azclaude-copilot 0.4.29 → 0.4.31

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
     {
       "name": "azclaude",
       "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 34 commands, 9 auto-invoked skills, 15 specialized agents, 4 hooks, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
-      "version": "0.4.29",
+      "version": "0.4.31",
       "source": {
         "source": "github",
         "repo": "haytamAroui/AZ-CLAUDE-COPILOT",

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "azclaude",
-  "version": "0.4.29",
+  "version": "0.4.31",
   "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 34 commands, 9 auto-invoked skills, 15 specialized agents, 4 hooks, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
   "author": {
     "name": "haytamAroui",

package/README.md

@@ -807,11 +807,11 @@ Run `/level-up` at any time to see your current level and build the next one.
 
 ## Verified
 
-1455 tests. Every template, command, capability, agent, hook, and CLI feature verified.
+1462 tests. Every template, command, capability, agent, hook, and CLI feature verified.
 
 ```bash
 bash tests/test-features.sh
-# Results: 1455 passed, 0 failed, 1455 total
+# Results: 1462 passed, 0 failed, 1462 total
 ```
 
 ---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "azclaude-copilot",
-  "version": "0.4.29",
+  "version": "0.4.31",
   "description": "AI coding environment — 34 commands, 9 skills, 15 agents, memory, reflexes, evolution. Install: npx azclaude-copilot@latest, then open Claude Code.",
   "bin": {
     "azclaude": "bin/cli.js",

package/templates/hooks/pre-tool-use.js

@@ -77,7 +77,7 @@ if (toolName === 'Bash' && command) {
 
 // ── Gate: Read tool — warn on credential file access ─────────────────────────
 if (toolName === 'Read' && filePath) {
-  const CRED_FILE = /\.env$|\.env\.\w+$|secrets?\.(json|ya?ml)$|credentials?(\.json)?$|id_rsa$|\.pem$|\.p12$|\.pfx$|\.keystore$/i;
+  const CRED_FILE = /\.env$|\.env\.\w+$|secrets?\.(json|ya?ml)$|credentials?(\.json)?$|id_rsa$|id_ed25519$|id_ecdsa$|id_dsa$|\.pem$|\.p12$|\.pfx$|\.keystore$/i;
   if (CRED_FILE.test(filePath)) {
     const rel = path.relative(process.cwd(), path.resolve(filePath));
     if (!rel.startsWith('..')) {
@@ -191,6 +191,36 @@ const RULES = [
     message: 'Prompt injection pattern detected in file being written — this content could hijack AI agent context when read. Matches known CVE-2025-54794 attack vector. Review before proceeding.',
     block:   false,
   },
+  {
+    id:      'c-gets',
+    test:    /\bgets\s*\(/,
+    message: 'gets() detected — buffer overflow vulnerability (removed from C11). Use fgets() or getline() with explicit bounds.',
+    block:   false,
+  },
+  {
+    id:      'php-shell-exec',
+    test:    /\bshell_exec\s*\(/,
+    message: 'shell_exec() detected — command injection risk. Use escapeshellarg() or avoid shell execution entirely.',
+    block:   false,
+  },
+  {
+    id:      'java-runtime-exec',
+    test:    /Runtime\.getRuntime\(\)\.exec\s*\(/,
+    message: 'Runtime.exec() detected — command injection risk. Use ProcessBuilder with a String[] argument array instead.',
+    block:   false,
+  },
+  {
+    id:      'jinja2-ssti',
+    test:    /render_template_string\s*\(/,
+    message: 'render_template_string() detected — server-side template injection risk. Use render_template() with a file-based template instead.',
+    block:   false,
+  },
+  {
+    id:      'subprocess-shell-true',
+    test:    /subprocess\.(run|Popen|call|check_output)\s*\([^)]*shell\s*=\s*True/,
+    message: 'subprocess with shell=True detected — command injection via shell metacharacters. Use list args with shell=False instead.',
+    block:   false,
+  },
   {
     id:      'hardcoded-secret',
     test:    /AKIA[A-Z0-9]{16}|sk-[a-zA-Z0-9]{20,}|ghp_[A-Za-z0-9]{36}|glpat-[A-Za-z0-9_-]{20}|xoxb-[0-9]|xoxp-[0-9]|npm_[A-Za-z0-9]{36}|AIza[0-9A-Za-z_-]{35}|sk_live_[0-9a-zA-Z]{24}|SG\.[A-Za-z0-9_-]{22}\.|-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY/,

package/templates/skills/security/SKILL.md

@@ -45,13 +45,15 @@ All hooks share `/tmp/.azclaude-seclog-{PID}` (JSONL). Session summary printed a
 
