docs: record post-hardening rc1 release evidence (#1852)

docs/releases/2.0.0-rc.1/publication-evidence-2026-05-13-post-hardening.md

@@ -0,0 +1,96 @@
+# ECC v2.0.0-rc.1 Publication Evidence - 2026-05-13 Post-Hardening
+
+This is release-readiness evidence only. It does not create a GitHub release,
+npm publication, plugin tag, marketplace submission, or announcement post.
+
+## Source Commit
+
+| Field | Evidence |
+| --- | --- |
+| Upstream main base | `209abd403b7eaa968c6d4fa67be82e04b55706d6` |
+| Evidence branch | `docs/post-hardening-release-evidence-20260513` |
+| Evidence scope | Current `main` after PR #1850 and PR #1851 |
+| Git remote | `https://github.com/affaan-m/everything-claude-code.git` |
+| Local status caveat | Working tree had the unrelated untracked `docs/drafts/` directory |
+
+The actual release operator should repeat these checks from the final release
+commit with a clean checkout before publishing.
+
+## Queue And Release State
+
+| Surface | Command | Result |
+| --- | --- | --- |
+| GitHub PRs and issues | `gh pr list` / `gh issue list` across trunk, AgentShield, and JARVIS | 0 open PRs and 0 open issues on accessible `affaan-m` repos |
+| Trunk discussions | GraphQL discussion count for `affaan-m/everything-claude-code` | 0 open discussions |
+| Dependabot alerts | Dependabot alert API for trunk, AgentShield, and JARVIS | 0 open alerts |
+| Release state | `gh release view v2.0.0-rc.1` | Still not created; release remains approval-gated |
+
+ECC-Tools organization repo counts were not rechecked through the current
+GraphQL token in this pass because the token cannot resolve those org repos.
+The prior post-#42 local checkout handoff recorded both ECC-Tools repos at
+0 open PRs and 0 open issues.
+
+## Hardening Landed Since Previous Evidence
+
+| PR | Merge commit | Evidence |
+| --- | --- | --- |
+| #1850 | `248673271455e9dc85b8add2a6ab76107b718639` | Removed `Bash` tool access from read-only analyzer agents and zh-CN copies; AgentShield high findings on that surface dropped 21 -> 18 with no new high findings |
+| #1851 | `209abd403b7eaa968c6d4fa67be82e04b55706d6` | Disabled `actions/checkout` credential persistence in write-permission workflows and added a workflow-security validator rule to keep that guard in place |
+
+## Required Command Evidence
+
+| Evidence | Command | Result |
+| --- | --- | --- |
+| Harness audit | `npm run harness:audit -- --format json` | `overall_score: 70`, `max_score: 70`, no top actions |
+| Adapter scorecard | `npm run harness:adapters -- --check` | `Harness Adapter Compliance: PASS`; 11 adapters |
+| Observability readiness | `npm run observability:ready -- --format json` | `overall_score: 18`, `max_score: 18`, `ready: true`, no top actions |
+| Workflow security validator | `node scripts/ci/validate-workflow-security.js` | Validated 7 workflow files |
+| Workflow validator tests | `node tests/ci/validate-workflow-security.test.js` | Passed 14/14 |
+| Release surface | `node tests/docs/ecc2-release-surface.test.js` | Passed 18/18 |
+| Package surface | `node tests/scripts/npm-publish-surface.test.js` | Passed 2/2 |
+| Root suite | `node tests/run-all.js` | Passed 2380/2380, 0 failed |
+| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules --ignore docs/drafts` | Passed |
+| Rust surface | `cd ecc2 && cargo test` | Passed 462/462; warnings only for unused functions/fields |
+
+## Supply-Chain Evidence
+
+| Surface | Command or check | Result |
+| --- | --- | --- |
+| Local npm vulnerability audit | `npm audit --json` | 0 vulnerabilities |
+| Local npm signature audit | `npm audit signatures` | 241 verified registry signatures and 30 verified attestations |
+| Rust advisory audit | `cd ecc2 && cargo audit -q` | Passed silently |
+| TanStack / Mini Shai-Hulud IOC check | Grep for affected package namespaces, payload filenames, and known commit marker | No runtime or lockfile dependency on affected packages; no worm IOC matches |
+
+## External Advisory Mapping
+
+The May 2026 TanStack incident maps to ECC release risk through three workflow
+classes:
+
+- `pull_request_target` workflows that execute or checkout untrusted PR code;
+- shared dependency caches crossing fork, base, and release workflow trust
+  boundaries;
+- release jobs with writable tokens or OIDC tokens exposed to subsequent
+  process execution.
+
+ECC's current guardrails cover those classes through:
+
+- rejection of untrusted checkout refs in `workflow_run` and
+  `pull_request_target` workflows;
+- rejection of shared caches in `pull_request_target` and `id-token: write`
+  workflows;
+- mandatory `npm audit signatures` when workflows run `npm audit`;
+- mandatory `npm ci --ignore-scripts` in workflows with write permissions;
+- mandatory `persist-credentials: false` on `actions/checkout` in workflows
+  with write permissions.
+
+## Blockers Still Requiring Approval Or External Action
+
+- Create or verify GitHub prerelease `v2.0.0-rc.1`.
+- Publish `ecc-universal@2.0.0-rc.1` with npm dist-tag `next`.
+- Create and push the Claude plugin tag only after explicit approval.
+- Confirm the live Claude/Codex/OpenCode marketplace submission path or record
+  the manual submission owner and status.
+- Verify ECC Tools billing/App/Marketplace claims before using them in launch
+  copy.
+- Refresh announcement copy with live URLs after release and package/plugin
+  URLs exist.

