From 346dfac6fad023d3e30271eff9c95a87f50ce9ef Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Fri, 26 Jun 2026 11:04:30 +0200 Subject: [PATCH] =?UTF-8?q?release:=20v5.12.4=20=E2=80=94=20"Rooted=20rule?= =?UTF-8?q?s"=20(M-BUG-9:=20RUL=20resolves=20rule=20glob=20against=20the?= =?UTF-8?q?=20rule's=20own=20project=20root)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Version-sync for the M-BUG-9 fix (code already in 18af5a2): - plugin.json 5.12.3 -> 5.12.4 - README version badge -> 5.12.4, tests badge 1305 -> 1307, new version-history row - CHANGELOG [5.12.4] section checkReadmeBadges: passed:true (tests 1307, scanners 16, commands 21, agents 7, hooks 4 — all match filesystem). Full suite 1307/0. Frozen v5.0.0 + default-output snapshots byte-stable (the fix is a no-op when projectRoot === targetPath; RUL appears in no snapshot). Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01EnUvKEqyEa1m9gy6Aqhdqq --- .claude-plugin/plugin.json | 2 +- CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ README.md | 5 +++-- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json index cb42360..589062b 100644 --- a/.claude-plugin/plugin.json +++ b/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "config-audit", "description": "Multi-agent workflow for analyzing, reporting, and optimizing Claude Code configuration across your entire machine", - "version": "5.12.3", + "version": "5.12.4", "author": { "name": "Kjell Tore Guttormsen" }, diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b70746..28dc95d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [5.12.4] - 2026-06-26 + +### Summary +"Rooted rules" — fixes `M-BUG-9` (dogfooding find) in `scanners/rules-validator.mjs`. The RUL +"Rule path pattern matches no files" check resolved a rule's `paths:`/`globs:` glob against the +outer **scan root** instead of the rule's **own project root** (the directory containing its +`.claude/`), and `collectProjectFiles` carried a `depth>4` cutoff that never reached deep matching +files. As a result, a live rule in a **nested repo** — e.g. a marketplace checkout under +`~/.claude/plugins/marketplaces//.claude/rules/` — was wrongly flagged "never activates" (high +severity), a false F-grade for any user with rules in a nested repo. Same scope-conflation family as +`M-BUG-1/2` (the scanner treats a nested repo's config as scoped to the outer scan root). The fix is a +no-op for the common single-repo scan (`projectRoot === targetPath`), so the frozen v5.0.0 + +default-output snapshots stay byte-stable; no count change (scanners **16**, agents **7**, commands +**21**). **1307** tests (+2). + +### Fixed +- **`rules-validator` glob base (`M-BUG-9`).** The dead-rule check now resolves each rule against its + own project root: + - `deriveProjectRoot(ruleAbsPath)` returns the parent of the rule's `.claude` segment. + - Project files are collected and globbed **per project root** (cached), relative to that root, so a + nested repo's rule matches against its own tree where its files live. This also sidesteps the old + `depth>4` cutoff, because the walk now starts at the nearby project root. + - User-global rules (`projectRoot === $HOME`, i.e. `~/.claude/rules/`) skip the no-match check: they + scope against whatever project is active at runtime, not a fixed tree, so "matches 0 files here" is + not a dead-rule signal (and this avoids a `$HOME`-wide file walk). + - TDD: 2 failing tests (nested-repo false-positive + HOME guard) → fix → full suite 1307/0, frozen + v5.0.0 + default-output snapshots untouched (RUL findings appear in none). Real-machine verify: the + two `ktg-privat` false positives clear and a previously-hidden genuine dead rule (a false negative) + surfaces in the bundled `optimal-setup` example; zero new false positives. + ## [5.12.3] - 2026-06-26 ### Summary diff --git a/README.md b/README.md index 275281d..e6e98e9 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,13 @@ *AI-generated: all code produced by Claude Code through dialog-driven development. [Full disclosure →](../../README.md#ai-generated-code-disclosure)* -![Version](https://img.shields.io/badge/version-5.12.3-blue) +![Version](https://img.shields.io/badge/version-5.12.4-blue) ![Platform](https://img.shields.io/badge/platform-Claude_Code_Plugin-purple) ![Scanners](https://img.shields.io/badge/scanners-16-cyan) ![Commands](https://img.shields.io/badge/commands-21-green) ![Agents](https://img.shields.io/badge/agents-7-orange) ![Hooks](https://img.shields.io/badge/hooks-4-red) -![Tests](https://img.shields.io/badge/tests-1305-brightgreen) +![Tests](https://img.shields.io/badge/tests-1307-brightgreen) ![License](https://img.shields.io/badge/license-MIT-lightgrey) A Claude Code plugin that checks configuration health, suggests context-aware improvements, and auto-fixes issues — `CLAUDE.md`, `settings.json`, hooks, rules, MCP servers, `@imports`, and plugins. 