empathy-framework 3.9.0__py3-none-any.whl → 3.9.1__py3-none-any.whl

{empathy_framework-3.9.0.dist-info → empathy_framework-3.9.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: empathy-framework
-Version: 3.9.0
+Version: 3.9.1
 Summary: AI collaboration framework with intelligent caching (up to 57% cache hit rate), tier routing (34-86% cost savings depending on task complexity), XML-enhanced prompts, persistent memory, CrewAI integration, and multi-agent orchestration. Includes HIPAA-compliant healthcare wizards.
 Author-email: Patrick Roebuck <admin@smartaimemory.com>
 Maintainer-email: Smart-AI-Memory <admin@smartaimemory.com>
@@ -368,7 +368,48 @@ Dynamic: license-file
 pip install empathy-framework[developer]  # Lightweight for individual developers
 ```
 
-## What's New in v3.8.3 (Current Release)
+## What's New in v3.9.0 (Current Release)
+
+### 🔒 **Security Hardening: 174 Security Tests (Up from 14)**
+
+**Production-ready security with comprehensive file path validation across the entire framework.**
+
+- ✅ **6 modules secured** with Pattern 6 (File Path Validation)
+- ✅ **13 file write operations** validated to prevent path traversal (CWE-22)
+- ✅ **174 security tests** (100% passing) - up from 14 tests (+1143% increase)
+- ✅ **Zero blind exception handlers** - all errors now properly typed and logged
+
+```python
+# All file writes now validated for security
+from empathy_os.config import EmpathyConfig
+
+config = EmpathyConfig(user_id="alice")
+config.to_yaml("/etc/passwd")  # ❌ ValueError: Cannot write to system directory
+config.to_yaml("./empathy.yml")  # ✅ Safe write
+```
+
+**Attack vectors blocked:**
+
+- Path traversal: `../../../etc/passwd` → `ValueError`
+- Null byte injection: `config\x00.json` → `ValueError`
+- System directory writes: `/etc`, `/sys`, `/proc`, `/dev` → All blocked
+
+See [SECURITY.md](https://github.com/Smart-AI-Memory/empathy-framework/blob/main/SECURITY.md) for complete security documentation.
+
+### 🛡️ **Exception Handling Improvements**
+
+**Better error messages with graceful degradation.**
+
+- Fixed 8 blind `except Exception:` handlers in workflow base
+- Specific exception types for better debugging
+- Enhanced error logging while maintaining graceful degradation
+- All intentional broad catches documented with design rationale
+
+---
+
+### Previous Releases
+
+#### v3.8.3
 
 ### 🎯 **Transparent Cost Claims: Honest Role-Based Savings (34-86%)**
 
@@ -413,7 +454,7 @@ empathy telemetry export --format csv --output usage.csv
 
 ---
 
-### Previous Release: v3.7.0
+#### v3.7.0
 
 #### 🚀 **XML-Enhanced Prompting: 15-35% Token Reduction + Graceful Validation**
 

{empathy_framework-3.9.0.dist-info → empathy_framework-3.9.1.dist-info}/RECORD

@@ -20,7 +20,7 @@ coach_wizards/refactoring_wizard.py,sha256=X0MTx3BHpOlOMAYDow-3HX5GyryY70JGAF5vA
 coach_wizards/scaling_wizard.py,sha256=n1RLtpWmj1RSEGSWssMiUPwCdpskO3z2Z3yhLlTdXro,2598
 coach_wizards/security_wizard.py,sha256=19SOClSxo6N-QqUc_QsFXOE7yEquiZF4kLi7jRomA7g,2605
 coach_wizards/testing_wizard.py,sha256=vKFgFG4uJfAVFmCIQbkrWNvZhIfLC6ve_XbvWZKrPg4,2563
-empathy_framework-3.9.0.dist-info/licenses/LICENSE,sha256=IJ9eeI5KSrD5P7alsn7sI_6_1bDihxBA5S4Sen4jf2k,4937
+empathy_framework-3.9.1.dist-info/licenses/LICENSE,sha256=IJ9eeI5KSrD5P7alsn7sI_6_1bDihxBA5S4Sen4jf2k,4937
 empathy_healthcare_plugin/__init__.py,sha256=4NioL1_86UXzkd-QNkQZUSZ8rKTQGSP0TC9VXP32kQs,295
 empathy_healthcare_plugin/monitors/__init__.py,sha256=Udp8qfZR504QAq5_eQjvtIaE7v06Yguc7nuF40KllQc,196
 empathy_healthcare_plugin/monitors/clinical_protocol_monitor.py,sha256=GkNh2Yuw9cvuKuPh3mriWtKJZFq_sTxBD7Ci8lFV9gQ,11620
@@ -218,7 +218,7 @@ empathy_os/telemetry/usage_tracker.py,sha256=acRhJyovJDoWXGsRFzwQcN83MnCS_gL4mH4
 empathy_os/test_generator/__init__.py,sha256=d7grN2uxoRqcTsiZAC-kgEad48Z9rDunOZ6TycS3fy4,913
 empathy_os/test_generator/__main__.py,sha256=YY_HE1xg4zKZkHHAd6sSzWvJCvLFOtmpawCrNlGjWAc,345
