@lcv-ideas-software/cross-review 4.0.4 → 4.0.6

package/CHANGELOG.md

@@ -7,6 +7,88 @@ standard `v00.00.00`; npm package versions remain SemVer.
 
 ## [Unreleased]
 
+## [v04.00.06] — 2026-05-16
+
+**Patch — Windows-safe npm registry artifact verifier.** This release closes
+the v4.0.5 audit's LOW Windows finding without changing the public MCP tool
+surface.
+
+### Fixed
+
+- **Registry verifier on Windows** —
+  `scripts/verify-registry-dist.mjs` no longer spawns `npm.cmd` through
+  `execFileSync`. Newer Node.js builds reject that batch-file spawn path with
+  `spawnSync npm.cmd EINVAL` on Windows after the CVE-2024-27980 hardening,
+  which broke local `npm --registry=https://registry.npmjs.org run
+release:verify-registry` for Windows operators. The verifier now fetches
+  `https://registry.npmjs.org/<package>/<version>` directly and validates
+  `dist.shasum`, `dist.integrity`, and `dist.tarball` from the registry JSON.
+
+### Tests
+
+- Extended `registry_dist_metadata_verification_test` to pin the no-spawn
+  invariant and require direct npm registry metadata lookup.
+
+## [v04.00.05] — 2026-05-15
+
+**Patch — hard-gate close-out for the Codex v4.0.4 audit.** This release
+closes the 6 residual findings left after v4.0.4 restored Prettier coverage.
+
+### Fixed
+
+- **AUDIT-1 (StepSecurity)** — existing actionable
+  `Source-Code-Overwritten` detections for generated `dist/*` publish
+  artifacts were suppressed through the existing narrow post-rename
+  StepSecurity rule: repo `cross-review`, workflow
+  `.github/workflows/publish.yml`, job `Pre-publish gate (test + metadata)`,
+  file path `*/dist/*`. The rule remains scoped to generated publish output
+  and does not hide source-tree overwrites outside `dist/`.
+- **AUDIT-2 (model-selection docs)** — `docs/model-selection.md` now uses
+  the post-v4 product name, removes misleading fallback wording from current
+  model behavior, scopes older provider-doc notes as historical, and links to
+  the real historical report
+  `docs/reports/cross-review-v2-api-capability-smoke-2026-04-30.md`.
+- **AUDIT-3 (no-fallback wording)** —
+  `src/peers/model-selection.ts` now describes failure paths as keeping the
+  configured model pin instead of using the old fallback phrase; the internal
+  selection parameter name was aligned to `configuredPin`.
+- **AUDIT-4 (agent rename history)** — `.github/copilot-instructions.md` and
+  `.ai/GEMINI.md` now preserve the historical package transition as
+  `@lcv-ideas-software/cross-review-v2` →
+  `@lcv-ideas-software/cross-review`, instead of the tautological
+  post-rename name-to-itself text.
+- **AUDIT-5 (tag hygiene)** — release verification now treats the remote
+  padded tag as authoritative and local clones should fetch tags before
+  using `git tag --points-at HEAD` as evidence.
+- **AUDIT-6 (artifact identity)** — new
+  `npm --registry=https://registry.npmjs.org run release:verify-registry`
+  validates npm registry `dist.shasum`, `dist.integrity`, and `dist.tarball`
+  via `scripts/verify-registry-dist.mjs`; the publish workflow runs it after
+  npmjs.com visibility succeeds so future audits do not confuse local
+  `npm --registry=https://registry.npmjs.org pack --dry-run` output with
+  published registry identity.
+- **GHA npm registry discipline** — every active GitHub Actions npm command
+  outside dependency installation now passes
+  `--registry=https://registry.npmjs.org`; GitHub Packages publish commands keep
+  that default registry flag and override only the package scope registry.
+- **Grok `-latest` model-match dot aliases** — `BasePeerAdapter.modelMatches()`
+  now treats `grok-4-latest` resolving provider-side to dot-release ids such as
+  `grok-4.3` as the same Grok 4 family, while still rejecting true cross-family
+  downgrades such as `grok-3-*`. This closes the live HARD GATE false positive
+  where Grok returned a READY verdict but the runtime rejected it as
+  `silent_model_downgrade`.
