Interject/nightshift
1
0
Fork 0
mirror of https://github.com/khodges42/nightShift.git synced 2026-06-14 10:08:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c1baf9b7d8
nightshift/docs/devlog/phase3.md
K. Hodges c1baf9b7d8 Implement NightShift MVP phases 1-6 
Includes starter project generation, validation for configs/tasks/commands, artifact snapshot writing, structured stage results, command output capture, devlogs for phases 1-6, and unit coverage for the implemented MVP layers.
2026-05-17 00:17:13 -07:00

1.4 KiB
Raw Blame History

Phase 3 Devlog: Safety Layer

Implemented

  • Added nightshift/safety.py.
  • Implemented project root resolution.
  • Implemented path resolution that rejects traversal outside the configured project root.
  • Implemented scoped path validation.
  • Implemented safe artifact path construction that rejects escapes from the artifact directory.
  • Implemented command allowlist checks.
  • Implemented forbidden command fragment checks.
  • Wired command and path safety checks into validate_config().
  • Added tests for path traversal, artifact escapes, allowlist behavior, and forbidden command fragments.

Decisions Made

  • Command matching uses normalized whitespace and exact allowlist entries. This keeps v1 predictable while still handling harmless spacing differences.
  • Forbidden fragments are checked before allowlist acceptance, so a dangerous command cannot be made valid by adding it to allowed_commands.
  • Scoped paths are validated for containment inside the project root, but they are not required to exist yet. This preserves the Phase 2 decision that configs can be scaffolded before all source directories exist.
  • The safety layer raises SafetyError; config validation wraps those failures as config errors when they come from nightshift validate.

Notes

  • This phase does not execute commands. It only validates whether a command would be permitted. Process execution belongs to Phase 6.