Skip to content

fix: audit fixes — 9 issues resolved#82

Merged
KryptosAI merged 1 commit intomainfrom
fix/audit-fixes
Mar 23, 2026
Merged

fix: audit fixes — 9 issues resolved#82
KryptosAI merged 1 commit intomainfrom
fix/audit-fixes

Conversation

@KryptosAI
Copy link
Copy Markdown
Owner

@KryptosAI KryptosAI commented Mar 23, 2026

Summary

Addresses all 9 issues from codebase audit:

Critical (3)

  • MCP server tools: Added lock_verify, get_history, ci_report to MCP server mode — AI agents can now access all features
  • Telemetry wiring: All 15 enrichment fields now actually sent by lock/history/ci-report/scan commands
  • Matrix comment: renderMatrixComment() now callable via scan --format pr-comment-matrix

High (3)

  • Score dedup: Added sync warning comments in both src/score.ts and api/src/worker.ts
  • README: Documented lock, history, ci-report, badge, score commands + Action inputs (targets, set-status)
  • CLI tests: 5 new integration tests for lock, history, ci-report commands

Medium (3)

  • Security tests: 10 new tests for validateArgs() and validatePath() (injection + traversal)
  • GitHub App: Added "planned feature" status note to README
  • Magic numbers: Added rationale comments to scoring weights, performance thresholds, telemetry timeout

Stats

  • 13 files changed, +319 lines
  • 15 new tests (302 total, all passing)
  • Build + lint clean

Test plan

  • npm run build — clean
  • npm run lint — clean
  • npx vitest run — 302/302 pass
  • CI validates on push

🤖 Generated with Claude Code

@KryptosAI @claude
fix: audit fixes — MCP tools, telemetry, matrix wiring, docs, tests
137da25 
Addresses 9 issues from codebase audit:

Critical:
- Expose lock_verify, get_history, ci_report as MCP server tools
- Wire telemetry enrichment fields into lock/history/ci-report/scan commands
- Wire matrix comment renderer into scan --format pr-comment-matrix

High:
- Add score dedup sync comments between src/score.ts and api/worker.ts
- Update README with lock, history, ci-report, badge, score commands
- Add 5 CLI integration tests for lock, history, ci-report commands

Medium:
- Add 10 security tests for validateArgs/validatePath
- Add status note to github-app/README.md
- Add rationale comments to scoring weights and performance thresholds

302/302 tests pass. Build and lint clean.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@KryptosAI KryptosAI merged commit e3d3c13 into main Mar 23, 2026
1 of 2 checks passed
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 23, 2026

🎉 This PR is included in version 0.20.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KryptosAI