code-context-control 2.33.0__tar.gz → 2.34.0__tar.gz

{code_context_control-2.33.0 → code_context_control-2.34.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: code-context-control
-Version: 2.33.0
+Version: 2.34.0
 Summary: Local code-intelligence layer for AI coding tools (Claude Code, Codex, Gemini, Copilot). Retrieve less, read less, edit safer.
 Author-email: Dimitri Tselenchuk <dtselenc@gmail.com>
 License-Expression: Apache-2.0
@@ -363,7 +363,7 @@ Real-world A/B tests: same task, with and without C3 mounted. Reports include to
 
 ## Security & privacy
 
-- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them.
+- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them. _(Cross-origin/CSRF + DNS-rebinding hardening added in v2.33.0.)_
 - **No telemetry by default.** The OSS package collects nothing. Opt-in Sentry crash reporting requires the `[telemetry]` extra plus both `SENTRY_DSN` and `C3_TELEMETRY_OPT_IN=1`. Even when enabled, request bodies, local variables, and prompts are stripped before sending.
 - **API keys** for third-party model providers are read from environment variables and never persisted by C3.
 - See [`SECURITY.md`](SECURITY.md) for the full hardening guide and disclosure policy.

{code_context_control-2.33.0 → code_context_control-2.34.0}/README.md

@@ -301,7 +301,7 @@ Real-world A/B tests: same task, with and without C3 mounted. Reports include to
 
 ## Security & privacy
 
-- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them.
+- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them. _(Cross-origin/CSRF + DNS-rebinding hardening added in v2.33.0.)_
 - **No telemetry by default.** The OSS package collects nothing. Opt-in Sentry crash reporting requires the `[telemetry]` extra plus both `SENTRY_DSN` and `C3_TELEMETRY_OPT_IN=1`. Even when enabled, request bodies, local variables, and prompts are stripped before sending.
 - **API keys** for third-party model providers are read from environment variables and never persisted by C3.
 - See [`SECURITY.md`](SECURITY.md) for the full hardening guide and disclosure policy.

{code_context_control-2.33.0 → code_context_control-2.34.0}/cli/c3.py

@@ -85,7 +85,7 @@ console = Console() if HAS_RICH else None
 # Config
 CONFIG_DIR = ".c3"
 CONFIG_FILE = ".c3/config.json"
-__version__ = "2.33.0"
+__version__ = "2.34.0"
 
 
 def _command_deps() -> CommandDeps:

{code_context_control-2.33.0 → code_context_control-2.34.0}/cli/hub_server.py

@@ -180,46 +180,12 @@ def _project_mcp_config_path(project_root: Path, profile) -> Path:
     return (Path.home() / profile.config_path) if profile.config_path_global else (project_root / profile.config_path)
 
 
-def _parse_toml_mcp_servers(content: str) -> dict:
-    servers = {}
-    current_server = None
-
-    for raw in content.splitlines():
-        line = raw.split("#", 1)[0].strip()
-        if not line:
-            continue
-
-        if line.startswith("[") and line.endswith("]"):
-            section = line[1:-1].strip()
-            if section.startswith("mcp_servers."):
-                current_server = section.split(".", 1)[1]
-                servers.setdefault(current_server, {})
-            else:
-                current_server = None
-            continue
-
-        if not current_server or "=" not in line:
-            continue
-
-        key, value = line.split("=", 1)
-        key = key.strip().strip('"')
-        value = value.strip()
-
-        if key == "args":
-            servers[current_server]["args"] = re.findall(r"[\"']([^\"']*)[\"']", value)
-        elif key in ("command", "type"):
-            match = re.match(r"^[\"'](.*)[\"']$", value)
-            servers[current_server][key] = match.group(1) if match else value
-        elif key == "enabled":
-            low = value.lower()
-            if low.startswith("true"):
-                servers[current_server]["enabled"] = True
-            elif low.startswith("false"):
-                servers[current_server]["enabled"] = False
-        else:
-            servers[current_server][key] = value
-
-    return servers
+from core.mcp_toml import (
+    parse_toml_mcp_servers as _parse_toml_mcp_servers,
+)
+from core.mcp_toml import (
+    upsert_toml_section as _upsert_toml_section,
+)
 
 
 def _read_project_mcp_servers_for_profile(profile, mcp_file: Path) -> tuple[dict, dict]:
@@ -238,73 +204,6 @@ def _read_project_mcp_servers_for_profile(profile, mcp_file: Path) -> tuple[dict
     return servers, raw_config
 
