dw-kit 1.3.4 → 1.3.5

package/.claude/hooks/supply-chain-scan.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+# .claude/hooks/supply-chain-scan.sh
+# Fires after Claude Code Write/Edit. If the file is a lockfile, runs `dw security-scan --quick`
+# to detect known-vulnerable dependency pins (offline IoC + advisory snapshot check).
+# Non-blocking — never aborts the parent tool call. Emits telemetry.
+# Reference: ADR-0005 (AI-Native Supply-Chain Guard). Sunset review 2026-08-12.
+
+set -e
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+TELEMETRY_SCRIPT="$PROJECT_DIR/.claude/hooks/telemetry-log.sh"
+
+if [ "${DW_NO_TELEMETRY:-}" != "1" ] && [ -x "$TELEMETRY_SCRIPT" ]; then
+  "$TELEMETRY_SCRIPT" hook supply-chain-scan >/dev/null 2>&1 || true
+fi
+
+if [ "${DW_SC_GUARD_DISABLED:-}" = "1" ]; then
+  exit 0
+fi
+
+INPUT=$(cat)
+
+FILE_PATH=$(echo "$INPUT" | node -e "
+let d='';
+process.stdin.on('data',c=>d+=c).on('end',()=>{
+  try{
+    const data=JSON.parse(d);
+    const p=data.file_path||data.path||data.filePath||(data.tool_input&&(data.tool_input.file_path||data.tool_input.path))||'';
+    process.stdout.write(p);
+  }catch(e){}
+});
+" 2>/dev/null || true)
+
+[ -z "$FILE_PATH" ] && exit 0
+
+# Match: package-lock.json, npm-shrinkwrap.json (case-insensitive).
+# pnpm-lock.yaml and yarn.lock are out-of-scope per ADR-0005 v1.3.5.
+BASENAME=$(basename "$FILE_PATH")
+case "$BASENAME" in
+  package-lock.json|npm-shrinkwrap.json)
+    ;;
+  *)
+    exit 0
+    ;;
+esac
+
+# Find the project root that contains the lockfile (in case PROJECT_DIR differs)
+LOCKFILE_DIR=$(dirname "$FILE_PATH")
+[ -d "$LOCKFILE_DIR" ] || exit 0
+
+# Locate dw binary — prefer local node_modules, fall back to global PATH
+DW_BIN=""
+if command -v dw >/dev/null 2>&1; then
+  DW_BIN="dw"
+elif [ -f "$PROJECT_DIR/bin/dw.mjs" ]; then
+  DW_BIN="node $PROJECT_DIR/bin/dw.mjs"
+else
+  exit 0
+fi
+
+START_TS=$(date +%s%N 2>/dev/null || date +%s)
+
+# Run scan in lockfile's project dir. Capture exit code without failing parent.
+set +e
+SCAN_OUTPUT=$(cd "$LOCKFILE_DIR" && $DW_BIN security-scan --quick 2>&1)
+SCAN_EXIT=$?
+set -e
+
+END_TS=$(date +%s%N 2>/dev/null || date +%s)
+LATENCY_MS=$(( (END_TS - START_TS) / 1000000 ))
+
+case "$SCAN_EXIT" in
+  0)
+    # Clean — silent unless verbose
+    if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
+      echo "✓ supply-chain-scan: clean (no advisory matches in $BASENAME)" >&2
+    fi
+    ;;
+  1)
+    # Low/medium matches — warn, do not block
+    echo "" >&2
+    echo "⚠  supply-chain-scan: advisory matches in $BASENAME (low/medium)" >&2
+    echo "$SCAN_OUTPUT" | tail -20 >&2
+    echo "   (advisory — not blocking; run \`dw security-scan\` for full report)" >&2
+    ;;
+  2)
+    # HIGH+ matches — loud warning, still non-blocking per ADR-0005 v1.3.5 (advisory-only)
+    echo "" >&2
+    echo "⚠  supply-chain-scan: HIGH+ severity advisory match in $BASENAME" >&2
+    echo "$SCAN_OUTPUT" | tail -25 >&2
+    echo "   ADVISORY ONLY — threshold matrix in v14-evaluation-protocol.md is authoritative." >&2
+    echo "   Run \`dw security-scan\` for full report. Public sunset review 2026-08-12 (ADR-0005)." >&2
+    ;;
+  *)
+    # Setup error (no snapshot, schema mismatch, etc.) — quiet hint
+    if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
+      echo "supply-chain-scan: setup needed — run \`dw security-scan --update-db\`" >&2
+    fi
+    ;;
+esac
+
+exit 0

package/.claude/settings.json

@@ -99,6 +99,10 @@
           {
             "type": "command",
             "command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/post-write.sh\""
+          },
+          {
+            "type": "command",
+            "command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/supply-chain-scan.sh\""
           }
         ]
       }

