controlzero 1.5.5a1__tar.gz → 1.5.7__tar.gz

{controlzero-1.5.5a1 → controlzero-1.5.7}/CHANGELOG.md

@@ -1,5 +1,94 @@
 # Changelog
 
+## v1.5.7 -- 2026-05-16 (PRIVACY)
+
+### Fixed
+
+- **Customer-context comments in the published wheel.** Codex +
+  Gemini outside-voice review surfaced several customer-context
+  strings + private monorepo path references that v1.5.6 missed:
+  - `controlzero/hosted_policy.py` referenced a customer-specific
+    possessive when describing the T104 cache-GC scenario. Rewritten
+    in neutral phrasing that preserves the technical context.
+  - `controlzero/enrollment.py` documented the wire-format contract
+    via a private monorepo path. Replaced with a pointer to the
+    public docs site.
+  - `controlzero/cli/hosts/base.py` and
+    `controlzero/cli/hosts/unknown.py` referenced an internal
+    backend filename in inline comments. Replaced with a generic
+    description of the constraint.
+  - Tests `test_t104_cache_gc.py` and `test_t103_precedence.py`
+    carried a geographic identifier and a customer-derived test
+    name (NOT in the published wheel since tests are excluded, but
+    scrubbed for consistency).
+- **No behavior change.** Comments + docstrings only.
+
+## v1.5.6 -- 2026-05-15 (PRIVACY)
+
+### Fixed
+
+- **Customer names and identifiable references removed from the
+  published wheel.** Earlier 1.5.x releases (including 1.5.5)
+  carried customer names and individual contributor names in inline
+  comments and docstrings as historical context for past incidents.
+  This release replaces every such reference with a generic
+  technical description (a customer / an enterprise customer / a
+  date-stamped incident label) while preserving the technical
+  meaning of the comment. No behavior change. Concretely affects
+  inline comments in `client.py`, `device.py`, `hosted_policy.py`,
+  `enrollment.py`, `cli/main.py`, `cli/_secrets.py`, `cli/debug_bundle.py`,
+  `cli/hosts/claude_code.py`, `cli/hosts/gemini_cli.py`,
+  `_internal/bundle.py`, `_internal/enforcer.py`. 1.5.5 is yanked
+  on PyPI.
+- **Realistic-looking placeholder key in source replaced.** The
+  64-hex-char `cz_live_*` string used as a docstring example and
+  test fixture has been swapped for an obviously-synthetic
+  `cz_live_aaaa...` placeholder. The original value was a test
+  fixture, not a real customer key, but the format was close
+  enough to a real key that an external reader could not tell.
+
+## v1.5.5 -- 2026-05-15 (YANKED)
+
+YANKED on 2026-05-15 due to customer-name leakage in inline comments.
+Use 1.5.6 instead.
+
+## Unreleased -- Tier 0a security hotfix (2026-05-15)
+
+### Security (P0 hotfix for #174)
+
+- **New `controlzero doctor` command**. Scans every known coding-agent
+  settings file (claude-code, gemini-cli, codex-cli, cursor, windsurf,
+  vscode, cline, antigravity, adal, jetbrains) for plaintext `cz_*_*`
+  API keys baked into hook commands. Reports findings compiler-style
+  with stable E#### error codes. Exit 1 on any ERROR finding so it
+  can run in CI / pre-push hooks.
+- **New `controlzero migrate` command**. Auto-rewrites every leaked
+  inline hook of the form `CONTROLZERO_API_KEY=cz_live_... controlzero
+hook-check` into the safe `controlzero hook-check` form, and
+  persists the recovered key to `~/.controlzero/config.yaml`
+  (mode 0o600, parent dir 0o700). Has `--dry-run`. Idempotent.
+- **Stable error-code catalog** (`controlzero.error_codes`). 24 E####
+  codes across security / auth / policy / cache / network / hook /
+  runtime ranges. Each entry has title, what, fix, and a docs slug
+  for the `docs.controlzero.ai/errors/` URL.
+- **`controlzero telemetry`** group: `full` / `anonymous` / `off`.
+  Opt-IN per the 2026-05-14 transparency mandate. Default unset =
+  silent. Non-interactive shells never prompt. State in
+  `~/.controlzero/telemetry.yaml` (mode 0o600).
+- **Tighter local-file permissions**. `_write_api_key_config` now
+  enforces 0o600 on `config.yaml` and 0o700 on the parent directory.
+  Best-effort on Windows / FAT (silent skip).
+- **Cross-SDK CI contract test**: `scripts/ci/check-no-key-leaks.sh`
+  fails the build on any new `cz_(live|test)_*` leak surface across
+  Python, Node, Go, frontend, docs.
+- **Rich CLI palette**: doctor + migrate now use the DESIGN.md
+  sage-green theme via `controlzero.cli.console`.
+
+If you previously ran `controlzero install <agent>` on a version
+older than 1.5.3, your agent settings file likely still contains
+the plaintext key. Run `controlzero doctor` to check; run
+`controlzero migrate` to fix.
+
 ## 1.5.5a1 (pre-release) -- 2026-05-13
 
 This is a **pre-release**. `pip install control-zero` continues to
@@ -21,7 +110,7 @@ T96 + T101 layout changes in real customer environments.
   not contents), and resolved API URL. With `--from-hook` it parses
   a stdin payload so the output reflects what the hook subprocess
   actually sees. Built for fast Windows-hook triage after the
-  2026-05-12 CloudShift incident -- a customer can now run a single
+  2026-05-12 incident -- a customer can now run a single
   command and send us the JSON instead of guessing which env vars
   their hook sees.
 
@@ -73,7 +162,7 @@ T96 + T101 layout changes in real customer environments.
   Anthropic's PreToolUse hook schema only accepts `"approve" | "block"`
   -- the `"allow"` string crashed Claude Code's validator with
   `Hook JSON output validation failed - (root): Invalid input` and
-  Claude Code dropped the hook decision (defaults to proceed). CloudShift
+  Claude Code dropped the hook decision (defaults to proceed). A customer
   saw a `Write` correctly blocked, then a `PowerShell` command bypass
   to the same intent. After 1.5.3 the Claude Code adapter renders
   allow as `"approve"` and deny as `"block"`; Gemini CLI / Codex CLI
@@ -122,7 +211,7 @@ T96 + T101 layout changes in real customer environments.
 
 ### Customer impact
 
-CloudShift / kh.lee reported on 2026-05-12 that Claude Code on
+an enterprise customer admin reported on 2026-05-12 that Claude Code on
 Windows was not sending any audit logs to the dashboard, while the
 direct Python SDK script was sending logs without a populated
 SOURCE column. Both symptoms collapse to the two fixes above.
@@ -192,7 +281,7 @@ GH #424 (umbrella), PRs #425 (precedence), #428 (cache GC), #427
   (T87, GH #392). The bundle on disk is encrypted+signed; `cat` returns
   nothing useful, so until now diagnosing a deny-deny incident meant
   shipping the bundle back to engineering or attaching a debugger
-  (Bryan's deny-deny took ~3 hours to root-cause for exactly this
+  (the deny-deny took ~3 hours to root-cause for exactly this
   reason). The new subcommand reads the matching `bootstrap-<prefix>.json`
   for keys, decrypts and verifies the cached bundle blob via the same
   parser the SDK uses, and prints a human-readable summary: bundle id,
@@ -247,7 +336,7 @@ GH #424 (umbrella), PRs #425 (precedence), #428 (cache GC), #427
   work, modern rules continue to work, and only previously-broken
   legacy rules start matching again.
 
-- **Synthetic policy_id sentinels** (T79, Bryan deny-deny postmortem).
+- **Synthetic policy_id sentinels** (T79, the deny-deny postmortem).
   `PolicyDecision.policy_id` is now stamped with one of six canonical
   `synthetic:*` values whenever the deny was emitted by a fail-closed
   code path (no rule matched, empty bundle, missing bundle, T83-class

{controlzero-1.5.5a1 → controlzero-1.5.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: controlzero
-Version: 1.5.5a1
+Version: 1.5.7
 Summary: AI agent governance: policies, audit, and observability for tool calls. Works locally with no signup.
 Project-URL: Homepage, https://controlzero.ai
 Project-URL: Documentation, https://docs.controlzero.ai
@@ -28,6 +28,7 @@ Requires-Dist: httpx>=0.25.0
 Requires-Dist: loguru>=0.7.0
 Requires-Dist: pydantic>=2.0.0
 Requires-Dist: pyyaml>=6.0
+Requires-Dist: rich>=13.0.0
 Requires-Dist: zstandard>=0.22.0
 Provides-Extra: anthropic
 Requires-Dist: anthropic>=0.25.0; extra == 'anthropic'

