Consolidate source of truth after Phase 15 review

Author: ProfRandom92

PROJEKT.md

@@ -20,16 +20,16 @@ CompText CLI is an experimental terminal context client for building determinist
 ### Current State
 ```text
 CURRENT_PHASE: 15
-CURRENT_TASK: Cryptographic Provenance Engine
-LAST_GREEN_PHASE: 15
-STATUS: complete
+CURRENT_TASK: Cryptographic Provenance Engine Review-Gate cleanup
+LAST_GREEN_PHASE: 14
+STATUS: blocked
 ```
 
 ### Autonomy Contract
 - **Allowed Modifications**: May edit source code (`src/**`), tests (`tests/**`), docs (`docs/**`), skills (`.agent/skills/**`, `.agents/skills/**`), prompts (`prompts/**`), and configurations (`Cargo.toml`, `comptext.example.toml`).
 - **Allowed Commands**: May run local compilation, lint checks, tests, and formatting validation.
 - **Error Remediation**: May automatically modify code to fix local build, format, test, or clippy failures.
-- **Phase Transition**: May commit and push changes after all validation passes for a green phase, and automatically proceed to the next phase queue item.
+- **Phase Transition**: May commit and push changes after all validation passes for a green phase, and await Review-Gate feedback before transitioning to any new phase.
 
 ### Forbidden Rules
 - **No Private Keys / Secrets**: Forbidden to read or parse `.env`, `.env.*`, `.netrc`, `.git-credentials`, private keys (`*.key`, `*.pem`), or credentials.
@@ -89,7 +89,7 @@ git push
 | **Phase 12** | Antigravity CLI Governance & Token Economy | Antigravity governance docs, token economy rules, skill/hook/permission target architecture | **COMPLETE** |
 | **Phase 13** | Skill Bundle Registry | Local skill bundle registry and starter skill templates | **COMPLETE** |
 | **Phase 14** | Hook/Permission Integration | Hook boundaries, dynamic run approvals | **COMPLETE** |
-| **Phase 15** | Cryptographic Provenance Engine | Signed evidence trail generation and cryptographic integrity seals | **COMPLETE** |
+| **Phase 15** | Cryptographic Provenance Engine | local SHA-256 provenance manifests | **BLOCKED** |
 
 ---
 

docs/PROVENANCE_MODEL.md

@@ -9,7 +9,7 @@ This document outlines the design and local verification guidelines for the Comp
 CompText utilizes local provenance manifests to track artifact changes and link them back to their origin task context.
 
 - **Schema Definition**: Provenance manifests are stored as JSON files with the `.provenance.json` extension alongside their matching artifact.
-- **Canonical Hash**: Checksums are computed entirely offline using a self-contained SHA-256 algorithm.
+- **Raw file content SHA-256**: Checksums are computed entirely offline using a self-contained SHA-256 algorithm.
 - **Parent Link**: Connects the artifact to its preceding parent artifact or task description to establish a local chain of custody.
 
 ### Schema Shape

reports/phase_15_status.md

@@ -2,14 +2,14 @@
 
 ## Status Summary
 - **Phase**: Phase 15: Cryptographic Provenance Engine
-- **Status**: success
+- **Status**: blocked
 - **Date**: 2026-06-05
 
 ---
 
 ## Metadata details
 - **PHASE**: Phase 15: Cryptographic Provenance Engine
-- **STATUS**: success
+- **STATUS**: blocked
 - **FILES_CHANGED**:
   - `PROJEKT.md`
   - `README.md`
@@ -41,7 +41,7 @@
   - Pure-Rust algorithm: Built a self-contained SHA-256 implementation to verify offline compatibility, avoiding network socket cargo fetches.
   - Review-Gate remain authoritative: Provenance manifests serve as supplementary change-detection metadata rather than formal security proofs.
 - **RISKS**: Checksums are used solely as local integrity flags and do not provide absolute certification.
-- **NEXT**: Roadmap Completed
+- **NEXT**: Review-Gate decided transitions
 
 ---
 

src/cli.rs

@@ -1429,12 +1429,64 @@ pub fn sha256_hex(data: &[u8]) -> String {
 
 fn handle_verify(file_path: &str, parent: Option<&str>) -> Result<(), String> {
     let path = std::path::Path::new(file_path);
+
+    // 1. Rejects absolute paths
+    if path.is_absolute() {
+        return Err(
+            "Security Policy Violation: Absolute paths are forbidden in verify command."
+                .to_string(),
+        );
+    }
+
+    // 2. Reject directory traversal escaping the repository boundary
+    let current_dir = std::env::current_dir()
+        .map_err(|e| format!("failed to get current working directory: {e}"))?;
+
+    let canonical_current_dir = current_dir
+        .canonicalize()
+        .map_err(|e| format!("failed to canonicalize current directory: {e}"))?;
+
     if !path.exists() {
         return Err(format!("File '{}' does not exist.", file_path));
     }
 
