Skip to content

test: backward compatibility checks for v0.3.1 security fixes #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marcus merged 3 commits into from
Feb 11, 2026
Merged

test: backward compatibility checks for v0.3.1 security fixes #3

marcus merged 3 commits into from
Feb 11, 2026

Conversation

@marcus
Copy link
Owner

@marcus marcus commented Feb 10, 2026

Summary

Comprehensive backward compatibility testing and migration documentation for v0.3.1 security fixes.

What's Tested

  • Config backward compatibility: Old v0.3.0 configs load correctly with new security defaults (dangerous flags now default to false)
  • Database compatibility: Existing databases work with new 0700 directory permissions; migrations are idempotent
  • Shell path escaping: Paths with special characters properly escaped without breaking existing valid paths
  • CLI stability: Interface unchanged for scripts and automation

Key Changes

  1. 3 new test files covering config, database, and shell path escaping backward compatibility
  2. Migration guide documenting breaking changes and how to handle them
  3. CHANGELOG updates with backward compat notes and security improvement details

Test Results

✓ All 8 config backward compatibility tests pass
✓ All 8 database backward compatibility tests pass
✓ All 11 shell path/setup backward compatibility tests pass
✓ All existing tests continue to pass

Breaking Changes (For Users)

Users upgrading from v0.3.0 should note:

  • `dangerously_skip_permissions` and `dangerously_bypass_approvals_and_sandbox` now default to `false` (more secure)
  • If running unattended (daemon/cron/CI), must explicitly set these to `true` or use `--yes` flag
  • Database directory now uses stricter 0700 permissions (existing DBs unaffected)

See `docs/MIGRATION-v0.3.0-to-v0.3.1.md` for full migration details.

🤖 Generated with Claude Code

marcus and others added 3 commits February 10, 2026 04:16
@marcus @claude
fix: resolve linter errors (errcheck and staticcheck)
2f811f6 
- Fix 8 errcheck violations in run.go:
  - displayPreflight: assign fmt.Fprintf/Fprintln errors to _ (lines 475-530)
  - ensurePATH: assign os.Setenv error to _ (line 918)
- Fix 4 errcheck violations in run_test.go:
  - TestConfirmRun_TTYAcceptsY: assign w.Close error to _ (line 864)
  - TestConfirmRun_TTYAcceptsYes: assign w.Close error to _ (line 886)
  - TestConfirmRun_TTYDefaultRejectsEmpty: assign w.Close error to _ (line 930)
  - captureStdout: assign w.Close error to _ (line 956)
- Fix 1 staticcheck QF1008 violation in stats.go:
  - MarshalJSON: use d.Seconds() directly instead of d.Duration.Seconds() (line 31)

Co-Authored-By: Claude Haiku 4.5 <[email protected]>
@marcus @claude
fix: address security anti-patterns in configuration and file operations
2cf042b 
## Security Fixes

1. Fix dangerous default configurations
   - Change DangerouslySkipPermissions default from true → false
   - Change DangerouslyBypassApprovalsAndSandbox default from true → false
   - Users now must explicitly opt-in to skip security prompts rather than opt-out

2. Fix database directory permissions
   - Change DB directory mode from 0755 to 0700
   - Restricts access to owner only (was: world-readable)
   - Database contains sensitive execution history and token data

3. Add shell path escaping in PATH configuration
   - New escapeShellPath() function prevents shell injection
   - Properly quotes and escapes special characters ($, \`, ", \)
   - Prevents shell startup failures with unusual path names

## Security Audit Summary

Identified 10 security anti-patterns in codebase:
- 2 HIGH severity: dangerous defaults, missing path validation
- 6 MEDIUM severity: file permissions, path traversal, error handling
- 1 LOW severity: hardcoded artifact names

See SECURITY_AUDIT.md for full analysis and recommendations for remaining items.

## Testing

- ✅ Code compiles without errors
- ✅ Configuration defaults now false (safer)
- ✅ DB directory uses 0700 permissions
- ✅ Shell paths properly escaped

Co-Authored-By: Claude Haiku 4.5 <[email protected]>
@marcus @claude
test: add comprehensive backward compatibility checks for v0.3.1
eb4f95c 
Add tests and documentation for backward compatibility of v0.3.1 security
fixes:

1. Config backward compatibility:
   - Old v0.3.0 configs load correctly with new security defaults
   - Dangerous flags now default to false (opt-in required)
   - Explicit flag values are preserved
   - Environment overrides still work
   - Validation rules unchanged
   - Config merging preserved

2. Database backward compatibility:
   - New database directories use 0700 permissions (stricter)
   - Old databases with 0755 permissions still work
   - Migrations are idempotent (safe to re-run)
   - Schema additions (provider column, reset times) backward compatible
   - Path expansion still works

3. Shell path escaping backward compatibility:
   - Paths without special chars continue to work
   - Proper escaping prevents shell injection
   - Path detection algorithms unchanged
   - Symlink resolution preserved

4. Documentation:
   - Migration guide explaining breaking changes
   - CHANGELOG updated with backward compat notes
   - Clear guidance for unattended execution

All tests pass. CLI interface stable for scripts/automation.

Co-Authored-By: Claude Haiku 4.5 <[email protected]>
@marcus marcus merged commit eb4f95c into main Feb 11, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcus