specweave 1.0.305 → 1.0.306

package/dist/src/core/fabric/security-scanner.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../../../src/core/fabric/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAyB,MAAM,sBAAsB,CAAC;AA4UvF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,wBAAwB,CA2D1E"}
+{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../../../src/core/fabric/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,wBAAwB,EAAyB,MAAM,sBAAsB,CAAC;AAsbvF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,wBAAwB,CA8D1E"}

package/dist/src/core/fabric/security-scanner.js

@@ -3,6 +3,10 @@
  * Detects destructive commands, remote code execution, credential access,
  * prompt injection, frontmatter issues, and network access patterns.
  */
+/** Safe DCI patterns — the canonical skill-memories lookup */
+const SAFE_DCI_CONTEXTS = [
+    /^!\s*`for\s+d\s+in\s+\.specweave\/skill-memories/,
+];
 /** Temp-dir path patterns (reused across short-form and long-form rm) */
 const TEMP_DIR_PATTERNS = [
     /\$\{?TMPDIR\}?/i,
@@ -253,6 +257,106 @@ const PATTERN_CHECKS = [
         category: 'remote-code-execution',
         message: 'new Function() constructor detected (dynamic code generation)',
     },
+    // --- DCI Block Abuse (critical) ---
+    // DCI blocks are shell commands in SKILL.md executed via ! prefix.
+    {
+        pattern: /^!\s*`[^`]*(?:~\/\.ssh\/|~\/\.aws\/|\.env\b|\.gnupg\/)/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block reads credential files (~/.ssh/, ~/.aws/, .env)',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\b(?:curl|wget)\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block uses curl/wget for network access',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\b(?:fetch|nc|ncat|netcat)\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block uses fetch or netcat for network access',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*(?:>\s*.*(?:CLAUDE\.md|AGENTS\.md|\.claude\/|\.specweave\/))/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block writes to agent config files (CLAUDE.md, AGENTS.md, .claude/)',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*(?:tee|sed\s+-i|echo\s+.*>>)\s*.*(?:CLAUDE\.md|AGENTS\.md|\.claude\/)/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block modifies agent config via tee/sed/echo append',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\b(?:base64\s+(?:-[dD]|--decode)|atob\s*\()/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block contains base64 decoding (obfuscation)',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2}){3,}/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block contains hex escape sequences (obfuscation)',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\beval\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block uses eval for code execution',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\b(?:curl|wget)\b[^`]*\|\s*(?:ba|z|da|k)?sh\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block pipes downloaded content to shell (download-and-execute)',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*(?:\/dev\/tcp\/|bash\s+-i\s+>&|mkfifo|nc\s+-[a-z]*e)/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block establishes a reverse shell connection',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\bsudo\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block uses sudo for privilege escalation',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*\brm\s+-[a-zA-Z]*r[a-zA-Z]*f/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block executes destructive rm -rf command',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*(?:cat|less|head|tail|strings)\s+[^`]*(?:~\/\.|\/home\/[^`]*\.)/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block reads from home directory sensitive paths',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
+    {
+        pattern: /^!\s*`[^`]*(?:cat|tar|zip)\s+[^|`]*\|\s*(?:curl|wget|nc)\b/,
+        severity: 'critical',
+        category: 'dci-abuse',
+        message: 'DCI block pipes local data to a network command',
+        safeContexts: SAFE_DCI_CONTEXTS,
+    },
     // --- Network access (info) ---
     {
         pattern: /\bfetch\s*\(/,
@@ -345,8 +449,11 @@ export function scanSkillContent(content) {
                     if (isSafe)
                         continue;
                 }
-                // Downgrade severity inside balanced fenced code blocks only
-                const severity = (inCodeBlock && codeBlocksBalanced) ? 'info' : check.severity;
+                // Downgrade severity inside balanced fenced code blocks only.
+                // DCI-abuse findings are NEVER downgraded — DCI blocks execute even inside code fences.
+                const severity = (inCodeBlock && codeBlocksBalanced && check.category !== 'dci-abuse')
+                    ? 'info'
+                    : check.severity;
                 findings.push({
                     severity,
                     category: check.category,