 
-def _toml_escape_str(value: str) -> str:
-    return value.replace("\\", "/")
-
-
-def _upsert_toml_section(toml_path: Path, section: str, entries: dict) -> None:
-    content = toml_path.read_text(encoding="utf-8") if toml_path.exists() else ""
-    header = f"[{section}]"
-
-    lines = content.splitlines()
-    new_lines = []
-    skip = False
-    for line in lines:
-        stripped = line.strip()
-        if stripped == header:
-            skip = True
-            continue
-        if skip and stripped.startswith("["):
-            skip = False
-        if not skip:
-            new_lines.append(line)
-
-    content = "\n".join(new_lines).rstrip()
-    section_lines = [f"\n\n{header}"]
-    for key, value in entries.items():
-        if isinstance(value, list):
-            items = ", ".join(f'"{_toml_escape_str(str(item))}"' for item in value)
-            section_lines.append(f'{key} = [{items}]')
-        elif isinstance(value, bool):
-            section_lines.append(f'{key} = {"true" if value else "false"}')
-        else:
-            section_lines.append(f'{key} = "{_toml_escape_str(str(value))}"')
-    section_lines.append("")
-
-    toml_path.parent.mkdir(parents=True, exist_ok=True)
-    toml_path.write_text(content + "\n".join(section_lines), encoding="utf-8")
-
-
-def _remove_toml_section(toml_path: Path, section: str) -> bool:
-    if not toml_path.exists():
-        return False
-    content = toml_path.read_text(encoding="utf-8")
-    header = f"[{section}]"
-
-    lines = content.splitlines()
-    new_lines = []
-    skip = False
-    removed = False
-    for line in lines:
-        stripped = line.strip()
-        if stripped == header:
-            skip = True
-            removed = True
-            continue
-        if skip and stripped.startswith("["):
-            skip = False
-        if not skip:
-            new_lines.append(line)
-
-    if removed:
-        remaining = "\n".join(new_lines).rstrip()
-        if remaining:
-            toml_path.write_text(remaining + "\n", encoding="utf-8")
-        else:
-            toml_path.unlink()
-    return removed
-
-
 def _build_mcp_cli_capabilities() -> dict:
     return {
         "commands": [

{code_context_control-2.33.0 → code_context_control-2.34.0}/cli/server.py

@@ -10,7 +10,6 @@ import csv
 import json
 import logging
 import os
-import re
 import signal
 import subprocess
 import sys
@@ -174,6 +173,9 @@ atexit.register(_cleanup_runtime)
 from core.web_security import (
     allowed_hostnames as _allowed_hostnames,
 )
+from core.web_security import (
+    guard_summary as _guard_summary,
+)
 from core.web_security import (
     install_guard as _install_web_guard,
 )
@@ -376,7 +378,8 @@ def api_health():
     except Exception:
         pass
 
-    return jsonify({"service": "c3-ui", "sources": sources, "session": session_info})
+    return jsonify({"service": "c3-ui", "sources": sources, "session": session_info,
+                    "web_guard": _guard_summary()})
 
