From a9c8c3ed76d01dbe59d308238f7984981c648340 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sun, 17 May 2026 17:59:17 -0400 Subject: [PATCH] docs: refresh rc1 evidence after security recheck --- ...operator-readiness-dashboard-2026-05-17.md | 10 +++++----- .../publication-evidence-2026-05-17.md | 20 ++++++++++--------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md b/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md index 04f4d225..9b9533fa 100644 --- a/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md +++ b/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md @@ -2,8 +2,8 @@ This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval. -Generated: 2026-05-17T21:56:22.061Z -Commit: 36d390aa7d733d458963a203b91998d3aec477b2 +Generated: 2026-05-17T21:57:47.582Z +Commit: e6c16b40b80b3b323586c9e8341faa87c01a728c Status: work remaining ## Current Status @@ -13,8 +13,8 @@ Status: work remaining | PR queue | Current | 0 open PRs across tracked repos | | Issue queue | Current | 0 open issues across tracked repos | | Discussions | Current | 0 need maintainer touch; 0 missing accepted answer | -| Local worktree | Needs work | 1 blocking dirty files; 1 ignored dirty entries | -| Dashboard generation | Needs work | platform audit ready: false; GitHub skipped: false | +| Local worktree | Current | 0 blocking dirty files; 1 ignored dirty entries | +| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false | | Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below | ## Prompt-To-Artifact Checklist @@ -34,7 +34,7 @@ Status: work remaining | Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release | | Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync and project progress snapshot are current; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch | | Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates | -| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; ITO-57 has May 17 Linear evidence updates | repeat advisory/source refresh and Linear sync after each significant supply-chain batch | +| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; ITO-57 has May 17 Linear evidence updates | repeat advisory/source refresh and Linear sync after each significant supply-chain batch | ## Top Actions diff --git a/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md b/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md index 9c9d4662..4bf22614 100644 --- a/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md +++ b/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md @@ -7,10 +7,10 @@ npm publication, plugin tag, marketplace submission, or announcement post. | Field | Evidence | | --- | --- | -| Upstream main | `27dc2918a24a50b8dd5e23dba2aa6a05bd17c0d7` | +| Upstream main | `e6c16b40b80b3b323586c9e8341faa87c01a728c` | | Git remote | `https://github.com/affaan-m/everything-claude-code.git` | -| Evidence scope | Current `main` after the Japanese localization and Dependabot merge batch, post-merge ja-JP markdown anchor repair, Zed install-target support, Mini Shai-Hulud/TanStack protection recheck, AgentShield policy-promotion Action output mirror, ECC-Tools hosted promotion judge audit-trace mirror, ECC-Tools billing announcement preflight mirror, ECC-Tools production Marketplace readback-state mirror, legacy-tail dashboard routing, Linear progress readiness, and the deterministic preview-pack smoke gate | -| Local status caveat | `git status --short --branch` showed `## main...origin/main` plus unrelated untracked `docs/drafts/` | +| Evidence scope | Current `main` after the Japanese and Thai localization merge batch, post-merge ja-JP markdown anchor repair, Zed install-target support, Mini Shai-Hulud/TanStack protection recheck, `gh-token-monitor` token-store IOC coverage, AgentShield policy-promotion Action output mirror, ECC-Tools hosted promotion judge audit-trace mirror, ECC-Tools billing announcement preflight mirror, ECC-Tools production Marketplace readback-state mirror, legacy-tail dashboard routing, Linear progress readiness, and the deterministic preview-pack smoke gate | +| Local status caveat | `git status --short --branch` showed `## main...origin/main` plus