fix: address audit findings in agents, skills, and commands

- security-reviewer: remove fabricated os.tmpdir() prohibition (CLAUDE.md
  recommends it), add fetch() prohibition from CLAUDE.md
- code-reviewer: add missing rules (undefined over null, __proto__: null,
  error handling, backward compat, spawn, loop annotations)
- ci-cascade: add missing Layer 4 (local wrappers) before external propagation
- quality-scan: fix "4 scan types" → "all scan types", fix "Task tool" → "Agent tool"
- quality-loop: remove stale architectural issue from wrong repo (socket-btm)
- Delete stale scratch scripts from .claude/ (migration scripts, update-workflow-shas)

Author: jdalton

.claude/agents/code-reviewer.md

@@ -1,17 +1,21 @@
 You are a code reviewer for a Node.js/TypeScript monorepo (socket-registry).
 
-Apply these rules from CLAUDE.md exactly:
+Apply the rules from CLAUDE.md sections listed below. Reference the full section in CLAUDE.md for details — these are summaries, not the complete rules.
 
-**Code Style - File Organization**: kebab-case filenames, @fileoverview headers, node: prefix imports, import sorting order (node → external → @socketsecurity → local → types).
+**Code Style - File Organization**: kebab-case filenames, @fileoverview headers, node: prefix imports, import sorting order (node → external → @socketsecurity → local → types), fs import pattern.
 
-**Code Style - Patterns**: UPPER_SNAKE_CASE constants, undefined over null, __proto__: null first in literals, { 0: key, 1: val } for entries loops, !array.length not === 0, += 1 not ++, template literals not concatenation, no semicolons, no any types.
+**Code Style - Patterns**: UPPER_SNAKE_CASE constants, undefined over null (`__proto__`: null exception), `__proto__`: null first in literals, options pattern with null prototype, { 0: key, 1: val } for entries loops, !array.length not === 0, += 1 not ++, template literals not concatenation, no semicolons, no any types, no loop annotations.
 
-**Code Style - Functions**: Alphabetical order (private first, exported second), shell: WIN32 not shell: true, never process.chdir().
+**Code Style - Functions**: Alphabetical order (private first, exported second), shell: WIN32 not shell: true, never process.chdir(), use @socketsecurity/registry/lib/spawn not child_process.
 
 **Code Style - Comments**: Default NO comments. Only when WHY is non-obvious. End with periods. Single-line only. JSDoc: description + @throws only.
 
 **Code Style - Sorting**: All lists, exports, properties, destructuring alphabetical. Type properties: required first, optional second.
 
+**Error Handling**: catch (e) not catch (error), double-quoted error messages, { cause: e } chaining.
+
+**Backward Compatibility**: FORBIDDEN — actively remove compat shims, don't maintain them.
+
 **Test Style**: Functional tests over source scanning. Never read source files and assert on contents. Verify behavior with real function calls.
 
 For each file reviewed, report:

.claude/agents/security-reviewer.md

@@ -2,7 +2,7 @@ You are a security reviewer for Socket Security Node.js repositories.
 
 Apply these rules from CLAUDE.md exactly:
 
-**Safe File Operations**: Use safeDelete()/safeDeleteSync() from @socketsecurity/lib/fs. NEVER fs.rm(), fs.rmSync(), or rm -rf. NEVER use os.tmpdir() — use tempDir from @socketsecurity/lib/env/temp-dir.
+**Safe File Operations**: Use safeDelete()/safeDeleteSync() from @socketsecurity/lib/fs. NEVER fs.rm(), fs.rmSync(), or rm -rf. Use os.tmpdir() + fs.mkdtemp() for temp dirs. NEVER use fetch() — use httpJson/httpText/httpRequest from @socketsecurity/lib/http-request.
 
 **Absolute Rules**: NEVER use npx, pnpm dlx, or yarn dlx. Use pnpm exec or pnpm run with pinned devDeps.
 
@@ -13,7 +13,7 @@ Apply these rules from CLAUDE.md exactly:
 1. **Secrets**: Hardcoded API keys, passwords, tokens, private keys in code or config
 2. **Injection**: Command injection via shell: true or string interpolation in spawn/exec. Path traversal in file operations.
 3. **Dependencies**: npx/dlx usage. Unpinned versions (^ or ~). Missing minimumReleaseAge bypass justification.
-4. **File operations**: fs.rm without safeDelete. os.tmpdir usage. process.chdir usage.
+4. **File operations**: fs.rm without safeDelete. process.chdir usage. fetch() usage (must use lib's httpRequest).
 5. **GitHub Actions**: Unpinned action versions (must use full SHA). Secrets outside env blocks. Template injection from untrusted inputs.
 6. **Error handling**: Sensitive data in error messages. Stack traces exposed to users.
 

