50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
CI — CoM Config Validation / Secret Detection (push) Waiting to run
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Public, sanitized mirror of an AI orchestration command center: agents, skills, MCP servers, slash-command workflows. All infrastructure identifiers, hostnames, mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics scrubbed to <placeholders>; session debug logs and host-specific memory removed. No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md. churchofmalware.org . authorized research only
3.0 KiB
3.0 KiB
| applyTo |
|---|
| hooks/**,rules/**,agents/**,a2a/**,settings.json |
Security Instructions — CoM Governance Layer
Scope
These instructions apply to all security-critical files: execution hooks, governance rules, agent definitions, A2A constitution, and the master settings.json.
Hook Development (hooks/)
- All hooks must use
set -euo pipefailas the first executable line - Hooks must have defined timeouts (PreToolUse: 10s, PostToolUse: 15s, Stop: 10s)
- Pattern matching must cover both Unix and Windows-style destructive commands
- Never use
evalorsourcewith untrusted input in hooks - Test hooks against the full deny list before committing
- Log all blocked operations to stderr for audit trail
- Exit codes: 0 = allow, 2 = block (for PreToolUse hooks)
Deny List Patterns
The following patterns must always be caught by PreToolUse validation:
- Pipe-to-shell:
curl|bash,wget|sh,curl|python - Force operations:
--force,--no-verify,-fon destructive commands - Permission bombs:
chmod 777,chmod -R 777 - Drive destruction:
rm -rf /,format,diskpart,dd if= - Credential exposure: writing to
.env, echoing tokens/keys - Registry destruction:
reg delete,Remove-ItemPropertyon system keys - Boot config modification:
bcdedit,grub-installwithout confirmation
Agent Definitions (agents/)
- Every agent must declare: role, model tier, archetype, shadow, capabilities, constraints
- Shadow integration must be documented — suppression is a governance violation
- Permission boundaries must be explicit (read/write/system/network/destructive)
- Model tier must match the agent registry in a2a/agent-cards.json
- No agent may self-escalate permissions without CADevO authorization
Constitutional Governance (a2a/)
- The constitution.md is the supreme governance document
- Non-negotiables cannot be modified without Sovereign (Ty) approval
- Alignment assessments must use the Busytown/Rapture axis
- Agent cards must stay in sync with agent personality files
- All governance changes require a PR with security review
Settings.json
- Permission deny lists are append-only — never remove protections
- MCP server additions require security vetting documentation
- Hook configurations must specify timeout and error behavior
- API tokens must reference environment variables, never inline values
- Schema validation must pass before any settings change is merged
Credential Protection
- Never hardcode tokens, keys, passwords, or connection strings
- Use environment variable references:
${GITHUB_TOKEN}format - API keys in MCP configs must use env var substitution
- If a credential is accidentally committed, rotate immediately and notify
- The .gitignore must cover: .env, .env.*, *.token, *.key, *.pem, config.json
Review Requirements
- All changes to files in this scope require manual review — no auto-merge
- Security hook changes need testing against the full pattern deny list
- Agent permission changes need constitutional alignment check
- Settings.json changes need validation against the JSON schema