robert/Claude-Elevated
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 0 tags 52 KiB
  • Go 92.9%
  • Shell 7.1%
Find a file
Exact
Robert Hurst 8a951e785d Tighten approval prompt, expand sensitive set, fix install build path 
- daemon: include working_dir and stdin (truncated) in elicitation
  prompt and %q-quote args so payloads hidden behind interpreters
  (bash -s, python -, tee, etc.) are visible to the approver
- daemon: log AUDIT line when validation rejects a request
- policy: add shells, interpreters, exec wrappers (sh/bash/python/
  perl/node/awk/xargs/env/su/sudo/doas/chroot/unshare/nsenter/
  systemd-run/busybox/find/tee/sponge/...) to sensitiveCommands so
  the heuristic isn't trivially bypassed via wrapper invocations
- daemon: drop unused ApprovalDecision.Note (never populated;
  schema didn't expose it)
- sudoers: pin secure_path explicitly instead of relying on sudo's
  compile-time default
- install.sh: build binaries via 'sudo -u $CLIENT_USER go build'
  when bin/ is missing, instead of failing with a stale hint
2026-05-09 15:25:13 -07:00
cmd Tighten approval prompt, expand sensitive set, fix install build path 2026-05-09 15:25:13 -07:00
internal/elevated Tighten approval prompt, expand sensitive set, fix install build path 2026-05-09 15:25:13 -07:00
sudoers Tighten approval prompt, expand sensitive set, fix install build path 2026-05-09 15:25:13 -07:00
systemd Initial commit: claude-elevated MCP server 2026-04-20 15:40:27 -07:00
.gitignore Initial commit: claude-elevated MCP server 2026-04-20 15:40:27 -07:00
go.mod Initial commit: claude-elevated MCP server 2026-04-20 15:40:27 -07:00
go.sum Initial commit: claude-elevated MCP server 2026-04-20 15:40:27 -07:00
install.sh Tighten approval prompt, expand sensitive set, fix install build path 2026-05-09 15:25:13 -07:00