Release 0.11.0 — distribution & integration round (installer, hooks, graph enrichment, MCP HTTP)#26
Open
raccioly wants to merge 7 commits into
Open
Release 0.11.0 — distribution & integration round (installer, hooks, graph enrichment, MCP HTTP)#26raccioly wants to merge 7 commits into
raccioly wants to merge 7 commits into
Conversation
Teach any core coding agent to reach for websec-validator on a security review. Hosts: claude, codex, cursor, gemini, aider, generic (AGENTS.md). - Skill-style hosts (Claude, Cursor) get a dedicated skill/rule file. - Block-style hosts (Codex/Gemini/Aider/generic) get an idempotent marked region injected into their standing-instructions file, preserving the user's own content. --user for home scope, --uninstall, install status. - Stdlib only, path-safety guarded (destination must resolve inside the target/home tree). 12 new tests; suite 324 -> 336, DocGuard green. Closes the gap between the README's "any agent can act on it" and shipping only a Claude plugin. Pattern adapted from graphify's multi-host installer. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…-push gate) Wire the baseline-diff into git so websec runs automatically: - `hooks install`: advisory post-commit hook, recon-only (~1s), prints a "baseline: N new" heads-up, never blocks the commit. - `hooks install --pre-push`: blocking gate — fails the push on a NEW finding at/above $WEBSEC_HOOK_FAIL_ON (default high). - Marker-delimited install/uninstall (appends to + preserves an existing hook); interpreter pinned + allowlist-sanitized (survives pipx/uv isolation, no shell-injection); hooks dir via `git rev-parse` (worktree/core.hooksPath aware); prunes to last 5 guardrail runs. WEBSEC_SKIP_HOOK=1 overrides; WEBSEC_HOOK_SCAN=1 runs full scanners. 10 new tests incl. an end-to-end real-commit run; suite 336 -> 346, DocGuard green. Pattern adapted from graphify's hook installer. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… graph If the scanned repo has graphify-out/graph.json (or --graph <file>), tag each finding with how much of the app transitively DEPENDS ON the vulnerable code — reverse reachability over dependency edges. A SQLi in a leaf handler and the same SQLi in a helper imported by 40 modules stop looking equally urgent. - Findings gain a `graph` block (nodes, blast_radius, dependents sample, community); ledger gains a `graph_enrichment` summary. - Pure stdlib JSON — never imports tree-sitter, so the zero-runtime-deps guarantee holds. Reverse-BFS bounded at 20k visits (disclosed truncation). Wrapped so a bad/oversized graph never fails a run. - Auto-detected at <target>/graphify-out/graph.json; --graph overrides. Verified on a real 167-node graph (finding in cli.py → 20 nodes, blast radius 5). 10 new tests; suite 346 -> 356, DocGuard green. This is the cross-promoting integration from the graphify review: the two tools compose without websec taking on graphify's dependency stack. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
MCP over HTTP — `websec mcp --http`: - Refactor the request handler into a transport-agnostic `process()` shared by stdio and HTTP. - New HTTP JSON-RPC transport on the stdlib http.server — no starlette, no new dependency (websec stays zero-runtime-deps, which graphify's starlette-based HTTP server can't claim). GET /health + POST JSON-RPC. - Binds 127.0.0.1:8733 by default (tools read local paths → localhost unless --host on a trusted network); still read-only. - 11 new tests incl. a live HTTP round-trip. BENCHMARKS.md — open, reproducible methodology: coverage (proof 10/10), calibrated precision with Wilson 95% CIs from the labeled corpus (n=59), zero-dep/determinism guarantees, and a documented identical-conditions protocol for a future Semgrep/Bandit comparison. No head-to-head numbers claimed until that harness runs (honest-framing mandate). Suite 356 -> 367, DocGuard green. Closes the graphify-review roadmap (installer, hooks, graph enrichment, HTTP, benchmarks). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Phase 3 computed blast-radius into findings-ledger.json but it was invisible in the artifacts consumers actually read. Now: - AGENT-BRIEFING.md gains a ranked "★ 3d. Blast radius" section — the agent is told to verify high-radius findings first (only rendered when a graphify graph enriched the ledger; briefing.render takes an optional ledger arg). - REPORT.md shows a per-finding "blast radius: N module(s) depend on this" line with a dependents sample. - SARIF results carry a `blastRadius` property + a message note, so GitHub Code Scanning / dashboards surface it too. A prioritization signal that doesn't reach the consumer is wasted; this makes it change what gets triaged first. Suite 367 -> 371 (+4), DocGuard green. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…tools MCP was the one surface not getting blast-radius. The websec_findings and websec_sarif tools now run the same opt-in graphify enrichment (via a shared _ledger_for helper), best-effort so a missing/bad graph never fails a tool call. Now every channel — CLI artifacts, SARIF, and MCP — is consistent. +1 test; suite 371 -> 372. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Bump 0.10.0 -> 0.11.0. Ships this session's graphify-inspired work: multi-host installer (`websec install <host>`), git guardrail hooks (`websec hooks`), opt-in graphify blast-radius enrichment surfaced across briefing/REPORT/SARIF/MCP, and an MCP HTTP transport — all stdlib-only, zero runtime deps preserved. Suite 324 -> 372 green. Pre-flight: built the wheel in a clean venv, twine check passed, smoke verified (version match, calibration.json ships, new modules import, run produces AGENT-BRIEFING.md, install writes the host block). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adapts the highest-leverage ideas from a review of graphify into websec, keeping the zero-runtime-deps guarantee throughout (stdlib-only HTTP + JSON graph parsing). Suite 324 → 372, DocGuard green, pre-flight wheel smoke passed.
What's in it
websec install <host>— multi-host agent installer (claude · codex · cursor · gemini · aider · generic). Skill-file style for Claude/Cursor; idempotent marked block for sharedAGENTS.md/GEMINI.md/CONVENTIONS.md. Path-safe,--user,--uninstall,status.websec hooks— git guardrail: advisory post-commit (baseline: N new, never blocks) + blocking pre-push gate on NEW findings. Interpreter pinned + shell-injection-sanitized; worktree/hooksPath-aware.graphify-out/graph.jsonexists, tag findings with reverse-reachability blast radius. Stdlib JSON only (never imports tree-sitter). Surfaced in AGENT-BRIEFING.md (ranked ★ section), REPORT.md, SARIF, and the MCP tools.websec mcp --http— stdlibhttp.serverJSON-RPC transport (no starlette) for a team-shared URL; localhost-default.BENCHMARKS.md— open methodology (proof 10/10, calibrated precision with Wilson CIs), honest competitor-comparison protocol (no fabricated numbers).Release
Bumps
0.10.0 → 0.11.0. Taggingv0.11.0after merge triggerspublish.yml→ PyPI (Trusted Publishing).Pre-flight done locally: clean-venv build,
twine checkPASSED, wheel smoke (version match,calibration.jsonships, new modules import,runproduces AGENT-BRIEFING.md,installwrites the host block).🤖 Generated with Claude Code