Security hardening: close 17 findings (3 High, 7 Medium, 5 Low, 2 Info) — fetch safety, schema validation, supply-chain pinning, prompt-injection guardrails

.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "microsoft-events",
   "description": "Connect your project to Microsoft Build and Ignite sessions — discover relevant talks, explore what's new for your stack, and plan next steps from your development environment.",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "author": {
     "name": "Microsoft"
   },

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 4
+    labels:
+      - dependencies
+      - security
+  - package-ecosystem: npm
+    directory: /cli
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 4
+    labels:
+      - dependencies

.github/plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "microsoft-events",
   "description": "Connect your project to Microsoft Build and Ignite sessions — discover relevant talks, explore what's new for your stack, and plan next steps from your development environment.",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "author": {
     "name": "Microsoft",
     "url": "https://www.microsoft.com"

.github/workflows/ci.yml

@@ -25,10 +25,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020  # v4
         with:
           node-version: 22.x
           cache: npm
@@ -37,6 +37,38 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify SKILL.md pins current CLI version exactly
+        working-directory: ${{ github.workspace }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          CLI_VERSION=$(node -p "require('./cli/package.json').version")
+          FILES="skills/microsoft-build/SKILL.md cli/README.md AGENTS.md"
+
+          # Match every `npx` invocation of @microsoft/events-cli — with or without
+          # `-y` — so dropping `-y` cannot bypass the gate. The leading `npx ` is
+          # what discriminates invocations from prose mentions ("the
+          # @microsoft/events-cli CLI").
+          INVOKE_RE="npx (-y )?@microsoft/events-cli"
+          GOOD_RE="${INVOKE_RE}@${CLI_VERSION//./\\.}([^0-9.]|$)"
+
+          TOTAL=$(grep -cE "$INVOKE_RE" $FILES 2>/dev/null | awk -F: '{ sum += $2 } END { print sum+0 }')
+          GOOD=$(grep -cE "$GOOD_RE" $FILES 2>/dev/null | awk -F: '{ sum += $2 } END { print sum+0 }')
+          BAD=$((TOTAL - GOOD))
+
+          if [ "$BAD" -gt 0 ]; then
+            echo "::error::Found $BAD non-canonical 'npx @microsoft/events-cli' invocation(s); expected exact pin '@${CLI_VERSION}'."
+            # Surface the offending lines for the contributor.
+            grep -nE "$INVOKE_RE" $FILES | grep -vE "$GOOD_RE" || true
+            exit 1
+          fi
+
+          if [ "$GOOD" -eq 0 ]; then
+            echo "::error::No reference to 'npx @microsoft/events-cli@${CLI_VERSION}' found."
+            exit 1
+          fi
+          echo "OK: $GOOD canonical pin(s) at @${CLI_VERSION}; 0 non-canonical invocations."
+
       - name: Build
         run: npm run build
 

.github/workflows/codeql.yml

@@ -55,7 +55,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -65,7 +65,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
+      uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -94,6 +94,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
+      uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/release.yml

@@ -0,0 +1,55 @@
+name: Publish CLI
+
+on:
+  push:
+    tags:
+      - 'cli-v*'
+
+permissions:
+  contents: read
+  id-token: write     # required for npm provenance via OIDC
+
+jobs:
+  publish:
+    name: Publish to npm with provenance
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: cli
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020  # v4
+        with:
+          node-version: 22.x
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+          cache-dependency-path: cli/package-lock.json
+
+      - name: Verify tag matches package.json version
+        run: |
+          PKG=$(node -p "require('./package.json').version")
+          TAG="${GITHUB_REF_NAME#cli-v}"
+          if [ "$PKG" != "$TAG" ]; then
+            echo "::error::Tag $GITHUB_REF_NAME does not match package.json version $PKG"
+            exit 1
+          fi
+
+      - name: Install
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Test
+        run: npm test
+
+      - name: Smoke (fixture)
+        run: npm run smoke:fixture
+
+      - name: Publish
+        run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

AGENTS.md

@@ -40,7 +40,7 @@ npm run smoke:fixture
 
 `npm run smoke:live` hits the live catalog; CI only runs it outside pull requests.
 
-Note: The first time `npx @microsoft/events-cli` is run, it prompts for permission and can cause CLI tool calls to hang in AI agents. In all instructions or `SKILL.md`, prefer `npx -y @microsoft/events-cli` to include the `-y` flag.
+Note: The first time `npx @microsoft/events-cli` is run, it prompts for permission and can cause CLI tool calls to hang in AI agents. In all instructions or `SKILL.md`, prefer `npx -y @microsoft/events-cli@0.3.0` to include the `-y` flag and a pinned version.
 
 ## CLI behavior contracts
 

cli/README.md

@@ -17,7 +17,7 @@ node --version
 ### Option A: Run instantly with `npx` (no install)
 
 ```bash
-npx -y @microsoft/events-cli sessions --query "Microsoft Foundry"
+npx -y @microsoft/events-cli@0.3.0 sessions --query "Microsoft Foundry"
 ```
 
 ### Option B: Install globally
@@ -83,6 +83,15 @@ Use `--event <id>` to filter to a single event. Without it, commands search acro
 - **Disambiguation**: if a session code exists in multiple events, the CLI shows options.
 - **Results**: 10 by default, `--limit` to override.
 
+## Environment variables
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `MSEVENTS_CACHE_DIR` | per-OS cache path | Override the cache directory. |
+| `MSEVENTS_FETCH_TIMEOUT_MS` | `30000` | Abort catalog requests after this many milliseconds. |
+| `MSEVENTS_MAX_RESPONSE_BYTES` | `52428800` (50 MiB) | Reject catalog responses larger than this. |
+| `MSEVENTS_DEBUG` | unset | When set to any value, emit diagnostic lines on stderr — useful for diagnosing malformed-cache fallbacks. |
+
 ## Development
 
 To build and test from source:

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/events-cli",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "CLI for searching Microsoft flagship event sessions (Build, Ignite).",
   "type": "module",
   "bin": {
@@ -10,6 +10,10 @@
     "dist",
     "README.md"
   ],
+  "publishConfig": {
+    "provenance": true,
+    "access": "public"
+  },
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "smoke:fixture": "node scripts/smoke-fixture.mjs",

cli/src/commands/common.ts

@@ -17,6 +17,22 @@ export function validateEventId(eventId: string): boolean {
   return false;
 }
 
+const MAX_LIMIT = 200;
+
+export function validateLimit(raw: string): number | null {
+  const parsed = Number.parseInt(raw, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    console.error(`--limit must be a positive integer (got: "${raw}")`);
+    process.exitCode = 1;
+    return null;
+  }
+  if (parsed > MAX_LIMIT) {
+    process.stderr.write(`--limit ${parsed} exceeds maximum (${MAX_LIMIT}); clamping.\n`);
+    return MAX_LIMIT;
+  }
+  return parsed;
+}
+
 export async function ensureCache(eventFilter?: string): Promise<Session[]> {
   let missingCacheHeaderPrinted = false;
   const availableSessions: Session[] = [];