 
 # ─── API: Session Registry ───────────────────────────────
@@ -2421,47 +2424,15 @@ def api_proxy_tools():
 
 
 # ─── API: MCP Status ─────────────────────────────────────
-def _parse_toml_mcp_servers(content: str) -> dict:
-    """Parse [mcp_servers.<name>] sections from TOML content."""
-    servers = {}
-    current_server = None
-
-    for raw in content.splitlines():
-        line = raw.split("#", 1)[0].strip()
-        if not line:
-            continue
-
-        if line.startswith("[") and line.endswith("]"):
-            section = line[1:-1].strip()
-            if section.startswith("mcp_servers."):
-                current_server = section.split(".", 1)[1]
-                servers.setdefault(current_server, {})
-            else:
-                current_server = None
-            continue
-
-        if not current_server or "=" not in line:
-            continue
-
-        key, value = line.split("=", 1)
-        key = key.strip()
-        value = value.strip()
-
-        if key == "args":
-            servers[current_server]["args"] = re.findall(r"[\"']([^\"']*)[\"']", value)
-        elif key in ("command", "type"):
-            match = re.match(r"^[\"'](.*)[\"']$", value)
-            servers[current_server][key] = match.group(1) if match else value
-        elif key == "enabled":
-            low = value.lower()
-            if low.startswith("true"):
-                servers[current_server]["enabled"] = True
-            elif low.startswith("false"):
-                servers[current_server]["enabled"] = False
-        else:
-            servers[current_server][key] = value
-
-    return servers
+from core.mcp_toml import (
+    parse_toml_mcp_servers as _parse_toml_mcp_servers,
+)
+from core.mcp_toml import (
+    remove_toml_section as _remove_toml_section,
+)
+from core.mcp_toml import (
+    upsert_toml_section as _upsert_toml_section,
+)
 
 
 def _find_server_script(servers: dict) -> bool:
@@ -2474,71 +2445,6 @@ def _find_server_script(servers: dict) -> bool:
     return False
 
 
-def _toml_escape_str(value: str) -> str:
-    return value.replace("\\", "/")
-
-
-def _upsert_toml_section(toml_path: Path, section: str, entries: dict) -> None:
-    """Add or replace a dotted TOML section in-place."""
-    content = toml_path.read_text(encoding="utf-8") if toml_path.exists() else ""
-    header = f"[{section}]"
-
-    lines = content.splitlines()
-    new_lines = []
-    skip = False
-    for line in lines:
-        stripped = line.strip()
-        if stripped == header:
-            skip = True
-            continue
-        if skip and stripped.startswith("["):
-            skip = False
-        if not skip:
-            new_lines.append(line)
-
-    content = "\n".join(new_lines).rstrip()
-    section_lines = [f"\n\n{header}"]
-    for k, v in entries.items():
-        if isinstance(v, list):
-            items = ", ".join(f'"{_toml_escape_str(str(x))}"' for x in v)
-            section_lines.append(f'{k} = [{items}]')
-        elif isinstance(v, bool):
-            section_lines.append(f'{k} = {"true" if v else "false"}')
-        else:
-            section_lines.append(f'{k} = "{_toml_escape_str(str(v))}"')
-    section_lines.append("")
-
-    toml_path.parent.mkdir(parents=True, exist_ok=True)
-    toml_path.write_text(content + "\n".join(section_lines), encoding="utf-8")
-
-
-def _remove_toml_section(toml_path: Path, section: str) -> bool:
-    """Remove a dotted TOML section. Returns True if removed."""
-    if not toml_path.exists():
-        return False
-    content = toml_path.read_text(encoding="utf-8")
-    header = f"[{section}]"
-
-    lines = content.splitlines()
-    new_lines = []
-    skip = False
-    removed = False
-    for line in lines:
-        stripped = line.strip()
-        if stripped == header:
-            skip = True
-            removed = True
-            continue
-        if skip and stripped.startswith("["):
-            skip = False
-        if not skip:
-            new_lines.append(line)
-
-    if removed:
-        toml_path.write_text("\n".join(new_lines).rstrip() + "\n", encoding="utf-8")
-    return removed
-
-
 def _resolve_mcp_profile(ide_name: str | None):
     requested = (ide_name or "").strip().lower()
     if requested and requested != "auto":

