claudemd-cli 0.41.0 → 0.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -8,6 +8,25 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
8
8
  - **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
9
9
  - **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
10
10
 
11
+ ## [0.43.0] - 2026-07-13
12
+
13
+ **Minor — hard-rules manifest reverse-completeness + telemetry-hygiene batch (roadmap B1+B2).** Product of the 2026-07-13 production-readiness re-audit. Spec rule content unchanged (stays v6.17.0); `spec/hard-rules.json` is the HARD-rule ledger, not spec prose.
14
+
15
+ - **MANIFEST-1** (`spec/hard-rules.json`): added the `§8-curl-sh` entry. The curl/wget-into-shell gate has filed blocking denies under `§8-curl-sh` since v0.39.0, but the manifest — which self-describes as the ledger of "every HARD rule" and drives `/claudemd-rules` §13.1 demote accounting — had no entry, so that section's deny/bypass hits were invisible to demote-review and coverage accounting. `totalRules` 22 → 23. Anchors on the existing spec §8 line "execute scripts of unknown origin" (no new spec rule).
16
+ - **TEST-3** (`tests/scripts/hard-rules-drift.test.js`): new `hard-rules-8` reverse-completeness assertion — enumerates every `HIT_SECTIONS+=('§…')` deny section across `hooks/*.sh` and requires each to have a hook/both manifest entry. Prior drift tests only checked manifest→spec and manifest-entry→section; nothing asserted hook→manifest, which is exactly how `§8-curl-sh` slipped. This test RED-anchored MANIFEST-1 (failed on `§8-curl-sh` before the entry, green after). `§8-curl-sh` added to `KNOWN_HOOK_SECTIONS`.
17
+ - **TEST-4** (`tests/scripts/sampling-audit.test.js`): the DRIFT-1 parity test's first assertion was `assert.deepEqual(pats, readPatterns(pf))` — tautological, since `loadVocabPatterns` internally *is* `readPatterns(pf)` (it compared a function's output to itself and could not catch a parse regression). Replaced with concrete parse-output assertions (pattern count + each fixture line's `regex`/`isRatio`). Mutation-verified: reintroducing the old `indexOf('|')` truncation now fails the test (previously passed). Removed the now-unused `readPatterns` import.
18
+ - **OPS-2** (memory, not code): `feedback_manual_hook_probe_pollutes_telemetry` gained a subagent-dispatch bullet — hook-probe subagents don't inherit the `DISABLE_RULE_HITS_LOG=1` discipline unless the dispatch prompt states it (a `delta-review` subagent wrote 3–4 self-class deny rows to the live log during this audit before the discipline was applied).
19
+ - **Tests**: full `npm test` green; shellcheck + bash-3.2 gate clean.
20
+
21
+ ## [0.42.0] - 2026-07-13
22
+
23
+ **Minor — §8 command-name canonicalization parity + `$IFS` fixed-point fold (roadmap SEC-2, L3).** Product of the 2026-07-13 production-readiness re-audit (`docs/production-readiness-audit-2026-07-13.md`), which found SEC-1 (v0.39.0) closed the `\rm` / `/bin/rm` command-name evasion for the **rm gate only** — the npx and curl-into-shell gates still let path-prefixed / backslash-escaped runners through. Spec unchanged (stays v6.17.0). This is a §8 SAFETY enforcement change; positioning is unchanged — §8 remains a guardrail (env vars / `[allow-*]` tokens still bypass), not an adversarial security boundary. Closing these makes the gate fire on **natural command spellings** (`/usr/bin/npx`, `\curl`), not on obfuscation.
24
+
25
+ - **SEC-2 F5 command-position canonicalization** (`hooks/pre-bash-safety-check.sh`): new `canon_cmd_words` awk pass strips a leading backslash and a path prefix from the **first token after a true command separator** (`^ ; & | ( { ` backtick ` newline`) — never a plain-space-preceded argument. This gives the npx/curl gates the same command-name awareness the rm gate's token loop already had. Now denied (were allowed): `\npx pkg`, `/usr/bin/npx pkg`, `\curl url | sh`, `/usr/bin/curl url | sh`, `curl url | /bin/sh`, and path/backslash runners after a `;`/`|`/`&&` separator. No false-positive on argument-position paths: `echo foo/npx bar`, `cat /usr/bin/rm` still pass (the arg is space-preceded, not command position).
26
+ - **SEC-2 F6 `$IFS` fixed-point fold** (`hooks/pre-bash-safety-check.sh`): the bare-`$IFS` fold `s/\$IFS([^A-Za-z0-9_]|$)/ \1/` consumed the trailing delimiter into the backref, so an **adjacent** `$IFS$IFS` left the second copy unfolded after one pass (`rm$IFS$IFS-rf$IFS$X` → allow). The bare form now loops to a fixed point (folding only removes `$IFS`, so it decreases monotonically and terminates); `$IFSFOO` (distinct var) stays untouched.
27
+ - **Red-team corpus** (`tests/fixtures/bash-safety/corpus.tsv`): +12 cases (F5×6 deny + F5-fp×3 pass + F6×1 deny + F6-fp×1 pass) wired into the CI-gated `pre-bash-safety.test.sh`, so this FN class fails the build if it reopens. Corpus 221 → 233 cases.
28
+ - **Tests**: `pre-bash-safety.test.sh` 233/233; full `npm test` green (node --test 675/675, integration full+upgrade lifecycle PASS); shellcheck clean; bash-3.2 portability gate clean. All 6 original bypass vectors re-confirmed deny + all FP controls allow on the real hook (`DISABLE_RULE_HITS_LOG=1`, no telemetry pollution).
29
+
11
30
  ## [0.41.0] - 2026-07-12
12
31
 
13
32
  **Minor — latent-cleanup batch (roadmap B2): detector-parity, encoding-helper dedup, install validate-before-move, strict toggle argv, architecture-doc refresh.** Closes the five B2 items from the 2026-07-12 production-readiness audit. Spec unchanged (stays v6.17.0). No user-visible enforcement change.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claudemd-cli",
3
- "version": "0.41.0",
3
+ "version": "0.43.0",
4
4
  "description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
5
5
  "type": "module",
6
6
  "bin": {