant activatable by external users
Add isAntEmployee() -> false constant in src/utils/buildConfig.ts.
Replace all three direct process.env.USER_TYPE === 'ant' checks in
setup.ts and onChangeAppState.ts so no external user can activate
Anthropic-internal code paths (commit attribution, system prompt clearing,
dangerously-skip-permissions bypass) by setting USER_TYPE in their shell.

Finding 3 [HIGH] — memoryScan.ts unlimited directory walk
Add MAX_DEPTH=3 guard on readdir({ recursive: true }) results.
Deep or symlink-looped memory directories no longer cause an unbounded
blocking walk before the MAX_MEMORY_FILES cap takes effect.

Finding 5 [HIGH] — buildSdkUrl uses string.includes for protocol detection
Replace apiBaseUrl.includes('localhost') with new URL(apiBaseUrl).hostname
comparison so a remote URL containing 'localhost' in its path no longer
incorrectly gets ws:// (unencrypted) instead of wss://.

Finding 6 [HIGH] — upstream proxy writes unvalidated CA cert to disk
Add isValidPemContent() validation before writeFile in the CA cert download
path. A compromised proxy sending non-PEM data (HTML, JSON, scripts) is now
rejected before it can be appended to the system CA bundle.

Each fix is covered by new unit tests (25 tests across 5 new test files).
All 52 tests pass. Build verified clean on v0.1.7.

Fixes #42

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-02 21:04:10 +05:30

2 Commits