{code_context_control-2.33.0 → code_context_control-2.34.0}/cli/tools/shell.py

@@ -60,7 +60,13 @@ _FILTER_THRESHOLD_LINES = 30
 
 
 def _popen_kwargs() -> dict:
-    kw: dict = {"stdin": subprocess.DEVNULL}
+    # Force UTF-8 in child processes so Unicode output (→, box-drawing, emoji)
+    # doesn't crash on Windows' legacy cp1252 console encoding. setdefault so an
+    # intentional caller-set encoding still wins.
+    env = dict(os.environ)
+    env.setdefault("PYTHONUTF8", "1")
+    env.setdefault("PYTHONIOENCODING", "utf-8")
+    kw: dict = {"stdin": subprocess.DEVNULL, "env": env}
     if sys.platform == "win32":
         kw["creationflags"] = subprocess.CREATE_NO_WINDOW
     return kw
@@ -86,7 +92,7 @@ def _run_sync(cmd: str, cwd: str, timeout: int) -> dict:
     proc = subprocess.Popen(
         cmd, shell=True, cwd=cwd,
         stdout=subprocess.PIPE, stderr=subprocess.PIPE,
-        text=True, errors="replace",
+        text=True, encoding="utf-8", errors="replace",
         **_popen_kwargs(),
     )
     timed_out = False
@@ -133,6 +139,45 @@ def _maybe_refresh_ledger(cmd: str, result: dict, svc) -> list[str]:
         return []
 
 
+# git diagnostics whose output the caller almost always needs verbatim — never
+# auto-filter these, even past the line threshold.
+_GIT_DIAGNOSTIC = re.compile(
+    r"^\s*git\s+(status|diff|log|show|branch|stash\s+list)\b", re.IGNORECASE
+)
+
+
+def _list_root_files(root: Path) -> set[str]:
+    try:
+        return {e.name for e in root.iterdir() if e.is_file()}
+    except OSError:
+        return set()
+
+
+def _sweep_new_ghost_files(root: Path, before: set[str]) -> list[str]:
+    """Delete 0-byte 'ghost' files (shell-redirect / metacharacter artifacts —
+    e.g. a `>Lnnn` marker or `2>$null` leaking a filename) that appeared in
+    *root* during this command. Only files absent from *before* are removed, so
+    pre-existing files are never touched. Detection is reused from
+    hook_ghost_files so the rules live in one place; this makes c3_shell
+    self-clean regardless of whether the external PostToolUse ghost hook is
+    wired for this tool."""
+    try:
+        from cli.hook_ghost_files import scan_ghost_files
+    except Exception:
+        return []
+    swept: list[str] = []
+    for g in scan_ghost_files(root):
+        name = g.get("name", "")
+        if not name or name in before:
+            continue
+        try:
+            Path(g["path"]).unlink()
+            swept.append(name)
+        except OSError:
+            pass
+    return swept
+
+
 async def handle_shell(cmd: str, cwd: str, timeout: int, filter_output: bool,
                        log: bool, svc, finalize) -> str:
     if not cmd or not cmd.strip():
@@ -147,11 +192,17 @@ async def handle_shell(cmd: str, cwd: str, timeout: int, filter_output: bool,
     work_cwd = cwd or svc.project_path
     work_cwd = str(Path(work_cwd).resolve())
 
+    ghost_root = Path(work_cwd)
+    _ghosts_before = _list_root_files(ghost_root)
+
     result = await asyncio.to_thread(_run_sync, cmd, work_cwd, timeout)
 
+    swept_ghosts = _sweep_new_ghost_files(ghost_root, _ghosts_before)
+
     raw_stdout = result["stdout"]
     filtered_note = ""
-    if filter_output and raw_stdout.count("\n") > _FILTER_THRESHOLD_LINES:
+    if (filter_output and raw_stdout.count("\n") > _FILTER_THRESHOLD_LINES
+            and not _GIT_DIAGNOSTIC.search(cmd)):
         try:
             filtered = await asyncio.to_thread(
                 handle_filter,
@@ -201,6 +252,11 @@ async def handle_shell(cmd: str, cwd: str, timeout: int, filter_output: bool,
         body += f"--- stderr ---\n{result['stderr'].rstrip()}\n"
     if touched_files:
         body += f"--- ledger ---\nlogged {len(touched_files)} file(s)\n"
+    if swept_ghosts:
+        body += (
+            f"--- ghost-sweep ---\nremoved {len(swept_ghosts)} stray 0-byte "
+            f"file(s): {', '.join(swept_ghosts)}\n"
+        )
 
     summary = f"shell {status} in {result['duration_ms']}ms"
     resp_tokens = count_tokens(body) if body else 0

