florian/git-hardening
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23 Commits 3 Branches 5 Tags
475faf23df35ed32fb2024b2f027a3eebe7fefcc
Commit Graph

7 Commits

Author SHA1 Message Date
Flo
475faf23df fix: v0.2.1 FIDO2 macOS keygen, grouped prompts, Linux hints 
Use Homebrew ssh-keygen for FIDO2 key generation on macOS instead of
searching for libsk-libfido2.dylib (removed in modern openssh). Group
interactive apply prompts into 6 categories with explanations. Fix
Linux gitleaks install hint to show apt/dnf instead of brew.

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-31 17:39:14 +02:00
Flo
09f6369bec refactor: group apply prompts with explanations 
Replace ~25 individual y/n prompts with 6 logical groups, each showing
a table of pending changes with one-line explanations before prompting.
Also fix FIDO2 middleware detection (needs brew openssh, not just libfido2).

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-31 15:30:00 +02:00
Flo
8037cb7908 feat: v0.2.0 expanded hardening 
Add gitleaks pre-commit hook, global gitignore, plaintext credential
detection, SSH key hygiene audit, 8 new git config settings, and
safe.directory wildcard detection. Fix ssh-keygen macOS compatibility,
FIDO2 detection via ioreg, and interactive test isolation.

Implements docs/specs/2026-03-31-v0.2.0-expanded-hardening.md

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-31 14:03:29 +02:00
Flo
902d1abac0 fix: force base-10 in version_gte to prevent octal interpretation 
Use 10#$var arithmetic prefix to avoid bash interpreting leading
zeros as octal (e.g., 08 or 09 would cause "value too great for
base" errors). 2 new tests (64 total).

Closes: #9

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-30 23:45:04 +02:00
Flo
d204ae5a9a fix: version parsing and SSH config comment/quote handling 
Replace sed 's/[^0-9.]//g' with grep -oE for semver extraction —
fixes breakage on Apple Git suffix and rc versions. Add
strip_ssh_value() helper to strip inline comments and surrounding
quotes from SSH config values. Applied to IdentityFile scanning,
audit_ssh_directive, and apply_ssh_directive. 9 new tests (62 total).

Closes: #8

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-30 23:40:51 +02:00
Flo
b227ec1f73 feat: add pre-execution safety review prompt 
Asks users to confirm they've reviewed the script before it modifies
config. On decline, prints instructions for piping the script to
Claude Code or Gemini CLI for a security review. Skipped with -y
and --audit flags. 3 new tests (53 total).

Closes: #7

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-30 23:20:54 +02:00
Flo
5e8a34ef68 test: add BATS test suite with 50 tests 
Covers arg parsing, version comparison, audit phase (git config,
signing, SSH), apply phase (settings, SSH directives, url rewrite),
signing key detection (standard/custom/tilde/sk-preference),
allowed signers, -y mode, backup, and end-to-end idempotency.
All tests run in isolated HOME to avoid touching real config.

Closes: #6

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-30 23:10:57 +02:00