dw-kit 1.3.4 → 1.3.6

package/.claude/hooks/supply-chain-scan.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+# .claude/hooks/supply-chain-scan.sh
+# Fires after Claude Code Write/Edit. If the file is a lockfile, runs `dw security-scan --quick`
+# to detect known-vulnerable dependency pins (offline IoC + advisory snapshot check).
+# Non-blocking — never aborts the parent tool call. Emits telemetry.
+# Reference: ADR-0005 (AI-Native Supply-Chain Guard). Sunset review 2026-08-12.
+
+set -e
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+TELEMETRY_SCRIPT="$PROJECT_DIR/.claude/hooks/telemetry-log.sh"
+
+if [ "${DW_NO_TELEMETRY:-}" != "1" ] && [ -x "$TELEMETRY_SCRIPT" ]; then
+  "$TELEMETRY_SCRIPT" hook supply-chain-scan >/dev/null 2>&1 || true
+fi
+
+if [ "${DW_SC_GUARD_DISABLED:-}" = "1" ]; then
+  exit 0
+fi
+
+INPUT=$(cat)
+
+FILE_PATH=$(echo "$INPUT" | node -e "
+let d='';
+process.stdin.on('data',c=>d+=c).on('end',()=>{
+  try{
+    const data=JSON.parse(d);
+    const p=data.file_path||data.path||data.filePath||(data.tool_input&&(data.tool_input.file_path||data.tool_input.path))||'';
+    process.stdout.write(p);
+  }catch(e){}
+});
+" 2>/dev/null || true)
+
+[ -z "$FILE_PATH" ] && exit 0
+
+# Match: package-lock.json, npm-shrinkwrap.json (case-insensitive).
+# pnpm-lock.yaml and yarn.lock are out-of-scope per ADR-0005 v1.3.5.
+BASENAME=$(basename "$FILE_PATH")
+case "$BASENAME" in
+  package-lock.json|npm-shrinkwrap.json)
+    ;;
+  *)
+    exit 0
+    ;;
+esac
+
+# Find the project root that contains the lockfile (in case PROJECT_DIR differs)
+LOCKFILE_DIR=$(dirname "$FILE_PATH")
+[ -d "$LOCKFILE_DIR" ] || exit 0
+
+# Locate dw binary — prefer local node_modules, fall back to global PATH
+DW_BIN=""
+if command -v dw >/dev/null 2>&1; then
+  DW_BIN="dw"
+elif [ -f "$PROJECT_DIR/bin/dw.mjs" ]; then
+  DW_BIN="node $PROJECT_DIR/bin/dw.mjs"
+else
+  exit 0
+fi
+
+START_TS=$(date +%s%N 2>/dev/null || date +%s)
+
+# Pillar 3 (ADR-0006): heuristic-only mode probes ONLY the NEW/bumped packages
+# from the lockfile diff against npm registry metadata. Cached 1h per package
+# so repeat edits hit cache. This is the AI-Native moat — catches zero-day-ish
+# at the edit boundary, before OSV indexes and before any TL fixture bump.
+set +e
+SCAN_OUTPUT=$(cd "$LOCKFILE_DIR" && $DW_BIN security-scan --heuristic-only 2>&1)
+SCAN_EXIT=$?
+set -e
+
+END_TS=$(date +%s%N 2>/dev/null || date +%s)
+LATENCY_MS=$(( (END_TS - START_TS) / 1000000 ))
+
+case "$SCAN_EXIT" in
+  0)
+    # Clean — silent unless verbose
+    if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
+      echo "✓ supply-chain-scan: clean (no heuristic flags on NEW/bumped packages in $BASENAME)" >&2
+    fi
+    ;;
+  1)
+    # Mid-risk heuristic flags — warn, do not block
+    echo "" >&2
+    echo "⚠  supply-chain-scan: heuristic flags on NEW/bumped packages in $BASENAME" >&2
+    echo "$SCAN_OUTPUT" | tail -30 >&2
+    echo "   (advisory — not blocking; run \`dw security-scan\` for full pillar 1+2+3 report)" >&2
+    ;;
+  2)
+    # HIGH-risk heuristic flag (score ≥80) — loud warning, still non-blocking
+    echo "" >&2
+    echo "⚠  supply-chain-scan: HIGH-RISK heuristic flag on NEW/bumped package in $BASENAME" >&2
+    echo "$SCAN_OUTPUT" | tail -40 >&2
+    echo "   ADVISORY ONLY — review before commit. Public sunset review 2026-08-12 (ADR-0005)." >&2
+    ;;
+  *)
+    # Setup error (no lockfile, network failure) — quiet hint
+    if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
+      echo "supply-chain-scan: heuristic check skipped or errored — run \`dw security-scan\` manually" >&2
+    fi
+    ;;
+esac
+
+exit 0