16 deterministic scanners across 10 quality areas, context-aware feature recommendations, auto-fix with backup/rollback, a prompt-cache-aware Token Hotspots scanner with optional API-calibrated `--accurate-tokens` mode, plus cache-prefix stability, dead-tool, cross-plugin collision, output-style, and always-loaded agent-listing-budget detection. Zero external dependencies. @@ -662,6 +662,7 @@ This plugin is cautious by design — configuration files are important, and a b | Version | Date | Highlights | |---------|------|-----------| +| **5.12.4** | 2026-06-26 | "Rooted rules" — fixes `M-BUG-9` (dogfooding find) in `scanners/rules-validator.mjs`: the RUL "Rule path pattern matches no files" check now resolves a rule's `paths:`/`globs:` pattern against the rule's **own project root** (the dir containing its `.claude/`), not the outer scan root. Previously `countGlobMatches` globbed against the scan target and `collectProjectFiles`' `depth>4` cutoff never reached deep matching files, so a live rule in a **nested repo** (e.g. a marketplace checkout under `~/.claude`) was wrongly flagged "never activates" (high) — a false F-grade for anyone with rules in a nested repo. The fix derives each rule's project root, collects+globs per root (cached), and skips the check for user-global rules (`root === $HOME`), which scope against the active project at runtime. Same scope-conflation family as `M-BUG-1/2`. No count change (scanners **16**, agents **7**, commands **21**); the fix is a no-op when `projectRoot === targetPath` (the common single-repo scan), so frozen v5.0.0 + default-output snapshots stay byte-stable. **1307** tests (+2 TDD: nested-repo false-positive + HOME guard). | | **5.12.3** | 2026-06-26 | "Phantom agents" — fixes `M-BUG-3/4/5` (dogfooding finds) in `scanners/lib/active-config-reader.mjs`: `enumerateAgents` now counts only the agents Claude Code actually **registers**. Per the official subagents doc, an agent needs valid `name`+`description` frontmatter, and CC scans recursively and silently skips frontmatter-less files. The reader previously (`M-BUG-5`) counted every `.md` regardless of frontmatter, (`M-BUG-3`) never recursed into agent subdirs, and (`M-BUG-4`) double-counted when the project dir equals the user dir (scanning `$HOME` — root cause, also affecting rules/output-styles). Real-machine verify: user-agent count **13→0** (all 12 user agents + `REMEMBER.md` are frontmatter-less → CC registers none), HOME `project`-dup **13→0**; corrected always-loaded baseline ≈ **53** (was 66). Agent enumeration is machine-dependent and absent from the frozen snapshots, so the v5.0.0 + SC-5 + default-output snapshots stay byte-stable; no count change (scanners **16**, agents **7**, commands **21**). **1305** tests. | | **5.12.2** | 2026-06-24 | "Honest census" — fixes `M-BUG-1` (dogfooding find): `enumeratePlugins` walked `~/.claude/plugins/marketplaces//plugins/` and ignored both enable-state and the polyrepo cache layout, so it **over-counted phantom agents** from disabled plugins while **missing the entire enabled polyrepo set** (whose plugins live under `cache/`). It now gates on `installed_plugins.json` + `enabledPlugins` and enumerates each plugin from its active `installPath`, with the marketplaces walk as fallback. Fixes `manifest`/`whats-active`/AGT/`token-hotspots` for any user with disabled plugins or a polyrepo marketplace. No count change (scanners **16**, agents **7**, commands **21**); `--json`/`--raw` byte-stable, frozen v5.0.0 + SC-5 + default-output snapshots untouched. Real-machine verify: agent listing 114→104, ghosts gone. **1301** tests. | | **5.12.1** | 2026-06-24 | "Footgun guard" — Pattern H (stale plugin-cache versions, `token-hotspots`) recommended deleting stale version dirs with **no warning** that a currently-running session may still hold one of those versions for its whole lifetime. "Stale" is judged against `installed_plugins.json` (what NEW sessions load), so the recommendation could reproduce the exact failure that breaks a live session: deleting the dir pulls the files out from under the running session, which then must `/exit` + restart. The `plugin-cache-hygiene` recommendation now carries the live-session caveat. **Recommendation string only** — no new finding ID or scanner (count stays **16**, agents **7**, commands **21**), no token figures changed, so `--json`/`--raw` stay byte-stable and the frozen v5.0.0 + SC-5 + default-output snapshots are untouched. **1297** tests. |