v0.3.16policy-scout2026-06-30

Code quality and security fixes for public release

Fixes semicolon regex in shell_parser, narrows lockdown fail-open to ImportError+warn, adds tamper trigger warning, replaces __import__("sys") in 4 places, removes dead approval guard clause, drops 6 empty test stubs, fixes hardcoded PYTHONPATH in test fixtures.

v0.3.162026-06-30
  • ·shell_parser: (&&|\|\|;) → (&&|\|\||;) — semicolon chains now correctly flagged
  • ·policy/engine: catch ImportError on lockdown; warn stderr on any other exception
  • ·audit/sqlite_store: warn when tamper triggers fail on writable database
  • ·tests: hardcoded /home/boop/... PYTHONPATH replaced with Path(__file__).parent.parent
  • ·SECURITY.md added; CHANGELOG v0.3.16 section added; ADR-001 test count updated