package/.dw/security/ioc-namespaces.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.0",
+  "updated": "2026-05-13",
+  "purpose": "Curated namespace patterns under ACTIVE incident — fallback for pre-install scan when OSV.dev is unavailable. Auto-expires per active_until date. TL updates when new incident requires fixture-level warning before OSV propagation.",
+  "namespaces": [
+    {
+      "pattern": "@tanstack/",
+      "reason": "Active incident 2026-05-11 — Mini Shai-Hulud worm (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx). 84 malicious versions across 42 @tanstack/* packages published 2026-05-11 19:20-19:26 UTC. Worm self-propagated to 169+ packages.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "guidance": "If installing @tanstack/* fresh: verify version is NOT in 1.169.5-1.169.8 range; prefer 1.169.9+. Check SLSA provenance attestation matches expected publisher. If already installed and lockfile pins 1.169.5-8: rotate ALL credentials (npm tokens, GitHub PATs, SSH keys, cloud keys, Claude/AI configs) before continuing."
+    },
+    {
+      "pattern": "@uipath/",
+      "reason": "Worm spread vector from TanStack incident (2026-05-11) — 70+ @uipath/* packages compromised via stolen npm OIDC tokens.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "guidance": "Verify each @uipath/* install against official UiPath release notes. Worm SLSA attestations are VALID — provenance check alone is insufficient. Cross-reference with UiPath security bulletin."
+    },
+    {
+      "pattern": "@mistralai/",
+      "reason": "Worm spread vector (2026-05-11) — @mistralai/mistralai 2.2.3-2.2.4 compromised on both npm and PyPI.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "guidance": "Avoid @mistralai/mistralai 2.2.3-2.2.4. Pin to 2.2.2 or 2.2.5+ once available."
+    },
+    {
+      "pattern": "@opensearch-project/opensearch",
+      "reason": "Worm spread vector (2026-05-11) — @opensearch-project/opensearch 3.6.2 compromised (1.3M weekly downloads).",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "guidance": "Avoid version 3.6.2. Pin to 3.6.1 or 3.6.3+."
+    }
+  ],
+  "maintenance_note": "This fixture is a SHORT-TERM defensive measure. Per ADR-0005 design, OSV.dev/GHSA auto-sync is the primary source; this fixture handles offline + post-incident pre-propagation window. TL prunes entries past active_until on regular release cycles."
+}

package/CLAUDE.md

@@ -3,7 +3,7 @@
 Workflow toolkit codebase. Rules live in `.claude/rules/` (auto-loaded).
 
 **v2.0 direction:** Context-First SDLC Governance Layer (5 pillars — see `.dw/core/PILLARS.md`)
-**Current:** v1.4.0-dev · v1.3.0 ready to ship · ADR-0001 active
+**Current:** v1.3.5 (released 2026-05-12) · ADR-0001 active · ADR-0005 Accepted (Supply-Chain Guard, sunset review 2026-08-12) · v1.4 cuts pending telemetry
 
