memento-mori-jester 0.1.67 → 0.1.68

package/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to Memento Mori Jester are tracked here.
 
 ## Unreleased
 
+## 0.1.68
+
+- Added AI preset fixtures for user-controlled tool dispatch from request body and URL search parameter inputs.
+- Added quiet-pass AI near-misses for explicit tool allowlists and schema-validated model data, growing the corpus to 170 fixtures.
+- Refreshed demo, roadmap, fixture docs, and release notes for the AI tool-dispatch coverage pass.
+
 ## 0.1.67
 
 - Added six real-world quiet-pass fixtures for security, web, node, and python preset slices, growing the corpus to 166 fixtures.

package/ROADMAP.md

@@ -6,6 +6,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 
 ## Recently Shipped
 
+- AI tool-dispatch fixture curation in v0.1.68, adding request-body and URL-parameter caution examples plus allowlist/schema quiet-pass boundaries.
 - Security/web/node/python preset fixture curation in v0.1.67, adding real-world quiet-pass examples while keeping thin, quiet-pass, feasible pass-case, and preset-kind gaps at zero.
 - Real-world low-count preset fixture batch in v0.1.66, adding node, python, infra, and AI examples while keeping thin, quiet-pass, and feasible pass-case gaps at zero.
 - Feasible pass-case fixture curation in v0.1.65, adding matched-pass examples for low-severity tone/planning rules and stopping curation from asking for impossible pass cases on hard rules.
@@ -56,7 +57,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 
 ## Product Ideas
 
-- Collect real-world reports for the next lowest-count preset slices: AI first, then node, python, and security.
+- Collect real-world reports for the next lowest-count preset slices: node, python, security, then web.
 - Add more framework-specific false-positive examples from real reports so tuning guidance keeps getting sharper.
 - Add a Markdown export for fixture reports so maintainers can paste coverage snapshots into issues or release notes.
 

package/docs/DEMO.md

@@ -192,8 +192,8 @@ Project config: none loaded
 Fixture tuning evidence:
 Support: limited
 Confidence: medium
-Total fixtures checked: 166
-Weighted fixtures checked: 317.9
+Total fixtures checked: 170
+Weighted fixtures checked: 325.9
 Matching fixtures: 11
 Weighted matches: 23
 Expected-match weight: 18
@@ -202,7 +202,7 @@ Edge-case matches: 0
 Quiet-pass fixtures: 5
 Quiet-pass weight: 3.6
 By kind: command 0, plan 5, diff 5, final 1
-Fixture coverage: 11/166 (7.2% weighted)
+Fixture coverage: 11/170 (7.1% weighted)
 By verdict: pass 0, caution 3, block 8
 Matched fixture samples:
   infra-public-ingress-block: Public ingress should block in low-risk-tolerance infra repos.
@@ -353,7 +353,7 @@ Preset packs:
 
 ## 13. Review Fixtures
 
-The fixture suite in `examples/fixtures/preset-review-cases.json` captures small real-usage examples with expected `pass`, `caution`, or `block` verdicts. It also includes matched-pass examples for low-severity rules, quiet-pass `absentRuleIds` examples that prove noisy rules stay silent for safe near-misses, stack-specific coverage for every built-in preset, quiet-pass boundaries across built-in, structural, custom, and preset/config-derived rules, second firing examples for preset blocked-command rules, second examples for AI/API, framework custom, built-in, and configured sensitive-domain rules, and real-world low-count preset examples across node, python, web, infra, AI, and security slices. These examples are run by `npm test`, so preset tuning changes stay visible.
+The fixture suite in `examples/fixtures/preset-review-cases.json` captures small real-usage examples with expected `pass`, `caution`, or `block` verdicts. It also includes matched-pass examples for low-severity rules, quiet-pass `absentRuleIds` examples that prove noisy rules stay silent for safe near-misses, stack-specific coverage for every built-in preset, quiet-pass boundaries across built-in, structural, custom, and preset/config-derived rules, second firing examples for preset blocked-command rules, second examples for AI/API, framework custom, built-in, and configured sensitive-domain rules, AI tool-dispatch examples with safe allowlist/schema boundaries, and real-world low-count preset examples across node, python, web, infra, AI, and security slices. These examples are run by `npm test`, so preset tuning changes stay visible.
 
