Skip to content

Release 0.11.0 — distribution & integration round (installer, hooks, graph enrichment, MCP HTTP)#26

Open
raccioly wants to merge 7 commits into
mainfrom
claude/graphify-websec-review-157410
Open

Release 0.11.0 — distribution & integration round (installer, hooks, graph enrichment, MCP HTTP)#26
raccioly wants to merge 7 commits into
mainfrom
claude/graphify-websec-review-157410

Conversation

@raccioly

Copy link
Copy Markdown
Owner

Adapts the highest-leverage ideas from a review of graphify into websec, keeping the zero-runtime-deps guarantee throughout (stdlib-only HTTP + JSON graph parsing). Suite 324 → 372, DocGuard green, pre-flight wheel smoke passed.

What's in it

  • websec install <host> — multi-host agent installer (claude · codex · cursor · gemini · aider · generic). Skill-file style for Claude/Cursor; idempotent marked block for shared AGENTS.md/GEMINI.md/CONVENTIONS.md. Path-safe, --user, --uninstall, status.
  • websec hooks — git guardrail: advisory post-commit (baseline: N new, never blocks) + blocking pre-push gate on NEW findings. Interpreter pinned + shell-injection-sanitized; worktree/hooksPath-aware.
  • graphify blast-radius enrichment (opt-in) — if graphify-out/graph.json exists, tag findings with reverse-reachability blast radius. Stdlib JSON only (never imports tree-sitter). Surfaced in AGENT-BRIEFING.md (ranked ★ section), REPORT.md, SARIF, and the MCP tools.
  • websec mcp --http — stdlib http.server JSON-RPC transport (no starlette) for a team-shared URL; localhost-default.
  • BENCHMARKS.md — open methodology (proof 10/10, calibrated precision with Wilson CIs), honest competitor-comparison protocol (no fabricated numbers).

Release

Bumps 0.10.0 → 0.11.0. Tagging v0.11.0 after merge triggers publish.yml → PyPI (Trusted Publishing).

Pre-flight done locally: clean-venv build, twine check PASSED, wheel smoke (version match, calibration.json ships, new modules import, run produces AGENT-BRIEFING.md, install writes the host block).

🤖 Generated with Claude Code

raccioly and others added 7 commits July 11, 2026 13:09
Teach any core coding agent to reach for websec-validator on a security
review. Hosts: claude, codex, cursor, gemini, aider, generic (AGENTS.md).

- Skill-style hosts (Claude, Cursor) get a dedicated skill/rule file.
- Block-style hosts (Codex/Gemini/Aider/generic) get an idempotent marked
  region injected into their standing-instructions file, preserving the
  user's own content. --user for home scope, --uninstall, install status.
- Stdlib only, path-safety guarded (destination must resolve inside the
  target/home tree). 12 new tests; suite 324 -> 336, DocGuard green.

Closes the gap between the README's "any agent can act on it" and shipping
only a Claude plugin. Pattern adapted from graphify's multi-host installer.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…-push gate)

Wire the baseline-diff into git so websec runs automatically:

- `hooks install`: advisory post-commit hook, recon-only (~1s), prints a
  "baseline: N new" heads-up, never blocks the commit.
- `hooks install --pre-push`: blocking gate — fails the push on a NEW
  finding at/above $WEBSEC_HOOK_FAIL_ON (default high).
- Marker-delimited install/uninstall (appends to + preserves an existing
  hook); interpreter pinned + allowlist-sanitized (survives pipx/uv
  isolation, no shell-injection); hooks dir via `git rev-parse`
  (worktree/core.hooksPath aware); prunes to last 5 guardrail runs.
  WEBSEC_SKIP_HOOK=1 overrides; WEBSEC_HOOK_SCAN=1 runs full scanners.

10 new tests incl. an end-to-end real-commit run; suite 336 -> 346,
DocGuard green. Pattern adapted from graphify's hook installer.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… graph

If the scanned repo has graphify-out/graph.json (or --graph <file>), tag
each finding with how much of the app transitively DEPENDS ON the
vulnerable code — reverse reachability over dependency edges. A SQLi in a
leaf handler and the same SQLi in a helper imported by 40 modules stop
looking equally urgent.

- Findings gain a `graph` block (nodes, blast_radius, dependents sample,
  community); ledger gains a `graph_enrichment` summary.
- Pure stdlib JSON — never imports tree-sitter, so the zero-runtime-deps
  guarantee holds. Reverse-BFS bounded at 20k visits (disclosed
  truncation). Wrapped so a bad/oversized graph never fails a run.
- Auto-detected at <target>/graphify-out/graph.json; --graph overrides.

Verified on a real 167-node graph (finding in cli.py → 20 nodes, blast
radius 5). 10 new tests; suite 346 -> 356, DocGuard green.

This is the cross-promoting integration from the graphify review: the two
tools compose without websec taking on graphify's dependency stack.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
MCP over HTTP — `websec mcp --http`:
- Refactor the request handler into a transport-agnostic `process()`
  shared by stdio and HTTP.
- New HTTP JSON-RPC transport on the stdlib http.server — no starlette,
  no new dependency (websec stays zero-runtime-deps, which graphify's
  starlette-based HTTP server can't claim). GET /health + POST JSON-RPC.
- Binds 127.0.0.1:8733 by default (tools read local paths → localhost
  unless --host on a trusted network); still read-only.
- 11 new tests incl. a live HTTP round-trip.

BENCHMARKS.md — open, reproducible methodology: coverage (proof 10/10),
calibrated precision with Wilson 95% CIs from the labeled corpus (n=59),
zero-dep/determinism guarantees, and a documented identical-conditions
protocol for a future Semgrep/Bandit comparison. No head-to-head numbers
claimed until that harness runs (honest-framing mandate).

Suite 356 -> 367, DocGuard green. Closes the graphify-review roadmap
(installer, hooks, graph enrichment, HTTP, benchmarks).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Phase 3 computed blast-radius into findings-ledger.json but it was
invisible in the artifacts consumers actually read. Now:

- AGENT-BRIEFING.md gains a ranked "★ 3d. Blast radius" section — the
  agent is told to verify high-radius findings first (only rendered when
  a graphify graph enriched the ledger; briefing.render takes an optional
  ledger arg).
- REPORT.md shows a per-finding "blast radius: N module(s) depend on
  this" line with a dependents sample.
- SARIF results carry a `blastRadius` property + a message note, so
  GitHub Code Scanning / dashboards surface it too.

A prioritization signal that doesn't reach the consumer is wasted; this
makes it change what gets triaged first. Suite 367 -> 371 (+4), DocGuard
green.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…tools

MCP was the one surface not getting blast-radius. The websec_findings and
websec_sarif tools now run the same opt-in graphify enrichment (via a
shared _ledger_for helper), best-effort so a missing/bad graph never
fails a tool call. Now every channel — CLI artifacts, SARIF, and MCP —
is consistent. +1 test; suite 371 -> 372.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Bump 0.10.0 -> 0.11.0. Ships this session's graphify-inspired work:
multi-host installer (`websec install <host>`), git guardrail hooks
(`websec hooks`), opt-in graphify blast-radius enrichment surfaced across
briefing/REPORT/SARIF/MCP, and an MCP HTTP transport — all stdlib-only,
zero runtime deps preserved. Suite 324 -> 372 green.

Pre-flight: built the wheel in a clean venv, twine check passed, smoke
verified (version match, calibration.json ships, new modules import, run
produces AGENT-BRIEFING.md, install writes the host block).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant