fix: codex birth review — shell injection, root prevention, dream user

Critical fixes: - Quoted heredoc prevents shell injection in CLAUDE.md generation - Block reserved system usernames (root, daemon, bin, etc.) - Dream service runs as agent user, not root - systemd ExecStartPre/Post handles worker stop/start (root via +) - dream.rs no longer calls systemctl directly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 23:21:02 +02:00
parent 1ab1825029
commit 0f000c70c9
2 changed files with 29 additions and 15 deletions
--- a/crates/colony-agent/src/dream.rs
+++ b/crates/colony-agent/src/dream.rs
@@ -13,12 +13,10 @@ pub fn run_dream() {
        return;
    }

-    // 2. Stop worker to prevent file races
-    let agent_name = std::env::var("COLONY_AGENT").unwrap_or_else(|_| "agent".into());
-    let worker_service = format!("agent-{}-worker", agent_name);
-    let _ = Command::new("systemctl").args(["stop", &worker_service]).status();
+    // Worker is stopped by systemd ExecStartPre before dream runs
+    // No need to stop it here — systemd handles the coordination

-    // 3. Announce dream
+    // 2. Announce dream
    let _ = Command::new("colony")
        .args(["post", "general", "💤 dreaming... back in a few minutes", "--type", "plan", "--quiet"])
        .status();
@@ -51,10 +49,9 @@ pub fn run_dream() {
        Err(e) => { eprintln!("failed to run claude for dream: {}", e); false }
    };

-    // 5. Restart worker
-    let _ = Command::new("systemctl").args(["start", &worker_service]).status();
+    // Worker is restarted by systemd ExecStartPost after dream

-    // 6. Announce return
+    // 5. Announce return
    if dream_ok {
        let _ = Command::new("colony")
            .args(["post", "general", "👁 back from dreaming", "--type", "plan", "--quiet"])