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/__init__.py

@@ -28,7 +28,7 @@ from controlzero.errors import (
 )
 from controlzero.policy_loader import load_policy
 
-__version__ = "1.5.5a1"
+__version__ = "1.5.7"
 
 __all__ = [
     "Client",

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/_internal/bundle.py

@@ -437,7 +437,7 @@ def translate_to_local_policy(payload: dict) -> dict:
         # reason_code so dashboards still bucket it as "nothing
         # attached").
         #
-        # Copy-choice note (2026-04-19, Bryan's P0): the previous
+        # Copy-choice note (2026-04-19, the 2026-04-19 P0): the previous
         # message -- "No active policies. Define one in the Control Zero
         # dashboard." -- presumed the user had not defined any policies.
         # That presumption was wrong in the common case: the user had

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/_internal/enforcer.py

@@ -20,10 +20,9 @@ from __future__ import annotations
 
 import fnmatch
 from dataclasses import dataclass, field
-from typing import Any, Optional
+from typing import Optional
 
 from controlzero._internal.dlp_scanner import (
-    DLPMatch,
     DLPScanner,
     extract_text_from_args,
 )
@@ -34,7 +33,7 @@ from controlzero._internal.types import PolicyRule
 # so integrations + dashboards can branch on decision provenance
 # without regex-matching the human-readable `reason` string.
 #
-# Added 2026-04-19 after Bryan's P0: the SDK fail-closed with "No
+# Added 2026-04-19 after the 2026-04-19 P0: the SDK fail-closed with "No
 # active policies. Define one in the Control Zero dashboard." when
 # the user had in fact defined three; the three surfaces disagreed
 # because policy_attachments was empty. reason_code lets the hosted
@@ -79,7 +78,7 @@ VALID_REASON_CODES = frozenset({
     REASON_CODE_LOCAL_OVERRIDE_ACTIVE,
 })
 
-# Synthetic policy_id sentinels (T79 / Bryan deny-deny postmortem,
+# Synthetic policy_id sentinels (T79 / the deny-deny postmortem,
 # 2026-05-11). When a deny is emitted by anything OTHER than a
 # user-authored rule, the SDK stamps the audit row's `policy_id` with
 # one of these `synthetic:*` values so the audit dashboard can render
@@ -318,7 +317,7 @@ class PolicyEvaluator:
                 # resources:["*"] for unscoped rules, so prior to this
                 # fix every cz.guard() call without an explicit resource
                 # was skipping every rule and falling through to the
-                # default deny (Bryan deny-deny incident, 2026-05-10).
+                # default deny (the deny-deny incident, 2026-05-10).
                 # Logic now: if any pattern in rule.resources is the
                 # universal "*", treat the gate as satisfied; otherwise
                 # require a caller-supplied resource and glob-match it.

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/_internal/types.py

@@ -1,6 +1,6 @@
 """Internal type definitions. Public users should import from controlzero, not here."""
 
-from typing import Any, Optional
+from typing import Any
 from pydantic import BaseModel, Field
 
 

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/audit_remote.py

@@ -24,13 +24,44 @@ import json
 import logging
 import platform
 import threading
-import time
 import uuid
 from datetime import datetime, timezone
+from pathlib import Path
 from typing import Optional
 
 from controlzero.device import detect_client_name, detect_client_version
 
+# #495/v1 (2026-05-14): the normalized controlzero_sdk_version field
+# carried on every audit POST. Format is "<lang>@<version>" so the
+# backend can group/filter across SDKs without ambiguity (a version
+# string alone like "1.9.1" is shared between Python and Node).
+# Capped at 64 chars so a freak __version__ value cannot pollute the
+# LowCardinality column on the backend.
+#
+# Read via importlib.metadata rather than `from controlzero import
+# __version__`: audit_remote.py is imported transitively from
+# controlzero.client.Client, which is imported at the top of
+# controlzero/__init__.py before __version__ is defined. The naive
+# import triggers a circular-import ImportError on package load.
+# importlib.metadata reads from the installed dist-info and avoids
+# the partial-module problem entirely.
+def _resolve_sdk_version_wire() -> str:
+    try:
+        from importlib.metadata import version as _pkg_version
+        v = _pkg_version("controlzero")
+    except Exception:
+        # Editable install where the dist-info isn't on the metadata
+        # path, or any other import-time failure: fall back to empty
+        # so the audit pipeline doesn't carry a wrong value.
+        return ""
+    wire = "python@" + v
+    if len(wire) > 64:
+        return ""
+    return wire
+
+
+_CZ_SDK_VERSION_WIRE = _resolve_sdk_version_wire()
+
 logger = logging.getLogger("controlzero.audit_remote")
 
