Security
- Security Hardening V2 (8 phases): Comprehensive security audit and hardening across the entire codebase:
- Phase 1: Shell substitution blocking —
eval,exec,source, backtick-at-command-position detection - Phase 2: Role system hardening — parameterized
roles_dir_project_from(), stricter role validation - Phase 3: Shell file access controls — lock-timeout secret redaction
- Phase 4: PathJail bypass removal — eliminated
#[cfg(feature = "no-jail")]escape hatches in tests - Phase 5: Secret detection unification — consolidated redaction pipeline
- Phase 6: Dangerous flag detection —
--checkpoint-action,GIT_SSH=,PATH=override warnings - Phase 7: HTTP + audit hardening — request validation, audit trail improvements
- Phase 8: Unicode normalization (U+2028/U+2029 → newline), CLI warn-first validation, empty-allowlist gap fix
- Phase 1: Shell substitution blocking —
Fixed
- Critical: preToolUse hook DENY loop (#306): Cursor and other AI agents entered infinite retry loops when lean-ctx hooks returned DENY responses. Eliminated all DENY paths — hooks now always return valid ALLOW JSON, even for disabled mode, invalid payloads, or non-shell tools. Removed
build_dual_deny_output()entirely. - Graph index disappears after upgrade (user report): CLI
index build-fulland Dashboard used different project root hashes (CLI used raw cwd, Dashboard promoted to git root). Unifieddetect_project_root()to always promote to git root, matching Dashboard behavior. Users in subdirectories now see the same index. index build-fullincomplete rebuild: Previously only cleared JSON graph index + BM25. Now also clearscall_graph.json.zst,graph.db, andgraph.meta.json, then rebuilds the SQLite property graph. Timeout increased from 2min to 5min.- Knowledge overflow from
finding-autoduplicates: Auto-consolidated findings without a file reference all received the keyfinding-auto, creating hundreds of duplicate facts. The cognition loop's contradiction resolver couldn't keep up, causingcontradictevent spam in the dashboard. Keys are now generated from the finding summary (unique per finding). cargo build --releasetruncated by lean-ctx: Heavy build commands hit the 8MB/120s output limit. Added adaptive exec limits: build tools (cargo build,npm install,docker build, etc.) now get 32MB/10min instead of 8MB/2min.- Disabled hook test expected empty output (#306 follow-up): Updated
hook_rewrite_disabled_produces_no_outputtest to expect ALLOW JSON output instead of empty stdout.
Added
ctx_tree/lean-ctx lsgitignore toggle: Newrespect_gitignoreparameter (MCP) /--no-gitignoreflag (CLI) to show files regardless of.gitignorerules. Default: gitignore respected (backward compatible). Fixes user report where all-gitignored folders appeared empty.LEAN_CTX_SHELL_ALLOWLIST_OVERRIDEenv var: Completely replaces the config-based allowlist for deterministic testing. UnlikeLEAN_CTX_SHELL_ALLOWLIST(which merges), this overrides everything.- 37 heavy-command prefixes for adaptive exec limits:
cargo build/test/clippy,npm install/ci,docker build,go build/test,mvn,gradle,dotnet,swift,flutter,pip install,bundle install,mix compile, and more.
Upgrade
lean-ctx update # recommended (auto-downloads + refreshes shell hooks)
cargo install lean-ctx # or
npm update -g lean-ctx-bin # or
brew upgrade lean-ctxNote: After upgrading via cargo/npm/brew, run
lean-ctx setupto refresh shell aliases.lean-ctx updatedoes this automatically.
Full Changelog: v3.6.22...v3.6.22