 Maintainers can run `npm run fixtures:report` to see coverage by verdict, kind, preset, rule family, and preset slice. The report also includes a `Curation next` section that points at the next useful fixture batch, such as thin rules, feasible pass-case evidence, rule-family gaps, or lower-count presets.
 

package/docs/RELEASE_NOTES_v0.1.68.md

@@ -0,0 +1,35 @@
+# Memento Mori Jester v0.1.68
+
+This release strengthens the AI preset fixture slice with concrete tool-dispatch examples. It keeps review behavior unchanged and only improves the evidence used by fixture reports and tuning context.
+
+## What Changed
+
+- Added 4 fixture cases, growing the corpus from 166 to 170 fixtures.
+- Added two caution fixtures for `custom-ai-user-controlled-tool-dispatch`:
+  - Tool names taken from request body input.
+  - Tool names taken from URL search parameters.
+- Added quiet-pass AI near-misses for:
+  - Explicit tool allowlists.
+  - Schema validation of model data instead of executing model output.
+- Kept thin rule coverage, quiet-pass gaps, feasible pass-case gaps, and preset/kind gaps at zero.
+
+## Public Interface
+
+- No CLI command changes.
+- No config schema changes.
+- No rule matching, scoring, or verdict behavior changes.
+- No MCP, playground, GitHub Action, or npm publishing changes.
+
+## Release Validation
+
+```powershell
+npm.cmd test
+npm.cmd run demo:svg:check
+npm.cmd run fixtures:report
+npm.cmd run fixtures:report -- --json
+npm.cmd run pack:dry
+git diff --check
+node .\dist\cli.js tune coverage --no-config
+node .\dist\cli.js tune risky-domain --json --no-config
+git diff | node .\dist\cli.js diff --fail-on block --subject "v0.1.68 AI tool-dispatch fixtures"
+```

package/examples/fixtures/README.md

@@ -14,6 +14,7 @@ Maintainer triage guidance lives in [docs/MAINTAINER_TRIAGE.md](../../docs/MAINT
 - API preset CORS, raw SQL, webhook, and migration-command risks.
 - Infra preset public exposure, IAM wildcard, and destructive command risks.
 - AI preset eval-skipping and model-output execution risks.
+- AI preset user-controlled tool-dispatch risks and safe allowlist/schema boundaries.
 - Quiet-pass boundaries for thin custom, configured sensitive-domain, and preset blocked-command rules.
 - Quiet-pass boundaries for built-in and structural rules such as missing verification, TypeScript suppressions, large removals, wildcard operations, destructive commands, and untested finals.
 - Matched-pass examples for low-severity rules where a single finding should stay below caution.

package/examples/fixtures/preset-review-cases.json

@@ -2145,5 +2145,55 @@
       "custom-python-eval-exec",
       "custom-python-pickle-load"
     ]
+  },
+  {
+    "id": "ai-user-controlled-tool-diff-caution",
+    "preset": "ai",
+    "kind": "diff",
+    "description": "Tool dispatch from request body input should warn in AI preset repos.",
+    "content": "diff --git a/src/tools.ts b/src/tools.ts\n--- a/src/tools.ts\n+++ b/src/tools.ts\n@@ -1 +1,2 @@\n+const selectedTool = req.body.tool; await callTool(selectedTool, req.body.args);\n",
+    "expectedVerdict": "caution",
+    "weight": 2,
+    "expectedRuleIds": [
+      "custom-ai-user-controlled-tool-dispatch"
+    ]
+  },
+  {
+    "id": "ai-searchparams-tool-diff-caution",
+    "preset": "ai",
+    "kind": "diff",
+    "description": "Tool dispatch from URL search parameters should warn without an allowlist.",
+    "content": "diff --git a/src/tool-router.ts b/src/tool-router.ts\n--- a/src/tool-router.ts\n+++ b/src/tool-router.ts\n@@ -1 +1,2 @@\n+const toolName = searchParams.get(\"name\"); await callTool(toolName, {});\n",
+    "expectedVerdict": "caution",
+    "weight": 2,
+    "expectedRuleIds": [
+      "custom-ai-user-controlled-tool-dispatch"
+    ]
+  },
+  {
+    "id": "ai-tool-allowlist-diff-pass",
+    "preset": "ai",
+    "kind": "diff",
+    "description": "Explicit AI tool allowlists should not trip user-controlled dispatch checks.",
+    "content": "diff --git a/src/tools.ts b/src/tools.ts\n--- a/src/tools.ts\n+++ b/src/tools.ts\n@@ -1 +1,2 @@\n+const allowedTools = new Set([\"search_docs\", \"summarize\"]);\n",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "custom-ai-user-controlled-tool-dispatch"
+    ]
+  },
+  {
+    "id": "ai-schema-validation-diff-pass",
+    "preset": "ai",
+    "kind": "diff",
+    "description": "Schema validation of model data should stay quiet around model-output execution checks.",
+    "content": "diff --git a/src/output.ts b/src/output.ts\n--- a/src/output.ts\n+++ b/src/output.ts\n@@ -1 +1,2 @@\n+const parsed = ResponseSchema.parse(responseJson);\n",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "custom-ai-model-output-execution"
+    ]
   }
 ]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memento-mori-jester",
-  "version": "0.1.67",
+  "version": "0.1.68",
   "description": "A local court-jester sidecar for AI coding agents: review plans, commands, diffs, and final claims before they get too pleased with themselves.",
   "type": "module",
   "repository": {