fix(audit): validate phase0 artifact tag inputs

Add shared artifact-tag normalization/validation and apply it to capture, drift, and prune scripts for --tag/--report-tag/--baseline-tag paths. Architecture diagrams reviewed; no flow changes required.
2026-02-27 13:25:35 -08:00
parent 98f954de0d
commit 5b9bcbafee
9 changed files with 66 additions and 8 deletions
@@ -552,6 +552,24 @@
      ],
      "test_status": "pnpm test:run src/audit/phase0BaselineDrift.test.ts + pnpm typecheck passing"
    },
+    "phase0-live-baseline-artifact-tag-validation-hardening": {
+      "status": "completed",
+      "date": "2026-02-27",
+      "updated": "2026-02-27",
+      "summary": "Added shared artifact-tag normalization/validation and applied it across phase-0 capture, drift, and prune scripts (`--tag`, `--report-tag`, `--baseline-tag`) to enforce filename-safe tags and block malformed path-like values.",
+      "files_modified": [
+        "src/audit/artifactTag.ts",
+        "src/audit/artifactTag.test.ts",
+        "scripts/capture-phase0-live-baseline.ts",
+        "scripts/check-phase0-baseline-backend-drift.ts",
+        "scripts/prune-phase0-baseline-artifacts.ts",
+        "README.md",
+        "docs/api/PROTOCOL.md",
+        "docs/plans/2026-02-25-phase0-instrumentation-ticket-checklist.md",
+        "docs/plans/state.json"
+      ],
+      "test_status": "pnpm test:run src/audit/artifactTag.test.ts src/audit/phase0BaselineDrift.test.ts + pnpm typecheck passing"
+    },
    "phase0-instrumentation-ticket-checklist": {
      "status": "completed",
      "date": "2026-02-25",