hook: basename-aware protected-binary deny #55
Labels
No labels
burndown-2026-06
sunday-sprint
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/cli-guard#55
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Context
A deny rule keyed on a command name does not gate the capability, only the name. The 2026-05-08 deny-uv finding documented the failure shape:
Bash(uv:*)was bypassed by invoking the venv binary by absolute path. The same hole exists for any protected host tool — aRoutekeyed on the bare leading tokengclouddoes not catch/opt/homebrew/bin/gcloud.This is the hook-engine half of the ward security-doctor work (coilyco-flight-deck/ward#4). Depends on the
repocfgsecurity:schema.Change
Add
hook.Protectedand a basename-aware deny to thePreToolUseengine. A configured protected binary is denied on:gcloud projects list)/opt/homebrew/bin/gcloud auth list)env/sudostrip (already peeled upstream)Matching keys on basename, so a path spelling cannot slip past a deny keyed on the bare name.
protectedis a trailing variadic parameter onPreToolUse, so existing callers are unaffected. Exports aBasenamehelper;interpreterNamereuses it.Acceptance
PreToolUse(..., protected...)blocks bare, absolute-path, env/sudo-prefixed, and piped invocations of a protected binary.gcloudfoo) are not matched.