feat: code quality audit + autoresearch integration + infra hardening (#150)

2026-03-08 12:50:44 -04:00
parent fd0ede0d51
commit ae3bb1cc21
186 changed files with 5129 additions and 3289 deletions
--- a/src/infrastructure/hands/shell.py
+++ b/src/infrastructure/hands/shell.py
@@ -26,15 +26,17 @@ from config import settings
 logger = logging.getLogger(__name__)

 # Commands that are always blocked regardless of allow-list
-_BLOCKED_COMMANDS = frozenset({
-    "rm -rf /",
-    "rm -rf /*",
-    "mkfs",
-    "dd if=/dev/zero",
-    ":(){ :|:& };:",  # fork bomb
-    "> /dev/sda",
-    "chmod -R 777 /",
-})
+_BLOCKED_COMMANDS = frozenset(
+    {
+        "rm -rf /",
+        "rm -rf /*",
+        "mkfs",
+        "dd if=/dev/zero",
+        ":(){ :|:& };:",  # fork bomb
+        "> /dev/sda",
+        "chmod -R 777 /",
+    }
+)

 # Default allow-list: safe build/dev commands
 DEFAULT_ALLOWED_PREFIXES = (
@@ -199,9 +201,7 @@ class ShellHand:
                proc.kill()
                await proc.wait()
                latency = (time.time() - start) * 1000
-                logger.warning(
-                    "Shell command timed out after %ds: %s", effective_timeout, command
-                )
+                logger.warning("Shell command timed out after %ds: %s", effective_timeout, command)
                return ShellResult(
                    command=command,
                    success=False,