package/.claude/settings.json

@@ -99,6 +99,10 @@
           {
             "type": "command",
             "command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/post-write.sh\""
+          },
+          {
+            "type": "command",
+            "command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/supply-chain-scan.sh\""
           }
         ]
       }

package/.dw/security/advisory-snapshot.json

@@ -0,0 +1,157 @@
+{
+  "schema_version": "1.0",
+  "fetched_at": "2026-05-12T09:57:47.323Z",
+  "source": "osv.dev",
+  "ecosystem": "npm",
+  "package_count": 13,
+  "advisory_count": 2,
+  "advisories": [
+    {
+      "id": "GHSA-q3j6-qgpj-74h6",
+      "summary": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
+      "details": "### Impact\n\n`fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes encoded path data behave like real `/` and `..`, so distinct URIs collapse onto the same normalized path.\n\nFor example, `http://example.com/public/%2e%2e/admin` normalizes to `http://example.com/admin`, and `equal()` considers them the same URI.\n\nApplications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed. A path that looks confined under an allowed prefix can normalize to a different location.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.1.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6321"
+      ],
+      "modified": "2026-05-09T16:44:22.524341929Z",
+      "published": "2026-05-08T17:15:09Z",
+      "related": [
+        "CGA-9j5f-2hwm-8hfc"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-22"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T17:15:09Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-04T20:16:20Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.1"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-q3j6-qgpj-74h6/GHSA-q3j6-qgpj-74h6.json",
+            "last_known_affected_version_range": "<= 3.1.0"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    },
+    {
+      "id": "GHSA-v39h-62p7-jpjc",
+      "summary": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
+      "details": "### Impact\n\n`fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host.\n\nFor example, `http://trusted.com%40evil.com/` normalizes to `http://trusted.com@evil.com/`, which reparses as host `evil.com` with userinfo `trusted.com`.\n\nApplications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the original URL appeared to contain.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.2.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6322"
+      ],
+      "modified": "2026-05-10T04:44:28.903255090Z",
+      "published": "2026-05-08T19:13:01Z",
+      "related": [
+        "CGA-5vr9-c8qr-fqvg"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-436"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T19:13:01Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-05T11:16:33Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.2"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-v39h-62p7-jpjc/GHSA-v39h-62p7-jpjc.json",
+            "last_known_affected_version_range": "<= 3.1.1"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    }
+  ],
+  "snapshot_sha": "sha256:0b6ca61019fb234c"
+}

package/.dw/security/ioc-namespaces.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.1",
+  "updated": "2026-05-14",
+  "purpose": "Curated namespace patterns under ACTIVE incident — wired into default scan (v1.3.6+) AND pre-install scan. Auto-expires per active_until. TL updates when new incident requires fixture-level warning before OSV propagation. Per ADR-0006: pillar 2 of the 3-pillar guard architecture; pillar 3 (NEW-package heuristic) catches incidents BEFORE TL bump.",
+  "namespaces": [
+    {
+      "pattern": "@tanstack/",
+      "reason": "Active incident 2026-05-11 — Mini Shai-Hulud worm (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx). 84 malicious versions across 42 @tanstack/* packages published 2026-05-11 19:20-19:26 UTC. Worm self-propagated to 169+ packages.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "1.169.5" }, { "fixed": "1.169.9" }]
+      },
+      "guidance": "Affected: 1.169.5-1.169.8. Safe: 1.169.9+. Verify SLSA provenance attestation matches expected publisher. If lockfile already pins affected range: rotate ALL credentials (npm tokens, GitHub PATs, SSH keys, cloud keys, Claude/AI configs) before continuing."
+    },
+    {
+      "pattern": "@uipath/",
+      "reason": "Worm spread vector from TanStack incident (2026-05-11) — 70+ @uipath/* packages compromised via stolen npm OIDC tokens.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "guidance": "Verify each @uipath/* install against official UiPath release notes. Worm SLSA attestations are VALID — provenance check alone is insufficient. Cross-reference with UiPath security bulletin. (No affected_range — range still under investigation; treat all recent versions as suspect.)"
+    },
+    {
+      "pattern": "@mistralai/",
+      "reason": "Worm spread vector (2026-05-11) — @mistralai/mistralai 2.2.3-2.2.4 compromised on both npm and PyPI.",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "2.2.3" }, { "fixed": "2.2.5" }]
+      },
+      "guidance": "Affected: 2.2.3-2.2.4. Pin to 2.2.2 or 2.2.5+."
+    },
+    {
+      "pattern": "@opensearch-project/opensearch",
+      "reason": "Worm spread vector (2026-05-11) — @opensearch-project/opensearch 3.6.2 compromised (1.3M weekly downloads).",
+      "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
+      "active_until": "2026-11-11",
+      "severity": "critical",
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "3.6.2" }, { "fixed": "3.6.3" }]
+      },
+      "guidance": "Affected: 3.6.2 only. Pin to 3.6.1 or 3.6.3+."
+    }
+  ],
+  "maintenance_note": "Per ADR-0005 + ADR-0006: this fixture handles the 'TL knows about incident' window (post-incident, pre-OSV-propagation). Pillar 3 (NEW-package heuristic, ADR-0006) handles the 'nobody knows yet' window. TL prunes entries past active_until on regular release cycles."
+}

