Hver /security <cmd> som produserer rapport printer nå en klikkbar
file://-lenke til en self-contained HTML-versjon. Levert over fem
sesjoner; sesjon 5 wirer de 14 resterende skill-filene + slipper
v7.7.0 (versjonsbump + docs).
Sesjon-historikk:
- Sesjon 1 (0dc7ff4) — playground katalog list-view + builder-pane med
copy-knapp på alle 18 rapporter
- Sesjon 2 (86d6ecd) — playground prosjekt-surface opprydding
(stub-screen + topbar-splitt)
- Sesjon 3 (fa5fb48) — extract 18 inline parsers + 18 inline renderers
fra playground til canonical ESM-modul scripts/lib/report-renderers.mjs
(playground beholder bit-identisk inline-kopi siden ESM import ikke
fungerer fra file://)
- Sesjon 4 (db80854) — ny zero-dep CLI scripts/render-report.mjs
(stdin/file/stdout-modus, kebab→camel commandId-routing, ~140 KB
self-contained HTML med 6 inlined DS-stylesheets + lokal .report-table,
absolutte file://-paths for Ghostty cmd-click). 4 skills wired:
scan, audit, posture, deep-scan.
- Sesjon 5 (denne) — 14 resterende skills wired: plugin-audit, mcp-audit,
mcp-inspect, ide-scan, supply-check, dashboard, pre-deploy, diff,
watch, registry, clean, harden, threat-model, red-team. Hver skill-fil
har nå en HTML Report-step som instruerer Claude å skrive markdown
verbatim, kjøre CLI, og appende klikkbar file://-lenke til respons.
Release-arbeid:
- Versjonsbump v7.6.1 → v7.7.0 i 6 plugin-filer + 2 rot-filer
(package.json, .claude-plugin/plugin.json, README badge, CLAUDE.md
header + state-seksjon, docs/version-history.md, plugin Recent versions-
tabell, rot README plugin-entry, rot CLAUDE.md plugin-katalog)
- CHANGELOG [7.7.0] med full historikk fra sesjon 1-5
- docs/version-history.md v7.7.0-seksjon
Verifisert:
- 18/18 commandIds i CLI gir > 138 KB self-contained HTML
- 1819/1820 tester grønne (pre-compact-scan-perf-flake fyrte under last,
passerer i isolasjon på 1582 ms — pre-eksisterende, defer til v7.7.x)
- 18/18 skill-filer har HTML Report-step
- Ingen kildefil-treff på 7.6.1 utenfor historiske changelog/version-
history/README releases-tabell
Ingen scanner- eller hook-atferdsendringer — purely additive surface.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Closes A3 of v7.1.0 critical-review patch. Each rewrite preserves the underlying
claim where it is accurate but removes hype/overreach language. Historical
CHANGELOG/README version-table rows are intentionally left as-is (they document
what was claimed at the time of release, not what is true today).
Changes (CLAUDE.md, commands/ide-scan.md, knowledge/mitigation-matrix.md,
docs/security-hardening-guide.md):
- "Trustworthy scoring (BREAKING)" → "Severity-dominated risk scoring
(v2 model, BREAKING)". Removes hype framing; describes the actual mechanism.
- "Context-aware entropy scanner" → "Rule-based entropy scanner with
file-extension skip, 8 line-level suppression rules, and configurable policy".
No ML/context inference; just rules.
- "1487 tests" → "1511 unit and integration tests; mutation-testing coverage
not published". Updated count after A1+A2 (+24) and added qualifier.
- "Fully Schrems II compatible" → "Schrems II compatible in default offline
mode. Optional OSV.dev enrichment (`supply-chain-recheck --online`)
transmits package identifiers to a Google-operated API and is a separate
compliance consideration." Acknowledges the OSV.dev opt-in caveat.
- "Rule of Two enforcement" → "Rule of Two detection (configurable; default
warn; blocks on high-confidence trifectas in opt-in `block` mode; distributed
trifectas detected but not blocked by default)". "Enforcement" implied
block; default is warn.
- "Hardened ZIP extractor" → suffix " — no fuzz-testing results published
to date". Caps and class-of-attacks rejected are accurate; absence of
formal fuzz coverage now stated.
- "defense-in-depth" — preserved as framing, but quantified in
security-hardening-guide §4: "three independent detection layers with
documented bypass classes". Each layer named, each layer's known bypasses
pointed to (critical-review §4 evasion arsenal).
Tests: 1511/1511 green (no behavioural change).
Pre-installation verification of VS Code extensions via URL — fetch a remote
VSIX, extract it in a hardened sandbox, and run the existing IDE scanner
pipeline against it. No npm dependencies.
Sources:
- VS Code Marketplace (publisher.gallery.vsassets.io direct download)
- OpenVSX (open-vsx.org official API)
- Direct .vsix HTTPS URLs
Defenses:
- HTTPS-only, TLS verified, manual redirect with per-source host whitelist
- 30s total timeout via AbortController
- 50MB compressed cap, 500MB uncompressed, 100x expansion ratio
- Zero-dep ZIP extractor: zip-slip, absolute paths, drive letters, NUL bytes,
symlinks (Unix mode 0xA000), depth limits, ZIP64 rejected, encrypted rejected
- SHA-256 streamed during fetch, surfaced in meta.source
- Temp dir cleanup in all paths (try/finally)
Files:
- scanners/lib/vsix-fetch.mjs (HTTPS fetcher, host whitelist, streaming SHA-256)
- scanners/lib/zip-extract.mjs (zero-dep parser with hardening caps)
- knowledge/marketplace-api-notes.md (endpoint reference)
- 3 test files (48 tests added: vsix-fetch, zip-extract, ide-extension-url)
Tests: 1296 → 1344 (all green).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