+
+### Tests
+
+- Added smoke markers for model-selection documentation/link hygiene,
+  no-fallback wording, agent-instruction rename history, and registry
+  artifact metadata verification.
+- Added `npm_registry_discipline_test` to keep active GHA npm commands and
+  nested package scripts on the explicit npmjs registry unless the command is
+  dependency installation/update.
+- Extended `model_match_latest_alias_test` to pin
+  `grok-4-latest` → `grok-4.3` alongside the existing dated-id alias case.
+
 ## [v04.00.04] — 2026-05-15
 
 **Patch — restore prettier coverage of `src/` and `scripts/` (close audit

package/README.md

@@ -21,7 +21,7 @@ npm install -g @lcv-ideas-software/cross-review
 npm install -g @lcv-ideas-software/cross-review --registry=https://npm.pkg.github.com
 ```
 
-**Status.** Stable. Current release: **v04.00.04** (npm package `4.0.4`). See
+**Status.** Stable. Current release: **v04.00.06** (npm package `4.0.6`). See
 [CHANGELOG.md](./CHANGELOG.md) for the release history.
 
 > **Project renamed 2026-05-15.** This project was previously published as
@@ -36,6 +36,8 @@ The version history at a glance:
 
 | Release | Scope |
 |---|---|
+| **`v04.00.06`** | **Patch — Windows-safe registry verifier.** `scripts/verify-registry-dist.mjs` now queries `https://registry.npmjs.org` directly instead of spawning `npm.cmd`, closing the Windows Node hardening failure (`spawnSync npm.cmd EINVAL`) while preserving the post-publish validation of registry `dist.shasum`, `dist.integrity`, and `dist.tarball`. |
+| **`v04.00.05`** | **Patch — hard-gate close-out for the Codex v4.0.4 audit.** Clears the 6 residual findings: StepSecurity `Source-Code-Overwritten` detections for generated `dist/*` publish artifacts are suppressed against the existing narrow post-rename rule; `docs/model-selection.md` now uses the post-v4 product name, removes misleading fallback wording, and links to the real historical v2 capability-smoke report; model-selection failure text now says it keeps the configured model pin instead of the old fallback phrase; Copilot/Gemini agent instructions preserve the `cross-review-v2` → `cross-review` rename history; local tag verification is expected to use fetched remote tags; the publish workflow now records npm registry `dist.shasum` / `dist.integrity` / `dist.tarball` metadata so audits do not confuse local `npm --registry=https://registry.npmjs.org pack --dry-run` output with the published artifact identity; and `grok-4-latest` model-match accepts provider-reported dot-release aliases such as `grok-4.3` without weakening true cross-family downgrade rejection. |
 | **`v04.00.04`** | **Patch — restore prettier coverage of `src/` and `scripts/` (close audit on v4.0.3 hard-gate gap).** v4.0.3 added biome but also moved `src/**/*.ts`, `src/**/*.js`, `scripts/**/*.ts`, `scripts/**/*.js` into `.prettierignore` to dodge a biome↔prettier disagreement on dynamic-import call-style. Net effect: prettier ran against zero JS/TS under `src/`/`scripts/`, silently turning one of the four hard-gate checks into a no-op there. v4.0.4 restores full coverage and resolves the disagreement at the source — the 7 `scripts/smoke.ts` dynamic-import sites that triggered the wrap conflict were rewritten from destructure-from-call form to a 2-statement form (`const mod = await import("..."); const { A, B, C } = mod;`). Functionally identical; static type inference preserved. Both formatters now check the full JS/TS surface and pass simultaneously. |
 | **`v04.00.00`** | **Major — project renamed to `cross-review`** (drops the `-v2` suffix after the companion `cross-review-v1` project was discontinued and archived 2026-05-15). Breaking: npm package `@lcv-ideas-software/cross-review-v2` → `@lcv-ideas-software/cross-review` (old name stays on npm at `3.7.5` for historical installs); binaries `cross-review-v2` / `cross-review-v2-dashboard` → `cross-review` / `cross-review-dashboard`; env-var prefix `CROSS_REVIEW_V2_*` → `CROSS_REVIEW_*` across all config knobs that previously carried the `V2` infix (e.g. `CROSS_REVIEW_DATA_DIR`, `CROSS_REVIEW_DISABLE_CACHE_ANTHROPIC`); API-key env vars unchanged; per-host identity