package/CLAUDE.md

@@ -3,7 +3,7 @@
 Workflow toolkit codebase. Rules live in `.claude/rules/` (auto-loaded).
 
 **v2.0 direction:** Context-First SDLC Governance Layer (5 pillars — see `.dw/core/PILLARS.md`)
-**Current:** v1.4.0-dev · v1.3.0 ready to ship · ADR-0001 active
+**Current:** v1.3.6 (released 2026-05-14) · ADR-0001 active · ADR-0005 + ADR-0006 Accepted (Supply-Chain Guard 3-pillar AI-Native; sunset review 2026-08-12 per pillar) · v1.4 cuts pending telemetry
 
 ---
 
@@ -30,6 +30,8 @@ src/
   tasks/      Active + archive/ (Bridges pillar — via tracking.md)
   metrics/    Local telemetry (events.jsonl)
   config/     dw.config.yml
+  security/   IoC namespace fixture (Guards pillar — ADR-0005)
+  research/   Investigation notes, RFC-style proposals, voter panel outputs
 ```
 
 ## Dev Notes

package/README.md

@@ -2,7 +2,7 @@
 
 > An AI development workflow toolkit for teams using agentic IDEs (Claude Code, Cursor) — from idea to review-ready commits.
 
-**v1.3** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
+**v1.3.6** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
 
 ---
 
@@ -36,10 +36,34 @@ It’s designed for collaboration (Dev / Tech Lead / QA / PM) and keeps work aud
 
 ## Release notes
 
-- v1.2.0 notes: [`CHANGELOG.md#v120--2026-04-09`](CHANGELOG.md#v120--2026-04-09)
+- **v1.3.6** (2026-05-14) — Supply-Chain Guard upgraded to 3-pillar architecture: OSV snapshot + curated IoC fixture (version-aware, wired into default scan) + **AI-Native NEW-package heuristic** that catches zero-day-ish risk at the AI-edit boundary. See [`CHANGELOG.md#v136--2026-05-14`](CHANGELOG.md#v136--2026-05-14) and [ADR-0006](.dw/decisions/0006-supply-chain-guard-heuristic.md).
+- v1.3.5 (2026-05-12) — AI-Native Supply-Chain Guard: `dw security-scan` CLI + OSV.dev auto-sync + Edit-lockfile hook + scoped `.gitignore` for end-user projects. See [ADR-0005](.dw/decisions/0005-supply-chain-guard.md). Public 90-day sunset review committed for 2026-08-12.
+- v1.3.4 (2026-04-21) — `/dw:plan` Quick Debate (red/blue self-critique), depth-driven activation
+- v1.3.3 (2026-04-21) — Writer skills v1/v2 compatibility fix
+- v1.3.0 (2026-04-21) — 5-pillar governance layer + telemetry foundation + ADRs + v2 task docs ([ADR-0001](.dw/decisions/0001-v2-pragmatic-lean.md))
+- v1.2.0 (2026-04-09) — [`CHANGELOG.md#v120--2026-04-09`](CHANGELOG.md#v120--2026-04-09)
 - Full changelog: `CHANGELOG.md`
 - Latest release notes: [GitHub Releases](https://github.com/dv-workflow/dv-workflow/releases)
 
+### What's in v1.3.6 for your team
+
+Reaction time when a supply-chain incident drops goes from 24-72 hours (wait for OSV index + npm publish cycle) to **~1 hour** (AI edits lockfile → hook fires → heuristic flags BEFORE anyone knows).
+
+- **3-pillar default scan** — `dw security-scan` now runs OSV snapshot + curated IoC fixture + AI-Native heuristic in one go. Heuristic only probes NEW/bumped packages from `git show HEAD:package-lock.json` diff — typical edit = 1-5 packages probed, not 1000+.
+- **npm registry metadata heuristic** — composite scoring on `recent_publish` (<72h), `popular_package` (≥10k weekly DL), `maintainer_change_recent`, `major_version_jump`, `typo_squat`. Per-package metadata cached 1h. Tunable threshold via `.dw/config/dw.config.yml`.
+- **Version-aware IoC fixture** — `affected_range` per entry. Concrete versions out-of-range are skipped (no false positives). Range specs (`^1.169.0`) emit ambiguity warnings with severity downgrade.