 ---
 
@@ -30,6 +30,8 @@ src/
   tasks/      Active + archive/ (Bridges pillar — via tracking.md)
   metrics/    Local telemetry (events.jsonl)
   config/     dw.config.yml
+  security/   IoC namespace fixture (Guards pillar — ADR-0005)
+  research/   Investigation notes, RFC-style proposals, voter panel outputs
 ```
 
 ## Dev Notes

package/README.md

@@ -2,7 +2,7 @@
 
 > An AI development workflow toolkit for teams using agentic IDEs (Claude Code, Cursor) — from idea to review-ready commits.
 
-**v1.3** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
+**v1.3.5** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
 
 ---
 
@@ -36,10 +36,22 @@ It’s designed for collaboration (Dev / Tech Lead / QA / PM) and keeps work aud
 
 ## Release notes
 
-- v1.2.0 notes: [`CHANGELOG.md#v120--2026-04-09`](CHANGELOG.md#v120--2026-04-09)
+- **v1.3.5** (2026-05-12) — AI-Native Supply-Chain Guard: `dw security-scan` CLI + OSV.dev auto-sync + Edit-lockfile hook + scoped `.gitignore` for end-user projects. See [`CHANGELOG.md#v135--2026-05-12`](CHANGELOG.md#v135--2026-05-12) and [ADR-0005](.dw/decisions/0005-supply-chain-guard.md). Public 90-day sunset review committed for 2026-08-12.
+- v1.3.4 (2026-04-21) — `/dw:plan` Quick Debate (red/blue self-critique), depth-driven activation
+- v1.3.3 (2026-04-21) — Writer skills v1/v2 compatibility fix
+- v1.3.0 (2026-04-21) — 5-pillar governance layer + telemetry foundation + ADRs + v2 task docs ([ADR-0001](.dw/decisions/0001-v2-pragmatic-lean.md))
+- v1.2.0 (2026-04-09) — [`CHANGELOG.md#v120--2026-04-09`](CHANGELOG.md#v120--2026-04-09)
 - Full changelog: `CHANGELOG.md`
 - Latest release notes: [GitHub Releases](https://github.com/dv-workflow/dv-workflow/releases)
 
+### What's in v1.3.5 for your team
+
+- **`dw security-scan`** — scan for known supply-chain advisories against your project's `package-lock.json` (full match) or `package.json` (pre-install approximate). Uses [OSV.dev](https://osv.dev/) as data source (multi-maintainer upstream feed; no solo-curated bundle to go stale).
+- **AI-aware hook** — fires when Claude Code edits a lockfile. Auto-wired by `dw init --preset team` or `--preset enterprise`; opt-in OFF for `--preset solo`.
+- **Scoped `.gitignore`** — `dw init` and `dw upgrade` write `.dw/.gitignore` and `.claude/.gitignore` managed blocks. Framework files stay out of your repo; tasks/decisions/docs/config stay in.
+- **`dw doctor`** has a new security section that fails loud if advisory snapshot is stale (>7 days) or schema-incompatible.
+- **Sunset rule** — feature retires silently in v1.4.x if 90-day telemetry shows zero real catches OR >5% false-positive rate. Disciplined experiment, not panic ship.
+
 ---
 
 ## Install

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dw-kit",
-  "version": "1.3.4",
+  "version": "1.3.5",
   "description": "AI development workflow toolkit — structured, quality-assured, team-ready. From requirements to dashboard.",
   "type": "module",
   "bin": {
@@ -14,6 +14,7 @@
     ".dw/core/",
     ".dw/config/",
     ".dw/adapters/",
+    ".dw/security/",
     ".claude/agents/",
     ".claude/hooks/",
     ".claude/rules/",

package/src/cli.mjs

@@ -101,6 +101,33 @@ export function run(argv) {
       await dashboardCommand(opts);
     });
 
+  program
+    .command('security-scan')
+    .description('Scan project lockfile against advisory snapshot (OSV.dev). Supply-chain guard (ADR-0005, opt-in).')
+    .option('--quick', 'Offline mode — use existing snapshot only (default behavior)')
+    .option('--update-db', 'Fetch fresh advisory snapshot from OSV.dev before scanning')
+    .option('--pre-install', 'Scan package.json without lockfile (OSV name-only + namespace fixture)')
+    .option('--offline', 'Skip network in --pre-install mode (fixture-only)')
+    .option('--json', 'Output machine-readable JSON')
+    .option('--install-hook', 'Wire supply-chain-scan.sh into .claude/settings.json PostToolUse (idempotent)')
+    .option('--uninstall-hook', 'Remove supply-chain-scan.sh entry from .claude/settings.json')
+    .action(async (opts) => {
+      if (opts.installHook || opts.uninstallHook) {
+        const { installHookInProject, uninstallHookFromProject } = await import('./lib/sc-install.mjs');
+        const r = opts.uninstallHook ? uninstallHookFromProject() : installHookInProject();
+        if (!r.ok) {
+          console.error(chalk.red(`✗ ${r.error}`));
+          process.exit(1);
+        }
+        if (r.action === 'added') console.log(chalk.green(`✓ Hook wired into ${r.path}`));
+        else if (r.action === 'removed') console.log(chalk.green(`✓ Removed ${r.count} entry from ${r.path}`));
+        else console.log(chalk.dim(`  (no-op: ${r.reason})`));
+        return;
+      }
+      const { securityScanCommand } = await import('./commands/security-scan.mjs');
+      await securityScanCommand(opts);
+    });
+
   program
     .command('claude-vn-fix')
     .description('Patch Claude CLI to fix Vietnamese IME (local, with backup/restore)')

