- Update actions/checkout from v4.2.2 to v6.0.2 in release.yml and
hotfix.yml (prevents breakage after June 2026 Node.js 20 deprecation)
- Update actions/setup-node from v4.1.0 to v6.3.0 in both workflows
- Add release/** and hotfix/** to test.yml push triggers
- Add release/** and hotfix/** to security-scan.yml PR triggers
test.yml already used v6 pins — this aligns the release pipelines.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CI security pipeline to catch prompt injection attacks, base64-obfuscated
payloads, leaked secrets, and .planning/ directory commits in PRs.
This is critical for get-shit-done because the entire codebase is markdown
prompts — a prompt injection in a workflow file IS the attack surface.
New files:
- scripts/prompt-injection-scan.sh: scans for instruction override, role
manipulation, system boundary injection, DAN/jailbreak, and tool call
injection patterns in changed files
- scripts/base64-scan.sh: extracts base64 blobs >= 40 chars, decodes them,
and checks decoded content against injection patterns (skips data URIs
and binary content)
- scripts/secret-scan.sh: detects AWS keys, OpenAI/Anthropic keys, GitHub
PATs, Stripe keys, private key headers, and generic credential patterns
- .github/workflows/security-scan.yml: runs all three scans plus a
.planning/ directory check on every PR
- .base64scanignore / .secretscanignore: per-repo false positive allowlists
- tests/security-scan.test.cjs: 51 tests covering script existence,
pattern matching, false positive avoidance, and workflow structure
All scripts support --diff (CI), --file, and --dir modes. Cross-platform
(macOS + Linux). SHA-pinned actions. Environment variables used for
github context in run blocks (no direct interpolation).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