 ## Read Gate (pre-tool-use.js)
 Warns (once per session) when Claude reads credential files:
-`.env`, `.env.*`, `secrets.json`, `secrets.yaml`, `credentials.json`, `id_rsa`, `.pem`, `.p12`, `.pfx`, `.keystore`
+`.env`, `.env.*`, `secrets.json`, `secrets.yaml`, `credentials.json`, `id_rsa`, `id_ed25519`, `id_ecdsa`, `id_dsa`, `.pem`, `.p12`, `.pfx`, `.keystore`
 
-## Write Gate — 14 Rules (pre-tool-use.js)
+## Write Gate — 19 Rules (pre-tool-use.js)
 Scans all Edit/Write content before writing. Secrets → **Block** (exit 2). Others → Warn.
 
 Key patterns: `eval(`, `child_process.exec(`, `dangerouslySetInnerHTML`, `pickle.load(`,
-`os.system(`, `MD5`/`SHA1`/`Math.random()`, `__proto__`, `yaml.load(`, `../` traversal,
+`os.system(`, `subprocess(..., shell=True)`, `gets(`, `shell_exec(`,
+`Runtime.getRuntime().exec(`, `render_template_string(`,
+`MD5`/`SHA1`/`Math.random()`, `__proto__`, `yaml.load(`, `../` traversal,
 `ignore previous instructions`, AWS/GH/GL/Slack/npm/GCP/Stripe/SendGrid/PEM tokens.
 
 For fix guidance per pattern: `references/security-details.md`

package/templates/skills/security/references/security-details.md

@@ -48,7 +48,7 @@ Levels: `block` (exit 2 — Claude Code refuses the action) · `warn` (exit 0
 
 ### Read Gate Rules (pre-tool-use.js)
 
-Files matching: `.env`, `.env.*`, `secrets.json`, `secrets.yaml`, `credentials.json`, `id_rsa`, `.pem`, `.p12`, `.pfx`, `.keystore`
+Files matching: `.env`, `.env.*`, `secrets.json`, `secrets.yaml`, `credentials.json`, `id_rsa`, `id_ed25519`, `id_ecdsa`, `id_dsa`, `.pem`, `.p12`, `.pfx`, `.keystore`
 → Warn once per session per file (deduplicated).
 
 ### Behavioral Sequence Detection (post-tool-use.js)
@@ -87,6 +87,11 @@ Scans all Edit/Write/MultiEdit operations. Warnings → stderr. Secrets → exit
 | `yaml-unsafe-load` | `yaml.load(` | Python | Arbitrary code execution | Warn |
 | `path-traversal` | `../` in file paths | Any | Arbitrary file read/write | Warn |
 | `prompt-injection-write` | `ignore previous instructions` / `{"role":"user","content":` | Any | AI context hijack (CVE-2025-54794) | Warn |
+| `subprocess-shell-true` | `subprocess.run(..., shell=True)` / `subprocess.Popen(..., shell=True)` | Python | Command injection via shell metacharacters | Warn |
+| `c-gets` | `gets(` | C/C++ | Buffer overflow (removed from C11) | Warn |
+| `php-shell-exec` | `shell_exec(` | PHP | Command injection | Warn |
+| `java-runtime-exec` | `Runtime.getRuntime().exec(` | Java/Kotlin | Command injection | Warn |
+| `jinja2-ssti` | `render_template_string(` | Python/Flask | Server-side template injection | Warn |
 | `hardcoded-secret` | AWS/GH/GL/Slack/npm/GCP/Stripe/SendGrid/PEM key tokens | Any | Credential exposure | **Block** |
 
 **Fix guidance per pattern:**
@@ -94,7 +99,7 @@ Scans all Edit/Write/MultiEdit operations. Warnings → stderr. Secrets → exit
 - `eval` / `new Function` → use `JSON.parse()` for data; avoid string→code entirely
 - `dangerouslySetInnerHTML` / `dom-xss` → use `textContent` or sanitize with DOMPurify
 - `pickle.*` → use `json.loads()` for serialization; never unpickle external data
-- `os.system` → use `subprocess.run(['cmd', 'arg1'], shell=False)`
+- `os.system` / `subprocess-shell-true` → use `subprocess.run(['cmd', 'arg1'], shell=False)`
 - `gh-actions-injection` → store event data in env vars before using in `run:` steps
 - `weak-crypto` → use `crypto.randomBytes()` / `secrets.token_bytes()`, SHA-256+, AES-GCM
 - `prototype-pollution` → use `Object.create(null)`, `Object.freeze()`, avoid dynamic key assignment