package/src/commands/doctor.mjs

@@ -4,6 +4,7 @@ import { fileURLToPath } from 'node:url';
 import { header, ok, warn, err, info, log } from '../lib/ui.mjs';
 import { loadConfig, getToolkitVersions } from '../lib/config.mjs';
 import { detectPlatform, platformLabel } from '../lib/platform.mjs';
+import { snapshotInfo } from '../lib/sc-sync.mjs';
 
 const TOOLKIT_ROOT = resolve(fileURLToPath(import.meta.url), '..', '..', '..');
 
@@ -150,6 +151,26 @@ export async function doctorCommand() {
     }
   }
 
+  info('Supply-Chain Guard (ADR-0005, opt-in)');
+  const sc = snapshotInfo(projectDir);
+  if (!sc.exists) {
+    log('  Advisory snapshot — not yet created');
+    log('  Run `dw security-scan --update-db` to fetch from OSV.dev (opt-in feature)');
+  } else {
+    if (!sc.schema_compatible) {
+      err(`Advisory snapshot schema mismatch — expected 1.0, got ${sc.schema_version || 'unknown'}`);
+      log('  Run `dw security-scan --update-db` to refresh');
+      issues++;
+    } else if (sc.stale) {
+      warn(`Advisory snapshot stale: ${sc.age_days.toFixed(1)} days old (>7d threshold)`);
+      log(`  Source: ${sc.source} (${sc.ecosystem}), advisories=${sc.advisory_count}`);
+      log('  Run `dw security-scan --update-db` to refresh');
+      warnings++;
+    } else {
+      ok(`Advisory snapshot — ${sc.age_days.toFixed(1)}d old, ${sc.advisory_count} advisories (${sc.source})`);
+    }
+  }
+
   console.log();
   header('Diagnosis');
   if (issues === 0 && warnings === 0) {

package/src/commands/init.mjs

@@ -5,6 +5,7 @@ import { banner, ok, warn, info, log, ask, choose } from '../lib/ui.mjs';
 import { buildConfig, writeConfig } from '../lib/config.mjs';
 import { copyDir, copyFile, ensureDir } from '../lib/copy.mjs';
 import { detectPlatform, platformLabel } from '../lib/platform.mjs';
+import { ensureDwGitignore, ensureClaudeGitignore } from '../lib/gitignore.mjs';
 
 const TOOLKIT_ROOT = resolve(fileURLToPath(import.meta.url), '..', '..', '..');
 
@@ -82,7 +83,7 @@ export async function initCommand(opts) {
   ok(`Platform: ${platformLabel(adapter)}`);
 
   info('Setting up project...');
-  await setupProject(projectDir, { projectName, depth, roles, language, adapter });
+  await setupProject(projectDir, { projectName, depth, roles, language, adapter, presetKey: opts.preset });
 
   printSummary({ projectName, depth, roles, language, adapter });
 }
@@ -135,7 +136,7 @@ function normalizeRolesForDepth(parsedRoles, depth) {
   return merged;
 }
 
-async function setupProject(projectDir, { projectName, depth, roles, language, adapter }) {
+async function setupProject(projectDir, { projectName, depth, roles, language, adapter, presetKey }) {
   copyCoreDocs(projectDir);
   copyConfig(projectDir, { projectName, depth, roles, language });
   copyAdapterStructure(projectDir);
@@ -143,6 +144,7 @@ async function setupProject(projectDir, { projectName, depth, roles, language, a
   if (adapter === 'claude-cli') {
     copyClaudeFiles(projectDir);
     createMinimalCLAUDEmd(projectDir, projectName);
+    await maybeInstallSupplyChainHook(projectDir, presetKey);
   } else if (adapter === 'cursor') {
     copyCursorFiles(projectDir);
     copyGenericAdapter(projectDir);
@@ -152,6 +154,47 @@ async function setupProject(projectDir, { projectName, depth, roles, language, a
 
   createRuntimeDirs(projectDir);
   updateGitignore(projectDir);
+  writeScopedGitignores(projectDir, adapter);
+}
+
+function writeScopedGitignores(projectDir, adapter) {
+  try {
+    const dwR = ensureDwGitignore(projectDir);
+    if (dwR.action !== 'noop') ok(`.dw/.gitignore ${dwR.action}`);
+    if (adapter === 'claude-cli') {
+      const cR = ensureClaudeGitignore(projectDir);
+      if (cR.action !== 'noop') ok(`.claude/.gitignore ${cR.action}`);
+    }
+  } catch (e) {
+    warn(`Scoped gitignore: ${e.message}`);
+  }
+}
+
+async function maybeInstallSupplyChainHook(projectDir, presetKey) {
+  const preset = presetKey ? PRESETS[presetKey] : null;
+  const { installHookInProject, uninstallHookFromProject } = await import('../lib/sc-install.mjs');
+
+  if (preset && preset.hooksProfile === 'safety-only') {
+    // Solo preset — explicitly uninstall hook even if template provided it (TW5: opt-in OFF)
+    const result = uninstallHookFromProject(projectDir);
+    if (result.ok && result.action === 'removed') {
+      log('  Supply-chain guard: hook removed from settings (solo preset — opt-in OFF per ADR-0005 TW5)');
+    } else {
+      log('  Supply-chain guard: skipped (solo preset — opt-in OFF per ADR-0005 TW5)');
+    }
+    log('  Enable later: `dw security-scan --install-hook`');
+    return;
+  }
+
+  const result = installHookInProject(projectDir);
+  if (!result.ok) {
+    warn(`Supply-chain hook wiring skipped: ${result.error}`);
+    return;
+  }
+  if (result.action === 'added') {
+    ok('Supply-chain guard hook wired (ADR-0005 — opt-in flag enabled)');
+    log('  First scan: `dw security-scan --update-db`');
+  }
 }
 
 function copyCoreDocs(projectDir) {