+- **Hook fires `dw security-scan --heuristic-only`** on Claude Code lockfile edit — fast diff-only check.
+- **Telemetry per pillar** — `source: 'osv' | 'fixture' | 'heuristic'` tracked separately so the 2026-08-12 sunset review attributes catches to the right pillar.
+- **`>1000 packages`** crash bug from v1.3.5 fixed (chunked OSV batches).
+
+### What's in v1.3.5 for your team
+
+- **`dw security-scan`** — scan for known supply-chain advisories against your project's `package-lock.json` (full match) or `package.json` (pre-install approximate). Uses [OSV.dev](https://osv.dev/) as data source (multi-maintainer upstream feed; no solo-curated bundle to go stale).
+- **AI-aware hook** — fires when Claude Code edits a lockfile. Auto-wired by `dw init --preset team` or `--preset enterprise`; opt-in OFF for `--preset solo`.
+- **Scoped `.gitignore`** — `dw init` and `dw upgrade` write `.dw/.gitignore` and `.claude/.gitignore` managed blocks. Framework files stay out of your repo; tasks/decisions/docs/config stay in.
+- **`dw doctor`** has a new security section that fails loud if advisory snapshot is stale (>7 days) or schema-incompatible.
+- **Sunset rule** — feature retires silently in v1.4.x if 90-day telemetry shows zero real catches OR >5% false-positive rate. Disciplined experiment, not panic ship.
+
 ---
 
 ## Install

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dw-kit",
-  "version": "1.3.4",
+  "version": "1.3.6",
   "description": "AI development workflow toolkit — structured, quality-assured, team-ready. From requirements to dashboard.",
   "type": "module",
   "bin": {
@@ -14,6 +14,7 @@
     ".dw/core/",
     ".dw/config/",
     ".dw/adapters/",
+    ".dw/security/",
     ".claude/agents/",
     ".claude/hooks/",
     ".claude/rules/",

package/src/cli.mjs

@@ -101,6 +101,36 @@ export function run(argv) {
       await dashboardCommand(opts);
     });
 
+  program
+    .command('security-scan')
+    .alias('scan')
+    .description('Scan project: 3-pillar supply-chain guard (OSV + fixture + AI-Native heuristic). Auto-syncs OSV snapshot if missing or stale.')
+    .option('--quick', 'Offline mode — use existing snapshot only (default behavior)')
+    .option('--update-db', 'Fetch fresh advisory snapshot from OSV.dev before scanning')
+    .option('--pre-install', 'Scan package.json without lockfile (OSV name-only + namespace fixture)')
+    .option('--offline', 'Skip network in --pre-install mode + skip pillar 3 heuristic')
+    .option('--no-heuristic', 'Skip pillar 3 (AI-Native NEW-package heuristic). Default: enabled on lockfile diff.')
+    .option('--heuristic-only', 'Run ONLY pillar 3 (used by hook). Skips OSV + fixture pillars.')
+    .option('--json', 'Output machine-readable JSON')
+    .option('--install-hook', 'Wire supply-chain-scan.sh into .claude/settings.json PostToolUse (idempotent)')
+    .option('--uninstall-hook', 'Remove supply-chain-scan.sh entry from .claude/settings.json')
+    .action(async (opts) => {
+      if (opts.installHook || opts.uninstallHook) {
+        const { installHookInProject, uninstallHookFromProject } = await import('./lib/sc-install.mjs');
+        const r = opts.uninstallHook ? uninstallHookFromProject() : installHookInProject();
+        if (!r.ok) {
+          console.error(chalk.red(`✗ ${r.error}`));
+          process.exit(1);
+        }
+        if (r.action === 'added') console.log(chalk.green(`✓ Hook wired into ${r.path}`));
+        else if (r.action === 'removed') console.log(chalk.green(`✓ Removed ${r.count} entry from ${r.path}`));
