Harden CI installs against supply-chain lifecycle hooks

docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-15.md

@@ -34,12 +34,12 @@ Run these from `everything-claude-code` unless a row says otherwise.
 | AgentShield PRs/issues | GitHub connector and `gh` readback | 0 open PRs; 0 open issues |
 | ECC Tools PRs/issues | Local `gh pr list` and `gh issue list` | 0 open PRs; 0 open issues |
 | Discussion baseline | GraphQL discussion sweep | Main repo #1923 marked answered; no answerable Q&A missing an answer |
-| Supply-chain IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --root <ECC-workspace> --home` | Passed; 1241 files inspected |
+| Supply-chain IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --root <ECC-workspace> --home` | Passed; repo/home targeted scan inspected 200 files after clean no-script reinstall |
 | IOC unit tests | `node tests/ci/scan-supply-chain-iocs.test.js` | 15/15 passed |
 | Dead-man switch persistence sweep | Process, LaunchAgent, and known payload filename sweep for Mini Shai-Hulud markers | No matches |
-| Workflow security gate | `node scripts/ci/validate-workflow-security.js` | Passed; 8 workflow files inspected |
+| Workflow security gate | `node scripts/ci/validate-workflow-security.js` | Passed; 8 workflow files inspected; package-manager test installs disable lifecycle scripts and no Actions cache use remains |
 | Supply-chain watch workflow | `.github/workflows/supply-chain-watch.yml` | Scheduled every 6 hours; emits `supply-chain-ioc-report.json` |
-| npm signatures and audit | `npm audit signatures && npm audit --audit-level=moderate` in main, AgentShield, ECC Tools | 0 vulnerabilities in each checked package |
+| npm signatures and audit | `npm audit signatures && npm audit --audit-level=high` in main | 213 verified signatures, 17 verified attestations, 0 high vulnerabilities |
 
 ## Prompt-To-Artifact Checklist
 

docs/security/supply-chain-incident-response.md

@@ -126,8 +126,10 @@ If ECC or a maintainer machine installed a known-bad package version:
      keys, and local `.npmrc` tokens;
    - any MCP, plugin, or harness credentials available in environment variables
      or user-scope config.
-6. Purge GitHub Actions caches for affected repositories.
-7. Reinstall from a clean environment with `npm ci --ignore-scripts` first.
+6. Purge GitHub Actions dependency caches for affected repositories.
+7. Reinstall from a clean environment with lifecycle scripts disabled first:
+   `npm ci --ignore-scripts`, `pnpm install --ignore-scripts`,
+   `yarn install --mode=skip-build`, or `bun install --ignore-scripts`.
 8. Re-enable lifecycle scripts only after the dependency tree and package
    versions are pinned to known-clean releases.
 
@@ -136,7 +138,9 @@ If ECC or a maintainer machine installed a known-bad package version:
 ECC enforces these rules through `scripts/ci/validate-workflow-security.js`:
 
 - privileged workflows must not checkout untrusted PR refs;
-- workflows with write permissions must use `npm ci --ignore-scripts`;
+- all workflow dependency installs must disable lifecycle scripts;
+- workflows must not restore or save shared GitHub Actions dependency caches
+  during active supply-chain hardening;
 - workflows with `id-token: write` must not restore or save shared dependency
   caches;
 - workflows that run `npm audit` must also run `npm audit signatures`;