config-audit/tests/fixtures
Kjell Tore Guttormsen bec3f45329 fix(permissions): param-aware DIS dead-allow + CNF conflict matching
The DIS scanner collapsed Tool(param) rules to the bare tool name, so
Agent(model:opus) deny + Agent(model:sonnet) allow (and the same for
WebFetch(domain:...)) were flagged as dead config — a false positive now
that CC 2.1.178 matches Tool(param:value) and 2.1.172 adds domain rules.
The conflict-detector shared the blind spot from the other side: a
wildcard deny like WebFetch(domain:*) did not cover a
WebFetch(domain:good.com) allow, so a genuine cross-scope conflict was
missed (false negative).

New shared scanners/lib/permission-rules.mjs:
- parseRule / paramMatches (glob)
- dominates(deny, allow) -> DIS dead-allow (deny fully covers allow)
- rulesIntersect(a, b)   -> CNF cross-scope conflict (match sets intersect)

DIS now delegates to dominates; conflict-detector :156 delegates to
rulesIntersect. A bare deny still covers all params, so true positives
are preserved (Bash deny + Bash(npm:*) allow still flagged).

Re-seeded the marketplace-medium snapshots: the false-positive CA-DIS
finding (Read(src/**) allow + Read(./.env) deny) is correctly gone. This
changes snapshot CONTENT only — envelope schema is unchanged, so --json
and --raw stay byte-stable.

Full suite: 837/837 green (+25). self-audit PASS, A(100)/A(97).
2026-06-18 13:06:20 +02:00
..
additional-dirs-many/.claude feat(config-audit): flag additionalDirectories > 2 (v5 M6) [skip-docs] 2026-05-01 06:50:24 +02:00
additional-dirs-ok/.claude feat(config-audit): flag additionalDirectories > 2 (v5 M6) [skip-docs] 2026-05-01 06:50:24 +02:00
baseline-all-a test(config-audit): add baseline-all-a fixture + grade-stability regression test 2026-04-19 22:32:40 +02:00
broken-plugin feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
broken-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
collision-plugins/fake-home/.claude feat(config-audit): cross-plugin collision scanner COL (v5 N6) [skip-docs] 2026-05-01 07:46:15 +02:00
conflict-project fix(config-audit): complete conflict-project fixture for CNF cross-scope tests 2026-04-19 22:29:46 +02:00
denied-tools-in-schema/.claude feat(config-audit): disabled-in-schema scanner DIS (v5 N4) [skip-docs] 2026-05-01 07:39:58 +02:00
fixable-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
healthy-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
hooks-quiet/hooks feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs] 2026-05-01 07:05:45 +02:00
hooks-verbose/hooks feat(config-audit): HKV flags verbose hook output (v5 M5) [skip-docs] 2026-05-01 07:05:45 +02:00
large-cascade feat(config-audit): TOK flags CLAUDE.md cascade > 10k tokens (v5 M4) [skip-docs] 2026-05-01 06:53:12 +02:00
marketplace-large test(config-audit): add marketplace-small/medium/large scanner fixtures 2026-04-19 22:36:33 +02:00
marketplace-medium test(config-audit): add marketplace-small/medium/large scanner fixtures 2026-04-19 22:36:33 +02:00
marketplace-small test(config-audit): add marketplace-small/medium/large scanner fixtures 2026-04-19 22:36:33 +02:00
mcp-budget feat(config-audit): CA-TOK-005 MCP tool-schema budget (v5 N1) [skip-docs] 2026-05-01 07:29:57 +02:00
mcp-tool-heavy chore(config-audit): allow fake node_modules in tests/fixtures (v5 M1) [skip-docs] 2026-05-01 07:02:54 +02:00
minimal-project feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
opus-47 test(config-audit): add Opus 4.7 pattern fixtures (cache, redundant, imports, sonnet-era) 2026-04-19 22:34:41 +02:00
param-conflict-project/.claude fix(permissions): param-aware DIS dead-allow + CNF conflict matching 2026-06-18 13:06:20 +02:00
param-qualified-permissions/.claude fix(permissions): param-aware DIS dead-allow + CNF conflict matching 2026-06-18 13:06:20 +02:00
readme-desynced feat(config-audit): self-audit --check-readme flag (v5 F6) [skip-docs] 2026-05-01 07:09:26 +02:00
skill-bloated/skills/bloated feat(config-audit): TOK flags skill description > 500 chars (v5 M2) [skip-docs] 2026-05-01 06:58:42 +02:00
skill-tight/skills/tight feat(config-audit): TOK flags skill description > 500 chars (v5 M2) [skip-docs] 2026-05-01 06:58:42 +02:00
small-cascade feat(config-audit): TOK flags CLAUDE.md cascade > 10k tokens (v5 M4) [skip-docs] 2026-05-01 06:53:12 +02:00
test-plugin feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
tok-active-config feat(config-audit): TOK consumes readActiveConfig (v5 F1) 2026-05-01 06:27:34 +02:00
volatile-mid-section feat(config-audit): cache-prefix stability scanner CPS (v5 N3) [skip-docs] 2026-05-01 07:37:54 +02:00