Skip to content

fix(strix): normalize installed executable permissions #569

Description

@seonghobae

원인\n\nCentral Strix commit b50e4f7 added a fail-closed check that rejects a group/world-writable executable, but the Install Strix step does not normalize the GitHub runner pip artifact. ContextualWisdomLab/codec-carver#250 current-head run 29511363963 therefore exited 127 before scanning with STRIX_EXECUTABLE_PATH must not be group/world writable.\n\n## 범위\n\n- Set a deterministic non-group-writable install umask.\n- Remove group/world write bits from the resolved Strix executable before hashing it.\n- Add regression assertions for both workflow controls.\n- Preserve executable ownership, absolute-path, installation-root, and SHA-256 checks.\n\n## 완료 기준\n\n- Central shell tests pass.\n- The workflow source proves permission normalization happens before digest capture.\n- A fresh current-head Strix run for ContextualWisdomLab/codec-carver#250 reaches the scanner instead of exiting 127.\n\nAgent: Codex\nStarted: 2026-07-17T00:37:46+09:00\nPhase: Ops

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions