@juicesharp/rpiv-pi 0.8.0 → 0.8.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juicesharp/rpiv-pi",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Skill-based development workflow for Pi Agent — discover, research, design, plan, implement, validate",
   "keywords": [
     "pi-package",

package/skills/code-review/SKILL.md

@@ -111,21 +111,33 @@ Spawn these agents in parallel using the Agent tool. Each receives the `## Disco
   [paste Discovery Map verbatim]
 
   Task: Grep each changed hunk for the following sink patterns and list every match with `file:line` + surrounding 3 lines. Cross-reference the Discovery Map's Auth-boundary crossings.
+  For each hit, additionally return `confidence: N/10` reflecting how certain you are that a user-controlled input can reach this sink under current deployment. Do NOT report hits with confidence < 8.
   - Command execution: `exec(`, `execSync(`, `execFile(`, `child_process`, `spawn(`
   - Dynamic evaluation: `eval(`, `new Function(`
   - SQL template-interpolation: multi-line `` `SELECT ... ${ ``, `` `INSERT ... ${ ``, `` `UPDATE ... ${ ``, `` `DELETE ... ${ ``
   - XSS sinks: `innerHTML =`, `dangerouslySetInnerHTML`, `document.write(`
   - Path traversal: string concatenation into `fs.readFile`, `fs.writeFile`, `path.join` with user input
-  - SSRF: `fetch(`, `http.request(`, `axios(`, `got(` with user-controlled origin
+  - SSRF: `fetch(`, `http.request(`, `axios(`, `got(` where HOST or PROTOCOL (not just path) is user-controlled
   - Secrets in diff: `api_key`, `secret`, `password`, `BEGIN PRIVATE KEY`, `.env` content literal
-  - Missing hardening: auth-boundary crossings without a guard upstream; rate-limit-free POST handlers
+  - Missing auth guard: auth-boundary crossings (from Discovery Map) reaching a traced sink without an upstream guard
+
+  Hard exclusions — do NOT report:
+  - DOS / resource exhaustion / rate limiting / memory or CPU exhaustion
+  - Missing hardening in isolation (no traced sink), lack of audit logs
+  - Theoretical race conditions / timing attacks without a concrete reproducer
+  - Log spoofing, prototype pollution, tabnabbing, open redirects, XS-Leaks, regex DOS, regex injection
+  - Client-side-only authn/authz gaps (server is the authority)
+  - XSS in React/Angular/tsx files unless via `dangerouslySetInnerHTML`, `bypassSecurityTrustHtml`, or equivalent
+  - Findings whose sole source is an environment variable, CLI flag, or UUID (trusted in our threat model)
+  - Findings in test-only files or `.ipynb` notebooks without a concrete untrusted-input path
+  - Outdated-dependency CVEs (handled by the dependencies/CVE lens)
 
   For each hit, name the pattern and quote the line. Return evidence only. No CVE lookups — that is a separate agent.
   ```
 
 **Dependencies lens:**
 - subagent_type: `codebase-analyzer`
-- Prompt (only when `ManifestChanged` is true; otherwise SKIP and set `dependency_issues: 0`, `passes: [quality, security]`):
+- Prompt (only when `ManifestChanged` is true; otherwise SKIP this lens and omit the `### Dependencies` H3 block from the artifact):
   ```
   Known Context:
   [paste Discovery Map verbatim]
@@ -174,9 +186,9 @@ Spawn these agents in parallel using the Agent tool. Each receives the `## Disco
      - 🔵 Suggestion: pattern divergence with a concrete nearby template.
      - 💭 Discussion: composite-lesson architecture concerns.
    - Security evidence → classify:
-     - 🔴 sink hit with user-reachable exploitability (trace via Discovery Map auth-boundary crossings).
-     - 🟡 missing hardening (rate-limit, weak hash, non-constant-time compare).
-     - 🔵 pattern divergence from secure examples in the same file.
+     - 🔴 sink hit with a CONCRETE user-reachable source→sink path traced through Discovery Map auth-boundary crossings. Reject any hit lacking an explicit trace.
+     - 🟡 crypto-only concrete issues: weak hash in an auth/integrity role (MD5/SHA1), non-constant-time compare on secrets, hardcoded key material in diff. Do NOT use 🟡 for "missing hardening".
+     - 🔵 pattern divergence from a secure example in the SAME file (cite the nearby secure `file:line`).
      - 💭 architectural question.
    - Dependencies evidence → classify:
      - 🔴 Known-exploitable CVE in a touched dep (Critical/High per advisory DB) OR lockstep-contract violation (would trip `scripts/sync-versions.js`).
@@ -188,11 +200,8 @@ Spawn these agents in parallel using the Agent tool. Each receives the `## Disco
 2. **Probe advisor availability** — attempt a probe by checking whether `advisor` is in the active tool set (main-thread visibility). If yes, proceed to advisor path; otherwise take the inline path.
 