package/dist/src/core/fabric/security-scanner.js.map

@@ -1 +1 @@
-{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../../../src/core/fabric/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,yEAAyE;AACzE,MAAM,iBAAiB,GAAG;IACxB,iBAAiB;IACjB,cAAc;IACd,UAAU;IACV,aAAa;CACd,CAAC;AAEF,8DAA8D;AAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAE3G,kEAAkE;AAClE,MAAM,0BAA0B,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,wCAAwC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAWvI,MAAM,cAAc,GAAmB;IACrC,0CAA0C;IAC1C;QACE,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,kDAAkD;QAC3D,YAAY,EAAE,gBAAgB;KAC/B;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,0BAA0B;KACzC;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,8BAA8B;KACxC;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,6BAA6B;KACvC;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,+BAA+B;KACzC;IACD;QACE,OAAO,EAAE,UAAU;QACnB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,yCAAyC;KACnD;IACD;QACE,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,iDAAiD;KAC3D;IAED,2CAA2C;IAC3C;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,4CAA4C;KACtD;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,4CAA4C;KACtD;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,8BAA8B;KACxC;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,+DAA+D;KACzE;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,2CAA2C;KACrD;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qCAAqC;KAC/C;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,mCAAmC;KAC7C;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,gCAAgC;KAC1C;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,uCAAuC;KACjD;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,mCAAmC;KAC7C;IAED,uCAAuC;IACvC;QACE,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,iDAAiD;KAC3D;IAED,kCAAkC;IAClC;QACE,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,kDAAkD;KAC5D;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,4DAA4D;KACtE;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,qDAAqD;QAC9D,YAAY,EAAE;YACZ,oKAAoK;SACrK;KACF;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,sDAAsD;KAChE;IAED,iCAAiC;IACjC;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,8DAA8D;KACxE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,sDAAsD;KAChE;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,gDAAgD;KAC1D;IAED,wCAAwC;IACxC;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,yCAAyC;KACnD;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qDAAqD;KAC/D;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,4CAA4C;KACtD;IAED,sCAAsC;IACtC;QACE,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,8DAA8D;KACxE;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,sDAAsD;KAChE;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,oDAAoD;KAC9D;IAED,2CAA2C;IAC3C;QACE,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,wCAAwC;KAClD;IAED,kCAAkC;IAClC;QACE,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,+DAA+D;KACzE;IAED,gCAAgC;IAChC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,uBAAuB;KACjC;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,0BAA0B;KACpC;IACD;QACE,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,iCAAiC;KAC3C;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,0DAA0D;IAC1D,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACtE,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,eAAe,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrD,mDAAmD;IACnD,MAAM,oBAAoB,GAAG,CAAC,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACjC,4CAA4C;QAC5C,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,mBAAmB;gBAC7B,OAAO,EAAE,gEAAgE;gBACzE,IAAI,EAAE,oBAAoB,GAAG,CAAC;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,oCAAoC;IACpC,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACzD,IAAI,kBAAkB,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC;IAED,sDAAsD;IACtD,oFAAoF;IACpF,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC5D,MAAM,kBAAkB,GAAG,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;IAEhD,wCAAwC;IACxC,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,kEAAkE;QAClE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,GAAG,CAAC,WAAW,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,wDAAwD;QACxD,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,IAAI,uCAAuC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,0DAA0D;gBAC1D,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;oBACvB,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC9D,IAAI,MAAM;wBAAE,SAAS;gBACvB,CAAC;gBAED,6DAA6D;gBAC7D,MAAM,QAAQ,GAAG,CAAC,WAAW,IAAI,kBAAkB,CAAC,CAAC,CAAC,CAAC,MAAe,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC;gBAExF,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAC/E,QAAQ;KACT,CAAC;AACJ,CAAC"}
+{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../../../src/core/fabric/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG;IACxB,kDAAkD;CACnD,CAAC;AAEF,yEAAyE;AACzE,MAAM,iBAAiB,GAAG;IACxB,iBAAiB;IACjB,cAAc;IACd,UAAU;IACV,aAAa;CACd,CAAC;AAEF,8DAA8D;AAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAE3G,kEAAkE;AAClE,MAAM,0BAA0B,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,wCAAwC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAWvI,MAAM,cAAc,GAAmB;IACrC,0CAA0C;IAC1C;QACE,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,kDAAkD;QAC3D,YAAY,EAAE,gBAAgB;KAC/B;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,0BAA0B;KACzC;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,8BAA8B;KACxC;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,6BAA6B;KACvC;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,+BAA+B;KACzC;IACD;QACE,OAAO,EAAE,UAAU;QACnB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,yCAAyC;KACnD;IACD;QACE,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,iDAAiD;KAC3D;IAED,2CAA2C;IAC3C;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,4CAA4C;KACtD;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,4CAA4C;KACtD;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,8BAA8B;KACxC;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,+DAA+D;KACzE;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,2CAA2C;KACrD;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qCAAqC;KAC/C;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,mCAAmC;KAC7C;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,gCAAgC;KAC1C;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,uCAAuC;KACjD;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,mCAAmC;KAC7C;IAED,uCAAuC;IACvC;QACE,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,iDAAiD;KAC3D;IAED,kCAAkC;IAClC;QACE,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,kDAAkD;KAC5D;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,4DAA4D;KACtE;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,qDAAqD;QAC9D,YAAY,EAAE;YACZ,oKAAoK;SACrK;KACF;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,sDAAsD;KAChE;IAED,iCAAiC;IACjC;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,8DAA8D;KACxE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,sDAAsD;KAChE;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,gDAAgD;KAC1D;IAED,wCAAwC;IACxC;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,yCAAyC;KACnD;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qDAAqD;KAC/D;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,4CAA4C;KACtD;IAED,sCAAsC;IACtC;QACE,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,8DAA8D;KACxE;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,sDAAsD;KAChE;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,oDAAoD;KAC9D;IAED,2CAA2C;IAC3C;QACE,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,wCAAwC;KAClD;IAED,kCAAkC;IAClC;QACE,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,+DAA+D;KACzE;IAED,qCAAqC;IACrC,mEAAmE;IACnE;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,2DAA2D;QACpE,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,6CAA6C;QACtD,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,mDAAmD;QAC5D,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,yEAAyE;QAClF,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,kFAAkF;QAC3F,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,yDAAyD;QAClE,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,kDAAkD;QAC3D,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,uDAAuD;QAChE,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,wCAAwC;QACjD,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,oEAAoE;QAC7E,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,iEAAiE;QAC1E,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,kDAAkD;QAC3D,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,8CAA8C;QACvD,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,+CAA+C;QACxD,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,4EAA4E;QACrF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,qDAAqD;QAC9D,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,iDAAiD;QAC1D,YAAY,EAAE,iBAAiB;KAChC;IAED,gCAAgC;IAChC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,uBAAuB;KACjC;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,0BAA0B;KACpC;IACD;QACE,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,sBAAsB;KAChC;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,iCAAiC;KAC3C;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,0DAA0D;IAC1D,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACtE,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,eAAe,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrD,mDAAmD;IACnD,MAAM,oBAAoB,GAAG,CAAC,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACjC,4CAA4C;QAC5C,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,mBAAmB;gBAC7B,OAAO,EAAE,gEAAgE;gBACzE,IAAI,EAAE,oBAAoB,GAAG,CAAC;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,oCAAoC;IACpC,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACzD,IAAI,kBAAkB,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC;IAED,sDAAsD;IACtD,oFAAoF;IACpF,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC5D,MAAM,kBAAkB,GAAG,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC;IAEhD,wCAAwC;IACxC,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,kEAAkE;QAClE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,GAAG,CAAC,WAAW,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,wDAAwD;QACxD,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,IAAI,uCAAuC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,0DAA0D;gBAC1D,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;oBACvB,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC9D,IAAI,MAAM;wBAAE,SAAS;gBACvB,CAAC;gBAED,8DAA8D;gBAC9D,wFAAwF;gBACxF,MAAM,QAAQ,GAAG,CAAC,WAAW,IAAI,kBAAkB,IAAI,KAAK,CAAC,QAAQ,KAAK,WAAW,CAAC;oBACpF,CAAC,CAAC,MAAe;oBACjB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC;gBAEnB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAC/E,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "specweave",
-  "version": "1.0.305",
+  "version": "1.0.306",
   "description": "Spec-driven development framework for AI coding agents. Works with Claude Code, Codex, Antigravity, Cursor, Copilot & more. 100+ skills, 49 CLI commands, verified skill certification, autonomous execution, and living documentation.",
   "type": "module",
   "main": "dist/index.js",