+        else console.log(chalk.dim(`  (no-op: ${r.reason})`));
+        return;
+      }
+      const { securityScanCommand } = await import('./commands/security-scan.mjs');
+      await securityScanCommand(opts);
+    });
+
   program
     .command('claude-vn-fix')
     .description('Patch Claude CLI to fix Vietnamese IME (local, with backup/restore)')

package/src/commands/doctor.mjs

@@ -4,6 +4,7 @@ import { fileURLToPath } from 'node:url';
 import { header, ok, warn, err, info, log } from '../lib/ui.mjs';
 import { loadConfig, getToolkitVersions } from '../lib/config.mjs';
 import { detectPlatform, platformLabel } from '../lib/platform.mjs';
+import { snapshotInfo } from '../lib/sc-sync.mjs';
 
 const TOOLKIT_ROOT = resolve(fileURLToPath(import.meta.url), '..', '..', '..');
 
@@ -150,6 +151,26 @@ export async function doctorCommand() {
     }
   }
 
+  info('Supply-Chain Guard (ADR-0005, opt-in)');
+  const sc = snapshotInfo(projectDir);
+  if (!sc.exists) {
+    log('  Advisory snapshot — not yet created');
+    log('  Run `dw security-scan --update-db` to fetch from OSV.dev (opt-in feature)');
+  } else {
+    if (!sc.schema_compatible) {
+      err(`Advisory snapshot schema mismatch — expected 1.0, got ${sc.schema_version || 'unknown'}`);
+      log('  Run `dw security-scan --update-db` to refresh');
+      issues++;
+    } else if (sc.stale) {
+      warn(`Advisory snapshot stale: ${sc.age_days.toFixed(1)} days old (>7d threshold)`);
+      log(`  Source: ${sc.source} (${sc.ecosystem}), advisories=${sc.advisory_count}`);
+      log('  Run `dw security-scan --update-db` to refresh');
+      warnings++;
+    } else {
+      ok(`Advisory snapshot — ${sc.age_days.toFixed(1)}d old, ${sc.advisory_count} advisories (${sc.source})`);
+    }
+  }
+
   console.log();
   header('Diagnosis');
   if (issues === 0 && warnings === 0) {

package/src/commands/init.mjs

@@ -5,6 +5,7 @@ import { banner, ok, warn, info, log, ask, choose } from '../lib/ui.mjs';
 import { buildConfig, writeConfig } from '../lib/config.mjs';
 import { copyDir, copyFile, ensureDir } from '../lib/copy.mjs';
 import { detectPlatform, platformLabel } from '../lib/platform.mjs';
+import { ensureDwGitignore, ensureClaudeGitignore } from '../lib/gitignore.mjs';
 
 const TOOLKIT_ROOT = resolve(fileURLToPath(import.meta.url), '..', '..', '..');
 
@@ -82,7 +83,7 @@ export async function initCommand(opts) {
   ok(`Platform: ${platformLabel(adapter)}`);
 
   info('Setting up project...');
-  await setupProject(projectDir, { projectName, depth, roles, language, adapter });
+  await setupProject(projectDir, { projectName, depth, roles, language, adapter, presetKey: opts.preset });
 
   printSummary({ projectName, depth, roles, language, adapter });
 }
@@ -135,7 +136,7 @@ function normalizeRolesForDepth(parsedRoles, depth) {
   return merged;
 }
 
-async function setupProject(projectDir, { projectName, depth, roles, language, adapter }) {
+async function setupProject(projectDir, { projectName, depth, roles, language, adapter, presetKey }) {
   copyCoreDocs(projectDir);
   copyConfig(projectDir, { projectName, depth, roles, language });
   copyAdapterStructure(projectDir);
@@ -143,6 +144,7 @@ async function setupProject(projectDir, { projectName, depth, roles, language, a
   if (adapter === 'claude-cli') {
     copyClaudeFiles(projectDir);
     createMinimalCLAUDEmd(projectDir, projectName);
+    await maybeInstallSupplyChainHook(projectDir, presetKey);
   } else if (adapter === 'cursor') {
     copyCursorFiles(projectDir);
     copyGenericAdapter(projectDir);
