config-audit/tests/lib
Kjell Tore Guttormsen 03949c6c98 feat(dis): flag ineffective allow wildcards; treat Tool(*) as deny-all
Extends the DIS scanner and its shared permission-rules lib with two
documented Claude Code permission footguns. Verified verbatim against
code.claude.com/docs/en/permissions (fetched 2026-06-19).

- lib/permission-rules.mjs: new isIneffectiveAllowGlob(entry) — unanchored
  tool-name globs in permissions.allow (`*`, `B*`, `mcp__*`) that CC silently
  skips ("does not auto-approve anything"); valid only as a glob-free
  `mcp__<server>__*`. Shared with CNF.
- lib/permission-rules.mjs: dominates() now treats the `Tool(*)` deny-all glob
  as equivalent to a bare deny (covers a bare allow) — CC: "Bash(*) is
  equivalent to Bash ... both forms remove the tool from Claude's context".
- DIS: new finding "Ineffective allow wildcard — Claude Code ignores this rule"
  (low, permissions-hygiene, CA-DIS-NNN); the existing dead-allow finding now
  also catches a bare allow killed by a Tool(*) deny.
- 9 new tests (5 lib, 4 DIS) + 2 fixtures (force-added past .gitignore .claude/).
  Suite 903 -> 912. Snapshot unchanged, contamination grep clean. README/CLAUDE/
  scanner-internals document the broadened DIS mandate; test badge synced.
  self-audit: PASS, configGrade A 96, pluginGrade A 100, readme gate passed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
2026-06-19 06:31:18 +02:00
..
active-config-reader.test.mjs feat(config-audit): MCP tool-count detection with manifest fallback (v5 M1) [skip-docs] 2026-05-01 07:02:08 +02:00
baseline.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
diff-engine.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
file-discovery.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
forbidden-words-data.test.mjs feat(humanizer): forbidden-words data file (tier1/2/3) 2026-05-01 16:53:37 +02:00
humanizer-data.test.mjs feat(skill-listing): add SKL scanner for the skill-listing token budget 2026-06-18 17:36:28 +02:00
humanizer.test.mjs feat(skill-listing): add SKL scanner for the skill-listing token budget 2026-06-18 17:36:28 +02:00
output.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
permission-rules.test.mjs feat(dis): flag ineffective allow wildcards; treat Tool(*) as deny-all 2026-06-19 06:31:18 +02:00
report-generator.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
scoring-humanizer.test.mjs feat(humanizer): wire humanizer into posture and scoring scorecard 2026-05-01 17:38:03 +02:00
scoring.test.mjs feat(config-audit): severity-weighted scoreByArea (v5 F3) 2026-05-01 06:20:08 +02:00
severity.test.mjs feat(config-audit): export WEIGHTS from severity.mjs (v5 F3 prep) 2026-05-01 06:16:28 +02:00
skill-listing-budget.test.mjs feat(feature-gap): recommend disableBundledSkills under skill-listing pressure 2026-06-18 21:38:19 +02:00
string-utils.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
suppression.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
yaml-parser.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00