chmod has no legitimate use case in Fileshed context:
- File permissions are managed by Fileshed's own system (zones, groups, modes)
- Unix permissions are never exposed to users via the API
- Allowing chmod creates a security risk (executable scripts)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update version in Fileshed.py
- Update README badges (version + tests count 1195)
- Update Exec_tests.md version
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- C3: FS/DB atomicity with rollback on shed_rename, orphan cleanup in shed_maintenance
- C4: SQLite WAL mode for better concurrent read/write performance
- C5: Git lock (fcntl.flock) for group operations to prevent index corruption
- C6: SQLite retry with exponential backoff (3 retries, 0.1/0.2/0.4s delays)
Also: Change xxd to od in README features (xxd not in container)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Keep only the two major model audits:
- ChatGPT 5.2 Instant (4.5/5)
- Claude Opus 4.5 Thinking (4/5)
Updated README and release notes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- shed_create_file: Add pedagogical hint explaining it's a wrapper
- SQL security: Convert query to uppercase before pattern matching (fixes case bypass)
- Tests: Add 5 SQL security tests (1087-1091) for case-insensitive validation
- Docs: Fix function count (37→38), add shed_create_file to SPEC.md
- README: Update test badge (1086→1091)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New function: shed_create_file(zone, path, content, file_type='text')
- Simplest way to create/overwrite a file
- Supports both text and bytes (file_type parameter)
- For bytes: content_format='hex', 'base64', or 'raw'
- Delegates to shed_patch_text/bytes with overwrite=True
Also added overwrite parameter to shed_patch_bytes for consistency
with shed_patch_text.
Function count: 37 → 38
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Validates parameter types before use to prevent TypeError/AttributeError
when LLMs pass wrong types (e.g., "" instead of None, 0 instead of ""):
- max_output, timeout: validate int type
- line, end_line: validate int type in shed_patch_text
- offset, length: validate int type in shed_patch_bytes and shed_hexdump
- regex_flags: validate string type
- to (shed_convert_eol): validate string type
Each error message includes:
- Parameter name
- Received value with type
- Expected format
- Concrete example in hint
Also adds LLM Guardrails section to SPEC.md explaining the rationale:
minimize round-trips by making errors self-correcting.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add test (1060 passed) and audit (★★★★☆) badges
- Add "Testing & Audits" section with audit summary table
- Link to full audit reports and test execution report
- Update .gitignore to prevent test data in root
- Add new audit reports (Alibaba Qwen3, OpenAI GPT-OSS)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Column order: # | Status | Description | Command | Expected
Status (✅) is now visible immediately after test number.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Comprehensive test coverage report in table format showing:
- Test number and description
- Command executed
- Expected result (success/error code)
- Pass/fail status
All 1060 functional tests passing on v1.0.3.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- OpenAI ChatGPT 5.2 Instant: 4.6/5 rating
- Anthropic Claude Opus 4.5 Thinking: 3.5/5 rating
Both audits validate the security architecture with minor recommendations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security fixes:
- Add explicit symlink detection in _resolve_chroot_path
- Fix TOCTOU race conditions in _patch_text_impl and _patch_bytes_impl
- Sanitize SQLite error messages to prevent information leakage
- Add finally:conn.close() to prevent SQLite connection leaks
- Add readonly check for output_csv in shed_sqlite
Code quality:
- Replace bare except with specific exceptions (OSError, UnicodeDecodeError, etc.)
- Translate French comments to English in shed_import
- Refactor shed_sqlite to use centralized _resolve_zone()
API improvements:
- Change safe=False to safe=True by default in patch_text/patch_bytes
- Change message='' to message=None in zone movement functions
Documentation:
- Add comprehensive error codes reference table to SPEC.md
https://claude.ai/code/session_01THb4YA4SqYG52LVwjwb5Uo