env vars (`CROSS_REVIEW_CALLER_TOKEN`, `CROSS_REVIEW_REQUIRE_TOKEN`) unchanged. GitHub repo URL: `LCV-Ideas-Software/cross-review-v2` → `LCV-Ideas-Software/cross-review` (auto-redirected). GitHub Pages: `cross-review-v2.lcv.dev` → `cross-review.lcv.dev`. MCP server key in host configs: operators who declared `cross-review-v2` rename to `cross-review`; after reload, MCP tool prefix becomes `mcp__cross-review__*`. Data dir migration is manual: operators copy `${HOME}/.cross-review/data_v2/*` into the new default `${HOME}/.cross-review/data/` (or set `CROSS_REVIEW_DATA_DIR` to the legacy path) — the v4.0.0 runtime reads only `CROSS_REVIEW_DATA_DIR` and does not fall back to the `_v2` suffix automatically. Preserved when copied: persisted session data, `config.json`, `host-tokens.json`, `cache_manifest.json`, archived/corrupt session dirs. Wire shape of all MCP tools, event types, convergence semantics is unchanged; all capabilities, peers, models, security defenses carry over from v3.7.5 verbatim. 504 source/script/doc text substitutions across 26 files. |
 | **`v03.07.05`** | **Patch — logs+sessions study 2026-05-15 close-out (4 surgical fixes from 244-session/429-round corpus).** **A1** — `session_doctor` classified cancelled sessions as `stale` (22 of 244 false positives); doctor now treats any terminal outcome (`aborted`/`converged`/`max-rounds`) as NOT-stale regardless of the persisted `convergence_health.state`. Source-layer state untouched (backward-compat with existing sessions). **A2** — `lockCallerPeerSelection` emitted false-positive `session.caller_peer_selection_ignored` events when callers passed a panel identical to the enabled set (13 of 106 recent events); the lock now accepts an optional `enabledPeers` snapshot in its context and short-circuits the emit when the caller-supplied list set-equals the enabled set (sorted comparison). **A3** — per-provider cache disable env vars (`CROSS_REVIEW_DISABLE_CACHE_ANTHROPIC|OPENAI|GEMINI|DEEPSEEK|GROK|PERPLEXITY`; provider names match v2.21.0 `_CACHE_TTL_*` convention; same parsing as `peer_enabled`); Anthropic default flipped to disabled based on empirical 0.3% hit-rate ($1.18 wasted to save $0.0035 over 244 sessions). Global `CROSS_REVIEW_DISABLE_CACHE` kill-switch unchanged; per-provider is an additive layer. Anthropic adapter `buildSystemBlock` + short-prefix warning gated on the per-provider flag; central `config.json` `cache` block accepts the new disable keys. **B1** — `session_sweep` gains opt-in `prune_corrupt: boolean.default(false)` + `corrupt_min_age_days: number.int.default(30)` to clean `<data_dir>/corrupt_sessions/` (no prior automated cleanup; 1 stale entry from 2026-05-08 v2.25.1 redact bug still on disk at study time). New `store.pruneCorruptSessions(minAgeMs)` returns `{scanned, removed, kept}`. Response shape stays `SessionMeta[]` when `prune_corrupt: false` (default); wraps to `{ swept, pruned_corrupt }` when true. **Patch bump** (3.7.4 → 3.7.5). |
@@ -135,7 +137,7 @@ Build and run locally:
 
 ```bash
 npm install
-npm run build
+npm --registry=https://registry.npmjs.org run build
 node dist/src/mcp/server.js
 ```
 
@@ -143,7 +145,7 @@ For local smoke tests (no-cost):
 
 ```powershell
 $env:CROSS_REVIEW_STUB = "1"
-npm test
+npm --registry=https://registry.npmjs.org test
 ```
 
 ## Configuration

package/dist/scripts/smoke.js

@@ -639,13 +639,12 @@ assert.equal(mismatch.round.rejected.at(-1)?.failure_class, "silent_model_downgr
 assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_model_downgrade");
 // v3.7.4 (operator-directed, session ecd03404): `model_match` must
 // recognize a `-latest` alias resolving to a concrete dated id. xAI
-// returns `grok-4-0709` for the pinned `grok-4-latest`; pre-v3.7.4
-// `modelMatches()` flagged that as `silent_model_downgrade` because
-// `grok-4-0709` does not start with the literal `grok-4-latest-`. That
-// forced `status` to null (base.ts:315) and rejected the peer, making
-// unanimity unreachable on any panel including grok. The fix strips the
-// `-latest` suffix to the family stem and matches the reported id
-// against it; a genuine cross-family downgrade is still flagged.
