config-audit/tests/fixtures
Kjell Tore Guttormsen fa1ddd963a feat(cps): scan @imported files for volatile cached-prefix content (v5.10 B6) [skip-docs]
CPS originally inspected only files discovery classifies as claude-md, but a
CLAUDE.md can pull arbitrary files into the cached prefix via @import — and
those targets (e.g. @shared/conventions.md) are usually not claude-md in
discovery, so their inlined content was never scanned. Neither TOK Pattern A
(top-30 of cascade files) nor the in-file CPS scan reaches past the importing
file, so volatility inside an imported file was invisible.

B6 closes the gap: for each @import whose import site sits within the
cached-prefix window (imp.line <= CACHED_PREFIX_LINES), CPS resolves the path
(resolveImportPath, mirroring import-resolver/token-hotspots semantics), reads
the target, and runs findVolatileLines over its first 150 lines. A hit emits a
distinct medium finding — "Volatile content in @imported file breaks cached
prefix" — keyed on the resolved file, evidence naming the importer.

Scope boundaries (deliberate):
- One hop only; imports-of-imports stay with IMP (deep-chain owner).
- No lines-1-30 skip for imported content — that exclusion is root-file-specific
  to avoid Pattern A overlap, which never reaches imported files.
- No double-reporting: an import resolving to a discovered claude-md is skipped
  (own iteration); a reportedImports set dedupes a target imported by several
  CLAUDE.md files.

Dropped from B6 (per plan verdict): confident behavioral cache-buster detection
(opusplan/model-switch is runtime, not static config) and jq-transcript
automation. "No overstated behavioral finding ships" — even the permitted
opusplan info-advisory was left out; the @import extension is the whole of B6.

