chore: add security scanning and enforce no-npx rule

- Add ecc-agentshield as pinned devDep for Claude Code config scanning
- Add `pnpm run security` script (agentshield + zizmor)
- Add /security-scan command for Claude
- Add npx/dlx/yarn-dlx check to pre-commit hook
- Add NEVER npx/dlx rule to CLAUDE.md ABSOLUTE RULES
- Remove dead .husky/security-checks.sh (duplicate of .git-hooks/pre-commit)

Author: jdalton

.claude/commands/security-scan.md

@@ -0,0 +1,22 @@
+Run a security scan of the project via `pnpm run security`, or manually:
+
+## 1. Claude Code configuration security
+
+Run `pnpm exec agentshield scan` to check `.claude/` for:
+- Hardcoded secrets in CLAUDE.md and settings
+- Overly permissive tool allow lists (e.g. `Bash(*)`)
+- Prompt injection patterns in agent definitions
+- Command injection risks in hooks
+- Risky MCP server configurations
+
+## 2. GitHub Actions workflow security
+
+Run `zizmor .github/` to scan all workflows for:
+- Unpinned actions (should use full SHA, not tags)
+- Secrets used outside `env:` blocks
+- Injection risks from untrusted inputs
+- Overly permissive permissions
+
+If zizmor is not installed, skip with a message. Install via `brew install zizmor` or see https://docs.zizmor.sh/installation/.
+
+Report all findings with severity levels. Fix CRITICAL and HIGH findings immediately.

.git-hooks/pre-commit

@@ -112,6 +112,24 @@ for file in $STAGED_FILES; do
   fi
 done
 
+# Check for npx/dlx usage (use pnpm exec or pnpm run instead).
+printf "Checking for npx/dlx usage...\n"
+for file in $STAGED_FILES; do
+  if [ -f "$file" ]; then
+    # Skip node_modules, lockfiles, and this hook itself.
+    if echo "$file" | grep -qE 'node_modules/|pnpm-lock\.yaml|\.git-hooks/'; then
+      continue
+    fi
+
+    if grep -nE '\bnpx\b|\bpnpm dlx\b|\byarn dlx\b' "$file" 2>/dev/null | grep -v '# zizmor:' | grep -q .; then
+      printf "${RED}✗ ERROR: npx/dlx usage found in: $file${NC}\n"
+      grep -nE '\bnpx\b|\bpnpm dlx\b|\byarn dlx\b' "$file" | grep -v '# zizmor:' | head -3
+      printf "Use 'pnpm exec <package>' or 'pnpm run <script>' instead.\n"
+      ERRORS=$((ERRORS + 1))
+    fi
+  fi
+done
+
 if [ $ERRORS -gt 0 ]; then
   printf "\n"
   printf "${RED}✗ Security check failed with $ERRORS error(s).${NC}\n"

.husky/security-checks.sh

@@ -69,6 +69,7 @@
 - Always prefer editing existing files
 - Forbidden to create docs unless requested
 - Required to do exactly what was asked
+- 🚨 **NEVER use `npx`, `pnpm dlx`, or `yarn dlx`** — use `pnpm exec <package>` for devDep binaries, or `pnpm run <script>` for package.json scripts. If a tool is needed, add it as a pinned devDependency first.
 
 ## ROLE
 

CLAUDE.md

@@ -40,6 +40,7 @@
     "package-npm-publish": "node scripts/npm/publish-npm-packages.mjs",
     "perf": "node scripts/perf.mjs",
     "precommit": "pnpm run check --staged",
+    "security": "agentshield scan && { command -v zizmor >/dev/null && zizmor .github/ || echo 'zizmor not installed — skipping workflow scan'; }",
     "prepare": "husky && pnpm run build",
     "prepublishOnly": "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
     "publish": "node scripts/publish.mjs",
@@ -91,6 +92,7 @@
     "del-cli": "catalog:",
     "dev-null-cli": "catalog:",
     "didyoumean2": "catalog:",
+    "ecc-agentshield": "catalog:",
     "esbuild": "catalog:",
     "eta": "catalog:",
     "fast-glob": "catalog:",