+// returns family ids for the pinned `grok-4-latest`; pre-v3.7.4
+// `modelMatches()` flagged `grok-4-0709` as `silent_model_downgrade`
+// because it does not start with the literal `grok-4-latest-`. v4.0.5
+// extends the same family-stem rule to dot-release ids observed in live
+// xAI responses (`grok-4.3`). These are alias resolution, not downgrade.
+// A genuine cross-family downgrade is still flagged.
 {
     const aliasStub = new StubAdapter(config, "grok", "grok-4-latest");
     process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-4-0709";
@@ -658,6 +657,17 @@ assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_mo
     delete process.env.CROSS_REVIEW_STUB_REPORTED_MODEL;
     assert.equal(aliasResult.model_match, true, `v3.7.4 / model-match: a \`-latest\` alias resolving to a concrete dated id (grok-4-latest → grok-4-0709) MUST match — not trip silent_model_downgrade (got model_match=${aliasResult.model_match})`);
     assert.notEqual(aliasResult.status, null, "v3.7.4 / model-match: a matched `-latest` alias must NOT force status to null (base.ts:315)");
+    const dotAliasStub = new StubAdapter(config, "grok", "grok-4-latest");
+    process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-4.3";
+    const dotAliasResult = await dotAliasStub.call("model-match -latest dot alias probe", {
+        session_id: result.session.session_id,
+        round: 98,
+        task: "model-match -latest dot alias probe",
+        emit() { },
+    });
+    delete process.env.CROSS_REVIEW_STUB_REPORTED_MODEL;
+    assert.equal(dotAliasResult.model_match, true, `v4.0.5 / model-match: a \`-latest\` alias resolving to a dot-release id (grok-4-latest → grok-4.3) MUST match — not trip silent_model_downgrade (got model_match=${dotAliasResult.model_match})`);
+    assert.notEqual(dotAliasResult.status, null, "v4.0.5 / model-match: a matched `-latest` dot alias must NOT force status to null");
     const downgradeAliasStub = new StubAdapter(config, "grok", "grok-4-latest");
     process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-3-fast";
     const downgradeAliasResult = await downgradeAliasStub.call("model-match cross-family downgrade probe", {
@@ -670,7 +680,9 @@ assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_mo
     assert.equal(downgradeAliasResult.model_match, false, `v3.7.4 / model-match: a genuine cross-family downgrade (grok-4-latest → grok-3-fast) MUST still be flagged (got model_match=${downgradeAliasResult.model_match})`);
     // Source pin: base.ts modelMatches must carry the `-latest` family-stem branch.
