claudemd-cli 0.38.0 → 0.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,29 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
|
|
|
8
8
|
- **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
|
|
9
9
|
- **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
|
|
10
10
|
|
|
11
|
+
## [0.40.0] - 2026-07-12
|
|
12
|
+
|
|
13
|
+
**Minor — observability + test-robustness batch (roadmap B1): safety-hook fail-open telemetry + doctor hook-liveness self-checks + CI execution timeouts + README hook-count drift guard.** Product of the 2026-07-12 production-readiness audit (`docs/production-readiness-audit-2026-07-12.md`) B1 batch. Spec unchanged (stays v6.17.0). No user-visible enforcement change — these harden observability and the test harness.
|
|
14
|
+
|
|
15
|
+
- **OBS-1 fail-open telemetry** (`hooks/pre-bash-safety-check.sh`, `hooks/memory-read-check.sh`, `hooks/ship-baseline-check.sh`): the three safety-critical hooks (§8 / §11 / §7) previously `exit 0` silently on a missing jq or malformed stdin, indistinguishable in the §13.1 audit from "rule never fired". They now call `hook_record_failopen <hook> jq-missing|bad-event` on those early exits (the contract `banned-vocab-check.sh` already modeled). `tests/hooks/fail-open.test.sh` +3 (T5–T7).
|
|
16
|
+
- **OBS-2 doctor hook-liveness** (`scripts/doctor.js`): the deny self-tests covered only 2 of 16 hooks; the 6 Stop hooks + PostToolUse + other advisory hooks (which never emit a deny) had no liveness surface, so a silently-broken hook was invisible to `/claudemd-doctor`. Adds 12 liveness self-checks — each feeds a synthetic event of the hook's registered type under an isolated mkdtemp HOME (so state-writing hooks can't touch the real `~/.claude`) and asserts exit 0 with no shell-crash signature. Coverage now 14/16; `session-start-check` + `version-sync` are intentionally excluded (bootstrap / network / background-spawn side-effects unsafe to trigger from a health command; covered by their own suites + the upgrade-lifecycle integration test). `tests/scripts/doctor.test.js` +1 coverage-lock test. Known scope: liveness catches crashes on the path the synthetic event exercises (parse-time syntax errors, early `set -u` unbound-var), not breaks in untaken branches — those remain the unit suites' job.
|
|
17
|
+
- **TEST-1 CI execution timeouts** (`tests/run-all.sh` + new `tests/lib/run-suite.sh`): a hung test (a hook reading stdin with no EOF, a blocking spawnSync) previously stalled the whole run to the CI job-level kill with no diagnostic. New shared `run_suite` wraps each bash suite in `timeout`/`gtimeout` (hook 120s / integration 300s; degrades to no-cap when neither binary is present so the runner never breaks); `node --test` gets `--test-timeout=60000`. New `tests/hooks/timeout-guard.test.sh` (4 cases) exercises `run_suite` against a deliberately-hanging suite (killed with 124, bounded), asserting exit-code pass-through for normal and failing suites.
|
|
18
|
+
- **TEST-2 README hook-count drift guard** (`tests/scripts/readme-drift.test.js` +2): the "16 shell hooks" claim (capabilities table + project-layout tree) was guarded only indirectly via `HOOK_REGISTRY.length`; the README text could drift silently. Now asserts every "N shell hooks" mention matches `hooks/*.sh` count, and the enumerated capability list names exactly the real hooks (catches a hook dropped from the list even if the number still matches).
|
|
19
|
+
- **OPS-1 (no change — audit finding was inaccurate)**: the audit flagged `claudemd.jsonl` as having "no rotation". Verified against source: `hooks/lib/rule-hits.sh` has had size-capped rotation (`CLAUDEMD_LOG_MAX_MB`, default 5 MB → `.1` → `.2`) with test coverage (`rule-hits.test.sh` cases 4–6) since it shipped. No work needed; documented in the roadmap to prevent re-flagging.
|
|
20
|
+
- **Tests**: full `npm test` green; shellcheck clean; bash-3.2 portability gate clean.
|
|
21
|
+
|
|
22
|
+
## [0.39.0] - 2026-07-12
|
|
23
|
+
|
|
24
|
+
**Minor — §8 Bash-gate false-negative closure: command-name canonicalization + shell-lexer normalization (roadmap SEC-1).** Closes 4 novel §8 bypasses surfaced by the 2026-07-12 production-readiness audit (`docs/production-readiness-audit-2026-07-12.md`, all reproduced live before the fix). Spec unchanged (stays v6.17.0). **User-visible enforcement change**: commands previously ALLOWED are now denied — see below.
|
|
25
|
+
|
|
26
|
+
- **Fix** (`hooks/pre-bash-safety-check.sh`): the rm-detector's segment gate matched only the bare literal token `rm`, and the sanitizer never normalized `${IFS}` or backslash-newline, so four natural-looking evasions slipped the gate. All now denied:
|
|
27
|
+
- **F1 command-name canonicalization** — the rm command word is canonicalized to its basename with one leading backslash stripped, so `/bin/rm -rf $VAR`, `./rm`, and the alias-defeating `\rm -rf $VAR` are recognized as rm (matching what the shell execs, not the source spelling). `busybox rm` (multiplexer) added to the wrapper-strip set. Exact `== rm` after canonicalization keeps `charm`/`norm`/`perm` off.
|
|
28
|
+
- **F2 `${IFS}`/`$IFS` word-split** — folded to a space before tokenizing, so `rm${IFS}-rf${IFS}$HOME` and `npx${IFS}pkg` read as `rm -rf $HOME` / `npx pkg`. Bare `$IFS` folds only when not followed by an identifier char (`$IFSFOO` untouched).
|
|
29
|
+
- **F3 backslash-newline continuation** — `rm -r\`+newline+`f $X` rejoins before tokenizing (portable bash-3.2 param-expansion, not BSD-unsafe sed `\n`).
|
|
30
|
+
- **F4 `source <(curl)` / `. <(curl)`** — `source` and `.` added to the curl-process-substitution interpreter set; they exec fetched content in the current shell like `bash <(curl x)`.
|
|
31
|
+
Folding/canonicalization can only EXPOSE tokens the shell itself sees at exec time, never hide one, so these strictly close false-negatives on the deny-on-match detectors. **Positioning unchanged**: §8 remains a guardrail (steers the agent off its own mistakes + makes rule-adherence observable), NOT an anti-injection security boundary — any `DISABLE_*` env var or `[allow-*]` token still bypasses by design. Documented residuals (`xargs rm`, option-with-arg wrappers like `sudo -u svc rm`, non-shell interpreter sinks) remain out of scope (diminishing returns; don't change the guardrail framing).
|
|
32
|
+
- **Tests** (`tests/fixtures/bash-safety/corpus.tsv`, +16 rows → suite 211 → 222): 11 adversarial deny cases (F1–F4) + 5 FP controls (`/bin/rm` literal path, `charm` basename exact-match, `${IFS}` in echo, `source`/`.` on local files) — the red-team evasion corpus the roadmap called for, driven by `pre-bash-safety.test.sh` inside the CI-gated run-all. `npm test` all suites pass; shellcheck clean; bash-3.2 portability gate clean.
|
|
33
|
+
|
|
11
34
|
## [0.38.0] - 2026-07-12
|
|
12
35
|
|
|
13
36
|
**Minor — statusline path segment renders cwd basename only.** Spec unchanged (stays v6.17.0).
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claudemd-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.40.0",
|
|
4
4
|
"description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|