{code_context_control-2.33.0 → code_context_control-2.34.0}/code_context_control.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: code-context-control
-Version: 2.33.0
+Version: 2.34.0
 Summary: Local code-intelligence layer for AI coding tools (Claude Code, Codex, Gemini, Copilot). Retrieve less, read less, edit safer.
 Author-email: Dimitri Tselenchuk <dtselenc@gmail.com>
 License-Expression: Apache-2.0
@@ -363,7 +363,7 @@ Real-world A/B tests: same task, with and without C3 mounted. Reports include to
 
 ## Security & privacy
 
-- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them.
+- **All web servers (Hub, per-project UI, Oracle) bind to `127.0.0.1` by default and are guarded against browser-based attacks even on loopback** — a Host-header allowlist (defeats DNS rebinding) plus an Origin/Referer check on every request (defeats cross-origin CSRF), with scoped, non-wildcard CORS. A malicious web page you visit therefore cannot drive C3's local endpoints. There is still **no user authentication**, so do not expose these servers to an untrusted network without auth/TLS in front. Binding to a non-loopback interface in `~/.c3/hub_config.json` (`host`) or Oracle's config (`bind_host`) is opt-in and warned at startup; add externally-facing hostnames/IPs to an `allowed_hosts` list there so the guard permits them. _(Cross-origin/CSRF + DNS-rebinding hardening added in v2.33.0.)_
 - **No telemetry by default.** The OSS package collects nothing. Opt-in Sentry crash reporting requires the `[telemetry]` extra plus both `SENTRY_DSN` and `C3_TELEMETRY_OPT_IN=1`. Even when enabled, request bodies, local variables, and prompts are stripped before sending.
 - **API keys** for third-party model providers are read from environment variables and never persisted by C3.
 - See [`SECURITY.md`](SECURITY.md) for the full hardening guide and disclosure policy.

{code_context_control-2.33.0 → code_context_control-2.34.0}/code_context_control.egg-info/SOURCES.txt

@@ -69,6 +69,7 @@ code_context_control.egg-info/top_level.txt
 core/__init__.py
 core/config.py
 core/ide.py
+core/mcp_toml.py
 core/web_security.py
 oracle/__init__.py
 oracle/config.py
@@ -157,7 +158,9 @@ tests/test_enforcement_flip.py
 tests/test_federated_graph.py
 tests/test_ghost_files.py
 tests/test_hub_server_smoke.py
+tests/test_mcp_host_guard.py
 tests/test_mcp_server_smoke.py
+tests/test_mcp_toml.py
 tests/test_memory_graph_api.py
 tests/test_memory_system.py
 tests/test_notification_discipline.py
@@ -172,6 +175,7 @@ tests/test_project_tool.py
 tests/test_read_coercion.py
 tests/test_session_benchmark.py
 tests/test_session_budget.py
+tests/test_shell_robustness.py
 tests/test_swe_bench.py
 tests/test_tool_registry.py
 tests/test_validate.py