     const baseSrc = fs.readFileSync(path.resolve(process.cwd(), "src", "peers", "base.ts"), "utf8");
-    assert.ok(/endsWith\("-latest"\)/.test(baseSrc) && /familyStem/.test(baseSrc), "v3.7.4 / model-match: base.ts modelMatches must handle the `-latest` alias via a family-stem match");
+    assert.ok(/endsWith\("-latest"\)/.test(baseSrc) &&
+        /reportedModel\.startsWith\(`\$\{familyStem\}-`\)/.test(baseSrc) &&
+        /reportedModel\.startsWith\(`\$\{familyStem\}\.`\)/.test(baseSrc), "v4.0.5 / model-match: base.ts modelMatches must handle `-latest` aliases via hyphen and dot family-stem matches");
     console.log("[smoke] model_match_latest_alias_test: PASS");
 }
 const focusSecret = ["sk", "test", "B".repeat(24)].join("-");
@@ -6151,6 +6163,101 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
     assert.equal(pl.name, "@lcv-ideas-software/cross-review", `v4.0.2 / AUDIT-1: package-lock.json .name must be "@lcv-ideas-software/cross-review"; got "${pl.name}".`);
     console.log("[smoke] package_version_consistency_test: PASS");
 }
+// v4.0.5 (AUDIT-2..6, Codex hard-gate close-out 2026-05-15):
+// anti-drift checks for post-rename docs, no-fallback wording, registry
+// artifact verification and agent-instruction history.
+{
+    const docsPath = path.join(process.cwd(), "docs", "model-selection.md");
+    const docsSrc = fs.readFileSync(docsPath, "utf8");
+    const staleV2ThinkingPhrase = "Cross-review-" + "v2 is optimized";
+    const staleGeminiFallbackPhrase = "Gemini 2.5 Pro " + "fallback";
+    const missingCapabilityReport = "docs/reports/cross-review" + "-api-capability-smoke-2026-04-30.md";
+    assert.ok(docsSrc.includes("Cross-review is optimized for correctness over latency and cost."), "v4.0.5 / AUDIT-2: docs/model-selection.md must use the post-v4 product name in the thinking section.");
+    assert.ok(!docsSrc.includes(staleV2ThinkingPhrase), "v4.0.5 / AUDIT-2: stale v2 product-name wording must not return.");
+    assert.ok(!docsSrc.includes(staleGeminiFallbackPhrase), "v4.0.5 / AUDIT-2: Gemini docs must not describe the pinned model as a fallback.");
+    assert.ok(!docsSrc.includes(missingCapabilityReport), "v4.0.5 / AUDIT-2: docs must not link to the missing post-rename capability-smoke filename.");
+    assert.ok(docsSrc.includes("docs/reports/cross-review-v2-api-capability-smoke-2026-04-30.md"), "v4.0.5 / AUDIT-2: docs must link to the existing historical v2 capability-smoke report.");
+    assert.ok(fs.existsSync(path.join(process.cwd(), "docs", "reports", "cross-review-v2-api-capability-smoke-2026-04-30.md")), "v4.0.5 / AUDIT-2: linked historical capability-smoke report must exist.");
+    console.log("[smoke] docs_model_selection_rename_and_link_test: PASS");
+}
+{
+    const modelSelectionSrc = fs.readFileSync(path.join(process.cwd(), "src", "peers", "model-selection.ts"), "utf8");
+    const staleFallbackReason = "using the current " + "fallback";
+    assert.ok(!modelSelectionSrc.includes(staleFallbackReason), "v4.0.5 / AUDIT-3: model-selection reason text must not claim fallback use.");
+    assert.ok(modelSelectionSrc.includes("keeping the configured model pin"), "v4.0.5 / AUDIT-3: model-selection failure paths must describe keeping the configured model pin.");
+    assert.ok(modelSelectionSrc.includes("no-fallback policy"), "v4.0.5 / AUDIT-3: no-fallback policy wording must remain visible in model selection.");
+    console.log("[smoke] model_selection_no_fallback_wording_test: PASS");
+}
+{
+    const instructionFiles = [
+        ["copilot", path.join(process.cwd(), ".github", "copilot-instructions.md")],
+        ["gemini", path.join(process.cwd(), ".ai", "GEMINI.md")],
+    ];
+    for (const [label, filePath] of instructionFiles) {
+        if (!fs.existsSync(filePath))
+            continue;
+        const src = fs.readFileSync(filePath, "utf8");
+        assert.ok(src.includes("renomeado de `@lcv-ideas-software/cross-review-v2` no rename total Phase 2"), `v4.0.5 / AUDIT-4: ${label} agent instructions must preserve cross-review-v2 -> cross-review history.`);