 # Buffer limits
@@ -48,7 +79,7 @@ class RemoteAuditSink:
         machine_token: str,  # not used for auth header, kept for future
         org_id: str,
         machine_id: str,
-        state_dir: Optional["Path"] = None,
+        state_dir: Optional[Path] = None,
     ):
         self._api_url = api_url.rstrip("/")
         self._machine_token = machine_token
@@ -132,6 +163,10 @@ class RemoteAuditSink:
             # coding-agent hook-check calls; SDK library integrations
             # pass an empty string until they adopt the same extractor.
             "extracted_method": entry.get("extracted_method", ""),
+            # v1 (2026-05-14): normalized controlzero SDK package version
+            # so support can pinpoint which SDK release made this POST.
+            # See top of file for the wire-format invariant.
+            "controlzero_sdk_version": _CZ_SDK_VERSION_WIRE,
         }
 
     # ---- flush mechanics ----
@@ -312,6 +347,10 @@ class BearerAuditSink:
             # coding-agent hook-check calls; SDK library integrations
             # pass an empty string until they adopt the same extractor.
             "extracted_method": entry.get("extracted_method", ""),
+            # v1 (2026-05-14): same controlzero SDK version wire field
+            # as the BearerAuditSink path above. Kept in lockstep so
+            # both sinks produce identical row shapes on the backend.
+            "controlzero_sdk_version": _CZ_SDK_VERSION_WIRE,
         }
 
     def _flush_async(self) -> None:

