Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
9328c22
Initial commit
Deepfreezechill Mar 30, 2026
aad0d8b
Add project infrastructure: Actions, PR template, ADRs
Mar 30, 2026
96d1476
feat: add fail-closed phase gate enforcement system
Mar 30, 2026
35a013b
security: address /8eyes audit findings
Mar 30, 2026
8703378
feat: merge HKUDS/OpenSpace source (MIT licensed fork)
Mar 30, 2026
27760ca
Merge pull request #431 from Deepfreezechill/feat/merge-upstream-source
Deepfreezechill Mar 30, 2026
3ab6ae6
feat(security): add bearer token auth on all MCP HTTP endpoints
Mar 30, 2026
9b4de17
Merge pull request #433 from Deepfreezechill/feat/p0-auth-minimal
Deepfreezechill Mar 30, 2026
19a5c9f
feat(security): add sliding-window rate limiting on MCP HTTP endpoint…
Deepfreezechill Mar 31, 2026
1d045e2
test(security): add auth + rate-limit integration tests (#435)
Deepfreezechill Mar 31, 2026
8e34cf3
ci: GitHub Actions CI pipeline [EPIC 0.8]
Deepfreezechill Mar 31, 2026
55e335b
feat(test,security): test infrastructure + traceback removal (EPIC 0.…
Deepfreezechill Mar 31, 2026
9a7da6c
feat(security): AST scanner for dangerous API detection [EPIC 0.5]
Deepfreezechill Mar 31, 2026
0b4d994
feat(security): env var isolation for sandbox execution [EPIC 0.3b]
Deepfreezechill Mar 31, 2026
ab95cda
feat(security): disable cloud auto-import by default [EPIC 0.4]
Deepfreezechill Mar 31, 2026
5ed8efc
refactor: extract benchmark coupling from production code [EPIC 0.9]
Deepfreezechill Mar 31, 2026
802921d
feat(security): dependency version pinning and audit infrastructure […
Deepfreezechill Mar 31, 2026
918df05
feat(security): enforce E2B sandbox, fail-closed defaults [EPIC 0.2]
Deepfreezechill Mar 31, 2026
01e8f0d
test: MCP e2e, execution, error paths, coverage gate [EPIC 0.7]
Deepfreezechill Mar 31, 2026
bf8f769
feat: add domain layer with Protocol interfaces and frozen types [EPI…
Deepfreezechill Mar 31, 2026
68c8ddf
feat: add domain exception hierarchy with centralized error mapping […
Deepfreezechill Mar 31, 2026
082e318
feat: add structured logging with structlog, context propagation, and…
Deepfreezechill Mar 31, 2026
12a5c69
feat: add AppContainer composition root with lifecycle hooks [EPIC 1.…
Deepfreezechill Mar 31, 2026
be0042d
feat: add AppContainer delegation and public property accessors [EPIC…
Deepfreezechill Mar 31, 2026
0e92472
feat: add architecture boundary tests [EPIC 1.7] (#457)
Deepfreezechill Mar 31, 2026
548c07f
feat: SDK API design, public surface docs, and contract tests [EPIC 1…
Deepfreezechill Mar 31, 2026
d9b5dc8
feat: capability lease system with schema, parser, tier defaults, and…
Deepfreezechill Mar 31, 2026
26b90f8
feat: filesystem broker with jailing, enforcement, and TOCTOU protect…
Deepfreezechill Mar 31, 2026
cc158a2
feat: network proxy with domain/port/connection enforcement [EPIC 2.3…
Deepfreezechill Apr 1, 2026
b8163ad
fix: block apex rebinding domains and loopback/link-local SSRF (#467)
Deepfreezechill Apr 1, 2026
e31f9c4
feat: Process Broker with command/shell/syscall enforcement [EPIC 2.4…
Deepfreezechill Apr 1, 2026
a308461
feat: MCP Auth Advanced with HMAC tokens, per-tool authz, tier gating…
Deepfreezechill Apr 1, 2026
08b67b4
feat: Secret Broker with scoped storage, encryption at rest, capabili…
Apr 1, 2026
7b7a973
fix: update actions/setup-python SHA to v5 (a26af69)
Apr 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Phase Gate Enforcement — Protected Files
# ==========================================
# Changes to enforcement infrastructure require admin review.
# This mitigates the PR-self-modification attack vector where
# a PR modifies phase-config.yml or workflow files to weaken gates.

