release: v5.3.0 — permission-rule & plugin-hygiene hardening (DIS/CML/PLH)

Five additive scanner findings extend existing scanners (count stays 13): DIS forbidden-param rules (Tool(param:value) on a canonicalizing field — deny/ask = false security, allow = dead config) and ineffective allow-wildcards + Tool(*) deny-all; CML context-window-scaled 40.0k-char CLAUDE.md budget mirroring CC's startup warning; PLH plugin namespace collision (two plugins declaring the same name). PLH cross-plugin command-name overlap reframed HIGH → LOW (namespacing keeps both reachable). feature-gap recommends disableBundledSkills under skill-listing pressure.

Version sync: plugin.json 5.2.0→5.3.0, README version badge + What's New + version-history row + TOC anchor (tests badge already 936+, scanner count stays 13), CHANGELOG [5.3.0] entry, 3 knowledge-backing entries. 936/936 tests; self-audit configGrade A 97, pluginGrade A 100, readmeCheck.passed:true; gitleaks clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
This commit is contained in:
Kjell Tore Guttormsen 2026-06-19 20:45:29 +02:00
commit fe686b6594
5 changed files with 118 additions and 13 deletions

View file

@ -5,6 +5,77 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [5.3.0] - 2026-06-19
### Summary
Permission-rule & plugin-hygiene hardening. Five additive scanner findings extend the existing
DIS, CML, PLH, and feature-gap scanners — no new scanner file, so the scanner count stays **13**.
DIS gains forbidden-parameter and ineffective-allow-wildcard detection; CML mirrors Claude Code's
own 40.0k-char "large CLAUDE.md" startup warning, context-window scaled; PLH flags two plugins
that declare the same name; and feature-gap recommends `disableBundledSkills` under skill-listing
pressure. The cross-plugin command-name finding is reframed from a HIGH conflict to a LOW
ambiguity. Scanner internals only — no command, agent, or output-format changes; `--json` and
`--raw` remain byte-stable.
### Added
- **DIS forbidden-param rules** — flags `Tool(param:value)` whose key is the tool's own
canonicalizing field (`command`/`file_path`/`path`/`notebook_path`/`url`); Claude Code ignores
these and emits a startup warning. Severity by intent: **deny/ask = false security (medium)**,
**allow = dead config (low)**. Valid forms (`Bash(npm:*)`, `WebFetch(domain:host)`,
`Agent(model:opus)`) are never flagged. Predicate `forbiddenParamRule` in `permission-rules.mjs`.
- **DIS ineffective allow-wildcards + `Tool(*)` deny-all** — flags unanchored tool-name globs in
`permissions.allow` (`*`, `B*`, `mcp__*`) that CC silently skips (low); treats `Tool(*)` as
deny-all (`Bash(*)``Bash`) so a bare allow killed by it is reported as dead config. Valid
`mcp__<server>__*` is never flagged.
- **CML context-window-scaled char budget** — new `CA-CML` finding mirroring CC's startup warning
*"Large CLAUDE.md will impact performance (X chars > 40.0k)"*. Anchors on the conservative 200k
window; discloses the relaxed ~200,000-char figure at 1M context. Severity **medium** (token
cost). Char-keyed, complementary to the 200/500-line checks. Window constants live in the shared
`scanners/lib/context-window.mjs`.
- **PLH plugin namespace collision** — flags 2+ discovered plugins declaring the same `name` in
`plugin.json`. Namespaces collapse; CC picks an undocumented winner; the loser's
commands/skills/agents go silently unreachable. Severity **medium** (dead config),
`category: 'plugin-hygiene'`, COL-shaped `details.namespaces`. Keys on the declared `name`, not
`basename(dir)`; name-less plugins are excluded.
- **feature-gap `disableBundledSkills` lever** — conditional recommendation to set
`disableBundledSkills` when the active skill listing is over budget; remediation companion to
SKL `CA-SKL-002`.
### Changed
- **PLH cross-plugin command-name overlap: HIGH → LOW** — reframed from "conflict" to "ambiguity".
Commands are namespaced (`/name:command`) so both stay reachable; only a same-`name` plugin
collision loses components (covered by the new namespace-collision finding). Now group-first
(one finding per command name listing every namespace), COL-shaped `details.namespaces`. The old
HIGH `Cross-plugin command name conflict` finding and its humanizer entry are removed. Scoring
impact: configs with cross-plugin command overlap score slightly higher. Not a `--json`-shape
break — no test or consumer asserted the old HIGH.
### Fixed
- **README scanner table** — added the missing SKL row (12 → 13 rows); the prose table lagged the
badge/self-audit count (the `--check-readme` gate is number-only and didn't catch it).
### Internal
- **Extract skill-listing budget to shared lib**`scanners/lib/context-window.mjs` as the single
source of truth for the 200k/1M context-window constants, re-exported by
`skill-listing-budget.mjs` and consumed by the new CML char-budget finding.
### Knowledge
- Three backing entries added: `disableBundledSkills` as a token-efficiency lever
(`prompt-cache-patterns.md`); the 40.0k-char "large CLAUDE.md" startup warning + CC 2.1.169
context-window scaling (`claude-code-capabilities.md`); and `Tool(param:value)` permission
semantics — deny/ask-only matching plus the canonicalizing-field rules CC ignores
(`claude-code-capabilities.md`).
### Test count
- 936 tests across 56 test files (unchanged — this release covers already-tested work on `main`).
### Verification
- 936/936 tests pass (`node --test 'tests/**/*.test.mjs'`).
- `node scanners/self-audit.mjs --json --check-readme``configGrade: A`, `pluginGrade: A`,
`readmeCheck.passed: true`.
- README version badge updated: `version-5.2.0``version-5.3.0`. Scanner count stays 13; tests
badge already `936+`.
## [5.2.0] - 2026-06-18
### Summary