config-audit/tests
Kjell Tore Guttormsen d678765fad feat(dis): flag forbidden-param permission rules CC silently ignores
Extends the DIS scanner and its shared permission-rules lib with a third
documented Claude Code permission footgun. Verified verbatim against
code.claude.com/docs/en/permissions (fetched 2026-06-19).

CC's Tool(param:value) matching (2.1.178) is off-limits for a tool's own
canonicalizing field — CC ignores such a rule and emits a startup warning,
because e.g. Bash(command:rm *) is bypassable by a compound command. The
forbidden fields: command (Bash/PowerShell), file_path (Read/Edit/Write),
path (Grep/Glob), notebook_path (NotebookEdit), url (WebFetch).

- lib/permission-rules.mjs: new forbiddenParamRule(entry) returning
  { tool, key, hint } or null. Only the param:value form (colon present)
  whose key equals the tool's forbidden field is flagged; Bash(npm:*),
  WebFetch(domain:host), Agent(model:opus), and Bash(command) (no colon)
  are left valid. FORBIDDEN_PARAMS map is the single source of truth.
- DIS: scans allow + deny + ask and splits severity by intent — deny/ask
  hits are false security (medium: the block never applies), allow hits are
  dead config (low: param:value matching is deny/ask-only). Two findings,
  permissions-hygiene, CA-DIS-NNN.
- 11 new tests (7 lib, 4 DIS) + 1 fixture forbidden-param-permissions
  (force-added past .gitignore .claude/). Suite 918 -> 929. Snapshot
  unchanged (SC-5 byte-equal), contamination grep clean, gitleaks clean.
  README/CLAUDE document the broadened DIS mandate; test badge synced.
  self-audit: PASS, configGrade A 97, pluginGrade A 100, scanners 13.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
2026-06-19 14:04:25 +02:00
..
agents feat(humanizer): update agent system prompts [skip-docs] 2026-05-01 19:53:59 +02:00
commands feat(humanizer): update action command templates [skip-docs] 2026-05-01 19:50:47 +02:00
fixtures feat(dis): flag forbidden-param permission rules CC silently ignores 2026-06-19 14:04:25 +02:00
helpers test(snapshots): make byte/snapshot tests hermetic + re-seed baseline 2026-06-18 12:26:00 +02:00
hooks feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
knowledge fix(tokens): refresh stale "Opus 4.7" framing to model-neutral + Opus 4.8 anchor 2026-06-18 15:27:36 +02:00
lib feat(dis): flag forbidden-param permission rules CC silently ignores 2026-06-19 14:04:25 +02:00
scanners feat(dis): flag forbidden-param permission rules CC silently ignores 2026-06-19 14:04:25 +02:00
scenarios feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
snapshots feat(skill-listing): add SKL scanner for the skill-listing token budget 2026-06-18 17:36:28 +02:00
json-backcompat.test.mjs test(snapshots): make byte/snapshot tests hermetic + re-seed baseline 2026-06-18 12:26:00 +02:00
lint-default-output.mjs feat(humanizer): forbidden-words lint runner + test wrapper (SC-3) [skip-docs] 2026-05-01 18:11:15 +02:00
lint-forbidden-words.json feat(humanizer): forbidden-words data file (tier1/2/3) 2026-05-01 16:53:37 +02:00
raw-backcompat.test.mjs test(snapshots): make byte/snapshot tests hermetic + re-seed baseline 2026-06-18 12:26:00 +02:00
scenario-read-test.mjs feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
scenario-read-test.test.mjs feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
snapshot-default-output.test.mjs test(snapshots): make byte/snapshot tests hermetic + re-seed baseline 2026-06-18 12:26:00 +02:00