dw-kit 1.3.5 → 1.3.6

package/.claude/hooks/supply-chain-scan.sh

@@ -60,9 +60,12 @@ fi
 
 START_TS=$(date +%s%N 2>/dev/null || date +%s)
 
-# Run scan in lockfile's project dir. Capture exit code without failing parent.
+# Pillar 3 (ADR-0006): heuristic-only mode probes ONLY the NEW/bumped packages
+# from the lockfile diff against npm registry metadata. Cached 1h per package
+# so repeat edits hit cache. This is the AI-Native moat — catches zero-day-ish
+# at the edit boundary, before OSV indexes and before any TL fixture bump.
 set +e
-SCAN_OUTPUT=$(cd "$LOCKFILE_DIR" && $DW_BIN security-scan --quick 2>&1)
+SCAN_OUTPUT=$(cd "$LOCKFILE_DIR" && $DW_BIN security-scan --heuristic-only 2>&1)
 SCAN_EXIT=$?
 set -e
 
@@ -73,28 +76,27 @@ case "$SCAN_EXIT" in
   0)
     # Clean — silent unless verbose
     if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
-      echo "✓ supply-chain-scan: clean (no advisory matches in $BASENAME)" >&2
+      echo "✓ supply-chain-scan: clean (no heuristic flags on NEW/bumped packages in $BASENAME)" >&2
     fi
     ;;
   1)
-    # Low/medium matches — warn, do not block
+    # Mid-risk heuristic flags — warn, do not block
     echo "" >&2
-    echo "⚠  supply-chain-scan: advisory matches in $BASENAME (low/medium)" >&2
-    echo "$SCAN_OUTPUT" | tail -20 >&2
-    echo "   (advisory — not blocking; run \`dw security-scan\` for full report)" >&2
+    echo "⚠  supply-chain-scan: heuristic flags on NEW/bumped packages in $BASENAME" >&2
+    echo "$SCAN_OUTPUT" | tail -30 >&2
+    echo "   (advisory — not blocking; run \`dw security-scan\` for full pillar 1+2+3 report)" >&2
     ;;
   2)
-    # HIGH+ matches — loud warning, still non-blocking per ADR-0005 v1.3.5 (advisory-only)
+    # HIGH-risk heuristic flag (score ≥80) — loud warning, still non-blocking
     echo "" >&2
-    echo "⚠  supply-chain-scan: HIGH+ severity advisory match in $BASENAME" >&2
-    echo "$SCAN_OUTPUT" | tail -25 >&2
-    echo "   ADVISORY ONLY — threshold matrix in v14-evaluation-protocol.md is authoritative." >&2
-    echo "   Run \`dw security-scan\` for full report. Public sunset review 2026-08-12 (ADR-0005)." >&2
+    echo "⚠  supply-chain-scan: HIGH-RISK heuristic flag on NEW/bumped package in $BASENAME" >&2
+    echo "$SCAN_OUTPUT" | tail -40 >&2
+    echo "   ADVISORY ONLY — review before commit. Public sunset review 2026-08-12 (ADR-0005)." >&2
     ;;
   *)
-    # Setup error (no snapshot, schema mismatch, etc.) — quiet hint
+    # Setup error (no lockfile, network failure) — quiet hint
     if [ "${DW_SC_GUARD_VERBOSE:-}" = "1" ]; then
-      echo "supply-chain-scan: setup needed — run \`dw security-scan --update-db\`" >&2
+      echo "supply-chain-scan: heuristic check skipped or errored — run \`dw security-scan\` manually" >&2
     fi
     ;;
 esac

package/.dw/security/advisory-snapshot.json

@@ -0,0 +1,157 @@
+{
+  "schema_version": "1.0",
+  "fetched_at": "2026-05-12T09:57:47.323Z",
+  "source": "osv.dev",
+  "ecosystem": "npm",
+  "package_count": 13,
+  "advisory_count": 2,
+  "advisories": [
+    {
+      "id": "GHSA-q3j6-qgpj-74h6",
+      "summary": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
+      "details": "### Impact\n\n`fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes encoded path data behave like real `/` and `..`, so distinct URIs collapse onto the same normalized path.\n\nFor example, `http://example.com/public/%2e%2e/admin` normalizes to `http://example.com/admin`, and `equal()` considers them the same URI.\n\nApplications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed. A path that looks confined under an allowed prefix can normalize to a different location.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.1.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6321"
+      ],
+      "modified": "2026-05-09T16:44:22.524341929Z",
+      "published": "2026-05-08T17:15:09Z",
+      "related": [
+        "CGA-9j5f-2hwm-8hfc"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-22"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T17:15:09Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-04T20:16:20Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.1"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-q3j6-qgpj-74h6/GHSA-q3j6-qgpj-74h6.json",
+            "last_known_affected_version_range": "<= 3.1.0"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    },
+    {
+      "id": "GHSA-v39h-62p7-jpjc",
+      "summary": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
+      "details": "### Impact\n\n`fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host.\n\nFor example, `http://trusted.com%40evil.com/` normalizes to `http://trusted.com@evil.com/`, which reparses as host `evil.com` with userinfo `trusted.com`.\n\nApplications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the original URL appeared to contain.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.2.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6322"
+      ],
+      "modified": "2026-05-10T04:44:28.903255090Z",
+      "published": "2026-05-08T19:13:01Z",
+      "related": [
+        "CGA-5vr9-c8qr-fqvg"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-436"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T19:13:01Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-05T11:16:33Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.2"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-v39h-62p7-jpjc/GHSA-v39h-62p7-jpjc.json",
+            "last_known_affected_version_range": "<= 3.1.1"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    }
+  ],
+  "snapshot_sha": "sha256:0b6ca61019fb234c"
+}

