config-audit/tests
Kjell Tore Guttormsen e8afb148d3 fix(acr): conflict-detector segregates plugin-bundled configs (M-BUG-2)
CNF compared every discovered settings.json/hooks.json pairwise regardless of
origin, so it treated installed plugins' bundled configs — each plugin's own
settings.json/hooks.json plus its shipped test fixtures and examples under
~/.claude/plugins/ — as if they were the user's authored cascade. A "conflict"
between two plugins' bundled test fixtures is not something a user can resolve,
yet these dominated the count: 339 CNF findings on this machine (315 high-sev
permission allow/deny "conflicts", 18 duplicate-hook, 6 settings-key), almost all
sourced from plugin-internal fixtures. The Conflicts grade was F on pure noise.
Fix: CNF excludes any file whose path is under `.claude/plugins/` from conflict
analysis (new isPluginBundled predicate; absPath marker). Kept CNF-local rather
than a discovery-level skip on purpose: an active plugin's contributed
hooks.json/.mcp.json legitimately lives in plugins/cache and other scanners need
it — only conflict analysis must ignore plugin-bundled files. Same class as
M-BUG-8 (non-live config trees treated as live). Suite 1344/0 (+3: plugin-bundled
exclusion, discovery-side sanity, over-exclusion guard). Frozen v5.0.0 + SC-5
snapshots untouched (marketplace-medium has no plugins/ paths), no re-seed.
Dogfood ~/.claude CNF 339->0 (F-grade was 100% plugin-bundled noise; the ~3
genuine user-scope local settings have no actual conflicting keys, matching the
plan C5 "real surface ~3 files" prediction).

Follow-up (not in this fix): classifyScope tags plugin-bundled files by checking
basePath instead of the file's own path, so scope:'plugin' is effectively dead
for a ~/.claude-rooted scan. Fixing it would let every scanner trust the scope
field, but that is a discovery-layer change beyond this bug's scope.
2026-06-26 17:24:08 +02:00
..
agents feat(humanizer): update agent system prompts [skip-docs] 2026-05-01 19:53:59 +02:00
commands feat(humanizer): update action command templates [skip-docs] 2026-05-01 19:50:47 +02:00
fixtures fix(acr): CPS ignores fenced/inline code + CC-stable path vars (M-BUG-7) 2026-06-26 12:45:14 +02:00
helpers feat(scanner): add AGT agent-listing always-loaded budget finding (v5.9 B1) 2026-06-23 15:02:59 +02:00
hooks feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
knowledge fix(tokens): refresh stale "Opus 4.7" framing to model-neutral + Opus 4.8 anchor 2026-06-18 15:27:36 +02:00
lib fix(acr): SET typo-gates unknown-key false positives (M-BUG-10) 2026-06-26 15:15:14 +02:00
scanners fix(acr): conflict-detector segregates plugin-bundled configs (M-BUG-2) 2026-06-26 17:24:08 +02:00
scenarios feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
snapshots feat(scanner): add AGT agent-listing always-loaded budget finding (v5.9 B1) 2026-06-23 15:02:59 +02:00
json-backcompat.test.mjs feat(ost): v5.6 C — output-style scanner (CA-OST, count 13→14) 2026-06-20 21:02:44 +02:00
lint-default-output.mjs feat(humanizer): forbidden-words lint runner + test wrapper (SC-3) [skip-docs] 2026-05-01 18:11:15 +02:00
lint-forbidden-words.json feat(humanizer): forbidden-words data file (tier1/2/3) 2026-05-01 16:53:37 +02:00
raw-backcompat.test.mjs feat(ost): v5.6 C — output-style scanner (CA-OST, count 13→14) 2026-06-20 21:02:44 +02:00
scenario-read-test.mjs feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
scenario-read-test.test.mjs feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 2026-05-01 18:16:23 +02:00
snapshot-default-output.test.mjs test(snapshots): make byte/snapshot tests hermetic + re-seed baseline 2026-06-18 12:26:00 +02:00