+        assert.ok(!src.includes("renomeado de `@lcv-ideas-software/cross-review` no rename total Phase 2"), `v4.0.5 / AUDIT-4: ${label} agent instructions must not contain the tautological rename.`);
+    }
+    console.log("[smoke] agent_instruction_rename_history_test: PASS");
+}
+{
+    const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), "package.json"), "utf8"));
+    const script = String(pkg.scripts?.["release:verify-registry"] ?? "");
+    assert.ok(script.includes("verify-registry-dist.mjs"), "v4.0.5 / AUDIT-6: package.json must expose release:verify-registry.");
+    const verifyScript = fs.readFileSync(path.join(process.cwd(), "scripts", "verify-registry-dist.mjs"), "utf8");
+    assert.ok(!verifyScript.includes("node:child_process"), "v4.0.6 / F1: verify-registry-dist.mjs must not spawn npm/npm.cmd; Windows Node hardening rejects npm.cmd spawn.");
+    assert.ok(verifyScript.includes("https://registry.npmjs.org") && verifyScript.includes("fetch("), "v4.0.6 / F1: verify-registry-dist.mjs must query npm registry metadata directly.");
+    for (const required of ["dist", "shasum", "integrity", "tarball"]) {
+        assert.ok(verifyScript.includes(required), `v4.0.5 / AUDIT-6: verify-registry-dist.mjs must validate npm registry dist.${required}.`);
+    }
+    const publishWorkflow = fs.readFileSync(path.join(process.cwd(), ".github", "workflows", "publish.yml"), "utf8");
+    assert.ok(publishWorkflow.includes("npm --registry=https://registry.npmjs.org run release:verify-registry"), "v4.0.5 / AUDIT-6: publish workflow must verify npm registry artifact metadata after publication.");
+    console.log("[smoke] registry_dist_metadata_verification_test: PASS");
+}
+{
+    const npmRegistryArg = "--registry=https://registry.npmjs.org";
+    const isAllowedNpmCommand = (command) => {
+        const afterNpm = command.trim().replace(/^.*?\bnpm\s+/, "");
+        return /^(ci|install|update)\b/.test(afterNpm) || afterNpm.startsWith(npmRegistryArg);
+    };
+    const extractNpmShellCommand = (line) => {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#"))
+            return undefined;
+        if (trimmed.startsWith("run: npm "))
+            return trimmed.slice("run: ".length);
+        if (trimmed.startsWith("npm "))
+            return trimmed;
+        if (trimmed.startsWith("if npm "))
+            return trimmed.slice("if ".length);
+        return undefined;
+    };
+    for (const workflowPath of [
+        path.join(process.cwd(), ".github", "workflows", "ci.yml"),
+        path.join(process.cwd(), ".github", "workflows", "publish.yml"),
+    ]) {
+        const workflowSrc = fs.readFileSync(workflowPath, "utf8");
+        workflowSrc.split(/\r?\n/).forEach((line, index) => {
+            const command = extractNpmShellCommand(line);
+            if (!command)
+                return;
+            assert.ok(isAllowedNpmCommand(command), `v4.0.5 / npm-registry: ${path.basename(workflowPath)}:${index + 1} must pass ${npmRegistryArg} unless it is dependency install/update.`);
+        });
+        assert.ok(!workflowSrc.includes("execFileSync('npm', ['--version']"), `v4.0.5 / npm-registry: ${path.basename(workflowPath)} npm subprocess checks must pass ${npmRegistryArg}.`);
+    }
+    const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), "package.json"), "utf8"));
+    for (const [name, script] of Object.entries(pkg.scripts ?? {})) {
+        for (const part of script.split("&&")) {
+            const trimmed = part.trim();
+            if (!trimmed.startsWith("npm "))
+                continue;
+            assert.ok(isAllowedNpmCommand(trimmed), `v4.0.5 / npm-registry: package script ${name} must pass ${npmRegistryArg} unless it is dependency install/update.`);
+        }
+    }
+    console.log("[smoke] npm_registry_discipline_test: PASS");
+}
 // v2.6.1 NOTE: smoke coverage for `peer.fallback.budget_blocked` and
 // `peer.moderation_recovery.budget_blocked` is intentionally NOT
 // included. These two gates use the same arithmetic shape as preflight