package/.dw/security/ioc-namespaces.json

@@ -1,7 +1,7 @@
 {
-  "schema_version": "1.0",
-  "updated": "2026-05-13",
-  "purpose": "Curated namespace patterns under ACTIVE incident — fallback for pre-install scan when OSV.dev is unavailable. Auto-expires per active_until date. TL updates when new incident requires fixture-level warning before OSV propagation.",
+  "schema_version": "1.1",
+  "updated": "2026-05-14",
+  "purpose": "Curated namespace patterns under ACTIVE incident — wired into default scan (v1.3.6+) AND pre-install scan. Auto-expires per active_until. TL updates when new incident requires fixture-level warning before OSV propagation. Per ADR-0006: pillar 2 of the 3-pillar guard architecture; pillar 3 (NEW-package heuristic) catches incidents BEFORE TL bump.",
   "namespaces": [
     {
       "pattern": "@tanstack/",
@@ -9,7 +9,11 @@
       "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
       "active_until": "2026-11-11",
       "severity": "critical",
-      "guidance": "If installing @tanstack/* fresh: verify version is NOT in 1.169.5-1.169.8 range; prefer 1.169.9+. Check SLSA provenance attestation matches expected publisher. If already installed and lockfile pins 1.169.5-8: rotate ALL credentials (npm tokens, GitHub PATs, SSH keys, cloud keys, Claude/AI configs) before continuing."
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "1.169.5" }, { "fixed": "1.169.9" }]
+      },
+      "guidance": "Affected: 1.169.5-1.169.8. Safe: 1.169.9+. Verify SLSA provenance attestation matches expected publisher. If lockfile already pins affected range: rotate ALL credentials (npm tokens, GitHub PATs, SSH keys, cloud keys, Claude/AI configs) before continuing."
     },
     {
       "pattern": "@uipath/",
@@ -17,7 +21,7 @@
       "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
       "active_until": "2026-11-11",
       "severity": "critical",
-      "guidance": "Verify each @uipath/* install against official UiPath release notes. Worm SLSA attestations are VALID — provenance check alone is insufficient. Cross-reference with UiPath security bulletin."
+      "guidance": "Verify each @uipath/* install against official UiPath release notes. Worm SLSA attestations are VALID — provenance check alone is insufficient. Cross-reference with UiPath security bulletin. (No affected_range — range still under investigation; treat all recent versions as suspect.)"
     },
     {
       "pattern": "@mistralai/",
@@ -25,7 +29,11 @@
       "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
       "active_until": "2026-11-11",
       "severity": "critical",
-      "guidance": "Avoid @mistralai/mistralai 2.2.3-2.2.4. Pin to 2.2.2 or 2.2.5+ once available."
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "2.2.3" }, { "fixed": "2.2.5" }]
+      },
+      "guidance": "Affected: 2.2.3-2.2.4. Pin to 2.2.2 or 2.2.5+."
     },
     {
       "pattern": "@opensearch-project/opensearch",
@@ -33,8 +41,12 @@
       "advisory": "https://github.com/advisories/GHSA-g7cv-rxg3-hmpx",
       "active_until": "2026-11-11",
       "severity": "critical",
-      "guidance": "Avoid version 3.6.2. Pin to 3.6.1 or 3.6.3+."
+      "affected_range": {
+        "type": "SEMVER",
+        "events": [{ "introduced": "3.6.2" }, { "fixed": "3.6.3" }]
+      },
+      "guidance": "Affected: 3.6.2 only. Pin to 3.6.1 or 3.6.3+."
     }
   ],
-  "maintenance_note": "This fixture is a SHORT-TERM defensive measure. Per ADR-0005 design, OSV.dev/GHSA auto-sync is the primary source; this fixture handles offline + post-incident pre-propagation window. TL prunes entries past active_until on regular release cycles."
+  "maintenance_note": "Per ADR-0005 + ADR-0006: this fixture handles the 'TL knows about incident' window (post-incident, pre-OSV-propagation). Pillar 3 (NEW-package heuristic, ADR-0006) handles the 'nobody knows yet' window. TL prunes entries past active_until on regular release cycles."
 }

package/CLAUDE.md

@@ -3,7 +3,7 @@
 Workflow toolkit codebase. Rules live in `.claude/rules/` (auto-loaded).
 