Byte-stability: the in-file finding keeps the same condition + byte-identical
evidence/description (continue-skip refactored to if-emit, behaviour-preserving);
new findings fire only on a volatile import, which no frozen v5.0.0 fixture has.
docs: README + scanner-internals CPS rows + full B6 note; CLAUDE.md kept lean
([skip-docs]). Suite 1254 -> 1257 green; snapshots + SC-5 untouched.
Version/badges/CHANGELOG wait for the v5.10 release cut.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 20:45:12 +02:00
..
additional-dirs-many/.claude feat(config-audit): flag additionalDirectories > 2 (v5 M6) [skip-docs] 2026-05-01 06:50:24 +02:00
additional-dirs-ok/.claude feat(config-audit): flag additionalDirectories > 2 (v5 M6) [skip-docs] 2026-05-01 06:50:24 +02:00
automode-nonobject/.claude feat(set): validate autoMode structure + flag it in shared settings (CA-SET) 2026-06-19 22:14:26 +02:00
automode-shared/.claude feat(set): validate autoMode structure + flag it in shared settings (CA-SET) 2026-06-19 22:14:26 +02:00
automode-structure/.claude feat(set): validate autoMode structure + flag it in shared settings (CA-SET) 2026-06-19 22:14:26 +02:00
baseline-all-a fix(mcp-config-validator): remove invented trust field (verify-first) 2026-06-18 14:22:56 +02:00
broken-plugin fix(plh): align required-frontmatter with CC docs (drop optional model/tools/name) 2026-06-20 07:27:44 +02:00
broken-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
collision-plugins/fake-home/.claude feat(config-audit): cross-plugin collision scanner COL (v5 N6) [skip-docs] 2026-05-01 07:46:15 +02:00
conflict-project fix(config-audit): complete conflict-project fixture for CNF cross-scope tests 2026-04-19 22:29:46 +02:00
denied-tools-in-schema/.claude feat(config-audit): disabled-in-schema scanner DIS (v5 N4) [skip-docs] 2026-05-01 07:39:58 +02:00
deny-all-glob/.claude feat(dis): flag ineffective allow wildcards; treat Tool(*) as deny-all 2026-06-19 06:31:18 +02:00
duplicate-command-name fix(plh): downgrade cross-plugin command-name overlap to low ambiguity 2026-06-19 15:30:35 +02:00
duplicate-plugin-name fix(plh): downgrade cross-plugin command-name overlap to low ambiguity 2026-06-19 15:30:35 +02:00
fixable-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
forbidden-param-permissions/.claude feat(dis): flag forbidden-param permission rules CC silently ignores 2026-06-19 14:04:25 +02:00
healthy-project fix(mcp-config-validator): remove invented trust field (verify-first) 2026-06-18 14:22:56 +02:00
hooks-additional-context/hooks feat(hooks): additionalContext injection advisory + filter-before lever (v5.10 B5) [skip-docs] 2026-06-23 20:28:33 +02:00
hooks-quiet/hooks feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs] 2026-05-01 07:05:45 +02:00
hooks-verbose/hooks feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs] 2026-05-01 07:05:45 +02:00
import-volatile feat(cps): scan @imported files for volatile cached-prefix content (v5.10 B6) [skip-docs] 2026-06-23 20:45:12 +02:00
ineffective-allow-globs/.claude feat(dis): flag ineffective allow wildcards; treat Tool(*) as deny-all 2026-06-19 06:31:18 +02:00
large-cascade feat(config-audit): TOK flags CLAUDE.md cascade > 10k tokens (v5 M4) [skip-docs] 2026-05-01 06:53:12 +02:00
large-claude-chars feat(cml): context-window-scaled CLAUDE.md char budget (mirrors CC 40.0k warning) 2026-06-19 13:34:40 +02:00
marketplace-large fix(mcp-config-validator): remove invented trust field (verify-first) 2026-06-18 14:22:56 +02:00
marketplace-medium fix(mcp-config-validator): remove invented trust field (verify-first) 2026-06-18 14:22:56 +02:00
marketplace-small test(config-audit): add marketplace-small/medium/large scanner fixtures 2026-04-19 22:36:33 +02:00
mcp-budget feat(config-audit): CA-TOK-005 MCP tool-schema budget (v5 N1) [skip-docs] 2026-05-01 07:29:57 +02:00
mcp-deferral feat(tokens): MCP tool-schema deferral check + CLI-over-MCP lever (v5.10 B4) 2026-06-23 19:59:14 +02:00
mcp-tool-heavy chore(config-audit): allow fake node_modules in tests/fixtures (v5 M1) [skip-docs] 2026-05-01 07:02:54 +02:00
minimal-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
opus-47 test(config-audit): add Opus 4.7 pattern fixtures (cache, redundant, imports, sonnet-era) 2026-04-19 22:34:41 +02:00
param-conflict-project/.claude fix(permissions): param-aware DIS dead-allow + CNF conflict matching 2026-06-18 13:06:20 +02:00
param-qualified-permissions/.claude fix(permissions): param-aware DIS dead-allow + CNF conflict matching 2026-06-18 13:06:20 +02:00
plugin-section-coverage fix(plh): require CLAUDE.md commands/agents/hooks section only for shipped components 2026-06-20 09:06:20 +02:00
plugin-shadow-folder feat(plh): flag plugin.json paths that shadow default folders (CA-PLH-015) 2026-06-19 21:46:22 +02:00
plugin-skills-array feat(plh): validate plugin.json skills:-array entries (CA-PLH-016) 2026-06-19 21:56:57 +02:00
readme-desynced feat(config-audit): self-audit --check-readme flag (v5 F6) [skip-docs] 2026-05-01 07:09:26 +02:00
skill-bloated/skills/bloated feat(config-audit): TOK flags skill description > 500 chars (v5 M2) [skip-docs] 2026-05-01 06:58:42 +02:00
skill-tight/skills/tight feat(config-audit): TOK flags skill description > 500 chars (v5 M2) [skip-docs] 2026-05-01 06:58:42 +02:00
small-cascade feat(config-audit): TOK flags CLAUDE.md cascade > 10k tokens (v5 M4) [skip-docs] 2026-05-01 06:53:12 +02:00
test-plugin feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
tok-active-config feat(config-audit): TOK consumes readActiveConfig (v5 F1) 2026-05-01 06:27:34 +02:00
volatile-mid-section feat(config-audit): cache-prefix stability scanner CPS (v5 N3) [skip-docs] 2026-05-01 07:37:54 +02:00