package/plugins/specweave/hooks/user-prompt-submit.sh

@@ -95,7 +95,7 @@ else
 fi
 
 # ==============================================================================
-# EARLY EXIT FOR BUILT-IN SLASH COMMANDS (v1.0.280)
+# EARLY EXIT FOR BUILT-IN SLASH COMMANDS (v1.0.280, fixed v1.0.305)
 # ==============================================================================
 # Claude Code has built-in slash commands (/context, /help, /clear, /compact,
 # /memory, /permissions, /cost, /doctor, /login, /logout, /config, etc.)
@@ -105,8 +105,15 @@ fi
 # Without this guard, built-in commands like /context go through the LLM
 # detect-intent pipeline (5-15s delay) and may get incorrect additionalContext
 # injected, causing them to fail or behave unexpectedly.
-if echo "$PROMPT" | grep -qE "^[[:space:]]*/[a-zA-Z][a-zA-Z0-9_-]*($|[[:space:]])" && \
-   ! echo "$PROMPT" | grep -qiE "^[[:space:]]*/sw[-:]"; then
+#
+# v1.0.305: Strip IDE metadata tags before checking. In VSCode, the prompt may
+# have <ide_opened_file>...</ide_opened_file> or <ide_selection>...</ide_selection>
+# prefixed on the same line as the command, causing the ^-anchored regex to fail.
+# Uses sed to strip everything up to the last closing </ide_*> tag (handles content
+# with < chars like code selections), then trims leading whitespace.
+CLEAN_PROMPT=$(echo "$PROMPT" | sed 's/.*<\/ide_[a-z_]*>//; s/^[[:space:]]*//')
+if echo "$CLEAN_PROMPT" | grep -qE "^[[:space:]]*/[a-zA-Z][a-zA-Z0-9_-]*($|[[:space:]])" && \
+   ! echo "$CLEAN_PROMPT" | grep -qiE "^[[:space:]]*/sw[-:]"; then
   echo '{"decision":"approve"}'
   exit 0
 fi