 **v2.0 direction:** Context-First SDLC Governance Layer (5 pillars — see `.dw/core/PILLARS.md`)
-**Current:** v1.3.5 (released 2026-05-12) · ADR-0001 active · ADR-0005 Accepted (Supply-Chain Guard, sunset review 2026-08-12) · v1.4 cuts pending telemetry
+**Current:** v1.3.6 (released 2026-05-14) · ADR-0001 active · ADR-0005 + ADR-0006 Accepted (Supply-Chain Guard 3-pillar AI-Native; sunset review 2026-08-12 per pillar) · v1.4 cuts pending telemetry
 
 ---
 

package/README.md

@@ -2,7 +2,7 @@
 
 > An AI development workflow toolkit for teams using agentic IDEs (Claude Code, Cursor) — from idea to review-ready commits.
 
-**v1.3.5** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
+**v1.3.6** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
 
 ---
 
@@ -36,7 +36,8 @@ It’s designed for collaboration (Dev / Tech Lead / QA / PM) and keeps work aud
 
 ## Release notes
 
-- **v1.3.5** (2026-05-12) — AI-Native Supply-Chain Guard: `dw security-scan` CLI + OSV.dev auto-sync + Edit-lockfile hook + scoped `.gitignore` for end-user projects. See [`CHANGELOG.md#v135--2026-05-12`](CHANGELOG.md#v135--2026-05-12) and [ADR-0005](.dw/decisions/0005-supply-chain-guard.md). Public 90-day sunset review committed for 2026-08-12.
+- **v1.3.6** (2026-05-14) — Supply-Chain Guard upgraded to 3-pillar architecture: OSV snapshot + curated IoC fixture (version-aware, wired into default scan) + **AI-Native NEW-package heuristic** that catches zero-day-ish risk at the AI-edit boundary. See [`CHANGELOG.md#v136--2026-05-14`](CHANGELOG.md#v136--2026-05-14) and [ADR-0006](.dw/decisions/0006-supply-chain-guard-heuristic.md).
+- v1.3.5 (2026-05-12) — AI-Native Supply-Chain Guard: `dw security-scan` CLI + OSV.dev auto-sync + Edit-lockfile hook + scoped `.gitignore` for end-user projects. See [ADR-0005](.dw/decisions/0005-supply-chain-guard.md). Public 90-day sunset review committed for 2026-08-12.
 - v1.3.4 (2026-04-21) — `/dw:plan` Quick Debate (red/blue self-critique), depth-driven activation
 - v1.3.3 (2026-04-21) — Writer skills v1/v2 compatibility fix
 - v1.3.0 (2026-04-21) — 5-pillar governance layer + telemetry foundation + ADRs + v2 task docs ([ADR-0001](.dw/decisions/0001-v2-pragmatic-lean.md))
@@ -44,6 +45,17 @@ It’s designed for collaboration (Dev / Tech Lead / QA / PM) and keeps work aud
 - Full changelog: `CHANGELOG.md`
 - Latest release notes: [GitHub Releases](https://github.com/dv-workflow/dv-workflow/releases)
 
+### What's in v1.3.6 for your team
+
+Reaction time when a supply-chain incident drops goes from 24-72 hours (wait for OSV index + npm publish cycle) to **~1 hour** (AI edits lockfile → hook fires → heuristic flags BEFORE anyone knows).
+
+- **3-pillar default scan** — `dw security-scan` now runs OSV snapshot + curated IoC fixture + AI-Native heuristic in one go. Heuristic only probes NEW/bumped packages from `git show HEAD:package-lock.json` diff — typical edit = 1-5 packages probed, not 1000+.
+- **npm registry metadata heuristic** — composite scoring on `recent_publish` (<72h), `popular_package` (≥10k weekly DL), `maintainer_change_recent`, `major_version_jump`, `typo_squat`. Per-package metadata cached 1h. Tunable threshold via `.dw/config/dw.config.yml`.
+- **Version-aware IoC fixture** — `affected_range` per entry. Concrete versions out-of-range are skipped (no false positives). Range specs (`^1.169.0`) emit ambiguity warnings with severity downgrade.
+- **Hook fires `dw security-scan --heuristic-only`** on Claude Code lockfile edit — fast diff-only check.
+- **Telemetry per pillar** — `source: 'osv' | 'fixture' | 'heuristic'` tracked separately so the 2026-08-12 sunset review attributes catches to the right pillar.
+- **`>1000 packages`** crash bug from v1.3.5 fixed (chunked OSV batches).
+
 ### What's in v1.3.5 for your team
 