unrelated untracked `docs/drafts/`; generated evidence files are committed after the source snapshot they describe | The actual release operator should repeat all publish-facing checks from the final release commit with a strictly clean checkout before publishing. @@ -22,7 +22,7 @@ final release commit with a strictly clean checkout before publishing. | Trunk PRs | `gh pr list --state open --limit 50 --json number,title` | 0 open PRs | | Trunk issues | `gh issue list --state open --limit 50 --json number,title` | 0 open issues | | Platform audit | `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | Ready; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing accepted answers, and 0 blocking dirty files | -| Operator dashboard | `npm run operator:dashboard -- --json --allow-untracked docs/drafts/` | Generated current dashboard for `27dc2918a24a50b8dd5e23dba2aa6a05bd17c0d7`; dashboard ready true, publication ready false because release, npm, plugin, billing, and announcement gates are approval-gated | +| Operator dashboard | `npm run operator:dashboard -- --markdown --allow-untracked docs/drafts/ --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Generated current dashboard for `e6c16b40b80b3b323586c9e8341faa87c01a728c`; dashboard ready true, publication ready false because release, npm, plugin, billing, and announcement gates are approval-gated | Tracked repositories in the platform audit were: @@ -47,6 +47,8 @@ Tracked repositories in the platform audit were: | Zed adapter commit | Pushed `2371a3cf0543365c1c18e84eba786b1abcb28941` to add project-local Zed support through the selective install target, README Zed guidance, and `.zed/settings.json` planning coverage | | Zed Windows CI fix | Pushed `744f4169972fd81618c3114ea1ca5ffb85ef4c82` to normalize the Zed install-plan source-path assertion across Windows path separators | | Discussion #1896 | Added a maintainer update confirming Zed support on `main`, documenting the dry-run command, and clarifying that BYOK/OpenRouter secrets stay in Zed/local user settings rather than ECC-managed project files | +| PR #1967 | Merged Thai localization as `6b282aaa4389e9411e86bfe09d8f4de8018dcf8e` after applying the two maintainer cleanup comments, validating markdownlint and language-switcher coverage, and approving after CodeRabbit, GitGuardian, Greptile, and cubic passed on current head | +| Supply-chain token-store scanner slice | Pushed `36d390aa7d733d458963a203b91998d3aec477b2` to detect the Mini Shai-Hulud `~/.config/gh-token-monitor/token` dead-man-switch token store, update the incident-response runbook, and add fixture coverage; local sweeps stayed clean and GitHub Actions `26003629550` passed | | Legacy-tail dashboard slice | Pushed `f397216aee5a0ca7d168726d3cc41eb47f728b37` and dashboard regeneration commits to keep localization-tail evidence attached to ITO-55 and prevent stale legacy work from being treated as release-current | | Linear progress readiness slice | Pushed `355c4f128183aa7f7ce9da9485af07d257d67f69` and dashboard regeneration commit `1a384dc5dbd24a3be725e1b26c169bddb6c850b6` to require refreshed Linear progress evidence after significant merge batches | | Preview-pack smoke slice | Pushed `3215e655eff70b9fea5382ce5996666a1f48d1af` to add `npm run preview-pack:smoke`, covering preview-pack artifacts, Hermes import boundaries, verification commands, and approval-gated publication blockers; lint and dashboard follow-up commits landed through `27dc2918a24a50b8dd5e23dba2aa6a05bd17c0d7` | @@ -68,9 +70,9 @@ Tracked repositories in the platform audit were: | Harness audit | `node scripts/harness-audit.js --format json` | 70/70, no top actions | | Observability readiness | `npm run observability:ready -- --format json` | 21/21, ready yes | | Workflow security | `node scripts/ci/validate-workflow-security.js` | Validated 8 workflow files | -| Supply-chain IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --home` | Passed; 200 files inspected, including user-level persistence targets | +| Supply-chain IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --root /Users/affoon/GitHub --home --json`; `node