Reword the v7.8.0 release notes to refer to the scanners as TRG/SIG/AST only; the internal codename is removed from CHANGELOG, CLAUDE.md, README, the version-history section, and STATE. No behaviour or version change.
46 lines
3 KiB
Markdown
46 lines
3 KiB
Markdown
# STATE — llm-security
|
||
|
||
**Active focus:** Removing an internal codename from Forgejo (operator request) — a full
|
||
git history-rewrite + force-push, in progress this session. v7.8.0 itself is RELEASED; the
|
||
security-fix track (F-1/F-2/F-3) + the TRG/SIG/AST scanners are ALL DONE. Only loose end =
|
||
**F-4 (optional, LOW)**, still open.
|
||
|
||
## Codename scrub (THIS session — operator: "must not appear anywhere on Forgejo")
|
||
- Tip prose reworded by hand (CHANGELOG, CLAUDE.md, README, docs/version-history.md, STATE.md).
|
||
- Two `docs/plans/` docs (a gap-analysis + its trekplan, both named after the codename)
|
||
deleted from ALL history via `git filter-repo --invert-paths` (the matching `.html`
|
||
render was git-ignored — deleted locally only). Their whole subject was the external
|
||
reference tool, so they were removed rather than scrubbed in place.
|
||
- Leftover historical blobs + 2 commit messages (the gap-analysis docs commit + the v7.8.0
|
||
release-commit body) scrubbed via filter-repo `--replace-text`/`--replace-message`
|
||
(`(?i)<codename> ==> TRG/SIG/AST`).
|
||
- Backup before rewrite: `/tmp/llm-security-pre-scrub-backup.bundle` (all refs; pre-scrub
|
||
HEAD `d11de9a`). origin = Forgejo `open/llm-security`; force-push required after rewrite.
|
||
|
||
## What shipped (DONE — do NOT re-derive)
|
||
- **v7.8.0 release — Session C. DONE** (pure version-sync; no production code). Bumped
|
||
7.7.2 → 7.8.0 across `.claude-plugin/plugin.json`, `package.json`, `README.md` badge,
|
||
`CLAUDE.md` header + range sentinel; CHANGELOG `[7.8.0]`, version-history section, README
|
||
"Recent versions" row, CLAUDE.md highlights added. Release gate: `node --test` 1863/0.
|
||
- **TRG/SIG/AST scanners — Steps 1–7. DONE** (`54115a9`..`d19abf0`, SHAs change after rewrite).
|
||
Three deterministic deep-scan scanners: `scanners/trigger-scanner.mjs` (TRG, LLM06/AST04),
|
||
`scanners/signature-scanner.mjs` (SIG, rules `knowledge/signatures.json`, LLM03/LLM02),
|
||
`scanners/ast-taint-scanner.mjs` (AST, parse-only `scanners/lib/py-ast-taint.py` + regex
|
||
fallback, LLM01/LLM02/AST02). Wired into orchestrator + policy; prefixes in `output.mjs`.
|
||
- **Security-fix track — F-1/F-2/F-3 + F-5/F-6. DONE** (Sessions A+B). All shell-injection /
|
||
path-traversal sinks closed. Brief: `docs/security-fix-brief-2026-06-20.md`.
|
||
|
||
## Still open (optional only)
|
||
- **F-4 — optional, LOW** (by-design MCP spawn; confirm-gate is a judgment call). NOT required.
|
||
- Residual gap (inline in F-2 fix): prefix containment in `auto-cleaner.mjs` does not stop a
|
||
symlink inside the tree pointing out. Known, accepted.
|
||
|
||
## COLD START (next session)
|
||
1. `pwd` + `git status`. Confirm the force-pushed history is on `origin/main` and that
|
||
`git grep -i <codename> $(git rev-list --all)` is empty.
|
||
2. No active task queued (assuming the scrub completed). Options: F-4 confirm-gate if wanted,
|
||
or a new direction. Do NOT invent scope — ask.
|
||
|
||
## Continuity notes
|
||
- origin = Forgejo `open/llm-security` (never GitHub). Push window: weekdays 20:00–23:00;
|
||
weekends/holidays anytime.
|