* refactor: extract shared test harness module from 9 test files
Extract duplicated test utilities into a reusable test_harness.mjs module
to eliminate ~200-250 lines of boilerplate code across test files.
Changes:
- Create skills/clawsec-suite/test/lib/test_harness.mjs with:
- Test reporting: pass(), fail(), report(), exitWithResults()
- Crypto utilities: generateEd25519KeyPair(), signPayload()
- Temp directory: createTempDir() with cleanup
- Environment helpers: withEnv() for isolated env vars
- Test runner factory: createTestRunner() for isolated counters
- Refactor 9 test files to use shared harness:
- feed_verification.test.mjs
- guarded_install.test.mjs
- skill_catalog_discovery.test.mjs
- advisory_suppression.test.mjs
- advisory_application_scope.test.mjs
- path_resolution.test.mjs
- fuzz_properties.test.mjs
- suppression_config.test.mjs
- render_report_suppression.test.mjs
Benefits:
- Single source of truth for test utilities
- Consistent test reporting across all files
- Easier to add new test files
- Reduced maintenance burden
Verification:
- All 80 tests pass (15+8+3+15+4+6+1+17+11)
- Zero ESLint warnings
- No behavior changes - only code deduplication
- Cross-skill module sharing works (openclaw-audit-watchdog → clawsec-suite)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: update minimatch override to 10.2.4 to resolve ReDoS vulnerabilities
Bump minimatch from 10.2.1 to 10.2.4 in overrides to fix 10 high-severity
ReDoS vulnerabilities (GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74).
Also add .venv/ to ESLint ignores to prevent linting Python venv files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* Refactor skill packaging and checksum generation process
- Removed .skill package creation from the skill-release workflow and scripts, focusing on checksum generation only.
- Updated README and SKILL.md files to reflect new installation methods using clawhub.
- Simplified the skill checksums generator script to only generate checksums without packaging.
- Adjusted installation instructions across various skills to promote clawhub for easier installation.
- Enhanced error handling and verification steps in the installation scripts for individual files.
* Add ext-docs to .gitignore to exclude documentation files from version control
davida-ps