 - **`dw security-scan`** — scan for known supply-chain advisories against your project's `package-lock.json` (full match) or `package.json` (pre-install approximate). Uses [OSV.dev](https://osv.dev/) as data source (multi-maintainer upstream feed; no solo-curated bundle to go stale).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dw-kit",
-  "version": "1.3.5",
+  "version": "1.3.6",
   "description": "AI development workflow toolkit — structured, quality-assured, team-ready. From requirements to dashboard.",
   "type": "module",
   "bin": {

package/src/cli.mjs

@@ -103,11 +103,14 @@ export function run(argv) {
 
   program
     .command('security-scan')
-    .description('Scan project lockfile against advisory snapshot (OSV.dev). Supply-chain guard (ADR-0005, opt-in).')
+    .alias('scan')
+    .description('Scan project: 3-pillar supply-chain guard (OSV + fixture + AI-Native heuristic). Auto-syncs OSV snapshot if missing or stale.')
     .option('--quick', 'Offline mode — use existing snapshot only (default behavior)')
     .option('--update-db', 'Fetch fresh advisory snapshot from OSV.dev before scanning')
     .option('--pre-install', 'Scan package.json without lockfile (OSV name-only + namespace fixture)')
-    .option('--offline', 'Skip network in --pre-install mode (fixture-only)')
+    .option('--offline', 'Skip network in --pre-install mode + skip pillar 3 heuristic')
+    .option('--no-heuristic', 'Skip pillar 3 (AI-Native NEW-package heuristic). Default: enabled on lockfile diff.')
+    .option('--heuristic-only', 'Run ONLY pillar 3 (used by hook). Skips OSV + fixture pillars.')
     .option('--json', 'Output machine-readable JSON')
     .option('--install-hook', 'Wire supply-chain-scan.sh into .claude/settings.json PostToolUse (idempotent)')
     .option('--uninstall-hook', 'Remove supply-chain-scan.sh entry from .claude/settings.json')

package/src/commands/init.mjs

@@ -193,7 +193,51 @@ async function maybeInstallSupplyChainHook(projectDir, presetKey) {
   }
   if (result.action === 'added') {
     ok('Supply-chain guard hook wired (ADR-0005 — opt-in flag enabled)');
-    log('  First scan: `dw security-scan --update-db`');
+  }
+
+  // UX: offer one-time OSV snapshot sync so end-user doesn't need to know
+  // `--update-db` exists. Lazy auto-refresh in `dw scan` covers the case
+  // when user declines, but offering during init gets snapshot ready upfront.
+  await maybeBootstrapOsvSnapshot(projectDir);
+}
+
+async function maybeBootstrapOsvSnapshot(projectDir) {
+  // Non-TTY (CI / scripted): default yes so the snapshot exists for next scan.
+  // TTY: prompt user, default yes.
+  let shouldSync = true;
+  if (process.stdin.isTTY && !process.env.DW_INIT_NO_PROMPT) {
+    try {
+      const { prompt } = await import('enquirer');
+      const answer = await prompt({
+        type: 'confirm',
+        name: 'syncNow',
+        message: 'Sync OSV advisory snapshot now? (recommended first-time; ~10-30s)',
+        initial: true,
+      });
+      shouldSync = !!answer.syncNow;
+    } catch {
+      shouldSync = true;
+    }
+  }
+  if (!shouldSync) {
+    log('  Skipped. First `dw scan` will auto-sync if needed.');
+    return;
+  }
+
+  const { findLockfile } = await import('../lib/sc-scanner.mjs');
+  if (!findLockfile(projectDir)) {
+    log('  No lockfile yet — first `dw scan` will sync after `npm install` runs.');
+    return;
+  }
+  log('  Syncing OSV snapshot...');
+  try {
+    const { syncSnapshotForProject } = await import('../lib/sc-sync.mjs');
+    const start = Date.now();
+    const res = await syncSnapshotForProject(projectDir);
+    const partialNote = res.partial ? ` (PARTIAL ${res.chunks.failed}/${res.chunks.total})` : '';
+    ok(`OSV snapshot ready — ${res.advisoryCount} advisories for ${res.packageCount} packages (${Date.now() - start}ms)${partialNote}`);
+  } catch (e) {
+    warn(`OSV sync skipped: ${e.message}. Will retry on first \`dw scan\`.`);
   }
 }