controlzero-1.5.7/controlzero/cli/_secrets.py

@@ -0,0 +1,135 @@
+"""API key redaction + leak-detection helpers (Tier 0a hotfix 2026-05-15).
+
+Single source of truth for:
+
+1. Detecting `cz_(live|test)_*` patterns in arbitrary text (used by
+   `controlzero doctor` to scan agent settings files + the cross-SDK
+   contract test that fails the CI on any leak surface).
+2. Redacting a full key to a last-4 form for display in CLI output
+   (`cz_live_***aaaaa`). Matches the gh CLI / Stripe CLI convention.
+
+These helpers MUST stay pure (no I/O, no logging) so the contract test
+that depends on `find_key_leaks` can run in a sandbox without touching
+the user's actual filesystem.
+"""
+
+from __future__ import annotations
+
+import re
+from typing import Iterable, List, NamedTuple
+
+# A controlzero API key is 8-char prefix (cz_live_ / cz_test_) + 64 hex
+# characters in production. We also accept shorter trailing alphanumerics
+# so legacy short-form test keys (cz_test_localdev_...) are caught.
+# The pattern is deliberately greedy on the suffix so we catch:
+#   cz_live_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+#   cz_test_localdev_000000000000000000000000
+#   cz_test_xxxxxxxx (rarer, but valid)
+# but stops at a non-alphanumeric so we don't gobble surrounding markup.
+_KEY_PATTERN = re.compile(r"cz_(live|test)_[A-Za-z0-9_]{4,}")
+
+
+class KeyMatch(NamedTuple):
+    """One match from `find_key_leaks`. The `key` field is the FULL
+    matched substring; callers that surface this in customer output
+    must run it through `redact_key` first."""
+
+    start: int
+    end: int
+    key: str
+    line_number: int
+
+
+def find_key_leaks(text: str) -> List[KeyMatch]:
+    """Return every `cz_(live|test)_*` substring in `text`.
+
+    Used by:
+    - `controlzero doctor` to scan ~/.claude/settings.json etc.
+    - The cross-SDK contract test to fail the PR on any leak.
+    - `controlzero migrate` to identify which entries to rewrite.
+
+    Pure function. No I/O. Deterministic. Safe to call on arbitrary
+    untrusted input (no regex catastrophic backtracking; pattern is
+    linear).
+    """
+    matches: List[KeyMatch] = []
+    if not text:
+        return matches
+    for m in _KEY_PATTERN.finditer(text):
+        # Compute the 1-indexed line number so doctor output reads
+        # like a compiler error: `foo.json:42:5`. Counts newlines
+        # from start of text to the match start.
+        line_number = text.count("\n", 0, m.start()) + 1
+        matches.append(
+            KeyMatch(
+                start=m.start(),
+                end=m.end(),
+                key=m.group(0),
+                line_number=line_number,
+            )
+        )
+    return matches
+
+
+def redact_key(key: str) -> str:
+    """Convert `cz_live_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`
+    to `cz_live_***aaaaa` (last-5 of the secret payload).
+
+    The prefix (`cz_live_` / `cz_test_`) is preserved so the mode is
+    still readable: ops can tell at a glance which key family this
+    is. The last 5 hex chars are kept so two different keys are
+    distinguishable in support tickets without exposing enough to
+    reconstruct the key (5 hex chars = 20 bits = 1M combinations,
+    not enough to brute-force back to the full key but enough for a
+    human to disambiguate "is this customer A's key or customer B's key").
+
+    Returns the input verbatim if it doesn't match the expected shape,
+    so caller-side `print(redact_key(maybe_key))` is always safe.
+    """
+    stripped = key.strip()
+    m = _KEY_PATTERN.fullmatch(stripped)
+    if not m:
+        return key
+    mode = m.group(1)  # 'live' or 'test'
+    last5 = stripped[-5:] if len(stripped) >= 5 else stripped
+    return f"cz_{mode}_***{last5}"
+
+
+def redact_text(text: str) -> str:
+    """Apply `redact_key` to every `cz_(live|test)_*` match inside an
+    arbitrary string.
+
+    Used to scrub log lines, error messages, and stderr before the SDK
+    prints them. Cheaper than wiring per-call-site escapes; safer too
+    because the redaction is centralized.
+    """
+
+    def _replace(m: re.Match[str]) -> str:
+        return redact_key(m.group(0))
+
+    return _KEY_PATTERN.sub(_replace, text)
+
+
+# Convenience: scan a list of file paths, return a flat list of
+# (path, KeyMatch) pairs for everything found. doctor + migrate both
+# consume this.
+def scan_files(paths: Iterable[str]) -> List[tuple[str, KeyMatch]]:
+    """Open each path, scan for key leaks, return matches with file
+    path attached. Missing files / unreadable files are silently
+    skipped -- the caller (doctor) handles "did we find the agent
+    config at all" via a separate codepath.
+    """
+    import pathlib
+
+    out: List[tuple[str, KeyMatch]] = []
+    for p in paths:
+        path = pathlib.Path(p).expanduser()
+        if not path.exists():
+            continue
+        try:
+            content = path.read_text(encoding="utf-8", errors="replace")
+        except OSError:
+            continue
+        for match in find_key_leaks(content):
+            out.append((str(path), match))
+    return out