@@ -152,6 +154,91 @@ async function setupProject(projectDir, { projectName, depth, roles, language, a
 
   createRuntimeDirs(projectDir);
   updateGitignore(projectDir);
+  writeScopedGitignores(projectDir, adapter);
+}
+
+function writeScopedGitignores(projectDir, adapter) {
+  try {
+    const dwR = ensureDwGitignore(projectDir);
+    if (dwR.action !== 'noop') ok(`.dw/.gitignore ${dwR.action}`);
+    if (adapter === 'claude-cli') {
+      const cR = ensureClaudeGitignore(projectDir);
+      if (cR.action !== 'noop') ok(`.claude/.gitignore ${cR.action}`);
+    }
+  } catch (e) {
+    warn(`Scoped gitignore: ${e.message}`);
+  }
+}
+
+async function maybeInstallSupplyChainHook(projectDir, presetKey) {
+  const preset = presetKey ? PRESETS[presetKey] : null;
+  const { installHookInProject, uninstallHookFromProject } = await import('../lib/sc-install.mjs');
+
+  if (preset && preset.hooksProfile === 'safety-only') {
+    // Solo preset — explicitly uninstall hook even if template provided it (TW5: opt-in OFF)
+    const result = uninstallHookFromProject(projectDir);
+    if (result.ok && result.action === 'removed') {
+      log('  Supply-chain guard: hook removed from settings (solo preset — opt-in OFF per ADR-0005 TW5)');
+    } else {
+      log('  Supply-chain guard: skipped (solo preset — opt-in OFF per ADR-0005 TW5)');
+    }
+    log('  Enable later: `dw security-scan --install-hook`');
+    return;
+  }
+
+  const result = installHookInProject(projectDir);
+  if (!result.ok) {
+    warn(`Supply-chain hook wiring skipped: ${result.error}`);
+    return;
+  }
+  if (result.action === 'added') {
+    ok('Supply-chain guard hook wired (ADR-0005 — opt-in flag enabled)');
+  }
+
+  // UX: offer one-time OSV snapshot sync so end-user doesn't need to know
+  // `--update-db` exists. Lazy auto-refresh in `dw scan` covers the case
+  // when user declines, but offering during init gets snapshot ready upfront.
+  await maybeBootstrapOsvSnapshot(projectDir);
+}
+
+async function maybeBootstrapOsvSnapshot(projectDir) {
+  // Non-TTY (CI / scripted): default yes so the snapshot exists for next scan.
+  // TTY: prompt user, default yes.
+  let shouldSync = true;
+  if (process.stdin.isTTY && !process.env.DW_INIT_NO_PROMPT) {
+    try {
+      const { prompt } = await import('enquirer');
+      const answer = await prompt({
+        type: 'confirm',
+        name: 'syncNow',
+        message: 'Sync OSV advisory snapshot now? (recommended first-time; ~10-30s)',
+        initial: true,
+      });
+      shouldSync = !!answer.syncNow;
+    } catch {
+      shouldSync = true;
+    }
+  }
+  if (!shouldSync) {
+    log('  Skipped. First `dw scan` will auto-sync if needed.');
+    return;
+  }
+
+  const { findLockfile } = await import('../lib/sc-scanner.mjs');
+  if (!findLockfile(projectDir)) {
+    log('  No lockfile yet — first `dw scan` will sync after `npm install` runs.');
+    return;
+  }
+  log('  Syncing OSV snapshot...');
+  try {
+    const { syncSnapshotForProject } = await import('../lib/sc-sync.mjs');
+    const start = Date.now();
+    const res = await syncSnapshotForProject(projectDir);
+    const partialNote = res.partial ? ` (PARTIAL ${res.chunks.failed}/${res.chunks.total})` : '';
+    ok(`OSV snapshot ready — ${res.advisoryCount} advisories for ${res.packageCount} packages (${Date.now() - start}ms)${partialNote}`);
+  } catch (e) {
+    warn(`OSV sync skipped: ${e.message}. Will retry on first \`dw scan\`.`);
+  }
 }
 
 function copyCoreDocs(projectDir) {