Plan — Apply lockdown brainstorm redirects + run /dc cycle

Goal

Bring the /lockdown implementation into conformance with the user-approved design (six redirects from the brainstorm), verify via double-check review, and re-run the self-test on the claude-jacked repo to confirm the report comes out correct.

Architecture

All redirects modify jacked/data/commands/lockdown.md only. Each redirect is a localized edit to the phase/section it affects. No structural change to the skill, no new files needed.

Tech stack

• Markdown command file (claude follows it as instructions)
• HTML report template (already in jacked/data/templates/plan-template.html)
• Tests: uv run python -m pytest
• Lint: uv run python -m ruff check (no, not applicable here — only Markdown changes)

File map

File	Responsibility in this plan
jacked/data/commands/lockdown.md	All 6 redirects applied here
docs/lockdown/2026-05-20-claude-jacked-lockdown.html	Re-generated after redirects to include category breakdown

Tasks

Task 1 — Redirect #1: flip --paranoid from default to opt-in

File: jacked/data/commands/lockdown.md — Arguments section + closing notes

• 1.1 — Change "The default is audit --paranoid" → "The default is audit (baseline checks). Pass --paranoid for healthcare/PHI to add stricter controls."
• 1.2 — Update "Healthcare PHI default" hard rule: baseline-only by default; --paranoid is opt-in
• 1.3 — Verify by greppping the file: grep -n "paranoid" jacked/data/commands/lockdown.md — every mention should be consistent with "opt-in"
• 1.4 — Also fix jacked/data/rules/jacked_behaviors.md — current text says "For healthcare/PHI repos, /lockdown --paranoid is the default" which contradicts the new design. Replace with "For healthcare/PHI repos, pass --paranoid for stricter controls."

Task 2 — Redirect #2: category breakdown table in the report

File: jacked/data/commands/lockdown.md — Phase 13 "Score & report"

• 2.1 — Add a new "Category Breakdown" subsection between Score Card and Findings list:

  ### Category breakdown
  
  Render as a table showing pass/warn/fail per category:
  
  | Category | Status | Notes |
  |---|---|---|
  | Lockfile integrity | ok / warn / danger | hash-pinned? frozen-install in CI? |
  | Dependency CVEs | ok / warn / danger | pip-audit / osv-scanner / npm audit signatures clean? |
  | Malware / typosquat | ok / warn / danger | Socket clean? install-script allowlist? |
  | CI/Actions hardening | ok / warn / danger | SHA-pinning + permissions + persist-credentials + harden-runner + zizmor |
  | Secrets hygiene | ok / warn / danger | .gitignore coverage + gitleaks clean + no hardcoded |
  | Provenance & signing | ok / warn / danger | Trusted Publishers / npm provenance / SBOM / cosign |
  | Container hardening | ok / warn / danger / n/a | base image + USER + Trivy |
  | Pre-commit + scorecard | ok / warn / danger | local hooks + Scorecard checks |
  
  Each row is computed from the findings in that category — danger if any CRITICAL,
  warn if any HIGH or MEDIUM, ok if all clean, n/a if the category does not apply.

• 2.2 — Update Phase 13 output checklist to mention category breakdown alongside score and band
• 2.3 — Re-render docs/lockdown/2026-05-20-claude-jacked-lockdown.html to include the new section

Task 3 — Redirect #3: single commit per fix-mode invocation

File: jacked/data/commands/lockdown.md — Phase 14 "Fix mode"

• 3.1 — Replace "Each fix is its own commit with message chore(lockdown): {what + why}" with:

  4. Apply selected fixes. All accepted fixes go into a SINGLE commit:
  
     chore(lockdown): apply hardening batch
  
     - {one bullet per accepted fix, referencing finding ID}
  
     Refs: docs/lockdown/{date}-{repo}-lockdown.html
  
  5. After commit, re-run audit and report new score + delta.

• 3.2 — Verify the report's "Remediation Plan" section still makes sense with one commit (it does — the checklist is per finding, not per commit)

Task 4 — Redirect #4: hard rule — never modify dep versions

File: jacked/data/commands/lockdown.md — Hard rules section

• 4.1 — Add to Hard Rules section:

  - **NEVER modify dep versions or manifests** — `/lockdown` never edits
    `pyproject.toml`, `requirements*.txt`, `package.json`, `pnpm-workspace.yaml`
    (the deps section), `uv.lock`, `package-lock.json`, `pnpm-lock.yaml`, or
    `yarn.lock`. The only files `/lockdown` may write are: CI workflow YAMLs,
    `.gitignore`, `.github/dependabot.yml`, `.pre-commit-config.yaml`, `.npmrc`,
    `.yarnrc.yml` (config sections only, not deps), and report files under
    `docs/lockdown/`. This guarantees that locking down repo A cannot break
    repo B by forcing a cross-repo version conflict.

• 4.2 — In Phase 14 "NEVER auto-apply" list, expand the "Dependency upgrades" item to make this guarantee explicit

Task 5 — Redirect #5: CVE findings produce diff, not applied change

File: jacked/data/commands/lockdown.md — Phase 3 "Known-CVE scan"

• 5.1 — In Phase 3, add explicit instruction at the end:

  For each CVE finding, output:
  - The upgrade command the user should run (`uv add foo@1.2.4` or `npm install foo@1.2.4`)
  - A note: "This requires human review + tests. /lockdown does NOT auto-apply."
  - The cross-repo blast-radius scan output (see Phase 14a below).
  
  The CVE finding is reported in the audit report and terminal, NEVER applied
  by `/lockdown fix`.

• 5.2 — Verify Phase 14 (Fix mode) "Auto-fixable categories" list does NOT include CVE upgrades

Task 6 — Redirect #6: --workspace=PATH cross-repo blast-radius scan

File: jacked/data/commands/lockdown.md — Arguments + new Phase 14a

• 6.1 — Add to Arguments section:

  - `--workspace=PATH` → also scan sibling repos in PATH (default `~/Github` if
    unset and 2+ repos detected) to warn of cross-repo blast radius when
    suggesting CVE upgrades. Read-only on sibling repos.

• 6.2 — Add new section "Phase 14a: Cross-repo blast-radius (workspace-aware)":

  ## Phase 14a: Cross-repo blast-radius (workspace-aware)
  
  If `--workspace=PATH` is set (or `~/Github` contains 2+ git repos):
  
  For each CVE finding with a suggested upgrade `pkg@X.Y.Z`:
  
  ```bash
  WS="${WORKSPACE:-$HOME/Github}"
  PKG="requests"   # the dep with the CVE
  
  for repo in "$WS"/*/; do
    [ -d "$repo/.git" ] || continue
    repo_name=$(basename "$repo")
    [ "$repo_name" = "$(basename "$PWD")" ] && continue   # skip self
  
    # Python
    match=$(grep -rE "\"$PKG\"|'$PKG'|^$PKG\b" \
      "$repo/pyproject.toml" "$repo/requirements"*.txt 2>/dev/null | head -3)
  
    # Node
    [ -z "$match" ] && match=$(grep -E "\"$PKG\":" \
      "$repo/package.json" 2>/dev/null | head -3)
  
    [ -n "$match" ] && echo "  $repo_name: $match"
  done
  ```
  
  Output in the report:
  
  > **Cross-repo blast radius for upgrading `requests` to 2.34.2:**
  > - jack-cli: "requests>=2.31"
  > - hank-codesets: "requests==2.33.0"
  > Apply this upgrade in claude-jacked, then verify these sibling repos still
  > install/build cleanly before they next deploy.
  
  This is a WARNING ONLY. `/lockdown` never reads beyond manifest files in
  sibling repos, never writes to them, never executes any code in them.

• 6.3 — In Hard Rules, add: "--workspace scans sibling repos READ-ONLY for manifest text only; never executes anything; never writes."

