Skip to content

audit fixes: checked types + curated lint; install-mcp drift guard; strict policy keys; transport credential guard#77

Merged
inth3shadows merged 1 commit into
mainfrom
audit-fixes
Jul 14, 2026
Merged

audit fixes: checked types + curated lint; install-mcp drift guard; strict policy keys; transport credential guard#77
inth3shadows merged 1 commit into
mainfrom
audit-fixes

Conversation

@inth3shadows

Copy link
Copy Markdown
Owner

Three fixes from the 2026-07-14 module-by-module audit, approved as a batch.

1. Annotations → checked contract

  • [tool.ruff.lint] curated select (I,B,UP,C4,SIM,RET,PLE on top of defaults) — the repo previously ran ruff's minimal defaults with no config at all.
  • [tool.mypy] lenient baseline (ratchet later), added to the CI lint job; mypy in dev deps.
  • Burn-down: 114 ruff findings (96 auto-fixed; 18 manual with explicit zip(..., strict=) chosen per real semantics at each site). 17 mypy errors, several genuinely load-bearing:
    • pump() claimed src: TextIO but receives an Iterator[str] from HttpTransport → now Iterable[str] (the actual contract);
    • answer_retrieve could index the drop store with a non-str handle from a malformed call → explicit miss;
    • an invalid # type: ignore comment in _emit_audit (trailing prose broke the syntax) was suppressing nothing → replaced with real narrowing.

2. install-mcp drift guard

A re-wrap rebuilt the entry purely from the stashed original, silently reverting hand-edits to the wrapped entry — this reverted codegraph's node@22 env.PATH pin in production on 07-13. wrap() now carries live non-terse-owned keys forward (command/args always rebuilt; url/headers never resurrected from a drifted entry), do_install reports the preserved keys, the CLI prints them with the uninstall caveat, USAGE updated. Regression test reproduces the codegraph scenario exactly.

3. Hardening pair

  • load_policy rejects unknown keys at every level (_-prefixed annotations exempt — the policy_gen convention). It immediately caught a latent specimen in our own tree: a multiproxy test's policy file used "rules" (schema says "policies") and the old loader swallowed it.
  • HttpTransport refuses credential-bearing headers over cleartext http to a remote host — parity with fluency.openai_answerer's existing TLS guard. Loopback gateways and https unaffected.

Verification

  • 476 tests pass (+5), ruff clean at the new bar, mypy clean.
  • The live production policy file loads under the strict loader (verified against a real proxy launch) — no deployment impact.

…trict policy keys; transport credential guard

Three fixes from the 2026-07-14 module-by-module audit.

1. Annotations become a CHECKED contract. [tool.ruff.lint] curated select
   (I/B/UP/C4/SIM/RET/PLE on top of the defaults) + a lenient [tool.mypy]
   baseline, both in CI. Burn-down: 114 ruff findings (96 auto), 17 mypy
   errors - several real: pump()'s src annotation claimed TextIO but receives
   an Iterator from HttpTransport; answer_retrieve indexed the drop store
   with a possibly-None handle; text_diff reused a loop variable across int/
   int|None types; an invalid 'type: ignore' comment in _emit_audit was
   silently not suppressing anything.

2. install-mcp drift guard. A re-wrap used to rebuild the entry purely from
   the stashed original, silently reverting hand-edits to the WRAPPED entry
   (reverted codegraph's node@22 env.PATH pin in production, 2026-07-13).
   wrap() now carries live non-terse-owned keys forward (command/args still
   rebuilt; url/headers never resurrected), do_install reports what it
   preserved, and the CLI prints it with the uninstall caveat. USAGE updated.

3. Hardening pair.
   - load_policy rejects unknown keys at every level ('_'-prefixed
     annotations exempt - the policy_gen convention). Immediately caught a
     latent specimen: a multiproxy test's policy file used 'rules' (schema
     says 'policies') and the old loader silently ignored it.
   - HttpTransport refuses credential-bearing headers (authorization/token/
     key/secret/cookie) over cleartext http to a non-loopback host - parity
     with fluency.openai_answerer's TLS guard. Loopback gateways unaffected.

476 tests pass (+5), ruff clean, mypy clean, live policy file verified
against the strict loader.
@inth3shadows inth3shadows merged commit 0c7a102 into main Jul 14, 2026
5 checks passed
@inth3shadows inth3shadows deleted the audit-fixes branch July 14, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant