feat: 2026-05-27 research-driven update sweep (5 surface plugin + 9th audit check + supply-chain card)#47
Merged
Conversation
Five aligned changes driven by primary-source research (Anthropic / OpenAI /
Google / Vercel / Cloudflare / npm changelogs + X timelines, 2026-02-26
through 2026-05-27):
1. .claude-plugin/plugin.json + marketplace.json
Bump 0.3.0 → 0.4.0 (latent drift; manifest.json and server.json were
already at 0.4.0). Description updated to surface slash commands +
audit primitives. Keywords expanded with audit / release /
publish-drift / supply-chain-security.
2. .claude-plugin/commands/{scaffold,audit-release,audit-cd,audit-security,graduate}.md
Five slash commands so the `/plugin` Discover screen (Claude Code
v2.1.145+) shows a rich preview before install. Each command has
frontmatter description + invocation pattern, and `/audit-security`
explicitly positions itself as complementary to Anthropic's in-session
`claude-security-guidance` plugin (released 2026-05-26) and the
post-PR `claude-code-security-review` Action.
3. audit_security 9th check — claude-security-guidance
Detects `claude-security-guidance.md` at repo root (and the
`.claude-security-guidance.md` / `.claude/security-guidance.md`
variants). Recommendation explicitly frames the three layers
(in-session guard / PR diff review / repo-level static audit) as
complementary. Enum source-of-truth in src/mcp-schemas.ts updated.
Three new tests covering the present / missing / alt-path cases.
4. Graduation guide (EN + KO)
Narrative shift from "escape platform lock-in" → "vendor diversity"
to reflect 2026-05 reality where Vercel (bio: "Agentic Infrastructure
for apps and agents"), Cloudflare (Claude Managed Agents + voice
SDK), and Netlify are all evolving into agentic infra. Added
Cloudflare Workers agent runtime row in the target-mapping table
with a note pointing at the docker-deploy adapter path until a
dedicated `cloudflare-workers-agent` starter exists. EN/KO heading
counts kept aligned (CI gate from PR #42).
5. README "Supply-chain security pre-wired" card (EN + KO)
Explicit list of the 9 supply-chain / CI security checks every
Starter Series template ships with. Cross-referenced with the
2026-04-21 Vercel npm supply-chain incident as a real-world
timeliness signal.
6. publish.yml: drop --provenance
npm trusted publishing has auto-generated and signed provenance
attestations since 2025-07 GA. The explicit `--provenance` flag is
redundant — published behavior is identical, the flag is just stale
signal. The .mcpb bundle keeps its separate SLSA attestation via
actions/attest-build-provenance (PR #38).
What this update does NOT touch (intentional):
- AI coding agent territory (Claude Code, Codex, Antigravity 2.0 are
the 3-way contest; the Starter Series is scaffold + audit + graduation,
not yet-another-AI-coding-agent).
- mcp-server-starter / python-mcp-server-starter (Anthropic acquired
Stainless 2026-05-18, framed as the "SDK and MCP server platform" —
treat the MCP server scaffolder slot as Anthropic-occupied; refocus
the two starters on the OIDC publish pipeline differentiator in a
separate per-repo session).
- Cross-cutting supply-chain-security messaging across the other 11
starter repos + landing-page (deferred to a separate session).
Verification:
- npm run build (tsc) passes
- npm test: 96/96 (added 4 new tests for claude-security-guidance + alt paths)
- npm run lint (tsc --noEmit) passes
- EN/KO heading parity: README 16↔16, graduation guide 10↔10
- Self-audit: node dist/index.js audit-security . correctly reports
claude-security-guidance as MISSING for this repo (and adds the
in-session-guard recommendation copy)
… tool Addresses all 11 findings from extra-high-recall /code-review on the initial PR #47 commit, and converts the previously template-only claude-security- guidance check into an actionable Skill/MCP via the new seed_security_guidance tool. == /code-review fixes == #1 + #2 (manifest description sync + graduate.md tool-call pattern) - manifest.json description + long_description now match plugin.json's "Scaffold and audit Starter Series projects — slash commands, skill, MCP server, and CLI with release/CD/security audit primitives" framing. Claude Desktop catalog no longer hides the audit primitives. - .claude-plugin/commands/graduate.md rewritten to use the explicit "Call the `audit_release` MCP tool with `path` ..." pattern shared by the other 4 commands. Removes the risk that Claude Code treats the graduate workflow as descriptive prose instead of tool calls. Adds seed_security_guidance as a new step 5. #3 + #4 (Windows path.relative + verdict treats guidance as optional) - checkClaudeSecurityGuidance now uses path.relative(repoPath, p) for evidence strings. On Windows, the previous p.replace(repoPath + "/", "") silently no-op'd because the separator is backslash. POSIX behavior unchanged. - SecurityCheckResult gains an optional `optional?: boolean` field, set true for claude-security-guidance. The verdict aggregator now counts only CORE missing/partial (non-optional) checks — a repo with every CI primitive present stays HARDENED even when the user hasn't yet written claude-security-guidance.md. The 9th check is still surfaced in `issues` so the user sees the recommendation. #5 + #11 (graduation narrative + Cloudflare Workers concrete path) - Removed "universal escape hatch" (line 227 EN / 224 KO) and softened "stop paying token costs" (line 17 EN / 15 KO) to match the "vendor diversity" intro framing. EN/KO heading parity preserved (16↔16 / 10↔10). - Cloudflare Workers row note: vague "hand-write a Wrangler config" pointer replaced by two concrete paths — (a) drop-in wrangler.toml snippet + wrangler deploy step, and (b) container path via existing docker-deploy-starter. Trade-offs noted. #6 + #9 (schema exhaustiveness + test length assertion) - src/mcp-schemas.ts: added a compile-time exhaustiveness gate `[Exclude<SecurityCheckName, …>] extends [never] ? true : never`. A future SecurityCheckName value not added to securityCheckNameValues now produces a tsc error instead of silently passing the satisfies check. - tests/audit-security.test.ts: added assert.equal(r.checks.length, 9) in the "flags all primary checks missing" test and a new optional-aggregator test that drives a HARDENED verdict despite claude-security-guidance being absent. #7 + #8 + #10 (version sync gate + publishConfig.provenance + scaffold quote) - publish.yml's single server.json version check expanded into a 3-file parity loop (server.json + manifest.json + .claude-plugin/plugin.json all compared against package.json). Drift between any of the four manifests now fails publish. - package.json: added publishConfig.provenance: true as belt-and- suspenders if npm changes its auto-provenance heuristic. Also synced package.json#description with plugin.json's polished phrasing. - .claude-plugin/commands/scaffold.md: quoted the argument-hint value so strict YAML parsers don't trip on <id> angle brackets. == New: seed_security_guidance == The 9th audit check now has an actionable counterpart instead of just checking for the file's presence. src/seed-security-guidance.ts (new, ~180 lines) - seedSecurityGuidance({ repoPath, force }) generates a starter claude-security-guidance.md at the repo root, tailored to the detected Starter Series template via extractStarterSignals. - Content layout: universal rules (no eval, no string-concat SQL, no .env commit, OIDC trusted publishing, etc.) + starter-specific section selected from a table covering all 11 Starter Series templates + "How this file gets used" footer explaining the three-layer security posture (in-session guard / PR review / repo-level audit). - Defaults to status=exists when the file already exists; force: true overwrites. src/index.ts - Registered as the 6th MCP tool `seed_security_guidance` with seedSecurityGuidanceOutputShape for structured-content support. src/cli.ts - New `create-starter seed-security-guidance [path] [--force]` subcommand. Separate dispatcher (not the audit subcommand helper) because of the extra --force flag. .claude-plugin/commands/seed-security-guidance.md - 6th slash command. Follows the "Call the `X` MCP tool with ..." pattern. Includes positioning section explaining the three-layer posture. src/mcp-schemas.ts - seedSecurityGuidanceOutputShape (repoPath, filePath, matchedStarter, status enum, bytesWritten, relativePath). manifest.json - Added the 6th tools entry so Claude Desktop catalog surfaces seed_security_guidance alongside the audit primitives. tests/mcp-server.test.ts - tools/list contract test updated to expect 6 tools. == Verification == - npm run build (tsc) passes - npm test: 97/97 (was 96/96; +1 for the optional-aggregator test; the new tools/list count expectation; the length-assertion in the primary-checks-missing test) - npm run lint (tsc --noEmit) passes - EN/KO heading parity: README 16↔16, graduation guide 10↔10 - Self-audit: HARDENED 8 present / 0 partial / 1 missing (the missing one is the optional claude-security-guidance, which no longer downgrades the verdict) - Dogfood: seed_security_guidance on a fresh mcp-server repo correctly emits a 2584-byte starter file with the mcp-server-specific section; subsequent audit_security flips the check to PRESENT.
…ies) CI started failing on 2026-05-27 with two fresh moderate+ advisories both transitive through dependencies we don't directly import: qs <= 6.15.1 (GHSA-q8mj-m7cp-5q26, moderate) via @modelcontextprotocol/sdk → express → qs fix: bump to 6.15.2 (the patched release) tmp <= 0.2.5 (GHSA-52f5-9888-hmc6 + GHSA-ph9p-34f9-6g65, both high) via @anthropic-ai/mcpb → @inquirer/prompts → @inquirer/editor → external-editor → tmp fix: bump to 0.2.7 — npm's "no fix available" message was stale; both advisories are first-patched at 0.2.4 and 0.2.6 respectively, so 0.2.7 covers both. Adding both to package.json#overrides keeps the audit-level=moderate gate on (PR #38's hardened CI posture) without resorting to --omit=dev or audit-level=high. Verified: `npm audit --audit-level=moderate` now reports "found 0 vulnerabilities" (was failing with 1 moderate + 1 high).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aligned 6-task sweep driven by 2026-05-27 primary-source research (Anthropic/OpenAI/Google/Vercel/Cloudflare/npm changelogs + verified X timelines, window 2026-02-26 → 2026-05-27).
Why
Three big signals in the last 9 days motivated each change:
/pluginDiscover screen now shows plugin's commands/agents/skills/hooks/MCP servers before install. Empty manifest = invisible card. We had Skill + MCP only.claude-security-guidance.md. Our `audit_security` didn't know about it.Changes (6 tasks, one PR)
.claude-plugin/plugin.json0.3.0 → 0.4.0 (latent drift; `manifest.json` and `server.json` were already at 0.4.0). Description + keywords updated.Out of scope (deferred to separate sessions)
Test plan
Research notes
Full reconnaissance reports (Anthropic / OpenAI / Google / Cloud-4사 / X primary sources) drove the priority ordering. The full TODO list ran 12 items; this PR ships the 6 that resolve inside `create-starter` alone. Items 7–12 (cross-cutting, multi-repo, or strategic) are deferred to dedicated sessions per repo.