code_context_control-2.34.0/core/mcp_toml.py

@@ -0,0 +1,128 @@
+"""Shared TOML helpers for the MCP-server sections of IDE config files
+(Codex's ``config.toml``, etc.).
+
+These were duplicated — and had quietly drifted — between ``cli/server.py`` and
+``cli/hub_server.py``. Consolidating them keeps parse/write behaviour in one
+place (the same triplication pattern that once let a CORS bug live in three
+servers). The reconciled versions adopt the more robust behaviour from each
+copy: ``parse`` strips surrounding quotes from keys, and ``remove`` deletes a
+file that becomes empty instead of leaving an empty stub.
+"""
+from __future__ import annotations
+
+import re
+from pathlib import Path
+
+
+def parse_toml_mcp_servers(content: str) -> dict:
+    """Parse ``[mcp_servers.<name>]`` sections from TOML content into a dict."""
+    servers: dict = {}
+    current_server = None
+
+    for raw in content.splitlines():
+        line = raw.split("#", 1)[0].strip()
+        if not line:
+            continue
+
+        if line.startswith("[") and line.endswith("]"):
+            section = line[1:-1].strip()
+            if section.startswith("mcp_servers."):
+                current_server = section.split(".", 1)[1]
+                servers.setdefault(current_server, {})
+            else:
+                current_server = None
+            continue
+
+        if not current_server or "=" not in line:
+            continue
+
+        key, value = line.split("=", 1)
+        key = key.strip().strip('"')
+        value = value.strip()
+
+        if key == "args":
+            servers[current_server]["args"] = re.findall(r"[\"']([^\"']*)[\"']", value)
+        elif key in ("command", "type"):
+            match = re.match(r"^[\"'](.*)[\"']$", value)
+            servers[current_server][key] = match.group(1) if match else value
+        elif key == "enabled":
+            low = value.lower()
+            if low.startswith("true"):
+                servers[current_server]["enabled"] = True
+            elif low.startswith("false"):
+                servers[current_server]["enabled"] = False
+        else:
+            servers[current_server][key] = value
+
+    return servers
+
+
+def toml_escape_str(value: str) -> str:
+    """Escape a string for a double-quoted TOML value (Windows ``\\`` → ``/``)."""
+    return value.replace("\\", "/")
+
+
+def upsert_toml_section(toml_path: Path, section: str, entries: dict) -> None:
+    """Add or replace a dotted TOML section in-place."""
+    content = toml_path.read_text(encoding="utf-8") if toml_path.exists() else ""
+    header = f"[{section}]"
+
+    lines = content.splitlines()
+    new_lines = []
+    skip = False
+    for line in lines:
+        stripped = line.strip()
+        if stripped == header:
+            skip = True
+            continue
+        if skip and stripped.startswith("["):
+            skip = False
+        if not skip:
+            new_lines.append(line)
+
+    content = "\n".join(new_lines).rstrip()
+    section_lines = [f"\n\n{header}"]
+    for key, value in entries.items():
+        if isinstance(value, list):
+            items = ", ".join(f'"{toml_escape_str(str(item))}"' for item in value)
+            section_lines.append(f"{key} = [{items}]")
+        elif isinstance(value, bool):
+            section_lines.append(f'{key} = {"true" if value else "false"}')
+        else:
+            section_lines.append(f'{key} = "{toml_escape_str(str(value))}"')
+    section_lines.append("")
+
+    toml_path.parent.mkdir(parents=True, exist_ok=True)
+    toml_path.write_text(content + "\n".join(section_lines), encoding="utf-8")
+
+
+def remove_toml_section(toml_path: Path, section: str) -> bool:
+    """Remove a dotted TOML section. Deletes the file if it becomes empty.
+    Returns True if the section was found and removed."""
+    if not toml_path.exists():
+        return False
+    content = toml_path.read_text(encoding="utf-8")
+    header = f"[{section}]"
+
+    lines = content.splitlines()
+    new_lines = []
+    skip = False
+    removed = False
+    for line in lines:
+        stripped = line.strip()
+        if stripped == header:
+            skip = True
+            removed = True
+            continue
+        if skip and stripped.startswith("["):
+            skip = False
+        if not skip:
+            new_lines.append(line)
+
+    if removed:
+        remaining = "\n".join(new_lines).rstrip()
+        if remaining:
+            toml_path.write_text(remaining + "\n", encoding="utf-8")
+        else:
+            toml_path.unlink()
+    return removed

{code_context_control-2.33.0 → code_context_control-2.34.0}/core/web_security.py

@@ -126,6 +126,17 @@ def cors_origin(request, allowed: set[str]) -> str | None:
     return None
 
 
+def guard_summary() -> dict:
+    """Compact, serializable status for health endpoints — confirms to operators
+    that the localhost guard is active (it otherwise enforces silently)."""
+    return {
+        "active": True,
+        "host_allowlist": True,
+        "csrf": "origin+referer",
+        "cors": "scoped",
+    }
+
+
 def install_guard(app, get_allowed: Callable[[], set[str]]) -> None:
     """Register the Host/Origin guard and a tightened CORS policy on a Flask app.
 
@@ -156,3 +167,8 @@ def install_guard(app, get_allowed: Callable[[], set[str]]) -> None:
             response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization"
             response.headers["Access-Control-Allow-Methods"] = "GET,POST,PUT,DELETE,OPTIONS"
         return response
+
+    import logging
+    logging.getLogger("c3.web_security").info(
+        "localhost web guard active — Host allowlist + Origin/Referer CSRF + scoped CORS"
+    )