Task 7 — Commit redirects

• 7.1 — Stage modified files:

  git add jacked/data/commands/lockdown.md \
          docs/superpowers/specs/2026-05-20-lockdown-design.html \
          docs/superpowers/plans/2026-05-20-lockdown-redirects-and-dc.html

• 7.2 — Commit:

  git commit -m "$(cat <<'EOF'
  chore(lockdown): apply 6 brainstorm redirects + add spec/plan
  
  Per /jack-it-up cycle on 2026-05-20:
  - baseline-only default (was --paranoid); --paranoid now opt-in
  - add category breakdown table to report
  - single-commit batch for fix mode
  - hard rule: never modify dep versions or manifests
  - CVE findings produce diff; never auto-applied
  - new --workspace=PATH cross-repo blast-radius scan
  
  Spec:  docs/superpowers/specs/2026-05-20-lockdown-design.html
  Plan:  docs/superpowers/plans/2026-05-20-lockdown-redirects-and-dc.html
  
  Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
  EOF
  )"

Task 8 — /dc on this plan

• 8.1 — Invoke /dc with this plan file path as the scope. The skill auto-detects planning phase and spawns reviewers + a pre-mortem analyst.
• 8.2 — Apply any CRITICAL or MEDIUM findings inline. LOW findings noted but not blocking.
• 8.3 — Re-run /dc if findings were applied. Loop until clean pass.

Task 9 — /dc on implementation

• 9.1 — Invoke /dc with the implementation as scope:

  jacked/data/commands/lockdown.md
  jacked/data/skills/lockdown/SKILL.md
  jacked/data/rules/jacked_behaviors.md   # the new behavior rule
  README.md                                # the new command in tables
  docs/lockdown/2026-05-20-claude-jacked-lockdown.html  # self-test artifact

• 9.2 — Categories /dc should cover: security (would the skill itself create vulnerabilities?), correctness (do the bash commands actually produce the claimed output?), usability (is the report readable?), portability (does it work in a fresh repo without dev-mode jacked install?), false-positive rate (will users get noise that erodes trust?), and documentation accuracy (do README links resolve?).
• 9.3 — Apply CRITICAL/MEDIUM findings. Loop until clean.

Task 10 — Re-run self-test on claude-jacked repo

• 10.1 — With the updated command file, re-execute the audit manually (do not invoke the slash command since we're inside the implementation): walk phases 1–13 once more, regenerate docs/lockdown/2026-05-20-claude-jacked-lockdown.html with the new category breakdown table
• 10.2 — Verify the report still scores ~27 (unchanged — only presentation changed)
• 10.3 — Commit the regenerated report

Task 11 — Optional: /pr

• 11.1 — If the user asks to ship, invoke /pr. Otherwise stop after Task 10 and report the cycle complete.

Test plan

• Existing pytest: uv run python -m pytest -q — already passed; should still pass since changes are only Markdown.
• Skill discoverability: ls ~/.claude/skills/lockdown ~/.claude/commands/lockdown.md — symlinks should still point at the updated repo files (live-update via editable install).
• Audit re-run: walk phases 1–13 on claude-jacked manually, confirm output mirrors the regenerated HTML report.
• Workspace scan dry-run: ls ~/Github/*/pyproject.toml ~/Github/*/package.json 2>/dev/null | head -10 — confirm at least 2 sibling repos exist so the workspace flag has something to scan.

Risks & mitigations

Risk	Mitigation
Changing the default off paranoid surprises healthcare repos that were relying on strict-by-default	None of jack's repos have invoked this command yet (it's brand new), so no behavioral regression. New behavior rule in jacked_behaviors.md already mentions --paranoid for PHI repos as a callout.
The category-breakdown table adds rendering work to every report; may break the existing claude-jacked report if Claude follows old instructions cached in conversation	Task 2.3 explicitly regenerates the existing report so on-disk artifact matches the new schema. Future audits start fresh.
Workspace scan reads sibling repo manifest files — looks like privacy/security boundary cross	Read-only, manifest text only, never executes, hard rule documented. User explicitly asked for cross-repo awareness.
/dc finds new CRITICAL issues that require structural rework	Loop until clean is the design. Each pass narrows.

Open questions (for /dc to surface or pre-mortem to challenge)

• Should --workspace auto-enable when ~/Github has 2+ repos, or always require explicit opt-in? Plan says auto-enable; pre-mortem may push back on privacy boundary.
• Should the category breakdown table replace or augment the score number? Plan augments (both shown).
• Should the new behavior rule be appended via /learn instead of manual edit? Plan went manual since this is part of the same PR.