claudemd-cli 0.40.0 → 0.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -8,6 +8,28 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
8
8
  - **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
9
9
  - **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
10
10
 
11
+ ## [0.42.0] - 2026-07-13
12
+
13
+ **Minor — §8 command-name canonicalization parity + `$IFS` fixed-point fold (roadmap SEC-2, L3).** Product of the 2026-07-13 production-readiness re-audit (`docs/production-readiness-audit-2026-07-13.md`), which found SEC-1 (v0.39.0) closed the `\rm` / `/bin/rm` command-name evasion for the **rm gate only** — the npx and curl-into-shell gates still let path-prefixed / backslash-escaped runners through. Spec unchanged (stays v6.17.0). This is a §8 SAFETY enforcement change; positioning is unchanged — §8 remains a guardrail (env vars / `[allow-*]` tokens still bypass), not an adversarial security boundary. Closing these makes the gate fire on **natural command spellings** (`/usr/bin/npx`, `\curl`), not on obfuscation.
14
+
15
+ - **SEC-2 F5 command-position canonicalization** (`hooks/pre-bash-safety-check.sh`): new `canon_cmd_words` awk pass strips a leading backslash and a path prefix from the **first token after a true command separator** (`^ ; & | ( { ` backtick ` newline`) — never a plain-space-preceded argument. This gives the npx/curl gates the same command-name awareness the rm gate's token loop already had. Now denied (were allowed): `\npx pkg`, `/usr/bin/npx pkg`, `\curl url | sh`, `/usr/bin/curl url | sh`, `curl url | /bin/sh`, and path/backslash runners after a `;`/`|`/`&&` separator. No false-positive on argument-position paths: `echo foo/npx bar`, `cat /usr/bin/rm` still pass (the arg is space-preceded, not command position).
16
+ - **SEC-2 F6 `$IFS` fixed-point fold** (`hooks/pre-bash-safety-check.sh`): the bare-`$IFS` fold `s/\$IFS([^A-Za-z0-9_]|$)/ \1/` consumed the trailing delimiter into the backref, so an **adjacent** `$IFS$IFS` left the second copy unfolded after one pass (`rm$IFS$IFS-rf$IFS$X` → allow). The bare form now loops to a fixed point (folding only removes `$IFS`, so it decreases monotonically and terminates); `$IFSFOO` (distinct var) stays untouched.
17
+ - **Red-team corpus** (`tests/fixtures/bash-safety/corpus.tsv`): +12 cases (F5×6 deny + F5-fp×3 pass + F6×1 deny + F6-fp×1 pass) wired into the CI-gated `pre-bash-safety.test.sh`, so this FN class fails the build if it reopens. Corpus 221 → 233 cases.
18
+ - **Tests**: `pre-bash-safety.test.sh` 233/233; full `npm test` green (node --test 675/675, integration full+upgrade lifecycle PASS); shellcheck clean; bash-3.2 portability gate clean. All 6 original bypass vectors re-confirmed deny + all FP controls allow on the real hook (`DISABLE_RULE_HITS_LOG=1`, no telemetry pollution).
19
+
20
+ ## [0.41.0] - 2026-07-12
21
+
22
+ **Minor — latent-cleanup batch (roadmap B2): detector-parity, encoding-helper dedup, install validate-before-move, strict toggle argv, architecture-doc refresh.** Closes the five B2 items from the 2026-07-12 production-readiness audit. Spec unchanged (stays v6.17.0). No user-visible enforcement change.
23
+
24
+ - **DRIFT-1** (`scripts/sampling-audit.js`): `loadVocabPatterns` + `scanVocab` now delegate to lint.js `readPatterns`/`scan` — the sanctioned §10-V parser shared with the CLI and the bash hook. The prior inline loader used `indexOf('|')` (truncates any alternation-bearing regex) and omitted `posixClassesToJs`, so a future non-`@ratio` pattern with an alternation or POSIX class would be silently dropped/mis-matched here while active elsewhere → false-optimistic §10-V compliance. `@ratio` exclusion preserved via `excludeRatio`; raw-text baseline preserved (no identifier strip). +2 parity tests (alternation regex survives; POSIX class matches; `@ratio` excluded).
25
+ - **ARCH-1** (`hooks/lib/rule-hits.sh` + `hooks/lib/hook-common.sh` + 3 hooks): the CC projects-dir encoding (`tr -c 'a-zA-Z0-9-' '-'`) was hand-inlined in 4 places (a class with prior bug history). Extracted to a single `hook_encode_project` in the rule-hits leaf lib, eagerly sourced by hook-common so all consumers share ONE definition (no `declare -F`-guarded inline fallback — that silent-divergence antipattern). +1 binding test.
26
+ - **SCRIPT-1** (`scripts/install.js`): the shipped-spec completeness check now runs BEFORE the backup branch `renameSync`-moves the user's `~/.claude/CLAUDE.md` (pre-fix an incomplete plugin checkout left the user's spec only in the backup dir, home path empty, manifest unwritten). Added a closing post-copy sha256 integrity assertion so a partial/failed copy that doesn't throw surfaces at install time, not on the next doctor run. +1 test (incomplete spec → throws, user content untouched, no backup created).
27
+ - **SCRIPT-2** (`scripts/toggle.js`): the only CLI entrypoint reading `process.argv[2]` directly — `toggle banned-vocab --json` silently dropped `--json`. Now takes the first positional as the hook name and feeds the remainder to `parseStrict`, so an unknown flag / extra positional rejects loudly with exit 2 (shape error, distinct from exit 1). +2 tests.
28
+ - **DOC-1** (`docs/ARCHITECTURE.md`): "Three layers" → four (adds the `bin/claudemd-lint.js` npm-CLI layer the doc omitted); new "§8 is a guardrail, not a security boundary" positioning section.
29
+ - **Test-harness fix** (`tests/hooks/contract.test.sh`): the C-check event extraction now strips comments before matching `hook_record <hook> <event>`, so a docstring mentioning `hook_record` no longer false-flags schema drift (anchor on code syntax only).
30
+ - **OPS-1 confirmed no-op** (already shipped): jsonl size-capped rotation exists in `rule-hits.sh` (documented in the roadmap; the audit's "no rotation" finding was inaccurate).
31
+ - **Tests**: full `npm test` green; shellcheck + bash-3.2 gate clean; `lint:argv` 0 hits.
32
+
11
33
  ## [0.40.0] - 2026-07-12
12
34
 
13
35
  **Minor — observability + test-robustness batch (roadmap B1): safety-hook fail-open telemetry + doctor hook-liveness self-checks + CI execution timeouts + README hook-count drift guard.** Product of the 2026-07-12 production-readiness audit (`docs/production-readiness-audit-2026-07-12.md`) B1 batch. Spec unchanged (stays v6.17.0). No user-visible enforcement change — these harden observability and the test harness.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claudemd-cli",
3
- "version": "0.40.0",
3
+ "version": "0.42.0",
4
4
  "description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
5
5
  "type": "module",
6
6
  "bin": {