docs/releases/2.0.0-rc.1/publication-readiness.md

@@ -10,6 +10,8 @@ For the May 12 dry-run evidence pass, see
 [`publication-evidence-2026-05-12.md`](publication-evidence-2026-05-12.md).
 For the May 13 release-readiness evidence refresh, see
 [`publication-evidence-2026-05-13.md`](publication-evidence-2026-05-13.md).
+For the May 13 post-hardening evidence refresh after PR #1850 and PR #1851, see
+[`publication-evidence-2026-05-13-post-hardening.md`](publication-evidence-2026-05-13-post-hardening.md).
 
 ## Release Identity Matrix
 
@@ -39,6 +41,7 @@ For the May 13 release-readiness evidence refresh, see
 | OpenCode package | Build output is regenerated from source and package metadata is current | `npm run build:opencode` | `Blocker: none for local build; public distribution still follows npm/plugin release` | Package owner | Evidence recorded |
 | ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `gh api repos/ECC-Tools/ECC-Tools` plus app/marketplace URL check | `Blocker:` | ECC Tools owner | Pending |
 | Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | `rg -n "TODO" docs/releases/2.0.0-rc.1` and repeat for `TBD` | `Blocker:` | Release owner | Pending |
+| Privileged workflow hardening | Release and maintenance workflows avoid persisted checkout tokens | `node scripts/ci/validate-workflow-security.js` | `Blocker:` | Release owner | Evidence recorded in post-hardening refresh |
 
 ## Required Command Evidence
 
@@ -49,8 +52,8 @@ Record the exact commit SHA and command output before any publication action:
 | Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Pending final clean-checkout release pass; May 13 evidence branch still had unrelated untracked `docs/drafts/` |
 | Harness audit | `npm run harness:audit -- --format json` | 70/70 passing | `publication-evidence-2026-05-13.md`: 70/70 |
 | Adapter scorecard | `npm run harness:adapters -- --check` | PASS | `publication-evidence-2026-05-13.md`: PASS, 11 adapters |
-| Observability readiness | `npm run observability:ready` | 16/16 passing | `publication-evidence-2026-05-13.md`: 16/16, ready true |
-| Root suite | `node tests/run-all.js` | 0 failures | `publication-evidence-2026-05-13.md`: 2376 passed, 0 failed |
+| Observability readiness | `npm run observability:ready` | 18/18 passing | `publication-evidence-2026-05-13-post-hardening.md`: 18/18, ready true |
+| Root suite | `node tests/run-all.js` | 0 failures | `publication-evidence-2026-05-13-post-hardening.md`: 2380 passed, 0 failed |
 | Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | `publication-evidence-2026-05-13.md`: passed after zh-CN CLAUDE list-marker normalization |
 | Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | `2/2` passed in May 12 evidence pass |
 | Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | `publication-evidence-2026-05-13.md`: 18/18 passed |