.claude/commands/quality-loop.md

@@ -16,31 +16,3 @@ Run the quality-scan skill and fix all issues found. Repeat until zero issues re
 - Do not skip architectural fixes
 - Run tests after fixes to verify nothing broke
 - Track iteration count and report progress
-
-## Outstanding Architectural Issue (Requires Design Review)
-
-### Checkpoint Cache Invalidation (High Severity)
-
-**Issue**: Source package changes don't invalidate checkpoints properly.
-
-**Root Cause**: Cache keys are computed AFTER `prepareExternalSources()` syncs source packages to additions/. Since cache keys hash files in additions/ (which are now synced), they match the checkpoint even though source packages changed.
-
-**Scenario**:
-1. Developer modifies `packages/binject/src/socketsecurity/binject/file.c`
-2. Runs `pnpm --filter node-smol-builder clean && pnpm build`
-3. `prepareExternalSources()` syncs binject → additions/source-patched/src/socketsecurity/binject/
-4. Cache key computed from additions/ files matches old checkpoint
-5. Build restores stale checkpoint, skips recompilation
-6. **Result**: Binary contains old binject code
-
-**Impact**: Silent build incorrectness when modifying source packages
-
-**Proposed Solutions** (require architectural review):
-- Option 1: Include source package mtimes in cache key metadata
-- Option 2: Make `prepareExternalSources()` idempotent, always re-sync
-
-**Files Affected**:
-- packages/node-smol-builder/scripts/common/shared/build.mjs (collectBuildSourceFiles)
-- packages/node-smol-builder/scripts/common/shared/checkpoints.mjs (cache key generation)
-
-**Status**: Documented for architectural review and future implementation

.claude/skills/ci-cascade/SKILL.md

@@ -39,20 +39,22 @@ Starting from the layer above the change, create a PR for each layer:
 7. **Push and create PR**
 8. **Wait for merge** before proceeding to next layer
 
-### Phase 3: Propagate to external repos
+### Phase 3: Update Layer 4 (local wrappers)
 
-The **propagation SHA** is the Layer 3 merge SHA (where ci.yml and provenance.yml were updated). All external repos pin to this same SHA.
+After Layer 3 merges, get the **propagation SHA** (Layer 3 merge SHA). Update the `_local-not-for-reuse-*` workflows to pin to this SHA. Create a PR, merge it.
 
-External repos (update all):
-- socket-btm, socket-cli, socket-sdk-js, socket-packageurl-js
-- socket-sbom-generator, socket-lib, ultrathink
+The Layer 4 merge SHA is NOT used for external pinning — external repos pin to the Layer 3 SHA because that's where the reusable workflows (ci.yml, provenance.yml) were updated.
+
+### Phase 4: Propagate to external repos
+
+All external repos pin to the **propagation SHA** (Layer 3 merge SHA).
 
 For each repo:
 1. Update all `SocketDev/socket-registry/.github/` refs to the propagation SHA
-2. Push directly to main where allowed
-3. Create PRs where branch protection requires it
+2. Push directly to main where allowed (socket-btm, socket-sbom-generator, ultrathink)
+3. Create PRs where branch protection requires it (socket-cli, socket-lib, socket-sdk-js, socket-packageurl-js)
 
-### Phase 4: Verify
+### Phase 5: Verify
 
 For each updated repo, confirm no old SHAs remain:
 ```bash

.claude/skills/quality-scan/SKILL.md

@@ -312,7 +312,7 @@ Use AskUserQuestion tool:
 - Header: "Scan Types"
 - multiSelect: true
 - Options:
-  - "All scans (recommended)" → Run all 4 scan types
+  - "All scans (recommended)" → Run all scan types
   - "Critical only" → Run critical scan only
   - "Critical + Logic" → Run critical and logic scans
   - "Custom selection" → Ask user to specify which scans
@@ -336,7 +336,7 @@ If user requests non-existent scan type, report error and suggest valid types.
 ### Phase 6: Execute Scans
 
 <action>
-For each enabled scan type, spawn a specialized agent using Task tool:
+For each enabled scan type, spawn a specialized agent using Agent tool:
 </action>
 
 ```typescript
@@ -365,7 +365,7 @@ Scan systematically and report all findings. If no issues found, state that expl
 **For each scan:**
 1. Load agent prompt template from `reference.md`
 2. Customize for repository context (determine monorepo vs single package structure)
-3. Spawn agent with Task tool using "general-purpose" subagent_type
+3. Spawn agent with Agent tool using "general-purpose" subagent_type
 4. Capture findings from agent response
 5. Parse and categorize results
 
@@ -617,7 +617,7 @@ This skill is self-contained. No external commands needed.
 
 This skill provides systematic code quality analysis by:
 - Spawning specialized agents for targeted analysis
-- Using Task tool to run agents autonomously
+- Using Agent tool to run agents autonomously
 - Embedding agent prompts in reference.md following best practices
 - Generating prioritized, actionable reports
 - Supporting partial scans (user can select specific scan types)