 empathy_os/test_generator/cli.py,sha256=u8WL1X3reqSYfVGjYiET7fmxqQDIIOzAE5HMQquhl7M,6862
-empathy_os/test_generator/generator.py,sha256=uDvG01hJUxbfI-eBIB4SsCxPZnWoNYqSMB3rZt0zem0,9692
+empathy_os/test_generator/generator.py,sha256=w0BXCZg_BphJ4kaA3FkbBC2uZK2xamN4XfWTtlvWdgc,9791
 empathy_os/test_generator/risk_analyzer.py,sha256=5vEncQDmxUXglZBX9-DdCcsz4yjvuY9IhJGjIfTH9fE,7486
 empathy_os/trust/__init__.py,sha256=ou4rlQ3smvivC8b-z-1E0vbqyGnLveRcggf270pTa_E,833
 empathy_os/trust/circuit_breaker.py,sha256=VMuVmH_lZ_RB0E-tjE150Qtbk7WnkLQXc-fp_8NR5AQ,20716
@@ -231,7 +231,7 @@ empathy_os/workflow_patterns/output.py,sha256=ArpR4D_z5MtRlWCKlKUmSWfXlMw-nkBukM
 empathy_os/workflow_patterns/registry.py,sha256=0U_XT0hdQ5fLHuEJlrvzjaCBUyeWDA675_hEyvHxT0o,7461
 empathy_os/workflow_patterns/structural.py,sha256=nDwWuZYnXbm21Gsr0yMoMQiOcU07VuNlpsUGPyZ2efk,9470
 empathy_os/workflows/__init__.py,sha256=UYXKvpkaLEAGqnMpUHrdR8TZiqmR8k47lpdEs2cs9B0,12022
-empathy_os/workflows/base.py,sha256=bDFuKnGxeQYMjkd5FgZeKXsGe9eRnrhcbXXsznnyS1k,66281
+empathy_os/workflows/base.py,sha256=fnKeZXaFfPk6SUKbqV1P7aJVGueFJSd0O32PPoquWG8,66320
 empathy_os/workflows/bug_predict.py,sha256=Td2XtawwTSqBOOIqlziNXcOt4YRMMeya2W1tFOJKytY,35726
 empathy_os/workflows/code_review.py,sha256=SWNXSuJ2v4to8sZiHSQ2Z06gVCJ10L1LQr77Jf1SUyM,35647
 empathy_os/workflows/code_review_adapters.py,sha256=9aGUDAgE1B1EUJ-Haz2Agwo4RAwY2aqHtNYKEbJq2yc,11065
@@ -337,8 +337,8 @@ workflow_scaffolding/__init__.py,sha256=UpX5vjjjPjIaAKyIV1D4GxJzLUZy5DzdzgSkePYM
 workflow_scaffolding/__main__.py,sha256=0qspuNoadTDqyskXTlT8Sahqau-XIxN35NHTSGVW6z4,236
 workflow_scaffolding/cli.py,sha256=R4rCTDENRMil2c3v32MnisqteFRDfilS6RHBNlYV39Q,6752
 workflow_scaffolding/generator.py,sha256=whWbBmWEA0rN3M3X9EzTjfbwBxHcF40Jin8-nbj0S0E,8858
-empathy_framework-3.9.0.dist-info/METADATA,sha256=D8RjLJ4FEGvvTwAqYlpqycoV91b7hyJkCps5DNPjjxg,48626
-empathy_framework-3.9.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-empathy_framework-3.9.0.dist-info/entry_points.txt,sha256=zMu7sKCiLndbEEXjTecltS-1P_JZoEUKrifuRBBbroc,1268
-empathy_framework-3.9.0.dist-info/top_level.txt,sha256=wrNU1aVMutVDACer58H-udv0P_171Dv6z_42sZtZ-xM,124
-empathy_framework-3.9.0.dist-info/RECORD,,
+empathy_framework-3.9.1.dist-info/METADATA,sha256=g7iTmZn_uTu8A5iAPall5wTQHkkhKdrkLr5P5iZTfKc,50099
+empathy_framework-3.9.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+empathy_framework-3.9.1.dist-info/entry_points.txt,sha256=zMu7sKCiLndbEEXjTecltS-1P_JZoEUKrifuRBBbroc,1268
+empathy_framework-3.9.1.dist-info/top_level.txt,sha256=wrNU1aVMutVDACer58H-udv0P_171Dv6z_42sZtZ-xM,124
+empathy_framework-3.9.1.dist-info/RECORD,,

empathy_os/test_generator/generator.py

@@ -48,6 +48,7 @@ class TestGenerator:
             loader=FileSystemLoader(str(template_dir)),
             trim_blocks=True,
             lstrip_blocks=True,
+            autoescape=True,  # Enable autoescape for security (test gen templates should be safe)
         )
 
         self.risk_analyzer = RiskAnalyzer()

empathy_os/workflows/base.py

@@ -57,6 +57,7 @@ from .progress import ProgressCallback, ProgressTracker
 # Import telemetry tracking
 try:
     from empathy_os.telemetry import UsageTracker
+
     TELEMETRY_AVAILABLE = True
 except ImportError:
     TELEMETRY_AVAILABLE = False
@@ -602,7 +603,9 @@ class BaseWorkflow(ABC):
                 logger.debug(f"Cache lookup failed (malformed data): {e}, continuing with LLM call")
             except (OSError, PermissionError) as e:
                 # File system errors - continue with LLM call
-                logger.debug(f"Cache lookup failed (file system error): {e}, continuing with LLM call")
+                logger.debug(
+                    f"Cache lookup failed (file system error): {e}, continuing with LLM call"
+                )
 
         # Create a step config for this call
         step = WorkflowStepConfig(