UniqueSoft/APAW
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

[Phase 1] Security & Permissions Hardening #91

New Issue
Closed
opened 2026-05-07 07:30:23 +00:00 by NW · 1 comment
NW commented 2026-05-07 07:30:23 +00:00
Owner
Copy Link

Phase 1: Security & Permissions Hardening

Milestone: #66

Tasks

  • Block task tool in subagent sessions (cascade prevention)
  • Update orchestrator permissions: task deny-by-default for all subagents
  • Bash auto-approve -> ask by default
  • Restrict bash allowlist to safe commands (git, cat, ls, grep)
  • Add permission prompt for editing .kilo/* and kilo.jsonc
  • Normalize paths to prevent directory traversal
  • Propagate MCP restrictions across subagent chains

Files to Modify

  • .kilo/rules/orchestrator-self-evolution.md
  • .kilo/rules/global.md
  • .kilo/rules/docker.md
  • kilo.jsonc (permission blocks)

Acceptance Criteria

  • Subagent cannot invoke task
  • Bash only allows whitelisted commands without ask
  • Config edits require explicit prompt
  • No directory traversal possible via apply_patch

Status: planned
Next Phase: Phase 2

## Phase 1: Security & Permissions Hardening **Milestone**: #66 ### Tasks - [ ] Block `task` tool in subagent sessions (cascade prevention) - [ ] Update orchestrator permissions: `task` deny-by-default for all subagents - [ ] Bash auto-approve -> `ask` by default - [ ] Restrict bash allowlist to safe commands (git, cat, ls, grep) - [ ] Add permission prompt for editing `.kilo/*` and `kilo.jsonc` - [ ] Normalize paths to prevent directory traversal - [ ] Propagate MCP restrictions across subagent chains ### Files to Modify - `.kilo/rules/orchestrator-self-evolution.md` - `.kilo/rules/global.md` - `.kilo/rules/docker.md` - `kilo.jsonc` (permission blocks) ### Acceptance Criteria - [ ] Subagent cannot invoke `task` - [ ] Bash only allows whitelisted commands without ask - [ ] Config edits require explicit prompt - [ ] No directory traversal possible via `apply_patch` --- **Status**: planned **Next Phase**: Phase 2
NW added this to the [Evolution v2026-05-07] Kilo Code Release Sync & APAW System Hardening milestone 2026-05-07 07:30:23 +00:00
NW commented 2026-05-07 08:14:27 +00:00
Author
Owner
Copy Link

Phase 1 Complete — Security & Permissions Hardening

Issue: #91

Changes Made

  • kilo.jsonc: All 25 agents now have task[*]=deny and task[subagent]=deny
  • kilo.jsonc: orchestrator and release-manager bash changed allow -> ask
  • New .kilo/rules/subagent-security.md with cascade prevention rules
  • .kilo/rules/global.md: Added Security & Permissions section (subagent cascade, bash hardening, config protection)
  • .kilo/rules/docker.md: Added Bash Allowlist and Container Cleanup sections
  • .kilo/agents/orchestrator.md: Added Security Enforcement block
  • .kilo/rules/release-manager.md: Added Security Hardening section

Files Modified

  • kilo.jsonc
  • .kilo/rules/global.md
  • .kilo/rules/docker.md
  • .kilo/agents/orchestrator.md
  • .kilo/rules/release-manager.md
  • .kilo/rules/subagent-security.md (new)

Validation: Python script confirmed 33 permission changes applied successfully.
Next: Phase 2 (#92)

## ✅ Phase 1 Complete — Security & Permissions Hardening **Issue**: #91 ### Changes Made - `kilo.jsonc`: All 25 agents now have `task[*]=deny` and `task[subagent]=deny` - `kilo.jsonc`: `orchestrator` and `release-manager` bash changed `allow` -> `ask` - New `.kilo/rules/subagent-security.md` with cascade prevention rules - `.kilo/rules/global.md`: Added Security & Permissions section (subagent cascade, bash hardening, config protection) - `.kilo/rules/docker.md`: Added Bash Allowlist and Container Cleanup sections - `.kilo/agents/orchestrator.md`: Added Security Enforcement block - `.kilo/rules/release-manager.md`: Added Security Hardening section ### Files Modified - `kilo.jsonc` - `.kilo/rules/global.md` - `.kilo/rules/docker.md` - `.kilo/agents/orchestrator.md` - `.kilo/rules/release-manager.md` - `.kilo/rules/subagent-security.md` (new) **Validation**: Python script confirmed 33 permission changes applied successfully. **Next**: Phase 2 (#92)
NW closed this issue 2026-05-08 17:55:48 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
agent::agent-architect
Owned by agent-architect
 agent::capability-analyst
Owned by capability-analyst
 agent::code-skeptic
Owned by code-skeptic
 agent::evaluator
Owned by evaluator
 agent::history-miner
Owned by history-miner
 agent::lead-developer
Owned by lead-developer
 agent::orchestrator
Owned by orchestrator
 agent::sdet-engineer
Owned by sdet-engineer
 agent::system-analyst
Owned by system-analyst
 agent::the-fixer
Owned by the-fixer
 budget::exhausted
Token budget exhausted
 budget::sufficient
Token budget sufficient
 budget::warning
Token budget low
 cascade::depth-0
No subagent calls
 cascade::depth-1
1-level subagent calls
 cascade::depth-2
2-level subagent calls
 cascade::depth-exceeded
Depth limit exceeded
 cascade::depth-n
Unlimited subagent calls
 evolution::model-change
Model change evolution
 evolution::new-agent
New agent evolution
 evolution::new-skill
New skill evolution
 evolution::new-workflow
New workflow evolution
 evolution::prompt-opt
Prompt optimization evolution
 memory::checkpoint
Checkpoint stored
 memory::fresh
Checkpoint fresh
 memory::recoverable
Checkpoint recoverable
 memory::stale
Checkpoint stale
 permission::evolve-system
Can evolve system
 permission::read-only
Read-only access
 permission::violation
Security violation
 permission::write-code
Can write code
 permission::write-config
Can write config
 phase::awaiting-review
Agent awaits review
 phase::drafting-spec
Agent is drafting specification
 phase::executing
Agent is executing task
 phase::gathering-evidence
Agent is gathering data
 phase::refining-prompt
Agent is refining prompts
 phase::verifying
Agent is verifying results
 priority::critical
Critical priority
 priority::high
High priority
 priority::low
Low priority
 priority::medium
Medium priority
 quality::blocked
Blocked by quality
 quality::fail
Quality check failed
 quality::needs-fix
Needs fixes
 quality::pass
Quality check passed
 size::l
Large (4-8 hours)
 size::m
Medium (2-4 hours)
 size::s
Small (1-2 hours)
 size::xl
Extra large (>8 hours)
 size::xs
Extra small (<1 hour)
 status::blocked
Blocked
 status::cancelled
Cancelled
 status::done
Completed
 status::in-progress
Work in progress
 status::new
New issue, not started
 status::planned
Planned for sprint
 status::review
Under review
 status::testing
In testing
 type::bug
Something is broken
 type::chore
Maintenance task
 type::documentation
Documentation
 type::enhancement
Improvement
 type::feature
New feature
 type::refactor
Code refactoring
 type::test
Testing
No Label
Milestone
No items
No Milestone [Evolution v2026-05-07] Kilo Code Release Sync & APAW System Hardening
Projects
Clear projects
No project
Assignees
Clear assignees
NW olilovedani
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: UniqueSoft/APAW#91
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?