csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbook/antigravity-awesome-skills/skills/user-thoughts/references/safety.md

2.5 KiB
Raw Blame History

Safety and Data Integrity

This document defines path safety, input validation, and data-integrity rules for user-thoughts.

Path Safety

All runtime file operations must stay inside #ustht/ unless an import command reads project-local markdown files.

Dimension names are used to construct paths, so validate them strictly:

Rule Reason
Each path segment uses [a-z0-9-] only Prevents shell and path surprises.
Each segment starts and ends with [a-z0-9] Avoids hidden or malformed files.
/ is allowed only as a dimension subdirectory separator Supports ui/outline.
.., backslashes, spaces, and absolute paths are forbidden Prevents path traversal.
Reserved names are forbidden Avoids collisions with runtime folders.

Reserved names: backlog, readme-ai, export, raw, ignored, define, general.

Content Safety

Raw entries use this format:

- [HH:MM] original user text | suggested-dim:dimension

The suffix is agent-generated metadata. User text may contain markdown and should be preserved as written. Parse the last | suggested-dim: separator only.

<!-- processed --> is meaningful only as the first line of a raw file. If the user mentions that string inside a thought, treat it as normal content.

define.ini Safety

Allowed keys and values:

Key Allowed value
SKILL_STATUS on or off
INSTANT_STATUS on or off
LAST_SORTIN empty or yyyy-mm-dd HH:MM

Values must not contain newlines or =. Write the whole file rather than appending partial fragments.

Shell Safety

  • Do not execute user-provided shell commands.
  • Do not use eval or dynamic execution.
  • Construct file paths only from validated dimensions or fixed template paths.
  • During initialization, copy known template files safely instead of recursively shell-copying arbitrary directories.

Data Integrity

sortin is not fully atomic. To reduce partial-write risk:

  1. Parse raw entries first.
  2. Write dimension files.
  3. Mark raw files as processed only after writes succeed.
  4. Update LAST_SORTIN last.

Processed raw files are retained for traceability. Dimension files should be appended or marked deprecated; do not silently delete user history.

Sensitive Data

The skill preserves original wording and does not redact secrets or personal data. Users should use ignore commands before sensitive content is captured, and teams should protect .ustht/ with normal repository and filesystem hygiene.