auto-claude: subtask-1-2 - Add warning in handler.ts when checksum verificati

2026-06-13 05:28:02 +03:00 · 2026-02-27 20:32:46 +02:00
parent 6a982630a2
commit e56c44ec7b
1 changed files with 9 additions and 0 deletions
@@ -12,6 +12,7 @@ const DEFAULT_FEED_URL =
  "https://clawsec.prompt.security/advisories/feed.json";
 const DEFAULT_SCAN_INTERVAL_SECONDS = 300;
 let unsignedModeWarningShown = false;
+let checksumBypassWarningShown = false;

 function parsePositiveInteger(value: string | undefined, fallback: number): number {
  const parsed = Number.parseInt(String(value ?? ""), 10);
@@ -160,6 +161,14 @@ const handler = async (event: HookEvent): Promise<void> => {
    );
  }

+  if (!verifyChecksumManifest && !checksumBypassWarningShown) {
+    checksumBypassWarningShown = true;
+    console.warn(
+      "[clawsec-advisory-guardian] CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 is enabled. " +
+        "This disables checksum verification and should be used with caution.",
+    );
+  }
+
  const forceScan = toEventName(event) === "command:new";
  const state = await loadState(stateFile);
  if (!forceScan && scannedRecently(state.last_hook_scan, scanIntervalSeconds)) {