Morgan Westlee Lunt 3b9df61600
code-modernization: fix findings from adversarial audit
Code/security:
- extract-rules.js: guard null agent() verdicts in the verify + P0 loops
  (a skipped/dead referee made {rule,v:null} survive .filter(Boolean) and
  then crashed on v.injectionSuspected / v.every) — sibling scripts already
  had the guard.
- topology viewer XSS: the map injector embedded untrusted JSON (node names
  from filenames, etc.) into a <script> island unescaped — a name containing
  </script> executed on open. Escape < > & in the injected data and add a CSP
  to the template.
- Second-order injection: citation/identifier fields (source / cwe /
  source_site / correctedSource) were interpolated UNFENCED into the verifier
  prompts that are supposed to be the trust anchor. Fence them in
  extract-rules, harden-scan, uplift-deltas.

uplift design (audit of the new feature):
- Working-copy model: copy the WHOLE solution to modernized/ once and edit in
  place (relative project refs survive; result is a reviewable git diff) —
  the incremental per-project copy broke multi-project builds.
- Dual-run honesty: reframed as 'if both runtimes run here' (net48 needs
  Windows; JUnit/pytest don't multi-target); dummy-test gate now binds a real
  SUT under both targets; per-stack harness notes.
- Tooling honesty: present/runnable/actually-ran distinction; never fold in a
  tool that couldn't run; apiport/2to3 demoted; py2->3 removed from 'preserve'
  examples.
- Delta classes: name the high-blast-radius landmines (JPMS strong
  encapsulation, .NET trimming/AOT, ICU globalization, hosting/runtime-config,
  analyzer/nullable) in the finder briefs + agent.
- Rewrite-vs-uplift signal: weigh by touched sites (siteCount), not delta-card
  count; judgment-share demoted to secondary.

Docs/consistency: brief reads topology.json (not TOPOLOGY.html); README
'five commands'; credential-masking claim split (analysts mask+cite vs
code-writers substitute fakes); read-only/write-scope claims softened to
match enforcement (Bash retained -> discipline, not tool-lock); reimagine
nested blockers/pendingRuleIds; status splits transform vs reimagine markers;
portfolio enumeration basenames; plugin.json description updated.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 23:31:52 +00:00

2.5 KiB

description argument-hint
Where am I in the modernization workflow — artifact inventory, staleness, secrets hygiene, next step <system-dir>

Report where the modernization of $1 stands, in one screen. This is a read-only command — inspect, never modify.

1 — Artifact inventory

Check analysis/$1/ and modernized/$1*/ and build a table — one row per workflow stage, with the artifact's presence and modification time:

Stage Artifacts
preflight PREFLIGHT.md
assess ASSESSMENT.md, ARCHITECTURE.mmd
map topology.json, TOPOLOGY.html, *.mmd, extract_topology.*
extract-rules BUSINESS_RULES.md, DATA_OBJECTS.md
brief MODERNIZATION_BRIEF.md (note whether the approval block is signed)
harden SECURITY_FINDINGS.md, security_remediation.patch
uplift DELTA_CATALOG.md; modernized/$1/UPLIFT_NOTES.md (note per-project: builds on target? baseline reproduced?)
transform each modernized/$1/<module>/ dir — note test presence and whether TRANSFORMATION_NOTES.md exists
reimagine modernized/$1-reimagined/ — note per-service acceptance tests and the CLAUDE.md handoff (reimagine's completion markers; it does NOT write TRANSFORMATION_NOTES.md)

2 — Staleness

Flag any artifact older than an upstream artifact it derives from:

  • MODERNIZATION_BRIEF.md older than ASSESSMENT.md, topology.json, or BUSINESS_RULES.md → the brief no longer reflects discovery; recommend re-running /modernize-brief.
  • TOPOLOGY.html older than topology.json → re-run the injection step from /modernize-map.
  • Any TRANSFORMATION_NOTES.md older than BUSINESS_RULES.md → the module may not implement the latest rule set; list which.

3 — Secrets hygiene

  • Does analysis/.gitignore exist and cover SECRETS.local.md / *.local.patch? (git check-ignore when in a git repo.)
  • If SECRETS.local.md exists: confirm it is NOT tracked (git ls-files --error-unmatch, expect failure) and has never been committed (git log --all --oneline -- <path>, expect empty). If either check fails, say so prominently and recommend rotation plus history scrubbing.

4 — Verdict

End with three lines:

  • Where you are — the furthest completed stage and roughly how much of the system it covers (e.g. "mapped 100%, 2 of 14 modules transformed").
  • What's stale — or "nothing".
  • Next command — the single most useful next step, with a one-line reason.