controlzero-1.5.7/controlzero/cli/console.py

@@ -0,0 +1,125 @@
+"""Centralized Rich console for the controlzero CLI.
+
+Tier 0a hotfix piece 6 (#174 / DESIGN.md): every user-facing CLI
+output goes through this singleton so colors, padding, and spinner
+styles stay consistent across `controlzero doctor`, `controlzero
+migrate`, `controlzero install`, and the install-time consent prompt.
+
+Color palette pulled straight from DESIGN.md:
+
+- accent:   #22c55e  sage green (logo, active states, success)
+- success:  #22c55e  same as accent (allowed, healthy)
+- warning:  #eab308  yellow (approaching limits, soft errors)
+- error:    #ef4444  red (blocked, critical)
+- text-1:   #f0f0f3  primary (headings, values)
+- text-2:   #8b8b96  secondary (descriptions)
+- text-3:   #7a7a86  tertiary (labels)
+- border:   rgba(255,255,255,0.06)  (rendered as dim grey in terminal)
+
+Use the module-level helpers (`success`, `warn`, `error`, `info`,
+`panel`) rather than constructing rich objects in each command. This
+makes the CLI testable: tests can mock the singleton and assert on
+the rendered strings.
+
+If the user has NO_COLOR set, rich's automatic detection kicks in
+and we render plain text -- nothing to do here.
+"""
+
+from __future__ import annotations
+
+from typing import Optional
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.style import Style
+from rich.text import Text
+from rich.theme import Theme
+
+
+# DESIGN.md color tokens. Names mirror the CSS custom property names
+# so a designer can grep across the repo and find every place a token
+# is consumed.
+_CZ_THEME = Theme({
+    "cz.accent": Style(color="#22c55e", bold=False),
+    "cz.success": Style(color="#22c55e", bold=True),
+    "cz.warning": Style(color="#eab308", bold=True),
+    "cz.error": Style(color="#ef4444", bold=True),
+    "cz.text1": Style(color="#f0f0f3"),
+    "cz.text2": Style(color="#8b8b96"),
+    "cz.text3": Style(color="#7a7a86"),
+    "cz.text4": Style(color="#5a5a65", dim=True),
+    "cz.code": Style(color="#f0f0f3", bgcolor="#222225"),
+    # Compound helpers used by panels.
+    "cz.heading": Style(color="#f0f0f3", bold=True),
+    "cz.dim_border": Style(color="#5a5a65", dim=True),
+})
+
+
+# Two consoles so callers can route errors to stderr without
+# leaking color escape codes into a redirected stdout.
+_stdout = Console(theme=_CZ_THEME, highlight=False)
+_stderr = Console(theme=_CZ_THEME, highlight=False, stderr=True)
+
+
+def stdout() -> Console:
+    """The shared stdout-bound console. Use this for normal CLI
+    output. Tests can monkeypatch this to capture rendered output."""
+    return _stdout
+
+
+def stderr() -> Console:
+    """The shared stderr-bound console. Use this for warnings + errors."""
+    return _stderr
+
+
+# -----------------------------------------------------------------------------
+# Helpers -- the public surface. Every CLI command should use these
+# rather than touching the underlying console.
+# -----------------------------------------------------------------------------
+
+
+def success(message: str) -> None:
+    """Bold sage-green check mark + message. Used for happy-path
+    completion lines like 'Installed claude-code hook'.
+    """
+    _stdout.print(Text.assemble(("[OK] ", "cz.success"), (message, "cz.text1")))
+
+
+def warn(message: str) -> None:
+    """Yellow warning. Used for soft errors that don't block the
+    operation but the user should know about (e.g. 'shell history
+    contains a key')."""
+    _stderr.print(Text.assemble(("[WARN] ", "cz.warning"), (message, "cz.text1")))
+
+
+def error(message: str, code: Optional[str] = None) -> None:
+    """Red error. If a stable E#### code is supplied, prepend it so
+    the user can search the docs site for the canonical fix."""
+    prefix = f"[ERROR {code}] " if code else "[ERROR] "
+    _stderr.print(Text.assemble((prefix, "cz.error"), (message, "cz.text1")))
+
+
+def info(message: str) -> None:
+    """Plain informational line, no color. Used for hints + status
+    lines that aren't the headline output."""
+    _stdout.print(Text(message, style="cz.text2"))
+
+
+def heading(message: str) -> None:
+    """Section heading. Bold, primary text color."""
+    _stdout.print(Text(message, style="cz.heading"))
+
+
+def code(snippet: str) -> Text:
+    """Render a short code snippet (filename, command, key) with the
+    code style. Returns a Text so callers can compose it into a
+    larger renderable."""
+    return Text(snippet, style="cz.code")
+
+
+def panel(content: str, title: str = "", style: str = "cz.dim_border") -> None:
+    """Outlined box with optional title. Used for the consent prompt
+    + the post-install confirmation summary so they don't drown in
+    other terminal output."""
+    p = Panel.fit(content, title=title or None, border_style=style)
+    _stdout.print(p)

{controlzero-1.5.5a1 → controlzero-1.5.7}/controlzero/cli/debug_bundle.py

@@ -1,6 +1,6 @@
 """``controlzero debug bundle`` -- inspect SDK-loaded rules + simulate guard.
 
-Bryan's deny-deny incident (T87, GH #392) burned ~3 hours of root-cause
+the deny-deny incident (T87, GH #392) burned ~3 hours of root-cause
 work because the bundle on disk is encrypted+signed. ``cat`` returns
 nothing legible; operators had to attach a debugger or ship the bundle
 back to engineering. This module gives them a self-serve alternative.