-    let content = std::fs::read(path)
-        .map_err(|e| format!("failed to read file '{}': {e}", path.display()))?;
+    let canonical_path = path
+        .canonicalize()
+        .map_err(|e| format!("failed to canonicalize file path '{}': {e}", file_path))?;
+
+    if !canonical_path.starts_with(&canonical_current_dir) {
+        return Err(
+            "Security Policy Violation: Target path escapes the repository boundary.".to_string(),
+        );
+    }
+
+    // 3. Reject forbidden files and directories: .env, .env.*, *.key, *.pem, .git/, .ssh/, .aws/, id_rsa, id_ed25519
+    let file_name = path.file_name().and_then(|n| n.to_str()).unwrap_or("");
+    if file_name == ".env"
+        || file_name.starts_with(".env.")
+        || file_name.ends_with(".key")
+        || file_name.ends_with(".pem")
+        || file_name == "id_rsa"
+        || file_name == "id_ed25519"
+    {
+        return Err(
+            "Security Policy Violation: Accessing secrets or configuration files is forbidden."
+                .to_string(),
+        );
+    }
+
+    for component in canonical_path.components() {
+        if let std::path::Component::Normal(os_str) = component {
+            if let Some(s) = os_str.to_str() {
+                if s == ".git" || s == ".ssh" || s == ".aws" {
+                    return Err("Security Policy Violation: Accessing sensitive directories (.git, .ssh, .aws) is forbidden.".to_string());
+                }
+            }
+        }
+    }
+
+    let content = std::fs::read(&canonical_path)
+        .map_err(|e| format!("failed to read file '{}': {e}", canonical_path.display()))?;
 
     let computed_hash = sha256_hex(&content);
 
@@ -2029,36 +2081,88 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn test_sha256_standard_vectors() {
+        use super::sha256_hex;
+        assert_eq!(
+            sha256_hex(b""),
+            "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+        );
+        assert_eq!(
+            sha256_hex(b"abc"),
+            "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+        );
+        assert_eq!(
+            sha256_hex(b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"),
+            "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"
+        );
+    }
+
     #[test]
     fn test_provenance_verification() {
         use super::handle_verify;
-        let temp_dir = std::env::temp_dir();
-        let test_file_path = temp_dir.join("test_provenance_artifact.txt");
-        let manifest_path = temp_dir.join("test_provenance_artifact.txt.provenance.json");
+
+        let test_file_path = "test_provenance_artifact_temp.txt";
+        let manifest_path = "test_provenance_artifact_temp.txt.provenance.json";
 
         // Clean up any leftovers
-        let _ = std::fs::remove_file(&test_file_path);
-        let _ = std::fs::remove_file(&manifest_path);
+        let _ = std::fs::remove_file(test_file_path);
+        let _ = std::fs::remove_file(manifest_path);
 
         // 1. Write file
-        std::fs::write(&test_file_path, "provenance test contents").unwrap();
+        std::fs::write(test_file_path, "provenance test contents").unwrap();
 
         // 2. Generate manifest
-        let gen_res = handle_verify(&test_file_path.to_string_lossy(), Some("parent_task_123"));
+        let gen_res = handle_verify(test_file_path, Some("parent_task_123"));
         assert!(gen_res.is_ok());
-        assert!(manifest_path.exists());
+        assert!(std::path::Path::new(manifest_path).exists());
 
         // 3. Verify manifest
-        let verify_res = handle_verify(&test_file_path.to_string_lossy(), None);
+        let verify_res = handle_verify(test_file_path, None);
         assert!(verify_res.is_ok());
 
         // 4. Modify file and verify failure
-        std::fs::write(&test_file_path, "provenance test contents MUTATED").unwrap();
-        let verify_fail_res = handle_verify(&test_file_path.to_string_lossy(), None);
+        std::fs::write(test_file_path, "provenance test contents MUTATED").unwrap();
+        let verify_fail_res = handle_verify(test_file_path, None);
         assert!(verify_fail_res.is_err());
 
+        // 5. Test path safety constraints
+        // Rejects absolute path
+        let test_abs_path = if cfg!(windows) {
+            "C:\\some\\abs\\path"
+        } else {
+            "/some/abs/path"
+        };
+        let abs_res = handle_verify(test_abs_path, None);
+        assert!(abs_res.is_err());
+        assert!(abs_res
+            .unwrap_err()
+            .contains("Absolute paths are forbidden"));
+
+        // Rejects secret files (.env)
+        // Note: we don't write it, we just check validation rejection logic
+        // But since verify check requires file to exist, let's check .env.example or create .env.temp.key
+        std::fs::write("test_prov.key", "dummy").unwrap();
+        let key_res = handle_verify("test_prov.key", None);
+        assert!(key_res.is_err());
+        assert!(key_res
+            .unwrap_err()
+            .contains("Accessing secrets or configuration files is forbidden"));
+        let _ = std::fs::remove_file("test_prov.key");
+
+        // Rejects sensitive directory (.git/config)
+        let git_res = handle_verify(".git/config", None);
+        assert!(git_res.is_err());
+        assert!(git_res
+            .unwrap_err()
+            .contains("Accessing sensitive directories"));
+
+        // Rejects directory traversal
+        let traverse_res = handle_verify("../outside.txt", None);
+        assert!(traverse_res.is_err());
+
         // Clean up
-        let _ = std::fs::remove_file(&test_file_path);
-        let _ = std::fs::remove_file(&manifest_path);
+        let _ = std::fs::remove_file(test_file_path);
+        let _ = std::fs::remove_file(manifest_path);
     }
 }