chore(work): finish 02-socket-integration

2026-05-14 19:16:31 +02:00
parent ea5db36da6
commit 0e748ae714
2 changed files with 5 additions and 11 deletions
--- a/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md
+++ b/docs/work/2026-05-14-ci-security-and-supply-chain/02-socket-integration/_story.md
@@ -3,7 +3,7 @@ id: 02-socket-integration
 epic: 2026-05-14-ci-security-and-supply-chain
 title: Socket integration (skill + CI)
 type: technical-story
-status: in-progress
+status: done
 feature: tooling
 depends-on: [01-trace-schema-extensions]
 blocks: [08-reviewer-prompt-update]
@@ -42,4 +42,4 @@ CVE databases are lagging indicators — `event-stream`, `ua-parser-js`, and `tj
 ## Tasks

 - [x] Add `.socket.json` at repo root and extend `.claude/skills/evaluate-library/SKILL.md` with a "Filter 9 — Supply-chain behavior (Socket)" section: position Socket after cheap filters, document `socket-cli` as the verification command, specify how `clean`/`flagged`/`<finding-summary>` maps to the trace's `socket-risk` field; one commit, all gates pass.
- [ ] Add a `socket-cli scan` step to `ci.yml`'s `validate` job, scoped to PRs touching `package.json` or `pnpm-lock.yaml` via a `paths:` condition; step exits non-zero on any `critical` finding; one commit, all gates pass.
+- [x] Add a `socket-cli scan` step to `ci.yml`'s `validate` job, scoped to PRs touching `package.json` or `pnpm-lock.yaml` via a `paths:` condition; step exits non-zero on any `critical` finding; one commit, all gates pass.
--- a/docs/work/_state.json
+++ b/docs/work/_state.json
@@ -1,5 +1,5 @@
 {
-  "updated_at": "2026-05-14T17:11:35.212Z",
+  "updated_at": "2026-05-14T17:16:32.410Z",
  "epics": {
    "2026-05-13-binder-wrap-helper": {
      "status": "done",
@@ -53,10 +53,10 @@
          "blocks": []
        },
        "02-socket-integration": {
-          "status": "in-progress",
+          "status": "done",
          "title": "Socket integration (skill + CI)",
          "ac_total": 2,
-          "ac_completed": 1,
+          "ac_completed": 2,
          "depends_on": [
            "01-trace-schema-extensions"
          ],
@@ -258,11 +258,6 @@
    }
  },
  "ready": [
-    {
-      "epic": "2026-05-14-ci-security-and-supply-chain",
-      "story": "02-socket-integration",
-      "title": "Socket integration (skill + CI)"
-    },
    {
      "epic": "2026-05-14-ci-security-and-supply-chain",
      "story": "03-renovate-adoption",
@@ -303,7 +298,6 @@
      "story": "08-reviewer-prompt-update",
      "title": "Sandcastle reviewer prompt update",
      "waiting_on": [
-        "2026-05-14-ci-security-and-supply-chain/02-socket-integration",
        "2026-05-14-ci-security-and-supply-chain/06-codeql-and-audit-signatures"
      ]
    }