scripts/ci/scan-supply-chain-iocs.js --root /Users/affoon/Documents/GitHub --home --json` | Passed; each workspace sweep inspected 1,879 files with 0 findings, including user-level persistence targets | | npm audit | `npm audit --audit-level=high` | 0 vulnerabilities | -| npm signatures | `npm audit signatures` | 213 verified registry signatures; 17 verified attestations | +| npm signatures | `npm audit signatures` across `agentshield`, `everything-claude-code`, `ECC-Tools`, `ECC-website`, and `JARVIS/frontend` | Passed across the primary ECC Node package roots | | Preview-pack smoke | `npm run preview-pack:smoke` | Passed; ready yes; digest `dfb1ed014607`; 5 checks passed and 0 failed | | AgentShield enterprise CI output slice | AgentShield local `npm run build`, focused action tests, `npm run typecheck`, `npm run lint`, full `npm test`, and `git diff --check`; GitHub Actions `25994354007`, `25994354011`, `25994354026` | Local gates passed; remote CI, Test GitHub Action, and Self-Scan completed successfully for `1124535` | | AgentShield policy-promotion Action output slice | AgentShield local `npm run build`, `npx vitest run tests/action-promotion.test.ts tests/action.test.ts`, `npm run typecheck`, `npm run lint`, full `npm test`, and `git diff --check`; GitHub Actions `25995929182`, `25995929190`, `25995929161` | Local gates passed; remote CI, Test GitHub Action, and Self-Scan completed successfully for `1593925` | @@ -79,9 +81,9 @@ Tracked repositories in the platform audit were: | ECC-Tools hosted promotion judge audit trace slice | ECC-Tools local focused vitest checks for hosted model-judge audit traces, `npm run typecheck`, `npm run lint`, full `npm test`, and `git diff --check`; GitHub Actions `25997840703` | Local gates passed; remote CI completed successfully for `05d4e82` | | ECC-Tools billing announcement preflight slice | ECC-Tools local focused vitest preflight tests, `npm run typecheck`, `npm run lint`, full `npm test`, and `git diff --check`; GitHub Actions `25998238507` | Local gates passed; remote CI completed successfully for `91a441b` | | ECC-Tools production Marketplace readback-state slice | ECC-Tools local `npm test` and `git diff --check`; Cloudflare `wrangler secret list` confirmed `INTERNAL_API_SECRET` exists by name; `wrangler kv key list` for `account-billing:` and `billing-state:` both returned empty lists; GitHub Actions `25998610438` | Local gates passed; remote CI completed successfully for `eb69412`; live announcement remains blocked until Marketplace purchase/webhook records populate KV | -| GitHub queues | `gh pr list`; `gh issue list`; `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing accepted answers, 0 GitHub fetch errors, and platform audit ready across the tracked repo set | -| Operator dashboard | `npm run operator:dashboard -- --json --allow-untracked docs/drafts/` | Dashboard generated for `27dc2918a24a50b8dd5e23dba2aa6a05bd17c0d7` with platform ready true, dashboard ready true, and macro publication gates still incomplete | -| GitHub Actions CI | `gh run watch 26000918211 --repo affaan-m/everything-claude-code --exit-status` | Completed successfully for `27dc2918a24a50b8dd5e23dba2aa6a05bd17c0d7`, including Validate Components, Lint, Security Scan, Coverage, and the full OS/Node/package-manager matrix | +| GitHub queues | `gh pr list`; `gh issue list`; `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing accepted answers, 0 GitHub fetch errors, and platform audit ready across the tracked repo set after generated evidence is committed | +| Operator dashboard | `npm run operator:dashboard -- --markdown --allow-untracked docs/drafts/ --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Dashboard generated for `e6c16b40b80b3b323586c9e8341faa87c01a728c` with platform ready true, dashboard ready true, and macro publication gates still incomplete | +| GitHub Actions CI | `gh run watch 26003629550 --repo affaan-m/everything-claude-code --exit-status` | Completed successfully for `36d390aa7d733d458963a203b91998d3aec477b2`, including Validate Components, Lint, Security Scan, Coverage, and the full OS/Node/package-manager matrix | ## Current Publication Blockers