# All GitHub configuration (workflows, config, templates)
.github/** @Deepfreezechill

# Enforcement documentation
docs/enforcement/** @Deepfreezechill
51 changes: 51 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: weekly
day: monday
open-pull-requests-limit: 10
labels:
- dependencies
- security
reviewers:
- Deepfreezechill
commit-message:
prefix: "deps"
# Group minor/patch updates to reduce PR noise
groups:
production-deps:
patterns:
- "*"
exclude-patterns:
- "pytest*"
- "ruff"
- "mypy"
- "black"
- "flake8"
- "pytest-*"
update-types:
- minor
- patch
dev-deps:
patterns:
- "pytest*"
- "ruff"
- "mypy"
- "pytest-*"
update-types:
- minor
- patch

- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
day: monday
open-pull-requests-limit: 5
labels:
- ci
- dependencies
commit-message:
prefix: "ci"
81 changes: 81 additions & 0 deletions .github/phase-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Phase Gate Dependency Configuration
# =====================================
# This file defines the dependency graph between project phases.
# Milestone names in GitHub MUST match the phase names here exactly.
#
# Enforcement workflow reads this file on every PR event.
# Changes to this file require a PR (enforced by branch protection).
#
# Dependency Graph:
#
# P0 (Emergency Hardening)
# / \
# / \
# v v
# P1 (Foundation) P2 (Smart Sandbox)
# | |
# v |
# P3 (store.py) |
# | |
# v |
# P4 (tool+mcp) |
# | |
# v v
# P5 (evolver+grounding) <--+
# |
# v
# P6 (Production Readiness)
# |
# v
# P7 (Enforcement & Launch)

phases:
"Phase 0 — Emergency Hardening":
prerequisites: []
description: "Stop the bleeding — critical security, error handling, env hygiene"

"Phase 1 — Foundation Architecture":
prerequisites:
- "Phase 0 — Emergency Hardening"
description: "Hexagonal skeleton, DI container, type system, CI foundation"

"Phase 2 — Smart Sandbox":
prerequisites:
- "Phase 0 — Emergency Hardening"
description: "E2B integration, capability leases, 9-stage pre-execution pipeline"

"Phase 3 — Extract store.py":
prerequisites:
- "Phase 1 — Foundation Architecture"
description: "Decompose store.py god-class into 7 focused modules"

"Phase 4 — Extract tool_layer + mcp_server":
prerequisites:
- "Phase 3 — Extract store.py"
description: "Decompose tool_layer.py (6 modules) and mcp_server.py (5 modules)"

"Phase 5 — Extract evolver + grounding":
prerequisites:
- "Phase 2 — Smart Sandbox"
- "Phase 4 — Extract tool_layer + mcp_server"
description: "Decompose evolver.py (9 modules) and grounding_agent.py (8 modules)"

"Phase 6 — Production Readiness":
prerequisites:
- "Phase 5 — Extract evolver + grounding"
description: "Observability, SLOs, deployment architecture, DX polish"

"Phase 7 — Enforcement & Launch":
prerequisites:
- "Phase 6 — Production Readiness"
description: "Eight-eyes integration, SkillGuard, launch checklist"

# Escape hatch configuration
escape_hatch:
label: "emergency:bypass"
require_reason: true
reason_pattern: "## ⚠️ Bypass Reason"
min_reason_length: 30
# Only these GitHub usernames can invoke emergency bypass
allowed_actors:
- "Deepfreezechill"
32 changes: 32 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
## 🎯 What This Solves
Closes #<!-- issue number -->

**Phase:** P0 / P1 / P2 / P3 / P4 / P5 / P6 / P7
**Track:** 🔴 Security / 🟡 Architecture / 🟢 Platform

## 🔧 Changes Made
-

## 🧪 Testing Done
- [ ] Unit tests pass
- [ ] Integration points verified
- [ ] Manual smoke test (if applicable)

## 🔍 Review Focus Areas
<!-- What should reviewers pay special attention to? -->

## ⚠️ Risk & Rollback
- [ ] No breaking changes
- [ ] Rollback plan: <!-- revert commit / feature flag off / N/A -->

## 📝 ADR
- [ ] No architecture decisions made
- [ ] ADR written: `docs/adr/ADR-XXX.md`

<!--
To use emergency bypass: uncomment the section below, fill in the reason,
and add the `emergency:bypass` label. Reason must be 30+ characters.