 3. **Advisor path** (when advisor is active):
-   - Print a main-thread `## Pre-Adjudication Findings` block containing the compiled evidence and tentative severity map. This ensures the findings are persisted into `getBranch()` before the advisor call.
-   - Call `advisor()` (zero-param). Wait for the response.
-   - On success: paste the advisor's prose verbatim into the artifact's `## Advisor Adjudication` section (Step 6) and note `advisor_used: true` + `advisor_model: [model-id]` in frontmatter.
-   - On `"aborted"` or empty text: set `advisor_used: false`, skip the adjudication section, fall through to the inline path.
-   - On `"error"`: note the error inline in the adjudication section as `advisor error: <message>`; continue with inline reconciliation alongside.
+   - Print a main-thread `## Pre-Adjudication Findings` block first — the advisor reads `getBranch()`, so evidence must be flushed before the call.
+   - Call `advisor()` (zero-param). If it returns usable prose, paste it verbatim into `## Advisor Adjudication` and skip the inline path. Otherwise fall through.
 
 4. **Inline path** (advisor unavailable or errored):
    - Run a dimension-sweep modeled on `skills/design/SKILL.md:83-116`: Data model / API surface / Integration / Scope / Verification / Performance.
@@ -214,7 +223,7 @@ Quality: [C🔴/I🟡/S🔵/D💭]
 Security: [C/I/S/D]
 Dependencies: [C/I/S/D | not-applicable]
 Precedents: [N composite lessons, top: "[one-line]"]
-Advisor: [used (model) | unavailable]
+Advisor: [adjudicated | inline]
 ```
 
 Wait for the developer's response. Then ask **one question at a time**, waiting for each answer.
@@ -249,16 +258,9 @@ branch: [Branch]
 commit: [Short hash]
 review_type: [commit|pr|staged|working]
 scope: "[What was reviewed]"
-files_changed: [N]
 critical_issues: [Count across all lenses]
 important_issues: [Count]
 suggestions: [Count]
-quality_issues: [Count]
-security_issues: [Count]
-dependency_issues: [Count | 0 when not-applicable]
-passes: [quality, security, dependencies]   # omit dependencies when not-applicable
-advisor_used: [true|false]
-advisor_model: [provider:id]                 # only when advisor_used is true
 status: [approved|needs_changes|requesting_changes]
 tags: [code-review, relevant-components]
 last_updated: [YYYY-MM-DD]
@@ -299,7 +301,7 @@ last_updated_by: [User]
 - `file:line` — [architectural question]
 
 ### Dependencies
-(Omit this H3 block entirely when `passes` excludes `dependencies`.)
+(Omit this H3 block entirely when the Dependencies lens was skipped — i.e., `ManifestChanged` was false.)
 #### 🔴 Critical
 - `dep@ver` (`package.json:line`) — [CVE id + link + affected-range + fix version]
 #### 🟡 Important
@@ -325,8 +327,8 @@ last_updated_by: [User]
 [Links to thoughts/ docs referenced by precedent-locator; one line each, no summaries.]
 
 ## Advisor Adjudication
-(Omit when `advisor_used: false`.)
-[Advisor model prose pasted VERBATIM. Do not edit or paraphrase. If `advisor error:` prefix is present, leave it as-is.]
+(Omit this H2 entirely when the advisor did not run — its presence IS the signal that adjudication occurred.)
+[Advisor model prose pasted VERBATIM. Do not edit or paraphrase.]
 
 ## Reconciliation Notes
 (Include only when the inline path ran, OR when developer dispute in Step 5 moved a severity.)
@@ -343,7 +345,7 @@ Review written to:
 `thoughts/shared/reviews/[filename].md`
 
 [C] critical, [I] important, [S] suggestions across [Q] quality, [Se] security, [D] dependency issues.
-Advisor: [used (model) | unavailable]
+Advisor: [adjudicated | inline]
 Status: [verdict]
 
 Top items:
@@ -366,6 +368,7 @@ Ask follow-ups, or run `/skill:revise` to address the findings.
 - **Always use parallel Agent tool calls** in Phase-2 to maximise efficiency.
 - **Always read the full diff FIRST** (Step 1) before spawning any Phase-1 or Phase-2 agent.
 - **Always pass the Discovery Map inline** as `Known Context` to every Phase-2 agent — agents are `isolated: true` and cannot see sibling transcripts.
+- **Security-lens precision stance**: prefer false negatives over false positives. Security evidence must carry `confidence ≥ 8` and 🔴 requires an explicit source→sink trace. Missing hardening without a traced sink is NOT a finding. Keep the Security-lens exclusion list in sync with the reference FP-filter precedents.
 - **Critical ordering**: Follow the numbered steps exactly.
   - ALWAYS resolve scope and bail on empty diff (Step 1) before Phase-1.
   - ALWAYS wait for Phase-1 completion before Phase-2 dispatch.