## ⚠️ Bypass Reason
(Explain why this PR must skip phase gate enforcement — minimum 30 characters)
-->
36 changes: 36 additions & 0 deletions .github/workflows/auto-close.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Auto-Close Issues on PR Merge
on:
pull_request:
types: [closed]

jobs:
auto-close:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Close linked issues and update project
uses: actions/github-script@v7
with:
script: |
const pr = context.payload.pull_request;
const body = pr.body || '';
const title = pr.title || '';
const combined = body + ' ' + title;

// Extract issue references (Closes #123, Fixes #456, etc.)
const issueRefs = [...combined.matchAll(/(?:closes?|fixes?|resolves?)\s+#(\d+)/gi)];

for (const match of issueRefs) {
const issueNum = parseInt(match[1]);
try {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNum,
state: 'closed'
});
console.log(`✅ Closed issue #${issueNum}`);
} catch (error) {
console.log(`❌ Failed to close #${issueNum}: ${error.message}`);
}
}
122 changes: 122 additions & 0 deletions .github/workflows/bypass-audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
# ============================================================================
# Emergency Bypass Audit — Track and report all enforcement overrides
# ============================================================================
#
# Fires when the `emergency:bypass` label is added or removed.
# Creates a persistent audit record as a repo issue with the `audit` label.
# Also removes the bypass label after merge to prevent re-use.

name: Bypass Audit Trail

on:
pull_request:
types: [closed, labeled]
branches: [main]

permissions:
contents: read
issues: write
pull-requests: write

jobs:
# Record when bypass label is applied
audit-bypass-applied:
if: >
github.event.action == 'labeled' &&
github.event.label.name == 'emergency:bypass'
runs-on: ubuntu-latest
steps:
- name: Record bypass activation
uses: actions/github-script@v7
with:
script: |
const pr = context.payload.pull_request;
const actor = context.actor;

// Extract bypass reason from PR body
const body = pr.body || '';
const reasonIdx = body.indexOf('## ⚠️ Bypass Reason');
let reason = '(No reason provided)';
if (reasonIdx !== -1) {
reason = body.slice(reasonIdx + '## ⚠️ Bypass Reason'.length).trim().split('\n')[0];
}

// Create audit issue
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `🔓 Bypass Activated: PR #${pr.number} by @${actor}`,
body: [
`## Emergency Bypass Audit Record`,
``,
`| Field | Value |`,
`|-------|-------|`,
`| **PR** | #${pr.number} |`,
`| **Title** | ${pr.title} |`,
`| **Actor** | @${actor} |`,
`| **Timestamp** | ${new Date().toISOString()} |`,
`| **Reason** | ${reason} |`,
`| **PR Labels** | ${pr.labels.map(l => '`' + l.name + '`').join(', ')} |`,
``,
`> This record was auto-generated by the bypass audit system.`,
`> Bypass records are permanent and cannot be deleted.`,
].join('\n'),
labels: ['audit', 'emergency:bypass'],
});

core.info(`📝 Audit record created for bypass on PR #${pr.number}`);

# Clean up bypass label after merge + create completion record
audit-bypass-merged:
if: >
github.event.action == 'closed' &&
github.event.pull_request.merged == true &&
contains(github.event.pull_request.labels.*.name, 'emergency:bypass')
runs-on: ubuntu-latest
steps:
- name: Record bypass merge and clean up
uses: actions/github-script@v7
with:
script: |
const pr = context.payload.pull_request;

// Remove the bypass label so it can't be re-used if PR is reopened
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
name: 'emergency:bypass',
});
core.info('Removed emergency:bypass label from merged PR');
} catch (err) {
core.warning(`Could not remove bypass label: ${err.message}`);
}

// Find the audit issue for this PR and add merge note
const auditIssues = await github.rest.issues.listForRepo({
owner: context.repo.owner,
repo: context.repo.repo,
labels: 'audit,emergency:bypass',
state: 'open',
});

const auditIssue = auditIssues.data.find(i =>
i.title.includes(`PR #${pr.number}`)
);

if (auditIssue) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: auditIssue.number,
body: [
`## ✅ Bypass Merge Complete`,
``,
`PR #${pr.number} was merged at ${new Date().toISOString()}.`,
`Merge commit: ${pr.merge_commit_sha}`,
``,
`This audit record will remain open for 30-day review.`,
].join('\n'),
});
}
Loading
Loading